diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2018-09-24 15:11:14 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2018-09-24 15:11:14 +0200 |
| commit | e0e280b7669435b991b7e457abd8aa450930b3e8 (patch) | |
| tree | 3e6084f13b14ad2df104e2ce6e589eb96c5f7ac9 /src/libstrongswan | |
| parent | 51a71ee15c1bcf0e82f363a16898f571e211f9c3 (diff) | |
| download | vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.tar.gz vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.zip | |
New upstream version 5.7.0
Diffstat (limited to 'src/libstrongswan')
149 files changed, 8496 insertions, 1212 deletions
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 66539a879..e6d7ce74b 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -565,6 +565,13 @@ if MONOLITHIC endif endif +if USE_BOTAN + SUBDIRS += plugins/botan +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/botan/libstrongswan-botan.la +endif +endif + if USE_FIPS_PRF SUBDIRS += plugins/fips_prf if MONOLITHIC diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index a0eb8b6b5..b6bb52740 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -220,35 +220,37 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_106 = plugins/openssl/libstrongswan-openssl.la @USE_GCRYPT_TRUE@am__append_107 = plugins/gcrypt @MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_108 = plugins/gcrypt/libstrongswan-gcrypt.la -@USE_FIPS_PRF_TRUE@am__append_109 = plugins/fips_prf -@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_110 = plugins/fips_prf/libstrongswan-fips-prf.la -@USE_AGENT_TRUE@am__append_111 = plugins/agent -@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_112 = plugins/agent/libstrongswan-agent.la -@USE_KEYCHAIN_TRUE@am__append_113 = plugins/keychain -@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_114 = plugins/keychain/libstrongswan-keychain.la -@USE_PKCS11_TRUE@am__append_115 = plugins/pkcs11 -@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_116 = plugins/pkcs11/libstrongswan-pkcs11.la -@USE_CHAPOLY_TRUE@am__append_117 = plugins/chapoly -@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_118 = plugins/chapoly/libstrongswan-chapoly.la -@USE_CTR_TRUE@am__append_119 = plugins/ctr -@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_120 = plugins/ctr/libstrongswan-ctr.la -@USE_CCM_TRUE@am__append_121 = plugins/ccm -@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_122 = plugins/ccm/libstrongswan-ccm.la -@USE_GCM_TRUE@am__append_123 = plugins/gcm -@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_124 = plugins/gcm/libstrongswan-gcm.la -@USE_MGF1_TRUE@am__append_125 = plugins/mgf1 -@MONOLITHIC_TRUE@@USE_MGF1_TRUE@am__append_126 = plugins/mgf1/libstrongswan-mgf1.la -@USE_NTRU_TRUE@am__append_127 = plugins/ntru -@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_128 = plugins/ntru/libstrongswan-ntru.la -@USE_BLISS_TRUE@am__append_129 = plugins/bliss -@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_130 = plugins/bliss/libstrongswan-bliss.la -@USE_NEWHOPE_TRUE@am__append_131 = plugins/newhope -@MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE@am__append_132 = plugins/newhope/libstrongswan-newhope.la -@USE_TEST_VECTORS_TRUE@am__append_133 = plugins/test_vectors -@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_134 = plugins/test_vectors/libstrongswan-test-vectors.la -@USE_LIBNTTFFT_TRUE@am__append_135 = math/libnttfft/tests -@USE_BLISS_TRUE@am__append_136 = plugins/bliss/tests -@USE_NEWHOPE_TRUE@am__append_137 = plugins/newhope/tests +@USE_BOTAN_TRUE@am__append_109 = plugins/botan +@MONOLITHIC_TRUE@@USE_BOTAN_TRUE@am__append_110 = plugins/botan/libstrongswan-botan.la +@USE_FIPS_PRF_TRUE@am__append_111 = plugins/fips_prf +@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_112 = plugins/fips_prf/libstrongswan-fips-prf.la +@USE_AGENT_TRUE@am__append_113 = plugins/agent +@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_114 = plugins/agent/libstrongswan-agent.la +@USE_KEYCHAIN_TRUE@am__append_115 = plugins/keychain +@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_116 = plugins/keychain/libstrongswan-keychain.la +@USE_PKCS11_TRUE@am__append_117 = plugins/pkcs11 +@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_118 = plugins/pkcs11/libstrongswan-pkcs11.la +@USE_CHAPOLY_TRUE@am__append_119 = plugins/chapoly +@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_120 = plugins/chapoly/libstrongswan-chapoly.la +@USE_CTR_TRUE@am__append_121 = plugins/ctr +@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_122 = plugins/ctr/libstrongswan-ctr.la +@USE_CCM_TRUE@am__append_123 = plugins/ccm +@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_124 = plugins/ccm/libstrongswan-ccm.la +@USE_GCM_TRUE@am__append_125 = plugins/gcm +@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_126 = plugins/gcm/libstrongswan-gcm.la +@USE_MGF1_TRUE@am__append_127 = plugins/mgf1 +@MONOLITHIC_TRUE@@USE_MGF1_TRUE@am__append_128 = plugins/mgf1/libstrongswan-mgf1.la +@USE_NTRU_TRUE@am__append_129 = plugins/ntru +@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_130 = plugins/ntru/libstrongswan-ntru.la +@USE_BLISS_TRUE@am__append_131 = plugins/bliss +@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_132 = plugins/bliss/libstrongswan-bliss.la +@USE_NEWHOPE_TRUE@am__append_133 = plugins/newhope +@MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE@am__append_134 = plugins/newhope/libstrongswan-newhope.la +@USE_TEST_VECTORS_TRUE@am__append_135 = plugins/test_vectors +@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_136 = plugins/test_vectors/libstrongswan-test-vectors.la +@USE_LIBNTTFFT_TRUE@am__append_137 = math/libnttfft/tests +@USE_BLISS_TRUE@am__append_138 = plugins/bliss/tests +@USE_NEWHOPE_TRUE@am__append_139 = plugins/newhope/tests subdir = src/libstrongswan ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ @@ -328,7 +330,8 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__append_112) $(am__append_114) $(am__append_116) \ $(am__append_118) $(am__append_120) $(am__append_122) \ $(am__append_124) $(am__append_126) $(am__append_128) \ - $(am__append_130) $(am__append_132) $(am__append_134) + $(am__append_130) $(am__append_132) $(am__append_134) \ + $(am__append_136) am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \ asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \ bio/bio_writer.c collections/blocking_queue.c \ @@ -665,10 +668,10 @@ DIST_SUBDIRS = . math/libnttfft plugins/af_alg plugins/aes plugins/des \ plugins/sshkey plugins/pem plugins/curl plugins/files \ plugins/winhttp plugins/unbound plugins/soup plugins/ldap \ plugins/mysql plugins/sqlite plugins/padlock plugins/openssl \ - plugins/gcrypt plugins/fips_prf plugins/agent plugins/keychain \ - plugins/pkcs11 plugins/chapoly plugins/ctr plugins/ccm \ - plugins/gcm plugins/mgf1 plugins/ntru plugins/bliss \ - plugins/newhope plugins/test_vectors tests \ + plugins/gcrypt plugins/botan plugins/fips_prf plugins/agent \ + plugins/keychain plugins/pkcs11 plugins/chapoly plugins/ctr \ + plugins/ccm plugins/gcm plugins/mgf1 plugins/ntru \ + plugins/bliss plugins/newhope plugins/test_vectors tests \ math/libnttfft/tests plugins/bliss/tests plugins/newhope/tests am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \ $(top_srcdir)/ylwrap settings/settings_lexer.c \ @@ -798,7 +801,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -824,6 +826,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -844,8 +848,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -900,8 +902,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -930,8 +930,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ @@ -1080,7 +1084,7 @@ libstrongswan_la_LIBADD = $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \ $(am__append_114) $(am__append_116) $(am__append_118) \ $(am__append_120) $(am__append_122) $(am__append_124) \ $(am__append_126) $(am__append_128) $(am__append_130) \ - $(am__append_132) $(am__append_134) + $(am__append_132) $(am__append_134) $(am__append_136) AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \ -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \ -DPLUGINDIR=\"${plugindir}\" \ @@ -1142,8 +1146,9 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c @MONOLITHIC_FALSE@ $(am__append_121) $(am__append_123) \ @MONOLITHIC_FALSE@ $(am__append_125) $(am__append_127) \ @MONOLITHIC_FALSE@ $(am__append_129) $(am__append_131) \ -@MONOLITHIC_FALSE@ $(am__append_133) tests $(am__append_135) \ -@MONOLITHIC_FALSE@ $(am__append_136) $(am__append_137) +@MONOLITHIC_FALSE@ $(am__append_133) $(am__append_135) tests \ +@MONOLITHIC_FALSE@ $(am__append_137) $(am__append_138) \ +@MONOLITHIC_FALSE@ $(am__append_139) # build unit tests ################## @@ -1175,8 +1180,9 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c @MONOLITHIC_TRUE@ $(am__append_121) $(am__append_123) \ @MONOLITHIC_TRUE@ $(am__append_125) $(am__append_127) \ @MONOLITHIC_TRUE@ $(am__append_129) $(am__append_131) \ -@MONOLITHIC_TRUE@ $(am__append_133) . tests $(am__append_135) \ -@MONOLITHIC_TRUE@ $(am__append_136) $(am__append_137) +@MONOLITHIC_TRUE@ $(am__append_133) $(am__append_135) . tests \ +@MONOLITHIC_TRUE@ $(am__append_137) $(am__append_138) \ +@MONOLITHIC_TRUE@ $(am__append_139) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 79cb17ed1..aa649e969 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -825,7 +825,6 @@ chunk_t asn1_simple_object(asn1_t tag, chunk_t content) u_char *pos = asn1_build_object(&object, tag, content.len); memcpy(pos, content.ptr, content.len); - pos += content.len; return object; } diff --git a/src/libstrongswan/bio/bio_reader.c b/src/libstrongswan/bio/bio_reader.c index 82e405002..e6b459bbf 100644 --- a/src/libstrongswan/bio/bio_reader.c +++ b/src/libstrongswan/bio/bio_reader.c @@ -122,13 +122,16 @@ static bool read_uint16_internal(private_bio_reader_t *this, uint16_t *res, static bool read_uint24_internal(private_bio_reader_t *this, uint32_t *res, bool from_end) { + uint32_t tmp; + if (this->buf.len < 3) { DBG1(DBG_LIB, "%d bytes insufficient to parse u_int24 data", this->buf.len); return FALSE; } - *res = untoh32(get_ptr_end(this, 3, from_end)) >> 8; + memcpy(&tmp, get_ptr_end(this, 3, from_end), 3); + *res = ntohl(tmp) >> 8; this->buf = chunk_skip_end(this->buf, 3, from_end); return TRUE; } diff --git a/src/libstrongswan/bio/bio_reader.h b/src/libstrongswan/bio/bio_reader.h index fbca8bdf5..859fa8a73 100644 --- a/src/libstrongswan/bio/bio_reader.h +++ b/src/libstrongswan/bio/bio_reader.h @@ -142,7 +142,7 @@ struct bio_reader_t { * Read a chunk of len bytes from the end of the buffer, reduce remaining. * * @param len number of bytes to read - * @param res ponter to result, not cloned + * @param res pointer to result, not cloned * @return TRUE if data read successfully */ bool (*read_data_end)(bio_reader_t *this, uint32_t len, chunk_t *res); diff --git a/src/libstrongswan/collections/linked_list.c b/src/libstrongswan/collections/linked_list.c index 5ad7360d6..c7342c6d6 100644 --- a/src/libstrongswan/collections/linked_list.c +++ b/src/libstrongswan/collections/linked_list.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2015 Tobias Brunner + * Copyright (C) 2007-2018 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -111,7 +111,7 @@ struct private_enumerator_t { /** * implements enumerator interface */ - enumerator_t enumerator; + enumerator_t public; /** * associated linked list @@ -122,35 +122,19 @@ struct private_enumerator_t { * current item */ element_t *current; - - /** - * enumerator has enumerated all items - */ - bool finished; }; -METHOD(enumerator_t, enumerate, bool, - private_enumerator_t *this, va_list args) +/** + * Enumerate the current item + */ +static bool do_enumerate(private_enumerator_t *this, va_list args) { void **item; VA_ARGS_VGET(args, item); - if (this->finished) - { - return FALSE; - } if (!this->current) { - this->current = this->list->first; - } - else - { - this->current = this->current->next; - } - if (!this->current) - { - this->finished = TRUE; return FALSE; } if (item) @@ -160,28 +144,46 @@ METHOD(enumerator_t, enumerate, bool, return TRUE; } +METHOD(enumerator_t, enumerate_next, bool, + private_enumerator_t *this, va_list args) +{ + if (this->current) + { + this->current = this->current->next; + } + return do_enumerate(this, args); +} + +METHOD(enumerator_t, enumerate_current, bool, + private_enumerator_t *this, va_list args) +{ + this->public.venumerate = _enumerate_next; + return do_enumerate(this, args); +} + METHOD(linked_list_t, create_enumerator, enumerator_t*, private_linked_list_t *this) { private_enumerator_t *enumerator; INIT(enumerator, - .enumerator = { + .public = { .enumerate = enumerator_enumerate_default, - .venumerate = _enumerate, + .venumerate = _enumerate_current, .destroy = (void*)free, }, .list = this, + .current = this->first, ); - return &enumerator->enumerator; + return &enumerator->public; } METHOD(linked_list_t, reset_enumerator, void, private_linked_list_t *this, private_enumerator_t *enumerator) { - enumerator->current = NULL; - enumerator->finished = FALSE; + enumerator->current = this->first; + enumerator->public.venumerate = _enumerate_current; } METHOD(linked_list_t, get_count, int, @@ -298,14 +300,7 @@ METHOD(linked_list_t, insert_before, void, current = enumerator->current; if (!current) { - if (enumerator->finished) - { - this->public.insert_last(&this->public, item); - } - else - { - this->public.insert_first(&this->public, item); - } + insert_last(this, item); return; } element = element_create(item); @@ -377,7 +372,9 @@ METHOD(linked_list_t, remove_at, void, if (enumerator->current) { current = enumerator->current; - enumerator->current = current->previous; + enumerator->current = current->next; + /* the enumerator already points to the next item */ + enumerator->public.venumerate = _enumerate_current; remove_element(this, current); } } diff --git a/src/libstrongswan/collections/linked_list.h b/src/libstrongswan/collections/linked_list.h index a9cb7f0d4..315fb0520 100644 --- a/src/libstrongswan/collections/linked_list.h +++ b/src/libstrongswan/collections/linked_list.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2017 Tobias Brunner + * Copyright (C) 2007-2018 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -102,12 +102,17 @@ struct linked_list_t { /** * Inserts a new item before the item the enumerator currently points to. * - * If this method is called before starting the enumeration the item is - * inserted first. If it is called after all items have been enumerated - * the item is inserted last. This is helpful when inserting items into - * a sorted list. + * If this method is called after all items have been enumerated, the item + * is inserted last. This is helpful when inserting items into a sorted + * list. * - * @note The position of the enumerator is not changed. + * @note The position of the enumerator is not changed. So it is safe to + * call this before or after remove_at() to replace the item at the current + * position (the enumerator will continue with the next item in the list). + * And in particular, when inserting an item before calling enumerate(), + * the enumeration will continue (or start) at the item that was first in + * the list before any items were inserted (enumerate() will return FALSE + * if the list was empty before). * * @param enumerator enumerator with position * @param item item value to insert in list @@ -118,6 +123,10 @@ struct linked_list_t { /** * Remove an item from the list where the enumerator points to. * + * If this method is called before calling enumerate() of the enumerator, + * the first item in the list, if any, will be removed. No item is removed, + * if the method is called after enumerating all items. + * * @param enumerator enumerator with position */ void (*remove_at)(linked_list_t *this, enumerator_t *enumerator); diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h index b473223e4..38c40c87d 100644 --- a/src/libstrongswan/credentials/auth_cfg.h +++ b/src/libstrongswan/credentials/auth_cfg.h @@ -141,7 +141,7 @@ extern enum_name_t *auth_rule_names; * RFC4739 defines multiple authentication rounds. This class defines such * a round from a configuration perspective, either for the local or the remote * peer. Local configs are called "rulesets". They define how we authenticate. - * Remote peer configs are called "constraits". They define what is needed to + * Remote peer configs are called "constraints". They define what is needed to * complete the authentication round successfully. * * @verbatim diff --git a/src/libstrongswan/credentials/certificates/certificate_printer.h b/src/libstrongswan/credentials/certificates/certificate_printer.h index 7953eb060..747cc21ae 100644 --- a/src/libstrongswan/credentials/certificates/certificate_printer.h +++ b/src/libstrongswan/credentials/certificates/certificate_printer.h @@ -62,7 +62,7 @@ struct certificate_printer_t { * * @param f file where print output is directed to (usually stdout) * @param detailed print more detailed certificate information - * @param utc print time inforamtion in UTC + * @param utc print time information in UTC */ certificate_printer_t* certificate_printer_create(FILE *f, bool detailed, bool utc); diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index 877ed20a2..a98a33d20 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -106,9 +106,9 @@ enum signature_scheme_t { SIGN_ECDSA_384, /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */ SIGN_ECDSA_521, - /** PureEdDSA on Curve25519 as in draft-ietf-curdle-pkix (RFC TBA) */ + /** PureEdDSA on Curve25519 as in RFC 8410 */ SIGN_ED25519, - /** PureEdDSA on Curve448 as in draft-ietf-curdle-pkix (RFC TBA) */ + /** PureEdDSA on Curve448 as in RFC 8410 */ SIGN_ED448, /** BLISS with SHA-2_256 */ SIGN_BLISS_WITH_SHA2_256, diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c index 2294eaff7..97209953a 100644 --- a/src/libstrongswan/credentials/keys/shared_key.c +++ b/src/libstrongswan/credentials/keys/shared_key.c @@ -15,12 +15,14 @@ #include "shared_key.h" -ENUM(shared_key_type_names, SHARED_ANY, SHARED_PIN, +ENUM(shared_key_type_names, SHARED_ANY, SHARED_PPK, "ANY", "IKE", "EAP", "PRIVATE_KEY_PASS", "PIN", + "NTLM", + "PPK", ); typedef struct private_shared_key_t private_shared_key_t; @@ -93,7 +95,7 @@ shared_key_t *shared_key_create(shared_key_type_t type, chunk_t key) .get_key = _get_key, .get_ref = _get_ref, .destroy = _destroy, - }, + }, .type = type, .key = key, .ref = 1, diff --git a/src/libstrongswan/credentials/keys/shared_key.h b/src/libstrongswan/credentials/keys/shared_key.h index d97139de2..44e6f0460 100644 --- a/src/libstrongswan/credentials/keys/shared_key.h +++ b/src/libstrongswan/credentials/keys/shared_key.h @@ -43,6 +43,8 @@ enum shared_key_type_t { SHARED_PIN, /** Calculated NT Hash = MD4(UTF-16LE(password)) */ SHARED_NT_HASH, + /** Postquantum Preshared Key */ + SHARED_PPK, }; /** diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index 4f61ba1fc..7f048c620 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -177,7 +177,7 @@ struct crypto_factory_t { * Register a crypter constructor. * * @param algo algorithm to constructor - * @param key size key size to peform benchmarking for + * @param key size key size to perform benchmarking for * @param plugin_name plugin that registered this algorithm * @param create constructor function for that algorithm * @return TRUE if registered, FALSE if test vector failed @@ -204,7 +204,7 @@ struct crypto_factory_t { * Register a aead constructor. * * @param algo algorithm to constructor - * @param key size key size to peform benchmarking for + * @param key size key size to perform benchmarking for * @param plugin_name plugin that registered this algorithm * @param create constructor function for that algorithm * @return TRUE if registered, FALSE if test vector failed diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index 41654553d..f4f57d917 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -40,7 +40,7 @@ enum hash_algorithm_t { HASH_SHA256 = 2, HASH_SHA384 = 3, HASH_SHA512 = 4, - /* draft-ietf-ipsecme-eddsa (RFC TBA) */ + /* RFC 8420 */ HASH_IDENTITY = 5, /* use private use range for algorithms not defined/permitted by RFC 7427 */ HASH_UNKNOWN = 1024, diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c index d671879c0..952608997 100644 --- a/src/libstrongswan/crypto/proposal/proposal.c +++ b/src/libstrongswan/crypto/proposal/proposal.c @@ -335,22 +335,16 @@ METHOD(proposal_t, strip_dh, void, } /** - * Select a matching proposal from this and other, insert into selected. + * Select a matching proposal from this and other. */ static bool select_algo(private_proposal_t *this, proposal_t *other, - proposal_t *selected, transform_type_t type, bool priv) + transform_type_t type, bool priv, bool log, + uint16_t *alg, uint16_t *ks) { enumerator_t *e1, *e2; uint16_t alg1, alg2, ks1, ks2; bool found = FALSE, optional = FALSE; - if (type == INTEGRITY_ALGORITHM && - selected->get_algorithm(selected, ENCRYPTION_ALGORITHM, &alg1, NULL) && - encryption_algorithm_is_aead(alg1)) - { - /* no integrity algorithm required, we have an AEAD */ - return TRUE; - } if (type == DIFFIE_HELLMAN_GROUP) { optional = this->protocol == PROTO_ESP || this->protocol == PROTO_AH; @@ -398,26 +392,79 @@ static bool select_algo(private_proposal_t *this, proposal_t *other, { if (!priv && alg1 >= 1024) { - /* accept private use algorithms only if requested */ - DBG1(DBG_CFG, "an algorithm from private space would match, " - "but peer implementation is unknown, skipped"); + if (log) + { + DBG1(DBG_CFG, "an algorithm from private space would " + "match, but peer implementation is unknown, " + "skipped"); + } continue; } - selected->add_algorithm(selected, type, alg1, ks1); + *alg = alg1; + *ks = ks1; found = TRUE; break; } } } - /* no match in all comparisons */ e1->destroy(e1); e2->destroy(e2); + return found; +} - if (!found) +/** + * Select algorithms from the given proposals, if selected is given, the result + * is stored there and errors are logged. + */ +static bool select_algos(private_proposal_t *this, proposal_t *other, + proposal_t *selected, bool private) +{ + transform_type_t type; + array_t *types; + bool skip_integrity = FALSE; + int i; + + types = merge_types(this, (private_proposal_t*)other); + for (i = 0; i < array_count(types); i++) { - DBG2(DBG_CFG, " no acceptable %N found", transform_type_names, type); + uint16_t alg = 0, ks = 0; + + array_get(types, i, &type); + if (type == INTEGRITY_ALGORITHM && skip_integrity) + { + continue; + } + if (select_algo(this, other, type, private, selected != NULL, &alg, &ks)) + { + if (alg == 0 && type != EXTENDED_SEQUENCE_NUMBERS) + { /* 0 is "valid" for extended sequence numbers, for other + * transforms it either means NONE or is reserved */ + continue; + } + if (selected) + { + selected->add_algorithm(selected, type, alg, ks); + } + if (type == ENCRYPTION_ALGORITHM && + encryption_algorithm_is_aead(alg)) + { + /* no integrity algorithm required, we have an AEAD */ + skip_integrity = TRUE; + } + } + else + { + if (selected) + { + DBG2(DBG_CFG, " no acceptable %N found", transform_type_names, + type); + } + array_destroy(types); + return FALSE; + } } - return found; + array_destroy(types); + return TRUE; } METHOD(proposal_t, select_proposal, proposal_t*, @@ -425,9 +472,6 @@ METHOD(proposal_t, select_proposal, proposal_t*, bool private) { proposal_t *selected; - transform_type_t type; - array_t *types; - int i; DBG2(DBG_CFG, "selecting proposal:"); @@ -448,23 +492,25 @@ METHOD(proposal_t, select_proposal, proposal_t*, selected->set_spi(selected, this->spi); } - types = merge_types(this, (private_proposal_t*)other); - for (i = 0; i < array_count(types); i++) + if (!select_algos(this, other, selected, private)) { - array_get(types, i, &type); - if (!select_algo(this, other, selected, type, private)) - { - selected->destroy(selected); - array_destroy(types); - return NULL; - } + selected->destroy(selected); + return NULL; } - array_destroy(types); - DBG2(DBG_CFG, " proposal matches"); return selected; } +METHOD(proposal_t, matches, bool, + private_proposal_t *this, proposal_t *other, bool private) +{ + if (this->protocol != other->get_protocol(other)) + { + return FALSE; + } + return select_algos(this, other, NULL, private); +} + METHOD(proposal_t, get_protocol, protocol_id_t, private_proposal_t *this) { @@ -910,6 +956,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number) .promote_dh_group = _promote_dh_group, .strip_dh = _strip_dh, .select = _select_proposal, + .matches = _matches, .get_protocol = _get_protocol, .set_spi = _set_spi, .get_spi = _get_spi, diff --git a/src/libstrongswan/crypto/proposal/proposal.h b/src/libstrongswan/crypto/proposal/proposal.h index 0052674b9..338324326 100644 --- a/src/libstrongswan/crypto/proposal/proposal.h +++ b/src/libstrongswan/crypto/proposal/proposal.h @@ -34,7 +34,6 @@ typedef struct proposal_t proposal_t; #include <crypto/crypters/crypter.h> #include <crypto/signers/signer.h> #include <crypto/diffie_hellman.h> -#include <selectors/traffic_selector.h> /** * Protocol ID of a proposal. @@ -144,6 +143,17 @@ struct proposal_t { bool other_remote, bool private); /** + * Check if the given proposal matches this proposal. + * + * This is similar to select, but no resulting proposal is selected. + * + * @param other proposal to compare against + * @param private accepts algorithms allocated in a private range + * @return TRUE if the proposals match + */ + bool (*matches)(proposal_t *this, proposal_t *other, bool private); + + /** * Get the protocol ID of the proposal. * * @return protocol of the proposal diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c index 16dbf8d41..6f19cc751 100644 --- a/src/libstrongswan/ipsec/ipsec_types.c +++ b/src/libstrongswan/ipsec/ipsec_types.c @@ -43,6 +43,13 @@ ENUM(hw_offload_names, HW_OFFLOAD_NO, HW_OFFLOAD_AUTO, "auto", ); +ENUM(dscp_copy_names, DSCP_COPY_OUT_ONLY, DSCP_COPY_NO, + "out", + "in", + "yes", + "no", +); + /* * See header */ @@ -62,7 +69,7 @@ bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b) /* * See header */ -bool mark_from_string(const char *value, mark_t *mark) +bool mark_from_string(const char *value, mark_op_t ops, mark_t *mark) { char *endptr; @@ -72,6 +79,11 @@ bool mark_from_string(const char *value, mark_t *mark) } if (strcasepfx(value, "%unique")) { + if (!(ops & MARK_OP_UNIQUE)) + { + DBG1(DBG_APP, "unexpected use of %%unique mark", value); + return FALSE; + } endptr = (char*)value + strlen("%unique"); if (strcasepfx(endptr, "-dir")) { @@ -88,6 +100,24 @@ bool mark_from_string(const char *value, mark_t *mark) return FALSE; } } + else if (strcasepfx(value, "%same")) + { + if (!(ops & MARK_OP_SAME)) + { + DBG1(DBG_APP, "unexpected use of %%same mark", value); + return FALSE; + } + endptr = (char*)value + strlen("%same"); + if (!*endptr || *endptr == '/') + { + mark->value = MARK_SAME; + } + else + { + DBG1(DBG_APP, "invalid mark value: %s", value); + return FALSE; + } + } else { mark->value = strtoul(value, &endptr, 0); diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h index 4e6e2d9dc..7b7bd3743 100644 --- a/src/libstrongswan/ipsec/ipsec_types.h +++ b/src/libstrongswan/ipsec/ipsec_types.h @@ -27,6 +27,8 @@ typedef enum policy_type_t policy_type_t; typedef enum policy_priority_t policy_priority_t; typedef enum ipcomp_transform_t ipcomp_transform_t; typedef enum hw_offload_t hw_offload_t; +typedef enum dscp_copy_t dscp_copy_t; +typedef enum mark_op_t mark_op_t; typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t; typedef struct lifetime_cfg_t lifetime_cfg_t; typedef struct mark_t mark_t; @@ -132,6 +134,22 @@ enum hw_offload_t { extern enum_name_t *hw_offload_names; /** + * DSCP header field copy behavior (the default is not to copy from outer + * to inner header) + */ +enum dscp_copy_t { + DSCP_COPY_OUT_ONLY, + DSCP_COPY_IN_ONLY, + DSCP_COPY_YES, + DSCP_COPY_NO, +}; + +/** + * enum strings for dscp_copy_t. + */ +extern enum_name_t *dscp_copy_names; + +/** * This struct contains details about IPsec SA(s) tied to a policy. */ struct ipsec_sa_cfg_t { @@ -197,15 +215,29 @@ struct mark_t { */ #define MARK_UNIQUE (0xFFFFFFFF) #define MARK_UNIQUE_DIR (0xFFFFFFFE) +#define MARK_SAME (0xFFFFFFFF) #define MARK_IS_UNIQUE(m) ((m) == MARK_UNIQUE || (m) == MARK_UNIQUE_DIR) /** + * Special mark operations to accept when parsing marks. + */ +enum mark_op_t { + /** none of the following */ + MARK_OP_NONE = 0, + /** %unique and %unique-dir */ + MARK_OP_UNIQUE = (1<<0), + /** %same */ + MARK_OP_SAME = (1<<1), +}; + +/** * Try to parse a mark_t from the given string of the form mark[/mask]. * * @param value string to parse + * @param ops operations to accept * @param mark mark to fill * @return TRUE if parsing was successful */ -bool mark_from_string(const char *value, mark_t *mark); +bool mark_from_string(const char *value, mark_op_t ops, mark_t *mark); #endif /** IPSEC_TYPES_H_ @}*/ diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index 86b275dad..ad5d9ab36 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009-2016 Tobias Brunner + * Copyright (C) 2009-2018 Tobias Brunner * Copyright (C) 2008 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -54,7 +54,7 @@ struct private_library_t { /** * Integrity check failed? */ - bool integrity_failed; + bool init_failed; #ifdef LEAK_DETECTIVE /** @@ -306,7 +306,7 @@ bool library_init(char *settings, const char *namespace) { /* already initialized, increase refcount */ this = (private_library_t*)lib; ref_get(&this->ref); - return !this->integrity_failed; + return !this->init_failed; } chunk_hash_seed(); @@ -376,7 +376,14 @@ bool library_init(char *settings, const char *namespace) this->objects = hashtable_create((hashtable_hash_t)hash, (hashtable_equals_t)equals, 4); - this->public.settings = settings_create(this->public.conf); + this->public.settings = settings_create(NULL); + if (!this->public.settings->load_files(this->public.settings, + this->public.conf, FALSE)) + { + DBG1(DBG_LIB, "abort initialization due to invalid configuration"); + this->init_failed = TRUE; + } + /* add registered aliases */ for (i = 0; i < ns_count; ++i) { @@ -416,15 +423,15 @@ bool library_init(char *settings, const char *namespace) if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init)) { DBG1(DBG_LIB, "integrity check of libstrongswan failed"); - this->integrity_failed = TRUE; + this->init_failed = TRUE; } #else /* !INTEGRITY_TEST */ DBG1(DBG_LIB, "integrity test enabled, but not supported"); - this->integrity_failed = TRUE; + this->init_failed = TRUE; #endif /* INTEGRITY_TEST */ } diffie_hellman_init(); - return !this->integrity_failed; + return !this->init_failed; } diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h index 53f371c51..6409d3cae 100644 --- a/src/libstrongswan/library.h +++ b/src/libstrongswan/library.