summaryrefslogtreecommitdiff
path: root/src/libstrongswan
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2010-11-28 11:42:20 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2010-11-28 11:42:20 +0000
commitf73fba54dc8b30c6482e1e8abf15bbf455592fcd (patch)
treea449515607c5e51a5c703d7a9b1149c9e4a11560 /src/libstrongswan
parentb8064f4099997a9e2179f3ad4ace605f5ccac3a1 (diff)
downloadvyos-strongswan-f73fba54dc8b30c6482e1e8abf15bbf455592fcd.tar.gz
vyos-strongswan-f73fba54dc8b30c6482e1e8abf15bbf455592fcd.zip
[svn-upgrade] new version strongswan (4.5.0)
Diffstat (limited to 'src/libstrongswan')
-rw-r--r--src/libstrongswan/Android.mk12
-rw-r--r--src/libstrongswan/Makefile.am43
-rw-r--r--src/libstrongswan/Makefile.in188
-rw-r--r--src/libstrongswan/asn1/oid.c370
-rw-r--r--src/libstrongswan/asn1/oid.h173
-rw-r--r--src/libstrongswan/asn1/oid.txt2
-rw-r--r--src/libstrongswan/chunk.c28
-rw-r--r--src/libstrongswan/chunk.h6
-rw-r--r--src/libstrongswan/credentials/auth_cfg.c65
-rw-r--r--src/libstrongswan/credentials/auth_cfg.h32
-rw-r--r--src/libstrongswan/credentials/builder.c6
-rw-r--r--src/libstrongswan/credentials/builder.h18
-rw-r--r--src/libstrongswan/credentials/credential_factory.c76
-rw-r--r--src/libstrongswan/credentials/credential_factory.h18
-rw-r--r--src/libstrongswan/credentials/credential_manager.c43
-rw-r--r--src/libstrongswan/credentials/keys/private_key.h10
-rw-r--r--src/libstrongswan/credentials/keys/public_key.c10
-rw-r--r--src/libstrongswan/credentials/keys/public_key.h36
-rw-r--r--src/libstrongswan/credentials/sets/callback_cred.c144
-rw-r--r--src/libstrongswan/credentials/sets/callback_cred.h67
-rw-r--r--src/libstrongswan/credentials/sets/mem_cred.c433
-rw-r--r--src/libstrongswan/credentials/sets/mem_cred.h77
-rw-r--r--src/libstrongswan/crypto/aead.c162
-rw-r--r--src/libstrongswan/crypto/aead.h119
-rw-r--r--src/libstrongswan/crypto/crypters/crypter.c23
-rw-r--r--src/libstrongswan/crypto/crypters/crypter.h39
-rw-r--r--src/libstrongswan/crypto/crypto_factory.c507
-rw-r--r--src/libstrongswan/crypto/crypto_factory.h54
-rw-r--r--src/libstrongswan/crypto/crypto_tester.c614
-rw-r--r--src/libstrongswan/crypto/crypto_tester.h60
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.c24
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.h10
-rw-r--r--src/libstrongswan/crypto/prfs/prf.c7
-rw-r--r--src/libstrongswan/crypto/prfs/prf.h8
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.c254
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.txt22
-rw-r--r--src/libstrongswan/crypto/signers/signer.c9
-rw-r--r--src/libstrongswan/crypto/signers/signer.h10
-rw-r--r--src/libstrongswan/crypto/transform.c7
-rw-r--r--src/libstrongswan/crypto/transform.h1
-rw-r--r--src/libstrongswan/debug.c4
-rw-r--r--src/libstrongswan/debug.h4
-rw-r--r--src/libstrongswan/eap/eap.c131
-rw-r--r--src/libstrongswan/eap/eap.h89
-rw-r--r--src/libstrongswan/enum.c29
-rw-r--r--src/libstrongswan/enum.h18
-rw-r--r--src/libstrongswan/library.c4
-rw-r--r--src/libstrongswan/library.h18
-rw-r--r--src/libstrongswan/plugins/aes/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/aes/aes_crypter.c109
-rw-r--r--src/libstrongswan/plugins/aes/aes_crypter.h4
-rw-r--r--src/libstrongswan/plugins/aes/aes_plugin.c18
-rw-r--r--src/libstrongswan/plugins/agent/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/agent/agent_plugin.c18
-rw-r--r--src/libstrongswan/plugins/agent/agent_private_key.c103
-rw-r--r--src/libstrongswan/plugins/agent/agent_private_key.h2
-rw-r--r--src/libstrongswan/plugins/blowfish/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/blowfish/blowfish_crypter.c78
-rw-r--r--src/libstrongswan/plugins/blowfish/blowfish_crypter.h4
-rw-r--r--src/libstrongswan/plugins/blowfish/blowfish_plugin.c18
-rw-r--r--src/libstrongswan/plugins/ccm/Makefile.am16
-rw-r--r--src/libstrongswan/plugins/ccm/Makefile.in600
-rw-r--r--src/libstrongswan/plugins/ccm/ccm_aead.c397
-rw-r--r--src/libstrongswan/plugins/ccm/ccm_aead.h51
-rw-r--r--src/libstrongswan/plugins/ccm/ccm_plugin.c69
-rw-r--r--src/libstrongswan/plugins/ccm/ccm_plugin.h42
-rw-r--r--src/libstrongswan/plugins/ctr/Makefile.am16
-rw-r--r--src/libstrongswan/plugins/ctr/Makefile.in600
-rw-r--r--src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c173
-rw-r--r--src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h54
-rw-r--r--src/libstrongswan/plugins/ctr/ctr_plugin.c65
-rw-r--r--src/libstrongswan/plugins/ctr/ctr_plugin.h42
-rw-r--r--src/libstrongswan/plugins/curl/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/curl/curl_fetcher.c10
-rw-r--r--src/libstrongswan/plugins/des/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/des/des_crypter.c114
-rw-r--r--src/libstrongswan/plugins/des/des_crypter.h4
-rw-r--r--src/libstrongswan/plugins/des/des_plugin.c16
-rw-r--r--src/libstrongswan/plugins/dnskey/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/dnskey/dnskey_plugin.c4
-rw-r--r--src/libstrongswan/plugins/fips_prf/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/gcm/Makefile.am16
-rw-r--r--src/libstrongswan/plugins/gcm/Makefile.in600
-rw-r--r--src/libstrongswan/plugins/gcm/gcm_aead.c425
-rw-r--r--src/libstrongswan/plugins/gcm/gcm_aead.h51
-rw-r--r--src/libstrongswan/plugins/gcm/gcm_plugin.c63
-rw-r--r--src/libstrongswan/plugins/gcm/gcm_plugin.h42
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c136
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h2
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_dh.c113
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_dh.h11
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c50
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h2
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c32
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rng.c37
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c116
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h2
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c98
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h2
-rw-r--r--src/libstrongswan/plugins/gmp/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c106
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h11
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_plugin.c27
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c127
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h2
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c111
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h2
-rw-r--r--src/libstrongswan/plugins/hmac/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/hmac/hmac.c58
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_plugin.c20
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_prf.c77
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_prf.h4
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_signer.c108
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_signer.h7
-rw-r--r--src/libstrongswan/plugins/ldap/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/md4/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/md5/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/mysql/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/openssl/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crl.c17
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crypter.c174
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crypter.h4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c72
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h5
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c59
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_private_key.c114
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_private_key.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_public_key.c104
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_public_key.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_hasher.c50
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_hasher.h4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.c72
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c229
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c123
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_sha1_prf.c16
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_x509.c57
-rw-r--r--src/libstrongswan/plugins/padlock/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_aes_crypter.c79
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_aes_crypter.h4
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_plugin.c18
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_rng.c46
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c55
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h2
-rw-r--r--src/libstrongswan/plugins/pem/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/pem/pem_builder.c93
-rw-r--r--src/libstrongswan/plugins/pem/pem_plugin.c38
-rw-r--r--src/libstrongswan/plugins/pgp/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_builder.c2
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_plugin.c10
-rw-r--r--src/libstrongswan/plugins/pkcs1/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c6
-rw-r--r--src/libstrongswan/plugins/pkcs11/Makefile.am21
-rw-r--r--src/libstrongswan/plugins/pkcs11/Makefile.in614
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11.h1357
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_creds.c249
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_creds.h68
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c323
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h47
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_library.c869
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_library.h110
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_manager.c407
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_manager.h78
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c176
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h42
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c600
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h63
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c473
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h49
-rw-r--r--src/libstrongswan/plugins/plugin_loader.c6
-rw-r--r--src/libstrongswan/plugins/pubkey/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_plugin.c2
-rw-r--r--src/libstrongswan/plugins/random/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/revocation/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/revocation/revocation_plugin.c6
-rw-r--r--src/libstrongswan/plugins/sha1/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/sha2/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/sqlite/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.am5
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.in74
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors.h41
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c157
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c148
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c139
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c148
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c58
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c16
-rw-r--r--src/libstrongswan/plugins/x509/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c52
-rw-r--r--src/libstrongswan/plugins/x509/x509_pkcs10.c2
-rw-r--r--src/libstrongswan/plugins/x509/x509_plugin.c20
-rw-r--r--src/libstrongswan/plugins/xcbc/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc.c110
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_plugin.c28
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_prf.c61
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_prf.h4
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_signer.c77
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_signer.h4
-rw-r--r--src/libstrongswan/printf_hook.c100
-rw-r--r--src/libstrongswan/printf_hook.h6
-rw-r--r--src/libstrongswan/processing/jobs/callback_job.c271
-rw-r--r--src/libstrongswan/processing/jobs/callback_job.h118
-rw-r--r--src/libstrongswan/processing/jobs/job.h52
-rw-r--r--src/libstrongswan/processing/processor.c273
-rw-r--r--src/libstrongswan/processing/processor.h94
-rw-r--r--src/libstrongswan/processing/scheduler.c358
-rw-r--r--src/libstrongswan/processing/scheduler.h130
-rw-r--r--src/libstrongswan/settings.c128
-rw-r--r--src/libstrongswan/settings.h5
-rw-r--r--src/libstrongswan/utils.c2
-rw-r--r--src/libstrongswan/utils.h22
-rw-r--r--src/libstrongswan/utils/identification.c24
-rw-r--r--src/libstrongswan/utils/leak_detective.c5
-rw-r--r--src/libstrongswan/utils/linked_list.h34
216 files changed, 16722 insertions, 2774 deletions
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk
index 1931dfa45..431543151 100644
--- a/src/libstrongswan/Android.mk
+++ b/src/libstrongswan/Android.mk
@@ -23,6 +23,7 @@ crypto/signers/signer.c crypto/signers/signer.h \
crypto/crypto_factory.c crypto/crypto_factory.h \
crypto/crypto_tester.c crypto/crypto_tester.h \
crypto/diffie_hellman.c crypto/diffie_hellman.h \
+crypto/aead.c crypto/aead.h \
crypto/transform.c crypto/transform.h \
credentials/credential_factory.c credentials/credential_factory.h \
credentials/builder.c credentials/builder.h \
@@ -43,10 +44,18 @@ credentials/credential_manager.c credentials/credential_manager.h \
credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \
credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \
credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
+credentials/sets/mem_cred.c credentials/sets/mem_cred.h \
+credentials/sets/callback_cred.c credentials/sets/callback_cred.h \
credentials/auth_cfg.c credentials/auth_cfg.h credentials/credential_set.h \
credentials/cert_validator.h \
database/database.h database/database_factory.h database/database_factory.c \
fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \
+eap/eap.h eap/eap.c \
+plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h \
+processing/jobs/job.h \
+processing/jobs/callback_job.c processing/jobs/callback_job.h \
+processing/processor.c processing/processor.h \
+processing/scheduler.c processing/scheduler.h \
selectors/traffic_selector.c selectors/traffic_selector.h \
threading/thread.h threading/thread.c \
threading/thread_value.h threading/thread_value.c \
@@ -62,8 +71,7 @@ utils/linked_list.c utils/linked_list.h \
utils/hashtable.c utils/hashtable.h \
utils/enumerator.c utils/enumerator.h \
utils/optionsfrom.c utils/optionsfrom.h \
-utils/backtrace.c utils/backtrace.h \
-plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h
+utils/backtrace.c utils/backtrace.h
# adding the plugin source files
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 3678abd5d..2ab8aa636 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -21,6 +21,7 @@ crypto/signers/signer.c crypto/signers/signer.h \
crypto/crypto_factory.c crypto/crypto_factory.h \
crypto/crypto_tester.c crypto/crypto_tester.h \
crypto/diffie_hellman.c crypto/diffie_hellman.h \
+crypto/aead.c crypto/aead.h \
crypto/transform.c crypto/transform.h \
credentials/credential_factory.c credentials/credential_factory.h \
credentials/builder.c credentials/builder.h \
@@ -41,10 +42,18 @@ credentials/credential_manager.c credentials/credential_manager.h \
credentials/sets/auth_cfg_wrapper.c credentials/sets/auth_cfg_wrapper.h \
credentials/sets/ocsp_response_wrapper.c credentials/sets/ocsp_response_wrapper.h \
credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
+credentials/sets/mem_cred.c credentials/sets/mem_cred.h \
+credentials/sets/callback_cred.c credentials/sets/callback_cred.h \
credentials/auth_cfg.c credentials/auth_cfg.h credentials/credential_set.h \
credentials/cert_validator.h \
database/database.h database/database_factory.h database/database_factory.c \
fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \
+eap/eap.h eap/eap.c \
+plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h \
+processing/jobs/job.h \
+processing/jobs/callback_job.c processing/jobs/callback_job.h \
+processing/processor.c processing/processor.h \
+processing/scheduler.c processing/scheduler.h \
selectors/traffic_selector.c selectors/traffic_selector.h \
threading/thread.h threading/thread.c \
threading/thread_value.h threading/thread_value.c \
@@ -60,8 +69,10 @@ utils/linked_list.c utils/linked_list.h \
utils/hashtable.c utils/hashtable.h \
utils/enumerator.c utils/enumerator.h \
utils/optionsfrom.c utils/optionsfrom.h \
-utils/backtrace.c utils/backtrace.h \
-plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h
+utils/backtrace.c utils/backtrace.h
+
+
+library.lo : $(top_builddir)/config.status
libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB)
@@ -314,6 +325,34 @@ if MONOLITHIC
endif
endif
+if USE_PKCS11
+ SUBDIRS += plugins/pkcs11
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/pkcs11/libstrongswan-pkcs11.la
+endif
+endif
+
+if USE_CTR
+ SUBDIRS += plugins/ctr
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/ctr/libstrongswan-ctr.la
+endif
+endif
+
+if USE_CCM
+ SUBDIRS += plugins/ccm
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/ccm/libstrongswan-ccm.la
+endif
+endif
+
+if USE_GCM
+ SUBDIRS += plugins/gcm
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/gcm/libstrongswan-gcm.la
+endif
+endif
+
if USE_TEST_VECTORS
SUBDIRS += plugins/test_vectors
if MONOLITHIC
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index b6dcf6be5..8be6dd9b8 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -98,8 +98,16 @@ host_triplet = @host@