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2016 Tobias Brunner + * Copyright (C) 2010-2018 Tobias Brunner * Copyright (C) 2008 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -258,11 +258,12 @@ struct library_t { * * The settings and namespace arguments are only used on the first call. * - * @param settings file to read settings from, may be NULL for default + * @param settings file to read settings from, may be NULL for default or + * "" to not load any settings * @param namespace name of the binary that uses the library, determines * the first section name when reading config options. * Defaults to libstrongswan if NULL. - * @return FALSE if integrity check failed + * @return FALSE if integrity check failed or settings are invalid */ bool library_init(char *settings, const char *namespace); diff --git a/src/libstrongswan/math/libnttfft/Makefile.in b/src/libstrongswan/math/libnttfft/Makefile.in index 02175a926..da58b25ae 100644 --- a/src/libstrongswan/math/libnttfft/Makefile.in +++ b/src/libstrongswan/math/libnttfft/Makefile.in @@ -304,7 +304,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -330,6 +329,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -350,8 +351,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -406,8 +405,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -436,8 +433,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/math/libnttfft/tests/Makefile.in b/src/libstrongswan/math/libnttfft/tests/Makefile.in index 8d0e02bb6..9888a8c89 100644 --- a/src/libstrongswan/math/libnttfft/tests/Makefile.in +++ b/src/libstrongswan/math/libnttfft/tests/Makefile.in @@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -334,6 +333,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -354,8 +355,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -410,8 +409,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -440,8 +437,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/networking/streams/stream_service_unix.c b/src/libstrongswan/networking/streams/stream_service_unix.c index a9b71d6fd..ef967e817 100644 --- a/src/libstrongswan/networking/streams/stream_service_unix.c +++ b/src/libstrongswan/networking/streams/stream_service_unix.c @@ -59,13 +59,27 @@ stream_service_t *stream_service_create_unix(char *uri, int backlog) return NULL; } umask(old); - /* only attempt to chown() socket if we have CAP_CHOWN */ - if (lib->caps->check(lib->caps, CAP_CHOWN) && - chown(addr.sun_path, lib->caps->get_uid(lib->caps), - lib->caps->get_gid(lib->caps)) != 0) + /* Only attempt to change owner of socket if we have CAP_CHOWN. Otherwise, + * attempt to change group of socket to group under which charon runs after + * dropping caps. This requires the user that charon starts as to: + * a) Have write access to the socket dir. + * b) Belong to the group that charon will run under after dropping caps. */ + if (lib->caps->check(lib->caps, CAP_CHOWN)) { - DBG1(DBG_NET, "changing socket permissions for '%s' failed: %s", - uri, strerror(errno)); + if (chown(addr.sun_path, lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps)) != 0) + { + DBG1(DBG_NET, "changing socket owner/group for '%s' failed: %s", + uri, strerror(errno)); + } + } + else + { + if (chown(addr.sun_path, -1, lib->caps->get_gid(lib->caps)) != 0) + { + DBG1(DBG_NET, "changing socket group for '%s' failed: %s", + uri, strerror(errno)); + } } if (listen(fd, backlog) < 0) { diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in index 36067a3ff..40282553f 100644 --- a/src/libstrongswan/plugins/acert/Makefile.in +++ b/src/libstrongswan/plugins/acert/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index d3817e12a..495b4598e 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in index fdcfc099e..db0ed83b2 100644 --- a/src/libstrongswan/plugins/aesni/Makefile.in +++ b/src/libstrongswan/plugins/aesni/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in index 6b4a7fe5f..eb8a4132e 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.in +++ b/src/libstrongswan/plugins/af_alg/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index 12a44870c..8f4122a0e 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in index b98d367f1..ab7117a9b 100644 --- a/src/libstrongswan/plugins/bliss/Makefile.in +++ b/src/libstrongswan/plugins/bliss/Makefile.in @@ -335,7 +335,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -361,6 +360,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -381,8 +382,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -437,8 +436,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -467,8 +464,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in index 015f40a00..bda5fd160 100644 --- a/src/libstrongswan/plugins/bliss/tests/Makefile.in +++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index 2f122b5a8..31b1fd38d 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/botan/Makefile.am b/src/libstrongswan/plugins/botan/Makefile.am new file mode 100644 index 000000000..c1160145a --- /dev/null +++ b/src/libstrongswan/plugins/botan/Makefile.am @@ -0,0 +1,32 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) \ + $(botan_CFLAGS) + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-botan.la +else +plugin_LTLIBRARIES = libstrongswan-botan.la +endif + +libstrongswan_botan_la_SOURCES = \ + botan_plugin.h botan_plugin.c \ + botan_rng.h botan_rng.c \ + botan_hasher.h botan_hasher.c \ + botan_hmac.h botan_hmac.c \ + botan_crypter.h botan_crypter.c \ + botan_rsa_public_key.h botan_rsa_public_key.c \ + botan_rsa_private_key.h botan_rsa_private_key.c \ + botan_diffie_hellman.h botan_diffie_hellman.c \ + botan_ec_diffie_hellman.h botan_ec_diffie_hellman.c \ + botan_ec_public_key.h botan_ec_public_key.c \ + botan_ec_private_key.h botan_ec_private_key.c \ + botan_util.h botan_util.c \ + botan_util_keys.h botan_util_keys.c \ + botan_gcm.h botan_gcm.c \ + botan_x25519.h botan_x25519.c + +libstrongswan_botan_la_LDFLAGS = -module -avoid-version +libstrongswan_botan_la_LIBADD = $(botan_LIBS) diff --git a/src/libstrongswan/plugins/botan/Makefile.in b/src/libstrongswan/plugins/botan/Makefile.in new file mode 100644 index 000000000..533ba8340 --- /dev/null +++ b/src/libstrongswan/plugins/botan/Makefile.in @@ -0,0 +1,835 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/botan +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +am__DEPENDENCIES_1 = +libstrongswan_botan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) +am_libstrongswan_botan_la_OBJECTS = botan_plugin.lo botan_rng.lo \ + botan_hasher.lo botan_hmac.lo botan_crypter.lo \ + botan_rsa_public_key.lo botan_rsa_private_key.lo \ + botan_diffie_hellman.lo botan_ec_diffie_hellman.lo \ + botan_ec_public_key.lo botan_ec_private_key.lo botan_util.lo \ + botan_util_keys.lo botan_gcm.lo botan_x25519.lo +libstrongswan_botan_la_OBJECTS = $(am_libstrongswan_botan_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +libstrongswan_botan_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_botan_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_botan_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_botan_la_rpath = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(libstrongswan_botan_la_SOURCES) +DIST_SOURCES = $(libstrongswan_botan_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FUZZING_LDFLAGS = @FUZZING_LDFLAGS@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPERF_LEN_TYPE = @GPERF_LEN_TYPE@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBYGEMDIR = @RUBYGEMDIR@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +fuzz_plugins = @fuzz_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libfuzzer = @libfuzzer@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ +tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ +tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ +tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ +tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) \ + $(botan_CFLAGS) + +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-botan.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-botan.la +libstrongswan_botan_la_SOURCES = \ + botan_plugin.h botan_plugin.c \ + botan_rng.h botan_rng.c \ + botan_hasher.h botan_hasher.c \ + botan_hmac.h botan_hmac.c \ + botan_crypter.h botan_crypter.c \ + botan_rsa_public_key.h botan_rsa_public_key.c \ + botan_rsa_private_key.h botan_rsa_private_key.c \ + botan_diffie_hellman.h botan_diffie_hellman.c \ + botan_ec_diffie_hellman.h botan_ec_diffie_hellman.c \ + botan_ec_public_key.h botan_ec_public_key.c \ + botan_ec_private_key.h botan_ec_private_key.c \ + botan_util.h botan_util.c \ + botan_util_keys.h botan_util_keys.c \ + botan_gcm.h botan_gcm.c \ + botan_x25519.h botan_x25519.c + +libstrongswan_botan_la_LDFLAGS = -module -avoid-version +libstrongswan_botan_la_LIBADD = $(botan_LIBS) +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/botan/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/botan/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +libstrongswan-botan.la: $(libstrongswan_botan_la_OBJECTS) $(libstrongswan_botan_la_DEPENDENCIES) $(EXTRA_libstrongswan_botan_la_DEPENDENCIES) + $(AM_V_CCLD)$(libstrongswan_botan_la_LINK) $(am_libstrongswan_botan_la_rpath) $(libstrongswan_botan_la_OBJECTS) $(libstrongswan_botan_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_crypter.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_diffie_hellman.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_ec_diffie_hellman.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_ec_private_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_ec_public_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_gcm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_hasher.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_hmac.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_rng.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_rsa_private_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_rsa_public_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_util.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_util_keys.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_x25519.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-pluginLTLIBRARIES + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/botan/botan_crypter.c b/src/libstrongswan/plugins/botan/botan_crypter.c new file mode 100644 index 000000000..002be6ea8 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_crypter.c @@ -0,0 +1,191 @@ +/* + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Copyright (C) 2018 Tobias Hommel + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_crypter.h" + +#include <botan/ffi.h> + +typedef struct private_botan_crypter_t private_botan_crypter_t; + +/** + * Private data of botan_crypter_t + */ +struct private_botan_crypter_t { + + /** + * Public part of this class + */ + botan_crypter_t public; + + /** + * The key + */ + chunk_t key; + + /** + * The cipher name + */ + const char* cipher_name; +}; + +/** + * Do the actual en/decryption + */ +static bool crypt(private_botan_crypter_t *this, chunk_t data, chunk_t iv, + chunk_t *dst, uint32_t init_flag) +{ + botan_cipher_t cipher; + size_t output_written = 0; + size_t input_consumed = 0; + uint8_t *in, *out; + bool success = FALSE; + + in = data.ptr; + if (dst) + { + *dst = chunk_alloc(data.len); + out = dst->ptr; + } + else + { + out = data.ptr; + } + + if (botan_cipher_init(&cipher, this->cipher_name, init_flag)) + { + return FALSE; + } + + if (!botan_cipher_set_key(cipher, this->key.ptr, this->key.len) && + !botan_cipher_start(cipher, iv.ptr, iv.len) && + !botan_cipher_update(cipher, BOTAN_CIPHER_UPDATE_FLAG_FINAL, out, + data.len, &output_written, in, data.len, + &input_consumed) && + (output_written == input_consumed)) + { + success = TRUE; + } + + botan_cipher_destroy(cipher); + return success; +} + +METHOD(crypter_t, decrypt, bool, + private_botan_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) +{ + return crypt(this, data, iv, dst, BOTAN_CIPHER_INIT_FLAG_DECRYPT); +} + + +METHOD(crypter_t, encrypt, bool, + private_botan_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst) +{ + return crypt(this, data, iv, dst, BOTAN_CIPHER_INIT_FLAG_ENCRYPT); +} + +METHOD(crypter_t, get_block_size, size_t, + private_botan_crypter_t *this) +{ + return AES_BLOCK_SIZE; +} + +METHOD(crypter_t, get_iv_size, size_t, + private_botan_crypter_t *this) +{ + return AES_BLOCK_SIZE; +} + +METHOD(crypter_t, get_key_size, size_t, + private_botan_crypter_t *this) +{ + return this->key.len; +} + +METHOD(crypter_t, set_key, bool, + private_botan_crypter_t *this, chunk_t key) +{ + memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len)); + return TRUE; +} + +METHOD(crypter_t, destroy, void, + private_botan_crypter_t *this) +{ + chunk_clear(&this->key); + free(this); +} + +/* + * Described in header + */ +botan_crypter_t *botan_crypter_create(encryption_algorithm_t algo, + size_t key_size) +{ + private_botan_crypter_t *this; + + INIT(this, + .public = { + .crypter = { + .encrypt = _encrypt, + .decrypt = _decrypt, + .get_block_size = _get_block_size, + .get_iv_size = _get_iv_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + ); + + switch (algo) + { + case ENCR_AES_CBC: + switch (key_size) + { + case 16: + /* AES 128 */ + this->cipher_name = "AES-128/CBC/NoPadding"; + break; + case 24: + /* AES-192 */ + this->cipher_name = "AES-192/CBC/NoPadding"; + break; + case 32: + /* AES-256 */ + this->cipher_name = "AES-256/CBC/NoPadding"; + break; + default: + free(this); + return NULL; + } + break; + default: + free(this); + return NULL; + } + + this->key = chunk_alloc(key_size); + return &this->public; +} diff --git a/src/libstrongswan/plugins/botan/botan_crypter.h b/src/libstrongswan/plugins/botan/botan_crypter.h new file mode 100644 index 000000000..246904a5f --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_crypter.h @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_crypter botan_crypter + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_CRYPTER_H_ +#define BOTAN_CRYPTER_H_ + +typedef struct botan_crypter_t botan_crypter_t; + +#include <crypto/crypters/crypter.h> + +/** + * Implementation of crypters using Botan. + */ +struct botan_crypter_t { + + /** + * Implements crypter_t interface. + */ + crypter_t crypter; +}; + +/** + * Constructor to create botan_crypter_t. + * + * @param algo algorithm to implement + * @param key_size key size in bytes + * @return botan_crypter_t, NULL if not supported + */ +botan_crypter_t *botan_crypter_create(encryption_algorithm_t algo, + size_t key_size); + +#endif /** BOTAN_CRYPTER_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_diffie_hellman.c b/src/libstrongswan/plugins/botan/botan_diffie_hellman.c new file mode 100644 index 000000000..a55711d1b --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_diffie_hellman.c @@ -0,0 +1,245 @@ +/* + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_diffie_hellman.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_DIFFIE_HELLMAN + +#include "botan_util.h" + +#include <botan/ffi.h> + +#include <utils/debug.h> + +typedef struct private_botan_diffie_hellman_t private_botan_diffie_hellman_t; + +/** + * Private data of an botan_diffie_hellman_t object. + */ +struct private_botan_diffie_hellman_t { + + /** + * Public botan_diffie_hellman_t interface + */ + botan_diffie_hellman_t public; + + /** + * Diffie Hellman group number + */ + diffie_hellman_group_t group; + + /** + * Private key + */ + botan_privkey_t dh_key; + + /** + * Diffie hellman shared secret + */ + chunk_t shared_secret; + + /** + * Generator value + */ + botan_mp_t g; + + /** + * Modulus + */ + botan_mp_t p; +}; + +/** + * Load a DH private key + */ +bool load_private_key(private_botan_diffie_hellman_t *this, chunk_t value) +{ + botan_mp_t xa; + + if (!chunk_to_botan_mp(value, &xa)) + { + return FALSE; + } + + if (botan_privkey_destroy(this->dh_key) || + botan_privkey_load_dh(&this->dh_key, this->p, this->g, xa)) + { + botan_mp_destroy(xa); + return FALSE; + } + botan_mp_destroy(xa); + return TRUE; +} + +METHOD(diffie_hellman_t, set_other_public_value, bool, + private_botan_diffie_hellman_t *this, chunk_t value) +{ + if (!diffie_hellman_verify_value(this->group, value)) + { + return FALSE; + } + + chunk_clear(&this->shared_secret); + + return botan_dh_key_derivation(this->dh_key, value, &this->shared_secret); +} + +METHOD(diffie_hellman_t, get_my_public_value, bool, + private_botan_diffie_hellman_t *this, chunk_t *value) +{ + *value = chunk_empty; + + /* get key size of public key first */ + if (botan_pk_op_key_agreement_export_public(this->dh_key, NULL, &value->len) + != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE) + { + return FALSE; + } + + *value = chunk_alloc(value->len); + if (botan_pk_op_key_agreement_export_public(this->dh_key, value->ptr, + &value->len)) + { + chunk_clear(value); + return FALSE; + } + return TRUE; +} + +METHOD(diffie_hellman_t, set_private_value, bool, + private_botan_diffie_hellman_t *this, chunk_t value) +{ + chunk_clear(&this->shared_secret); + return load_private_key(this, value); +} + +METHOD(diffie_hellman_t, get_shared_secret, bool, + private_botan_diffie_hellman_t *this, chunk_t *secret) +{ + if (!this->shared_secret.len) + { + return FALSE; + } + *secret = chunk_clone(this->shared_secret); + return TRUE; +} + +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_botan_diffie_hellman_t *this) +{ + return this->group; +} + +METHOD(diffie_hellman_t, destroy, void, + private_botan_diffie_hellman_t *this) +{ + botan_mp_destroy(this->p); + botan_mp_destroy(this->g); + botan_privkey_destroy(this->dh_key); + chunk_clear(&this->shared_secret); + free(this); +} + +/* + * Generic internal constructor + */ +static botan_diffie_hellman_t *create_generic(diffie_hellman_group_t group, + chunk_t g, chunk_t p, size_t exp_len) +{ + private_botan_diffie_hellman_t *this; + chunk_t random; + rng_t *rng; + + INIT(this, + .public = { + .dh = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .set_private_value = _set_private_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + }, + .group = group, + ); + + if (!chunk_to_botan_mp(p, &this->p)) + { + destroy(this); + return NULL; + } + + if (!chunk_to_botan_mp(g, &this->g)) + { + destroy(this); + return NULL; + } + + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); + if (!rng || !rng->allocate_bytes(rng, exp_len, &random)) + { + DESTROY_IF(rng); + destroy(this); + return NULL; + } + rng->destroy(rng); + + if (!load_private_key(this, random)) + { + chunk_clear(&random); + destroy(this); + return NULL; + } + chunk_clear(&random); + return &this->public; +} + +/* + * Described in header. + */ +botan_diffie_hellman_t *botan_diffie_hellman_create( + diffie_hellman_group_t group, ...) +{ + diffie_hellman_params_t *params; + chunk_t g, p; + + if (group == MODP_CUSTOM) + { + VA_ARGS_GET(group, g, p); + return create_generic(group, g, p, p.len); + } + + params = diffie_hellman_get_params(group); + if (!params) + { + return NULL; + } + return create_generic(group, params->generator, params->prime, + params->exp_len); +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_diffie_hellman.h b/src/libstrongswan/plugins/botan/botan_diffie_hellman.h new file mode 100644 index 000000000..84408229f --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_diffie_hellman.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_diffie_hellman botan_diffie_hellman + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_DIFFIE_HELLMAN_H_ +#define BOTAN_DIFFIE_HELLMAN_H_ + +typedef struct botan_diffie_hellman_t botan_diffie_hellman_t; + +#include <crypto/diffie_hellman.h> + +/** + * Implementation of the Diffie-Hellman algorithm using Botan. + */ +struct botan_diffie_hellman_t { + + /** + * Implements diffie_hellman_t interface. + */ + diffie_hellman_t dh; +}; + +/** + * Creates a new botan_diffie_hellman_t object. + * + * @param group Diffie Hellman group number to use + * @param ... expects generator and prime as chunk_t if MODP_CUSTOM + * @return botan_diffie_hellman_t object, + * NULL if not supported + */ +botan_diffie_hellman_t *botan_diffie_hellman_create( + diffie_hellman_group_t group, ...); + +#endif /** BOTAN_DIFFIE_HELLMAN_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c new file mode 100644 index 000000000..ed28b4639 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c @@ -0,0 +1,226 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_ec_diffie_hellman.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_ECDH + +#include "botan_util.h" + +#include <utils/debug.h> + +#include <botan/ffi.h> + +typedef struct private_botan_ec_diffie_hellman_t private_botan_ec_diffie_hellman_t; + +/** + * Private data of a botan_ec_diffie_hellman_t object. + */ +struct private_botan_ec_diffie_hellman_t { + + /** + * Public interface + */ + botan_ec_diffie_hellman_t public; + + /** + * Diffie Hellman group + */ + diffie_hellman_group_t group; + + /** + * EC curve name + */ + const char* curve_name; + + /** + * EC private key + */ + botan_privkey_t key; + + /** + * Shared secret + */ + chunk_t shared_secret; +}; + +METHOD(diffie_hellman_t, set_other_public_value, bool, + private_botan_ec_diffie_hellman_t *this, chunk_t value) +{ + if (!diffie_hellman_verify_value(this->group, value)) + { + return FALSE; + } + + chunk_clear(&this->shared_secret); + + /* prepend 0x04 to indicate uncompressed point format */ + value = chunk_cata("cc", chunk_from_chars(0x04), value); + + return botan_dh_key_derivation(this->key, value, &this->shared_secret); +} + +METHOD(diffie_hellman_t, get_my_public_value, bool, + private_botan_ec_diffie_hellman_t *this, chunk_t *value) +{ + chunk_t pkey = chunk_empty; + + if (botan_pk_op_key_agreement_export_public(this->key, NULL, &pkey.len) + != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE) + { + return FALSE; + } + + pkey = chunk_alloca(pkey.len); + if (botan_pk_op_key_agreement_export_public(this->key, pkey.ptr, &pkey.len)) + { + return FALSE; + } + + /* skip 0x04 byte prepended by botan */ + *value = chunk_clone(chunk_skip(pkey, 1)); + return TRUE; +} + +METHOD(diffie_hellman_t, set_private_value, bool, + private_botan_ec_diffie_hellman_t *this, chunk_t value) +{ + botan_mp_t scalar; + + chunk_clear(&this->shared_secret); + + if (!chunk_to_botan_mp(value, &scalar)) + { + return FALSE; + } + + if (botan_privkey_destroy(this->key)) + { + botan_mp_destroy(scalar); + return FALSE; + } + + if (botan_privkey_load_ecdh(&this->key, scalar, this->curve_name)) + { + botan_mp_destroy(scalar); + return FALSE; + } + + botan_mp_destroy(scalar); + return TRUE; +} + +METHOD(diffie_hellman_t, get_shared_secret, bool, + private_botan_ec_diffie_hellman_t *this, chunk_t *secret) +{ + if (!this->shared_secret.len) + { + return FALSE; + } + *secret = chunk_clone(this->shared_secret); + return TRUE; +} + +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_botan_ec_diffie_hellman_t *this) +{ + return this->group; +} + +METHOD(diffie_hellman_t, destroy, void, + private_botan_ec_diffie_hellman_t *this) +{ + botan_privkey_destroy(this->key); + chunk_clear(&this->shared_secret); + free(this); +} + +/* + * Described in header. + */ +botan_ec_diffie_hellman_t *botan_ec_diffie_hellman_create( + diffie_hellman_group_t group) +{ + private_botan_ec_diffie_hellman_t *this; + botan_rng_t rng; + + INIT(this, + .public = { + .dh = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .set_private_value = _set_private_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + }, + .group = group, + ); + + switch (group) + { + case ECP_256_BIT: + this->curve_name = "secp256r1"; + break; + case ECP_384_BIT: + this->curve_name = "secp384r1"; + break; + case ECP_521_BIT: + this->curve_name = "secp521r1"; + break; + case ECP_256_BP: + this->curve_name = "brainpool256r1"; + break; + case ECP_384_BP: + this->curve_name = "brainpool384r1"; + break; + case ECP_512_BP: + this->curve_name = "brainpool512r1"; + break; + default: + free(this); + return NULL; + } + + if (botan_rng_init(&rng, "user")) + { + free(this); + return NULL; + } + + if (botan_privkey_create_ecdh(&this->key, rng, this->curve_name)) + { + DBG1(DBG_LIB, "ECDH private key generation failed"); + botan_rng_destroy(rng); + free(this); + return NULL; + } + + botan_rng_destroy(rng); + return &this->public; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.h b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.h new file mode 100644 index 000000000..0ba832ed3 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.h @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_ec_diffie_hellman botan_ec_diffie_hellman + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_EC_DIFFIE_HELLMAN_H_ +#define BOTAN_EC_DIFFIE_HELLMAN_H_ + +typedef struct botan_ec_diffie_hellman_t botan_ec_diffie_hellman_t; + +#include <library.h> + +/** + * Implementation of the EC Diffie-Hellman algorithm using Botan. + */ +struct botan_ec_diffie_hellman_t { + + /** + * Implements diffie_hellman_t interface. + */ + diffie_hellman_t dh; +}; + +/** + * Creates a new botan_ec_diffie_hellman_t object. + * + * @param group EC Diffie Hellman group number to use + * @return botan_ec_diffie_hellman_t object, NULL if not supported + */ +botan_ec_diffie_hellman_t *botan_ec_diffie_hellman_create( + diffie_hellman_group_t group); + +#endif /** BOTAN_EC_DIFFIE_HELLMAN_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_ec_private_key.c b/src/libstrongswan/plugins/botan/botan_ec_private_key.c new file mode 100644 index 000000000..f8dbb66d7 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_ec_private_key.c @@ -0,0 +1,452 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + + +#include "botan_ec_private_key.h" +#include "botan_ec_public_key.h" +#include "botan_util.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_ECDSA + +#include <asn1/asn1.h> +#include <asn1/oid.h> + +#include <utils/debug.h> + +#include <botan/ffi.h> + +typedef struct private_botan_ec_private_key_t private_botan_ec_private_key_t; + +/** + * Private data of a botan_ec_private_key_t object. + */ +struct private_botan_ec_private_key_t { + + /** + * Public interface + */ + botan_ec_private_key_t public; + + /** + * Botan ec private key + */ + botan_privkey_t key; + + /** + * OID of the curve + */ + int oid; + + /** + * Reference count + */ + refcount_t ref; +}; + +#define SIG_FORMAT_IEEE_1363 0 +#define SIG_FORMAT_DER_SEQUENCE 1 + +/** + * Build a DER encoded signature as in RFC 3279 or as in RFC 4754 + */ +static bool build_signature(botan_privkey_t key, const char *hash_and_padding, + int signature_format, chunk_t data, + chunk_t *signature) +{ + if (!botan_get_signature(key, hash_and_padding, data, signature)) + { + return FALSE; + } + + if (signature_format == SIG_FORMAT_DER_SEQUENCE) + { + /* format as ASN.1 sequence of two integers r,s */ + chunk_t r = chunk_empty, s = chunk_empty; + + chunk_split(*signature, "aa", signature->len / 2, &r, + signature->len / 2, &s); + + chunk_free(signature); + *signature = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_integer("m", r), + asn1_integer("m", s)); + } + return TRUE; +} + +METHOD(private_key_t, sign, bool, + private_botan_ec_private_key_t *this, signature_scheme_t scheme, + void *params, chunk_t data, chunk_t *signature) +{ + switch (scheme) + { + /* r||s -> Botan::IEEE_1363, data is the hash already */ + case SIGN_ECDSA_WITH_NULL: + return build_signature(this->key, "Raw", + SIG_FORMAT_IEEE_1363, data, signature); + /* DER SEQUENCE of two INTEGERS r,s -> Botan::DER_SEQUENCE */ + case SIGN_ECDSA_WITH_SHA1_DER: + return build_signature(this->key, "EMSA1(SHA-1)", + SIG_FORMAT_DER_SEQUENCE, data, signature); + case SIGN_ECDSA_WITH_SHA256_DER: + return build_signature(this->key, "EMSA1(SHA-256)", + SIG_FORMAT_DER_SEQUENCE, data, signature); + case SIGN_ECDSA_WITH_SHA384_DER: + return build_signature(this->key, "EMSA1(SHA-384)", + SIG_FORMAT_DER_SEQUENCE, data, signature); + case SIGN_ECDSA_WITH_SHA512_DER: + return build_signature(this->key, "EMSA1(SHA-512)", + SIG_FORMAT_DER_SEQUENCE, data, signature); + /* r||s -> Botan::IEEE_1363 */ + case SIGN_ECDSA_256: + return build_signature(this->key, "EMSA1(SHA-256)", + SIG_FORMAT_IEEE_1363, data, signature); + case SIGN_ECDSA_384: + return build_signature(this->key, "EMSA1(SHA-384)", + SIG_FORMAT_IEEE_1363, data, signature); + case SIGN_ECDSA_521: + return build_signature(this->key, "EMSA1(SHA-512)", + SIG_FORMAT_IEEE_1363, data, signature); + default: + DBG1(DBG_LIB, "signature scheme %N not supported via botan", + signature_scheme_names, scheme); + return FALSE; + } +} + +METHOD(private_key_t, decrypt, bool, + private_botan_ec_private_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain) +{ + DBG1(DBG_LIB, "EC private key decryption not implemented"); + return FALSE; +} + +METHOD(private_key_t, get_keysize, int, + private_botan_ec_private_key_t *this) +{ + botan_mp_t p; + size_t bits = 0; + + if (botan_mp_init(&p)) + { + return 0; + } + + if (botan_privkey_get_field(p, this->key, "p") || + botan_mp_num_bits(p, &bits)) + { + botan_mp_destroy(p); + return 0; + } + + botan_mp_destroy(p); + return bits; +} + +METHOD(private_key_t, get_type, key_type_t, + private_botan_ec_private_key_t *this) +{ + return KEY_ECDSA; +} + +METHOD(private_key_t, get_public_key, public_key_t*, + private_botan_ec_private_key_t *this) +{ + botan_pubkey_t pubkey; + + if (botan_privkey_export_pubkey(&pubkey, this->key)) + { + return NULL; + } + return (public_key_t*)botan_ec_public_key_adopt(pubkey); +} + +METHOD(private_key_t, get_fingerprint, bool, + private_botan_ec_private_key_t *this, cred_encoding_type_t type, + chunk_t *fingerprint) +{ + botan_pubkey_t pubkey; + bool success = FALSE; + + /* check the cache before doing the export */ + if (lib->encoding->get_cache(lib->encoding, type, this, fingerprint)) + { + return TRUE; + } + + if (botan_privkey_export_pubkey(&pubkey, this->key)) + { + return FALSE; + } + success = botan_get_fingerprint(pubkey, this, type, fingerprint); + botan_pubkey_destroy(pubkey); + return success; +} + +METHOD(private_key_t, get_encoding, bool, + private_botan_ec_private_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) +{ + return botan_get_privkey_encoding(this->key, type, encoding); +} + +METHOD(private_key_t, get_ref, private_key_t*, + private_botan_ec_private_key_t *this) +{ + ref_get(&this->ref); + return &this->public.key; +} + +METHOD(private_key_t, destroy, void, + private_botan_ec_private_key_t *this) +{ + if (ref_put(&this->ref)) + { + lib->encoding->clear_cache(lib->encoding, this); + botan_privkey_destroy(this->key); + free(this); + } +} + +/** + * Internal generic constructor + */ +static private_botan_ec_private_key_t *create_empty(int oid) +{ + private_botan_ec_private_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .sign = _sign, + .decrypt = _decrypt, + .get_keysize = _get_keysize, + .get_public_key = _get_public_key, + .equals = private_key_equals, + .belongs_to = private_key_belongs_to, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = private_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .oid = oid, + .ref = 1, + ); + + return this; +} + +/* + * Described in header + */ +botan_ec_private_key_t *botan_ec_private_key_adopt(botan_privkey_t key, int oid) +{ + private_botan_ec_private_key_t *this; + + this = create_empty(oid); + this->key = key; + + return &this->public; +} + +/* + * Described in header + */ +botan_ec_private_key_t *botan_ec_private_key_gen(key_type_t type, va_list args) +{ + private_botan_ec_private_key_t *this; + botan_rng_t rng; + u_int key_size = 0; + int oid; + const char *curve; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_KEY_SIZE: + key_size = va_arg(args, u_int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (!key_size) + { + return NULL; + } + + switch (key_size) + { + case 256: + curve = "secp256r1"; + oid = OID_PRIME256V1; + break; + case 384: + curve = "secp384r1"; + oid = OID_SECT384R1; + break; + case 521: + curve = "secp521r1"; + oid = OID_SECT521R1; + break; + default: + DBG1(DBG_LIB, "EC private key size %d not supported via botan", + key_size); + return NULL; + } + + if (botan_rng_init(&rng, "system")) + { + return NULL; + } + + this = create_empty(oid); + + if (botan_privkey_create_ecdsa(&this->key, rng, curve)) + { + DBG1(DBG_LIB, "EC private key generation failed"); + botan_rng_destroy(rng); + free(this); + return NULL; + } + + botan_rng_destroy(rng); + return &this->public; +} + +/* + * Described in header + */ +botan_ec_private_key_t *botan_ec_private_key_load(key_type_t type, va_list args) +{ + private_botan_ec_private_key_t *this; + chunk_t params = chunk_empty, key = chunk_empty; + chunk_t alg_id = chunk_empty, pkcs8 = chunk_empty; + botan_rng_t rng; + int oid = OID_UNKNOWN; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ALGID_PARAMS: + params = va_arg(args, chunk_t); + continue; + case BUILD_BLOB_ASN1_DER: + key = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + /* + * Botan expects a PKCS#8 private key, so we build one, if necessary. + * RFC 5480 mandates ECParameters as part of the algorithmIdentifier, which + * we should get from e.g. the pkcs8 plugin. + */ + if (params.len != 0 && type == KEY_ECDSA) + { + /* if ECParameters is passed, just use it */ + alg_id = asn1_algorithmIdentifier_params(OID_EC_PUBLICKEY, + chunk_clone(params)); + if (asn1_unwrap(¶ms, ¶ms) == ASN1_OID) + { + oid = asn1_known_oid(params); + } + } + else + { + /* + * no explicit ECParameters passed, try to extract them from the + * ECPrivateKey structure and create an algorithmIdentifier + */ + chunk_t unwrap = key, inner; + + if (asn1_unwrap(&unwrap, &unwrap) == ASN1_SEQUENCE && + asn1_unwrap(&unwrap, &inner) == ASN1_INTEGER && + asn1_parse_integer_uint64(inner) == 1 && + asn1_unwrap(&unwrap, &inner) == ASN1_OCTET_STRING && + asn1_unwrap(&unwrap, &inner) == ASN1_CONTEXT_C_0 && + asn1_unwrap(&inner, &inner) == ASN1_OID) + { + oid = asn1_known_oid(inner); + if (oid != OID_UNKNOWN) + { + alg_id = asn1_algorithmIdentifier_params(OID_EC_PUBLICKEY, + asn1_simple_object(ASN1_OID, inner)); + } + } + } + + if (oid == OID_UNKNOWN) + { + chunk_free(&alg_id); + return NULL; + } + + pkcs8 = asn1_wrap(ASN1_SEQUENCE, "mms", + asn1_integer("c", chunk_from_chars(0x00)), + alg_id, + asn1_wrap(ASN1_OCTET_STRING, "c", key)); + + this = create_empty(oid); + + if (botan_rng_init(&rng, "user")) + { + chunk_clear(&pkcs8); + free(this); + return NULL; + } + + if (botan_privkey_load(&this->key, rng, pkcs8.ptr, pkcs8.len, NULL)) + { + chunk_clear(&pkcs8); + botan_rng_destroy(rng); + free(this); + return NULL; + } + + chunk_clear(&pkcs8); + botan_rng_destroy(rng); + return &this->public; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_ec_private_key.h b/src/libstrongswan/plugins/botan/botan_ec_private_key.h new file mode 100644 index 000000000..2b9686ceb --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_ec_private_key.h @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_ec_private_key botan_ec_private_key + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_EC_PRIVATE_KEY_H_ +#define BOTAN_EC_PRIVATE_KEY_H_ + +#include <botan/ffi.h> + +#include <credentials/builder.h> +#include <credentials/keys/private_key.h> + +typedef struct botan_ec_private_key_t botan_ec_private_key_t; + +/** + * private_key_t implementation of ECDSA using Botan. + */ +struct botan_ec_private_key_t { + + /** + * Implements private_key_t interface + */ + private_key_t key; +}; + +/** + * Generate a ECDSA private key using Botan. + * + * Accepts the BUILD_KEY_SIZE argument. + * + * @param type type of the key, must be KEY_ECDSA + * @param args builder_part_t argument list + * @return generated key, NULL on failure + */ +botan_ec_private_key_t *botan_ec_private_key_gen(key_type_t type, va_list args); + +/** + * Load a ECDSA private key using Botan. + * + * Accepts a BUILD_BLOB_ASN1_DER argument. + * + * @param type type of the key, must be KEY_ECDSA + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +botan_ec_private_key_t *botan_ec_private_key_load(key_type_t type, + va_list args); + +/** + * Load a ECDSA private key by adopting a botan_privkey_t object. + * + * @param key private key object (adopted) + * @param oid EC curve OID + * @return loaded key, NULL on failure + */ +botan_ec_private_key_t *botan_ec_private_key_adopt(botan_privkey_t key, + int oid); + +#endif /** BOTAN_EC_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_ec_public_key.c b/src/libstrongswan/plugins/botan/botan_ec_public_key.c new file mode 100644 index 000000000..4c85dbcec --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_ec_public_key.c @@ -0,0 +1,277 @@ +/* + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_ec_public_key.h" +#include "botan_util.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_ECDSA + +#include <asn1/asn1.h> +#include <asn1/asn1_parser.h> + +#include <utils/debug.h> + +#include <botan/ffi.h> + +typedef struct private_botan_ec_public_key_t private_botan_ec_public_key_t; + +/** + * Private data structure with signing context. + */ +struct private_botan_ec_public_key_t { + + /** + * Public interface for this signer + */ + botan_ec_public_key_t public; + + /** + * Botan ec public key + */ + botan_pubkey_t key; + + /** + * Reference counter + */ + refcount_t ref; +}; + +#define SIG_FORMAT_IEEE_1363 0 +#define SIG_FORMAT_DER_SEQUENCE 1 + +/** + * Verification of a DER encoded signature as in RFC 3279 or as in RFC 4754 + */ +static bool verify_signature(private_botan_ec_public_key_t *this, + const char* hash_and_padding, int signature_format, size_t keylen, + chunk_t data, chunk_t signature) +{ + botan_pk_op_verify_t verify_op; + chunk_t sig = signature; + bool valid = FALSE; + + if (signature_format == SIG_FORMAT_DER_SEQUENCE) + { + /* + * botan requires a signature in IEEE 1363 format (r||s) + * re-encode from ASN.1 sequence of two integers r,s + */ + chunk_t parse = signature, r, s; + + if (asn1_unwrap(&parse, &parse) != ASN1_SEQUENCE || + asn1_unwrap(&parse, &r) != ASN1_INTEGER || + asn1_unwrap(&parse, &s) != ASN1_INTEGER) + { + return FALSE; + } + + r = chunk_skip_zero(r); + s = chunk_skip_zero(s); + + /* + * r and s must be of size m_order.bytes()/2 each + */ + if (r.len > keylen || s.len > keylen) + { + return FALSE; + } + + sig = chunk_alloca(2 * keylen); + memset(sig.ptr, 0, sig.len); + memcpy(sig.ptr + (keylen - r.len), r.ptr, r.len); + memcpy(sig.ptr + keylen + (keylen - s.len), s.ptr, s.len); + } + + if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0)) + { + return FALSE; + } + + if (botan_pk_op_verify_update(verify_op, data.ptr, data.len)) + { + botan_pk_op_verify_destroy(verify_op); + return FALSE; + } + + valid = !(botan_pk_op_verify_finish(verify_op, sig.ptr, sig.len)); + + botan_pk_op_verify_destroy(verify_op); + return valid; +} + +METHOD(public_key_t, get_type, key_type_t, + private_botan_ec_public_key_t *this) +{ + return KEY_ECDSA; +} + +METHOD(public_key_t, get_keysize, int, + private_botan_ec_public_key_t *this) +{ + botan_mp_t p; + size_t bits = 0; + + if (botan_mp_init(&p)) + { + return 0; + } + + if (botan_pubkey_get_field(p, this->key, "p") || + botan_mp_num_bits(p, &bits)) + { + botan_mp_destroy(p); + return 0; + } + + botan_mp_destroy(p); + return bits; +} + +METHOD(public_key_t, verify, bool, + private_botan_ec_public_key_t *this, signature_scheme_t scheme, + void *params, chunk_t data, chunk_t signature) +{ + size_t keylen = (get_keysize(this) + 7) / 8; + const char *hash_and_padding; + int sig_format; + + switch (scheme) + { + /* r||s -> Botan::IEEE_1363, data is the hash already */ + case SIGN_ECDSA_WITH_NULL: + hash_and_padding = "Raw"; + sig_format = SIG_FORMAT_IEEE_1363; + break; + /* DER SEQUENCE of two INTEGERS r,s -> Botan::DER_SEQUENCE */ + case SIGN_ECDSA_WITH_SHA1_DER: + hash_and_padding = "EMSA1(SHA-1)"; + sig_format = SIG_FORMAT_DER_SEQUENCE; + break; + case SIGN_ECDSA_WITH_SHA256_DER: + hash_and_padding = "EMSA1(SHA-256)"; + sig_format = SIG_FORMAT_DER_SEQUENCE; + break; + case SIGN_ECDSA_WITH_SHA384_DER: + hash_and_padding = "EMSA1(SHA-384)"; + sig_format = SIG_FORMAT_DER_SEQUENCE; + break; + case SIGN_ECDSA_WITH_SHA512_DER: + hash_and_padding = "EMSA1(SHA-512)"; + sig_format = SIG_FORMAT_DER_SEQUENCE; + break; + /* r||s -> Botan::IEEE_1363 */ + case SIGN_ECDSA_256: + hash_and_padding = "EMSA1(SHA-256)"; + sig_format = SIG_FORMAT_IEEE_1363; + break; + case SIGN_ECDSA_384: + hash_and_padding = "EMSA1(SHA-384)"; + sig_format = SIG_FORMAT_IEEE_1363; + break; + case SIGN_ECDSA_521: + hash_and_padding = "EMSA1(SHA-512)"; + sig_format = SIG_FORMAT_IEEE_1363; + break; + default: + DBG1(DBG_LIB, "signature scheme %N not supported via botan", + signature_scheme_names, scheme); + return FALSE; + } + + return verify_signature(this, hash_and_padding, + sig_format, keylen, data, signature); +} + +METHOD(public_key_t, encrypt, bool, + private_botan_ec_public_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain) +{ + DBG1(DBG_LIB, "EC public key encryption not implemented"); + return FALSE; +} + +METHOD(public_key_t, get_fingerprint, bool, + private_botan_ec_public_key_t *this, cred_encoding_type_t type, + chunk_t *fingerprint) +{ + return botan_get_fingerprint(this->key, this, type, fingerprint); +} + +METHOD(public_key_t, get_encoding, bool, + private_botan_ec_public_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) +{ + return botan_get_encoding(this->key, type, encoding); +} + +METHOD(public_key_t, get_ref, public_key_t*, + private_botan_ec_public_key_t *this) +{ + ref_get(&this->ref); + return &this->public.key; +} + +METHOD(public_key_t, destroy, void, + private_botan_ec_public_key_t *this) +{ + if (ref_put(&this->ref)) + { + lib->encoding->clear_cache(lib->encoding, this); + botan_pubkey_destroy(this->key); + free(this); + } +} + +/* + * Described in header + */ +botan_ec_public_key_t *botan_ec_public_key_adopt(botan_pubkey_t key) +{ + private_botan_ec_public_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .verify = _verify, + .encrypt = _encrypt, + .get_keysize = _get_keysize, + .equals = public_key_equals, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = public_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .key = key, + .ref = 1, + ); + + return &this->public; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_ec_public_key.h b/src/libstrongswan/plugins/botan/botan_ec_public_key.h new file mode 100644 index 000000000..ddb3d5b04 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_ec_public_key.h @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#ifndef BOTAN_EC_PUBLIC_KEY_H_ +#define BOTAN_EC_PUBLIC_KEY_H_ + +#include <botan/ffi.h> + +#include <credentials/builder.h> +#include <credentials/keys/public_key.h> + +typedef struct botan_ec_public_key_t botan_ec_public_key_t; + +/** + * public_key_t implementation of ECDSA using botan. + */ +struct botan_ec_public_key_t { + + /** + * Implements the public_key_t interface + */ + public_key_t key; +}; + +/** + * Load a ECDSA public key by adopting a botan_pubkey_t object. + * + * @param key public key object (adopted) + * @return loaded key, NULL on failure + */ +botan_ec_public_key_t *botan_ec_public_key_adopt(botan_pubkey_t key); + +#endif /** BOTAN_EC_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_gcm.c b/src/libstrongswan/plugins/botan/botan_gcm.c new file mode 100644 index 000000000..7e0fc1468 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_gcm.c @@ -0,0 +1,333 @@ +/* + * Copyright (C) 2018 Atanas Filyanov + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_gcm.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_AES +#ifdef BOTAN_HAS_AEAD_GCM + +#include <crypto/iv/iv_gen_seq.h> + +#include <botan/ffi.h> + +/** + * as defined in RFC 4106 + */ +#define IV_LEN 8 +#define SALT_LEN 4 +#define NONCE_LEN (IV_LEN + SALT_LEN) + +typedef struct private_aead_t private_aead_t; + +struct private_aead_t { + + /** + * Public interface + */ + aead_t public; + + /** + * The encryption key + */ + chunk_t key; + + /** + * Salt value + */ + char salt[SALT_LEN]; + + /** + * Size of the integrity check value + */ + size_t icv_size; + + /** + * IV generator + */ + iv_gen_t *iv_gen; + + /** + * The cipher to use + */ + const char* cipher_name; +}; + +/** + * Do the actual en/decryption + */ +static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv, + u_char *out, uint32_t init_flag) +{ + botan_cipher_t cipher; + uint8_t nonce[NONCE_LEN]; + size_t output_written = 0, input_consumed = 0; + + memcpy(nonce, this->salt, SALT_LEN); + memcpy(nonce + SALT_LEN, iv.ptr, IV_LEN); + + if (botan_cipher_init(&cipher, this->cipher_name, init_flag)) + { + return FALSE; + } + + if (botan_cipher_set_key(cipher, this->key.ptr, this->key.len)) + { + botan_cipher_destroy(cipher); + return FALSE; + } + + if (assoc.len && + botan_cipher_set_associated_data(cipher, assoc.ptr, assoc.len)) + { + botan_cipher_destroy(cipher); + return FALSE; + } + + if (botan_cipher_start(cipher, nonce, NONCE_LEN)) + { + botan_cipher_destroy(cipher); + return FALSE; + } + + if (init_flag == BOTAN_CIPHER_INIT_FLAG_ENCRYPT) + { + if (botan_cipher_update(cipher, BOTAN_CIPHER_UPDATE_FLAG_FINAL, + out, data.len + this->icv_size, &output_written, + data.ptr, data.len, &input_consumed)) + { + botan_cipher_destroy(cipher); + return FALSE; + } + } + else if (init_flag == BOTAN_CIPHER_INIT_FLAG_DECRYPT) + { + if (botan_cipher_update(cipher, BOTAN_CIPHER_UPDATE_FLAG_FINAL, + out, data.len, &output_written, data.ptr, + data.len + this->icv_size, &input_consumed)) + { + botan_cipher_destroy(cipher); + return FALSE; + } + } + + botan_cipher_destroy(cipher); + + return TRUE; +} + +METHOD(aead_t, encrypt, bool, + private_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv, + chunk_t *encrypted) +{ + u_char *out; + + out = plain.ptr; + if (encrypted) + { + *encrypted = chunk_alloc(plain.len + this->icv_size); + out = encrypted->ptr; + } + return crypt(this, plain, assoc, iv, out, BOTAN_CIPHER_INIT_FLAG_ENCRYPT); +} + +METHOD(aead_t, decrypt, bool, + private_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv, + chunk_t *plain) +{ + u_char *out; + + if (encrypted.len < this->icv_size) + { + return FALSE; + } + encrypted.len -= this->icv_size; + + out = encrypted.ptr; + if (plain) + { + *plain = chunk_alloc(encrypted.len); + out = plain->ptr; + } + return crypt(this, encrypted, assoc, iv, out, + BOTAN_CIPHER_INIT_FLAG_DECRYPT); +} + +METHOD(aead_t, get_block_size, size_t, + private_aead_t *this) +{ + return 1; +} + +METHOD(aead_t, get_icv_size, size_t, + private_aead_t *this) +{ + return this->icv_size; +} + +METHOD(aead_t, get_iv_size, size_t, + private_aead_t *this) +{ + return IV_LEN; +} + +METHOD(aead_t, get_iv_gen, iv_gen_t*, + private_aead_t *this) +{ + return this->iv_gen; +} + +METHOD(aead_t, get_key_size, size_t, + private_aead_t *this) +{ + return this->key.len + SALT_LEN; +} + +METHOD(aead_t, set_key, bool, + private_aead_t *this, chunk_t key) +{ + if (key.len != get_key_size(this)) + { + return FALSE; + } + memcpy(this->salt, key.ptr + key.len - SALT_LEN, SALT_LEN); + memcpy(this->key.ptr, key.ptr, this->key.len); + return TRUE; +} + +METHOD(aead_t, destroy, void, + private_aead_t *this) +{ + chunk_clear(&this->key); + this->iv_gen->destroy(this->iv_gen); + free(this); +} + +/* + * Described in header + */ +aead_t *botan_gcm_create(encryption_algorithm_t algo, size_t key_size, + size_t salt_size) +{ + private_aead_t *this; + + INIT(this, + .public = { + .encrypt = _encrypt, + .decrypt = _decrypt, + .get_block_size = _get_block_size, + .get_icv_size = _get_icv_size, + .get_iv_size = _get_iv_size, + .get_iv_gen = _get_iv_gen, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + ); + + if (salt_size && salt_size != SALT_LEN) + { + /* currently not supported */ + free(this); + return NULL; + } + + switch (algo) + { + case ENCR_AES_GCM_ICV8: + switch (key_size) + { + case 0: + key_size = 16; + /* FALL */ + case 16: + this->cipher_name = "AES-128/GCM(8)"; + break; + case 24: + this->cipher_name = "AES-192/GCM(8)"; + break; + case 32: + this->cipher_name = "AES-256/GCM(8)"; + break; + default: + free(this); + return NULL; + } + this->icv_size = 8; + break; + case ENCR_AES_GCM_ICV12: + switch (key_size) + { + case 0: + key_size = 16; + /* FALL */ + case 16: + this->cipher_name = "AES-128/GCM(12)"; + break; + case 24: + this->cipher_name = "AES-192/GCM(12)"; + break; + case 32: + this->cipher_name = "AES-256/GCM(12)"; + break; + default: + free(this); + return NULL; + } + this->icv_size = 12; + break; + case ENCR_AES_GCM_ICV16: + switch (key_size) + { + case 0: + key_size = 16; + /* FALL */ + case 16: + this->cipher_name = "AES-128/GCM"; + break; + case 24: + this->cipher_name = "AES-192/GCM"; + break; + case 32: + this->cipher_name = "AES-256/GCM"; + break; + default: + free(this); + return NULL; + } + this->icv_size = 16; + break; + default: + free(this); + return NULL; + } + + this->key = chunk_alloc(key_size); + this->iv_gen = iv_gen_seq_create(); + + return &this->public; +} + +#endif +#endif diff --git a/src/libstrongswan/plugins/botan/botan_gcm.h b/src/libstrongswan/plugins/botan/botan_gcm.h new file mode 100644 index 000000000..b2053cb4d --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_gcm.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2018 Atanas Filyanov + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * Implements the aead_t interface using Botan in GCM mode. + * + * @defgroup botan_gcm botan_gcm + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_GCM_H_ +#define BOTAN_GCM_H_ + +#include <crypto/aead.h> + +/** + * Constructor to create aead_t implementation. + * + * @param algo algorithm to implement + * @param key_size key size in bytes + * @param salt_size size of implicit salt length + * @return aead_t object, NULL if not supported + */ +aead_t *botan_gcm_create(encryption_algorithm_t algo, size_t key_size, + size_t salt_size); + +#endif /** BOTAN_GCM_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_hasher.c b/src/libstrongswan/plugins/botan/botan_hasher.c new file mode 100644 index 000000000..d574db0dc --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_hasher.c @@ -0,0 +1,136 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_hasher.h" +#include "botan_util.h" + +#include <utils/debug.h> + +#include <botan/ffi.h> + +typedef struct private_botan_hasher_t private_botan_hasher_t; + +/** + * Private data of botan_hasher_t + */ +struct private_botan_hasher_t { + + /** + * Public part of this class. + */ + botan_hasher_t public; + + /** + * botan hash instance + */ + botan_hash_t hash; +}; + +METHOD(hasher_t, get_hash_size, size_t, + private_botan_hasher_t *this) +{ + size_t len = 0; + + if (botan_hash_output_length(this->hash, &len)) + { + return 0; + } + return len; +} + +METHOD(hasher_t, reset, bool, + private_botan_hasher_t *this) +{ + if (botan_hash_clear(this->hash)) + { + return FALSE; + } + return TRUE; +} + +METHOD(hasher_t, get_hash, bool, + private_botan_hasher_t *this, chunk_t chunk, uint8_t *hash) +{ + if (botan_hash_update(this->hash, chunk.ptr, chunk.len)) + { + return FALSE; + } + + if (hash && botan_hash_final(this->hash, hash)) + { + return FALSE; + } + return TRUE; +} + +METHOD(hasher_t, allocate_hash, bool, + private_botan_hasher_t *this, chunk_t chunk, chunk_t *hash) +{ + if (hash) + { + *hash = chunk_alloc(get_hash_size(this)); + return get_hash(this, chunk, hash->ptr); + } + return get_hash(this, chunk, NULL); +} + +METHOD(hasher_t, destroy, void, + private_botan_hasher_t *this) +{ + botan_hash_destroy(this->hash); + free(this); +} + +/* + * Described in header + */ +botan_hasher_t *botan_hasher_create(hash_algorithm_t algo) +{ + private_botan_hasher_t *this; + const char* hash_name; + + hash_name = botan_get_hash(algo); + if (!hash_name) + { + return FALSE; + } + + INIT(this, + .public = { + .hasher = { + .get_hash = _get_hash, + .allocate_hash = _allocate_hash, + .get_hash_size = _get_hash_size, + .reset = _reset, + .destroy = _destroy, + }, + }, + ); + + if (botan_hash_init(&this->hash, hash_name, 0)) + { + free(this); + return NULL; + } + return &this->public; +} diff --git a/src/libstrongswan/plugins/botan/botan_hasher.h b/src/libstrongswan/plugins/botan/botan_hasher.h new file mode 100644 index 000000000..164f63711 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_hasher.h @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_hasher botan_hasher + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_HASHER_H_ +#define BOTAN_HASHER_H_ + +typedef struct botan_hasher_t botan_hasher_t; + +#include <crypto/hashers/hasher.h> + +/** + * Implementation of hashers using botan. + */ +struct botan_hasher_t { + + /** + * The hasher_t interface. + */ + hasher_t hasher; +}; + +/** + * Constructor to create botan_hasher_t. + * + * @param algo algorithm + * @return botan_hasher_t, NULL if not supported + */ +botan_hasher_t *botan_hasher_create(hash_algorithm_t algo); + +#endif /** BOTAN_HASHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_hmac.c b/src/libstrongswan/plugins/botan/botan_hmac.c new file mode 100644 index 000000000..367d27f24 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_hmac.c @@ -0,0 +1,172 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_hmac.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_HMAC + +#include <crypto/mac.h> +#include <crypto/prfs/mac_prf.h> +#include <crypto/signers/mac_signer.h> + +#include <botan/ffi.h> + +typedef struct private_botan_mac_t private_botan_mac_t; + +/** + * Private data of a mac_t object. + */ +struct private_botan_mac_t { + + /** + * Public interface + */ + mac_t public; + + /** + * HMAC + */ + botan_mac_t hmac; +}; + +METHOD(mac_t, set_key, bool, + private_botan_mac_t *this, chunk_t key) +{ + if (botan_mac_set_key(this->hmac, key.ptr, key.len)) + { + return FALSE; + } + return TRUE; +} + +METHOD(mac_t, get_mac, bool, + private_botan_mac_t *this, chunk_t data, uint8_t *out) +{ + if (botan_mac_update(this->hmac, data.ptr, data.len)) + { + return FALSE; + } + + if (out && botan_mac_final(this->hmac, out)) + { + return FALSE; + } + return TRUE; +} + +METHOD(mac_t, get_mac_size, size_t, + private_botan_mac_t *this) +{ + size_t len = 0; + + if (botan_mac_output_length(this->hmac, &len)) + { + return 0; + } + return len; +} + +METHOD(mac_t, destroy, void, + private_botan_mac_t *this) +{ + botan_mac_destroy(this->hmac); + free(this); +} + +/* + * Create a Botan-backed implementation of the mac_t interface + */ +static mac_t *hmac_create(hash_algorithm_t algo) +{ + private_botan_mac_t *this; + const char* hmac_name; + + switch (algo) + { + case HASH_SHA1: + hmac_name = "HMAC(SHA-1)"; + break; + case HASH_SHA256: + hmac_name = "HMAC(SHA-256)"; + break; + case HASH_SHA384: + hmac_name = "HMAC(SHA-384)"; + break; + case HASH_SHA512: + hmac_name = "HMAC(SHA-512)"; + break; + default: + return NULL; + } + + INIT(this, + .public = { + .get_mac = _get_mac, + .get_mac_size = _get_mac_size, + .set_key = _set_key, + .destroy = _destroy, + } + ); + + if (botan_mac_init(&this->hmac, hmac_name, 0)) + { + free(this); + return NULL; + } + return &this->public; +} + +/* + * Described in header + */ +prf_t *botan_hmac_prf_create(pseudo_random_function_t algo) +{ + mac_t *hmac; + + hmac = hmac_create(hasher_algorithm_from_prf(algo)); + if (hmac) + { + return mac_prf_create(hmac); + } + return NULL; +} + +/* + * Described in header + */ +signer_t *botan_hmac_signer_create(integrity_algorithm_t algo) +{ + mac_t *hmac; + size_t trunc; + + hmac = hmac_create(hasher_algorithm_from_integrity(algo, &trunc)); + if (hmac) + { + return mac_signer_create(hmac, trunc); + } + return NULL; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_hmac.h b/src/libstrongswan/plugins/botan/botan_hmac.h new file mode 100644 index 000000000..1deeea961 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_hmac.h @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * Implements HMAC based PRF and signer using Botan's HMAC functions. + * + * @defgroup botan_hmac botan_hmac + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_HMAC_H_ +#define BOTAN_HMAC_H_ + +#include <crypto/prfs/prf.h> +#include <crypto/signers/signer.h> + +/** + * Creates a new prf_t object based on an HMAC. + * + * @param algo algorithm to implement + * @return prf_t object, NULL if not supported + */ +prf_t *botan_hmac_prf_create(pseudo_random_function_t algo); + +/** + * Creates a new signer_t object based on an HMAC. + * + * @param algo algorithm to implement + * @return signer_t, NULL if not supported + */ +signer_t *botan_hmac_signer_create(integrity_algorithm_t algo); + +#endif /** BOTAN_HMAC_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_plugin.c b/src/libstrongswan/plugins/botan/botan_plugin.c new file mode 100644 index 000000000..fd8e5f5a6 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_plugin.c @@ -0,0 +1,313 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Copyright (C) 2018 Konstantinos Kolelis + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_plugin.h" +#include "botan_rng.h" +#include "botan_hasher.h" +#include "botan_crypter.h" +#include "botan_diffie_hellman.h" +#include "botan_hmac.h" +#include "botan_rsa_public_key.h" +#include "botan_rsa_private_key.h" +#include "botan_ec_diffie_hellman.h" +#include "botan_ec_public_key.h" +#include "botan_ec_private_key.h" +#include "botan_gcm.h" +#include "botan_util_keys.h" +#include "botan_x25519.h" + +#include <library.h> + +#include <botan/build.h> +#include <botan/ffi.h> + +typedef struct private_botan_plugin_t private_botan_plugin_t; + +/** + * private data of botan_plugin + */ +struct private_botan_plugin_t { + + /** + * public functions + */ + botan_plugin_t public; +}; + +METHOD(plugin_t, get_name, char*, + private_botan_plugin_t *this) +{ + return "botan"; +} + +METHOD(plugin_t, get_features, int, + private_botan_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + +#ifdef BOTAN_HAS_DIFFIE_HELLMAN + /* MODP DH groups */ + PLUGIN_REGISTER(DH, botan_diffie_hellman_create), + PLUGIN_PROVIDE(DH, MODP_3072_BIT), + PLUGIN_PROVIDE(DH, MODP_4096_BIT), + PLUGIN_PROVIDE(DH, MODP_6144_BIT), + PLUGIN_PROVIDE(DH, MODP_8192_BIT), + PLUGIN_PROVIDE(DH, MODP_2048_BIT), + PLUGIN_PROVIDE(DH, MODP_2048_224), + PLUGIN_PROVIDE(DH, MODP_2048_256), + PLUGIN_PROVIDE(DH, MODP_1536_BIT), + PLUGIN_PROVIDE(DH, MODP_1024_BIT), + PLUGIN_PROVIDE(DH, MODP_1024_160), + PLUGIN_PROVIDE(DH, MODP_768_BIT), + PLUGIN_PROVIDE(DH, MODP_CUSTOM), +#endif +#ifdef BOTAN_HAS_ECDH + /* EC DH groups */ + PLUGIN_REGISTER(DH, botan_ec_diffie_hellman_create), + PLUGIN_PROVIDE(DH, ECP_256_BIT), + PLUGIN_PROVIDE(DH, ECP_384_BIT), + PLUGIN_PROVIDE(DH, ECP_521_BIT), + PLUGIN_PROVIDE(DH, ECP_256_BP), + PLUGIN_PROVIDE(DH, ECP_384_BP), + PLUGIN_PROVIDE(DH, ECP_512_BP), +#endif +#ifdef BOTAN_HAS_X25519 + PLUGIN_REGISTER(DH, botan_x25519_create), + PLUGIN_PROVIDE(DH, CURVE_25519), +#endif + + /* crypters */ + PLUGIN_REGISTER(CRYPTER, botan_crypter_create), +#ifdef BOTAN_HAS_AES + #ifdef BOTAN_HAS_MODE_CBC + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32), + #endif + #ifdef BOTAN_HAS_AEAD_GCM + /* AES GCM */ + PLUGIN_REGISTER(AEAD, botan_gcm_create), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32), + #endif +#endif + /* hashers */ + PLUGIN_REGISTER(HASHER, botan_hasher_create), +#ifdef BOTAN_HAS_MD5 + PLUGIN_PROVIDE(HASHER, HASH_MD5), +#endif +#ifdef BOTAN_HAS_SHA1 + PLUGIN_PROVIDE(HASHER, HASH_SHA1), +#endif +#ifdef BOTAN_HAS_SHA2_32 + PLUGIN_PROVIDE(HASHER, HASH_SHA224), + PLUGIN_PROVIDE(HASHER, HASH_SHA256), +#endif +#ifdef BOTAN_HAS_SHA2_64 + PLUGIN_PROVIDE(HASHER, HASH_SHA384), + PLUGIN_PROVIDE(HASHER, HASH_SHA512), +#endif + /* prfs */ +#ifdef BOTAN_HAS_HMAC + PLUGIN_REGISTER(PRF, botan_hmac_prf_create), +#ifdef BOTAN_HAS_SHA1 + PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1), +#endif +#ifdef BOTAN_HAS_SHA2_32 + PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_256), +#endif +#ifdef BOTAN_HAS_SHA2_64 + PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_384), + PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512), +#endif + /* signer */ + PLUGIN_REGISTER(SIGNER, botan_hmac_signer_create), +#ifdef BOTAN_HAS_SHA1 + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_160), +#endif +#ifdef BOTAN_HAS_SHA2_32 + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_128), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_256), +#endif +#ifdef BOTAN_HAS_SHA2_64 + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512), +#endif +#endif /* BOTAN_HAS_HMAC */ + + /* generic key loaders */ +#if defined (BOTAN_HAS_RSA) || defined(BOTAN_HAS_ECDSA) + PLUGIN_REGISTER(PUBKEY, botan_public_key_load, TRUE), + PLUGIN_PROVIDE(PUBKEY, KEY_ANY), +#ifdef BOTAN_HAS_RSA + PLUGIN_PROVIDE(PUBKEY, KEY_RSA), +#endif +#ifdef BOTAN_HAS_ECDSA + PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA), +#endif + PLUGIN_REGISTER(PRIVKEY, botan_private_key_load, TRUE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), +#ifdef BOTAN_HAS_RSA + PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), +#endif +#ifdef BOTAN_HAS_ECDSA + PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA), +#endif +#endif + /* RSA */ +#ifdef BOTAN_HAS_RSA + /* public/private key loading/generation */ + PLUGIN_REGISTER(PUBKEY, botan_rsa_public_key_load, TRUE), + PLUGIN_PROVIDE(PUBKEY, KEY_RSA), + PLUGIN_REGISTER(PRIVKEY, botan_rsa_private_key_load, TRUE), + PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), + PLUGIN_REGISTER(PRIVKEY_GEN, botan_rsa_private_key_gen, FALSE), + PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA), + /* encryption/signature schemes */ +#ifdef BOTAN_HAS_EMSA_PKCS1 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL), +#ifdef BOTAN_HAS_SHA1 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), +#endif +#ifdef BOTAN_HAS_SHA2_32 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256), +#endif +#ifdef BOTAN_HAS_SHA2_64 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512), +#endif +#endif +#ifdef BOTAN_HAS_EMSA_PSSR + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS), +#endif + PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1), + PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1), +#ifdef BOTAN_HAS_EME_OAEP +#ifdef BOTAN_HAS_SHA2_32 + PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA224), + PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA256), +#endif +#ifdef BOTAN_HAS_SHA2_64 + PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA384), + PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA512), +#endif +#endif +#endif /* BOTAN_HAS_RSA */ + +#ifdef BOTAN_HAS_ECDSA + /* EC private/public key loading */ + PLUGIN_REGISTER(PRIVKEY, botan_ec_private_key_load, TRUE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), + PLUGIN_REGISTER(PRIVKEY_GEN, botan_ec_private_key_gen, FALSE), + PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA), +#ifdef BOTAN_HAS_EMSA_RAW + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL), +#endif +#ifdef BOTAN_HAS_EMSA1 +#ifdef BOTAN_HAS_SHA1 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER), +#endif +#ifdef BOTAN_HAS_SHA2_32 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256), +#endif +#ifndef BOTAN_HAS_SHA2_64 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521), +#endif +#endif /* BOTAN_HAS_EMSA1 */ +#endif /* BOTAN_HAS_ECDSA */ + + /* random numbers */ +#if BOTAN_HAS_SYSTEM_RNG +#if BOTAN_HAS_HMAC_DRBG + PLUGIN_REGISTER(RNG, botan_rng_create), + PLUGIN_PROVIDE(RNG, RNG_WEAK), + PLUGIN_PROVIDE(RNG, RNG_STRONG), + PLUGIN_PROVIDE(RNG, RNG_TRUE) +#endif +#endif + }; + *features = f; + return countof(f); +} + +METHOD(plugin_t, destroy, void, + private_botan_plugin_t *this) +{ + free(this); +} + +/* + * Described in header + */ +plugin_t *botan_plugin_create() +{ + private_botan_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + ); + + return &this->public.plugin; +} diff --git a/src/libstrongswan/plugins/botan/botan_plugin.h b/src/libstrongswan/plugins/botan/botan_plugin.h new file mode 100644 index 000000000..fdb08a90e --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_plugin.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_p botan + * @ingroup plugins + * + * @defgroup botan_plugin botan_plugin + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_PLUGIN_H_ +#define BOTAN_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct botan_plugin_t botan_plugin_t; + +/** + * Plugin implementing crypto functions using Botan. + */ +struct botan_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** BOTAN_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_rng.c b/src/libstrongswan/plugins/botan/botan_rng.c new file mode 100644 index 000000000..c49225c3c --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_rng.c @@ -0,0 +1,130 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_rng.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_HMAC_DRBG + +#include <botan/ffi.h> + +typedef struct private_botan_random_t private_botan_random_t; + +/** + * Private data of an botan_rng_t object. + */ +struct private_botan_random_t { + + /** + * Public botan_rnd_t interface. + */ + botan_random_t public; + + /** + * RNG quality of this instance + */ + rng_quality_t quality; + + /** + * RNG instance + */ + botan_rng_t rng; +}; + +METHOD(rng_t, get_bytes, bool, + private_botan_random_t *this, size_t bytes, uint8_t *buffer) +{ + return botan_rng_get(this->rng, buffer, bytes) == 0; +} + +METHOD(rng_t, allocate_bytes, bool, + private_botan_random_t *this, size_t bytes, chunk_t *chunk) +{ + *chunk = chunk_alloc(bytes); + if (!get_bytes(this, chunk->len, chunk->ptr)) + { + chunk_free(chunk); + return FALSE; + } + return TRUE; +} + +METHOD(rng_t, destroy, void, + private_botan_random_t *this) +{ + botan_rng_destroy(this->rng); + free(this); +} + +/* + * Described in header + */ +botan_random_t *botan_rng_create(rng_quality_t quality) +{ + private_botan_random_t *this; + const char* rng_name; + + switch (quality) + { + case RNG_WEAK: + case RNG_STRONG: + /* some rng_t instances of this class (e.g. in the ike-sa-manager) + * may be called concurrently by different threads. the Botan RNGs + * are not reentrant, by default, so use the threadsafe version. + * because we build without threading support when running tests + * with leak-detective (lots of reports of frees of unknown memory) + * there is a fallback to the default */ +#ifdef BOTAN_TARGET_OS_HAS_THREADS + rng_name = "user-threadsafe"; +#else + rng_name = "user"; +#endif + break; + case RNG_TRUE: + rng_name = "system"; + break; + default: + return NULL; + } + + INIT(this, + .public = { + .rng = { + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .destroy = _destroy, + }, + }, + .quality = quality, + ); + + if (botan_rng_init(&this->rng, rng_name)) + { + free(this); + return NULL; + } + return &this->public; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_rng.h b/src/libstrongswan/plugins/botan/botan_rng.h new file mode 100644 index 000000000..087288863 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_rng.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_rng botan_rng + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_RNG_H_ +#define BOTAN_RNG_H_ + +typedef struct botan_random_t botan_random_t; + +#include <library.h> + +/** + * rng_t implementation using botan. + * + * @note botan_rng_t is a botan reserved type. + */ +struct botan_random_t { + + /** + * Implements rng_t. + */ + rng_t rng; +}; + +/** + * Creates a botan_random_t instance. + * + * @param quality required quality of randomness + * @return botan_random_t instance + */ +botan_random_t *botan_rng_create(rng_quality_t quality); + +#endif /** BOTAN_RNG_H_ @} */ diff --git a/src/libstrongswan/plugins/botan/botan_rsa_private_key.c b/src/libstrongswan/plugins/botan/botan_rsa_private_key.c new file mode 100644 index 000000000..bb723ff95 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_rsa_private_key.c @@ -0,0 +1,694 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_rsa_private_key.h" +#include "botan_rsa_public_key.