@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_58 = plugins/fips_prf/libstrongswan-fips-prf.la
@USE_AGENT_TRUE@am__append_59 = plugins/agent
@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_60 = plugins/agent/libstrongswan-agent.la
-@USE_TEST_VECTORS_TRUE@am__append_61 = plugins/test_vectors
-@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_62 = plugins/test_vectors/libstrongswan-test-vectors.la
+@USE_PKCS11_TRUE@am__append_61 = plugins/pkcs11
+@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_62 = plugins/pkcs11/libstrongswan-pkcs11.la
+@USE_CTR_TRUE@am__append_63 = plugins/ctr
+@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_64 = plugins/ctr/libstrongswan-ctr.la
+@USE_CCM_TRUE@am__append_65 = plugins/ccm
+@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_66 = plugins/ccm/libstrongswan-ccm.la
+@USE_GCM_TRUE@am__append_67 = plugins/gcm
+@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_68 = plugins/gcm/libstrongswan-gcm.la
+@USE_TEST_VECTORS_TRUE@am__append_69 = plugins/test_vectors
+@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_70 = plugins/test_vectors/libstrongswan-test-vectors.la
subdir = src/libstrongswan
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -110,6 +118,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -152,7 +161,8 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__append_42) $(am__append_44) $(am__append_46) \
$(am__append_48) $(am__append_50) $(am__append_52) \
$(am__append_54) $(am__append_56) $(am__append_58) \
- $(am__append_60) $(am__append_62)
+ $(am__append_60) $(am__append_62) $(am__append_64) \
+ $(am__append_66) $(am__append_68) $(am__append_70)
am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \
chunk.h debug.c debug.h enum.c enum.h settings.h settings.c \
printf_hook.c printf_hook.h asn1/asn1.c asn1/asn1.h \
@@ -166,7 +176,8 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \
crypto/signers/signer.h crypto/crypto_factory.c \
crypto/crypto_factory.h crypto/crypto_tester.c \
crypto/crypto_tester.h crypto/diffie_hellman.c \
- crypto/diffie_hellman.h crypto/transform.c crypto/transform.h \
+ crypto/diffie_hellman.h crypto/aead.c crypto/aead.h \
+ crypto/transform.c crypto/transform.h \
credentials/credential_factory.c \
credentials/credential_factory.h credentials/builder.c \
credentials/builder.h credentials/cred_encoding.c \
@@ -193,11 +204,19 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \
credentials/sets/ocsp_response_wrapper.c \
credentials/sets/ocsp_response_wrapper.h \
credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
- credentials/auth_cfg.c credentials/auth_cfg.h \
- credentials/credential_set.h credentials/cert_validator.h \
- database/database.h database/database_factory.h \
- database/database_factory.c fetcher/fetcher.h \
- fetcher/fetcher_manager.h fetcher/fetcher_manager.c \
+ credentials/sets/mem_cred.c credentials/sets/mem_cred.h \
+ credentials/sets/callback_cred.c \
+ credentials/sets/callback_cred.h credentials/auth_cfg.c \
+ credentials/auth_cfg.h credentials/credential_set.h \
+ credentials/cert_validator.h database/database.h \
+ database/database_factory.h database/database_factory.c \
+ fetcher/fetcher.h fetcher/fetcher_manager.h \
+ fetcher/fetcher_manager.c eap/eap.h eap/eap.c \
+ plugins/plugin_loader.c plugins/plugin_loader.h \
+ plugins/plugin.h processing/jobs/job.h \
+ processing/jobs/callback_job.c processing/jobs/callback_job.h \
+ processing/processor.c processing/processor.h \
+ processing/scheduler.c processing/scheduler.h \
selectors/traffic_selector.c selectors/traffic_selector.h \
threading/thread.h threading/thread.c threading/thread_value.h \
threading/thread_value.c threading/mutex.h threading/mutex.c \
@@ -208,27 +227,27 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \
utils/linked_list.c utils/linked_list.h utils/hashtable.c \
utils/hashtable.h utils/enumerator.c utils/enumerator.h \
utils/optionsfrom.c utils/optionsfrom.h utils/backtrace.c \
- utils/backtrace.h plugins/plugin_loader.c \
- plugins/plugin_loader.h plugins/plugin.h \
- utils/leak_detective.c utils/leak_detective.h \
- integrity_checker.c integrity_checker.h
+ utils/backtrace.h utils/leak_detective.c \
+ utils/leak_detective.h integrity_checker.c integrity_checker.h
@USE_LEAK_DETECTIVE_TRUE@am__objects_1 = leak_detective.lo
@USE_INTEGRITY_TEST_TRUE@am__objects_2 = integrity_checker.lo
am_libstrongswan_la_OBJECTS = library.lo chunk.lo debug.lo enum.lo \
settings.lo printf_hook.lo asn1.lo asn1_parser.lo oid.lo \
crypter.lo hasher.lo pkcs9.lo proposal_keywords.lo prf.lo \
rng.lo prf_plus.lo signer.lo crypto_factory.lo \
- crypto_tester.lo diffie_hellman.lo transform.lo \
+ crypto_tester.lo diffie_hellman.lo aead.lo transform.lo \
credential_factory.lo builder.lo cred_encoding.lo \
private_key.lo public_key.lo shared_key.lo certificate.lo \
x509.lo crl.lo ocsp_response.lo ietf_attributes.lo \
credential_manager.lo auth_cfg_wrapper.lo \
- ocsp_response_wrapper.lo cert_cache.lo auth_cfg.lo \
- database_factory.lo fetcher_manager.lo traffic_selector.lo \
- thread.lo thread_value.lo mutex.lo rwlock.lo utils.lo host.lo \
+ ocsp_response_wrapper.lo cert_cache.lo mem_cred.lo \
+ callback_cred.lo auth_cfg.lo database_factory.lo \
+ fetcher_manager.lo eap.lo plugin_loader.lo callback_job.lo \
+ processor.lo scheduler.lo traffic_selector.lo thread.lo \
+ thread_value.lo mutex.lo rwlock.lo utils.lo host.lo \
identification.lo lexparser.lo linked_list.lo hashtable.lo \
- enumerator.lo optionsfrom.lo backtrace.lo plugin_loader.lo \
- $(am__objects_1) $(am__objects_2)
+ enumerator.lo optionsfrom.lo backtrace.lo $(am__objects_1) \
+ $(am__objects_2)
libstrongswan_la_OBJECTS = $(am_libstrongswan_la_OBJECTS)
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
@@ -265,8 +284,8 @@ DIST_SUBDIRS = . plugins/aes plugins/des plugins/blowfish plugins/md4 \
plugins/revocation plugins/pubkey plugins/pkcs1 plugins/pgp \
plugins/dnskey plugins/pem plugins/curl plugins/ldap \
plugins/mysql plugins/sqlite plugins/padlock plugins/openssl \
- plugins/gcrypt plugins/fips_prf plugins/agent \
- plugins/test_vectors
+ plugins/gcrypt plugins/fips_prf plugins/agent plugins/pkcs11 \
+ plugins/ctr plugins/ccm plugins/gcm plugins/test_vectors
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
@@ -358,6 +377,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -389,14 +410,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -411,24 +435,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -436,7 +467,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
@@ -462,7 +496,8 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \
crypto/signers/signer.h crypto/crypto_factory.c \
crypto/crypto_factory.h crypto/crypto_tester.c \
crypto/crypto_tester.h crypto/diffie_hellman.c \
- crypto/diffie_hellman.h crypto/transform.c crypto/transform.h \
+ crypto/diffie_hellman.h crypto/aead.c crypto/aead.h \
+ crypto/transform.c crypto/transform.h \
credentials/credential_factory.c \
credentials/credential_factory.h credentials/builder.c \
credentials/builder.h credentials/cred_encoding.c \
@@ -489,11 +524,19 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \
credentials/sets/ocsp_response_wrapper.c \
credentials/sets/ocsp_response_wrapper.h \
credentials/sets/cert_cache.c credentials/sets/cert_cache.h \
- credentials/auth_cfg.c credentials/auth_cfg.h \
- credentials/credential_set.h credentials/cert_validator.h \
- database/database.h database/database_factory.h \
- database/database_factory.c fetcher/fetcher.h \
- fetcher/fetcher_manager.h fetcher/fetcher_manager.c \
+ credentials/sets/mem_cred.c credentials/sets/mem_cred.h \
+ credentials/sets/callback_cred.c \
+ credentials/sets/callback_cred.h credentials/auth_cfg.c \
+ credentials/auth_cfg.h credentials/credential_set.h \
+ credentials/cert_validator.h database/database.h \
+ database/database_factory.h database/database_factory.c \
+ fetcher/fetcher.h fetcher/fetcher_manager.h \
+ fetcher/fetcher_manager.c eap/eap.h eap/eap.c \
+ plugins/plugin_loader.c plugins/plugin_loader.h \
+ plugins/plugin.h processing/jobs/job.h \
+ processing/jobs/callback_job.c processing/jobs/callback_job.h \
+ processing/processor.c processing/processor.h \
+ processing/scheduler.c processing/scheduler.h \
selectors/traffic_selector.c selectors/traffic_selector.h \
threading/thread.h threading/thread.c threading/thread_value.h \
threading/thread_value.c threading/mutex.h threading/mutex.c \
@@ -504,9 +547,7 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \
utils/linked_list.c utils/linked_list.h utils/hashtable.c \
utils/hashtable.h utils/enumerator.c utils/enumerator.h \
utils/optionsfrom.c utils/optionsfrom.h utils/backtrace.c \
- utils/backtrace.h plugins/plugin_loader.c \
- plugins/plugin_loader.h plugins/plugin.h $(am__append_2) \
- $(am__append_5)
+ utils/backtrace.h $(am__append_2) $(am__append_5)
libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \
$(RTLIB) $(am__append_6) $(am__append_8) $(am__append_10) \
$(am__append_12) $(am__append_14) $(am__append_16) \
@@ -517,7 +558,8 @@ libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \
$(am__append_42) $(am__append_44) $(am__append_46) \
$(am__append_48) $(am__append_50) $(am__append_52) \
$(am__append_54) $(am__append_56) $(am__append_58) \
- $(am__append_60) $(am__append_62)
+ $(am__append_60) $(am__append_62) $(am__append_64) \
+ $(am__append_66) $(am__append_68) $(am__append_70)
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DPLUGINDIR=\"${plugindir}\" \
-DSTRONGSWAN_CONF=\"${strongswan_conf}\" $(am__append_1) \
@@ -548,7 +590,9 @@ $(srcdir)/crypto/proposal/proposal_keywords.c
@MONOLITHIC_FALSE@ $(am__append_47) $(am__append_49) \
@MONOLITHIC_FALSE@ $(am__append_51) $(am__append_53) \
@MONOLITHIC_FALSE@ $(am__append_55) $(am__append_57) \
-@MONOLITHIC_FALSE@ $(am__append_59) $(am__append_61)
+@MONOLITHIC_FALSE@ $(am__append_59) $(am__append_61) \
+@MONOLITHIC_FALSE@ $(am__append_63) $(am__append_65) \
+@MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69)
# build plugins with their own Makefile
#######################################
@@ -565,7 +609,9 @@ $(srcdir)/crypto/proposal/proposal_keywords.c
@MONOLITHIC_TRUE@ $(am__append_47) $(am__append_49) \
@MONOLITHIC_TRUE@ $(am__append_51) $(am__append_53) \
@MONOLITHIC_TRUE@ $(am__append_55) $(am__append_57) \
-@MONOLITHIC_TRUE@ $(am__append_59) $(am__append_61)
+@MONOLITHIC_TRUE@ $(am__append_59) $(am__append_61) \
+@MONOLITHIC_TRUE@ $(am__append_63) $(am__append_65) \
+@MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69)
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-recursive
@@ -641,12 +687,15 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aead.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asn1_parser.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg_wrapper.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/backtrace.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/builder.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callback_cred.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callback_job.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cert_cache.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/certificate.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chunk.Plo@am__quote@
@@ -660,6 +709,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/database_factory.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/debug.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/diffie_hellman.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/enum.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/enumerator.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fetcher_manager.Plo@am__quote@
@@ -673,6 +723,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lexparser.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/library.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/linked_list.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mem_cred.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mutex.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp_response.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp_response_wrapper.Plo@am__quote@
@@ -684,10 +735,12 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prf_plus.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/printf_hook.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/private_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/processor.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal_keywords.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/public_key.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rng.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rwlock.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scheduler.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/settings.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shared_key.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signer.Plo@am__quote@
@@ -817,6 +870,13 @@ diffie_hellman.lo: crypto/diffie_hellman.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o diffie_hellman.lo `test -f 'crypto/diffie_hellman.c' || echo '$(srcdir)/'`crypto/diffie_hellman.c
+aead.lo: crypto/aead.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aead.lo -MD -MP -MF $(DEPDIR)/aead.Tpo -c -o aead.lo `test -f 'crypto/aead.c' || echo '$(srcdir)/'`crypto/aead.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aead.Tpo $(DEPDIR)/aead.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/aead.c' object='aead.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aead.lo `test -f 'crypto/aead.c' || echo '$(srcdir)/'`crypto/aead.c
+
transform.lo: crypto/transform.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform.lo -MD -MP -MF $(DEPDIR)/transform.Tpo -c -o transform.lo `test -f 'crypto/transform.c' || echo '$(srcdir)/'`crypto/transform.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/transform.Tpo $(DEPDIR)/transform.Plo
@@ -929,6 +989,20 @@ cert_cache.lo: credentials/sets/cert_cache.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cert_cache.lo `test -f 'credentials/sets/cert_cache.c' || echo '$(srcdir)/'`credentials/sets/cert_cache.c
+mem_cred.lo: credentials/sets/mem_cred.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT mem_cred.lo -MD -MP -MF $(DEPDIR)/mem_cred.Tpo -c -o mem_cred.lo `test -f 'credentials/sets/mem_cred.c' || echo '$(srcdir)/'`credentials/sets/mem_cred.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/mem_cred.Tpo $(DEPDIR)/mem_cred.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/mem_cred.c' object='mem_cred.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o mem_cred.lo `test -f 'credentials/sets/mem_cred.c' || echo '$(srcdir)/'`credentials/sets/mem_cred.c
+
+callback_cred.lo: credentials/sets/callback_cred.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT callback_cred.lo -MD -MP -MF $(DEPDIR)/callback_cred.Tpo -c -o callback_cred.lo `test -f 'credentials/sets/callback_cred.c' || echo '$(srcdir)/'`credentials/sets/callback_cred.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/callback_cred.Tpo $(DEPDIR)/callback_cred.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/sets/callback_cred.c' object='callback_cred.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o callback_cred.lo `test -f 'credentials/sets/callback_cred.c' || echo '$(srcdir)/'`credentials/sets/callback_cred.c
+
auth_cfg.lo: credentials/auth_cfg.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT auth_cfg.lo -MD -MP -MF $(DEPDIR)/auth_cfg.Tpo -c -o auth_cfg.lo `test -f 'credentials/auth_cfg.c' || echo '$(srcdir)/'`credentials/auth_cfg.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/auth_cfg.Tpo $(DEPDIR)/auth_cfg.Plo
@@ -950,6 +1024,41 @@ fetcher_manager.lo: fetcher/fetcher_manager.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fetcher_manager.lo `test -f 'fetcher/fetcher_manager.c' || echo '$(srcdir)/'`fetcher/fetcher_manager.c
+eap.lo: eap/eap.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT eap.lo -MD -MP -MF $(DEPDIR)/eap.Tpo -c -o eap.lo `test -f 'eap/eap.c' || echo '$(srcdir)/'`eap/eap.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/eap.Tpo $(DEPDIR)/eap.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='eap/eap.c' object='eap.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap.lo `test -f 'eap/eap.c' || echo '$(srcdir)/'`eap/eap.c
+
+plugin_loader.lo: plugins/plugin_loader.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT plugin_loader.lo -MD -MP -MF $(DEPDIR)/plugin_loader.Tpo -c -o plugin_loader.lo `test -f 'plugins/plugin_loader.c' || echo '$(srcdir)/'`plugins/plugin_loader.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/plugin_loader.Tpo $(DEPDIR)/plugin_loader.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='plugins/plugin_loader.c' object='plugin_loader.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o plugin_loader.lo `test -f 'plugins/plugin_loader.c' || echo '$(srcdir)/'`plugins/plugin_loader.c
+
+callback_job.lo: processing/jobs/callback_job.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT callback_job.lo -MD -MP -MF $(DEPDIR)/callback_job.Tpo -c -o callback_job.lo `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/callback_job.c' object='callback_job.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o callback_job.lo `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c
+