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_RSA + +#include "botan_util.h" + +#include <botan/ffi.h> + +#include <utils/debug.h> + +typedef struct private_botan_rsa_private_key_t private_botan_rsa_private_key_t; + +/** + * Private data of a botan_rsa_private_key_t object. + */ +struct private_botan_rsa_private_key_t { + + /** + * Public interface for this signer. + */ + botan_rsa_private_key_t public; + + /** + * Botan private key + */ + botan_privkey_t key; + + /** + * reference count + */ + refcount_t ref; +}; + +/** + * Get the Botan string identifier for an EMSA PSS signature + */ +bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len) +{ + const char *hash; + + if (!params) + { + return FALSE; + } + + /* botan currently does not support passing the mgf1 hash */ + if (params->hash != params->mgf1_hash) + { + DBG1(DBG_LIB, "passing mgf1 hash not supported via botan"); + return FALSE; + } + + hash = botan_get_hash(params->hash); + if (!hash) + { + return FALSE; + } + + if (params->salt_len > RSA_PSS_SALT_LEN_DEFAULT) + { + return snprintf(id, len, "EMSA-PSS(%s,MGF1,%zd)", hash, + params->salt_len) < len; + } + return snprintf(id, len, "EMSA-PSS(%s,MGF1)", hash) < len; +} + +/** + * Build an EMSA PSS signature described in PKCS#1 + */ +static bool build_emsa_pss_signature(private_botan_rsa_private_key_t *this, + rsa_pss_params_t *params, chunk_t data, + chunk_t *sig) +{ + char hash_and_padding[BUF_LEN]; + + if (!botan_emsa_pss_identifier(params, hash_and_padding, + sizeof(hash_and_padding))) + { + return FALSE; + } + return botan_get_signature(this->key, hash_and_padding, data, sig); +} + +METHOD(private_key_t, get_type, key_type_t, + private_botan_rsa_private_key_t *this) +{ + return KEY_RSA; +} + +METHOD(private_key_t, sign, bool, + private_botan_rsa_private_key_t *this, signature_scheme_t scheme, + void *params, chunk_t data, chunk_t *signature) +{ + switch (scheme) + { + case SIGN_RSA_EMSA_PKCS1_NULL: + return botan_get_signature(this->key, "EMSA_PKCS1(Raw)", data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return botan_get_signature(this->key, "EMSA_PKCS1(SHA-1)", data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_224: + return botan_get_signature(this->key, "EMSA_PKCS1(SHA-224)", data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_256: + return botan_get_signature(this->key, "EMSA_PKCS1(SHA-256)", data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_384: + return botan_get_signature(this->key, "EMSA_PKCS1(SHA-384)", data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_512: + return botan_get_signature(this->key, "EMSA_PKCS1(SHA-512)", data, + signature); + case SIGN_RSA_EMSA_PSS: + return build_emsa_pss_signature(this, params, data, signature); + default: + DBG1(DBG_LIB, "signature scheme %N not supported via botan", + signature_scheme_names, scheme); + return FALSE; + } +} + +METHOD(private_key_t, decrypt, bool, + private_botan_rsa_private_key_t *this, encryption_scheme_t scheme, + chunk_t crypto, chunk_t *plain) +{ + botan_pk_op_decrypt_t decrypt_op; + const char *padding; + + switch (scheme) + { + case ENCRYPT_RSA_PKCS1: + padding = "PKCS1v15"; + break; + case ENCRYPT_RSA_OAEP_SHA1: + padding = "OAEP(SHA-1)"; + break; + case ENCRYPT_RSA_OAEP_SHA224: + padding = "OAEP(SHA-224)"; + break; + case ENCRYPT_RSA_OAEP_SHA256: + padding = "OAEP(SHA-256)"; + break; + case ENCRYPT_RSA_OAEP_SHA384: + padding = "OAEP(SHA-384)"; + break; + case ENCRYPT_RSA_OAEP_SHA512: + padding = "OAEP(SHA-512)"; + break; + default: + DBG1(DBG_LIB, "encryption scheme %N not supported via botan", + encryption_scheme_names, scheme); + return FALSE; + } + + if (botan_pk_op_decrypt_create(&decrypt_op, this->key, padding, 0)) + { + return FALSE; + } + + plain->len = 0; + if (botan_pk_op_decrypt_output_length(decrypt_op, crypto.len, &plain->len)) + { + botan_pk_op_decrypt_destroy(decrypt_op); + return FALSE; + } + + *plain = chunk_alloc(plain->len); + if (botan_pk_op_decrypt(decrypt_op, plain->ptr, &plain->len, crypto.ptr, + crypto.len)) + { + chunk_free(plain); + botan_pk_op_decrypt_destroy(decrypt_op); + return FALSE; + } + botan_pk_op_decrypt_destroy(decrypt_op); + return TRUE; +} + +METHOD(private_key_t, get_keysize, int, + private_botan_rsa_private_key_t *this) +{ + botan_mp_t n; + size_t bits = 0; + + if (botan_mp_init(&n)) + { + return 0; + } + + if (botan_privkey_rsa_get_n(n, this->key) || + botan_mp_num_bits(n, &bits)) + { + botan_mp_destroy(n); + return 0; + } + + botan_mp_destroy(n); + return bits; +} + +METHOD(private_key_t, get_public_key, public_key_t*, + private_botan_rsa_private_key_t *this) +{ + botan_pubkey_t pubkey; + + if (botan_privkey_export_pubkey(&pubkey, this->key)) + { + return NULL; + } + return (public_key_t*)botan_rsa_public_key_adopt(pubkey); +} + +METHOD(private_key_t, get_fingerprint, bool, + private_botan_rsa_private_key_t *this, cred_encoding_type_t type, + chunk_t *fingerprint) +{ + botan_pubkey_t pubkey; + bool success = FALSE; + + /* check the cache before doing the export */ + if (lib->encoding->get_cache(lib->encoding, type, this, fingerprint)) + { + return TRUE; + } + + if (botan_privkey_export_pubkey(&pubkey, this->key)) + { + return FALSE; + } + success = botan_get_fingerprint(pubkey, this, type, fingerprint); + botan_pubkey_destroy(pubkey); + return success; +} + +METHOD(private_key_t, get_encoding, bool, + private_botan_rsa_private_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) +{ + return botan_get_privkey_encoding(this->key, type, encoding); +} + +METHOD(private_key_t, get_ref, private_key_t*, + private_botan_rsa_private_key_t *this) +{ + ref_get(&this->ref); + return &this->public.key; +} + +METHOD(private_key_t, destroy, void, + private_botan_rsa_private_key_t *this) +{ + if (ref_put(&this->ref)) + { + lib->encoding->clear_cache(lib->encoding, this); + botan_privkey_destroy(this->key); + free(this); + } +} + +/** + * Internal generic constructor + */ +static private_botan_rsa_private_key_t *create_empty() +{ + private_botan_rsa_private_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .sign = _sign, + .decrypt = _decrypt, + .get_keysize = _get_keysize, + .get_public_key = _get_public_key, + .equals = private_key_equals, + .belongs_to = private_key_belongs_to, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = private_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); + + return this; +} + +/* + * Described in header + */ +botan_rsa_private_key_t *botan_rsa_private_key_adopt(botan_privkey_t key) +{ + private_botan_rsa_private_key_t *this; + + this = create_empty(); + this->key = key; + + return &this->public; +} + +/* + * Described in header + */ +botan_rsa_private_key_t *botan_rsa_private_key_gen(key_type_t type, + va_list args) +{ + private_botan_rsa_private_key_t *this; + botan_rng_t rng; + u_int key_size = 0; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_KEY_SIZE: + key_size = va_arg(args, u_int); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (!key_size) + { + return NULL; + } + + if (botan_rng_init(&rng, "system")) + { + return NULL; + } + + this = create_empty(); + + if (botan_privkey_create_rsa(&this->key, rng, key_size)) + { + botan_rng_destroy(rng); + free(this); + return NULL; + } + botan_rng_destroy(rng); + return &this->public; +} + +/** + * Recover the primes from n, e and d using the algorithm described in + * Appendix C of NIST SP 800-56B. + */ +static bool calculate_pq(botan_mp_t *n, botan_mp_t *e, botan_mp_t *d, + botan_mp_t *p, botan_mp_t *q) +{ + botan_mp_t k = NULL, one = NULL, r = NULL, zero = NULL, two = NULL; + botan_mp_t n1 = NULL, x = NULL, y = NULL, g = NULL, rem = NULL; + botan_rng_t rng = NULL; + int i, t, j; + bool success = FALSE; + + if (botan_mp_init(&k) || + botan_mp_init(&one) || + botan_mp_set_from_int(one, 1)) + { + goto error; + } + + /* 1. k = d * e - 1 */ + if (botan_mp_mul(k, *d, *e) || botan_mp_sub(k, k, one)) + { + goto error; + } + + /* k must be even */ + if (!botan_mp_is_even(k)) + { + goto error; + } + + /* 2. k = 2^t * r, where r is the largest odd integer dividing k, and t >= 1 */ + if (botan_mp_init(&r) || + botan_mp_set_from_mp(r, k)) + { + goto error; + } + + for (t = 0; !botan_mp_is_odd(r); t++) + { + if (botan_mp_rshift(r, r, 1)) + { + goto error; + } + } + + /* need 0 and n-1 below */ + if (botan_mp_init(&zero) || + botan_mp_init(&n1) || + botan_mp_sub(n1, *n, one)) + { + goto error; + } + + if (botan_mp_init(&g)) + { + goto error; + } + + if (botan_rng_init(&rng, "user")) + { + goto error; + } + + if (botan_mp_init(&two)) + { + goto error; + } + + if (botan_mp_set_from_int(two, 2)) + { + goto error; + } + + if (botan_mp_init(&y) || + botan_mp_init(&x)) + { + goto error; + } + + for (i = 0; i < 100; i++) + { + /* 3a. generate a random integer g in the range [0, n-1] */ + if (botan_mp_rand_range(g, rng, zero, n1)) + { + goto error; + } + /* 3b. y = g^r mod n */ + if (botan_mp_powmod(y, g, r, *n)) + { + goto error; + } + + /* 3c. If y = 1 or y = n – 1, try again */ + if (botan_mp_equal(y, one) || botan_mp_equal(y, n1)) + { + continue; + } + + for (j = 0; j < t; j++) + { + /* x = y^2 mod n */ + if (botan_mp_powmod(x, y, two, *n)) + { + goto error; + } + + /* stop if x == 1 */ + if (botan_mp_equal(x, one)) + { + goto done; + } + + /* retry with new g if x = n-1 */ + if (botan_mp_equal(x, n1)) + { + break; + } + + /* let y = x */ + if (botan_mp_set_from_mp(y, x)) + { + goto error; + } + } + } + +done: + /* 5. p = GCD(y – 1, n) and q = n/p */ + if (botan_mp_sub(y, y, one)) + { + goto error; + } + + if (botan_mp_init(p) || + botan_mp_gcd(*p, y, *n)) + { + goto error; + } + + if (botan_mp_init(q) || + botan_mp_init(&rem) || + botan_mp_div(*q, rem, *n, *p)) + { + goto error; + } + + if (!botan_mp_is_zero(rem)) + { + goto error; + } + + success = TRUE; + +error: + if (!success) + { + botan_mp_destroy(*p); + botan_mp_destroy(*q); + } + botan_rng_destroy(rng); + botan_mp_destroy(k); + botan_mp_destroy(one); + botan_mp_destroy(r); + botan_mp_destroy(zero); + botan_mp_destroy(two); + botan_mp_destroy(n1); + botan_mp_destroy(x); + botan_mp_destroy(y); + botan_mp_destroy(g); + botan_mp_destroy(rem); + return success; +} + +/* + * Described in header + */ +botan_rsa_private_key_t *botan_rsa_private_key_load(key_type_t type, + va_list args) +{ + private_botan_rsa_private_key_t *this; + chunk_t n, e, d, p, q, blob; + + n = e = d = p = q = blob = chunk_empty; + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIV_EXP: + d = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME1: + p = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PRIME2: + q = va_arg(args, chunk_t); + continue; + case BUILD_RSA_EXP1: + case BUILD_RSA_EXP2: + case BUILD_RSA_COEFF: + /* not required for botan */ + va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (type == KEY_ANY && !blob.ptr) + { + return NULL; + } + + if (blob.ptr) + { + this = create_empty(); + + if (botan_privkey_load_rsa_pkcs1(&this->key, blob.ptr, blob.len)) + { + free(this); + return NULL; + } + return &this->public; + } + + if (n.ptr && e.ptr && d.ptr) + { + botan_mp_t n_mp, e_mp, d_mp, p_mp, q_mp; + + if (!chunk_to_botan_mp(n, &n_mp)) + { + return NULL; + } + + if (!chunk_to_botan_mp(e, &e_mp)) + { + botan_mp_destroy(n_mp); + return NULL; + } + + if (!chunk_to_botan_mp(d, &d_mp)) + { + botan_mp_destroy(n_mp); + botan_mp_destroy(e_mp); + return NULL; + } + + if (p.ptr && q.ptr) + { + if (!chunk_to_botan_mp(p, &p_mp)) + { + botan_mp_destroy(n_mp); + botan_mp_destroy(e_mp); + botan_mp_destroy(d_mp); + return NULL; + } + + if (!chunk_to_botan_mp(q, &q_mp)) + { + botan_mp_destroy(n_mp); + botan_mp_destroy(e_mp); + botan_mp_destroy(d_mp); + botan_mp_destroy(p_mp); + return NULL; + } + } + else + { + /* calculate p,q from n, e, d */ + if (!calculate_pq(&n_mp, &e_mp, &d_mp, &p_mp, &q_mp)) + { + botan_mp_destroy(n_mp); + botan_mp_destroy(e_mp); + botan_mp_destroy(d_mp); + return NULL; + } + } + botan_mp_destroy(n_mp); + botan_mp_destroy(d_mp); + + this = create_empty(); + + if (botan_privkey_load_rsa(&this->key, p_mp, q_mp, e_mp)) + { + botan_mp_destroy(e_mp); + botan_mp_destroy(p_mp); + botan_mp_destroy(q_mp); + free(this); + return NULL; + } + + botan_mp_destroy(e_mp); + botan_mp_destroy(p_mp); + botan_mp_destroy(q_mp); + + return &this->public; + } + + return NULL; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_rsa_private_key.h b/src/libstrongswan/plugins/botan/botan_rsa_private_key.h new file mode 100644 index 000000000..f0f419c7f --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_rsa_private_key.h @@ -0,0 +1,82 @@ +/* + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_rsa_private_key botan_rsa_private_key + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_RSA_PRIVATE_KEY_H_ +#define BOTAN_RSA_PRIVATE_KEY_H_ + +#include <botan/ffi.h> + +#include <credentials/builder.h> +#include <credentials/keys/private_key.h> + +typedef struct botan_rsa_private_key_t botan_rsa_private_key_t; + +/** + * private_key_t implementation of RSA algorithm using Botan. + */ +struct botan_rsa_private_key_t { + + /** + * Implements private_key_t interface + */ + private_key_t key; +}; + +/** + * Generate a RSA private key using Botan. + * + * Accepts the BUILD_KEY_SIZE argument. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return generated key, NULL on failure + */ +botan_rsa_private_key_t *botan_rsa_private_key_gen(key_type_t type, + va_list args); + +/** + * Load a RSA private key using Botan. + * + * Accepts a BUILD_BLOB_ASN1_DER argument. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +botan_rsa_private_key_t *botan_rsa_private_key_load(key_type_t type, + va_list args); + +/** + * Load a RSA private key by adopting a botan_privkey_t object. + * + * @param key private key object (adopted) + * @return loaded key, NULL on failure + */ +botan_rsa_private_key_t *botan_rsa_private_key_adopt(botan_privkey_t key); + +#endif /** BOTAN_RSA_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_rsa_public_key.c b/src/libstrongswan/plugins/botan/botan_rsa_public_key.c new file mode 100644 index 000000000..c6e2e8861 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_rsa_public_key.c @@ -0,0 +1,376 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_rsa_public_key.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_RSA + +#include "botan_util.h" + +#include <asn1/oid.h> +#include <asn1/asn1.h> +#include <asn1/asn1_parser.h> + +#include <utils/debug.h> + +#include <botan/ffi.h> + +typedef struct private_botan_rsa_public_key_t private_botan_rsa_public_key_t; + +/** + * Private data structure with signing context. + */ +struct private_botan_rsa_public_key_t { + + /** + * Public interface for this signer + */ + botan_rsa_public_key_t public; + + /** + * Botan public key + */ + botan_pubkey_t key; + + /** + * Reference counter + */ + refcount_t ref; +}; + +/** + * Defined in botan_rsa_private_key.c + */ +bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len); + +/** + * Verify RSA signature + */ +static bool verify_rsa_signature(private_botan_rsa_public_key_t *this, + const char* hash_and_padding, chunk_t data, + chunk_t signature) +{ + botan_pk_op_verify_t verify_op; + bool valid = FALSE; + + if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0)) + { + return FALSE; + } + + if (botan_pk_op_verify_update(verify_op, data.ptr, data.len)) + { + botan_pk_op_verify_destroy(verify_op); + return FALSE; + } + + valid = !botan_pk_op_verify_finish(verify_op, signature.ptr, signature.len); + + botan_pk_op_verify_destroy(verify_op); + return valid; +} + +/** + * Verification of an EMSA PSS signature described in PKCS#1 + */ +static bool verify_emsa_pss_signature(private_botan_rsa_public_key_t *this, + rsa_pss_params_t *params, chunk_t data, + chunk_t signature) +{ + char hash_and_padding[BUF_LEN]; + + if (!botan_emsa_pss_identifier(params, hash_and_padding, + sizeof(hash_and_padding))) + { + return FALSE; + } + return verify_rsa_signature(this, hash_and_padding, data, signature); +} + +METHOD(public_key_t, get_type, key_type_t, + private_botan_rsa_public_key_t *this) +{ + return KEY_RSA; +} + +METHOD(public_key_t, verify, bool, + private_botan_rsa_public_key_t *this, signature_scheme_t scheme, + void *params, chunk_t data, chunk_t signature) +{ + switch (scheme) + { + case SIGN_RSA_EMSA_PKCS1_NULL: + return verify_rsa_signature(this, "EMSA_PKCS1(Raw)", data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return verify_rsa_signature(this, "EMSA_PKCS1(SHA-1)", data, + signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_224: + return verify_rsa_signature(this, "EMSA_PKCS1(SHA-224)", + data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_256: + return verify_rsa_signature(this, "EMSA_PKCS1(SHA-256)", + data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_384: + return verify_rsa_signature(this, "EMSA_PKCS1(SHA-384)", + data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA2_512: + return verify_rsa_signature(this, "EMSA_PKCS1(SHA-512)", + data, signature); + case SIGN_RSA_EMSA_PSS: + return verify_emsa_pss_signature(this, params, data, signature); + default: + DBG1(DBG_LIB, "signature scheme %N not supported via botan", + signature_scheme_names, scheme); + return FALSE; + } +} + +METHOD(public_key_t, encrypt, bool, + private_botan_rsa_public_key_t *this, encryption_scheme_t scheme, + chunk_t plain, chunk_t *crypto) +{ + botan_pk_op_encrypt_t encrypt_op; + botan_rng_t rng; + const char* padding; + + switch (scheme) + { + case ENCRYPT_RSA_PKCS1: + padding = "PKCS1v15"; + break; + case ENCRYPT_RSA_OAEP_SHA1: + padding = "OAEP(SHA-1)"; + break; + case ENCRYPT_RSA_OAEP_SHA224: + padding = "OAEP(SHA-224)"; + break; + case ENCRYPT_RSA_OAEP_SHA256: + padding = "OAEP(SHA-256)"; + break; + case ENCRYPT_RSA_OAEP_SHA384: + padding = "OAEP(SHA-384)"; + break; + case ENCRYPT_RSA_OAEP_SHA512: + padding = "OAEP(SHA-512)"; + break; + default: + DBG1(DBG_LIB, "encryption scheme %N not supported via botan", + encryption_scheme_names, scheme); + return FALSE; + } + + if (botan_rng_init(&rng, "user")) + { + return FALSE; + } + + if (botan_pk_op_encrypt_create(&encrypt_op, this->key, padding, 0)) + { + botan_rng_destroy(rng); + return FALSE; + } + + crypto->len = 0; + if (botan_pk_op_encrypt_output_length(encrypt_op, plain.len, &crypto->len)) + { + botan_rng_destroy(rng); + botan_pk_op_encrypt_destroy(encrypt_op); + return FALSE; + } + + *crypto = chunk_alloc(crypto->len); + if (botan_pk_op_encrypt(encrypt_op, rng, crypto->ptr, &crypto->len, + plain.ptr, plain.len)) + { + chunk_free(crypto); + botan_rng_destroy(rng); + botan_pk_op_encrypt_destroy(encrypt_op); + return FALSE; + } + botan_rng_destroy(rng); + botan_pk_op_encrypt_destroy(encrypt_op); + return TRUE; +} + +METHOD(public_key_t, get_keysize, int, + private_botan_rsa_public_key_t *this) +{ + botan_mp_t n; + size_t bits = 0; + + if (botan_mp_init(&n)) + { + return 0; + } + + if (botan_pubkey_rsa_get_n(n, this->key) || + botan_mp_num_bits(n, &bits)) + { + botan_mp_destroy(n); + return 0; + } + + botan_mp_destroy(n); + return bits; +} + +METHOD(public_key_t, get_fingerprint, bool, + private_botan_rsa_public_key_t *this, cred_encoding_type_t type, + chunk_t *fp) +{ + return botan_get_fingerprint(this->key, this, type, fp); +} + +METHOD(public_key_t, get_encoding, bool, + private_botan_rsa_public_key_t *this, cred_encoding_type_t type, + chunk_t *encoding) +{ + return botan_get_encoding(this->key, type, encoding); +} + +METHOD(public_key_t, get_ref, public_key_t*, + private_botan_rsa_public_key_t *this) +{ + ref_get(&this->ref); + return &this->public.key; +} + +METHOD(public_key_t, destroy, void, + private_botan_rsa_public_key_t *this) +{ + if (ref_put(&this->ref)) + { + lib->encoding->clear_cache(lib->encoding, this); + botan_pubkey_destroy(this->key); + free(this); + } +} + +/** + * Internal generic constructor + */ +static private_botan_rsa_public_key_t *create_empty() +{ + private_botan_rsa_public_key_t *this; + + INIT(this, + .public = { + .key = { + .get_type = _get_type, + .verify = _verify, + .encrypt = _encrypt, + .equals = public_key_equals, + .get_keysize = _get_keysize, + .get_fingerprint = _get_fingerprint, + .has_fingerprint = public_key_has_fingerprint, + .get_encoding = _get_encoding, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + ); + + return this; +} + +/* + * Described in header + */ +botan_rsa_public_key_t *botan_rsa_public_key_adopt(botan_pubkey_t key) +{ + private_botan_rsa_public_key_t *this; + + this = create_empty(); + this->key = key; + + return &this->public; +} + +/* + * Described in header + */ +botan_rsa_public_key_t *botan_rsa_public_key_load(key_type_t type, + va_list args) +{ + private_botan_rsa_public_key_t *this = NULL; + chunk_t n, e; + + n = e = chunk_empty; + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_RSA_MODULUS: + n = va_arg(args, chunk_t); + continue; + case BUILD_RSA_PUB_EXP: + e = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (n.ptr && e.ptr && type == KEY_RSA) + { + botan_mp_t mp_n, mp_e; + + if (!chunk_to_botan_mp(n, &mp_n)) + { + return NULL; + } + + if (!chunk_to_botan_mp(e, &mp_e)) + { + botan_mp_destroy(mp_n); + return NULL; + } + + this = create_empty(); + + if (botan_pubkey_load_rsa(&this->key, mp_n, mp_e)) + { + botan_mp_destroy(mp_n); + botan_mp_destroy(mp_e); + free(this); + return NULL; + } + + botan_mp_destroy(mp_n); + botan_mp_destroy(mp_e); + } + + return &this->public; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_rsa_public_key.h b/src/libstrongswan/plugins/botan/botan_rsa_public_key.h new file mode 100644 index 000000000..1d80df9ff --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_rsa_public_key.h @@ -0,0 +1,72 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_rsa_public_key botan_rsa_public_key + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_RSA_PUBLIC_KEY_H_ +#define BOTAN_RSA_PUBLIC_KEY_H_ + +#include <botan/ffi.h> + +#include <credentials/keys/public_key.h> + +typedef struct botan_rsa_public_key_t botan_rsa_public_key_t; + +/** + * public_key_t implementation of RSA algorithm using Botan. + */ +struct botan_rsa_public_key_t { + + /** + * Implements the public_key_t interface + */ + public_key_t key; +}; + +/** + * Load a RSA public key using Botan. + * + * Accepts a BUILD_RSA_MODULUS/BUILD_RSA_PUB_EXP arguments. + * + * @param type type of the key, must be KEY_RSA + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +botan_rsa_public_key_t *botan_rsa_public_key_load(key_type_t type, + va_list args); + +/** + * Load a RSA public key by adopting a botan_pubkey_t object. + * + * @param key public key object (adopted) + * @return loaded key, NULL on failure + */ +botan_rsa_public_key_t *botan_rsa_public_key_adopt(botan_pubkey_t key); + +#endif /** BOTAN_RSA_PUBLIC_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_util.c b/src/libstrongswan/plugins/botan/botan_util.c new file mode 100644 index 000000000..5e18405d7 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_util.c @@ -0,0 +1,280 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_util.h" + +#include <utils/debug.h> + +#include <botan/ffi.h> + +/* + * Described in header + */ +bool chunk_to_botan_mp(chunk_t value, botan_mp_t *mp) +{ + if (botan_mp_init(mp)) + { + return FALSE; + } + + if (botan_mp_from_bin(*mp, value.ptr, value.len)) + { + botan_mp_destroy(*mp); + return FALSE; + } + return TRUE; +} + +/* + * Described in header + */ +const char *botan_get_hash(hash_algorithm_t hash) +{ + switch (hash) + { + case HASH_MD5: + return "MD5"; + case HASH_SHA1: + return "SHA-1"; + case HASH_SHA224: + return "SHA-224"; + case HASH_SHA256: + return "SHA-256"; + case HASH_SHA384: + return "SHA-384"; + case HASH_SHA512: + return "SHA-512"; + default: + return NULL; + } +} + +/* + * Described in header + */ +bool botan_get_encoding(botan_pubkey_t pubkey, cred_encoding_type_t type, + chunk_t *encoding) +{ + bool success = TRUE; + + encoding->len = 0; + if (botan_pubkey_export(pubkey, NULL, &encoding->len, + BOTAN_PRIVKEY_EXPORT_FLAG_DER) + != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE) + { + return FALSE; + } + + *encoding = chunk_alloc(encoding->len); + if (botan_pubkey_export(pubkey, encoding->ptr, &encoding->len, + BOTAN_PRIVKEY_EXPORT_FLAG_DER)) + { + chunk_free(encoding); + return FALSE; + } + + if (type != PUBKEY_SPKI_ASN1_DER) + { + chunk_t asn1_encoding = *encoding; + + success = lib->encoding->encode(lib->encoding, type, NULL, encoding, + CRED_PART_ECDSA_PUB_ASN1_DER, + asn1_encoding, CRED_PART_END); + chunk_free(&asn1_encoding); + } + return success; +} + +/* + * Described in header + */ +bool botan_get_privkey_encoding(botan_privkey_t key, cred_encoding_type_t type, + chunk_t *encoding) +{ + uint32_t format = BOTAN_PRIVKEY_EXPORT_FLAG_DER; + + switch (type) + { + case PRIVKEY_PEM: + format = BOTAN_PRIVKEY_EXPORT_FLAG_PEM; + /* fall-through */ + case PRIVKEY_ASN1_DER: + encoding->len = 0; + if (botan_privkey_export(key, NULL, &encoding->len, format) + != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE) + { + return FALSE; + } + *encoding = chunk_alloc(encoding->len); + if (botan_privkey_export(key, encoding->ptr, &encoding->len, + format)) + { + chunk_free(encoding); + return FALSE; + } + return TRUE; + default: + return FALSE; + } +} + +/* + * Described in header + */ +bool botan_get_fingerprint(botan_pubkey_t pubkey, void *cache, + cred_encoding_type_t type, chunk_t *fp) +{ + hasher_t *hasher; + chunk_t key; + + if (cache && + lib->encoding->get_cache(lib->encoding, type, cache, fp)) + { + return TRUE; + } + + switch (type) + { + case KEYID_PUBKEY_SHA1: + /* subjectPublicKey -> use botan_pubkey_fingerprint() */ + *fp = chunk_alloc(HASH_SIZE_SHA1); + if (botan_pubkey_fingerprint(pubkey, "SHA-1", fp->ptr, &fp->len)) + { + chunk_free(fp); + return FALSE; + } + break; + case KEYID_PUBKEY_INFO_SHA1: + /* subjectPublicKeyInfo -> use botan_pubkey_export(), then hash */ + if (!botan_get_encoding(pubkey, PUBKEY_SPKI_ASN1_DER, &key)) + { + return FALSE; + } + + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (!hasher || !hasher->allocate_hash(hasher, key, fp)) + { + DBG1(DBG_LIB, "SHA1 hash algorithm not supported, " + "fingerprinting failed"); + DESTROY_IF(hasher); + chunk_free(&key); + return FALSE; + } + hasher->destroy(hasher); + chunk_free(&key); + break; + default: + return FALSE; + } + + if (cache) + { + lib->encoding->cache(lib->encoding, type, cache, *fp); + } + return TRUE; +} + +/* + * Described in header + */ +bool botan_get_signature(botan_privkey_t key, const char *scheme, + chunk_t data, chunk_t *signature) +{ + botan_pk_op_sign_t sign_op; + botan_rng_t rng; + + if (!scheme || !signature) + { + return FALSE; + } + + if (botan_pk_op_sign_create(&sign_op, key, scheme, 0)) + { + return FALSE; + } + + if (botan_pk_op_sign_update(sign_op, data.ptr, data.len)) + { + botan_pk_op_sign_destroy(sign_op); + return FALSE; + } + + signature->len = 0; + if (botan_pk_op_sign_output_length(sign_op, &signature->len)) + { + botan_pk_op_sign_destroy(sign_op); + return FALSE; + } + + if (botan_rng_init(&rng, "user")) + { + botan_pk_op_sign_destroy(sign_op); + return FALSE; + } + + *signature = chunk_alloc(signature->len); + if (botan_pk_op_sign_finish(sign_op, rng, signature->ptr, &signature->len)) + { + chunk_free(signature); + botan_rng_destroy(rng); + botan_pk_op_sign_destroy(sign_op); + return FALSE; + } + + botan_rng_destroy(rng); + botan_pk_op_sign_destroy(sign_op); + return TRUE; +} + +/* + * Described in header + */ +bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret) +{ + botan_pk_op_ka_t ka; + + if (botan_pk_op_key_agreement_create(&ka, key, "Raw", 0)) + { + return FALSE; + } + + if (botan_pk_op_key_agreement_size(ka, &secret->len)) + { + botan_pk_op_key_agreement_destroy(ka); + return FALSE; + } + + *secret = chunk_alloc(secret->len); + if (botan_pk_op_key_agreement(ka, secret->ptr, &secret->len, pub.ptr, + pub.len, NULL, 0)) + { + chunk_clear(secret); + botan_pk_op_key_agreement_destroy(ka); + return FALSE; + } + botan_pk_op_key_agreement_destroy(ka); + return TRUE; +} diff --git a/src/libstrongswan/plugins/botan/botan_util.h b/src/libstrongswan/plugins/botan/botan_util.h new file mode 100644 index 000000000..08830356e --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_util.h @@ -0,0 +1,116 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2018 René Korthaus + * Rohde & Schwarz Cybersecurity GmbH + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_util botan_util + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_UTIL_H_ +#define BOTAN_UTIL_H_ + +#include <library.h> + +#include <botan/ffi.h> + +/** + * Converts chunk_t to botan_mp_t. + * + * @param value chunk to convert + * @param mp allocated botan_mp_t + * @return TRUE if conversion successful + */ +bool chunk_to_botan_mp(chunk_t value, botan_mp_t *mp); + +/** + * Get the Botan string identifier for the given hash algorithm. + * + * @param hash hash algorithm + * @return Botan string identifier, NULL if not found + */ +const char *botan_get_hash(hash_algorithm_t hash); + +/** + * Get the encoding of a botan_pubkey_t. + * + * @param pubkey public key object + * @param type encoding type + * @param encoding allocated encoding + * @return TRUE if encoding successful + */ +bool botan_get_encoding(botan_pubkey_t pubkey, cred_encoding_type_t type, + chunk_t *encoding); + +/** + * Get the encoding of a botan_privkey_t. + * + * @param key private key object + * @param type encoding type + * @param encoding allocated encoding + * @return TRUE if encoding successful + */ +bool botan_get_privkey_encoding(botan_privkey_t key, cred_encoding_type_t type, + chunk_t *encoding); + +/** + * Get the fingerprint of a botan_pubkey_t. + * + * @param pubkey public key object + * @param cache key to use for caching, NULL to not cache + * @param type fingerprint type + * @param fp allocated fingerprint + * @return TRUE if fingerprinting successful + */ +bool botan_get_fingerprint(botan_pubkey_t pubkey, void *cache, + cred_encoding_type_t type, chunk_t *fp); + +/** + * Sign the given data using the provided key with the specified signature + * scheme (hash/padding). + * + * @param key private key object + * @param scheme hash/padding algorithm + * @param data data to sign + * @param signature allocated signature + * @return TRUE if signature successfully created + */ +bool botan_get_signature(botan_privkey_t key, const char *scheme, + chunk_t data, chunk_t *signature); + +/** + * Do the Diffie-Hellman key derivation using the given private key and public + * value. + * + * Note that the public value is not verified in this function. + * + * @param key DH private key + * @param pub other's public value + * @param secret the derived secret (allocated on success) + * @return TRUE if derivation was successful + */ +bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret); + +#endif /** BOTAN_UTIL_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_util_keys.c b/src/libstrongswan/plugins/botan/botan_util_keys.c new file mode 100644 index 000000000..176c2caf9 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_util_keys.c @@ -0,0 +1,211 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_util_keys.h" +#include "botan_ec_public_key.h" +#include "botan_ec_private_key.h" +#include "botan_rsa_public_key.h" +#include "botan_rsa_private_key.h" + +#include <asn1/asn1.h> +#include <asn1/oid.h> + +/** + * Get the algorithm name of a public key + */ +static char *get_algo_name(botan_pubkey_t pubkey) +{ + char *name; + size_t len = 0; + + if (botan_pubkey_algo_name(pubkey, NULL, &len) + != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE) + { + return NULL; + } + + name = malloc(len); + if (botan_pubkey_algo_name(pubkey, name, &len)) + { + free(name); + return NULL; + } + return name; +} + +/* + * Described in header + */ +public_key_t *botan_public_key_load(key_type_t type, va_list args) +{ + public_key_t *this = NULL; + botan_pubkey_t pubkey; + chunk_t blob = chunk_empty; + botan_rng_t rng; + char *name; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (botan_rng_init(&rng, "user")) + { + return NULL; + } + if (botan_pubkey_load(&pubkey, blob.ptr, blob.len)) + { + botan_rng_destroy(rng); + return NULL; + } + if (botan_pubkey_check_key(pubkey, rng, BOTAN_CHECK_KEY_EXPENSIVE_TESTS)) + { + DBG1(DBG_LIB, "public key failed key checks"); + botan_pubkey_destroy(pubkey); + botan_rng_destroy(rng); + return NULL; + } + botan_rng_destroy(rng); + + name = get_algo_name(pubkey); + if (!name) + { + botan_pubkey_destroy(pubkey); + return NULL; + } + + if (streq(name, "RSA") && (type == KEY_ANY || type == KEY_RSA)) + { + this = (public_key_t*)botan_rsa_public_key_adopt(pubkey); + } + else if (streq(name, "ECDSA") && (type == KEY_ANY || type == KEY_ECDSA)) + { + this = (public_key_t*)botan_ec_public_key_adopt(pubkey); + } + else + { + botan_pubkey_destroy(pubkey); + } + free(name); + return this; +} + +/** + * Determine the curve OID from a PKCS#8 structure + */ +static int determine_ec_oid(chunk_t pkcs8) +{ + int oid = OID_UNKNOWN; + chunk_t inner, params = chunk_empty; + + if (asn1_unwrap(&pkcs8, &pkcs8) == ASN1_SEQUENCE && + asn1_unwrap(&pkcs8, &inner) == ASN1_INTEGER && + asn1_parse_integer_uint64(inner) == 0 && + asn1_parse_algorithmIdentifier(pkcs8, 0, ¶ms) == OID_EC_PUBLICKEY && + params.len && + asn1_unwrap(¶ms, ¶ms) == ASN1_OID) + { + oid = asn1_known_oid(params); + } + return oid; +} + +/* + * Described in header + */ +private_key_t *botan_private_key_load(key_type_t type, va_list args) +{ + private_key_t *this = NULL; + botan_privkey_t key; + botan_pubkey_t pubkey; + chunk_t blob = chunk_empty; + botan_rng_t rng; + char *name; + int oid; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (botan_rng_init(&rng, "user")) + { + return NULL; + } + if (botan_privkey_load(&key, rng, blob.ptr, blob.len, NULL)) + { + botan_rng_destroy(rng); + return NULL; + } + botan_rng_destroy(rng); + + if (botan_privkey_export_pubkey(&pubkey, key)) + { + botan_privkey_destroy(key); + return NULL; + } + name = get_algo_name(pubkey); + botan_pubkey_destroy(pubkey); + if (!name) + { + return NULL; + } + if (streq(name, "RSA") && (type == KEY_ANY || type == KEY_RSA)) + { + this = (private_key_t*)botan_rsa_private_key_adopt(key); + } + else if (streq(name, "ECDSA") && (type == KEY_ANY || type == KEY_ECDSA)) + { + oid = determine_ec_oid(blob); + if (oid != OID_UNKNOWN) + { + this = (private_key_t*)botan_ec_private_key_adopt(key, oid); + } + } + if (!this) + { + botan_privkey_destroy(key); + } + free(name); + return this; +} diff --git a/src/libstrongswan/plugins/botan/botan_util_keys.h b/src/libstrongswan/plugins/botan/botan_util_keys.h new file mode 100644 index 000000000..f05f7ce5e --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_util_keys.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * Helper functions to load public and private keys in a generic way + * + * @defgroup botan_util_keys botan_util_keys + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_UTIL_KEYS_H_ +#define BOTAN_UTIL_KEYS_H_ + +#include <botan/ffi.h> + +#include <credentials/keys/public_key.h> +#include <credentials/keys/private_key.h> + +/** + * Load a public key in subjectPublicKeyInfo encoding + * + * Accepts a BUILD_BLOB_ASN1_DER argument. + * + * @param type type of the key + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +public_key_t *botan_public_key_load(key_type_t type, va_list args); + +/** + * Load a private key in PKCS#8 encoding + * + * Accepts a BUILD_BLOB_ASN1_DER argument. + * + * @param type type of the key + * @param args builder_part_t argument list + * @return loaded key, NULL on failure + */ +private_key_t *botan_private_key_load(key_type_t type, va_list args); + +#endif /** BOTAN_UTIL_KEYS_H_ @}*/ diff --git a/src/libstrongswan/plugins/botan/botan_x25519.c b/src/libstrongswan/plugins/botan/botan_x25519.c new file mode 100644 index 000000000..519f29f55 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_x25519.c @@ -0,0 +1,176 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "botan_x25519.h" + +#include <botan/build.h> + +#ifdef BOTAN_HAS_X25519 + +#include "botan_util.h" + +#include <utils/debug.h> + +#include <botan/ffi.h> + +typedef struct private_diffie_hellman_t private_diffie_hellman_t; + +/** + * Private data + */ +struct private_diffie_hellman_t { + + /** + * Public interface + */ + diffie_hellman_t public; + + /** + * Private key + */ + botan_privkey_t key; + + /** + * Shared secret + */ + chunk_t shared_secret; +}; + +METHOD(diffie_hellman_t, set_other_public_value, bool, + private_diffie_hellman_t *this, chunk_t value) +{ + if (!diffie_hellman_verify_value(CURVE_25519, value)) + { + return FALSE; + } + + chunk_clear(&this->shared_secret); + + return botan_dh_key_derivation(this->key, value, &this->shared_secret); +} + +METHOD(diffie_hellman_t, get_my_public_value, bool, + private_diffie_hellman_t *this, chunk_t *value) +{ + value->len = 0; + if (botan_pk_op_key_agreement_export_public(this->key, NULL, &value->len) + != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE) + { + return FALSE; + } + + *value = chunk_alloc(value->len); + if (botan_pk_op_key_agreement_export_public(this->key, value->ptr, + &value->len)) + { + chunk_free(value); + return FALSE; + } + return TRUE; +} + +METHOD(diffie_hellman_t, set_private_value, bool, + private_diffie_hellman_t *this, chunk_t value) +{ + if (value.len != 32) + { + return FALSE; + } + + chunk_clear(&this->shared_secret); + + if (botan_privkey_destroy(this->key)) + { + return FALSE; + } + + if (botan_privkey_load_x25519(&this->key, value.ptr)) + { + return FALSE; + } + return TRUE; +} + +METHOD(diffie_hellman_t, get_shared_secret, bool, + private_diffie_hellman_t *this, chunk_t *secret) +{ + if (!this->shared_secret.len) + { + return FALSE; + } + *secret = chunk_clone(this->shared_secret); + return TRUE; +} + +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_diffie_hellman_t *this) +{ + return CURVE_25519; +} + +METHOD(diffie_hellman_t, destroy, void, + private_diffie_hellman_t *this) +{ + botan_privkey_destroy(this->key); + chunk_clear(&this->shared_secret); + free(this); +} + +/* + * Described in header + */ +diffie_hellman_t *botan_x25519_create(diffie_hellman_group_t group) +{ + private_diffie_hellman_t *this; + botan_rng_t rng; + + INIT(this, + .public = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .set_private_value = _set_private_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + ); + + if (botan_rng_init(&rng, "user")) + { + free(this); + return NULL; + } + + if (botan_privkey_create_ecdh(&this->key, rng, "curve25519")) + { + DBG1(DBG_LIB, "x25519 private key generation failed"); + botan_rng_destroy(rng); + free(this); + return NULL; + } + + botan_rng_destroy(rng); + return &this->public; +} + +#endif diff --git a/src/libstrongswan/plugins/botan/botan_x25519.h b/src/libstrongswan/plugins/botan/botan_x25519.h new file mode 100644 index 000000000..e95d6cde4 --- /dev/null +++ b/src/libstrongswan/plugins/botan/botan_x25519.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup botan_x25519 botan_x25519 + * @{ @ingroup botan_p + */ + +#ifndef BOTAN_X25519_H_ +#define BOTAN_X25519_H_ + +#include <library.h> + +/** + * Creates a new X25519 implementation using Botan. + * + * @param group DH group, must be CURVE_25519 + * @return object, NULL if not supported + */ +diffie_hellman_t *botan_x25519_create(diffie_hellman_group_t group); + +#endif /** BOTAN_X25519_H_ @}*/ diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index 07eb457d5..f95094d8b 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in index 09cbddee7..b57b78200 100644 --- a/src/libstrongswan/plugins/chapoly/Makefile.in +++ b/src/libstrongswan/plugins/chapoly/Makefile.in @@ -325,7 +325,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -351,6 +350,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -371,8 +372,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -427,8 +426,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -457,8 +454,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in index 234a54cc2..0228adc25 100644 --- a/src/libstrongswan/plugins/cmac/Makefile.in +++ b/src/libstrongswan/plugins/cmac/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in index 82f82ca2d..56754db88 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.in +++ b/src/libstrongswan/plugins/constraints/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index 7c3012301..b5226d684 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index 0928dee1c..18c6b7f94 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/curve25519/Makefile.in b/src/libstrongswan/plugins/curve25519/Makefile.in index cb8bb3405..5b8b45e26 100644 --- a/src/libstrongswan/plugins/curve25519/Makefile.in +++ b/src/libstrongswan/plugins/curve25519/Makefile.in @@ -317,7 +317,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -343,6 +342,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -363,8 +364,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -419,8 +418,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -449,8 +446,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index 5ffa778cd..df4d5d657 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index 37799583a..3e8efa37b 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in index 87b66df04..2bb55f6de 100644 --- a/src/libstrongswan/plugins/files/Makefile.in +++ b/src/libstrongswan/plugins/files/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index aa0bd5fa8..096e61214 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index da118ce57..304f4fcd4 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.c b/src/libstrongswan/plugins/gcm/gcm_aead.c index e9a072461..513dc2a9b 100644 --- a/src/libstrongswan/plugins/gcm/gcm_aead.c +++ b/src/libstrongswan/plugins/gcm/gcm_aead.c @@ -62,7 +62,7 @@ struct private_gcm_aead_t { }; /** - * Find a suiteable word size and network order conversion functions + * Find a suitable word size and network order conversion functions */ #if ULONG_MAX == 18446744073709551615UL && defined(htobe64) # define htobeword htobe64 diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index 3ed4a910f..dab9f6f1b 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c index f59144a86..b57f05e3a 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c @@ -195,8 +195,8 @@ METHOD(diffie_hellman_t, destroy, void, /* * Generic internal constructor */ -gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len, - chunk_t g, chunk_t p) +static gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len, + chunk_t g, chunk_t p) { private_gcrypt_dh_t *this; gcry_error_t err; diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index 11aef42f0..a74d76201 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index 241ef7d3b..e9a83fdf4 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 Tobias Brunner + * Copyright (C) 2017-2018 Tobias Brunner * Copyright (C) 2005 Jan Hutter * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2012 Andreas Steffen @@ -264,14 +264,15 @@ static chunk_t rsasp1(private_gmp_rsa_private_key_t *this, chunk_t data) } /** - * Build a signature using the PKCS#1 EMSA scheme + * Hashes the data and builds the plaintext signature value with EMSA + * PKCS#1 v1.5 padding. + * + * Allocates the signature data. */ -static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, - hash_algorithm_t hash_algorithm, - chunk_t data, chunk_t *signature) +bool gmp_emsa_pkcs1_signature_data(hash_algorithm_t hash_algorithm, + chunk_t data, size_t keylen, chunk_t *em) { chunk_t digestInfo = chunk_empty; - chunk_t em; if (hash_algorithm != HASH_UNKNOWN) { @@ -295,43 +296,56 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, /* build DER-encoded digestInfo */ digestInfo = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_algorithmIdentifier(hash_oid), - asn1_simple_object(ASN1_OCTET_STRING, hash) - ); - chunk_free(&hash); + asn1_wrap(ASN1_OCTET_STRING, "m", hash)); + data = digestInfo; } - if (data.len > this->k - 3) + if (data.len > keylen - 11) { - free(digestInfo.ptr); - DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len, - mpz_sizeinbase(this->n, 2)); + chunk_free(&digestInfo); + DBG1(DBG_LIB, "signature value of %zu bytes is too long for key of " + "%zu bytes", data.len, keylen); return FALSE; } - /* build chunk to rsa-decrypt: - * EM = 0x00 || 0x01 || PS || 0x00 || T. - * PS = 0xFF padding, with length to fill em + /* EM = 0x00 || 0x01 || PS || 0x00 || T. + * PS = 0xFF padding, with length to fill em (at least 8 bytes) * T = encoded_hash */ - em.len = this->k; - em.ptr = malloc(em.len); + *em = chunk_alloc(keylen); /* fill em with padding */ - memset(em.ptr, 0xFF, em.len); + memset(em->ptr, 0xFF, em->len); /* set magic bytes */ - *(em.ptr) = 0x00; - *(em.ptr+1) = 0x01; - *(em.ptr + em.len - data.len - 1) = 0x00; - /* set DER-encoded hash */ - memcpy(em.ptr + em.len - data.len, data.ptr, data.len); + *(em->ptr) = 0x00; + *(em->ptr+1) = 0x01; + *(em->ptr + em->len - data.len - 1) = 0x00; + /* set encoded hash */ + memcpy(em->ptr + em->len - data.len, data.ptr, data.len); + + chunk_clear(&digestInfo); + return TRUE; +} + +/** + * Build a signature using the PKCS#1 EMSA scheme + */ +static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this, + hash_algorithm_t hash_algorithm, + chunk_t data, chunk_t *signature) +{ + chunk_t em; + + if (!gmp_emsa_pkcs1_signature_data(hash_algorithm, data, this->k, &em)) + { + return FALSE; + } /* build signature */ *signature = rsasp1(this, em); - free(digestInfo.ptr); - free(em.ptr); - + chunk_free(&em); return TRUE; } diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index 52bc9fb38..9b5ee67fa 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 Tobias Brunner + * Copyright (C) 2017-2018 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter * HSR Hochschule fuer Technik Rapperswil @@ -70,7 +70,9 @@ struct private_gmp_rsa_public_key_t { /** * Shared functions defined in gmp_rsa_private_key.c */ -extern chunk_t gmp_mpz_to_chunk(const mpz_t value); +chunk_t gmp_mpz_to_chunk(const mpz_t value); +bool gmp_emsa_pkcs1_signature_data(hash_algorithm_t hash_algorithm, + chunk_t data, size_t keylen, chunk_t *em); /** * RSAEP algorithm specified in PKCS#1. @@ -115,26 +117,13 @@ static chunk_t rsavp1(private_gmp_rsa_public_key_t *this, chunk_t data) } /** - * ASN.1 definition of digestInfo - */ -static const asn1Object_t digestInfoObjects[] = { - { 0, "digestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ - { 1, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 1 */ - { 1, "digest", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } -}; -#define DIGEST_INFO 0 -#define DIGEST_INFO_ALGORITHM 1 -#define DIGEST_INFO_DIGEST 2 - -/** * Verification of an EMSA PKCS1 signature described in PKCS#1 */ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, hash_algorithm_t algorithm, chunk_t data, chunk_t signature) { - chunk_t em_ori, em; + chunk_t em_expected, em; bool success = FALSE; /* remove any preceding 0-bytes from signature */ @@ -148,140 +137,19 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, return FALSE; } - /* unpack signature */ - em_ori = em = rsavp1(this, signature); - - /* result should look like this: - * EM = 0x00 || 0x01 || PS || 0x00 || T. - * PS = 0xFF padding, with length to fill em - * T = oid || hash - */ - - /* check magic bytes */ - if (em.len < 2 || *(em.ptr) != 0x00 || *(em.ptr+1) != 0x01) + /* generate expected signature value */ + if (!gmp_emsa_pkcs1_signature_data(algorithm, data, this->k, &em_expected)) { - goto end; - } - em = chunk_skip(em, 2); - - /* find magic 0x00 */ - while (em.len > 0) - { - if (*em.ptr == 0x00) - { - /* found magic byte, stop */ - em = chunk_skip(em, 1); - break; - } - else if (*em.ptr != 0xFF) - { - /* bad padding, decryption failed ?!*/ - goto end; - } - em = chunk_skip(em, 1); - } - - if (em.len == 0) - { - /* no digestInfo found */ - goto end; - } - - if (algorithm == HASH_UNKNOWN) - { /* IKEv1 signatures without digestInfo */ - if (em.len != data.len) - { - DBG1(DBG_LIB, "hash size in signature is %u bytes instead of" - " %u bytes", em.len, data.len); - goto end; - } - success = memeq_const(em.ptr, data.ptr, data.len); + return FALSE; } - else - { /* IKEv2 and X.509 certificate signatures */ - asn1_parser_t *parser; - chunk_t object; - int objectID; - hash_algorithm_t hash_algorithm = HASH_UNKNOWN; - - DBG2(DBG_LIB, "signature verification:"); - parser = asn1_parser_create(digestInfoObjects, em); - while (parser->iterate(parser, &objectID, &object)) - { - switch (objectID) - { - case DIGEST_INFO: - { - if (em.len > object.len) - { - DBG1(DBG_LIB, "digestInfo field in signature is" - " followed by %u surplus bytes", - em.len - object.len); - goto end_parser; - } - break; - } - case DIGEST_INFO_ALGORITHM: - { - int hash_oid = asn1_parse_algorithmIdentifier(object, - parser->get_level(parser)+1, NULL); - - hash_algorithm = hasher_algorithm_from_oid(hash_oid); - if (hash_algorithm == HASH_UNKNOWN || hash_algorithm != algorithm) - { - DBG1(DBG_LIB, "expected hash algorithm %N, but found" - " %N (OID: %#B)", hash_algorithm_names, algorithm, - hash_algorithm_names, hash_algorithm, &object); - goto end_parser; - } - break; - } - case DIGEST_INFO_DIGEST: - { - chunk_t hash; - hasher_t *hasher; - - hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm); - if (hasher == NULL) - { - DBG1(DBG_LIB, "hash algorithm %N not supported", - hash_algorithm_names, hash_algorithm); - goto end_parser; - } - - if (object.len != hasher->get_hash_size(hasher)) - { - DBG1(DBG_LIB, "hash size in signature is %u bytes" - " instead of %u bytes", object.len, - hasher->get_hash_size(hasher)); - hasher->destroy(hasher); - goto end_parser; - } - - /* build our own hash and compare */ - if (!hasher->allocate_hash(hasher, data, &hash)) - { - hasher->destroy(hasher); - goto end_parser; - } - hasher->destroy(hasher); - success = memeq_const(object.ptr, hash.ptr, hash.len); - free(hash.ptr); - break; - } - default: - break; - } - } + /* unpack signature */ + em = rsavp1(this, signature); -end_parser: - success &= parser->success(parser); - parser->destroy(parser); - } + success = chunk_equals_const(em_expected, em); -end: - free(em_ori.ptr); + chunk_free(&em_expected); + chunk_free(&em); return success; } diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index 8de79663e..9f1f12601 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in index 6573b311d..6ec8dc755 100644 --- a/src/libstrongswan/plugins/keychain/Makefile.in +++ b/src/libstrongswan/plugins/keychain/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 324157bc0..7582e2147 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index 111f53239..e3ec9866c 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index 1a41f73ea..ec49f9540 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/mgf1/Makefile.in b/src/libstrongswan/plugins/mgf1/Makefile.in index fd69f4042..36ebc1c67 100644 --- a/src/libstrongswan/plugins/mgf1/Makefile.in +++ b/src/libstrongswan/plugins/mgf1/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index 114507eeb..0b58efb22 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/newhope/Makefile.in b/src/libstrongswan/plugins/newhope/Makefile.in index 81c10d5c9..cd618382e 100644 --- a/src/libstrongswan/plugins/newhope/Makefile.in +++ b/src/libstrongswan/plugins/newhope/Makefile.in @@ -319,7 +319,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -345,6 +344,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -365,8 +366,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -421,8 +420,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -451,8 +448,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/newhope/newhope_ke.c b/src/libstrongswan/plugins/newhope/newhope_ke.c index 72b7e034c..463276215 100644 --- a/src/libstrongswan/plugins/newhope/newhope_ke.c +++ b/src/libstrongswan/plugins/newhope/newhope_ke.c @@ -306,7 +306,7 @@ METHOD(diffie_hellman_t, get_my_public_value, bool, rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (!rng) { - DBG1(DBG_LIB, "could not instatiate random source"); + DBG1(DBG_LIB, "could not instantiate random source"); return FALSE; } if (!rng->get_bytes(rng, seed_len, a_seed.ptr)) @@ -463,7 +463,7 @@ METHOD(diffie_hellman_t, set_other_public_value, bool, rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (!rng) { - DBG1(DBG_LIB, "could not instatiate random source"); + DBG1(DBG_LIB, "could not instantiate random source"); goto end; } if (!rng->get_bytes(rng, seed_len, noise_seed.ptr)) diff --git a/src/libstrongswan/plugins/newhope/tests/Makefile.in b/src/libstrongswan/plugins/newhope/tests/Makefile.in index 114035a4a..40961880c 100644 --- a/src/libstrongswan/plugins/newhope/tests/Makefile.in +++ b/src/libstrongswan/plugins/newhope/tests/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in index 0e24d4861..d9243ac62 100644 --- a/src/libstrongswan/plugins/nonce/Makefile.in +++ b/src/libstrongswan/plugins/nonce/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in index cdfee525b..75f6abda9 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.in +++ b/src/libstrongswan/plugins/ntru/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.h b/src/libstrongswan/plugins/ntru/ntru_drbg.h index 3fee1800b..31c12e42c 100644 --- a/src/libstrongswan/plugins/ntru/ntru_drbg.h +++ b/src/libstrongswan/plugins/ntru/ntru_drbg.h @@ -71,7 +71,7 @@ struct ntru_drbg_t { }; /** - * Create and instantiate a new DRBG objet. + * Create and instantiate a new DRBG object. * * @param strength security strength in bits * @param pers_str personalization string diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_poly.h index 765b72bdd..642384feb 100644 --- a/src/libstrongswan/plugins/ntru/ntru_poly.h +++ b/src/libstrongswan/plugins/ntru/ntru_poly.h @@ -49,7 +49,7 @@ struct ntru_poly_t { void (*get_array)(ntru_poly_t *this, uint16_t *array); /** - * Multiply polynomial a with ntru_poly_t object b having sparse coeffients + * Multiply polynomial a with ntru_poly_t object b having sparse coefficients * to form result polynomial c = a * b * * @param a input polynomial a diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index 856055c6a..0fa8142a6 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -320,7 +320,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -346,6 +345,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -366,8 +367,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -422,8 +421,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -452,8 +449,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 02a022d03..a1460d993 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index 37917d441..1c6d0cfd6 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index 10eb82619..af23b3058 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index ae24d4085..c2648d86c 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c index 967e501d1..c934f0b1d 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c @@ -271,7 +271,8 @@ end: * } * * While the parameters and publicKey fields are OPTIONAL, RFC 5915 says that - * parameters MUST be included and publicKey SHOULD be. + * parameters MUST be included (an errata clarifies this, so this is only the + * case for plain private keys, not encoded in PKCS#8) and publicKey SHOULD be. */ static bool is_ec_private_key(chunk_t blob) { @@ -281,7 +282,8 @@ static bool is_ec_private_key(chunk_t blob) asn1_parse_integer_uint64(data) == 1 && asn1_unwrap(&blob, &data) == ASN1_OCTET_STRING && asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_0 && - asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1; + asn1_unwrap(&data, &data) == ASN1_OID && + (!blob.len || (asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1)); } /** diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index 00d5a6a5d..8eec72903 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -341,6 +340,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -361,8 +362,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -417,8 +416,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -447,8 +444,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in index 6bb1b9a36..d47a1906c 100644 --- a/src/libstrongswan/plugins/pkcs12/Makefile.in +++ b/src/libstrongswan/plugins/pkcs12/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in index f56df39d1..1539e57d7 100644 --- a/src/libstrongswan/plugins/pkcs7/Makefile.in +++ b/src/libstrongswan/plugins/pkcs7/Makefile.in @@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -340,6 +339,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -360,8 +361,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -416,8 +415,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -446,8 +443,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in index 9c408c443..8d038d698 100644 --- a/src/libstrongswan/plugins/pkcs8/Makefile.in +++ b/src/libstrongswan/plugins/pkcs8/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index ff7501c00..5caae5879 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index 3a22a6316..6359e7cd7 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in index d37c9834d..91526ccac 100644 --- a/src/libstrongswan/plugins/rc2/Makefile.in +++ b/src/libstrongswan/plugins/rc2/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in index 371e34db8..0ff72f58a 100644 --- a/src/libstrongswan/plugins/rdrand/Makefile.in +++ b/src/libstrongswan/plugins/rdrand/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index 15e91b24a..4d4fcf1f1 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/revocation/revocation_plugin.c b/src/libstrongswan/plugins/revocation/revocation_plugin.c index fe7eaa765..f688577e1 100644 --- a/src/libstrongswan/plugins/revocation/revocation_plugin.c +++ b/src/libstrongswan/plugins/revocation/revocation_plugin.c @@ -76,6 +76,13 @@ METHOD(plugin_t, get_features, int, return countof(f); } +METHOD(plugin_t, reload, bool, + private_revocation_plugin_t *this) +{ + this->validator->reload(this->validator); + return TRUE; +} + METHOD(plugin_t, destroy, void, private_revocation_plugin_t *this) { @@ -95,6 +102,7 @@ plugin_t *revocation_plugin_create() .plugin = { .get_name = _get_name, .get_features = _get_features, + .reload = _reload, .destroy = _destroy, }, }, diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index f8e78ac0c..68292e3cd 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -27,6 +27,7 @@ #include <credentials/certificates/ocsp_response.h> #include <credentials/sets/ocsp_response_wrapper.h> #include <selectors/traffic_selector.h> +#include <threading/spinlock.h> typedef struct private_revocation_validator_t private_revocation_validator_t; @@ -50,6 +51,10 @@ struct private_revocation_validator_t { */ bool enable_crl; + /** + * Lock to access flags + */ + spinlock_t *lock; }; /** @@ -795,14 +800,21 @@ METHOD(cert_validator_t, validate, bool, certificate_t *issuer, bool online, u_int pathlen, bool anchor, auth_cfg_t *auth) { - if (online && (this->enable_ocsp || this->enable_crl) && + bool enable_ocsp, enable_crl; + + this->lock->lock(this->lock); + enable_ocsp = this->enable_ocsp; + enable_crl = this->enable_crl; + this->lock->unlock(this->lock); + + if (online && (enable_ocsp || enable_crl) && subject->get_type(subject) == CERT_X509 && issuer->get_type(issuer) == CERT_X509) { DBG1(DBG_CFG, "checking certificate status of \"%Y\"", subject->get_subject(subject)); - if (this->enable_ocsp) + if (enable_ocsp) { switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, auth)) { @@ -831,7 +843,7 @@ METHOD(cert_validator_t, validate, bool, auth->add(auth, AUTH_RULE_OCSP_VALIDATION, VALIDATION_SKIPPED); } - if (this->enable_crl) + if (enable_crl) { switch (check_crl((x509_t*)subject, (x509_t*)issuer, auth)) { @@ -865,9 +877,35 @@ METHOD(cert_validator_t, validate, bool, return TRUE; } +METHOD(revocation_validator_t, reload, void, + private_revocation_validator_t *this) +{ + bool enable_ocsp, enable_crl; + + enable_ocsp = lib->settings->get_bool(lib->settings, + "%s.plugins.revocation.enable_ocsp", TRUE, lib->ns); + enable_crl = lib->settings->get_bool(lib->settings, + "%s.plugins.revocation.enable_crl", TRUE, lib->ns); + + this->lock->lock(this->lock); + this->enable_ocsp = enable_ocsp; + this->enable_crl = enable_crl; + this->lock->unlock(this->lock); + + if (!enable_ocsp) + { + DBG1(DBG_LIB, "all OCSP validation disabled"); + } + if (!enable_crl) + { + DBG1(DBG_LIB, "all CRL validation disabled"); + } +} + METHOD(revocation_validator_t, destroy, void, private_revocation_validator_t *this) { + this->lock->destroy(this->lock); free(this); } @@ -881,21 +919,13 @@ revocation_validator_t *revocation_validator_create() INIT(this, .public = { .validator.validate = _validate, + .reload = _reload, .destroy = _destroy, }, - .enable_ocsp = lib->settings->get_bool(lib->settings, - "%s.plugins.revocation.enable_ocsp", TRUE, lib->ns), - .enable_crl = lib->settings->get_bool(lib->settings, - "%s.plugins.revocation.enable_crl", TRUE, lib->ns), + .lock = spinlock_create(), ); - if (!this->enable_ocsp) - { - DBG1(DBG_LIB, "all OCSP validation disabled"); - } - if (!this->enable_crl) - { - DBG1(DBG_LIB, "all CRL validation disabled"); - } + reload(this); + return &this->public; } diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.h b/src/libstrongswan/plugins/revocation/revocation_validator.h index 82cbde26b..9128787f1 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.h +++ b/src/libstrongswan/plugins/revocation/revocation_validator.h @@ -1,4 +1,7 @@ /* + * Copyright (C) 2018 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -36,6 +39,11 @@ struct revocation_validator_t { cert_validator_t validator; /** + * Reload the configuration + */ + void (*reload)(revocation_validator_t *this); + + /** * Destroy a revocation_validator_t. */ void (*destroy)(revocation_validator_t *this); diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index ff0a30462..89d0fbb09 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index 81284e137..32daea050 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in index 3ca2f5e24..ec55ffaaa 100644 --- a/src/libstrongswan/plugins/sha3/Makefile.in +++ b/src/libstrongswan/plugins/sha3/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in index 47af2c5fd..25e3781de 100644 --- a/src/libstrongswan/plugins/soup/Makefile.in +++ b/src/libstrongswan/plugins/soup/Makefile.in @@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -337,6 +336,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -357,8 +358,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -413,8 +412,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -443,8 +440,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index f0649b52a..cc2a8cbd7 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in index ac644ec0b..864a536ee 100644 --- a/src/libstrongswan/plugins/sshkey/Makefile.in +++ b/src/libstrongswan/plugins/sshkey/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 45879e841..c8ad1e5d9 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -331,7 +331,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -357,6 +356,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -377,8 +378,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -433,8 +432,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -463,8 +460,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h index 9bbe701ee..7ab965a82 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors.h +++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h @@ -303,4 +303,5 @@ TEST_VECTOR_DH(ecp224bp) TEST_VECTOR_DH(ecp256bp) TEST_VECTOR_DH(ecp384bp) TEST_VECTOR_DH(ecp512bp) -TEST_VECTOR_DH(curve25519) +TEST_VECTOR_DH(curve25519_1) +TEST_VECTOR_DH(curve25519_2) diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c b/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c index f46d81c16..676fcfc5a 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c @@ -16,10 +16,9 @@ #include <crypto/crypto_tester.h> /** - * From RFC 8031 + * From RFC 8037 */ - -dh_test_vector_t curve25519 = { +dh_test_vector_t curve25519_1 = { .group = CURVE_25519, .priv_len = 32, .pub_len = 32, .shared_len = 32, .priv_a = "\x77\x07\x6d\x0a\x73\x18\xa5\x7d\x3c\x16\xc1\x72\x51\xb2\x66\x45" "\xdf\x4c\x2f\x87\xeb\xc0\x99\x2a\xb1\x77\xfb\xa5\x1d\xb9\x2c\x2a", @@ -32,3 +31,20 @@ dh_test_vector_t curve25519 = { .shared = "\x4a\x5d\x9d\x5b\xa4\xce\x2d\xe1\x72\x8e\x3b\xf4\x80\x35\x0f\x25" "\xe0\x7e\x21\xc9\x47\xd1\x9e\x33\x76\xf0\x9b\x3c\x1e\x16\x17\x42", }; + +/** + * From RFC 8031 + */ +dh_test_vector_t curve25519_2 = { + .group = CURVE_25519, .priv_len = 32, .pub_len = 32, .shared_len = 32, + .priv_a = "\x75\x1f\xb4\x30\x86\x55\xb4\x76\xb6\x78\x9b\x73\x25\xf9\xea\x8c" + "\xdd\xd1\x6a\x58\x53\x3f\xf6\xd9\xe6\x00\x09\x46\x4a\x5f\x9d\x94", + .priv_b = "\x0a\x54\x64\x52\x53\x29\x0d\x60\xdd\xad\xd0\xe0\x30\xba\xcd\x9e" + "\x55\x01\xef\xdc\x22\x07\x55\xa1\xe9\x78\xf1\xb8\x39\xa0\x56\x88", + .pub_a = "\x48\xd5\xdd\xd4\x06\x12\x57\xba\x16\x6f\xa3\xf9\xbb\xdb\x74\xf1" + "\xa4\xe8\x1c\x08\x93\x84\xfa\x77\xf7\x90\x70\x9f\x0d\xfb\xc7\x66", + .pub_b = "\x0b\xe7\xc1\xf5\xaa\xd8\x7d\x7e\x44\x86\x62\x67\x32\x98\xa4\x43" + "\x47\x8b\x85\x97\x45\x17\x9e\xaf\x56\x4c\x79\xc0\xef\x6e\xee\x25", + .shared = "\xc7\x49\x50\x60\x7a\x12\x32\x7f\x32\x04\xd9\x4b\x68\x25\xbf\xb0" + "\x68\xb7\xf8\x31\x9a\x9e\x37\x08\xed\x3d\x43\xce\x81\x30\xc9\x50", +}; diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in index 2a4788ee1..8be6c1c3a 100644 --- a/src/libstrongswan/plugins/unbound/Makefile.in +++ b/src/libstrongswan/plugins/unbound/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in index 7cd680095..20d6658c3 100644 --- a/src/libstrongswan/plugins/winhttp/Makefile.in +++ b/src/libstrongswan/plugins/winhttp/Makefile.in @@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -339,6 +338,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -359,8 +360,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -415,8 +414,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -445,8 +442,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 0f54f8cf0..ce53fff4d 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -338,6 +337,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -358,8 +359,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -414,8 +413,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -444,8 +441,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index bc3a44346..f3d4377d8 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -369,8 +369,13 @@ static bool parse_otherName(chunk_t *blob, int level0, id_type_t *type) switch (oid) { case OID_XMPP_ADDR: - if (!asn1_parse_simple_object(&object, ASN1_UTF8STRING, + if (asn1_parse_simple_object(&object, ASN1_UTF8STRING, parser->get_level(parser)+1, "xmppAddr")) + { /* we handle xmppAddr as RFC822 addr */ + *blob = object; + *type = ID_RFC822_ADDR; + } + else { goto end; } @@ -2021,6 +2026,8 @@ chunk_t build_generalName(identification_t *id) switch (id->get_type(id)) { + case ID_DER_ASN1_GN: + return chunk_clone(id->get_encoding(id)); case ID_RFC822_ADDR: context = ASN1_CONTEXT_S_1; break; diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 3a39037bc..966b6d733 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -336,6 +335,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -356,8 +357,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -412,8 +411,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -442,8 +439,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h index dd9ad7e1b..03f7a6d8c 100644 --- a/src/libstrongswan/selectors/traffic_selector.h +++ b/src/libstrongswan/selectors/traffic_selector.h @@ -395,7 +395,7 @@ traffic_selector_t *traffic_selector_create_from_subnet( * greater or equal to 256 they are assumed to be type and code as defined * for traffic_selector_t. * - * @param protocol upper layer protocl to allow + * @param protocol upper layer protocol to allow * @param from_port start of allowed port range * @param to_port end of range * @return diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c index a4c5060fa..44d035fac 100644 --- a/src/libstrongswan/settings/settings.c +++ b/src/libstrongswan/settings/settings.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2014 Tobias Brunner + * Copyright (C) 2010-2018 Tobias Brunner * Copyright (C) 2008 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -73,6 +73,7 @@ struct private_settings_t { /** * Print a format key, but consume already processed arguments + * Note that key and start point into the same string */ static bool print_key(char *buf, int len, char *start, char *key, va_list args) { @@ -115,6 +116,25 @@ static bool print_key(char *buf, int len, char *start, char *key, va_list args) } /** + * Check if the given section is contained in the given array. + */ +static bool has_section(array_t *array, section_t *section) +{ + section_t *current; + int i; + + for (i = 0; i < array_count(array); i++) + { + array_get(array, i, ¤t); + if (current == section) + { + return TRUE; + } + } + return FALSE; +} + +/** * Find a section by a given key, using buffered key, reusable buffer. * If "ensure" is TRUE, the sections are created if they don't exist. */ @@ -160,15 +180,39 @@ static section_t *find_section_buffered(section_t *section, } /** - * Find all sections via a given key considering fallbacks, using buffered key, + * Forward declaration + */ +static array_t *find_sections(private_settings_t *this, section_t *section, + char *key, va_list args, array_t **sections); + +/** + * Resolve the given reference. Not thread-safe. + * Only a vararg function to get an empty va_list. + */ +static void resolve_reference(private_settings_t *this, section_ref_t *ref, + array_t **sections, ...) +{ + va_list args; + + va_start(args, sections); + find_sections(this, this->top, ref->name, args, sections); + va_end(args); +} + +/** + * Find all sections via a given key considering references, using buffered key, * reusable buffer. */ -static void find_sections_buffered(section_t *section, char *start, char *key, - va_list args, char *buf, int len, array_t **sections) +static void find_sections_buffered(private_settings_t *this, section_t *section, + char *start, char *key, va_list args, + char *buf, int len, bool ignore_refs, + array_t **sections) { - section_t *found = NULL, *fallback; + section_t *found = NULL, *reference; + array_t *references; + section_ref_t *ref; char *pos; - int i; + int i, j; if (!section) { @@ -184,7 +228,7 @@ static void find_sections_buffered(section_t *section, char *start, char *key, return; } if (pos) - { /* restore so we can follow fallbacks */ + { /* restore so we can follow references */ *pos = '.'; } if (!strlen(buf)) @@ -199,147 +243,100 @@ static void find_sections_buffered(section_t *section, char *start, char *key, { if (pos) { - find_sections_buffered(found, start, pos+1, args, buf, len, - sections); + find_sections_buffered(this, found, start, pos+1, args, buf, len, + FALSE, sections); } - else + else if (!has_section(*sections, found)) { + /* ignore if already added to avoid loops */ array_insert_create(sections, ARRAY_TAIL, found); - for (i = 0; i < array_count(found->fallbacks); i++) + /* add all sections that are referenced here (also resolves + * references in parent sections of the referenced section) */ + for (i = 0; i < array_count(found->references); i++) { - array_get(found->fallbacks, i, &fallback); - array_insert_create(sections, ARRAY_TAIL, fallback); + array_get(found->references, i, &ref); + resolve_reference(this, ref, sections); } } } - if (section->fallbacks) + if (!ignore_refs && section != found && section->references) { - for (i = 0; i < array_count(section->fallbacks); i++) + /* find matching sub-sections relative to the referenced sections */ + for (i = 0; i < array_count(section->references); i++) { - array_get(section->fallbacks, i, &fallback); - find_sections_buffered(fallback, start, key, args, buf, len, - sections); + array_get(section->references, i, &ref); + references = NULL; + resolve_reference(this, ref, &references); + for (j = 0; j < array_count(references); j++) + { + array_get(references, j, &reference); + /* ignore references in this referenced section, they were + * resolved via resolve_reference() */ + find_sections_buffered(this, reference, start, key, args, + buf, len, TRUE, sections); + } + array_destroy(references); } } } /** - * Ensure that the section with the given key exists (thread-safe). + * Ensure that the section with the given key exists (not thread-safe). */ static section_t *ensure_section(private_settings_t *this, section_t *section, const char *key, va_list args) { char buf[128], keybuf[512]; - section_t *found; if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) { return NULL; } - /* we might have to change the tree */ - this->lock->write_lock(this->lock); - found = find_section_buffered(section, keybuf, keybuf, args, buf, - sizeof(buf), TRUE); - this->lock->unlock(this->lock); - return found; + return find_section_buffered(section, keybuf, keybuf, args, buf, + sizeof(buf), TRUE); } /** - * Find a section by a given key with its fallbacks (not thread-safe!). - * Sections are returned in depth-first order (array is allocated). NULL is - * returned if no sections are found. + * Find a section by a given key with resolved references (not thread-safe!). + * The array is allocated. NULL is returned if no sections are found. */ static array_t *find_sections(private_settings_t *this, section_t *section, - char *key, va_list args) + char *key, va_list args, array_t **sections) { char buf[128], keybuf[512]; - array_t *sections = NULL; if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) { return NULL; } - find_sections_buffered(section, keybuf, keybuf, args, buf, - sizeof(buf), §ions); - return sections; -} - -/** - * Check if the given fallback section already exists - */ -static bool fallback_exists(section_t *section, section_t *fallback) -{ - if (section == fallback) - { - return TRUE; - } - else if (section->fallbacks) - { - section_t *existing; - int i; - - for (i = 0; i < array_count(section->fallbacks); i++) - { - array_get(section->fallbacks, i, &existing); - if (existing == fallback) - { - return TRUE; - } - } - } - return FALSE; -} - -/** - * Ensure that the section with the given key exists and add the given fallback - * section (thread-safe). - */ -static void add_fallback_to_section(private_settings_t *this, - section_t *section, const char *key, va_list args, - section_t *fallback) -{ - char buf[128], keybuf[512]; - section_t *found; - - if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) - { - return; - } - this->lock->write_lock(this->lock); - found = find_section_buffered(section, keybuf, keybuf, args, buf, - sizeof(buf), TRUE); - if (!fallback_exists(found, fallback)) - { - /* to ensure sections referred to as fallback are not purged, we create - * the array there too */ - if (!fallback->fallbacks) - { - fallback->fallbacks = array_create(0, 0); - } - array_insert_create(&found->fallbacks, ARRAY_TAIL, fallback); - } - this->lock->unlock(this->lock); + find_sections_buffered(this, section, keybuf, keybuf, args, buf, + sizeof(buf), FALSE, sections); + return *sections; } /** * Find the key/value pair for a key, using buffered key, reusable buffer - * If "ensure" is TRUE, the sections (and key/value pair) are created if they - * don't exist. - * Fallbacks are only considered if "ensure" is FALSE. + * There are two modes: 1. To find a key at an exact location and create the + * sections (and key/value pair) if necessary, don't pass an array for sections. + * 2. To find a key and follow references pass a pointer to an array to store + * visited sections. NULL is returned in this case if the key is not found. */ -static kv_t *find_value_buffered(section_t *section, char *start, char *key, - va_list args, char *buf, int len, bool ensure) +static kv_t *find_value_buffered(private_settings_t *this, section_t *section, + char *start, char *key, va_list args, + char *buf, int len, bool ignore_refs, + array_t **sections) { - int i; - char *pos; - kv_t *kv = NULL; section_t *found = NULL; + kv_t *kv = NULL; + section_ref_t *ref; + array_t *references; + char *pos; + int i, j; - if (section == NULL) + if (!section) { return NULL; } - pos = strchr(key, '.'); if (pos) { @@ -348,7 +345,7 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, { return NULL; } - /* restore so we can retry for fallbacks */ + /* restore so we can follow references */ *pos = '.'; if (!strlen(buf)) { @@ -357,7 +354,7 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, else if (array_bsearch(section->sections, buf, settings_section_find, &found) == -1) { - if (ensure) + if (!sections) { found = settings_section_create(strdup(buf)); settings_section_add(section, found, NULL); @@ -365,53 +362,144 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, } if (found) { - kv = find_value_buffered(found, start, pos+1, args, buf, len, - ensure); - } - if (!kv && !ensure && section->fallbacks) - { - for (i = 0; !kv && i < array_count(section->fallbacks); i++) - { - array_get(section->fallbacks, i, &found); - kv = find_value_buffered(found, start, key, args, buf, len, - ensure); - } + kv = find_value_buffered(this, found, start, pos+1, args, buf, len, + FALSE, sections); } } else { + if (sections) + { + array_insert_create(sections, ARRAY_TAIL, section); + } if (!print_key(buf, len, start, key, args)) { return NULL; } if (array_bsearch(section->kv, buf, settings_kv_find, &kv) == -1) { - if (ensure) + if (!sections) { kv = settings_kv_create(strdup(buf), NULL); settings_kv_add(section, kv, NULL); } - else if (section->fallbacks) + } + } + if (!kv && !ignore_refs && sections && section->references) + { + /* find key relative to the referenced sections */ + for (i = 0; !kv && i < array_count(section->references); i++) + { + array_get(section->references, i, &ref); + references = NULL; + resolve_reference(this, ref, &references); + for (j = 0; !kv && j < array_count(references); j++) { - for (i = 0; !kv && i < array_count(section->fallbacks); i++) + array_get(references, j, &found); + /* ignore if already added to avoid loops */ + if (!has_section(*sections, found)) { - array_get(section->fallbacks, i, &found); - kv = find_value_buffered(found, start, key, args, buf, len, - ensure); + /* ignore references in this referenced section, they were + * resolved via resolve_reference() */ + kv = find_value_buffered(this, found, start, key, args, + buf, len, TRUE, sections); } } + array_destroy(references); } } return kv; } /** + * Remove the key/value pair for a key, using buffered key, reusable buffer + */ +static void remove_value_buffered(private_settings_t *this, section_t *section, + char *start, char *key, va_list args, + char *buf, int len) +{ + section_t *found = NULL; + kv_t *kv = NULL, *ordered = NULL; + char *pos; + int idx, i; + + if (!section) + { + return; + } + pos = strchr(key, '.'); + if (pos) + { + *pos = '\0'; + pos++; + } + if (!print_key(buf, len, start, key, args)) + { + return; + } + if (!strlen(buf)) + { + found = section; + } + if (pos) + { + if (array_bsearch(section->sections, buf, settings_section_find, + &found) != -1) + { + remove_value_buffered(this, found, start, pos, args, buf, len); + } + } + else + { + idx = array_bsearch(section->kv, buf, settings_kv_find, &kv); + if (idx != -1) + { + array_remove(section->kv, idx, NULL); + for (i = 0; i < array_count(section->kv_order); i++) + { + array_get(section->kv_order, i, &ordered); + if (kv == ordered) + { + array_remove(section->kv_order, i, NULL); + settings_kv_destroy(kv, this->contents); + break; + } + } + } + } +} + +/* + * Described in header + */ +void settings_remove_value(settings_t *settings, char *key, ...) +{ + private_settings_t *this = (private_settings_t*)settings; + char buf[128], keybuf[512]; + va_list args; + + if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) + { + return; + } + va_start(args, key); + + this->lock->read_lock(this->lock); + remove_value_buffered(this, this->top, keybuf, keybuf, args, buf, + sizeof(buf)); + this->lock->unlock(this->lock); + + va_end(args); +} + +/** * Find the string value for a key (thread-safe). */ static char *find_value(private_settings_t *this, section_t *section, char *key, va_list args) { char buf[128], keybuf[512], *value = NULL; + array_t *sections = NULL; kv_t *kv; if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) @@ -419,13 +507,14 @@ static char *find_value(private_settings_t *this, section_t *section, return NULL; } this->lock->read_lock(this->lock); - kv = find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf), - FALSE); + kv = find_value_buffered(this, section, keybuf, keybuf, args, + buf, sizeof(buf), FALSE, §ions); if (kv) { value = kv->value; } this->lock->unlock(this->lock); + array_destroy(sections); return value; } @@ -443,8 +532,8 @@ static void set_value(private_settings_t *this, section_t *section, return; } this->lock->write_lock(this->lock); - kv = find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf), - TRUE); + kv = find_value_buffered(this, section, keybuf, keybuf, args, + buf, sizeof(buf), FALSE, NULL); if (kv) { settings_kv_set(kv, strdupnull(value), this->contents); @@ -761,12 +850,12 @@ METHOD(settings_t, create_section_enumerator, enumerator_t*, private_settings_t *this, char *key, ...) { enumerator_data_t *data; - array_t *sections; + array_t *sections = NULL; va_list args; this->lock->read_lock(this->lock); va_start(args, key); - sections = find_sections(this, this->top, key, args); + sections = find_sections(this, this->top, key, args, §ions); va_end(args); if (!sections) @@ -793,13 +882,17 @@ CALLBACK(kv_filter, bool, while (orig->enumerate(orig, &kv)) { - if (seen->get(seen, kv->key) || !kv->value) + if (seen->get(seen, kv->key)) + { + continue; + } + seen->put(seen, kv->key, kv->key); + if (!kv->value) { continue; } *key = kv->key; *value = kv->value; - seen->put(seen, kv->key, kv->key); return TRUE; } return FALSE; @@ -818,12 +911,12 @@ METHOD(settings_t, create_key_value_enumerator, enumerator_t*, private_settings_t *this, char *key, ...) { enumerator_data_t *data; - array_t *sections; + array_t *sections = NULL; va_list args; this->lock->read_lock(this->lock); va_start(args, key); - sections = find_sections(this, this->top, key, args); + sections = find_sections(this, this->top, key, args, §ions); va_end(args); if (!sections) @@ -845,33 +938,34 @@ METHOD(settings_t, add_fallback, void, { section_t *section; va_list args; + char buf[512]; - /* find/create the fallback */ + this->lock->write_lock(this->lock); va_start(args, fallback); - section = ensure_section(this, this->top, fallback, args); + section = ensure_section(this, this->top, key, args); va_end(args); va_start(args, fallback); - add_fallback_to_section(this, this->top, key, args, section); + if (section && vsnprintf(buf, sizeof(buf), fallback, args) < sizeof(buf)) + { + settings_reference_add(section, strdup(buf), TRUE); + } va_end(args); + this->lock->unlock(this->lock); } /** * Load settings from files matching the given file pattern or from a string. - * All sections and values are added relative to "parent". * All files (even included ones) have to be loaded successfully. - * If merge is FALSE the contents of parent are replaced with the parsed - * contents, otherwise they are merged together. */ -static bool load_internal(private_settings_t *this, section_t *parent, - char *pattern, bool merge, bool string) +static section_t *load_internal(char *pattern, bool string) { section_t *section; bool loaded; if (pattern == NULL || !pattern[0]) - { /* TODO: Clear parent if merge is FALSE? */ - return TRUE; + { + return settings_section_create(NULL); } section = settings_section_create(NULL); @@ -880,61 +974,101 @@ static bool load_internal(private_settings_t *this, section_t *parent, if (!loaded) { settings_section_destroy(section, NULL); - return FALSE; + section = NULL; } + return section; +} - this->lock->write_lock(this->lock); - settings_section_extend(parent, section, this->contents, !merge); +/** + * Add sections and values in "section" relative to "parent". + * If merge is FALSE the contents of parent are replaced with the parsed + * contents, otherwise they are merged together. + * + * Releases the write lock and destroys the given section. + * If parent is NULL this is all that happens. + */ +static bool extend_section(private_settings_t *this, section_t *parent, + section_t *section, bool merge) +{ + if (parent) + { + settings_section_extend(parent, section, this->contents, !merge); + } this->lock->unlock(this->lock); - settings_section_destroy(section, NULL); - return TRUE; + return parent != NULL; } METHOD(settings_t, load_files, bool, private_settings_t *this, char *pattern, bool merge) { - return load_internal(this, this->top, pattern, merge, FALSE); + section_t *section; + + section = load_internal(pattern, FALSE); + if (!section) + { + return FALSE; + } + + this->lock->write_lock(this->lock); + return extend_section(this, this->top, section, merge); } METHOD(settings_t, load_files_section, bool, private_settings_t *this, char *pattern, bool merge, char *key, ...) { - section_t *section; + section_t *section, *parent; va_list args; - va_start(args, key); - section = ensure_section(this, this->top, key, args); - va_end(args); - + section = load_internal(pattern, FALSE); if (!section) { return FALSE; } - return load_internal(this, section, pattern, merge, FALSE); + + this->lock->write_lock(this->lock); + + va_start(args, key); + parent = ensure_section(this, this->top, key, args); + va_end(args); + + return extend_section(this, parent, section, merge); } METHOD(settings_t, load_string, bool, private_settings_t *this, char *settings, bool merge) { - return load_internal(this, this->top, settings, merge, TRUE); + section_t *section; + + section = load_internal(settings, TRUE); + if (!section) + { + return FALSE; + } + + this->lock->write_lock(this->lock); + return extend_section(this, this->top, section, merge); } METHOD(settings_t, load_string_section, bool, private_settings_t *this, char *settings, bool merge, char *key, ...) { - section_t *section; + section_t *section, *parent; va_list args; - va_start(args, key); - section = ensure_section(this, this->top, key, args); - va_end(args); - + section = load_internal(settings, TRUE); if (!section) { return FALSE; } - return load_internal(this, section, settings, merge, TRUE); + + this->lock->write_lock(this->lock); + + va_start(args, key); + parent = ensure_section(this, this->top, key, args); + va_end(args); + + return extend_section(this, parent, section, merge); } METHOD(settings_t, destroy, void, diff --git a/src/libstrongswan/settings/settings.h b/src/libstrongswan/settings/settings.h index e25c9da38..814cf32e5 100644 --- a/src/libstrongswan/settings/settings.h +++ b/src/libstrongswan/settings/settings.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Tobias Brunner + * Copyright (C) 2010-2018 Tobias Brunner * Copyright (C) 2008 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -288,15 +288,9 @@ struct settings_t { * 'section-one.two' will result in a lookup for the same section/key * in 'section-two'. * - * @note Lookups are depth-first and currently strictly top-down. - * For instance, if app.sec had lib1.sec as fallback and lib1 had lib2 as - * fallback the keys/sections in lib2.sec would not be considered. But if - * app had lib3 as fallback the contents of lib3.sec would (as app is passed - * during the initial lookup). In the last example the order during - * enumerations would be app.sec, lib1.sec, lib3.sec. - * * @note Additional arguments will be applied to both section format - * strings so they must be compatible. + * strings so they must be compatible. And they are evaluated immediately, + * so arguments can't contain dots. * * @param section section for which a fallback is configured, printf style * @param fallback fallback section, printf style @@ -413,4 +407,18 @@ settings_t *settings_create(char *file); */ settings_t *settings_create_string(char *settings); +/** + * Remove the given key/value. + * + * Compared to setting a key to NULL, which makes it appear to be unset (i.e. + * default values will apply) this removes the given key (if found) and + * references/fallbacks will apply when looking for that key. This is mainly + * usefuls for the unit tests. + * + * @param settings settings to remove key/value from + * @param key key including sections, printf style format + * @param ... argument list for key + */ +void settings_remove_value(settings_t *settings, char *key, ...); + #endif /** SETTINGS_H_ @}*/ diff --git a/src/libstrongswan/settings/settings_lexer.c b/src/libstrongswan/settings/settings_lexer.c index b13ff8009..c29dfa57b 100644 --- a/src/libstrongswan/settings/settings_lexer.c +++ b/src/libstrongswan/settings/settings_lexer.c @@ -468,8 +468,8 @@ static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner ); yyg->yy_c_buf_p = yy_cp; /* %% [4.0] data tables for the DFA and the user's section 1 definitions go here */ -#define YY_NUM_RULES 30 -#define YY_END_OF_BUFFER 31 +#define YY_NUM_RULES 39 +#define YY_END_OF_BUFFER 40 /* This struct is not used in this scanner, but its presence is necessary. */ struct yy_trans_info @@ -477,15 +477,17 @@ struct yy_trans_info flex_int32_t yy_verify; flex_int32_t yy_nxt; }; -static yyconst flex_int16_t yy_accept[63] = +static yyconst flex_int16_t yy_accept[85] = { 0, - 0, 0, 0, 0, 0, 0, 0, 0, 31, 9, - 2, 3, 2, 8, 1, 6, 9, 4, 5, 14, - 11, 12, 10, 13, 20, 16, 15, 17, 18, 29, - 21, 22, 23, 9, 2, 2, 1, 1, 3, 0, - 9, 14, 11, 20, 19, 29, 28, 27, 28, 24, - 25, 26, 1, 9, 9, 9, 9, 9, 0, 7, - 7, 0 + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 40, 12, 2, 3, 2, 11, 1, 7, 6, 8, + 9, 12, 4, 5, 17, 14, 15, 14, 18, 13, + 16, 23, 20, 21, 19, 22, 29, 25, 24, 26, + 27, 38, 30, 31, 32, 12, 2, 2, 1, 1, + 3, 0, 12, 17, 0, 14, 14, 13, 13, 15, + 0, 23, 20, 29, 28, 38, 37, 36, 37, 33, + 34, 35, 1, 12, 17, 13, 12, 12, 12, 12, + 0, 10, 10, 0 } ; static yyconst YY_CHAR yy_ec[256] = @@ -494,16 +496,16 @@ static yyconst YY_CHAR yy_ec[256] = 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 5, 1, 6, 7, 1, 1, 1, 1, 1, + 1, 1, 1, 8, 1, 9, 1, 1, 1, 1, + 1, 1, 1, 1, 1, 1, 1, 10, 1, 1, + 11, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 8, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 1, 9, 1, 1, 1, 1, 1, 1, 10, 11, + 1, 12, 1, 1, 1, 1, 1, 1, 13, 14, - 12, 1, 1, 1, 13, 1, 1, 14, 1, 15, - 1, 1, 1, 16, 1, 17, 18, 1, 1, 1, - 1, 1, 19, 1, 20, 1, 1, 1, 1, 1, + 15, 1, 1, 1, 16, 1, 1, 17, 1, 18, + 1, 1, 1, 19, 1, 20, 21, 1, 1, 1, + 1, 1, 22, 1, 23, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, @@ -520,113 +522,144 @@ static yyconst YY_CHAR yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst YY_CHAR yy_meta[21] = +static yyconst YY_CHAR yy_meta[24] = { 0, - 1, 2, 3, 4, 5, 6, 7, 8, 9, 1, - 1, 1, 1, 1, 1, 1, 1, 1, 10, 7 + 1, 2, 3, 4, 5, 6, 5, 7, 8, 7, + 9, 10, 1, 1, 1, 1, 1, 1, 1, 1, + 1, 7, 5 } ; -static yyconst flex_uint16_t yy_base[77] = +static yyconst flex_uint16_t yy_base[103] = { 0, - 0, 0, 19, 38, 57, 76, 23, 24, 70, 0, - 95, 244, 0, 244, 31, 244, 54, 244, 244, 0, - 44, 244, 244, 244, 0, 244, 244, 244, 0, 0, - 244, 244, 100, 0, 0, 0, 0, 33, 244, 65, - 57, 0, 45, 0, 244, 0, 244, 244, 62, 244, - 244, 244, 0, 43, 36, 27, 19, 46, 50, 244, - 51, 244, 117, 127, 137, 147, 155, 160, 170, 180, - 186, 193, 203, 213, 223, 233 + 0, 0, 23, 0, 45, 67, 89, 111, 49, 50, + 124, 0, 133, 335, 55, 335, 60, 335, 335, 335, + 335, 104, 335, 335, 112, 139, 335, 73, 335, 62, + 335, 0, 74, 335, 335, 335, 0, 335, 335, 335, + 0, 0, 335, 335, 144, 0, 0, 78, 0, 81, + 335, 117, 106, 102, 0, 0, 84, 0, 94, 335, + 107, 0, 97, 0, 335, 0, 335, 335, 106, 335, + 335, 335, 0, 89, 78, 0, 60, 53, 43, 98, + 102, 335, 103, 335, 164, 174, 184, 194, 204, 214, + 224, 234, 244, 249, 255, 264, 274, 284, 294, 304, + + 314, 324 } ; -static yyconst flex_int16_t yy_def[77] = +static yyconst flex_int16_t yy_def[103] = { 0, - 62, 1, 63, 63, 64, 64, 65, 65, 62, 66, - 62, 62, 67, 62, 68, 62, 66, 62, 62, 69, - 62, 62, 62, 62, 70, 62, 62, 62, 71, 72, - 62, 62, 73, 66, 11, 67, 74, 68, 62, 75, - 66, 69, 62, 70, 62, 72, 62, 62, 62, 62, - 62, 62, 74, 66, 66, 66, 66, 66, 76, 62, - 76, 0, 62, 62, 62, 62, 62, 62, 62, 62, - 62, 62, 62, 62, 62, 62 + 84, 1, 84, 3, 85, 85, 86, 86, 87, 87, + 84, 88, 84, 84, 84, 84, 89, 84, 84, 84, + 84, 88, 84, 84, 90, 84, 84, 84, 84, 91, + 84, 92, 84, 84, 84, 84, 93, 84, 84, 84, + 94, 95, 84, 84, 96, 88, 13, 84, 97, 89, + 84, 98, 88, 90, 99, 26, 84, 100, 91, 84, + 101, 92, 84, 93, 84, 95, 84, 84, 84, 84, + 84, 84, 97, 88, 99, 100, 88, 88, 88, 88, + 102, 84, 102, 0, 84, 84, 84, 84, 84, 84, + 84, 84, 84, 84, 84, 84, 84, 84, 84, 84, + + 84, 84 } ; -static yyconst flex_uint16_t yy_nxt[265] = +static yyconst flex_uint16_t yy_nxt[359] = { 0, - 10, 11, 12, 13, 11, 14, 15, 16, 10, 10, - 10, 10, 17, 10, 10, 10, 10, 10, 18, 19, - 21, 22, 23, 21, 24, 22, 31, 31, 32, 32, - 58, 33, 33, 39, 40, 39, 40, 57, 22, 21, - 22, 23, 21, 24, 22, 43, 43, 59, 43, 43, - 59, 61, 61, 56, 61, 61, 55, 22, 26, 26, - 27, 26, 28, 26, 48, 29, 54, 39, 41, 62, - 62, 62, 62, 62, 62, 62, 26, 26, 26, 27, - 26, 28, 26, 62, 29, 62, 62, 62, 62, 62, - 62, 62, 62, 62, 62, 26, 35, 62, 36, 35, - - 62, 37, 48, 49, 62, 62, 62, 62, 62, 62, - 62, 62, 62, 62, 50, 51, 52, 20, 20, 20, - 20, 20, 20, 20, 20, 20, 20, 25, 25, 25, - 25, 25, 25, 25, 25, 25, 25, 30, 30, 30, - 30, 30, 30, 30, 30, 30, 30, 34, 62, 62, - 62, 62, 62, 62, 62, 34, 36, 62, 36, 36, - 38, 38, 38, 38, 38, 38, 38, 38, 38, 38, - 42, 62, 62, 62, 62, 62, 62, 42, 42, 42, - 44, 62, 62, 62, 62, 62, 62, 44, 62, 44, - 45, 45, 45, 46, 46, 46, 62, 46, 62, 46, - - 46, 62, 46, 47, 47, 47, 47, 47, 47, 47, - 47, 47, 47, 53, 53, 62, 62, 53, 53, 53, - 53, 53, 53, 40, 40, 40, 40, 40, 40, 40, - 40, 40, 40, 60, 60, 60, 60, 60, 60, 60, - 62, 60, 60, 9, 62, 62, 62, 62, 62, 62, - 62, 62, 62, 62, 62, 62, 62, 62, 62, 62, - 62, 62, 62, 62 + 12, 13, 14, 15, 13, 16, 17, 18, 19, 20, + 21, 12, 12, 12, 12, 22, 12, 12, 12, 12, + 12, 23, 24, 25, 26, 27, 28, 26, 29, 30, + 31, 29, 29, 29, 25, 25, 25, 25, 25, 25, + 25, 25, 25, 25, 29, 29, 33, 34, 35, 33, + 36, 34, 43, 43, 44, 44, 48, 80, 48, 48, + 45, 45, 51, 52, 60, 61, 79, 34, 33, 34, + 35, 33, 36, 34, 57, 63, 57, 57, 63, 48, + 78, 48, 48, 51, 52, 57, 55, 57, 57, 34, + 38, 38, 39, 38, 40, 38, 60, 61, 63, 81, + + 41, 63, 81, 83, 83, 77, 83, 83, 68, 60, + 55, 38, 38, 38, 39, 38, 40, 38, 74, 51, + 55, 53, 41, 84, 84, 84, 84, 84, 84, 84, + 84, 84, 84, 38, 47, 84, 48, 47, 84, 49, + 56, 84, 57, 56, 84, 58, 68, 69, 84, 84, + 84, 84, 84, 84, 84, 84, 84, 84, 84, 84, + 84, 70, 71, 72, 32, 32, 32, 32, 32, 32, + 32, 32, 32, 32, 37, 37, 37, 37, 37, 37, + 37, 37, 37, 37, 42, 42, 42, 42, 42, 42, + 42, 42, 42, 42, 46, 84, 84, 84, 84, 84, + + 84, 84, 84, 46, 50, 50, 50, 50, 50, 50, + 50, 50, 50, 50, 54, 84, 84, 84, 84, 84, + 84, 54, 84, 54, 59, 59, 59, 59, 59, 59, + 59, 59, 59, 59, 62, 84, 84, 84, 84, 84, + 62, 62, 62, 62, 64, 84, 84, 84, 84, 84, + 64, 64, 64, 65, 65, 66, 66, 66, 84, 66, + 84, 66, 66, 66, 67, 67, 67, 67, 67, 67, + 67, 67, 67, 67, 73, 73, 84, 84, 73, 73, + 73, 73, 73, 73, 52, 52, 52, 52, 52, 52, + 52, 52, 52, 52, 75, 84, 84, 84, 84, 84, + + 84, 84, 84, 75, 76, 76, 84, 84, 76, 76, + 76, 76, 76, 76, 61, 61, 61, 61, 61, 61, + 61, 61, 61, 61, 82, 82, 82, 82, 82, 82, + 82, 82, 84, 82, 11, 84, 84, 84, 84, 84, + 84, 84, 84, 84, 84, 84, 84, 84, 84, 84, + 84, 84, 84, 84, 84, 84, 84, 84 } ; -static yyconst flex_int16_t yy_chk[265] = +static yyconst flex_int16_t yy_chk[359] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, - 3, 3, 3, 3, 3, 3, 7, 8, 7, 8, - 57, 7, 8, 15, 15, 38, 38, 56, 3, 4, - 4, 4, 4, 4, 4, 21, 43, 58, 21, 43, - 58, 59, 61, 55, 59, 61, 54, 4, 5, 5, - 5, 5, 5, 5, 49, 5, 41, 40, 17, 9, - 0, 0, 0, 0, 0, 0, 5, 6, 6, 6, - 6, 6, 6, 0, 6, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 6, 11, 0, 11, 11, - - 0, 11, 33, 33, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 33, 33, 33, 63, 63, 63, - 63, 63, 63, 63, 63, 63, 63, 64, 64, 64, - 64, 64, 64, 64, 64, 64, 64, 65, 65, 65, - 65, 65, 65, 65, 65, 65, 65, 66, 0, 0, - 0, 0, 0, 0, 0, 66, 67, 0, 67, 67, - 68, 68, 68, 68, 68, 68, 68, 68, 68, 68, - 69, 0, 0, 0, 0, 0, 0, 69, 69, 69, - 70, 0, 0, 0, 0, 0, 0, 70, 0, 70, - 71, 71, 71, 72, 72, 72, 0, 72, 0, 72, - - 72, 0, 72, 73, 73, 73, 73, 73, 73, 73, - 73, 73, 73, 74, 74, 0, 0, 74, 74, 74, - 74, 74, 74, 75, 75, 75, 75, 75, 75, 75, - 75, 75, 75, 76, 76, 76, 76, 76, 76, 76, - 0, 76, 76, 62, 62, 62, 62, 62, 62, 62, - 62, 62, 62, 62, 62, 62, 62, 62, 62, 62, - 62, 62, 62, 62 + 1, 1, 1, 3, 3, 3, 3, 3, 3, 3, + 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, + 3, 3, 3, 3, 3, 3, 5, 5, 5, 5, + 5, 5, 9, 10, 9, 10, 15, 79, 15, 15, + 9, 10, 17, 17, 30, 30, 78, 5, 6, 6, + 6, 6, 6, 6, 28, 33, 28, 28, 33, 48, + 77, 48, 48, 50, 50, 57, 75, 57, 57, 6, + 7, 7, 7, 7, 7, 7, 59, 59, 63, 80, + + 7, 63, 80, 81, 83, 74, 81, 83, 69, 61, + 54, 7, 8, 8, 8, 8, 8, 8, 53, 52, + 25, 22, 8, 11, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 8, 13, 0, 13, 13, 0, 13, + 26, 0, 26, 26, 0, 26, 45, 45, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 45, 45, 45, 85, 85, 85, 85, 85, 85, + 85, 85, 85, 85, 86, 86, 86, 86, 86, 86, + 86, 86, 86, 86, 87, 87, 87, 87, 87, 87, + 87, 87, 87, 87, 88, 0, 0, 0, 0, 0, + + 0, 0, 0, 88, 89, 89, 89, 89, 89, 89, + 89, 89, 89, 89, 90, 0, 0, 0, 0, 0, + 0, 90, 0, 90, 91, 91, 91, 91, 91, 91, + 91, 91, 91, 91, 92, 0, 0, 0, 0, 0, + 92, 92, 92, 92, 93, 0, 0, 0, 0, 0, + 93, 93, 93, 94, 94, 95, 95, 95, 0, 95, + 0, 95, 95, 95, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 96, 97, 97, 0, 0, 97, 97, + 97, 97, 97, 97, 98, 98, 98, 98, 98, 98, + 98, 98, 98, 98, 99, 0, 0, 0, 0, 0, + + 0, 0, 0, 99, 100, 100, 0, 0, 100, 100, + 100, 100, 100, 100, 101, 101, 101, 101, 101, 101, + 101, 101, 101, 101, 102, 102, 102, 102, 102, 102, + 102, 102, 0, 102, 84, 84, 84, 84, 84, 84, + 84, 84, 84, 84, 84, 84, 84, 84, 84, 84, + 84, 84, 84, 84, 84, 84, 84, 84 } ; /* Table of booleans, true if rule could match eol. */ -static yyconst flex_int32_t yy_rule_can_match_eol[31] = +static yyconst flex_int32_t yy_rule_can_match_eol[40] = { 0, -0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, }; +0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, + 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, + }; -static yyconst flex_int16_t yy_rule_linenum[30] = +static yyconst flex_int16_t yy_rule_linenum[39] = { 0, - 61, 62, 63, 65, 66, 68, 73, 78, 83, 89, - 90, 92, 112, 118, 125, 128, 148, 151, 154, 157, - 163, 164, 166, 186, 187, 188, 189, 190, 191 + 66, 67, 68, 70, 71, 73, 74, 76, 81, 86, + 91, 96, 102, 103, 104, 106, 108, 113, 120, 121, + 123, 144, 150, 157, 160, 180, 183, 186, 189, 195, + 196, 198, 218, 219, 220, 221, 222, 223 } ; /* The intent behind this definition is that it'll catch @@ -639,7 +672,7 @@ static yyconst flex_int16_t yy_rule_linenum[30] = #line 1 "settings/settings_lexer.l" #line 2 "settings/settings_lexer.l" /* - * Copyright (C) 2014 Tobias Brunner + * Copyright (C) 2014-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -662,7 +695,7 @@ bool settings_parser_open_next_file(parser_helper_t *ctx); static void include_files(parser_helper_t *ctx); /* use start conditions stack */ -/* do not declare unneded functions */ +/* do not declare unneeded functions */ #define YY_NO_INPUT 1 /* don't use global variables, and interact properly with bison */ /* maintain the line number */ @@ -670,18 +703,22 @@ static void include_files(parser_helper_t *ctx); /* prefix function/variable declarations */ /* don't change the name of the output file otherwise autotools has issues */ /* type of our extra data */ +/* state used to scan references */ + /* state used to scan values */ /* state used to scan include file patterns */ /* state used to scan quoted strings */ -#line 680 "settings/settings_lexer.c" +/* pattern for section/key names */ +#line 716 "settings/settings_lexer.c" #define INITIAL 0 -#define val 1 -#define inc 2 -#define str 3 +#define ref 1 +#define val 2 +#define inc 3 +#define str 4 #ifndef YY_NO_UNISTD_H /* Special case for "unistd.h", since it is non-ANSI. We include it way @@ -1030,10 +1067,10 @@ YY_DECL { /* %% [7.0] user's declarations go here */ -#line 59 "settings/settings_lexer.l" +#line 64 "settings/settings_lexer.l" -#line 1037 "settings/settings_lexer.c" +#line 1074 "settings/settings_lexer.c" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -1062,13 +1099,13 @@ yy_match: while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 63 ) + if ( yy_current_state >= 85 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; ++yy_cp; } - while ( yy_base[yy_current_state] != 244 ); + while ( yy_base[yy_current_state] != 335 ); yy_find_action: /* %% [10.0] code to find the action number goes here */ @@ -1103,13 +1140,13 @@ do_action: /* This label is used only to access EOF actions. */ { if ( yy_act == 0 ) fprintf( stderr, "--scanner backing up\n" ); - else if ( yy_act < 30 ) + else if ( yy_act < 39 ) fprintf( stderr, "--accepting rule at line %ld (\"%s\")\n", (long)yy_rule_linenum[yy_act], yytext ); - else if ( yy_act == 30 ) + else if ( yy_act == 39 ) fprintf( stderr, "--accepting default rule (\"%s\")\n", yytext ); - else if ( yy_act == 31 ) + else if ( yy_act == 40 ) fprintf( stderr, "--(end of buffer or a NUL)\n" ); else fprintf( stderr, "--EOF (start condition %d)\n", YY_START ); @@ -1127,81 +1164,138 @@ do_action: /* This label is used only to access EOF actions. */ case 1: YY_RULE_SETUP -#line 61 "settings/settings_lexer.l" +#line 66 "settings/settings_lexer.l" /* eat comments */ YY_BREAK case 2: YY_RULE_SETUP -#line 62 "settings/settings_lexer.l" +#line 67 "settings/settings_lexer.l" /* eat whitespace */ YY_BREAK case 3: /* rule 3 can match eol */ YY_RULE_SETUP -#line 63 "settings/settings_lexer.l" -return NEWLINE; /* also eats comments at the end of a line */ +#line 68 "settings/settings_lexer.l" +/* eat newlines and comments at the end of a line */ YY_BREAK case 4: -#line 66 "settings/settings_lexer.l" +#line 71 "settings/settings_lexer.l" case 5: YY_RULE_SETUP -#line 66 "settings/settings_lexer.l" +#line 71 "settings/settings_lexer.l" return yytext[0]; YY_BREAK case 6: YY_RULE_SETUP -#line 68 "settings/settings_lexer.l" +#line 73 "settings/settings_lexer.l" +return DOT; + YY_BREAK +case 7: +YY_RULE_SETUP +#line 74 "settings/settings_lexer.l" +return COMMA; + YY_BREAK +case 8: +YY_RULE_SETUP +#line 76 "settings/settings_lexer.l" +{ + yy_push_state(ref, yyscanner); + return COLON; +} + YY_BREAK +case 9: +YY_RULE_SETUP +#line 81 "settings/settings_lexer.l" { yy_push_state(val, yyscanner); return yytext[0]; } YY_BREAK -case 7: -/* rule 7 can match eol */ +case 10: +/* rule 10 can match eol */ *yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */ YY_LINENO_REWIND_TO(yy_cp - 1); yyg->yy_c_buf_p = yy_cp -= 1; YY_DO_BEFORE_ACTION; /* set up yytext again */ YY_RULE_SETUP -#line 73 "settings/settings_lexer.l" +#line 86 "settings/settings_lexer.l" { yyextra->string_init(yyextra); yy_push_state(inc, yyscanner); } YY_BREAK -case 8: +case 11: YY_RULE_SETUP -#line 78 "settings/settings_lexer.l" +#line 91 "settings/settings_lexer.l" { PARSER_DBG1(yyextra, "unexpected string detected"); return STRING_ERROR; } YY_BREAK -case 9: +case 12: YY_RULE_SETUP -#line 83 "settings/settings_lexer.l" +#line 96 "settings/settings_lexer.l" { yylval->s = strdup(yytext); return NAME; } YY_BREAK -case 10: +case 13: +YY_RULE_SETUP +#line 102 "settings/settings_lexer.l" +/* eat comments */ + YY_BREAK +case 14: +YY_RULE_SETUP +#line 103 "settings/settings_lexer.l" +/* eat whitespace */ + YY_BREAK +case 15: +/* rule 15 can match eol */ +YY_RULE_SETUP +#line 104 "settings/settings_lexer.l" +/* eat newlines and comments at the end of a line */ + YY_BREAK +case 16: +YY_RULE_SETUP +#line 106 "settings/settings_lexer.l" +return COMMA; + YY_BREAK +case 17: YY_RULE_SETUP -#line 89 "settings/settings_lexer.l" +#line 108 "settings/settings_lexer.l" +{ + yylval->s = strdup(yytext); + return NAME; + } + YY_BREAK +case 18: +YY_RULE_SETUP +#line 113 "settings/settings_lexer.l" +{ + unput(yytext[0]); + yy_pop_state(yyscanner); + } + YY_BREAK + + +case 19: +YY_RULE_SETUP +#line 120 "settings/settings_lexer.l" /* just ignore these */ YY_BREAK -case 11: +case 20: YY_RULE_SETUP -#line 90 "settings/settings_lexer.l" +#line 121 "settings/settings_lexer.l" YY_BREAK case YY_STATE_EOF(val): -#line 91 "settings/settings_lexer.l" -case 12: -/* rule 12 can match eol */ +#line 122 "settings/settings_lexer.l" +case 21: +/* rule 21 can match eol */ YY_RULE_SETUP -#line 92 "settings/settings_lexer.l" +#line 123 "settings/settings_lexer.l" { if (*yytext) { @@ -1220,20 +1314,21 @@ YY_RULE_SETUP } } yy_pop_state(yyscanner); + return NEWLINE; } YY_BREAK -case 13: +case 22: YY_RULE_SETUP -#line 112 "settings/settings_lexer.l" +#line 144 "settings/settings_lexer.l" { yyextra->string_init(yyextra); yy_push_state(str, yyscanner); } YY_BREAK /* same as above, but allow more characters */ -case 14: +case 23: YY_RULE_SETUP -#line 118 "settings/settings_lexer.l" +#line 150 "settings/settings_lexer.l" { yylval->s = strdup(yytext); return NAME; @@ -1241,18 +1336,18 @@ YY_RULE_SETUP YY_BREAK -case 15: +case 24: YY_RULE_SETUP -#line 125 "settings/settings_lexer.l" +#line 157 "settings/settings_lexer.l" /* just ignore these */ YY_BREAK /* we allow all characters except #, } and spaces, they can be escaped */ case YY_STATE_EOF(inc): -#line 127 "settings/settings_lexer.l" -case 16: -/* rule 16 can match eol */ +#line 159 "settings/settings_lexer.l" +case 25: +/* rule 25 can match eol */ YY_RULE_SETUP -#line 128 "settings/settings_lexer.l" +#line 160 "settings/settings_lexer.l" { if (*yytext) { @@ -1274,49 +1369,49 @@ YY_RULE_SETUP yy_pop_state(yyscanner); } YY_BREAK -case 17: +case 26: YY_RULE_SETUP -#line 148 "settings/settings_lexer.l" +#line 180 "settings/settings_lexer.l" { /* string include */ yy_push_state(str, yyscanner); } YY_BREAK -case 18: +case 27: YY_RULE_SETUP -#line 151 "settings/settings_lexer.l" +#line 183 "settings/settings_lexer.l" { yyextra->string_add(yyextra, yytext); } YY_BREAK -case 19: +case 28: YY_RULE_SETUP -#line 154 "settings/settings_lexer.l" +#line 186 "settings/settings_lexer.l" { yyextra->string_add(yyextra, yytext+1); } YY_BREAK -case 20: +case 29: YY_RULE_SETUP -#line 157 "settings/settings_lexer.l" +#line 189 "settings/settings_lexer.l" { yyextra->string_add(yyextra, yytext); } YY_BREAK -case 21: +case 30: YY_RULE_SETUP -#line 163 "settings/settings_lexer.l" +#line 195 "settings/settings_lexer.l" /* just ignore these */ YY_BREAK -case 22: -#line 165 "settings/settings_lexer.l" +case 31: +#line 197 "settings/settings_lexer.l" YY_RULE_SETUP case YY_STATE_EOF(str): -#line 165 "settings/settings_lexer.l" -case 23: +#line 197 "settings/settings_lexer.l" +case 32: YY_RULE_SETUP -#line 166 "settings/settings_lexer.l" +#line 198 "settings/settings_lexer.l" { if (!streq(yytext, "\"")) { @@ -1337,43 +1432,44 @@ YY_RULE_SETUP } } YY_BREAK -case 24: +case 33: YY_RULE_SETUP -#line 186 "settings/settings_lexer.l" +#line 218 "settings/settings_lexer.l" yyextra->string_add(yyextra, "\n"); YY_BREAK -case 25: +case 34: YY_RULE_SETUP -#line 187 "settings/settings_lexer.l" +#line 219 "settings/settings_lexer.l" yyextra->string_add(yyextra, "\r"); YY_BREAK -case 26: +case 35: YY_RULE_SETUP -#line 188 "settings/settings_lexer.l" +#line 220 "settings/settings_lexer.l" yyextra->string_add(yyextra, "\t"); YY_BREAK -case 27: -/* rule 27 can match eol */ +case 36: +/* rule 36 can match eol */ YY_RULE_SETUP -#line 189 "settings/settings_lexer.l" +#line 221 "settings/settings_lexer.l" /* merge lines that end with escaped EOL characters */ YY_BREAK -case 28: +case 37: YY_RULE_SETUP -#line 190 "settings/settings_lexer.l" +#line 222 "settings/settings_lexer.l" yyextra->string_add(yyextra, yytext+1); YY_BREAK -case 29: -/* rule 29 can match eol */ +case 38: +/* rule 38 can match eol */ YY_RULE_SETUP -#line 191 "settings/settings_lexer.l" +#line 223 "settings/settings_lexer.l" { yyextra->string_add(yyextra, yytext); } YY_BREAK case YY_STATE_EOF(INITIAL): -#line 196 "settings/settings_lexer.l" +case YY_STATE_EOF(ref): +#line 228 "settings/settings_lexer.l" { settings_parser_pop_buffer_state(yyscanner); if (!settings_parser_open_next_file(yyextra) && !YY_CURRENT_BUFFER) @@ -1382,12 +1478,12 @@ case YY_STATE_EOF(INITIAL): } } YY_BREAK -case 30: +case 39: YY_RULE_SETUP -#line 204 "settings/settings_lexer.l" +#line 236 "settings/settings_lexer.l" YY_FATAL_ERROR( "flex scanner jammed" ); YY_BREAK -#line 1391 "settings/settings_lexer.c" +#line 1487 "settings/settings_lexer.c" case YY_END_OF_BUFFER: { @@ -1705,7 +1801,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 63 ) + if ( yy_current_state >= 85 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; @@ -1739,11 +1835,11 @@ static int yy_get_next_buffer (yyscan_t yyscanner) while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) { yy_current_state = (int) yy_def[yy_current_state]; - if ( yy_current_state >= 63 ) + if ( yy_current_state >= 85 ) yy_c = yy_meta[(unsigned int) yy_c]; } yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; - yy_is_jam = (yy_current_state == 62); + yy_is_jam = (yy_current_state == 84); (void)yyg; return yy_is_jam ? 