+processor.lo: processing/processor.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT processor.lo -MD -MP -MF $(DEPDIR)/processor.Tpo -c -o processor.lo `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/processor.Tpo $(DEPDIR)/processor.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/processor.c' object='processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o processor.lo `test -f 'processing/processor.c' || echo '$(srcdir)/'`processing/processor.c
+
+scheduler.lo: processing/scheduler.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT scheduler.lo -MD -MP -MF $(DEPDIR)/scheduler.Tpo -c -o scheduler.lo `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/scheduler.Tpo $(DEPDIR)/scheduler.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/scheduler.c' object='scheduler.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o scheduler.lo `test -f 'processing/scheduler.c' || echo '$(srcdir)/'`processing/scheduler.c
+
traffic_selector.lo: selectors/traffic_selector.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT traffic_selector.lo -MD -MP -MF $(DEPDIR)/traffic_selector.Tpo -c -o traffic_selector.lo `test -f 'selectors/traffic_selector.c' || echo '$(srcdir)/'`selectors/traffic_selector.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/traffic_selector.Tpo $(DEPDIR)/traffic_selector.Plo
@@ -1041,13 +1150,6 @@ backtrace.lo: utils/backtrace.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o backtrace.lo `test -f 'utils/backtrace.c' || echo '$(srcdir)/'`utils/backtrace.c
-plugin_loader.lo: plugins/plugin_loader.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT plugin_loader.lo -MD -MP -MF $(DEPDIR)/plugin_loader.Tpo -c -o plugin_loader.lo `test -f 'plugins/plugin_loader.c' || echo '$(srcdir)/'`plugins/plugin_loader.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/plugin_loader.Tpo $(DEPDIR)/plugin_loader.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='plugins/plugin_loader.c' object='plugin_loader.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o plugin_loader.lo `test -f 'plugins/plugin_loader.c' || echo '$(srcdir)/'`plugins/plugin_loader.c
-
leak_detective.lo: utils/leak_detective.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT leak_detective.lo -MD -MP -MF $(DEPDIR)/leak_detective.Tpo -c -o leak_detective.lo `test -f 'utils/leak_detective.c' || echo '$(srcdir)/'`utils/leak_detective.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/leak_detective.Tpo $(DEPDIR)/leak_detective.Plo
@@ -1383,6 +1485,8 @@ uninstall-am: uninstall-libLTLIBRARIES
uninstall-libLTLIBRARIES
+library.lo : $(top_builddir)/config.status
+
$(srcdir)/asn1/oid.c : $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
(cd $(srcdir)/asn1/ && $(PERL) oid.pl)
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index 8f91a2e2b..1e5dec8a5 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -171,12 +171,12 @@ const oid_t oid_names[] = {
{ 0x02, 159, 0, 7, "ecdsa-with-SHA256" }, /* 158 */
{ 0x03, 160, 0, 7, "ecdsa-with-SHA384" }, /* 159 */
{ 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 160 */
- {0x2B, 307, 1, 0, "" }, /* 161 */
- { 0x06, 221, 1, 1, "dod" }, /* 162 */
+ {0x2B, 309, 1, 0, "" }, /* 161 */
+ { 0x06, 223, 1, 1, "dod" }, /* 162 */
{ 0x01, 0, 1, 2, "internet" }, /* 163 */
- { 0x04, 182, 1, 3, "private" }, /* 164 */
+ { 0x04, 183, 1, 3, "private" }, /* 164 */
{ 0x01, 0, 1, 4, "enterprise" }, /* 165 */
- { 0x82, 175, 1, 5, "" }, /* 166 */
+ { 0x82, 176, 1, 5, "" }, /* 166 */
{ 0x37, 0, 1, 6, "Microsoft" }, /* 167 */
{ 0x0A, 172, 1, 7, "" }, /* 168 */
{ 0x03, 0, 1, 8, "" }, /* 169 */
@@ -184,184 +184,186 @@ const oid_t oid_names[] = {
{ 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 171 */
{ 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 172 */
{ 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 173 */
- { 0x02, 0, 0, 9, "msSmartcardLogon" }, /* 174 */
- { 0x89, 0, 1, 5, "" }, /* 175 */
- { 0x31, 0, 1, 6, "" }, /* 176 */
- { 0x01, 0, 1, 7, "" }, /* 177 */
- { 0x01, 0, 1, 8, "" }, /* 178 */
- { 0x02, 0, 1, 9, "" }, /* 179 */
- { 0x02, 181, 0, 10, "" }, /* 180 */
- { 0x4B, 0, 0, 10, "TCGID" }, /* 181 */
- { 0x05, 0, 1, 3, "security" }, /* 182 */
- { 0x05, 0, 1, 4, "mechanisms" }, /* 183 */
- { 0x07, 0, 1, 5, "id-pkix" }, /* 184 */
- { 0x01, 188, 1, 6, "id-pe" }, /* 185 */
- { 0x01, 187, 0, 7, "authorityInfoAccess" }, /* 186 */
- { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 187 */
- { 0x02, 191, 1, 6, "id-qt" }, /* 188 */
- { 0x01, 190, 0, 7, "cps" }, /* 189 */
- { 0x02, 0, 0, 7, "unotice" }, /* 190 */
- { 0x03, 201, 1, 6, "id-kp" }, /* 191 */
- { 0x01, 193, 0, 7, "serverAuth" }, /* 192 */
- { 0x02, 194, 0, 7, "clientAuth" }, /* 193 */
- { 0x03, 195, 0, 7, "codeSigning" }, /* 194 */
- { 0x04, 196, 0, 7, "emailProtection" }, /* 195 */
- { 0x05, 197, 0, 7, "ipsecEndSystem" }, /* 196 */
- { 0x06, 198, 0, 7, "ipsecTunnel" }, /* 197 */
- { 0x07, 199, 0, 7, "ipsecUser" }, /* 198 */
- { 0x08, 200, 0, 7, "timeStamping" }, /* 199 */
- { 0x09, 0, 0, 7, "ocspSigning" }, /* 200 */
- { 0x08, 203, 1, 6, "id-otherNames" }, /* 201 */
- { 0x05, 0, 0, 7, "xmppAddr" }, /* 202 */
- { 0x0A, 208, 1, 6, "id-aca" }, /* 203 */
- { 0x01, 205, 0, 7, "authenticationInfo" }, /* 204 */
- { 0x02, 206, 0, 7, "accessIdentity" }, /* 205 */
- { 0x03, 207, 0, 7, "chargingIdentity" }, /* 206 */
- { 0x04, 0, 0, 7, "group" }, /* 207 */
- { 0x0B, 209, 0, 6, "subjectInfoAccess" }, /* 208 */
- { 0x30, 0, 1, 6, "id-ad" }, /* 209 */
- { 0x01, 218, 1, 7, "ocsp" }, /* 210 */
- { 0x01, 212, 0, 8, "basic" }, /* 211 */
- { 0x02, 213, 0, 8, "nonce" }, /* 212 */
- { 0x03, 214, 0, 8, "crl" }, /* 213 */
- { 0x04, 215, 0, 8, "response" }, /* 214 */
- { 0x05, 216, 0, 8, "noCheck" }, /* 215 */
- { 0x06, 217, 0, 8, "archiveCutoff" }, /* 216 */
- { 0x07, 0, 0, 8, "serviceLocator" }, /* 217 */
- { 0x02, 219, 0, 7, "caIssuers" }, /* 218 */
- { 0x03, 220, 0, 7, "timeStamping" }, /* 219 */
- { 0x05, 0, 0, 7, "caRepository" }, /* 220 */
- { 0x0E, 227, 1, 1, "oiw" }, /* 221 */
- { 0x03, 0, 1, 2, "secsig" }, /* 222 */
- { 0x02, 0, 1, 3, "algorithms" }, /* 223 */
- { 0x07, 225, 0, 4, "des-cbc" }, /* 224 */
- { 0x1A, 226, 0, 4, "sha-1" }, /* 225 */
- { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 226 */
- { 0x24, 273, 1, 1, "TeleTrusT" }, /* 227 */
- { 0x03, 0, 1, 2, "algorithm" }, /* 228 */
- { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 229 */
- { 0x01, 234, 1, 4, "rsaSignature" }, /* 230 */
- { 0x02, 232, 0, 5, "rsaSigWithripemd160" }, /* 231 */
- { 0x03, 233, 0, 5, "rsaSigWithripemd128" }, /* 232 */
- { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 233 */
- { 0x02, 0, 1, 4, "ecSign" }, /* 234 */
- { 0x01, 236, 0, 5, "ecSignWithsha1" }, /* 235 */
- { 0x02, 237, 0, 5, "ecSignWithripemd160" }, /* 236 */
- { 0x03, 238, 0, 5, "ecSignWithmd2" }, /* 237 */
- { 0x04, 239, 0, 5, "ecSignWithmd5" }, /* 238 */
- { 0x05, 256, 1, 5, "ttt-ecg" }, /* 239 */
- { 0x01, 244, 1, 6, "fieldType" }, /* 240 */
- { 0x01, 0, 1, 7, "characteristictwoField" }, /* 241 */
- { 0x01, 0, 1, 8, "basisType" }, /* 242 */
- { 0x01, 0, 0, 9, "ipBasis" }, /* 243 */
- { 0x02, 246, 1, 6, "keyType" }, /* 244 */
- { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 245 */
- { 0x03, 247, 0, 6, "curve" }, /* 246 */
- { 0x04, 254, 1, 6, "signatures" }, /* 247 */
- { 0x01, 249, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 248 */
- { 0x02, 250, 0, 7, "ecgdsa-with-SHA1" }, /* 249 */
- { 0x03, 251, 0, 7, "ecgdsa-with-SHA224" }, /* 250 */
- { 0x04, 252, 0, 7, "ecgdsa-with-SHA256" }, /* 251 */
- { 0x05, 253, 0, 7, "ecgdsa-with-SHA384" }, /* 252 */
- { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 253 */
- { 0x05, 0, 1, 6, "module" }, /* 254 */
- { 0x01, 0, 0, 7, "1" }, /* 255 */
- { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 256 */
- { 0x01, 0, 1, 6, "ellipticCurve" }, /* 257 */
- { 0x01, 0, 1, 7, "versionOne" }, /* 258 */
- { 0x01, 260, 0, 8, "brainpoolP160r1" }, /* 259 */
- { 0x02, 261, 0, 8, "brainpoolP160t1" }, /* 260 */
- { 0x03, 262, 0, 8, "brainpoolP192r1" }, /* 261 */
- { 0x04, 263, 0, 8, "brainpoolP192t1" }, /* 262 */
- { 0x05, 264, 0, 8, "brainpoolP224r1" }, /* 263 */
- { 0x06, 265, 0, 8, "brainpoolP224t1" }, /* 264 */
- { 0x07, 266, 0, 8, "brainpoolP256r1" }, /* 265 */
- { 0x08, 267, 0, 8, "brainpoolP256t1" }, /* 266 */
- { 0x09, 268, 0, 8, "brainpoolP320r1" }, /* 267 */
- { 0x0A, 269, 0, 8, "brainpoolP320t1" }, /* 268 */
- { 0x0B, 270, 0, 8, "brainpoolP384r1" }, /* 269 */
- { 0x0C, 271, 0, 8, "brainpoolP384t1" }, /* 270 */
- { 0x0D, 272, 0, 8, "brainpoolP512r1" }, /* 271 */
- { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 272 */
- { 0x81, 0, 1, 1, "" }, /* 273 */
- { 0x04, 0, 1, 2, "Certicom" }, /* 274 */
- { 0x00, 0, 1, 3, "curve" }, /* 275 */
- { 0x01, 277, 0, 4, "sect163k1" }, /* 276 */
- { 0x02, 278, 0, 4, "sect163r1" }, /* 277 */
- { 0x03, 279, 0, 4, "sect239k1" }, /* 278 */
- { 0x04, 280, 0, 4, "sect113r1" }, /* 279 */
- { 0x05, 281, 0, 4, "sect113r2" }, /* 280 */
- { 0x06, 282, 0, 4, "secp112r1" }, /* 281 */
- { 0x07, 283, 0, 4, "secp112r2" }, /* 282 */
- { 0x08, 284, 0, 4, "secp160r1" }, /* 283 */
- { 0x09, 285, 0, 4, "secp160k1" }, /* 284 */
- { 0x0A, 286, 0, 4, "secp256k1" }, /* 285 */
- { 0x0F, 287, 0, 4, "sect163r2" }, /* 286 */
- { 0x10, 288, 0, 4, "sect283k1" }, /* 287 */
- { 0x11, 289, 0, 4, "sect283r1" }, /* 288 */
- { 0x16, 290, 0, 4, "sect131r1" }, /* 289 */
- { 0x17, 291, 0, 4, "sect131r2" }, /* 290 */
- { 0x18, 292, 0, 4, "sect193r1" }, /* 291 */
- { 0x19, 293, 0, 4, "sect193r2" }, /* 292 */
- { 0x1A, 294, 0, 4, "sect233k1" }, /* 293 */
- { 0x1B, 295, 0, 4, "sect233r1" }, /* 294 */
- { 0x1C, 296, 0, 4, "secp128r1" }, /* 295 */
- { 0x1D, 297, 0, 4, "secp128r2" }, /* 296 */
- { 0x1E, 298, 0, 4, "secp160r2" }, /* 297 */
- { 0x1F, 299, 0, 4, "secp192k1" }, /* 298 */
- { 0x20, 300, 0, 4, "secp224k1" }, /* 299 */
- { 0x21, 301, 0, 4, "secp224r1" }, /* 300 */
- { 0x22, 302, 0, 4, "secp384r1" }, /* 301 */
- { 0x23, 303, 0, 4, "secp521r1" }, /* 302 */
- { 0x24, 304, 0, 4, "sect409k1" }, /* 303 */
- { 0x25, 305, 0, 4, "sect409r1" }, /* 304 */
- { 0x26, 306, 0, 4, "sect571k1" }, /* 305 */
- { 0x27, 0, 0, 4, "sect571r1" }, /* 306 */
- {0x60, 0, 1, 0, "" }, /* 307 */
- { 0x86, 0, 1, 1, "" }, /* 308 */
- { 0x48, 0, 1, 2, "" }, /* 309 */
- { 0x01, 0, 1, 3, "organization" }, /* 310 */
- { 0x65, 329, 1, 4, "gov" }, /* 311 */
- { 0x03, 0, 1, 5, "csor" }, /* 312 */
- { 0x04, 0, 1, 6, "nistalgorithm" }, /* 313 */
- { 0x01, 324, 1, 7, "aes" }, /* 314 */
- { 0x02, 316, 0, 8, "id-aes128-CBC" }, /* 315 */
- { 0x06, 317, 0, 8, "id-aes128-GCM" }, /* 316 */
- { 0x07, 318, 0, 8, "id-aes128-CCM" }, /* 317 */
- { 0x16, 319, 0, 8, "id-aes192-CBC" }, /* 318 */
- { 0x1A, 320, 0, 8, "id-aes192-GCM" }, /* 319 */
- { 0x1B, 321, 0, 8, "id-aes192-CCM" }, /* 320 */
- { 0x2A, 322, 0, 8, "id-aes256-CBC" }, /* 321 */
- { 0x2E, 323, 0, 8, "id-aes256-GCM" }, /* 322 */
- { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 323 */
- { 0x02, 0, 1, 7, "hashalgs" }, /* 324 */
- { 0x01, 326, 0, 8, "id-SHA-256" }, /* 325 */
- { 0x02, 327, 0, 8, "id-SHA-384" }, /* 326 */
- { 0x03, 328, 0, 8, "id-SHA-512" }, /* 327 */
- { 0x04, 0, 0, 8, "id-SHA-224" }, /* 328 */
- { 0x86, 0, 1, 4, "" }, /* 329 */
- { 0xf8, 0, 1, 5, "" }, /* 330 */
- { 0x42, 343, 1, 6, "netscape" }, /* 331 */
- { 0x01, 338, 1, 7, "" }, /* 332 */
- { 0x01, 334, 0, 8, "nsCertType" }, /* 333 */
- { 0x03, 335, 0, 8, "nsRevocationUrl" }, /* 334 */
- { 0x04, 336, 0, 8, "nsCaRevocationUrl" }, /* 335 */
- { 0x08, 337, 0, 8, "nsCaPolicyUrl" }, /* 336 */
- { 0x0d, 0, 0, 8, "nsComment" }, /* 337 */
- { 0x03, 341, 1, 7, "directory" }, /* 338 */
- { 0x01, 0, 1, 8, "" }, /* 339 */
- { 0x03, 0, 0, 9, "employeeNumber" }, /* 340 */
- { 0x04, 0, 1, 7, "policy" }, /* 341 */
- { 0x01, 0, 0, 8, "nsSGC" }, /* 342 */
- { 0x45, 0, 1, 6, "verisign" }, /* 343 */
- { 0x01, 0, 1, 7, "pki" }, /* 344 */
- { 0x09, 0, 1, 8, "attributes" }, /* 345 */
- { 0x02, 347, 0, 9, "messageType" }, /* 346 */
- { 0x03, 348, 0, 9, "pkiStatus" }, /* 347 */
- { 0x04, 349, 0, 9, "failInfo" }, /* 348 */
- { 0x05, 350, 0, 9, "senderNonce" }, /* 349 */
- { 0x06, 351, 0, 9, "recipientNonce" }, /* 350 */
- { 0x07, 352, 0, 9, "transID" }, /* 351 */
- { 0x08, 353, 0, 9, "extensionReq" }, /* 352 */
- { 0x08, 0, 0, 9, "extensionReq" } /* 353 */
+ { 0x02, 175, 0, 9, "msSmartcardLogon" }, /* 174 */
+ { 0x03, 0, 0, 9, "msUPN" }, /* 175 */
+ { 0x89, 0, 1, 5, "" }, /* 176 */
+ { 0x31, 0, 1, 6, "" }, /* 177 */
+ { 0x01, 0, 1, 7, "" }, /* 178 */
+ { 0x01, 0, 1, 8, "" }, /* 179 */
+ { 0x02, 0, 1, 9, "" }, /* 180 */
+ { 0x02, 182, 0, 10, "" }, /* 181 */
+ { 0x4B, 0, 0, 10, "TCGID" }, /* 182 */
+ { 0x05, 0, 1, 3, "security" }, /* 183 */
+ { 0x05, 0, 1, 4, "mechanisms" }, /* 184 */
+ { 0x07, 0, 1, 5, "id-pkix" }, /* 185 */
+ { 0x01, 190, 1, 6, "id-pe" }, /* 186 */
+ { 0x01, 188, 0, 7, "authorityInfoAccess" }, /* 187 */
+ { 0x03, 189, 0, 7, "qcStatements" }, /* 188 */
+ { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 189 */
+ { 0x02, 193, 1, 6, "id-qt" }, /* 190 */
+ { 0x01, 192, 0, 7, "cps" }, /* 191 */
+ { 0x02, 0, 0, 7, "unotice" }, /* 192 */
+ { 0x03, 203, 1, 6, "id-kp" }, /* 193 */
+ { 0x01, 195, 0, 7, "serverAuth" }, /* 194 */
+ { 0x02, 196, 0, 7, "clientAuth" }, /* 195 */
+ { 0x03, 197, 0, 7, "codeSigning" }, /* 196 */
+ { 0x04, 198, 0, 7, "emailProtection" }, /* 197 */
+ { 0x05, 199, 0, 7, "ipsecEndSystem" }, /* 198 */
+ { 0x06, 200, 0, 7, "ipsecTunnel" }, /* 199 */
+ { 0x07, 201, 0, 7, "ipsecUser" }, /* 200 */
+ { 0x08, 202, 0, 7, "timeStamping" }, /* 201 */
+ { 0x09, 0, 0, 7, "ocspSigning" }, /* 202 */
+ { 0x08, 205, 1, 6, "id-otherNames" }, /* 203 */
+ { 0x05, 0, 0, 7, "xmppAddr" }, /* 204 */
+ { 0x0A, 210, 1, 6, "id-aca" }, /* 205 */
+ { 0x01, 207, 0, 7, "authenticationInfo" }, /* 206 */
+ { 0x02, 208, 0, 7, "accessIdentity" }, /* 207 */
+ { 0x03, 209, 0, 7, "chargingIdentity" }, /* 208 */
+ { 0x04, 0, 0, 7, "group" }, /* 209 */
+ { 0x0B, 211, 0, 6, "subjectInfoAccess" }, /* 210 */
+ { 0x30, 0, 1, 6, "id-ad" }, /* 211 */
+ { 0x01, 220, 1, 7, "ocsp" }, /* 212 */
+ { 0x01, 214, 0, 8, "basic" }, /* 213 */
+ { 0x02, 215, 0, 8, "nonce" }, /* 214 */
+ { 0x03, 216, 0, 8, "crl" }, /* 215 */
+ { 0x04, 217, 0, 8, "response" }, /* 216 */
+ { 0x05, 218, 0, 8, "noCheck" }, /* 217 */
+ { 0x06, 219, 0, 8, "archiveCutoff" }, /* 218 */
+ { 0x07, 0, 0, 8, "serviceLocator" }, /* 219 */
+ { 0x02, 221, 0, 7, "caIssuers" }, /* 220 */
+ { 0x03, 222, 0, 7, "timeStamping" }, /* 221 */
+ { 0x05, 0, 0, 7, "caRepository" }, /* 222 */
+ { 0x0E, 229, 1, 1, "oiw" }, /* 223 */
+ { 0x03, 0, 1, 2, "secsig" }, /* 224 */
+ { 0x02, 0, 1, 3, "algorithms" }, /* 225 */
+ { 0x07, 227, 0, 4, "des-cbc" }, /* 226 */
+ { 0x1A, 228, 0, 4, "sha-1" }, /* 227 */
+ { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 228 */
+ { 0x24, 275, 1, 1, "TeleTrusT" }, /* 229 */
+ { 0x03, 0, 1, 2, "algorithm" }, /* 230 */
+ { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 231 */
+ { 0x01, 236, 1, 4, "rsaSignature" }, /* 232 */
+ { 0x02, 234, 0, 5, "rsaSigWithripemd160" }, /* 233 */
+ { 0x03, 235, 0, 5, "rsaSigWithripemd128" }, /* 234 */
+ { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 235 */
+ { 0x02, 0, 1, 4, "ecSign" }, /* 236 */
+ { 0x01, 238, 0, 5, "ecSignWithsha1" }, /* 237 */
+ { 0x02, 239, 0, 5, "ecSignWithripemd160" }, /* 238 */
+ { 0x03, 240, 0, 5, "ecSignWithmd2" }, /* 239 */
+ { 0x04, 241, 0, 5, "ecSignWithmd5" }, /* 240 */
+ { 0x05, 258, 1, 5, "ttt-ecg" }, /* 241 */
+ { 0x01, 246, 1, 6, "fieldType" }, /* 242 */
+ { 0x01, 0, 1, 7, "characteristictwoField" }, /* 243 */
+ { 0x01, 0, 1, 8, "basisType" }, /* 244 */
+ { 0x01, 0, 0, 9, "ipBasis" }, /* 245 */
+ { 0x02, 248, 1, 6, "keyType" }, /* 246 */
+ { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 247 */
+ { 0x03, 249, 0, 6, "curve" }, /* 248 */
+ { 0x04, 256, 1, 6, "signatures" }, /* 249 */
+ { 0x01, 251, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 250 */
+ { 0x02, 252, 0, 7, "ecgdsa-with-SHA1" }, /* 251 */
+ { 0x03, 253, 0, 7, "ecgdsa-with-SHA224" }, /* 252 */
+ { 0x04, 254, 0, 7, "ecgdsa-with-SHA256" }, /* 253 */
+ { 0x05, 255, 0, 7, "ecgdsa-with-SHA384" }, /* 254 */
+ { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 255 */
+ { 0x05, 0, 1, 6, "module" }, /* 256 */
+ { 0x01, 0, 0, 7, "1" }, /* 257 */
+ { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 258 */
+ { 0x01, 0, 1, 6, "ellipticCurve" }, /* 259 */
+ { 0x01, 0, 1, 7, "versionOne" }, /* 260 */
+ { 0x01, 262, 0, 8, "brainpoolP160r1" }, /* 261 */
+ { 0x02, 263, 0, 8, "brainpoolP160t1" }, /* 262 */
+ { 0x03, 264, 0, 8, "brainpoolP192r1" }, /* 263 */
+ { 0x04, 265, 0, 8, "brainpoolP192t1" }, /* 264 */
+ { 0x05, 266, 0, 8, "brainpoolP224r1" }, /* 265 */
+ { 0x06, 267, 0, 8, "brainpoolP224t1" }, /* 266 */
+ { 0x07, 268, 0, 8, "brainpoolP256r1" }, /* 267 */
+ { 0x08, 269, 0, 8, "brainpoolP256t1" }, /* 268 */
+ { 0x09, 270, 0, 8, "brainpoolP320r1" }, /* 269 */
+ { 0x0A, 271, 0, 8, "brainpoolP320t1" }, /* 270 */
+ { 0x0B, 272, 0, 8, "brainpoolP384r1" }, /* 271 */
+ { 0x0C, 273, 0, 8, "brainpoolP384t1" }, /* 272 */
+ { 0x0D, 274, 0, 8, "brainpoolP512r1" }, /* 273 */
+ { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 274 */
+ { 0x81, 0, 1, 1, "" }, /* 275 */
+ { 0x04, 0, 1, 2, "Certicom" }, /* 276 */
+ { 0x00, 0, 1, 3, "curve" }, /* 277 */
+ { 0x01, 279, 0, 4, "sect163k1" }, /* 278 */
+ { 0x02, 280, 0, 4, "sect163r1" }, /* 279 */
+ { 0x03, 281, 0, 4, "sect239k1" }, /* 280 */
+ { 0x04, 282, 0, 4, "sect113r1" }, /* 281 */
+ { 0x05, 283, 0, 4, "sect113r2" }, /* 282 */
+ { 0x06, 284, 0, 4, "secp112r1" }, /* 283 */