0 : yy_current_state; @@ -2778,7 +2874,7 @@ void settings_parser_free (void * ptr , yyscan_t yyscanner) /* %ok-for-header */ -#line 204 "settings/settings_lexer.l" +#line 236 "settings/settings_lexer.l" diff --git a/src/libstrongswan/settings/settings_lexer.l b/src/libstrongswan/settings/settings_lexer.l index fa1ecac10..19ab8d7b2 100644 --- a/src/libstrongswan/settings/settings_lexer.l +++ b/src/libstrongswan/settings/settings_lexer.l @@ -1,6 +1,6 @@ %{ /* - * Copyright (C) 2014 Tobias Brunner + * Copyright (C) 2014-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -29,7 +29,7 @@ static void include_files(parser_helper_t *ctx); /* use start conditions stack */ %option stack -/* do not declare unneded functions */ +/* do not declare unneeded functions */ %option noinput noyywrap /* don't use global variables, and interact properly with bison */ @@ -49,6 +49,8 @@ static void include_files(parser_helper_t *ctx); /* type of our extra data */ %option extra-type="parser_helper_t*" +/* state used to scan references */ +%x ref /* state used to scan values */ %x val /* state used to scan include file patterns */ @@ -56,15 +58,26 @@ static void include_files(parser_helper_t *ctx); /* state used to scan quoted strings */ %x str +/* pattern for section/key names */ +NAME [^#{}:.,="\r\n\t ] + %% [\t ]*#[^\r\n]* /* eat comments */ [\t\r ]+ /* eat whitespace */ -\n|#.*\n return NEWLINE; /* also eats comments at the end of a line */ +\n|#.*\n /* eat newlines and comments at the end of a line */ "{" | "}" return yytext[0]; +"." return DOT; +"," return COMMA; + +":" { + yy_push_state(ref, yyscanner); + return COLON; +} + "=" { yy_push_state(val, yyscanner); return yytext[0]; @@ -80,16 +93,34 @@ static void include_files(parser_helper_t *ctx); return STRING_ERROR; } -[^#{}="\r\n\t ]+ { +{NAME}+ { yylval->s = strdup(yytext); return NAME; } +<ref>{ + [\t ]*#[^\r\n]* /* eat comments */ + [\t\r ]+ /* eat whitespace */ + \n|#.*\n /* eat newlines and comments at the end of a line */ + + "," return COMMA; + + {NAME}+(\.{NAME}+)* { + yylval->s = strdup(yytext); + return NAME; + } + + . { + unput(yytext[0]); + yy_pop_state(yyscanner); + } +} + <val>{ \r /* just ignore these */ [\t ]+ <<EOF>> | - [#}\n] { + [#}\n] { if (*yytext) { switch (yytext[0]) @@ -107,15 +138,16 @@ static void include_files(parser_helper_t *ctx); } } yy_pop_state(yyscanner); + return NEWLINE; } - "\"" { + "\"" { yyextra->string_init(yyextra); yy_push_state(str, yyscanner); } /* same as above, but allow more characters */ - [^#}"\r\n\t ]+ { + [^#}"\r\n\t ]+ { yylval->s = strdup(yytext); return NAME; } diff --git a/src/libstrongswan/settings/settings_parser.c b/src/libstrongswan/settings/settings_parser.c index 3d1a2ba27..ad3d5288c 100644 --- a/src/libstrongswan/settings/settings_parser.c +++ b/src/libstrongswan/settings/settings_parser.c @@ -71,7 +71,7 @@ #line 1 "settings/settings_parser.y" /* yacc.c:339 */ /* - * Copyright (C) 2014 Tobias Brunner + * Copyright (C) 2014-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -120,6 +120,7 @@ static section_t *push_section(parser_helper_t *ctx, char *name); static section_t *pop_section(parser_helper_t *ctx); static void add_section(parser_helper_t *ctx, section_t *section); static void add_setting(parser_helper_t *ctx, kv_t *kv); +static void add_references(parser_helper_t *ctx, array_t *references); /** * Make sure to call lexer with the proper context @@ -131,7 +132,7 @@ static int yylex(YYSTYPE *lvalp, parser_helper_t *ctx) } -#line 135 "settings/settings_parser.c" /* yacc.c:339 */ +#line 136 "settings/settings_parser.c" /* yacc.c:339 */ # ifndef YY_NULLPTR # if defined __cplusplus && 201103L <= __cplusplus @@ -168,28 +169,35 @@ extern int settings_parser_debug; { NAME = 258, STRING = 259, - NEWLINE = 260, - STRING_ERROR = 261 + DOT = 260, + COMMA = 261, + COLON = 262, + NEWLINE = 263, + STRING_ERROR = 264 }; #endif /* Tokens. */ #define NAME 258 #define STRING 259 -#define NEWLINE 260 -#define STRING_ERROR 261 +#define DOT 260 +#define COMMA 261 +#define COLON 262 +#define NEWLINE 263 +#define STRING_ERROR 264 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED union YYSTYPE { -#line 77 "settings/settings_parser.y" /* yacc.c:355 */ +#line 78 "settings/settings_parser.y" /* yacc.c:355 */ char *s; struct section_t *sec; struct kv_t *kv; + array_t *refs; -#line 193 "settings/settings_parser.c" /* yacc.c:355 */ +#line 201 "settings/settings_parser.c" /* yacc.c:355 */ }; typedef union YYSTYPE YYSTYPE; @@ -205,7 +213,7 @@ int settings_parser_parse (parser_helper_t *ctx); /* Copy the second part of user declarations. */ -#line 209 "settings/settings_parser.c" /* yacc.c:358 */ +#line 217 "settings/settings_parser.c" /* yacc.c:358 */ #ifdef short # undef short @@ -447,21 +455,21 @@ union yyalloc /* YYFINAL -- State number of the termination state. */ #define YYFINAL 2 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 13 +#define YYLAST 19 /* YYNTOKENS -- Number of terminals. */ -#define YYNTOKENS 10 +#define YYNTOKENS 13 /* YYNNTS -- Number of nonterminals. */ -#define YYNNTS 8 +#define YYNNTS 9 /* YYNRULES -- Number of rules. */ -#define YYNRULES 15 +#define YYNRULES 17 /* YYNSTATES -- Number of states. */ -#define YYNSTATES 20 +#define YYNSTATES 24 /* YYTRANSLATE[YYX] -- Symbol number corresponding to YYX as returned by yylex, with out-of-bounds checking. */ #define YYUNDEFTOK 2 -#define YYMAXUTOK 261 +#define YYMAXUTOK 264 #define YYTRANSLATE(YYX) \ ((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK) @@ -476,13 +484,13 @@ static const yytype_uint8 yytranslate[] = 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 9, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 12, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 8, 2, 7, 2, 2, 2, 2, + 2, 2, 2, 11, 2, 10, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, @@ -496,15 +504,15 @@ static const yytype_uint8 yytranslate[] = 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 2, 3, 4, - 5, 6 + 5, 6, 7, 8, 9 }; #if YYDEBUG /* YYRLINE[YYN] -- Source line where rule number YYN was defined. */ static const yytype_uint8 yyrline[] = { - 0, 105, 105, 107, 108, 112, 116, 123, 131, 136, - 143, 148, 155, 156, 170, 171 + 0, 112, 112, 114, 115, 119, 123, 130, 138, 143, + 152, 157, 165, 170, 177, 178, 192, 193 }; #endif @@ -513,9 +521,10 @@ static const yytype_uint8 yyrline[] = First, the terminals, then, starting at YYNTOKENS, nonterminals. */ static const char *const yytname[] = { - "$end", "error", "$undefined", "NAME", "STRING", "NEWLINE", - "STRING_ERROR", "'}'", "'{'", "'='", "$accept", "statements", - "statement", "section", "section_start", "setting", "value", "valuepart", YY_NULLPTR + "$end", "error", "$undefined", "NAME", "STRING", "\".\"", "\",\"", + "\":\"", "NEWLINE", "STRING_ERROR", "'}'", "'{'", "'='", "$accept", + "statements", "statement", "section", "section_start", "references", + "setting", "value", "valuepart", YY_NULLPTR }; #endif @@ -524,14 +533,15 @@ static const char *const yytname[] = (internal) symbol number NUM (which must be that of a token). */ static const yytype_uint16 yytoknum[] = { - 0, 256, 257, 258, 259, 260, 261, 125, 123, 61 + 0, 256, 257, 258, 259, 260, 261, 262, 263, 264, + 125, 123, 61 }; # endif -#define YYPACT_NINF -11 +#define YYPACT_NINF -7 #define yypact_value_is_default(Yystate) \ - (!!((Yystate) == (-11))) + (!!((Yystate) == (-7))) #define YYTABLE_NINF -1 @@ -542,8 +552,9 @@ static const yytype_uint16 yytoknum[] = STATE-NUM. */ static const yytype_int8 yypact[] = { - -11, 0, -11, -1, -11, -11, -11, -11, -11, 2, - -11, -2, 6, -11, -11, -11, -2, -11, -11, -11 + -7, 0, -7, -6, -7, -7, -7, -7, -7, 1, + -7, 8, -1, -7, 4, -7, -7, 8, -7, -7, + 10, -7, -7, -7 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. @@ -552,19 +563,20 @@ static const yytype_int8 yypact[] = static const yytype_uint8 yydefact[] = { 2, 0, 1, 0, 3, 4, 5, 2, 6, 0, - 8, 11, 0, 9, 14, 15, 10, 12, 7, 13 + 8, 13, 0, 10, 0, 16, 17, 12, 14, 7, + 0, 9, 15, 11 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int8 yypgoto[] = { - -11, 5, -11, -11, -11, -11, -11, -10 + -7, 7, -7, -7, -7, -7, -7, -7, 2 }; /* YYDEFGOTO[NTERM-NUM]. */ static const yytype_int8 yydefgoto[] = { - -1, 1, 5, 6, 7, 8, 16, 17 + -1, 1, 5, 6, 7, 14, 8, 17, 18 }; /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If @@ -572,36 +584,37 @@ static const yytype_int8 yydefgoto[] = number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_uint8 yytable[] = { - 2, 14, 15, 3, 9, 4, 19, 10, 11, 3, - 13, 4, 12, 18 + 2, 9, 3, 3, 13, 10, 11, 4, 4, 19, + 20, 15, 16, 23, 12, 21, 0, 0, 0, 22 }; -static const yytype_uint8 yycheck[] = +static const yytype_int8 yycheck[] = { - 0, 3, 4, 3, 5, 5, 16, 8, 9, 3, - 8, 5, 7, 7 + 0, 7, 3, 3, 3, 11, 12, 8, 8, 10, + 6, 3, 4, 3, 7, 11, -1, -1, -1, 17 }; /* YYSTOS[STATE-NUM] -- The (internal number of the) accessing symbol of state STATE-NUM. */ static const yytype_uint8 yystos[] = { - 0, 11, 0, 3, 5, 12, 13, 14, 15, 5, - 8, 9, 11, 8, 3, 4, 16, 17, 7, 17 + 0, 14, 0, 3, 8, 15, 16, 17, 19, 7, + 11, 12, 14, 3, 18, 3, 4, 20, 21, 10, + 6, 11, 21, 3 }; /* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */ static const yytype_uint8 yyr1[] = { - 0, 10, 11, 11, 11, 12, 12, 13, 14, 14, - 15, 15, 16, 16, 17, 17 + 0, 13, 14, 14, 14, 15, 15, 16, 17, 17, + 18, 18, 19, 19, 20, 20, 21, 21 }; /* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */ static const yytype_uint8 yyr2[] = { - 0, 2, 0, 2, 2, 1, 1, 3, 2, 3, - 3, 2, 1, 2, 1, 1 + 0, 2, 0, 2, 2, 1, 1, 3, 2, 4, + 1, 3, 3, 2, 1, 2, 1, 1 }; @@ -1027,45 +1040,51 @@ yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, parser_helper_t *c switch (yytype) { case 3: /* NAME */ -#line 91 "settings/settings_parser.y" /* yacc.c:1257 */ +#line 97 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1033 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1046 "settings/settings_parser.c" /* yacc.c:1257 */ break; case 4: /* STRING */ -#line 91 "settings/settings_parser.y" /* yacc.c:1257 */ +#line 97 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1039 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1052 "settings/settings_parser.c" /* yacc.c:1257 */ break; - case 13: /* section */ -#line 93 "settings/settings_parser.y" /* yacc.c:1257 */ + case 16: /* section */ +#line 99 "settings/settings_parser.y" /* yacc.c:1257 */ { pop_section(ctx); settings_section_destroy(((*yyvaluep).sec), NULL); } -#line 1045 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1058 "settings/settings_parser.c" /* yacc.c:1257 */ break; - case 14: /* section_start */ -#line 93 "settings/settings_parser.y" /* yacc.c:1257 */ + case 17: /* section_start */ +#line 99 "settings/settings_parser.y" /* yacc.c:1257 */ { pop_section(ctx); settings_section_destroy(((*yyvaluep).sec), NULL); } -#line 1051 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1064 "settings/settings_parser.c" /* yacc.c:1257 */ break; - case 15: /* setting */ -#line 94 "settings/settings_parser.y" /* yacc.c:1257 */ + case 18: /* references */ +#line 101 "settings/settings_parser.y" /* yacc.c:1257 */ + { array_destroy_function(((*yyvaluep).refs), (void*)free, NULL); } +#line 1070 "settings/settings_parser.c" /* yacc.c:1257 */ + break; + + case 19: /* setting */ +#line 100 "settings/settings_parser.y" /* yacc.c:1257 */ { settings_kv_destroy(((*yyvaluep).kv), NULL); } -#line 1057 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1076 "settings/settings_parser.c" /* yacc.c:1257 */ break; - case 16: /* value */ -#line 91 "settings/settings_parser.y" /* yacc.c:1257 */ + case 20: /* value */ +#line 97 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1063 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1082 "settings/settings_parser.c" /* yacc.c:1257 */ break; - case 17: /* valuepart */ -#line 91 "settings/settings_parser.y" /* yacc.c:1257 */ + case 21: /* valuepart */ +#line 97 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1069 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1088 "settings/settings_parser.c" /* yacc.c:1257 */ break; @@ -1331,64 +1350,84 @@ yyreduce: switch (yyn) { case 5: -#line 113 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 120 "settings/settings_parser.y" /* yacc.c:1646 */ { add_section(ctx, (yyvsp[0].sec)); } -#line 1339 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1358 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 6: -#line 117 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 124 "settings/settings_parser.y" /* yacc.c:1646 */ { add_setting(ctx, (yyvsp[0].kv)); } -#line 1347 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1366 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 7: -#line 124 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 131 "settings/settings_parser.y" /* yacc.c:1646 */ { pop_section(ctx); (yyval.sec) = (yyvsp[-2].sec); } -#line 1356 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1375 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 8: -#line 132 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 139 "settings/settings_parser.y" /* yacc.c:1646 */ { (yyval.sec) = push_section(ctx, (yyvsp[-1].s)); } -#line 1364 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1383 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 9: -#line 137 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 144 "settings/settings_parser.y" /* yacc.c:1646 */ { - (yyval.sec) = push_section(ctx, (yyvsp[-2].s)); + (yyval.sec) = push_section(ctx, (yyvsp[-3].s)); + add_references(ctx, (yyvsp[-1].refs)); + array_destroy((yyvsp[-1].refs)); } -#line 1372 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1393 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 10: -#line 144 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 153 "settings/settings_parser.y" /* yacc.c:1646 */ { - (yyval.kv) = settings_kv_create((yyvsp[-2].s), (yyvsp[0].s)); + (yyval.refs) = array_create(0, 0); + array_insert((yyval.refs), ARRAY_TAIL, (yyvsp[0].s)); } -#line 1380 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1402 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 11: -#line 149 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 158 "settings/settings_parser.y" /* yacc.c:1646 */ { - (yyval.kv) = settings_kv_create((yyvsp[-1].s), NULL); + array_insert((yyvsp[-2].refs), ARRAY_TAIL, (yyvsp[0].s)); + (yyval.refs) = (yyvsp[-2].refs); } -#line 1388 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1411 "settings/settings_parser.c" /* yacc.c:1646 */ + break; + + case 12: +#line 166 "settings/settings_parser.y" /* yacc.c:1646 */ + { + (yyval.kv) = settings_kv_create((yyvsp[-2].s), (yyvsp[0].s)); + } +#line 1419 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 13: -#line 157 "settings/settings_parser.y" /* yacc.c:1646 */ +#line 171 "settings/settings_parser.y" /* yacc.c:1646 */ + { + (yyval.kv) = settings_kv_create((yyvsp[-1].s), NULL); + } +#line 1427 "settings/settings_parser.c" /* yacc.c:1646 */ + break; + + case 15: +#line 179 "settings/settings_parser.y" /* yacc.c:1646 */ { /* just put a single space between them, use strings for more */ if (asprintf(&(yyval.s), "%s %s", (yyvsp[-1].s), (yyvsp[0].s)) < 0) { @@ -1399,11 +1438,11 @@ yyreduce: free((yyvsp[-1].s)); free((yyvsp[0].s)); } -#line 1403 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1442 "settings/settings_parser.c" /* yacc.c:1646 */ break; -#line 1407 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1446 "settings/settings_parser.c" /* yacc.c:1646 */ default: break; } /* User semantic actions sometimes alter yychar, and that requires @@ -1631,7 +1670,7 @@ yyreturn: #endif return yyresult; } -#line 174 "settings/settings_parser.y" /* yacc.c:1906 */ +#line 196 "settings/settings_parser.y" /* yacc.c:1906 */ /** @@ -1700,6 +1739,27 @@ static void add_setting(parser_helper_t *ctx, kv_t *kv) } /** + * Adds the given references to the section on top of the stack + */ +static void add_references(parser_helper_t *ctx, array_t *references) +{ + array_t *sections = (array_t*)ctx->context; + section_t *section; + enumerator_t *refs; + char *ref; + + array_get(sections, ARRAY_TAIL, §ion); + + refs = array_create_enumerator(references); + while (refs->enumerate(refs, &ref)) + { + settings_reference_add(section, ref, FALSE); + array_remove_at(references, refs); + } + refs->destroy(refs); +} + +/** * Parse the given file and add all sections and key/value pairs to the * given section. */ diff --git a/src/libstrongswan/settings/settings_parser.h b/src/libstrongswan/settings/settings_parser.h index b41e0d56f..7c2a82841 100644 --- a/src/libstrongswan/settings/settings_parser.h +++ b/src/libstrongswan/settings/settings_parser.h @@ -47,28 +47,35 @@ extern int settings_parser_debug; { NAME = 258, STRING = 259, - NEWLINE = 260, - STRING_ERROR = 261 + DOT = 260, + COMMA = 261, + COLON = 262, + NEWLINE = 263, + STRING_ERROR = 264 }; #endif /* Tokens. */ #define NAME 258 #define STRING 259 -#define NEWLINE 260 -#define STRING_ERROR 261 +#define DOT 260 +#define COMMA 261 +#define COLON 262 +#define NEWLINE 263 +#define STRING_ERROR 264 /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED union YYSTYPE { -#line 77 "settings/settings_parser.y" /* yacc.c:1909 */ +#line 78 "settings/settings_parser.y" /* yacc.c:1909 */ char *s; struct section_t *sec; struct kv_t *kv; + array_t *refs; -#line 72 "settings/settings_parser.h" /* yacc.c:1909 */ +#line 79 "settings/settings_parser.h" /* yacc.c:1909 */ }; typedef union YYSTYPE YYSTYPE; diff --git a/src/libstrongswan/settings/settings_parser.y b/src/libstrongswan/settings/settings_parser.y index 2ab9ea723..cc1c91775 100644 --- a/src/libstrongswan/settings/settings_parser.y +++ b/src/libstrongswan/settings/settings_parser.y @@ -1,6 +1,6 @@ %{ /* - * Copyright (C) 2014 Tobias Brunner + * Copyright (C) 2014-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -49,6 +49,7 @@ static section_t *push_section(parser_helper_t *ctx, char *name); static section_t *pop_section(parser_helper_t *ctx); static void add_section(parser_helper_t *ctx, section_t *section); static void add_setting(parser_helper_t *ctx, kv_t *kv); +static void add_references(parser_helper_t *ctx, array_t *references); /** * Make sure to call lexer with the proper context @@ -78,20 +79,26 @@ static int yylex(YYSTYPE *lvalp, parser_helper_t *ctx) char *s; struct section_t *sec; struct kv_t *kv; + array_t *refs; } %token <s> NAME STRING +%token DOT "." +%token COMMA "," +%token COLON ":" %token NEWLINE STRING_ERROR /* ...and other symbols */ %type <s> value valuepart %type <sec> section_start section %type <kv> setting +%type <refs> references /* properly destroy string tokens that are strdup()ed on error */ %destructor { free($$); } NAME STRING value valuepart /* properly destroy parse results on error */ %destructor { pop_section(ctx); settings_section_destroy($$, NULL); } section_start section %destructor { settings_kv_destroy($$, NULL); } setting +%destructor { array_destroy_function($$, (void*)free, NULL); } references /* there are two shift/reduce conflicts because of the "NAME = NAME" and * "NAME {" ambiguity, and the "NAME =" rule) */ @@ -133,9 +140,24 @@ section_start: $$ = push_section(ctx, $NAME); } | - NAME NEWLINE '{' + NAME ":" references '{' { $$ = push_section(ctx, $NAME); + add_references(ctx, $references); + array_destroy($references); + } + ; + +references: + NAME + { + $$ = array_create(0, 0); + array_insert($$, ARRAY_TAIL, $1); + } + | references "," NAME + { + array_insert($1, ARRAY_TAIL, $3); + $$ = $1; } ; @@ -239,6 +261,27 @@ static void add_setting(parser_helper_t *ctx, kv_t *kv) } /** + * Adds the given references to the section on top of the stack + */ +static void add_references(parser_helper_t *ctx, array_t *references) +{ + array_t *sections = (array_t*)ctx->context; + section_t *section; + enumerator_t *refs; + char *ref; + + array_get(sections, ARRAY_TAIL, §ion); + + refs = array_create_enumerator(references); + while (refs->enumerate(refs, &ref)) + { + settings_reference_add(section, ref, FALSE); + array_remove_at(references, refs); + } + refs->destroy(refs); +} + +/** * Parse the given file and add all sections and key/value pairs to the * given section. */ diff --git a/src/libstrongswan/settings/settings_types.c b/src/libstrongswan/settings/settings_types.c index 1c2d61de7..625b70409 100644 --- a/src/libstrongswan/settings/settings_types.c +++ b/src/libstrongswan/settings/settings_types.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2014 Tobias Brunner + * Copyright (C) 2010-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -69,6 +69,12 @@ static void kv_destroy(kv_t *kv, int idx, array_t *contents) settings_kv_destroy(kv, contents); } +static void ref_destroy(section_ref_t *ref, int idx, void *ctx) +{ + free(ref->name); + free(ref); +} + /* * Described in header */ @@ -78,7 +84,7 @@ void settings_section_destroy(section_t *this, array_t *contents) array_destroy(this->sections_order); array_destroy_function(this->kv, (void*)kv_destroy, contents); array_destroy(this->kv_order); - array_destroy(this->fallbacks); + array_destroy_function(this->references, (void*)ref_destroy, NULL); free(this->name); free(this); } @@ -130,6 +136,35 @@ void settings_kv_add(section_t *section, kv_t *kv, array_t *contents) } /* + * Described in header + */ +void settings_reference_add(section_t *section, char *name, bool permanent) +{ + section_ref_t *ref; + int i; + + for (i = 0; i < array_count(section->references); i++) + { + array_get(section->references, i, &ref); + if (ref->permanent && !permanent) + { /* add it before any permanent references */ + break; + } + if (ref->permanent == permanent && streq(name, ref->name)) + { + free(name); + return; + } + } + + INIT(ref, + .name = name, + .permanent = permanent, + ); + array_insert_create(§ion->references, i, ref); +} + +/* * Add a section to the given parent, optionally remove settings/subsections * not found when extending an existing section */ @@ -167,14 +202,28 @@ void settings_section_add(section_t *parent, section_t *section, static bool section_purge(section_t *this, array_t *contents) { section_t *current; + section_ref_t *ref; int i, idx; array_destroy_function(this->kv, (void*)kv_destroy, contents); this->kv = NULL; array_destroy(this->kv_order); this->kv_order = NULL; - /* we ensure sections used as fallback, or configured with fallbacks (or - * having any such subsections) are not removed */ + /* remove non-permanent references */ + for (i = array_count(this->references) - 1; i >= 0; i--) + { + array_get(this->references, i, &ref); + if (!ref->permanent) + { + array_remove(this->references, i, NULL); + ref_destroy(ref, 0, NULL); + } + } + if (!array_count(this->references)) + { + array_destroy(this->references); + this->references = NULL; + } for (i = array_count(this->sections_order) - 1; i >= 0; i--) { array_get(this->sections_order, i, ¤t); @@ -187,7 +236,9 @@ static bool section_purge(section_t *this, array_t *contents) settings_section_destroy(current, contents); } } - return !this->fallbacks && !array_count(this->sections); + /* we ensure sections configured with permanent references (or having any + * such subsections) are not removed */ + return !this->references && !array_count(this->sections); } /* @@ -198,14 +249,15 @@ void settings_section_extend(section_t *base, section_t *extension, { enumerator_t *enumerator; section_t *section; + section_ref_t *ref; kv_t *kv; array_t *sections = NULL, *kvs = NULL; int idx; if (purge) - { /* remove sections and settings in base not found in extension, the - * others are removed too (from the _order list) so they can be inserted - * in the order found in extension */ + { /* remove sections, settings in base not found in extension, the others + * are removed too (from the _order list) so they can be inserted in the + * order found in extension, non-permanent references are removed */ enumerator = array_create_enumerator(base->sections_order); while (enumerator->enumerate(enumerator, (void**)§ion)) { @@ -245,6 +297,18 @@ void settings_section_extend(section_t *base, section_t *extension, array_sort(kvs, settings_kv_sort, NULL); } } + + enumerator = array_create_enumerator(base->references); + while (enumerator->enumerate(enumerator, (void**)&ref)) + { + if (ref->permanent) + { /* permanent references are ignored */ + continue; + } + array_remove_at(base->references, enumerator); + ref_destroy(ref, 0, NULL); + } + enumerator->destroy(enumerator); } while (array_remove(extension->sections_order, 0, §ion)) @@ -278,6 +342,16 @@ void settings_section_extend(section_t *base, section_t *extension, array_remove(extension->kv, idx, NULL); settings_kv_add(base, kv, contents); } + + while (array_remove(extension->references, 0, &ref)) + { + if (ref->permanent) + { /* ignore permanent references in the extension */ + continue; + } + settings_reference_add(base, strdup(ref->name), FALSE); + ref_destroy(ref, 0, NULL); + } array_destroy(sections); array_destroy(kvs); } diff --git a/src/libstrongswan/settings/settings_types.h b/src/libstrongswan/settings/settings_types.h index 82bcb230a..8163a0134 100644 --- a/src/libstrongswan/settings/settings_types.h +++ b/src/libstrongswan/settings/settings_types.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2014 Tobias Brunner + * Copyright (C) 2010-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -24,6 +24,7 @@ #define SETTINGS_TYPES_H_ typedef struct kv_t kv_t; +typedef struct section_ref_t section_ref_t; typedef struct section_t section_t; #include "collections/array.h" @@ -45,6 +46,23 @@ struct kv_t { }; /** + * Section reference. + */ +struct section_ref_t { + + /** + * Name of the referenced section. + */ + char *name; + + /** + * TRUE for permanent references that were added programmatically via + * add_fallback() and are not removed during reloads/purges. + */ + bool permanent; +}; + +/** * Section containing subsections and key value pairs. */ struct section_t { @@ -55,9 +73,9 @@ struct section_t { char *name; /** - * Fallback sections, as section_t. + * Referenced sections, as section_ref_t. */ - array_t *fallbacks; + array_t *references; /** * Subsections, as section_t. @@ -116,6 +134,15 @@ void settings_kv_set(kv_t *kv, char *value, array_t *contents); void settings_kv_add(section_t *section, kv_t *kv, array_t *contents); /** + * Add a reference to another section. + * + * @param section section to which to add the reference + * @param name name of the referenced section (adopted) + * @param permanent whether the reference is not removed during reloads + */ +void settings_reference_add(section_t *section, char *name, bool permanent); + +/** * Create a section with the given name. * * @param name name (gets adopted) diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in index 20cb27cf3..82bb640a8 100644 --- a/src/libstrongswan/tests/Makefile.in +++ b/src/libstrongswan/tests/Makefile.in @@ -354,7 +354,6 @@ PYTHON_VERSION = @PYTHON_VERSION@ PY_TEST = @PY_TEST@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ -RUBY = @RUBY@ RUBYGEMDIR = @RUBYGEMDIR@ SED = @SED@ SET_MAKE = @SET_MAKE@ @@ -380,6 +379,8 @@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ bindir = @bindir@ +botan_CFLAGS = @botan_CFLAGS@ +botan_LIBS = @botan_LIBS@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ @@ -400,8 +401,6 @@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ fips_mode = @fips_mode@ fuzz_plugins = @fuzz_plugins@ -gtk_CFLAGS = @gtk_CFLAGS@ -gtk_LIBS = @gtk_LIBS@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ @@ -456,8 +455,6 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ -ruby_CFLAGS = @ruby_CFLAGS@ -ruby_LIBS = @ruby_LIBS@ runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ @@ -486,8 +483,12 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ tss2_CFLAGS = @tss2_CFLAGS@ tss2_LIBS = @tss2_LIBS@ +tss2_esys_CFLAGS = @tss2_esys_CFLAGS@ +tss2_esys_LIBS = @tss2_esys_LIBS@ tss2_socket_CFLAGS = @tss2_socket_CFLAGS@ tss2_socket_LIBS = @tss2_socket_LIBS@ +tss2_sys_CFLAGS = @tss2_sys_CFLAGS@ +tss2_sys_LIBS = @tss2_sys_LIBS@ tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@ tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@ urandom_device = @urandom_device@ diff --git a/src/libstrongswan/tests/suites/test_identification.c b/src/libstrongswan/tests/suites/test_identification.c index c0a21fe34..4b2202431 100644 --- a/src/libstrongswan/tests/suites/test_identification.c +++ b/src/libstrongswan/tests/suites/test_identification.c @@ -234,6 +234,12 @@ static struct { .