+ { 0x07, 285, 0, 4, "secp112r2" }, /* 284 */
+ { 0x08, 286, 0, 4, "secp160r1" }, /* 285 */
+ { 0x09, 287, 0, 4, "secp160k1" }, /* 286 */
+ { 0x0A, 288, 0, 4, "secp256k1" }, /* 287 */
+ { 0x0F, 289, 0, 4, "sect163r2" }, /* 288 */
+ { 0x10, 290, 0, 4, "sect283k1" }, /* 289 */
+ { 0x11, 291, 0, 4, "sect283r1" }, /* 290 */
+ { 0x16, 292, 0, 4, "sect131r1" }, /* 291 */
+ { 0x17, 293, 0, 4, "sect131r2" }, /* 292 */
+ { 0x18, 294, 0, 4, "sect193r1" }, /* 293 */
+ { 0x19, 295, 0, 4, "sect193r2" }, /* 294 */
+ { 0x1A, 296, 0, 4, "sect233k1" }, /* 295 */
+ { 0x1B, 297, 0, 4, "sect233r1" }, /* 296 */
+ { 0x1C, 298, 0, 4, "secp128r1" }, /* 297 */
+ { 0x1D, 299, 0, 4, "secp128r2" }, /* 298 */
+ { 0x1E, 300, 0, 4, "secp160r2" }, /* 299 */
+ { 0x1F, 301, 0, 4, "secp192k1" }, /* 300 */
+ { 0x20, 302, 0, 4, "secp224k1" }, /* 301 */
+ { 0x21, 303, 0, 4, "secp224r1" }, /* 302 */
+ { 0x22, 304, 0, 4, "secp384r1" }, /* 303 */
+ { 0x23, 305, 0, 4, "secp521r1" }, /* 304 */
+ { 0x24, 306, 0, 4, "sect409k1" }, /* 305 */
+ { 0x25, 307, 0, 4, "sect409r1" }, /* 306 */
+ { 0x26, 308, 0, 4, "sect571k1" }, /* 307 */
+ { 0x27, 0, 0, 4, "sect571r1" }, /* 308 */
+ {0x60, 0, 1, 0, "" }, /* 309 */
+ { 0x86, 0, 1, 1, "" }, /* 310 */
+ { 0x48, 0, 1, 2, "" }, /* 311 */
+ { 0x01, 0, 1, 3, "organization" }, /* 312 */
+ { 0x65, 331, 1, 4, "gov" }, /* 313 */
+ { 0x03, 0, 1, 5, "csor" }, /* 314 */
+ { 0x04, 0, 1, 6, "nistalgorithm" }, /* 315 */
+ { 0x01, 326, 1, 7, "aes" }, /* 316 */
+ { 0x02, 318, 0, 8, "id-aes128-CBC" }, /* 317 */
+ { 0x06, 319, 0, 8, "id-aes128-GCM" }, /* 318 */
+ { 0x07, 320, 0, 8, "id-aes128-CCM" }, /* 319 */
+ { 0x16, 321, 0, 8, "id-aes192-CBC" }, /* 320 */
+ { 0x1A, 322, 0, 8, "id-aes192-GCM" }, /* 321 */
+ { 0x1B, 323, 0, 8, "id-aes192-CCM" }, /* 322 */
+ { 0x2A, 324, 0, 8, "id-aes256-CBC" }, /* 323 */
+ { 0x2E, 325, 0, 8, "id-aes256-GCM" }, /* 324 */
+ { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 325 */
+ { 0x02, 0, 1, 7, "hashalgs" }, /* 326 */
+ { 0x01, 328, 0, 8, "id-SHA-256" }, /* 327 */
+ { 0x02, 329, 0, 8, "id-SHA-384" }, /* 328 */
+ { 0x03, 330, 0, 8, "id-SHA-512" }, /* 329 */
+ { 0x04, 0, 0, 8, "id-SHA-224" }, /* 330 */
+ { 0x86, 0, 1, 4, "" }, /* 331 */
+ { 0xf8, 0, 1, 5, "" }, /* 332 */
+ { 0x42, 345, 1, 6, "netscape" }, /* 333 */
+ { 0x01, 340, 1, 7, "" }, /* 334 */
+ { 0x01, 336, 0, 8, "nsCertType" }, /* 335 */
+ { 0x03, 337, 0, 8, "nsRevocationUrl" }, /* 336 */
+ { 0x04, 338, 0, 8, "nsCaRevocationUrl" }, /* 337 */
+ { 0x08, 339, 0, 8, "nsCaPolicyUrl" }, /* 338 */
+ { 0x0d, 0, 0, 8, "nsComment" }, /* 339 */
+ { 0x03, 343, 1, 7, "directory" }, /* 340 */
+ { 0x01, 0, 1, 8, "" }, /* 341 */
+ { 0x03, 0, 0, 9, "employeeNumber" }, /* 342 */
+ { 0x04, 0, 1, 7, "policy" }, /* 343 */
+ { 0x01, 0, 0, 8, "nsSGC" }, /* 344 */
+ { 0x45, 0, 1, 6, "verisign" }, /* 345 */
+ { 0x01, 0, 1, 7, "pki" }, /* 346 */
+ { 0x09, 0, 1, 8, "attributes" }, /* 347 */
+ { 0x02, 349, 0, 9, "messageType" }, /* 348 */
+ { 0x03, 350, 0, 9, "pkiStatus" }, /* 349 */
+ { 0x04, 351, 0, 9, "failInfo" }, /* 350 */
+ { 0x05, 352, 0, 9, "senderNonce" }, /* 351 */
+ { 0x06, 353, 0, 9, "recipientNonce" }, /* 352 */
+ { 0x07, 354, 0, 9, "transID" }, /* 353 */
+ { 0x08, 355, 0, 9, "extensionReq" }, /* 354 */
+ { 0x08, 0, 0, 9, "extensionReq" } /* 355 */
};
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index aa1fd31b0..16c9e854b 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -116,92 +116,93 @@ extern const oid_t oid_names[];
#define OID_ECDSA_WITH_SHA256 158
#define OID_ECDSA_WITH_SHA384 159
#define OID_ECDSA_WITH_SHA512 160
-#define OID_TCGID 181
-#define OID_AUTHORITY_INFO_ACCESS 186
-#define OID_IP_ADDR_BLOCKS 187
-#define OID_SERVER_AUTH 192
-#define OID_CLIENT_AUTH 193
-#define OID_OCSP_SIGNING 200
-#define OID_XMPP_ADDR 202
-#define OID_AUTHENTICATION_INFO 204
-#define OID_ACCESS_IDENTITY 205
-#define OID_CHARGING_IDENTITY 206
-#define OID_GROUP 207
-#define OID_OCSP 210
-#define OID_BASIC 211
-#define OID_NONCE 212
-#define OID_CRL 213
-#define OID_RESPONSE 214
-#define OID_NO_CHECK 215
-#define OID_ARCHIVE_CUTOFF 216
-#define OID_SERVICE_LOCATOR 217
-#define OID_CA_ISSUERS 218
-#define OID_DES_CBC 224
-#define OID_SHA1 225
-#define OID_SHA1_WITH_RSA_OIW 226
-#define OID_ECGDSA_PUBKEY 245
-#define OID_ECGDSA_SIG_WITH_RIPEMD160 248
-#define OID_ECGDSA_SIG_WITH_SHA1 249
-#define OID_ECGDSA_SIG_WITH_SHA224 250
-#define OID_ECGDSA_SIG_WITH_SHA256 251
-#define OID_ECGDSA_SIG_WITH_SHA384 252
-#define OID_ECGDSA_SIG_WITH_SHA512 253
-#define OID_SECT163K1 276
-#define OID_SECT163R1 277
-#define OID_SECT239K1 278
-#define OID_SECT113R1 279
-#define OID_SECT113R2 280
-#define OID_SECT112R1 281
-#define OID_SECT112R2 282
-#define OID_SECT160R1 283
-#define OID_SECT160K1 284
-#define OID_SECT256K1 285
-#define OID_SECT163R2 286
-#define OID_SECT283K1 287
-#define OID_SECT283R1 288
-#define OID_SECT131R1 289
-#define OID_SECT131R2 290
-#define OID_SECT193R1 291
-#define OID_SECT193R2 292
-#define OID_SECT233K1 293
-#define OID_SECT233R1 294
-#define OID_SECT128R1 295
-#define OID_SECT128R2 296
-#define OID_SECT160R2 297
-#define OID_SECT192K1 298
-#define OID_SECT224K1 299
-#define OID_SECT224R1 300
-#define OID_SECT384R1 301
-#define OID_SECT521R1 302
-#define OID_SECT409K1 303
-#define OID_SECT409R1 304
-#define OID_SECT571K1 305
-#define OID_SECT571R1 306
-#define OID_AES128_CBC 315
-#define OID_AES128_GCM 316
-#define OID_AES128_CCM 317
-#define OID_AES192_CBC 318
-#define OID_AES192_GCM 319
-#define OID_AES192_CCM 320
-#define OID_AES256_CBC 321
-#define OID_AES256_GCM 322
-#define OID_AES256_CCM 323
-#define OID_SHA256 325
-#define OID_SHA384 326
-#define OID_SHA512 327
-#define OID_SHA224 328
-#define OID_NS_REVOCATION_URL 334
-#define OID_NS_CA_REVOCATION_URL 335
-#define OID_NS_CA_POLICY_URL 336
-#define OID_NS_COMMENT 337
-#define OID_EMPLOYEE_NUMBER 340
-#define OID_PKI_MESSAGE_TYPE 346
-#define OID_PKI_STATUS 347
-#define OID_PKI_FAIL_INFO 348
-#define OID_PKI_SENDER_NONCE 349
-#define OID_PKI_RECIPIENT_NONCE 350
-#define OID_PKI_TRANS_ID 351
+#define OID_USER_PRINCIPAL_NAME 175
+#define OID_TCGID 182
+#define OID_AUTHORITY_INFO_ACCESS 187
+#define OID_IP_ADDR_BLOCKS 189
+#define OID_SERVER_AUTH 194
+#define OID_CLIENT_AUTH 195
+#define OID_OCSP_SIGNING 202
+#define OID_XMPP_ADDR 204
+#define OID_AUTHENTICATION_INFO 206
+#define OID_ACCESS_IDENTITY 207
+#define OID_CHARGING_IDENTITY 208
+#define OID_GROUP 209
+#define OID_OCSP 212
+#define OID_BASIC 213
+#define OID_NONCE 214
+#define OID_CRL 215
+#define OID_RESPONSE 216
+#define OID_NO_CHECK 217
+#define OID_ARCHIVE_CUTOFF 218
+#define OID_SERVICE_LOCATOR 219
+#define OID_CA_ISSUERS 220
+#define OID_DES_CBC 226
+#define OID_SHA1 227
+#define OID_SHA1_WITH_RSA_OIW 228
+#define OID_ECGDSA_PUBKEY 247
+#define OID_ECGDSA_SIG_WITH_RIPEMD160 250
+#define OID_ECGDSA_SIG_WITH_SHA1 251
+#define OID_ECGDSA_SIG_WITH_SHA224 252
+#define OID_ECGDSA_SIG_WITH_SHA256 253
+#define OID_ECGDSA_SIG_WITH_SHA384 254
+#define OID_ECGDSA_SIG_WITH_SHA512 255
+#define OID_SECT163K1 278
+#define OID_SECT163R1 279
+#define OID_SECT239K1 280
+#define OID_SECT113R1 281
+#define OID_SECT113R2 282
+#define OID_SECT112R1 283
+#define OID_SECT112R2 284
+#define OID_SECT160R1 285
+#define OID_SECT160K1 286
+#define OID_SECT256K1 287
+#define OID_SECT163R2 288
+#define OID_SECT283K1 289
+#define OID_SECT283R1 290
+#define OID_SECT131R1 291
+#define OID_SECT131R2 292
+#define OID_SECT193R1 293
+#define OID_SECT193R2 294
+#define OID_SECT233K1 295
+#define OID_SECT233R1 296
+#define OID_SECT128R1 297
+#define OID_SECT128R2 298
+#define OID_SECT160R2 299
+#define OID_SECT192K1 300
+#define OID_SECT224K1 301
+#define OID_SECT224R1 302
+#define OID_SECT384R1 303
+#define OID_SECT521R1 304
+#define OID_SECT409K1 305
+#define OID_SECT409R1 306
+#define OID_SECT571K1 307
+#define OID_SECT571R1 308
+#define OID_AES128_CBC 317
+#define OID_AES128_GCM 318
+#define OID_AES128_CCM 319
+#define OID_AES192_CBC 320
+#define OID_AES192_GCM 321
+#define OID_AES192_CCM 322
+#define OID_AES256_CBC 323
+#define OID_AES256_GCM 324
+#define OID_AES256_CCM 325
+#define OID_SHA256 327
+#define OID_SHA384 328
+#define OID_SHA512 329
+#define OID_SHA224 330
+#define OID_NS_REVOCATION_URL 336
+#define OID_NS_CA_REVOCATION_URL 337
+#define OID_NS_CA_POLICY_URL 338
+#define OID_NS_COMMENT 339
+#define OID_EMPLOYEE_NUMBER 342
+#define OID_PKI_MESSAGE_TYPE 348
+#define OID_PKI_STATUS 349
+#define OID_PKI_FAIL_INFO 350
+#define OID_PKI_SENDER_NONCE 351
+#define OID_PKI_RECIPIENT_NONCE 352
+#define OID_PKI_TRANS_ID 353
-#define OID_MAX 354
+#define OID_MAX 356
#endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index 5d729c2eb..36db0299c 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -173,6 +173,7 @@
0x14 "msEnrollmentInfrastructure"
0x02 "msCertificateTypeExtension"
0x02 "msSmartcardLogon"
+ 0x03 "msUPN" OID_USER_PRINCIPAL_NAME
0x89 ""
0x31 ""
0x01 ""
@@ -185,6 +186,7 @@
0x07 "id-pkix"
0x01 "id-pe"
0x01 "authorityInfoAccess" OID_AUTHORITY_INFO_ACCESS
+ 0x03 "qcStatements"
0x07 "ipAddrBlocks" OID_IP_ADDR_BLOCKS
0x02 "id-qt"
0x01 "cps"
diff --git a/src/libstrongswan/chunk.c b/src/libstrongswan/chunk.c
index 4d115a816..9a4152145 100644
--- a/src/libstrongswan/chunk.c
+++ b/src/libstrongswan/chunk.c
@@ -307,24 +307,46 @@ static char hex2bin(char hex)
chunk_t chunk_from_hex(chunk_t hex, char *buf)
{
int i, len;
+ u_char *ptr;
bool odd = FALSE;
- len = (hex.len / 2);
- if (hex.len % 2)
+ /* subtract the number of optional ':' separation characters */
+ len = hex.len;
+ ptr = hex.ptr;
+ for (i = 0; i < hex.len; i++)
+ {
+ if (*ptr++ == ':')
+ {
+ len--;
+ }
+ }
+
+ /* compute the number of binary bytes */
+ if (len % 2)
{
odd = TRUE;
len++;
}
+ len /= 2;
+
+ /* allocate buffer memory unless provided by caller */
if (!buf)
{
buf = malloc(len);
}
+
/* buffer is filled from the right */
memset(buf, 0, len);
hex.ptr += hex.len;
+
for (i = len - 1; i >= 0; i--)
{
- buf[i] = hex2bin(*(--hex.ptr));
+ /* skip separation characters */
+ if (*(--hex.ptr) == ':')
+ {
+ --hex.ptr;
+ }
+ buf[i] = hex2bin(*hex.ptr);
if (i > 0 || !odd)
{
buf[i] |= hex2bin(*(--hex.ptr)) << 4;
diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h
index 5441ccf3c..f94bdfbf2 100644
--- a/src/libstrongswan/chunk.h
+++ b/src/libstrongswan/chunk.h
@@ -193,12 +193,12 @@ static inline void chunk_clear(chunk_t *chunk)
/**
* Allocate a chunk on the heap
*/
-#define chunk_alloc(bytes) ({size_t x = (bytes); chunk_create(malloc(x), x);})
+#define chunk_alloc(bytes) ({size_t x = (bytes); chunk_create(x ? malloc(x) : NULL, x);})
/**
* Allocate a chunk on the stack
*/
-#define chunk_alloca(bytes) ({size_t x = (bytes); chunk_create(alloca(x), x);})
+#define chunk_alloca(bytes) ({size_t x = (bytes); chunk_create(x ? alloca(x) : NULL, x);})
/**
* Clone a chunk on heap
@@ -208,7 +208,7 @@ static inline void chunk_clear(chunk_t *chunk)
/**
* Clone a chunk on stack
*/
-#define chunk_clonea(chunk) ({chunk_t x = (chunk); chunk_create_clone(alloca(x.len), x);})
+#define chunk_clonea(chunk) ({chunk_t x = (chunk); chunk_create_clone(x.len ? alloca(x.len) : NULL, x);})
/**
* Concatenate chunks into a chunk on heap
diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c
index 2573d0327..ce718b9cb 100644
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@@ -20,6 +20,7 @@
#include <debug.h>
#include <utils/linked_list.h>
#include <utils/identification.h>
+#include <eap/eap.h>
#include <credentials/certificates/certificate.h>
ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_EAP,
@@ -29,62 +30,6 @@ ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_EAP,
"EAP",
);
-ENUM_BEGIN(eap_type_names, EAP_IDENTITY, EAP_GTC,
- "EAP_IDENTITY",
- "EAP_NOTIFICATION",
- "EAP_NAK",
- "EAP_MD5",
- "EAP_OTP",
- "EAP_GTC");
-ENUM_NEXT(eap_type_names, EAP_SIM, EAP_SIM, EAP_GTC,
- "EAP_SIM");
-ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_SIM,
- "EAP_AKA");
-ENUM_NEXT(eap_type_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA,
- "EAP_MSCHAPV2");
-ENUM_NEXT(eap_type_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_MSCHAPV2,
- "EAP_RADIUS",
- "EAP_EXPANDED",
- "EAP_EXPERIMENTAL");
-ENUM_END(eap_type_names, EAP_EXPERIMENTAL);
-
-ENUM_BEGIN(eap_type_short_names, EAP_IDENTITY, EAP_GTC,
- "ID",
- "NTF",
- "NAK",
- "MD5",
- "OTP",
- "GTC");
-ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_GTC,
- "SIM");
-ENUM_NEXT(eap_type_short_names, EAP_AKA, EAP_AKA, EAP_SIM,
- "AKA");
-ENUM_NEXT(eap_type_short_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA,
- "MSCHAPV2");
-ENUM_NEXT(eap_type_short_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_MSCHAPV2,
- "RAD",
- "EXP",
- "XP");
-ENUM_END(eap_type_short_names, EAP_EXPERIMENTAL);
-
-ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_SUBJECT_HASH_URL,
- "RULE_IDENTITY",
- "RULE_AUTH_CLASS",
- "RULE_EAP_IDENTITY",
- "RULE_EAP_TYPE",
- "RULE_EAP_VENDOR",
- "RULE_CA_CERT",
- "RULE_IM_CERT",
- "RULE_SUBJECT_CERT",
- "RULE_CRL_VALIDATION",
- "RULE_OCSP_VALIDATION",
- "RULE_GROUP",
- "HELPER_IM_CERT",
- "HELPER_SUBJECT_CERT",
- "HELPER_IM_HASH_URL",
- "HELPER_SUBJECT_HASH_URL",
-);
-
typedef struct private_auth_cfg_t private_auth_cfg_t;
/**
@@ -174,6 +119,7 @@ static void destroy_entry_value(entry_t *entry)
{
case AUTH_RULE_IDENTITY:
case AUTH_RULE_EAP_IDENTITY:
+ case AUTH_RULE_AAA_IDENTITY:
case AUTH_RULE_GROUP:
{
identification_t *id = (identification_t*)entry->value;
@@ -231,6 +177,7 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator,
break;
case AUTH_RULE_IDENTITY:
case AUTH_RULE_EAP_IDENTITY:
+ case AUTH_RULE_AAA_IDENTITY:
case AUTH_RULE_GROUP:
case AUTH_RULE_CA_CERT:
case AUTH_RULE_IM_CERT:
@@ -296,6 +243,7 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type)
return (void*)VALIDATION_FAILED;
case AUTH_RULE_IDENTITY:
case AUTH_RULE_EAP_IDENTITY:
+ case AUTH_RULE_AAA_IDENTITY:
case AUTH_RULE_GROUP:
case AUTH_RULE_CA_CERT:
case AUTH_RULE_IM_CERT:
@@ -331,6 +279,7 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...)
break;
case AUTH_RULE_IDENTITY:
case AUTH_RULE_EAP_IDENTITY:
+ case AUTH_RULE_AAA_IDENTITY:
case AUTH_RULE_GROUP:
case AUTH_RULE_CA_CERT:
case AUTH_RULE_IM_CERT:
@@ -445,6 +394,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints,
}
case AUTH_RULE_IDENTITY:
case AUTH_RULE_EAP_IDENTITY:
+ case AUTH_RULE_AAA_IDENTITY:
{
identification_t *id1, *id2;
@@ -590,6 +540,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy
}
case AUTH_RULE_IDENTITY:
case AUTH_RULE_EAP_IDENTITY:
+ case AUTH_RULE_AAA_IDENTITY:
case AUTH_RULE_GROUP:
{
identification_t *id = (identification_t*)value;
@@ -677,6 +628,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other)
}
case AUTH_RULE_IDENTITY:
case AUTH_RULE_EAP_IDENTITY:
+ case AUTH_RULE_AAA_IDENTITY:
case AUTH_RULE_GROUP:
{
identification_t *id1, *id2;
@@ -761,6 +713,7 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this)
{
case AUTH_RULE_IDENTITY:
case AUTH_RULE_EAP_IDENTITY:
+ case AUTH_RULE_AAA_IDENTITY:
case AUTH_RULE_GROUP:
{
identification_t *id = (identification_t*)entry->value;
diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h
index 713e16372..19624a2fe 100644
--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@@ -27,7 +27,6 @@
typedef struct auth_cfg_t auth_cfg_t;
typedef enum auth_rule_t auth_rule_t;
typedef enum auth_class_t auth_class_t;
-typedef enum eap_type_t eap_type_t;
/**
* Class of authentication to use. This is different to auth_method_t in that
@@ -51,35 +50,6 @@ enum auth_class_t {
extern enum_name_t *auth_class_names;
/**
- * EAP types, defines the EAP method implementation
- */
-enum eap_type_t {
- EAP_IDENTITY = 1,
- EAP_NOTIFICATION = 2,
- EAP_NAK = 3,
- EAP_MD5 = 4,
- EAP_OTP = 5,
- EAP_GTC = 6,
- EAP_SIM = 18,
- EAP_AKA = 23,
- EAP_MSCHAPV2 = 26,
- /** not a method, but an implementation providing different methods */
- EAP_RADIUS = 253,
- EAP_EXPANDED = 254,
- EAP_EXPERIMENTAL = 255,
-};
-
-/**
- * enum names for eap_type_t.
- */
-extern enum_name_t *eap_type_names;
-
-/**
- * short string enum names for eap_type_t.
- */
-extern enum_name_t *eap_type_short_names;
-
-/**
* Authentication config to use during authentication process.
*
* Each authentication config contains a set of rules. These rule-sets are used
@@ -98,6 +68,8 @@ enum auth_rule_t {
AUTH_RULE_IDENTITY,
/** authentication class, auth_class_t */
AUTH_RULE_AUTH_CLASS,
+ /** AAA-backend identity for EAP methods supporting it, identification_t* */
+ AUTH_RULE_AAA_IDENTITY,
/** EAP identity to use within EAP-Identity exchange, identification_t* */
AUTH_RULE_EAP_IDENTITY,
/** EAP type to propose for peer authentication, eap_type_t */
diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index cfb708e33..c43e5fd5d 100644
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -45,8 +45,10 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
"BUILD_PATHLEN",
"BUILD_X509_FLAG",
"BUILD_REVOKED_ENUMERATOR",
- "BUILD_SMARTCARD_KEYID",
- "BUILD_SMARTCARD_PIN",
+ "BUILD_CHALLENGE_PWD",
+ "BUILD_PKCS11_MODULE",
+ "BUILD_PKCS11_SLOT",
+ "BUILD_PKCS11_KEYID",
"BUILD_RSA_MODULUS",
"BUILD_RSA_PUB_EXP",
"BUILD_RSA_PRIV_EXP",
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index ffb09f72a..dc87da2a4 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -57,12 +57,6 @@ enum builder_part_t {
BUILD_BLOB_PGP,
/** DNS public key blob (RFC 4034, RSA specifc RFC 3110), chunk_t */
BUILD_BLOB_DNSKEY,
- /** passphrase for e.g. PEM decryption, chunk_t */
- BUILD_PASSPHRASE,
- /** passphrase callback, chunk_t(*fn)(void *user, int try), void *user.
- * The callback is invoked until the returned passphrase is accepted, or
- * a zero-length passphrase is returned. Try starts at 1. */
- BUILD_PASSPHRASE_CALLBACK,
/** key size in bits, as used for key generation, u_int */
BUILD_KEY_SIZE,
/** private key to use for signing, private_key_t* */
@@ -103,10 +97,14 @@ enum builder_part_t {
BUILD_X509_FLAG,
/** enumerator_t over (chunk_t serial, time_t date, crl_reason_t reason) */
BUILD_REVOKED_ENUMERATOR,
- /** key ID of a key on a smartcard, null terminated char* ([slot:]keyid) */
- BUILD_SMARTCARD_KEYID,
- /** pin to access a key on a smartcard, null terminated char* */
- BUILD_SMARTCARD_PIN,
+ /** PKCS#10 challenge password */
+ BUILD_CHALLENGE_PWD,
+ /** friendly name of a PKCS#11 module, null terminated char* */
+ BUILD_PKCS11_MODULE,
+ /** slot specifier for a token in a PKCS#11 module, int */
+ BUILD_PKCS11_SLOT,
+ /** key ID of a key on a token, chunk_t */
+ BUILD_PKCS11_KEYID,
/** modulus (n) of a RSA key, chunk_t */
BUILD_RSA_MODULUS,
/** public exponent (e) of a RSA key, chunk_t */
diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c
index 7cc7dbe0e..ff621012f 100644
--- a/src/libstrongswan/credentials/credential_factory.c
+++ b/src/libstrongswan/credentials/credential_factory.c
@@ -64,32 +64,29 @@ struct entry_t {
credential_type_t type;
/** subtype of credential, e.g. certificate_type_t */
int subtype;
+ /** registered with final flag? */
+ bool final;
/** builder function */
builder_function_t constructor;
};
-/**
- * Implementation of credential_factory_t.add_builder_constructor.
- */
-static void add_builder(private_credential_factory_t *this,
- credential_type_t type, int subtype,
- builder_function_t constructor)
+METHOD(credential_factory_t, add_builder, void,
+ private_credential_factory_t *this, credential_type_t type, int subtype,
+ bool final, builder_function_t constructor)
{
entry_t *entry = malloc_thing(entry_t);
entry->type = type;
entry->subtype = subtype;
+ entry->final = final;
entry->constructor = constructor;
this->lock->write_lock(this->lock);
this->constructors->insert_last(this->constructors, entry);
this->lock->unlock(this->lock);
}
-/**
- * Implementation of credential_factory_t.remove_builder.
- */
-static void remove_builder(private_credential_factory_t *this,
- builder_function_t constructor)
+METHOD(credential_factory_t, remove_builder, void,
+ private_credential_factory_t *this, builder_function_t constructor)
{
enumerator_t *enumerator;
entry_t *entry;
@@ -108,11 +105,8 @@ static void remove_builder(private_credential_factory_t *this,
this->lock->unlock(this->lock);
}
-/**
- * Implementation of credential_factory_t.create.
- */
-static void* create(private_credential_factory_t *this, credential_type_t type,
- int subtype, ...)
+METHOD(credential_factory_t, create, void*,
+ private_credential_factory_t *this, credential_type_t type, int subtype, ...)
{
enumerator_t *enumerator;
entry_t *entry;
@@ -159,9 +153,31 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
}
/**
- * Implementation of credential_factory_t.destroy
+ * Filter function for builder enumerator
*/
-static void destroy(private_credential_factory_t *this)
+static bool builder_filter(void *null, entry_t **entry, credential_type_t *type,
+ void *dummy1, int *subtype)
+{
+ if ((*entry)->final)
+ {
+ *type = (*entry)->type;
+ *subtype = (*entry)->subtype;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+METHOD(credential_factory_t, create_builder_enumerator, enumerator_t*,
+ private_credential_factory_t *this)
+{
+ this->lock->read_lock(this->lock);
+ return enumerator_create_filter(
+ this->constructors->create_enumerator(this->constructors),
+ (void*)builder_filter, this->lock, (void*)this->lock->unlock);
+}
+
+METHOD(credential_factory_t, destroy, void,
+ private_credential_factory_t *this)
{
this->constructors->destroy_function(this->constructors, free);
this->recursive->destroy(this->recursive);
@@ -174,16 +190,20 @@ static void destroy(private_credential_factory_t *this)
*/
credential_factory_t *credential_factory_create()
{
- private_credential_factory_t *this = malloc_thing(private_credential_factory_t);
-
- this->public.create = (void*(*)(credential_factory_t*, credential_type_t type, int subtype, ...))create;
- this->public.add_builder = (void(*)(credential_factory_t*,credential_type_t type, int subtype, builder_function_t constructor))add_builder;
- this->public.remove_builder = (void(*)(credential_factory_t*,builder_function_t constructor))remove_builder;
- this->public.destroy = (void(*)(credential_factory_t*))destroy;
-
- this->constructors = linked_list_create();
- this->recursive = thread_value_create(NULL);
- this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
+ private_credential_factory_t *this;
+
+ INIT(this,
+ .public = {
+ .create = _create,
+ .create_builder_enumerator = _create_builder_enumerator,
+ .add_builder = _add_builder,
+ .remove_builder = _remove_builder,
+ .destroy = _destroy,
+ },
+ .constructors = linked_list_create(),
+ .recursive = thread_value_create(NULL),
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ );
return &this->public;
}
diff --git a/src/libstrongswan/credentials/credential_factory.h b/src/libstrongswan/credentials/credential_factory.h
index e8ffb6b9d..709dc916a 100644
--- a/src/libstrongswan/credentials/credential_factory.h
+++ b/src/libstrongswan/credentials/credential_factory.h
@@ -68,11 +68,17 @@ struct credential_factory_t {
/**
* Register a credential builder function.
*
+ * The final flag indicates if the registered builder can build such
+ * a credential itself the most common encoding, without the need
+ * for an additional builder.
+ *
* @param type type of credential the builder creates
+ * @param subtype subtype of the credential, type specific
+ * @param final TRUE if this build does not invoke other builders
* @param constructor builder constructor function to register
*/
void (*add_builder)(credential_factory_t *this,
- credential_type_t type, int subtype,
+ credential_type_t type, int subtype, bool final,
builder_function_t constructor);
/**
* Unregister a credential builder function.
@@ -83,6 +89,16 @@ struct credential_factory_t {
builder_function_t constructor);
/**
+ * Create an enumerator over registered builder types.
+ *
+ * The enumerator returns only builder types registered with the final
+ * flag set.
+ *
+ * @return enumerator (credential_type_t, int subtype)
+ */
+ enumerator_t* (*create_builder_enumerator)(credential_factory_t *this);
+
+ /**
* Destroy a credential_factory instance.
*/
void (*destroy)(credential_factory_t *this);
diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
index 46c36c941..97e8d8887 100644
--- a/src/libstrongswan/credentials/credential_manager.c
+++ b/src/libstrongswan/credentials/credential_manager.c
@@ -157,8 +157,10 @@ static enumerator_t *create_sets_enumerator(private_credential_manager_t *this)
linked_list_t *local;
INIT(enumerator,
- .public.enumerate = (void*)_sets_enumerate,
- .public.destroy = _sets_destroy,
+ .public = {
+ .enumerate = (void*)_sets_enumerate,
+ .destroy = _sets_destroy,
+ },
.global = this->sets->create_enumerator(this->sets),
);
local = this->local_sets->get(this->local_sets);
@@ -822,7 +824,7 @@ METHOD(credential_manager_t, create_public_enumerator, enumerator_t*,
}
/**
- * Check if a certificate's keyid is contained in the auth helper
+ * Check if an helper contains a certificate as trust anchor
*/
static bool auth_contains_cacert(auth_cfg_t *auth, certificate_t *cert)
{
@@ -854,17 +856,10 @@ static auth_cfg_t *build_trustchain(private_credential_manager_t *this,
certificate_t *issuer, *current;
auth_cfg_t *trustchain;
int pathlen = 0;
+ bool has_anchor;
trustchain = auth_cfg_create();
-
- current = auth->get(auth, AUTH_RULE_CA_CERT);
- if (!current)
- {
- /* no trust anchor specified, return this cert only */
- trustchain->add(trustchain, AUTH_RULE_SUBJECT_CERT,
- subject->get_ref(subject));
- return trustchain;
- }
+ has_anchor = auth->get(auth, AUTH_RULE_CA_CERT) != NULL;
current = subject->get_ref(subject);
while (TRUE)
{
@@ -879,17 +874,33 @@ static auth_cfg_t *build_trustchain(private_credential_manager_t *this,
}
else
{
+ if (!has_anchor &&
+ this->cache->issued_by(this->cache, current, current))
+ { /* If no trust anchor specified, accept any CA */
+ trustchain->add(trustchain, AUTH_RULE_CA_CERT, current);
+ return trustchain;
+ }
trustchain->add(trustchain, AUTH_RULE_IM_CERT, current);
}
+ if (pathlen++ > MAX_TRUST_PATH_LEN)
+ {
+ break;
+ }
issuer = get_issuer_cert(this, current, FALSE);
- if (!issuer || issuer->equals(issuer, current) ||
- pathlen > MAX_TRUST_PATH_LEN)
+ if (!issuer)
{
- DESTROY_IF(issuer);
+ if (!has_anchor)
+ { /* If no trust anchor specified, accept incomplete chains */
+ return trustchain;
+ }
+ break;
+ }
+ if (has_anchor && issuer->equals(issuer, current))
+ {
+ issuer->destroy(issuer);
break;
}
current = issuer;
- pathlen++;
}
trustchain->destroy(trustchain);
return NULL;
diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h
index 27f4ab098..e57d3f5a5 100644
--- a/src/libstrongswan/credentials/keys/private_key.h
+++ b/src/libstrongswan/credentials/keys/private_key.h
@@ -51,18 +51,20 @@ struct private_key_t {
/**
* Decrypt a chunk of data.
*
+ * @param scheme expected encryption scheme used
* @param crypto chunk containing encrypted data
* @param plain where to allocate decrypted data
* @return TRUE if data decrypted and plaintext allocated
*/
- bool (*decrypt)(private_key_t *this, chunk_t crypto, chunk_t *plain);
+ bool (*decrypt)(private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain);
/**
- * Get the strength of the key in bytes.
+ * Get the strength of the key in bits.
*
- * @return strength of the key in bytes
+ * @return strength of the key in bits
*/
- size_t (*get_keysize) (private_key_t *this);
+ int (*get_keysize) (private_key_t *this);
/**
* Get the public part from the private key.
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index ce342de33..22df5dd1b 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -42,6 +42,16 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
"ECDSA-521",
);
+ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512,
+ "ENCRYPT_UNKNOWN",
+ "ENCRYPT_RSA_PKCS1",
+ "ENCRYPT_RSA_OAEP_SHA1",
+ "ENCRYPT_RSA_OAEP_SHA224",
+ "ENCRYPT_RSA_OAEP_SHA256",
+ "ENCRYPT_RSA_OAEP_SHA384",
+ "ENCRYPT_RSA_OAEP_SHA512",
+);
+
/**
* See header.
*/
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index ff827a189..d20d2736b 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -24,6 +24,7 @@
typedef struct public_key_t public_key_t;
typedef enum key_type_t key_type_t;
typedef enum signature_scheme_t signature_scheme_t;
+typedef enum encryption_scheme_t encryption_scheme_t;
#include <library.h>
#include <utils/identification.h>
@@ -97,6 +98,31 @@ enum signature_scheme_t {
extern enum_name_t *signature_scheme_names;
/**
+ * Encryption scheme for public key data encryption.
+ */
+enum encryption_scheme_t {
+ /** Unknown encryption scheme */
+ ENCRYPT_UNKNOWN,
+ /** RSAES-PKCS1-v1_5 as in PKCS#1 */
+ ENCRYPT_RSA_PKCS1,
+ /** RSAES-OAEP as in PKCS#1, using SHA1 as hash, no label */
+ ENCRYPT_RSA_OAEP_SHA1,
+ /** RSAES-OAEP as in PKCS#1, using SHA-224 as hash, no label */
+ ENCRYPT_RSA_OAEP_SHA224,
+ /** RSAES-OAEP as in PKCS#1, using SHA-256 as hash, no label */
+ ENCRYPT_RSA_OAEP_SHA256,
+ /** RSAES-OAEP as in PKCS#1, using SHA-384 as hash, no label */
+ ENCRYPT_RSA_OAEP_SHA384,
+ /** RSAES-OAEP as in PKCS#1, using SHA-512 as hash, no label */
+ ENCRYPT_RSA_OAEP_SHA512,
+};
+
+/**
+ * Enum names for encryption_scheme_t
+ */
+extern enum_name_t *encryption_scheme_names;
+
+/**
* Abstract interface of a public key.
*/
struct public_key_t {
@@ -122,11 +148,13 @@ struct public_key_t {
/**
* Encrypt a chunk of data.
*
+ * @param scheme encryption scheme to use
* @param plain chunk containing plaintext data
* @param crypto where to allocate encrypted data
* @return TRUE if data successfully encrypted
*/
- bool (*encrypt)(public_key_t *this, chunk_t plain, chunk_t *crypto);
+ bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme,
+ chunk_t plain, chunk_t *crypto);
/**
* Check if two public keys are equal.
@@ -137,11 +165,11 @@ struct public_key_t {
bool (*equals)(public_key_t *this, public_key_t *other);
/**
- * Get the strength of the key in bytes.
+ * Get the strength of the key in bits.
*
- * @return strength of the key in bytes
+ * @return strength of the key in bits
*/
- size_t (*get_keysize) (public_key_t *this);
+ int (*get_keysize) (public_key_t *this);
/**
* Get the fingerprint of the key.
diff --git a/src/libstrongswan/credentials/sets/callback_cred.c b/src/libstrongswan/credentials/sets/callback_cred.c
new file mode 100644
index 000000000..bff33f029
--- /dev/null
+++ b/src/libstrongswan/credentials/sets/callback_cred.c
@@ -0,0 +1,144 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "callback_cred.h"
+
+typedef struct private_callback_cred_t private_callback_cred_t;
+
+/**
+ * Private data of an callback_cred_t object.
+ */
+struct private_callback_cred_t {
+
+ /**
+ * Public callback_cred_t interface.
+ */
+ callback_cred_t public;
+
+ /**
+ * Callback of this set, for all types, and generic
+ */
+ union {
+ void *generic;
+ callback_cred_shared_cb_t shared;
+ } cb;
+
+ /**
+ * Data to pass to callback
+ */
+ void *data;
+};
+
+/**
+ * Shared key enumerator on callbacks
+ */
+typedef struct {
+ /* implements enumerator_t */
+ enumerator_t public;
+ /* backref to this */
+ private_callback_cred_t *this;
+ /* type if requested key */
+ shared_key_type_t type;
+ /* own identity to match */
+ identification_t *me;
+ /* other identity to match */
+ identification_t *other;
+ /* current shared key */
+ shared_key_t *current;
+} shared_enumerator_t;
+
+METHOD(enumerator_t, shared_enumerate, bool,
+ shared_enumerator_t *this, shared_key_t **out,
+ id_match_t *match_me, id_match_t *match_other)
+{
+ DESTROY_IF(this->current);
+ this->current = this->this->cb.shared(this->this->data, this->type,
+ this->me, this->other, match_me, match_other);
+ if (this->current)
+ {
+ *out = this->current;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+METHOD(enumerator_t, shared_destroy, void,
+ shared_enumerator_t *this)
+{
+ DESTROY_IF(this->current);
+ free(this);
+}
+
+METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
+ private_callback_cred_t *this, shared_key_type_t type,
+ identification_t *me, identification_t *other)
+{
+ shared_enumerator_t *enumerator;
+
+ INIT(enumerator,
+ .public = {
+ .enumerate = (void*)_shared_enumerate,
+ .destroy = _shared_destroy,
+ },
+ .this = this,
+ .type = type,
+ .me = me,
+ .other = other,
+ );
+ return &enumerator->public;
+}
+
+METHOD(callback_cred_t, destroy, void,
+ private_callback_cred_t *this)
+{
+ free(this);
+}
+
+/**
+ * Create a generic callback credential set
+ */
+static private_callback_cred_t* create_generic(void *cb, void *data)
+{
+ private_callback_cred_t *this;
+
+ INIT(this,
+ .public = {
+ .set = {
+ .create_shared_enumerator = (void*)return_null,
+ .create_private_enumerator = (void*)return_null,
+ .create_cert_enumerator = (void*)return_null,
+ .create_cdp_enumerator = (void*)return_null,
+ .cache_cert = (void*)nop,
+ },
+ .destroy = _destroy,
+ },
+ .cb.generic = cb,
+ .data = data,
+ );
+ return this;
+}
+
+/**
+ * See header
+ */
+callback_cred_t *callback_cred_create_shared(callback_cred_shared_cb_t cb,
+ void *data)
+{
+ private_callback_cred_t *this = create_generic(cb, data);
+
+ this->public.set.create_shared_enumerator = _create_shared_enumerator;
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/credentials/sets/callback_cred.h b/src/libstrongswan/credentials/sets/callback_cred.h
new file mode 100644
index 000000000..efc4c7fa5
--- /dev/null
+++ b/src/libstrongswan/credentials/sets/callback_cred.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup callback_cred callback_cred
+ * @{ @ingroup sets
+ */
+
+#ifndef CALLBACK_CRED_H_
+#define CALLBACK_CRED_H_
+
+typedef struct callback_cred_t callback_cred_t;
+
+#include <credentials/credential_set.h>
+
+/**
+ * Callback function to get shared keys.
+ *
+ * @param type type of requested shared key
+ * @param me own identity
+ * @param other other identity
+ * @param match_me match result of own identity
+ * @param match_other match result of other identity
+ */
+typedef shared_key_t* (*callback_cred_shared_cb_t)(
+ void *data, shared_key_type_t type,
+ identification_t *me, identification_t *other,
+ id_match_t *match_me, id_match_t *match_other);
+
+/**
+ * Generic callbcack using user specified callback functions.
+ */
+struct callback_cred_t {
+
+ /**
+ * Implements credential_set_t.
+ */
+ credential_set_t set;
+
+ /**
+ * Destroy a callback_cred_t.
+ */
+ void (*destroy)(callback_cred_t *this);
+};
+
+/**
+ * Create a callback_cred instance, for a shared key.
+ *
+ * @param cb callback function
+ * @param data data to pass to callback
+ */
+callback_cred_t *callback_cred_create_shared(callback_cred_shared_cb_t cb,
+ void *data);
+
+#endif /** CALLBACK_CRED_H_ @}*/
diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c
new file mode 100644
index 000000000..c29a99f1f
--- /dev/null
+++ b/src/libstrongswan/credentials/sets/mem_cred.c
@@ -0,0 +1,433 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "mem_cred.h"
+
+#include <threading/rwlock.h>
+#include <utils/linked_list.h>
+
+typedef struct private_mem_cred_t private_mem_cred_t;
+
+/**
+ * Private data of an mem_cred_t object.
+ */
+struct private_mem_cred_t {
+
+ /**
+ * Public mem_cred_t interface.