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }}, { "email:tester", ID_RFC822_ADDR, { .type = ENC_STRING, .data.s = "tester" }}, + {"xmppaddr:bob@strongswan.org", ID_DER_ASN1_GN, { .type = ENC_CHUNK, + .data.c = chunk_from_chars(0xa0,0x20,0x06,0x08,0x2b,0x06,0x01,0x05, + 0x05,0x07,0x08,0x05,0xa0,0x14,0x0c,0x12, + 0x62,0x6f,0x62,0x40,0x73,0x74,0x72,0x6f, + 0x6e,0x67,0x73,0x77,0x61,0x6e,0x2e,0x6f, + 0x72,0x67) }}, { "{1}:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK, .data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }}, { "{0x02}:tester", ID_FQDN, { .type = ENC_STRING, diff --git a/src/libstrongswan/tests/suites/test_linked_list_enumerator.c b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c index 19f381ef3..30b7b5c11 100644 --- a/src/libstrongswan/tests/suites/test_linked_list_enumerator.c +++ b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c @@ -144,11 +144,12 @@ START_TEST(test_insert_before_ends) int round; enumerator = list->create_enumerator(list); + /* this does not change the enumerator position, which points to 1 */ list->insert_before(list, enumerator, (void*)0); ck_assert_int_eq(list->get_count(list), 6); ck_assert(list->get_first(list, (void*)&x) == SUCCESS); ck_assert_int_eq(x, 0); - round = 0; + round = 1; while (enumerator->enumerate(enumerator, &x)) { ck_assert_int_eq(round, x); @@ -177,8 +178,13 @@ START_TEST(test_insert_before_empty) ck_assert_int_eq(x, 1); ck_assert(list->get_last(list, (void*)&x) == SUCCESS); ck_assert_int_eq(x, 1); - ck_assert(enumerator->enumerate(enumerator, &x)); + ck_assert(!enumerator->enumerate(enumerator, &x)); + list->insert_before(list, enumerator, (void*)2); + ck_assert_int_eq(list->get_count(list), 2); + ck_assert(list->get_first(list, (void*)&x) == SUCCESS); ck_assert_int_eq(x, 1); + ck_assert(list->get_last(list, (void*)&x) == SUCCESS); + ck_assert_int_eq(x, 2); ck_assert(!enumerator->enumerate(enumerator, NULL)); enumerator->destroy(enumerator); } @@ -221,6 +227,43 @@ START_TEST(test_remove_at) } END_TEST +START_TEST(test_remove_at_multi) +{ + enumerator_t *enumerator; + intptr_t x; + int round; + + round = 1; + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &x)) + { + ck_assert_int_eq(round, x); + if (round == 2 || round == 5) + { + list->remove_at(list, enumerator); + } + round++; + } + ck_assert_int_eq(list->get_count(list), 3); + list->reset_enumerator(list, enumerator); + round = 1; + while (enumerator->enumerate(enumerator, &x)) + { + if (round == 2) + { /* skip removed item */ + round++; + } + ck_assert_int_eq(round, x); + list->remove_at(list, enumerator); + round++; + } + ck_assert_int_eq(list->get_count(list), 0); + list->reset_enumerator(list, enumerator); + ck_assert(!enumerator->enumerate(enumerator, &x)); + enumerator->destroy(enumerator); +} +END_TEST + START_TEST(test_remove_at_ends) { enumerator_t *enumerator; @@ -228,14 +271,14 @@ START_TEST(test_remove_at_ends) enumerator = list->create_enumerator(list); list->remove_at(list, enumerator); - ck_assert_int_eq(list->get_count(list), 5); + ck_assert_int_eq(list->get_count(list), 4); ck_assert(list->get_first(list, (void*)&x) == SUCCESS); - ck_assert_int_eq(x, 1); + ck_assert_int_eq(x, 2); while (enumerator->enumerate(enumerator, &x)) { } list->remove_at(list, enumerator); - ck_assert_int_eq(list->get_count(list), 5); + ck_assert_int_eq(list->get_count(list), 4); ck_assert(list->get_last(list, (void*)&x) == SUCCESS); ck_assert_int_eq(x, 5); enumerator->destroy(enumerator); @@ -254,14 +297,12 @@ START_TEST(test_insert_before_remove_at) { ck_assert_int_eq(round, x); if (round == 2) - { /* this replaces the current item, as insert_before does not change - * the enumerator position */ + { /* this replaces the current item */ list->insert_before(list, enumerator, (void*)42); list->remove_at(list, enumerator); } else if (round == 4) - { /* this does not replace the item, as remove_at moves the enumerator - * position to the previous item */ + { /* same here, the order of calls does not matter */ list->remove_at(list, enumerator); list->insert_before(list, enumerator, (void*)21); } @@ -276,13 +317,9 @@ START_TEST(test_insert_before_remove_at) { /* check replaced item */ ck_assert_int_eq(42, x); } - else if (round == 3) - { /* check misplaced item */ - ck_assert_int_eq(21, x); - } else if (round == 4) - { /* check misplaced item */ - ck_assert_int_eq(3, x); + { /* check replace item */ + ck_assert_int_eq(21, x); } else { @@ -348,6 +385,7 @@ Suite *linked_list_enumerator_suite_create() tc = tcase_create("modify"); tcase_add_checked_fixture(tc, setup_list, teardown_list); tcase_add_test(tc, test_remove_at); + tcase_add_test(tc, test_remove_at_multi); tcase_add_test(tc, test_remove_at_ends); tcase_add_test(tc, test_insert_before_remove_at); suite_add_tcase(s, tc); diff --git a/src/libstrongswan/tests/suites/test_printf.c b/src/libstrongswan/tests/suites/test_printf.c index 377f2a767..ac2b858bb 100644 --- a/src/libstrongswan/tests/suites/test_printf.c +++ b/src/libstrongswan/tests/suites/test_printf.c @@ -204,7 +204,7 @@ Suite *printf_suite_create() tcase_add_test(tc, test_printf_err); suite_add_tcase(s, tc); - tc = tcase_create("unsiged"); + tc = tcase_create("unsigned"); tcase_add_test(tc, test_printf_unsigned); suite_add_tcase(s, tc); diff --git a/src/libstrongswan/tests/suites/test_proposal.c b/src/libstrongswan/tests/suites/test_proposal.c index 938fa38aa..099cd19c7 100644 --- a/src/libstrongswan/tests/suites/test_proposal.c +++ b/src/libstrongswan/tests/suites/test_proposal.c @@ -102,7 +102,12 @@ static struct { { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" }, { PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" }, { PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" }, - { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" }, + { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256" }, + { PROTO_ESP, "aes128-sha256-esn", "aes128-sha256-esn", "aes128-sha256-esn" }, + { PROTO_ESP, "aes128-sha256-noesn", "aes128-sha256-esn", NULL }, + { PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256-esn", "aes128-sha256-esn" }, + { PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256", "aes128-sha256" }, + { PROTO_ESP, "aes128-sha256-esn-noesn", "aes128-sha256-noesn-esn", "aes128-sha256-esn" }, { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, { PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" }, { PROTO_IKE, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" }, @@ -159,6 +164,29 @@ START_TEST(test_select_spi) } END_TEST +START_TEST(test_matches) +{ + proposal_t *self, *other; + + self = proposal_create_from_string(select_data[_i].proto, + select_data[_i].self); + other = proposal_create_from_string(select_data[_i].proto, + select_data[_i].other); + if (select_data[_i].expected) + { + ck_assert(self->matches(self, other, FALSE)); + ck_assert(other->matches(other, self, FALSE)); + } + else + { + ck_assert(!self->matches(self, other, FALSE)); + ck_assert(!other->matches(other, self, FALSE)); + } + other->destroy(other); + self->destroy(self); +} +END_TEST + START_TEST(test_promote_dh_group) { proposal_t *proposal; @@ -312,6 +340,10 @@ Suite *proposal_suite_create() tcase_add_test(tc, test_select_spi); suite_add_tcase(s, tc); + tc = tcase_create("matches"); + tcase_add_loop_test(tc, test_matches, 0, countof(select_data)); + suite_add_tcase(s, tc); + tc = tcase_create("promote_dh_group"); tcase_add_test(tc, test_promote_dh_group); tcase_add_test(tc, test_promote_dh_group_already_front); diff --git a/src/libstrongswan/tests/suites/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c index 3f6353404..e6dc7744a 100644 --- a/src/libstrongswan/tests/suites/test_rsa.c +++ b/src/libstrongswan/tests/suites/test_rsa.c @@ -146,7 +146,7 @@ static void test_bad_sigs(public_key_t *pubkey) * RSA key sizes to test */ static int key_sizes[] = { - 768, 1024, 1536, 2048, 3072, 4096, + 1024, 1536, 2048, 3072, 4096, }; START_TEST(test_gen) diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c index 0759f7013..e0609605c 100644 --- a/src/libstrongswan/tests/suites/test_settings.c +++ b/src/libstrongswan/tests/suites/test_settings.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Tobias Brunner + * Copyright (C) 2014-2018 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -452,9 +452,10 @@ static void verify_sections(linked_list_t *verifier, char *parent) enumerator = settings->create_section_enumerator(settings, parent); ver = verifier->create_enumerator(verifier); - while (enumerator->enumerate(enumerator, §ion) && - ver->enumerate(ver, ¤t)) + while (enumerator->enumerate(enumerator, §ion)) { + ck_assert_msg(ver->enumerate(ver, ¤t), + "no more sections expected, found %s", section); ck_assert_str_eq(section, current); verifier->remove_at(verifier, ver); } @@ -498,10 +499,11 @@ static void verify_key_values(linked_list_t *keys, linked_list_t *values, enumerator = settings->create_key_value_enumerator(settings, parent); enum_keys = keys->create_enumerator(keys); enum_values = values->create_enumerator(values); - while (enumerator->enumerate(enumerator, &key, &value) && - enum_keys->enumerate(enum_keys, ¤t_key) && - enum_values->enumerate(enum_values, ¤t_value)) + while (enumerator->enumerate(enumerator, &key, &value)) { + ck_assert_msg(enum_keys->enumerate(enum_keys, ¤t_key), + "no more key/value expected, found %s = %s", key, value); + ck_assert(enum_values->enumerate(enum_values, ¤t_value)); ck_assert_str_eq(current_key, key); ck_assert_str_eq(current_value, value); keys->remove_at(keys, enum_keys); @@ -519,8 +521,8 @@ START_TEST(test_key_value_enumerator) { linked_list_t *keys, *values; - keys = linked_list_create_with_items("key1", "key2", "empty", "key3", NULL); - values = linked_list_create_with_items("val1", "with space", "", "string with\nnewline", NULL); + keys = linked_list_create_with_items("key1", "key2", "empty", "key3", "key4", "key5", NULL); + values = linked_list_create_with_items("val1", "with space", "", "string with\nnewline", "multi line\nstring", "escaped newline", NULL); verify_key_values(keys, values, "main"); keys = linked_list_create_with_items("key", "key2", "subsub", NULL); @@ -894,7 +896,6 @@ START_TEST(test_load_string) } END_TEST - START_TEST(test_load_string_section) { char *content = @@ -914,13 +915,6 @@ START_TEST(test_load_string_section) ck_assert(settings->load_string_section(settings, include_content2, TRUE, "main.sub1")); verify_include(); - /* invalid strings are a failure */ - ck_assert(!settings->load_string_section(settings, "conf {", TRUE, "")); - /* NULL or empty strings are OK though */ - ck_assert(settings->load_string_section(settings, "", TRUE, "")); - ck_assert(settings->load_string_section(settings, NULL, TRUE, "")); - verify_include(); - ck_assert(settings->load_string_section(settings, include_content2, FALSE, "main")); verify_null("main.key1"); verify_string("v2", "main.key2"); @@ -934,6 +928,56 @@ START_TEST(test_load_string_section) } END_TEST +START_TEST(test_load_string_section_null) +{ + linked_list_t *keys, *values; + + char *content = + "main {\n" + " key1 = val1\n" + " key2 = val2\n" + " none = x\n" + " sub1 {\n" + " include = value\n" + " key2 = value2\n" + " }\n" + "}"; + + settings = settings_create_string(content); + + ck_assert(settings->load_string_section(settings, include_content1, TRUE, "")); + ck_assert(settings->load_string_section(settings, include_content2, TRUE, "main.sub1")); + verify_include(); + + /* invalid strings are a failure */ + ck_assert(!settings->load_string_section(settings, "conf {", TRUE, "")); + /* NULL or empty strings are OK though when merging */ + ck_assert(settings->load_string_section(settings, "", TRUE, "")); + ck_assert(settings->load_string_section(settings, NULL, TRUE, "")); + verify_include(); + + /* they do purge the settings if merge is not TRUE */ + ck_assert(settings->load_string_section(settings, "", FALSE, "main")); + verify_null("main.key1"); + verify_null("main.sub1.key2"); + + keys = linked_list_create_with_items(NULL); + verify_sections(keys, "main"); + + keys = linked_list_create_with_items(NULL); + values = linked_list_create_with_items(NULL); + verify_key_values(keys, values, "main"); + + keys = linked_list_create_with_items("main", NULL); + verify_sections(keys, ""); + + ck_assert(settings->load_string_section(settings, NULL, FALSE, "")); + + keys = linked_list_create_with_items(NULL); + verify_sections(keys, ""); +} +END_TEST + START_SETUP(setup_fallback_config) { create_settings(chunk_from_str( @@ -1037,6 +1081,50 @@ START_TEST(test_add_fallback) } END_TEST +START_TEST(test_fallback_resolution) +{ + linked_list_t *keys, *values; + + settings->destroy(settings); + create_settings(chunk_from_str( + "base {\n" + " sub {\n" + " key1 = val1\n" + " key2 = val2\n" + " key5 = val5\n" + " subsub {\n" + " subkey1 = subval1\n" + " }\n" + " }\n" + "}\n" + "other {\n" + " sub {\n" + " key3 = val3\n" + " key4 = val4\n" + " }\n" + "}\n" + "main {\n" + " sub {\n" + " key4=\n" + " key5 = \n" + " }\n" + "}")); + + settings->add_fallback(settings, "other", "base"); + settings->add_fallback(settings, "main.sub", "other.sub"); + + verify_string("val1", "main.sub.key1"); + verify_string("val3", "main.sub.key3"); + verify_null("main.sub.key4"); + verify_null("main.sub.key5"); + verify_string("subval1", "main.sub.subsub.subkey1"); + + keys = linked_list_create_with_items("key3", "key1", "key2", NULL); + values = linked_list_create_with_items("val3", "val1", "val2", NULL); + verify_key_values(keys, values, "main.sub"); +} +END_TEST + START_TEST(test_add_fallback_printf) { settings->add_fallback(settings, "%s.sub1", "sub", "main"); @@ -1051,6 +1139,264 @@ START_TEST(test_add_fallback_printf) } END_TEST +START_TEST(test_references) +{ + linked_list_t *keys, *values; + + create_settings(chunk_from_str( + "main {\n" + " sub1 {\n" + " key1 = sub1val1\n" + " key2 = sub1val2\n" + " key4 = sub1val4\n" + " subsub {\n" + " subkey1 = sub1subsubval1\n" + " subkey2 = sub1subsubval2\n" + " }\n" + " subsub1 {\n" + " subkey1 = sub1subsub1val1\n" + " }\n" + " }\n" + " sub2 : main.sub1 {\n" + " key2 = sub2val2\n" + " key3 = sub2val3\n" + " key4 =\n" + " subsub {\n" + " subkey1 = sub2subsubval1\n" + " subkey3 = sub2subsubval3\n" + " }\n" + " }\n" + "}")); + + verify_string("sub1val1", "main.sub2.key1"); + verify_string("sub2val2", "main.sub2.key2"); + verify_string("sub2val3", "main.sub2.key3"); + verify_null("main.sub2.key4"); + verify_string("sub2subsubval1", "main.sub2.subsub.subkey1"); + verify_string("sub1subsubval2", "main.sub2.subsub.subkey2"); + verify_string("sub2subsubval3", "main.sub2.subsub.subkey3"); + verify_string("sub1subsub1val1", "main.sub2.subsub1.subkey1"); + + keys = linked_list_create_with_items("subsub", "subsub1", NULL); + verify_sections(keys, "main.sub2"); + + keys = linked_list_create_with_items("key2", "key3", "key1", NULL); + values = linked_list_create_with_items("sub2val2", "sub2val3", "sub1val1", NULL); + verify_key_values(keys, values, "main.sub2"); + + keys = linked_list_create_with_items("subkey1", "subkey3", "subkey2", NULL); + values = linked_list_create_with_items("sub2subsubval1", "sub2subsubval3", "sub1subsubval2", NULL); + verify_key_values(keys, values, "main.sub2.subsub"); +} +END_TEST + +START_TEST(test_references_templates) +{ + create_settings(chunk_from_str( + "sub-def {\n" + " key1 = sub1val1\n" + " key2 = sub1val2\n" + " subsub {\n" + " subkey1 = sub1subsubval1\n" + " }\n" + "}\n" + "subsub-def {\n" + " subkey1 = sub1subval1\n" + " subkey2 = sub1subval1\n" + "}\n" + "main {\n" + " sub1 : sub-def {\n" + " key1 = mainsub1val1\n" + " subsub : subsub-def {\n" + " subkey1 = mainsub1subval1\n" + " }\n" + " subsub1 {\n" + " subkey1 = mainsub1sub1val1\n" + " }\n" + " }\n" + " sub2 : sub-def {\n" + " key2 = mainsub2val2\n" + " key3 = mainsub2val3\n" + " subsub {\n" + " subkey3 = mainsub2subsubval3\n" + " }\n" + " }\n" + "}")); + + verify_string("mainsub1val1", "main.sub1.key1"); + verify_string("sub1val2", "main.sub1.key2"); + verify_string("mainsub1subval1", "main.sub1.subsub.subkey1"); + verify_string("sub1subval1", "main.sub1.subsub.subkey2"); + verify_string("mainsub1sub1val1", "main.sub1.subsub1.subkey1"); + verify_string("sub1val1", "main.sub2.key1"); + verify_string("mainsub2val2", "main.sub2.key2"); + verify_string("mainsub2val3", "main.sub2.key3"); + verify_string("sub1subsubval1", "main.sub2.subsub.subkey1"); + verify_null("main.sub2.subsub.subkey2"); + verify_string("mainsub2subsubval3", "main.sub2.subsub.subkey3"); +} +END_TEST + +START_TEST(test_references_order) +{ + linked_list_t *keys, *values; + + create_settings(chunk_from_str( + "main {\n" + " sub1 {\n" + " key1 = sub1val1\n" + " key2 = sub1val2\n" + " subsub1 {\n" + " }\n" + " }\n" + " sub2 {\n" + " key2 = sub2val2\n" + " key3 = sub2val3\n" + " subsub2 {\n" + " }\n" + " }\n" + " sub3 : main.sub1, main.sub2 {\n" + " key3 = sub3val3\n" + " }\n" + " sub4 : main.sub2, main.sub1 {\n" + " key3 = sub4val3\n" + " }\n" + "}")); + + verify_string("sub1val2", "main.sub3.key2"); + verify_string("sub3val3", "main.sub3.key3"); + verify_string("sub2val2", "main.sub4.key2"); + verify_string("sub4val3", "main.sub4.key3"); + + /* the order of referenced keys/subsections depends on the reference + * statement's order */ + keys = linked_list_create_with_items("subsub1", "subsub2", NULL); + verify_sections(keys, "main.sub3"); + + keys = linked_list_create_with_items("subsub2", "subsub1", NULL); + verify_sections(keys, "main.sub4"); + + /* local keys are always enumerated first */ + keys = linked_list_create_with_items("key3", "key1", "key2", NULL); + values = linked_list_create_with_items("sub3val3", "sub1val1", "sub1val2", NULL); + verify_key_values(keys, values, "main.sub3"); + + keys = linked_list_create_with_items("key3", "key2", "key1", NULL); + values = linked_list_create_with_items("sub4val3", "sub2val2", "sub1val1", NULL); + verify_key_values(keys, values, "main.sub4"); +} +END_TEST + +START_TEST(test_references_resolution) +{ + linked_list_t *keys, *values; + + create_settings(chunk_from_str( + "sec-a {\n" + " sub1 {\n" + " a1 = val-a1\n" + " key = sec-a-val1\n" + " sub-a {\n" + " }\n" + " }\n" + "}\n" + "sec-b : sec-a {\n" + " sub1 {\n" + " b1 = val-b1\n" + " key = sec-b-val1\n" + " sub-b1 {\n" + " }\n" + " }\n" + " sub2 {\n" + " b2 = val-b2\n" + " key = sec-b-val2\n" + " sub-b2 {\n" + " }\n" + " }\n" + "}\n" + "sec-c : sec-b {\n" + " sub2 : sec-b.sub1 {\n" + " c2 = val-c2\n" + " key = sec-c-val2\n" + " sub-c2 {\n" + " }\n" + " }\n" + "}")); + + verify_string("sec-c-val2", "sec-c.sub2.key"); + settings_remove_value(settings, "sec-c.sub2.key"); + verify_string("sec-b-val1", "sec-c.sub2.key"); + settings_remove_value(settings, "sec-b.sub1.key"); + verify_string("sec-a-val1", "sec-c.sub2.key"); + settings_remove_value(settings, "sec-a.sub1.key"); + verify_string("sec-b-val2", "sec-c.sub2.key"); + settings_remove_value(settings, "sec-b.sub2.key"); + verify_null("sec-c.sub2.key"); + + keys = linked_list_create_with_items("sub-c2", "sub-b1", "sub-a", "sub-b2", NULL); + verify_sections(keys, "sec-c.sub2"); + + keys = linked_list_create_with_items("c2", "b1", "a1", "b2", NULL); + values = linked_list_create_with_items("val-c2", "val-b1", "val-a1", "val-b2", NULL); + verify_key_values(keys, values, "sec-c.sub2"); +} +END_TEST + +START_TEST(test_references_fallback) +{ + linked_list_t *keys, *values; + +#define test_references_fallback_base_settings \ + "lib {\n" \ + " key1 = libval1\n" \ + " keylib = libval\n" \ + " sub {\n" \ + " key1 = libsubval1\n" \ + " }\n" \ + " libsub {\n" \ + " }\n" \ + "}\n" \ + "other {\n" \ + " key1 = otherval1\n" \ + " keyother = otherval\n" \ + " sub {\n" \ + " key1 = othersubval1\n" \ + " }\n" \ + " othersub {\n" \ + " }\n" \ + "}\n" + + create_settings(chunk_from_str( + test_references_fallback_base_settings "app : other {}")); + + /* references have precedence over fallbacks */ + settings->add_fallback(settings, "app", "lib"); + verify_string("otherval1", "app.key1"); + verify_string("libval", "app.keylib"); + verify_string("othersubval1", "app.sub.key1"); + + keys = linked_list_create_with_items("sub", "othersub", "libsub", NULL); + verify_sections(keys, "app"); + + keys = linked_list_create_with_items("key1", "keyother", "keylib", NULL); + values = linked_list_create_with_items("otherval1", "otherval", "libval", NULL); + verify_key_values(keys, values, "app"); + + /* fallbacks are unaffected when reloading configs with references */ + ck_assert(settings->load_string_section(settings, + test_references_fallback_base_settings "app {}", FALSE, "")); + verify_string("libval1", "app.key1"); + verify_string("libval", "app.keylib"); + verify_string("libsubval1", "app.sub.key1"); + + ck_assert(settings->load_string_section(settings, + test_references_fallback_base_settings "app : other {}", FALSE, "")); + verify_string("otherval1", "app.key1"); + verify_string("libval", "app.keylib"); + verify_string("othersubval1", "app.sub.key1"); +} +END_TEST + START_SETUP(setup_string_config) { create_settings(chunk_from_str( @@ -1115,6 +1461,25 @@ START_TEST(test_valid) ck_assert(chunk_write(contents, path, 0022, TRUE)); ck_assert(settings->load_files(settings, path, FALSE)); verify_string("a setting with = and { character", "equals"); + + contents = chunk_from_str( + "ref { key = value }\nvalid:ref {}"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(settings->load_files(settings, path, FALSE)); + verify_string("value", "valid.key"); + + contents = chunk_from_str( + "ref { key = value }\nvalid\n:\nref {}"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(settings->load_files(settings, path, FALSE)); + verify_string("value", "valid.key"); + + contents = chunk_from_str( + "ref { key = value }\nother { key1 = value1 }\nvalid\n:\nref\n\t,\nother {}"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(settings->load_files(settings, path, FALSE)); + verify_string("value", "valid.key"); + verify_string("value1", "valid.key1"); } END_TEST @@ -1157,6 +1522,21 @@ START_TEST(test_invalid) "\"unexpected\" = string"); ck_assert(chunk_write(contents, path, 0022, TRUE)); ck_assert(!settings->load_files(settings, path, FALSE)); + + contents = chunk_from_str( + "incorrect :: ref {}"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(!settings->load_files(settings, path, FALSE)); + + contents = chunk_from_str( + "/var/log/daemon.log { dmn = 1 }"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(!settings->load_files(settings, path, FALSE)); + + contents = chunk_from_str( + "filelog { /var/log/daemon.log = 1 }"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(!settings->load_files(settings, path, FALSE)); } END_TEST @@ -1326,14 +1706,25 @@ Suite *settings_suite_create() tcase_add_checked_fixture(tc, setup_include_config, teardown_config); tcase_add_test(tc, test_load_string); tcase_add_test(tc, test_load_string_section); + tcase_add_test(tc, test_load_string_section_null); suite_add_tcase(s, tc); tc = tcase_create("fallback"); tcase_add_checked_fixture(tc, setup_fallback_config, teardown_config); tcase_add_test(tc, test_add_fallback); + tcase_add_test(tc, test_fallback_resolution); tcase_add_test(tc, test_add_fallback_printf); suite_add_tcase(s, tc); + tc = tcase_create("references"); + tcase_add_checked_fixture(tc, NULL, teardown_config); + tcase_add_test(tc, test_references); + tcase_add_test(tc, test_references_templates); + tcase_add_test(tc, test_references_order); + tcase_add_test(tc, test_references_resolution); + tcase_add_test(tc, test_references_fallback); + suite_add_tcase(s, tc); + tc = tcase_create("strings"); tcase_add_checked_fixture(tc, setup_string_config, teardown_config); tcase_add_test(tc, test_strings); diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 00f000a6a..f1d46ee6b 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -860,47 +860,75 @@ END_TEST static struct { char *s; bool ok; + mark_op_t ops; mark_t m; } mark_data[] = { - {NULL, FALSE, { 0 }}, - {"", TRUE, { 0, 0xffffffff }}, - {"/", TRUE, { 0, 0 }}, - {"42", TRUE, { 42, 0xffffffff }}, - {"0x42", TRUE, { 0x42, 0xffffffff }}, - {"x", FALSE, { 0 }}, - {"42/", TRUE, { 0, 0 }}, - {"42/0", TRUE, { 0, 0 }}, - {"42/x", FALSE, { 0 }}, - {"42/42", TRUE, { 42, 42 }}, - {"42/0xff", TRUE, { 42, 0xff }}, - {"0x42/0xff", TRUE, { 0x42, 0xff }}, - {"/0xff", TRUE, { 0, 0xff }}, - {"/x", FALSE, { 0 }}, - {"x/x", FALSE, { 0 }}, - {"0xfffffff0/0x0000ffff", TRUE, { 0x0000fff0, 0x0000ffff }}, - {"%unique", TRUE, { MARK_UNIQUE, 0xffffffff }}, - {"%unique/", TRUE, { MARK_UNIQUE, 0 }}, - {"%unique/0x0000ffff", TRUE, { MARK_UNIQUE, 0x0000ffff }}, - {"%unique/0xffffffff", TRUE, { MARK_UNIQUE, 0xffffffff }}, - {"%unique0xffffffffff", FALSE, { 0, 0 }}, - {"0xffffffff/0x0000ffff", TRUE, { MARK_UNIQUE, 0x0000ffff }}, - {"0xffffffff/0xffffffff", TRUE, { MARK_UNIQUE, 0xffffffff }}, - {"%unique-dir", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }}, - {"%unique-dir/", TRUE, { MARK_UNIQUE_DIR, 0 }}, - {"%unique-dir/0x0000ffff", TRUE, { MARK_UNIQUE_DIR, 0x0000ffff }}, - {"%unique-dir/0xffffffff", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }}, - {"%unique-dir0xffffffff", FALSE, { 0, 0 }}, - {"0xfffffffe/0x0000ffff", TRUE, { MARK_UNIQUE_DIR, 0x0000ffff }}, - {"0xfffffffe/0xffffffff", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }}, - {"%unique-/0xffffffff", FALSE, { 0, 0 }}, - {"%unique-foo/0xffffffff", FALSE, { 0, 0 }}, + {NULL, FALSE, MARK_OP_NONE, { 0 }}, + {"", TRUE, MARK_OP_NONE, { 0, 0xffffffff }}, + {"/", TRUE, MARK_OP_NONE, { 0, 0 }}, + {"42", TRUE, MARK_OP_NONE, { 42, 0xffffffff }}, + {"0x42", TRUE, MARK_OP_NONE, { 0x42, 0xffffffff }}, + {"x", FALSE, MARK_OP_NONE, { 0 }}, + {"42/", TRUE, MARK_OP_NONE, { 0, 0 }}, + {"42/0", TRUE, MARK_OP_NONE, { 0, 0 }}, + {"42/x", FALSE, MARK_OP_NONE, { 0 }}, + {"42/42", TRUE, MARK_OP_NONE, { 42, 42 }}, + {"42/0xff", TRUE, MARK_OP_NONE, { 42, 0xff }}, + {"0x42/0xff", TRUE, MARK_OP_NONE, { 0x42, 0xff }}, + {"/0xff", TRUE, MARK_OP_NONE, { 0, 0xff }}, + {"/x", FALSE, MARK_OP_NONE, { 0 }}, + {"x/x", FALSE, MARK_OP_NONE, { 0 }}, + {"0xfffffff0/0x0000ffff", TRUE, MARK_OP_UNIQUE, + { 0x0000fff0, 0x0000ffff }}, + {"%unique", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE, 0xffffffff }}, + {"%unique/", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE, 0 }}, + {"%unique", FALSE, MARK_OP_NONE, + { 0, 0 }}, + {"%unique/0x0000ffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE, 0x0000ffff }}, + {"%unique/0xffffffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE, 0xffffffff }}, + {"%unique0xffffffffff", FALSE, MARK_OP_UNIQUE, + { 0, 0 }}, + {"0xffffffff/0x0000ffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE, 0x0000ffff }}, + {"0xffffffff/0xffffffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE, 0xffffffff }}, + {"%unique-dir", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE_DIR, 0xffffffff }}, + {"%unique-dir/", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE_DIR, 0 }}, + {"%unique-dir", FALSE, MARK_OP_NONE, + { 0, 0 }}, + {"%unique-dir/0x0000ffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE_DIR, 0x0000ffff }}, + {"%unique-dir/0xffffffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE_DIR, 0xffffffff }}, + {"%unique-dir0xffffffff", FALSE, MARK_OP_UNIQUE, + { 0, 0 }}, + {"0xfffffffe/0x0000ffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE_DIR, 0x0000ffff }}, + {"0xfffffffe/0xffffffff", TRUE, MARK_OP_UNIQUE, + { MARK_UNIQUE_DIR, 0xffffffff }}, + {"%unique-/0xffffffff", FALSE, MARK_OP_UNIQUE, + { 0, 0 }}, + {"%unique-foo/0xffffffff", FALSE, MARK_OP_UNIQUE, + { 0, 0 }}, + {"%same", TRUE, MARK_OP_SAME, + { MARK_SAME, 0xffffffff }}, + {"%same/0x0000ffff", TRUE, MARK_OP_SAME, + { MARK_SAME, 0x0000ffff }}, + {"%%same", FALSE, MARK_OP_NONE, + { 0, 0 }}, }; START_TEST(test_mark_from_string) { mark_t mark; - if (mark_from_string(mark_data[_i].s, &mark)) + if (mark_from_string(mark_data[_i].s, mark_data[_i].ops, &mark)) { ck_assert_int_eq(mark.value, mark_data[_i].m.value); ck_assert_int_eq(mark.mask, mark_data[_i].m.mask); diff --git a/src/libstrongswan/threading/windows/mutex.c b/src/libstrongswan/threading/windows/mutex.c index a26889580..135c8022e 100644 --- a/src/libstrongswan/threading/windows/mutex.c +++ b/src/libstrongswan/threading/windows/mutex.c @@ -112,7 +112,7 @@ METHOD(condvar_t, timed_wait, bool, thread_set_active_condvar(&this->cv); /* while a CriticalSection is recursive, waiting in a condvar releases - * only one mutex. So release (and reaquire) all locks except the last. */ + * only one mutex. So release (and reacquire) all locks except the last. */ times = mutex->times; while (mutex->times-- > 1) { diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index 56298a60f..36c0c9daa 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -1222,6 +1222,7 @@ static private_identification_t* create_from_string_with_prefix_type(char *str) { "dns:", ID_FQDN }, { "asn1dn:", ID_DER_ASN1_DN }, { "asn1gn:", ID_DER_ASN1_GN }, + { "xmppaddr:", ID_DER_ASN1_GN }, { "keyid:", ID_KEY_ID }, }; private_identification_t *this; @@ -1233,6 +1234,7 @@ static private_identification_t* create_from_string_with_prefix_type(char *str) { this = identification_create(prefixes[i].type); str += strlen(prefixes[i].str); + if (*str == '#') { this->encoded = chunk_from_hex(chunk_from_str(str + 1), NULL); @@ -1241,6 +1243,17 @@ static private_identification_t* create_from_string_with_prefix_type(char *str) { this->encoded = chunk_clone(chunk_from_str(str)); } + + if (prefixes[i].type == ID_DER_ASN1_GN && + strcasepfx(prefixes[i].str, "xmppaddr:")) + { + this->encoded = asn1_wrap(ASN1_CONTEXT_C_0, "mm", + asn1_build_known_oid(OID_XMPP_ADDR), + asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_UTF8STRING, "m", + this->encoded))); + } + return this; } } diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index b873e12a8..efeb0f478 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013-2014 Tobias Brunner + * Copyright (C) 2013-2018 Tobias Brunner * Copyright (C) 2006-2013 Martin Willi * HSR Hochschule fuer Technik Rapperswil * @@ -162,7 +162,12 @@ static spinlock_t *lock; /** * Is leak detection currently enabled? */ -static bool enabled = FALSE; +static bool enabled; + +/** + * Whether to report calls to free() with memory not allocated by us + */ +static bool ignore_unknown; /** * Is leak detection disabled for the current thread? @@ -609,6 +614,11 @@ static char *whitelist[] = { /* FHH IMCs and IMVs */ "TNC_IMC_NotifyConnectionChange", "TNC_IMV_NotifyConnectionChange", + /* Botan */ + "botan_public_key_load", + "botan_privkey_create_ecdsa", + "botan_privkey_create_ecdh", + "botan_privkey_load_ecdh", }; /** @@ -883,7 +893,7 @@ HOOK(void, free, void *ptr) return; } /* allow freeing of NULL */ - if (ptr == NULL) + if (!ptr) { return; } @@ -894,21 +904,47 @@ HOOK(void, free, void *ptr) if (hdr->magic != MEMORY_HEADER_MAGIC || tail->magic != MEMORY_TAIL_MAGIC) { + bool bt = TRUE; + + /* check if memory appears to be allocated by our hooks */ if (has_hdr(hdr)) { - /* memory was allocated by our hooks but is corrupted */ fprintf(stderr, "freeing corrupted memory (%p): " - "header magic 0x%x, tail magic 0x%x:\n", - ptr, hdr->magic, tail->magic); + "%u bytes, header magic 0x%x, tail magic 0x%x:\n", + ptr, hdr->bytes, hdr->magic, tail->magic); + remove_hdr(hdr); + + if (hdr->magic == MEMORY_HEADER_MAGIC) + { /* only access the old backtrace if header magic is valid */ + hdr->backtrace->log(hdr->backtrace, stderr, TRUE); + hdr->backtrace->destroy(hdr->backtrace); + } + else + { + fprintf(stderr, " header magic invalid, ignore backtrace of " + "allocation\n"); + } } else { - /* memory was not allocated by our hooks */ - fprintf(stderr, "freeing invalid memory (%p)\n", ptr); + /* just free this block of unknown memory */ + hdr = ptr; + + if (ignore_unknown) + { + bt = FALSE; + } + else + { + fprintf(stderr, "freeing unknown memory (%p):\n", ptr); + } + } + if (bt) + { + backtrace = backtrace_create(2); + backtrace->log(backtrace, stderr, TRUE); + backtrace->destroy(backtrace); } - backtrace = backtrace_create(2); - backtrace->log(backtrace, stderr, TRUE); - backtrace->destroy(backtrace); } else { @@ -916,12 +952,11 @@ HOOK(void, free, void *ptr) hdr->backtrace->destroy(hdr->backtrace); - /* clear MAGIC, set mem to something remarkable */ + /* set mem to something remarkable */ memset(hdr, MEMORY_FREE_PATTERN, sizeof(memory_header_t) + hdr->bytes + sizeof(memory_tail_t)); - - real_free(hdr); } + real_free(hdr); enable_thread(before); } @@ -933,19 +968,19 @@ HOOK(void*, realloc, void *old, size_t bytes) memory_header_t *hdr; memory_tail_t *tail; backtrace_t *backtrace; - bool before; + bool before, have_backtrace = TRUE; if (!enabled || thread_disabled->get(thread_disabled)) { return real_realloc(old, bytes); } /* allow reallocation of NULL */ - if (old == NULL) + if (!old) { return malloc(bytes); } /* handle zero size as a free() */ - if (bytes == 0) + if (!bytes) { free(old); return NULL; @@ -954,22 +989,64 @@ HOOK(void*, realloc, void *old, size_t bytes) hdr = old - sizeof(memory_header_t); tail = old + hdr->bytes; - remove_hdr(hdr); - + before = enable_thread(FALSE); if (hdr->magic != MEMORY_HEADER_MAGIC || tail->magic != MEMORY_TAIL_MAGIC) { - fprintf(stderr, "reallocating invalid memory (%p):\n" - "header magic 0x%x:\n", old, hdr->magic); - backtrace = backtrace_create(2); - backtrace->log(backtrace, stderr, TRUE); - backtrace->destroy(backtrace); + bool bt = TRUE; + + /* check if memory appears to be allocated by our hooks */ + if (has_hdr(hdr)) + { + fprintf(stderr, "reallocating corrupted memory (%p, %u bytes): " + "%zu bytes, header magic 0x%x, tail magic 0x%x:\n", + old, hdr->bytes, bytes, hdr->magic, tail->magic); + remove_hdr(hdr); + + if (hdr->magic == MEMORY_HEADER_MAGIC) + { /* only access header fields (backtrace, bytes) if header magic + * is still valid */ + hdr->backtrace->log(hdr->backtrace, stderr, TRUE); + memset(&tail->magic, MEMORY_ALLOC_PATTERN, sizeof(tail->magic)); + } + else + { + fprintf(stderr, " header magic invalid, ignore backtrace of " + "allocation\n"); + have_backtrace = FALSE; + hdr->magic = MEMORY_HEADER_MAGIC; + } + } + else + { + /* adopt this block of unknown memory */ + hdr = old; + have_backtrace = FALSE; + + if (ignore_unknown) + { + bt = FALSE; + } + else + { + fprintf(stderr, "reallocating unknown memory (%p): %zu bytes:\n", + old, bytes); + } + } + if (bt) + { + backtrace = backtrace_create(2); + backtrace->log(backtrace, stderr, TRUE); + backtrace->destroy(backtrace); + } } else { + remove_hdr(hdr); /* clear tail magic, allocate, set tail magic */ memset(&tail->magic, MEMORY_ALLOC_PATTERN, sizeof(tail->magic)); } + hdr = real_realloc(hdr, sizeof(memory_header_t) + bytes + sizeof(memory_tail_t)); tail = ((void*)hdr) + bytes + sizeof(memory_header_t); @@ -978,8 +1055,10 @@ HOOK(void*, realloc, void *old, size_t bytes) /* update statistics */ hdr->bytes = bytes; - before = enable_thread(FALSE); - hdr->backtrace->destroy(hdr->backtrace); + if (have_backtrace) + { + hdr->backtrace->destroy(hdr->backtrace); + } hdr->backtrace = backtrace_create(2); enable_thread(before); @@ -1022,6 +1101,7 @@ leak_detective_t *leak_detective_create() free(this); return NULL; } + ignore_unknown = getenv("LEAK_DETECTIVE_IGNORE_UNKNOWN") != NULL; lock = spinlock_create(); thread_disabled = thread_value_create(NULL); diff --git a/src/libstrongswan/utils/utils/atomics.h b/src/libstrongswan/utils/utils/atomics.h index a973b1adc..c23b361ec 100644 --- a/src/libstrongswan/utils/utils/atomics.h +++ b/src/libstrongswan/utils/utils/atomics.h @@ -27,8 +27,14 @@ */ typedef u_int refcount_t; +/* use __atomic* built-ins with clang, if available (note that clang also + * defines __GNUC__, however only claims to be GCC 4.2) */ +#if defined(__clang__) +# if __has_builtin(__atomic_add_fetch) +# define HAVE_GCC_ATOMIC_OPERATIONS +# endif /* use __atomic* built-ins with GCC 4.7 and newer */ -#ifdef __GNUC__ +#elif defined(__GNUC__) # if (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 6)) # define HAVE_GCC_ATOMIC_OPERATIONS # endif @@ -47,7 +53,7 @@ typedef u_int refcount_t; #define ref_put(ref) (!__atomic_sub_fetch(ref, 1, __ATOMIC_ACQ_REL)) #define ref_cur(ref) __atomic_load_n(ref, __ATOMIC_RELAXED) -#define _cas_impl(ptr, oldval, newval) ({ typeof(oldval) _old = oldval; \ +#define _cas_impl(ptr, oldval, newval) ({ typeof(*ptr) _old = oldval; \ __atomic_compare_exchange_n(ptr, &_old, newval, FALSE, \ __ATOMIC_SEQ_CST, __ATOMIC_RELAXED); }) #define cas_bool(ptr, oldval, newval) _cas_impl(ptr, oldval, newval) |