+ */
+ mem_cred_t public;
+
+ /**
+ * Lock for this set
+ */
+ rwlock_t *lock;
+
+ /**
+ * List of trusted certificates, certificate_t
+ */
+ linked_list_t *trusted;
+
+ /**
+ * List of trusted and untrusted certificates, certificate_t
+ */
+ linked_list_t *untrusted;
+
+ /**
+ * List of private keys, private_key_t
+ */
+ linked_list_t *keys;
+
+ /**
+ * List of shared keys, as shared_entry_t
+ */
+ linked_list_t *shared;
+};
+
+/**
+ * Data for the certificate enumerator
+ */
+typedef struct {
+ rwlock_t *lock;
+ certificate_type_t cert;
+ key_type_t key;
+ identification_t *id;
+} cert_data_t;
+
+/**
+ * destroy cert_data
+ */
+static void cert_data_destroy(cert_data_t *data)
+{
+ data->lock->unlock(data->lock);
+ free(data);
+}
+
+/**
+ * filter function for certs enumerator
+ */
+static bool certs_filter(cert_data_t *data, certificate_t **in, certificate_t **out)
+{
+ public_key_t *public;
+ certificate_t *cert = *in;
+
+ if (data->cert == CERT_ANY || data->cert == cert->get_type(cert))
+ {
+ public = cert->get_public_key(cert);
+ if (public)
+ {
+ if (data->key == KEY_ANY || data->key == public->get_type(public))
+ {
+ if (data->id && public->has_fingerprint(public,
+ data->id->get_encoding(data->id)))
+ {
+ public->destroy(public);
+ *out = *in;
+ return TRUE;
+ }
+ }
+ public->destroy(public);
+ }
+ else if (data->key != KEY_ANY)
+ {
+ return FALSE;
+ }
+ if (data->id == NULL || cert->has_subject(cert, data->id))
+ {
+ *out = *in;
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
+ private_mem_cred_t *this, certificate_type_t cert, key_type_t key,
+ identification_t *id, bool trusted)
+{
+ cert_data_t *data;
+ enumerator_t *enumerator;
+
+ INIT(data,
+ .lock = this->lock,
+ .cert = cert,
+ .key = key,
+ .id = id,
+ );
+ this->lock->read_lock(this->lock);
+ if (trusted)
+ {
+ enumerator = this->trusted->create_enumerator(this->trusted);
+ }
+ else
+ {
+ enumerator = this->untrusted->create_enumerator(this->untrusted);
+ }
+ return enumerator_create_filter(enumerator, (void*)certs_filter, data,
+ (void*)cert_data_destroy);
+}
+
+static bool certificate_equals(certificate_t *item, certificate_t *cert)
+{
+ return item->equals(item, cert);
+}
+
+METHOD(mem_cred_t, add_cert, void,
+ private_mem_cred_t *this, bool trusted, certificate_t *cert)
+{
+ this->lock->write_lock(this->lock);
+ if (this->untrusted->find_last(this->untrusted,
+ (linked_list_match_t)certificate_equals, NULL, cert) != SUCCESS)
+ {
+ if (trusted)
+ {
+ this->trusted->insert_last(this->trusted, cert->get_ref(cert));
+ }
+ this->untrusted->insert_last(this->untrusted, cert->get_ref(cert));
+ }
+ cert->destroy(cert);
+ this->lock->unlock(this->lock);
+}
+
+/**
+ * Data for key enumerator
+ */
+typedef struct {
+ rwlock_t *lock;
+ key_type_t type;
+ identification_t *id;
+} key_data_t;
+
+/**
+ * Destroy key enumerator data
+ */
+static void key_data_destroy(key_data_t *data)
+{
+ data->lock->unlock(data->lock);
+ free(data);
+}
+
+/**
+ * filter function for private key enumerator
+ */
+static bool key_filter(key_data_t *data, private_key_t **in, private_key_t **out)
+{
+ private_key_t *key;
+
+ key = *in;
+ if (data->type == KEY_ANY || data->type == key->get_type(key))
+ {
+ if (data->id == NULL ||
+ key->has_fingerprint(key, data->id->get_encoding(data->id)))
+ {
+ *out = key;
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
+ private_mem_cred_t *this, key_type_t type, identification_t *id)
+{
+ key_data_t *data;
+
+ INIT(data,
+ .lock = this->lock,
+ .type = type,
+ .id = id,
+ );
+ this->lock->read_lock(this->lock);
+ return enumerator_create_filter(this->keys->create_enumerator(this->keys),
+ (void*)key_filter, data, (void*)key_data_destroy);
+}
+
+METHOD(mem_cred_t, add_key, void,
+ private_mem_cred_t *this, private_key_t *key)
+{
+ this->lock->write_lock(this->lock);
+ this->keys->insert_last(this->keys, key);
+ this->lock->unlock(this->lock);
+}
+
+/**
+ * Shared key entry
+ */
+typedef struct {
+ /* shared key */
+ shared_key_t *shared;
+ /* list of owners, identification_t */
+ linked_list_t *owners;
+} shared_entry_t;
+
+/**
+ * Clean up a shared entry
+ */
+static void shared_entry_destroy(shared_entry_t *entry)
+{
+ entry->owners->destroy_offset(entry->owners,
+ offsetof(identification_t, destroy));
+ entry->shared->destroy(entry->shared);
+ free(entry);
+}
+
+/**
+ * Data for the shared_key enumerator
+ */
+typedef struct {
+ rwlock_t *lock;
+ identification_t *me;
+ identification_t *other;
+ shared_key_type_t type;
+} shared_data_t;
+
+/**
+ * free shared key enumerator data and unlock list
+ */
+static void shared_data_destroy(shared_data_t *data)
+{
+ data->lock->unlock(data->lock);
+ free(data);
+}
+
+/**
+ * Get the best match of an owner in an entry.
+ */
+static id_match_t has_owner(shared_entry_t *entry, identification_t *owner)
+{
+ enumerator_t *enumerator;
+ id_match_t match, best = ID_MATCH_NONE;
+ identification_t *current;
+
+ enumerator = entry->owners->create_enumerator(entry->owners);
+ while (enumerator->enumerate(enumerator, &current))
+ {
+ match = owner->matches(owner, current);
+ if (match > best)
+ {
+ best = match;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return best;
+}
+
+/**
+ * enumerator filter function for shared entries
+ */
+static bool shared_filter(shared_data_t *data,
+ shared_entry_t **in, shared_key_t **out,
+ void **unused1, id_match_t *me,
+ void **unused2, id_match_t *other)
+{
+ id_match_t my_match = ID_MATCH_NONE, other_match = ID_MATCH_NONE;
+ shared_entry_t *entry = *in;
+
+ if (data->type != SHARED_ANY &&
+ entry->shared->get_type(entry->shared) != data->type)
+ {
+ return FALSE;
+ }
+ if (data->me)
+ {
+ my_match = has_owner(entry, data->me);
+ }
+ if (data->other)
+ {
+ other_match = has_owner(entry, data->other);
+ }
+ if ((data->me || data->other) && (!my_match && !other_match))
+ {
+ return FALSE;
+ }
+ *out = entry->shared;
+ if (me)
+ {
+ *me = my_match;
+ }
+ if (other)
+ {
+ *other = other_match;
+ }
+ return TRUE;
+}
+
+METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
+ private_mem_cred_t *this, shared_key_type_t type,
+ identification_t *me, identification_t *other)
+{
+ shared_data_t *data;
+
+ INIT(data,
+ .lock = this->lock,
+ .me = me,
+ .other = other,
+ .type = type,
+ );
+ data->lock->read_lock(data->lock);
+ return enumerator_create_filter(
+ this->shared->create_enumerator(this->shared),
+ (void*)shared_filter, data, (void*)shared_data_destroy);
+}
+
+METHOD(mem_cred_t, add_shared, void,
+ private_mem_cred_t *this, shared_key_t *shared, ...)
+{
+ shared_entry_t *entry;
+ identification_t *id;
+ va_list args;
+
+ INIT(entry,
+ .shared = shared,
+ .owners = linked_list_create(),
+ );
+
+ va_start(args, shared);
+ do
+ {
+ id = va_arg(args, identification_t*);
+ if (id)
+ {
+ entry->owners->insert_last(entry->owners, id);
+ }
+ }
+ while (id);
+ va_end(args);
+
+ this->lock->write_lock(this->lock);
+ this->shared->insert_last(this->shared, entry);
+ this->lock->unlock(this->lock);
+}
+
+METHOD(mem_cred_t, clear_, void,
+ private_mem_cred_t *this)
+{
+ this->lock->write_lock(this->lock);
+ this->trusted->destroy_offset(this->trusted,
+ offsetof(certificate_t, destroy));
+ this->untrusted->destroy_offset(this->untrusted,
+ offsetof(certificate_t, destroy));
+ this->keys->destroy_offset(this->keys, offsetof(private_key_t, destroy));
+ this->shared->destroy_function(this->shared, (void*)shared_entry_destroy);
+ this->trusted = linked_list_create();
+ this->untrusted = linked_list_create();
+ this->keys = linked_list_create();
+ this->shared = linked_list_create();
+ this->lock->unlock(this->lock);
+}
+
+METHOD(mem_cred_t, destroy, void,
+ private_mem_cred_t *this)
+{
+ clear_(this);
+ this->trusted->destroy(this->trusted);
+ this->untrusted->destroy(this->untrusted);
+ this->keys->destroy(this->keys);
+ this->shared->destroy(this->shared);
+ this->lock->destroy(this->lock);
+ free(this);
+}
+
+/**
+ * See header
+ */
+mem_cred_t *mem_cred_create()
+{
+ private_mem_cred_t *this;
+
+ INIT(this,
+ .public = {
+ .set = {
+ .create_shared_enumerator = _create_shared_enumerator,
+ .create_private_enumerator = _create_private_enumerator,
+ .create_cert_enumerator = _create_cert_enumerator,
+ .create_cdp_enumerator = (void*)return_null,
+ .cache_cert = (void*)nop,
+ },
+ .add_cert = _add_cert,
+ .add_key = _add_key,
+ .add_shared = _add_shared,
+ .clear = _clear_,
+ .destroy = _destroy,
+ },
+ .trusted = linked_list_create(),
+ .untrusted = linked_list_create(),
+ .keys = linked_list_create(),
+ .shared = linked_list_create(),
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h
new file mode 100644
index 000000000..b26e43d6c
--- /dev/null
+++ b/src/libstrongswan/credentials/sets/mem_cred.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup mem_cred mem_cred
+ * @{ @ingroup sets
+ */
+
+#ifndef MEM_CRED_H_
+#define MEM_CRED_H_
+
+typedef struct mem_cred_t mem_cred_t;
+
+#include <credentials/credential_set.h>
+
+/**
+ * Generic in-memory credential set.
+ */
+struct mem_cred_t {
+
+ /**
+ * Implements credential_set_t.
+ */
+ credential_set_t set;
+
+ /**
+ * Add a certificate to the credential set.
+ *
+ * @param trusted TRUE to serve certificate as trusted
+ * @param cert certificate, reference gets owned by set
+ */
+ void (*add_cert)(mem_cred_t *this, bool trusted, certificate_t *cert);
+
+ /**
+ * Add a private key to the credential set.
+ *
+ * @param key key, reference gets owned by set
+ */
+ void (*add_key)(mem_cred_t *this, private_key_t *key);
+
+ /**
+ * Add a shared key to the credential set.
+ *
+ * @param shared shared key to add, gets owned by set
+ * @param ... NULL terminated list of owners identification_t*
+ */
+ void (*add_shared)(mem_cred_t *this, shared_key_t *shared, ...);
+
+ /**
+ * Clear all credentials from the credential set.
+ */
+ void (*clear)(mem_cred_t *this);
+
+ /**
+ * Destroy a mem_cred_t.
+ */
+ void (*destroy)(mem_cred_t *this);
+};
+
+/**
+ * Create a mem_cred instance.
+ */
+mem_cred_t *mem_cred_create();
+
+#endif /** MEM_CRED_H_ @}*/
diff --git a/src/libstrongswan/crypto/aead.c b/src/libstrongswan/crypto/aead.c
new file mode 100644
index 000000000..51cb05909
--- /dev/null
+++ b/src/libstrongswan/crypto/aead.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "aead.h"
+
+#include <debug.h>
+
+typedef struct private_aead_t private_aead_t;
+
+/**
+ * Private data of an aead_t object.
+ */
+struct private_aead_t {
+
+ /**
+ * Public aead_t interface.
+ */
+ aead_t public;
+
+ /**
+ * traditional crypter
+ */
+ crypter_t *crypter;
+
+ /**
+ * draditional signer
+ */
+ signer_t *signer;
+};
+
+METHOD(aead_t, encrypt, void,
+ private_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv,
+ chunk_t *encrypted)
+{
+ chunk_t encr, sig;
+
+ this->signer->get_signature(this->signer, assoc, NULL);
+ this->signer->get_signature(this->signer, iv, NULL);
+
+ if (encrypted)
+ {
+ this->crypter->encrypt(this->crypter, plain, iv, &encr);
+ this->signer->allocate_signature(this->signer, encr, &sig);
+ *encrypted = chunk_cat("cmm", iv, encr, sig);
+ }
+ else
+ {
+ this->crypter->encrypt(this->crypter, plain, iv, NULL);
+ this->signer->get_signature(this->signer, plain, plain.ptr + plain.len);
+ }
+}
+
+METHOD(aead_t, decrypt, bool,
+ private_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv,
+ chunk_t *plain)
+{
+ chunk_t sig;
+ size_t bs;
+
+ bs = this->crypter->get_block_size(this->crypter);
+ sig.len = this->signer->get_block_size(this->signer);
+ if (sig.len > encrypted.len || (encrypted.len - sig.len) % bs)
+ {
+ DBG1(DBG_LIB, "invalid encrypted data length %d with block size %d",
+ encrypted.len - sig.len, bs);
+ return FALSE;
+ }
+ chunk_split(encrypted, "mm", encrypted.len - sig.len,
+ &encrypted, sig.len, &sig);
+
+ this->signer->get_signature(this->signer, assoc, NULL);
+ this->signer->get_signature(this->signer, iv, NULL);
+ if (!this->signer->verify_signature(this->signer, encrypted, sig))
+ {
+ DBG1(DBG_LIB, "MAC verification failed");
+ return FALSE;
+ }
+ this->crypter->decrypt(this->crypter, encrypted, iv, plain);
+ return TRUE;
+}
+
+METHOD(aead_t, get_block_size, size_t,
+ private_aead_t *this)
+{
+ return this->crypter->get_block_size(this->crypter);
+}
+
+METHOD(aead_t, get_icv_size, size_t,
+ private_aead_t *this)
+{
+ return this->signer->get_block_size(this->signer);
+}
+
+METHOD(aead_t, get_iv_size, size_t,
+ private_aead_t *this)
+{
+ return this->crypter->get_iv_size(this->crypter);
+}
+
+METHOD(aead_t, get_key_size, size_t,
+ private_aead_t *this)
+{
+ return this->crypter->get_key_size(this->crypter) +
+ this->signer->get_key_size(this->signer);
+}
+
+METHOD(aead_t, set_key, void,
+ private_aead_t *this, chunk_t key)
+{
+ chunk_t sig, enc;
+
+ chunk_split(key, "mm", this->signer->get_key_size(this->signer), &sig,
+ this->crypter->get_key_size(this->crypter), &enc);
+
+ this->signer->set_key(this->signer, sig);
+ this->crypter->set_key(this->crypter, enc);
+}
+
+METHOD(aead_t, destroy, void,
+ private_aead_t *this)
+{
+ this->crypter->destroy(this->crypter);
+ this->signer->destroy(this->signer);
+ free(this);
+}
+
+/**
+ * See header
+ */
+aead_t *aead_create(crypter_t *crypter, signer_t *signer)
+{
+ private_aead_t *this;
+
+ INIT(this,
+ .public = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_icv_size = _get_icv_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ .crypter = crypter,
+ .signer = signer,
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h
new file mode 100644
index 000000000..d560381d9
--- /dev/null
+++ b/src/libstrongswan/crypto/aead.h
@@ -0,0 +1,119 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup aead aead
+ * @{ @ingroup crypto
+ */
+
+#ifndef AEAD_H_
+#define AEAD_H_
+
+typedef struct aead_t aead_t;
+
+#include <library.h>
+#include <crypto/crypters/crypter.h>
+#include <crypto/signers/signer.h>
+
+/**
+ * Authenticated encryption / authentication decryption interface.
+ */
+struct aead_t {
+
+ /**
+ * Encrypt and sign data, sign associated data.
+ *
+ * The plain data must be a multiple of get_block_size(), the IV must
+ * have a length of get_iv_size().
+ * If encrypted is NULL, the encryption is done inline. The buffer must
+ * have space for additional get_icv_size() data, the ICV value is
+ * appended silently to the plain chunk.
+ *
+ * @param plain data to encrypt and sign
+ * @param assoc associated data to sign
+ * @param iv initialization vector
+ * @param encrypted allocated encryption result
+ */
+ void (*encrypt)(aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv,
+ chunk_t *encrypted);
+
+ /**
+ * Decrypt and verify data, verify associated data.
+ *
+ * The IV must have a length of get_iv_size().
+ * If plain is NULL, the decryption is done inline. The decrypted data
+ * is returned in the encrypted chunk, the last get_icv_size() bytes
+ * contain the verified ICV.
+ *
+ * @param encrypted data to encrypt and verify
+ * @param assoc associated data to verify
+ * @param iv initialization vector
+ * @param plain allocated result, if successful
+ * @return TRUE if MAC verification successful
+ */
+ bool (*decrypt)(aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv,
+ chunk_t *plain);
+
+ /**
+ * Get the block size for encryption.
+ *
+ * @return block size in bytes
+ */
+ size_t (*get_block_size)(aead_t *this);
+
+ /**
+ * Get the integrity check value size of the algorithm.
+ *
+ * @return ICV size in bytes
+ */
+ size_t (*get_icv_size)(aead_t *this);
+
+ /**
+ * Get the size of the initialization vector.
+ *
+ * @return IV size in bytes
+ */
+ size_t (*get_iv_size)(aead_t *this);
+
+ /**
+ * Get the size of the key material (for encryption and authentication).
+ *
+ * @return key size in bytes
+ */
+ size_t (*get_key_size)(aead_t *this);
+
+ /**
+ * Set the key for encryption and authentication.
+ *
+ * @param key encryption and authentication key
+ */
+ void (*set_key)(aead_t *this, chunk_t key);
+
+ /**
+ * Destroy a aead_t.
+ */
+ void (*destroy)(aead_t *this);
+};
+
+/**
+ * Create a aead instance using traditional transforms.
+ *
+ * @param crypter encryption transform for this aead
+ * @param signer integrity tranform for this aead
+ * @return aead transform
+ */
+aead_t *aead_create(crypter_t *crypter, signer_t *signer);
+
+#endif /** AEAD_H_ @}*/
diff --git a/src/libstrongswan/crypto/crypters/crypter.c b/src/libstrongswan/crypto/crypters/crypter.c
index ebd35a8a0..0730c707c 100644
--- a/src/libstrongswan/crypto/crypters/crypter.c
+++ b/src/libstrongswan/crypto/crypters/crypter.c
@@ -159,4 +159,25 @@ int encryption_algorithm_to_oid(encryption_algorithm_t alg, size_t key_size)
return oid;
}
-
+/*
+ * Described in header.
+ */
+bool encryption_algorithm_is_aead(encryption_algorithm_t alg)
+{
+ switch (alg)
+ {
+ case ENCR_AES_CCM_ICV8:
+ case ENCR_AES_CCM_ICV12:
+ case ENCR_AES_CCM_ICV16:
+ case ENCR_AES_GCM_ICV8:
+ case ENCR_AES_GCM_ICV12:
+ case ENCR_AES_GCM_ICV16:
+ case ENCR_NULL_AUTH_AES_GMAC:
+ case ENCR_CAMELLIA_CCM_ICV8:
+ case ENCR_CAMELLIA_CCM_ICV12:
+ case ENCR_CAMELLIA_CCM_ICV16:
+ return TRUE;
+ default:
+ return FALSE;
+ }
+}
diff --git a/src/libstrongswan/crypto/crypters/crypter.h b/src/libstrongswan/crypto/crypters/crypter.h
index f052a181d..3bf039681 100644
--- a/src/libstrongswan/crypto/crypters/crypter.h
+++ b/src/libstrongswan/crypto/crypters/crypter.h
@@ -42,6 +42,7 @@ enum encryption_algorithm_t {
ENCR_DES_IV32 = 9,
ENCR_NULL = 11,
ENCR_AES_CBC = 12,
+ /** CTR as specified for IPsec (RFC5930/RFC3686), nonce appended to key */
ENCR_AES_CTR = 13,
ENCR_AES_CCM_ICV8 = 14,
ENCR_AES_CCM_ICV12 = 15,
@@ -51,6 +52,7 @@ enum encryption_algorithm_t {
ENCR_AES_GCM_ICV16 = 20,
ENCR_NULL_AUTH_AES_GMAC = 21,
ENCR_CAMELLIA_CBC = 23,
+ /* CTR as specified for IPsec (RFC5529), nonce appended to key */
ENCR_CAMELLIA_CTR = 24,
ENCR_CAMELLIA_CCM_ICV8 = 25,
ENCR_CAMELLIA_CCM_ICV12 = 26,
@@ -81,8 +83,8 @@ struct crypter_t {
/**
* Encrypt a chunk of data and allocate space for the encrypted value.
*
- * The length of the iv must equal to get_block_size(), while the length
- * of data must be a multiple it.
+ * The length of the iv must equal to get_iv_size(), while the length
+ * of data must be a multiple of get_block_size().
* If encrypted is NULL, the encryption is done in-place (overwriting data).
*
* @param data data to encrypt
@@ -95,8 +97,8 @@ struct crypter_t {
/**
* Decrypt a chunk of data and allocate space for the decrypted value.
*
- * The length of the iv must equal to get_block_size(), while the length
- * of data must be a multiple it.
+ * The length of the iv must equal to get_iv_size(), while the length
+ * of data must be a multiple of get_block_size().
* If decrpyted is NULL, the encryption is done in-place (overwriting data).
*
* @param data data to decrypt
@@ -109,14 +111,29 @@ struct crypter_t {
/**
* Get the block size of the crypto algorithm.
*
- * @return block size in bytes
+ * get_block_size() returns the smallest block the crypter can handle,
+ * not the block size of the underlying crypto algorithm. For counter mode,
+ * it is usually 1.
+ *
+ * @return block size in bytes
*/
size_t (*get_block_size) (crypter_t *this);
/**
+ * Get the IV size of the crypto algorithm.
+ *
+ * @return initialization vector size in bytes
+ */
+ size_t (*get_iv_size)(crypter_t *this);
+
+ /**
* Get the key size of the crypto algorithm.
*
- * @return key size in bytes
+ * get_key_size() might return a key length different from the key
+ * size passed to the factory constructor. For Counter Mode, the nonce
+ * is handled as a part of the key material and is passed to set_key().
+ *
+ * @return key size in bytes
*/
size_t (*get_key_size) (crypter_t *this);
@@ -125,7 +142,7 @@ struct crypter_t {
*
* The length of the key must match get_key_size().
*
- * @param key key to set
+ * @param key key to set
*/
void (*set_key) (crypter_t *this, chunk_t key);
@@ -153,4 +170,12 @@ encryption_algorithm_t encryption_algorithm_from_oid(int oid, size_t *key_size);
*/
int encryption_algorithm_to_oid(encryption_algorithm_t alg, size_t key_size);
+/**
+ * Check if an encryption algorithm identifier is an AEAD algorithm.
+ *
+ * @param alg algorithm identifier
+ * @return TRUE if it is an AEAD algorithm
+ */
+bool encryption_algorithm_is_aead(encryption_algorithm_t alg);
+
#endif /** CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c
index fee71953d..f2f01987d 100644
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@@ -22,16 +22,20 @@
typedef struct entry_t entry_t;
struct entry_t {
- /** algorithm */
+ /* algorithm */
u_int algo;
+ /* benchmarked speed */
+ u_int speed;
/* constructor */
union {
crypter_constructor_t create_crypter;
+ aead_constructor_t create_aead;
signer_constructor_t create_signer;
hasher_constructor_t create_hasher;
prf_constructor_t create_prf;
rng_constructor_t create_rng;
dh_constructor_t create_dh;
+ void *create;
};
};
@@ -53,6 +57,11 @@ struct private_crypto_factory_t {
linked_list_t *crypters;
/**
+ * registered aead transforms, as entry_t
+ */
+ linked_list_t *aeads;
+
+ /**
* registered signers, as entry_t
*/
linked_list_t *signers;
@@ -93,16 +102,19 @@ struct private_crypto_factory_t {
bool test_on_create;
/**
+ * run algorithm benchmark during registration
+ */
+ bool bench;
+
+ /**
* rwlock to lock access to modules
*/
rwlock_t *lock;
};
-/**
- * Implementation of crypto_factory_t.create_crypter.
- */
-static crypter_t* create_crypter(private_crypto_factory_t *this,
- encryption_algorithm_t algo, size_t key_size)
+METHOD(crypto_factory_t, create_crypter, crypter_t*,
+ private_crypto_factory_t *this, encryption_algorithm_t algo,
+ size_t key_size)
{
enumerator_t *enumerator;
entry_t *entry;
@@ -116,7 +128,7 @@ static crypter_t* create_crypter(private_crypto_factory_t *this,
{
if (this->test_on_create &&
!this->tester->test_crypter(this->tester, algo, key_size,
- entry->create_crypter))
+ entry->create_crypter, NULL))
{
continue;
}
@@ -132,11 +144,40 @@ static crypter_t* create_crypter(private_crypto_factory_t *this,
return crypter;
}
-/**
- * Implementation of crypto_factory_t.create_signer.
- */
-static signer_t* create_signer(private_crypto_factory_t *this,
- integrity_algorithm_t algo)
+METHOD(crypto_factory_t, create_aead, aead_t*,
+ private_crypto_factory_t *this, encryption_algorithm_t algo,
+ size_t key_size)
+{
+ enumerator_t *enumerator;
+ entry_t *entry;
+ aead_t *aead = NULL;
+
+ this->lock->read_lock(this->lock);
+ enumerator = this->aeads->create_enumerator(this->aeads);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->algo == algo)
+ {
+ if (this->test_on_create &&
+ !this->tester->test_aead(this->tester, algo, key_size,
+ entry->create_aead, NULL))
+ {
+ continue;
+ }
+ aead = entry->create_aead(algo, key_size);
+ if (aead)
+ {
+ break;
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
+ return aead;
+}
+
+METHOD(crypto_factory_t, create_signer, signer_t*,
+ private_crypto_factory_t *this, integrity_algorithm_t algo)
{
enumerator_t *enumerator;
entry_t *entry;
@@ -150,7 +191,7 @@ static signer_t* create_signer(private_crypto_factory_t *this,
{
if (this->test_on_create &&
!this->tester->test_signer(this->tester, algo,
- entry->create_signer))
+ entry->create_signer, NULL))
{
continue;
}
@@ -167,11 +208,8 @@ static signer_t* create_signer(private_crypto_factory_t *this,
return signer;
}
-/**
- * Implementation of crypto_factory_t.create_hasher.
- */
-static hasher_t* create_hasher(private_crypto_factory_t *this,
- hash_algorithm_t algo)
+METHOD(crypto_factory_t, create_hasher, hasher_t*,
+ private_crypto_factory_t *this, hash_algorithm_t algo)
{
enumerator_t *enumerator;
entry_t *entry;
@@ -185,7 +223,7 @@ static hasher_t* create_hasher(private_crypto_factory_t *this,
{
if (this->test_on_create && algo != HASH_PREFERRED &&
!this->tester->test_hasher(this->tester, algo,
- entry->create_hasher))
+ entry->create_hasher, NULL))
{
continue;
}
@@ -201,11 +239,8 @@ static hasher_t* create_hasher(private_crypto_factory_t *this,
return hasher;
}
-/**
- * Implementation of crypto_factory_t.create_prf.
- */
-static prf_t* create_prf(private_crypto_factory_t *this,
- pseudo_random_function_t algo)
+METHOD(crypto_factory_t, create_prf, prf_t*,
+ private_crypto_factory_t *this, pseudo_random_function_t algo)
{
enumerator_t *enumerator;
entry_t *entry;
@@ -218,7 +253,8 @@ static prf_t* create_prf(private_crypto_factory_t *this,
if (entry->algo == algo)
{
if (this->test_on_create &&
- !this->tester->test_prf(this->tester, algo, entry->create_prf))
+ !this->tester->test_prf(this->tester, algo,
+ entry->create_prf, NULL))
{
continue;
}
@@ -234,10 +270,8 @@ static prf_t* create_prf(private_crypto_factory_t *this,
return prf;
}
-/**
- * Implementation of crypto_factory_t.create_rng.
- */
-static rng_t* create_rng(private_crypto_factory_t *this, rng_quality_t quality)
+METHOD(crypto_factory_t, create_rng, rng_t*,
+ private_crypto_factory_t *this, rng_quality_t quality)
{
enumerator_t *enumerator;
entry_t *entry;
@@ -251,7 +285,8 @@ static rng_t* create_rng(private_crypto_factory_t *this, rng_quality_t quality)
if (entry->algo >= quality && diff > entry->algo - quality)
{
if (this->test_on_create &&
- !this->tester->test_rng(this->tester, quality, entry->create_rng))
+ !this->tester->test_rng(this->tester, quality,
+ entry->create_rng, NULL))
{
continue;
}
@@ -272,11 +307,8 @@ static rng_t* create_rng(private_crypto_factory_t *this, rng_quality_t quality)
return NULL;
}
-/**
- * Implementation of crypto_factory_t.create_dh.
- */
-static diffie_hellman_t* create_dh(private_crypto_factory_t *this,
- diffie_hellman_group_t group)
+METHOD(crypto_factory_t, create_dh, diffie_hellman_t*,
+ private_crypto_factory_t *this, diffie_hellman_group_t group, ...)
{
enumerator_t *enumerator;
entry_t *entry;
@@ -288,7 +320,21 @@ static diffie_hellman_t* create_dh(private_crypto_factory_t *this,
{
if (entry->algo == group)
{
- diffie_hellman = entry->create_dh(group);
+ if (group == MODP_CUSTOM)
+ {
+ va_list args;
+ chunk_t g, p;
+
+ va_start(args, group);
+ g = va_arg(args, chunk_t);
+ p = va_arg(args, chunk_t);
+ va_end(args);
+ diffie_hellman = entry->create_dh(MODP_CUSTOM, g, p);
+ }
+ else
+ {
+ diffie_hellman = entry->create_dh(group);
+ }
if (diffie_hellman)
{
break;
@@ -301,30 +347,65 @@ static diffie_hellman_t* create_dh(private_crypto_factory_t *this,
}
/**
- * Implementation of crypto_factory_t.add_crypter.
+ * Insert an algorithm entry to a list
*/
-static void add_crypter(private_crypto_factory_t *this,
- encryption_algorithm_t algo,
- crypter_constructor_t create)
+static void add_entry(private_crypto_factory_t *this, linked_list_t *list,
+ int algo, u_int speed, void *create)
{
- if (!this->test_on_add ||
- this->tester->test_crypter(this->tester, algo, 0, create))
+ entry_t *entry, *current;
+ linked_list_t *tmp;
+ bool inserted = FALSE;
+
+ INIT(entry,
+ .algo = algo,
+ .speed = speed,
+ );
+ entry->create = create;
+
+ this->lock->write_lock(this->lock);
+ if (speed)
+ { /* insert sorted by speed using a temporary list */
+ tmp = linked_list_create();
+ while (list->remove_first(list, (void**)&current) == SUCCESS)
+ {
+ tmp->insert_last(tmp, current);
+ }
+ while (tmp->remove_first(tmp, (void**)&current) == SUCCESS)
+ {
+ if (!inserted &&
+ current->algo == algo &&
+ current->speed < speed)
+ {
+ list->insert_last(list, entry);
+ inserted = TRUE;
+ }
+ list->insert_last(list, current);
+ }
+ tmp->destroy(tmp);
+ }
+ if (!inserted)
{
- entry_t *entry = malloc_thing(entry_t);
+ list->insert_last(list, entry);
+ }
+ this->lock->unlock(this->lock);
+}
+
+METHOD(crypto_factory_t, add_crypter, void,
+ private_crypto_factory_t *this, encryption_algorithm_t algo,
+ crypter_constructor_t create)
+{
+ u_int speed = 0;
- entry->algo = algo;
- entry->create_crypter = create;
- this->lock->write_lock(this->lock);
- this->crypters->insert_last(this->crypters, entry);
- this->lock->unlock(this->lock);
+ if (!this->test_on_add ||
+ this->tester->test_crypter(this->tester, algo, 0, create,
+ this->bench ? &speed : NULL))
+ {
+ add_entry(this, this->crypters, algo, speed, create);
}
}
-/**
- * Implementation of crypto_factory_t.remove_crypter.
- */
-static void remove_crypter(private_crypto_factory_t *this,
- crypter_constructor_t create)
+METHOD(crypto_factory_t, remove_crypter, void,
+ private_crypto_factory_t *this, crypter_constructor_t create)
{
entry_t *entry;
enumerator_t *enumerator;
@@ -343,30 +424,56 @@ static void remove_crypter(private_crypto_factory_t *this,
this->lock->unlock(this->lock);
}
-/**
- * Implementation of crypto_factory_t.add_signer.
- */
-static void add_signer(private_crypto_factory_t *this,
- integrity_algorithm_t algo, signer_constructor_t create)
+METHOD(crypto_factory_t, add_aead, void,
+ private_crypto_factory_t *this, encryption_algorithm_t algo,
+ aead_constructor_t create)
{
+ u_int speed = 0;
+
if (!this->test_on_add ||
- this->tester->test_signer(this->tester, algo, create))
+ this->tester->test_aead(this->tester, algo, 0, create,
+ this->bench ? &speed : NULL))
{
- entry_t *entry = malloc_thing(entry_t);
+ add_entry(this, this->aeads, algo, speed, create);
+ }
+}
- entry->algo = algo;
- entry->create_signer = create;
- this->lock->write_lock(this->lock);
- this->signers->insert_last(this->signers, entry);
- this->lock->unlock(this->lock);
+METHOD(crypto_factory_t, remove_aead, void,
+ private_crypto_factory_t *this, aead_constructor_t create)
+{
+ entry_t *entry;
+ enumerator_t *enumerator;
+
+ this->lock->write_lock(this->lock);
+ enumerator = this->aeads->create_enumerator(this->aeads);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->create_aead == create)
+ {
+ this->aeads->remove_at(this->aeads, enumerator);
+ free(entry);
+ }
}
+ enumerator->destroy(enumerator);
+ this->lock->unlock(this->lock);
}
-/**
- * Implementation of crypto_factory_t.remove_signer.
- */
-static void remove_signer(private_crypto_factory_t *this,
- signer_constructor_t create)
+METHOD(crypto_factory_t, add_signer, void,
+ private_crypto_factory_t *this, integrity_algorithm_t algo,
+ signer_constructor_t create)
+{
+ u_int speed = 0;
+
+ if (!this->test_on_add ||
+ this->tester->test_signer(this->tester, algo, create,
+ this->bench ? &speed : NULL))
+ {
+ add_entry(this, this->signers, algo, speed, create);
+ }
+}
+
+METHOD(crypto_factory_t, remove_signer, void,
+ private_crypto_factory_t *this, signer_constructor_t create)
{
entry_t *entry;
enumerator_t *enumerator;
@@ -385,30 +492,22 @@ static void remove_signer(private_crypto_factory_t *this,
this->lock->unlock(this->lock);
}
-/**
- * Implementation of crypto_factory_t.add_hasher.
- */
-static void add_hasher(private_crypto_factory_t *this, hash_algorithm_t algo,
- hasher_constructor_t create)
+METHOD(crypto_factory_t, add_hasher, void,
+ private_crypto_factory_t *this, hash_algorithm_t algo,
+ hasher_constructor_t create)
{
+ u_int speed = 0;
+
if (!this->test_on_add ||
- this->tester->test_hasher(this->tester, algo, create))
+ this->tester->test_hasher(this->tester, algo, create,
+ this->bench ? &speed : NULL))
{
- entry_t *entry = malloc_thing(entry_t);
-
- entry->algo = algo;
- entry->create_hasher = create;
- this->lock->write_lock(this->lock);
- this->hashers->insert_last(this->hashers, entry);
- this->lock->unlock(this->lock);
+ add_entry(this, this->hashers, algo, speed, create);
}
}
-/**
- * Implementation of crypto_factory_t.remove_hasher.
- */
-static void remove_hasher(private_crypto_factory_t *this,
- hasher_constructor_t create)
+METHOD(crypto_factory_t, remove_hasher, void,
+ private_crypto_factory_t *this, hasher_constructor_t create)
{
entry_t *entry;
enumerator_t *enumerator;
@@ -427,29 +526,22 @@ static void remove_hasher(private_crypto_factory_t *this,
this->lock->unlock(this->lock);
}
-/**
- * Implementation of crypto_factory_t.add_prf.
- */
-static void add_prf(private_crypto_factory_t *this,
- pseudo_random_function_t algo, prf_constructor_t create)
+METHOD(crypto_factory_t, add_prf, void,
+ private_crypto_factory_t *this, pseudo_random_function_t algo,
+ prf_constructor_t create)
{
+ u_int speed = 0;
+
if (!this->test_on_add ||
- this->tester->test_prf(this->tester, algo, create))
+ this->tester->test_prf(this->tester, algo, create,
+ this->bench ? &speed : NULL))
{
- entry_t *entry = malloc_thing(entry_t);
-
- entry->algo = algo;
- entry->create_prf = create;
- this->lock->write_lock(this->lock);
- this->prfs->insert_last(this->prfs, entry);
- this->lock->unlock(this->lock);
+ add_entry(this, this->prfs, algo, speed, create);
}
}
-/**
- * Implementation of crypto_factory_t.remove_prf.
- */
-static void remove_prf(private_crypto_factory_t *this, prf_constructor_t create)
+METHOD(crypto_factory_t, remove_prf, void,
+ private_crypto_factory_t *this, prf_constructor_t create)
{
entry_t *entry;
enumerator_t *enumerator;
@@ -468,29 +560,22 @@ static void remove_prf(private_crypto_factory_t *this, prf_constructor_t create)
this->lock->unlock(this->lock);
}
-/**
- * Implementation of crypto_factory_t.add_rng.
- */
-static void add_rng(private_crypto_factory_t *this, rng_quality_t quality,
- rng_constructor_t create)
+METHOD(crypto_factory_t, add_rng, void,
+ private_crypto_factory_t *this, rng_quality_t quality,
+ rng_constructor_t create)
{
+ u_int speed = 0;
+
if (!this->test_on_add ||
- this->tester->test_rng(this->tester, quality, create))
+ this->tester->test_rng(this->tester, quality, create,
+ this->bench ? &speed : NULL))
{
- entry_t *entry = malloc_thing(entry_t);
-
- entry->algo = quality;
- entry->create_rng = create;
- this->lock->write_lock(this->lock);
- this->rngs->insert_last(this->rngs, entry);
- this->lock->unlock(this->lock);
+ add_entry(this, this->rngs, quality, speed, create);
}
}
-/**
- * Implementation of crypto_factory_t.remove_rng.
- */
-static void remove_rng(private_crypto_factory_t *this, rng_constructor_t create)
+METHOD(crypto_factory_t, remove_rng, void,
+ private_crypto_factory_t *this, rng_constructor_t create)
{
entry_t *entry;
enumerator_t *enumerator;
@@ -509,25 +594,15 @@ static void remove_rng(private_crypto_factory_t *this, rng_constructor_t create)
this->lock->unlock(this->lock);
}
-/**
- * Implementation of crypto_factory_t.add_dh.
- */
-static void add_dh(private_crypto_factory_t *this, diffie_hellman_group_t group,
- dh_constructor_t create)
+METHOD(crypto_factory_t, add_dh, void,
+ private_crypto_factory_t *this, diffie_hellman_group_t group,
+ dh_constructor_t create)
{
- entry_t *entry = malloc_thing(entry_t);
-
- entry->algo = group;
- entry->create_dh = create;
- this->lock->write_lock(this->lock);
- this->dhs->insert_last(this->dhs, entry);
- this->lock->unlock(this->lock);
+ add_entry(this, this->dhs, group, 0, create);
}
-/**
- * Implementation of crypto_factory_t.remove_dh.
- */
-static void remove_dh(private_crypto_factory_t *this, dh_constructor_t create)
+METHOD(crypto_factory_t, remove_dh, void,
+ private_crypto_factory_t *this, dh_constructor_t create)
{
entry_t *entry;
enumerator_t *enumerator;
@@ -591,14 +666,18 @@ static bool crypter_filter(void *n, entry_t **entry, encryption_algorithm_t *alg
return TRUE;
}
-/**
- * Implementation of crypto_factory_t.create_crypter_enumerator
- */
-static enumerator_t* create_crypter_enumerator(private_crypto_factory_t *this)
+METHOD(crypto_factory_t, create_crypter_enumerator, enumerator_t*,
+ private_crypto_factory_t *this)
{
return create_enumerator(this, this->crypters, crypter_filter);
}
+METHOD(crypto_factory_t, create_aead_enumerator, enumerator_t*,
+ private_crypto_factory_t *this)
+{
+ return create_enumerator(this, this->aeads, crypter_filter);
+}
+
/**
* Filter function to enumerate algorithm, not entry
*/
@@ -608,10 +687,8 @@ static bool signer_filter(void *n, entry_t **entry, integrity_algorithm_t *algo)
return TRUE;
}
-/**
- * Implementation of crypto_factory_t.create_signer_enumerator
- */
-static enumerator_t* create_signer_enumerator(private_crypto_factory_t *this)
+METHOD(crypto_factory_t, create_signer_enumerator, enumerator_t*,
+ private_crypto_factory_t *this)
{
return create_enumerator(this, this->signers, signer_filter);
}
@@ -625,10 +702,8 @@ static bool hasher_filter(void *n, entry_t **entry, hash_algorithm_t *algo)
return TRUE;
}
-/**
- * Implementation of crypto_factory_t.create_hasher_enumerator
- */
-static enumerator_t* create_hasher_enumerator(private_crypto_factory_t *this)
+METHOD(crypto_factory_t, create_hasher_enumerator, enumerator_t*,
+ private_crypto_factory_t *this)
{
return create_enumerator(this, this->hashers, hasher_filter);
}
@@ -642,10 +717,8 @@ static bool prf_filter(void *n, entry_t **entry, pseudo_random_function_t *algo)
return TRUE;
}
-/**
- * Implementation of crypto_factory_t.create_prf_enumerator
- */
-static enumerator_t* create_prf_enumerator(private_crypto_factory_t *this)
+METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*,
+ private_crypto_factory_t *this)
{
return create_enumerator(this, this->prfs, prf_filter);
}
@@ -659,24 +732,21 @@ static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group)
return TRUE;
}
-/**
- * Implementation of crypto_factory_t.create_dh_enumerator
- */
-static enumerator_t* create_dh_enumerator(private_crypto_factory_t *this)
+METHOD(crypto_factory_t, create_dh_enumerator, enumerator_t*,
+ private_crypto_factory_t *this)
{
return create_enumerator(this, this->dhs, dh_filter);
}
-/**
- * Implementation of crypto_factory_t.add_test_vector
- */
-static void add_test_vector(private_crypto_factory_t *this,
- transform_type_t type, void *vector)
+METHOD(crypto_factory_t, add_test_vector, void,
+ private_crypto_factory_t *this, transform_type_t type, void *vector)
{
switch (type)
{
case ENCRYPTION_ALGORITHM:
return this->tester->add_crypter_vector(this->tester, vector);
+ case AEAD_ALGORITHM:
+ return this->tester->add_aead_vector(this->tester, vector);
case INTEGRITY_ALGORITHM:
return this->tester->add_signer_vector(this->tester, vector);
case HASH_ALGORITHM:
@@ -691,17 +761,16 @@ static void add_test_vector(private_crypto_factory_t *this,
}
}
-/**
- * Implementation of crypto_factory_t.destroy
- */
-static void destroy(private_crypto_factory_t *this)
-{
- this->crypters->destroy_function(this->crypters, free);
- this->signers->destroy_function(this->signers, free);
- this->hashers->destroy_function(this->hashers, free);
- this->prfs->destroy_function(this->prfs, free);
- this->rngs->destroy_function(this->rngs, free);
- this->dhs->destroy_function(this->dhs, free);
+METHOD(crypto_factory_t, destroy, void,
+ private_crypto_factory_t *this)
+{
+ this->crypters->destroy(this->crypters);
+ this->aeads->destroy(this->aeads);
+ this->signers->destroy(this->signers);
+ this->hashers->destroy(this->hashers);
+ this->prfs->destroy(this->prfs);
+ this->rngs->destroy(this->rngs);
+ this->dhs->destroy(this->dhs);
this->tester->destroy(this->tester);
this->lock->destroy(this->lock);
free(this);
@@ -712,46 +781,56 @@ static void destroy(private_crypto_factory_t *this)
*/
crypto_factory_t *crypto_factory_create()
{
- private_crypto_factory_t *this = malloc_thing(private_crypto_factory_t);
-
- this->public.create_crypter = (crypter_t*(*)(crypto_factory_t*, encryption_algorithm_t, size_t))create_crypter;
- this->public.create_signer = (signer_t*(*)(crypto_factory_t*, integrity_algorithm_t))create_signer;
- this->public.create_hasher = (hasher_t*(*)(crypto_factory_t*, hash_algorithm_t))create_hasher;
- this->public.create_prf = (prf_t*(*)(crypto_factory_t*, pseudo_random_function_t))create_prf;
- this->public.create_rng = (rng_t*(*)(crypto_factory_t*, rng_quality_t quality))create_rng;
- this->public.create_dh = (diffie_hellman_t*(*)(crypto_factory_t*, diffie_hellman_group_t group))create_dh;
- this->public.add_crypter = (void(*)(crypto_factory_t*, encryption_algorithm_t algo, crypter_constructor_t create))add_crypter;
- this->public.remove_crypter = (void(*)(crypto_factory_t*, crypter_constructor_t create))remove_crypter;
- this->public.add_signer = (void(*)(crypto_factory_t*, integrity_algorithm_t algo, signer_constructor_t create))add_signer;
- this->public.remove_signer = (void(*)(crypto_factory_t*, signer_constructor_t create))remove_signer;
- this->public.add_hasher = (void(*)(crypto_factory_t*, hash_algorithm_t algo, hasher_constructor_t create))add_hasher;
- this->public.remove_hasher = (void(*)(crypto_factory_t*, hasher_constructor_t create))remove_hasher;
- this->public.add_prf = (void(*)(crypto_factory_t*, pseudo_random_function_t algo, prf_constructor_t create))add_prf;
- this->public.remove_prf = (void(*)(crypto_factory_t*, prf_constructor_t create))remove_prf;
- this->public.add_rng = (void(*)(crypto_factory_t*, rng_quality_t quality, rng_constructor_t create))add_rng;
- this->public.remove_rng = (void(*)(crypto_factory_t*, rng_constructor_t create))remove_rng;
- this->public.add_dh = (void(*)(crypto_factory_t*, diffie_hellman_group_t algo, dh_constructor_t create))add_dh;
- this->public.remove_dh = (void(*)(crypto_factory_t*, dh_constructor_t create))remove_dh;
- this->public.create_crypter_enumerator = (enumerator_t*(*)(crypto_factory_t*))create_crypter_enumerator;
- this->public.create_signer_enumerator = (enumerator_t*(*)(crypto_factory_t*))create_signer_enumerator;
- this->public.create_hasher_enumerator = (enumerator_t*(*)(crypto_factory_t*))create_hasher_enumerator;
- this->public.create_prf_enumerator = (enumerator_t*(*)(crypto_factory_t*))create_prf_enumerator;
- this->public.create_dh_enumerator = (enumerator_t*(*)(crypto_factory_t*))create_dh_enumerator;
- this->public.add_test_vector = (void(*)(crypto_factory_t*, transform_type_t type, ...))add_test_vector;
- this->public.destroy = (void(*)(crypto_factory_t*))destroy;
-
- this->crypters = linked_list_create();
- this->signers = linked_list_create();
- this->hashers = linked_list_create();
- this->prfs = linked_list_create();
- this->rngs = linked_list_create();
- this->dhs = linked_list_create();
- this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
- this->tester = crypto_tester_create();
- this->test_on_add = lib->settings->get_bool(lib->settings,
- "libstrongswan.crypto_test.on_add", FALSE);
- this->test_on_create = lib->settings->get_bool(lib->settings,
- "libstrongswan.crypto_test.on_create", FALSE);
+ private_crypto_factory_t *this;
+
+ INIT(this,
+ .public = {
+ .create_crypter = _create_crypter,
+ .create_aead = _create_aead,
+ .create_signer = _create_signer,
+ .create_hasher = _create_hasher,
+ .create_prf = _create_prf,
+ .create_rng = _create_rng,
+ .create_dh = _create_dh,
+ .add_crypter = _add_crypter,
+ .remove_crypter = _remove_crypter,
+ .add_aead = _add_aead,
+ .remove_aead = _remove_aead,
+ .add_signer = _add_signer,
+ .remove_signer = _remove_signer,
+ .add_hasher = _add_hasher,
+ .remove_hasher = _remove_hasher,
+ .add_prf = _add_prf,
+ .remove_prf = _remove_prf,
+ .add_rng = _add_rng,
+ .remove_rng = _remove_rng,
+ .add_dh = _add_dh,
+ .remove_dh = _remove_dh,
+ .create_crypter_enumerator = _create_crypter_enumerator,
+ .create_aead_enumerator = _create_aead_enumerator,
+ .create_signer_enumerator = _create_signer_enumerator,
+ .create_hasher_enumerator = _create_hasher_enumerator,
+ .create_prf_enumerator = _create_prf_enumerator,
+ .create_dh_enumerator = _create_dh_enumerator,
+ .add_test_vector = _add_test_vector,
+ .destroy = _destroy,
+ },
+ .crypters = linked_list_create(),
+ .aeads = linked_list_create(),
+ .signers = linked_list_create(),
+ .hashers = linked_list_create(),
+ .prfs = linked_list_create(),
+ .rngs = linked_list_create(),
+ .dhs = linked_list_create(),
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ .tester = crypto_tester_create(),
+ .test_on_add = lib->settings->get_bool(lib->settings,
+ "libstrongswan.crypto_test.on_add", FALSE),
+ .test_on_create = lib->settings->get_bool(lib->settings,
+ "libstrongswan.crypto_test.on_create", FALSE),
+ .bench = lib->settings->get_bool(lib->settings,
+ "libstrongswan.crypto_test.bench", FALSE),
+ );
return &this->public;
}
diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h
index 9c6effd26..ff06eda7b 100644
--- a/src/libstrongswan/crypto/crypto_factory.h
+++ b/src/libstrongswan/crypto/crypto_factory.h
@@ -25,6 +25,7 @@ typedef struct crypto_factory_t crypto_factory_t;
#include <library.h>
#include <crypto/crypters/crypter.h>
+#include <crypto/aead.h>
#include <crypto/signers/signer.h>
#include <crypto/hashers/hasher.h>
#include <crypto/prfs/prf.h>
@@ -38,6 +39,11 @@ typedef struct crypto_factory_t crypto_factory_t;
typedef crypter_t* (*crypter_constructor_t)(encryption_algorithm_t algo,
size_t key_size);
/**
+ * Constructor function for aead transforms
+ */
+typedef aead_t* (*aead_constructor_t)(encryption_algorithm_t algo,
+ size_t key_size);
+/**
* Constructor function for signers
*/
typedef signer_t* (*signer_constructor_t)(integrity_algorithm_t algo);
@@ -59,8 +65,11 @@ typedef rng_t* (*rng_constructor_t)(rng_quality_t quality);
/**
* Constructor function for diffie hellman
+ *
+ * The DH constructor accepts additional arguments for:
+ * - MODP_CUSTOM: chunk_t generator, chunk_t prime
*/
-typedef diffie_hellman_t* (*dh_constructor_t)(diffie_hellman_group_t group);
+typedef diffie_hellman_t* (*dh_constructor_t)(diffie_hellman_group_t group, ...);
/**
* Handles crypto modules and creates instances.
@@ -78,6 +87,16 @@ struct crypto_factory_t {
encryption_algorithm_t algo, size_t key_size);
/**
+ * Create a aead instance.
+ *
+ * @param algo encryption algorithm
+ * @param key_size length of the key in bytes
+ * @return aead_t instance, NULL if not supported
+ */
+ aead_t* (*create_aead)(crypto_factory_t *this,
+ encryption_algorithm_t algo, size_t key_size);
+
+ /**
* Create a symmetric signer instance.
*
* @param algo MAC algorithm to use
@@ -113,11 +132,13 @@ struct crypto_factory_t {
/**
* Create a diffie hellman instance.
*
+ * Additional arguments are passed to the DH constructor.
+ *
* @param group diffie hellman group
* @return diffie_hellman_t instance, NULL if not supported
*/
diffie_hellman_t* (*create_dh)(crypto_factory_t *this,
- diffie_hellman_group_t group);
+ diffie_hellman_group_t group, ...);
/**
* Register a crypter constructor.
@@ -137,6 +158,23 @@ struct crypto_factory_t {
void (*remove_crypter)(crypto_factory_t *this, crypter_constructor_t create);
/**
+ * Unregister a aead constructor.
+ *
+ * @param create constructor function to unregister
+ */
+ void (*remove_aead)(crypto_factory_t *this, aead_constructor_t create);
+
+ /**
+ * Register a aead constructor.
+ *
+ * @param algo algorithm to constructor
+ * @param create constructor function for that algorithm
+ * @return
+ */
+ void (*add_aead)(crypto_factory_t *this, encryption_algorithm_t algo,
+ aead_constructor_t create);
+
+ /**
* Register a signer constructor.
*
* @param algo algorithm to constructor
@@ -230,6 +268,13 @@ struct crypto_factory_t {
enumerator_t* (*create_crypter_enumerator)(crypto_factory_t *this);
/**
+ * Create an enumerator over all registered aead algorithms.
+ *
+ * @return enumerator over encryption_algorithm_t
+ */
+ enumerator_t* (*create_aead_enumerator)(crypto_factory_t *this);
+
+ /**
* Create an enumerator over all registered signer algorithms.
*
* @return enumerator over integrity_algorithm_t
@@ -261,9 +306,10 @@ struct crypto_factory_t {
* Add a test vector to the crypto factory.
*
* @param type type of the test vector
- * @param ... pointer to a test vector, defined in crypto_tester.h
+ * @param vector pointer to a test vector, defined in crypto_tester.h
*/
- void (*add_test_vector)(crypto_factory_t *this, transform_type_t type, ...);
+ void (*add_test_vector)(crypto_factory_t *this, transform_type_t type,
+ void *vector);
/**
* Destroy a crypto_factory instance.
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
index 76cc1cf2c..d17485ff2 100644
--- a/src/libstrongswan/crypto/crypto_tester.c
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -1,6 +1,7 @@
/*
- * Copyright (C) 2009 Martin Willi
+ * Copyright (C) 2009-2010 Martin Willi
* Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2010 revosec AG
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
@@ -13,6 +14,10 @@
* for more details.
*/
+#define _GNU_SOURCE
+#include <dlfcn.h>
+#include <time.h>
+
#include "crypto_tester.h"
#include <debug.h>
@@ -36,6 +41,11 @@ struct private_crypto_tester_t {
linked_list_t *crypter;
/**
+ * List of aead test vectors
+ */
+ linked_list_t *aead;
+
+ /**
* List of signer test vectors
*/
linked_list_t *signer;
@@ -64,13 +74,98 @@ struct private_crypto_tester_t {
* should we run RNG_TRUE tests? Enough entropy?
*/
bool rng_true;
+
+ /**
+ * time we test each algorithm
+ */
+ int bench_time;
+
+ /**
+ * size of buffer we use for benchmarking
+ */
+ int bench_size;
};
/**
- * Implementation of crypto_tester_t.test_crypter
+ * Get the name of a test vector, if available
+ */
+static const char* get_name(void *sym)
+{
+#ifdef HAVE_DLADDR
+ Dl_info dli;
+
+ if (dladdr(sym, &dli))
+ {
+ return dli.dli_sname;
+ }
+#endif
+ return "unknown";
+}
+
+/**
+ * Start a benchmark timer
+ */
+static void start_timing(struct timespec *start)
+{
+ clock_gettime(CLOCK_THREAD_CPUTIME_ID, start);
+}
+
+/**
+ * End a benchmark timer, return ms
+ */
+static u_int end_timing(struct timespec *start)
+{
+ struct timespec end;
+
+ clock_gettime(CLOCK_THREAD_CPUTIME_ID, &end);
+ return (end.tv_nsec - start->tv_nsec) / 1000000 +
+ (end.tv_sec - start->tv_sec) * 1000;
+}
+
+/**
+ * Benchmark a crypter
*/
-static bool test_crypter(private_crypto_tester_t *this,
- encryption_algorithm_t alg, size_t key_size, crypter_constructor_t create)
+static u_int bench_crypter(private_crypto_tester_t *this,
+ encryption_algorithm_t alg, crypter_constructor_t create)
+{
+ crypter_t *crypter;
+
+ crypter = create(alg, 0);
+ if (crypter)
+ {
+ char iv[crypter->get_iv_size(crypter)];
+ char key[crypter->get_key_size(crypter)];
+ chunk_t buf;
+ struct timespec start;
+ u_int runs;
+
+ memset(iv, 0x56, sizeof(iv));
+ memset(key, 0x12, sizeof(key));
+ crypter->set_key(crypter, chunk_from_thing(key));
+
+ buf = chunk_alloc(this->bench_size);
+ memset(buf.ptr, 0x34, buf.len);
+
+ runs = 0;
+ start_timing(&start);
+ while (end_timing(&start) < this->bench_time)
+ {
+ crypter->encrypt(crypter, buf, chunk_from_thing(iv), NULL);
+ runs++;
+ crypter->decrypt(crypter, buf, chunk_from_thing(iv), NULL);
+ runs++;
+ }
+ free(buf.ptr);
+ crypter->destroy(crypter);
+
+ return runs;
+ }
+ return 0;
+}
+
+METHOD(crypto_tester_t, test_crypter, bool,
+ private_crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size,
+ crypter_constructor_t create, u_int *speed)
{
enumerator_t *enumerator;
crypter_test_vector_t *vector;
@@ -102,7 +197,7 @@ static bool test_crypter(private_crypto_tester_t *this,
key = chunk_create(vector->key, crypter->get_key_size(crypter));
crypter->set_key(crypter, key);
- iv = chunk_create(vector->iv, crypter->get_block_size(crypter));
+ iv = chunk_create(vector->iv, crypter->get_iv_size(crypter));
/* allocated encryption */
plain = chunk_create(vector->plain, vector->len);
@@ -136,8 +231,165 @@ static bool test_crypter(private_crypto_tester_t *this,
crypter->destroy(crypter);
if (failed)
{
- DBG1(DBG_LIB, "disabled %N: test vector %u failed",
+ DBG1(DBG_LIB, "disabled %N: %s test vector failed",
+ encryption_algorithm_names, alg, get_name(vector));
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!tested)
+ {
+ DBG1(DBG_LIB, "%s %N: no test vectors found",
+ this->required ? "disabled" : "enabled ",
+ encryption_algorithm_names, alg);
+ return !this->required;
+ }
+ if (!failed)
+ {
+ if (speed)
+ {
+ *speed = bench_crypter(this, alg, create);
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points",
+ encryption_algorithm_names, alg, tested, *speed);
+ }
+ else
+ {
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
encryption_algorithm_names, alg, tested);
+ }
+ }
+ return !failed;
+}
+
+/**
+ * Benchmark an aead transform
+ */
+static u_int bench_aead(private_crypto_tester_t *this,
+ encryption_algorithm_t alg, aead_constructor_t create)
+{
+ aead_t *aead;
+
+ aead = create(alg, 0);
+ if (aead)
+ {
+ char iv[aead->get_iv_size(aead)];
+ char key[aead->get_key_size(aead)];
+ char assoc[4];
+ chunk_t buf;
+ struct timespec start;
+ u_int runs;
+ size_t icv;
+
+ memset(iv, 0x56, sizeof(iv));
+ memset(key, 0x12, sizeof(key));
+ memset(assoc, 0x78, sizeof(assoc));
+ aead->set_key(aead, chunk_from_thing(key));
+ icv = aead->get_icv_size(aead);
+
+ buf = chunk_alloc(this->bench_size + icv);
+ memset(buf.ptr, 0x34, buf.len);
+ buf.len -= icv;
+
+ runs = 0;
+ start_timing(&start);
+ while (end_timing(&start) < this->bench_time)
+ {
+ aead->encrypt(aead, buf, chunk_from_thing(assoc),
+ chunk_from_thing(iv), NULL);
+ runs += 2;
+ aead->decrypt(aead, chunk_create(buf.ptr, buf.len + icv),
+ chunk_from_thing(assoc), chunk_from_thing(iv), NULL);
+ runs += 2;
+ }
+ free(buf.ptr);
+ aead->destroy(aead);
+
+ return runs;
+ }
+ return 0;
+}
+
+METHOD(crypto_tester_t, test_aead, bool,
+ private_crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size,
+ aead_constructor_t create, u_int *speed)
+{
+ enumerator_t *enumerator;
+ aead_test_vector_t *vector;
+ bool failed = FALSE;
+ u_int tested = 0;
+
+ enumerator = this->aead->create_enumerator(this->aead);
+ while (enumerator->enumerate(enumerator, &vector))
+ {
+ aead_t *aead;
+ chunk_t key, plain, cipher, iv, assoc;
+ size_t icv;
+
+ if (vector->alg != alg)
+ {
+ continue;
+ }
+ if (key_size && key_size != vector->key_size)
+ { /* test only vectors with a specific key size, if key size given */
+ continue;
+ }
+ aead = create(alg, vector->key_size);
+ if (!aead)
+ { /* key size not supported... */
+ continue;
+ }
+
+ failed = FALSE;
+ tested++;
+
+ key = chunk_create(vector->key, aead->get_key_size(aead));
+ aead->set_key(aead, key);
+ iv = chunk_create(vector->iv, aead->get_iv_size(aead));
+ assoc = chunk_create(vector->adata, vector->alen);
+ icv = aead->get_icv_size(aead);
+
+ /* allocated encryption */
+ plain = chunk_create(vector->plain, vector->len);
+ aead->encrypt(aead, plain, assoc, iv, &cipher);
+ if (!memeq(vector->cipher, cipher.ptr, cipher.len))
+ {
+ failed = TRUE;
+ }
+ /* inline decryption */
+ if (!aead->decrypt(aead, cipher, assoc, iv, NULL))
+ {
+ failed = TRUE;
+ }
+ if (!memeq(vector->plain, cipher.ptr, cipher.len - icv))
+ {
+ failed = TRUE;
+ }
+ free(cipher.ptr);
+ /* allocated decryption */
+ cipher = chunk_create(vector->cipher, vector->len + icv);
+ if (!aead->decrypt(aead, cipher, assoc, iv, &plain))
+ {
+ plain = chunk_empty;
+ failed = TRUE;
+ }
+ else if (!memeq(vector->plain, plain.ptr, plain.len))
+ {
+ failed = TRUE;
+ }
+ plain.ptr = realloc(plain.ptr, plain.len + icv);
+ /* inline encryption */
+ aead->encrypt(aead, plain, assoc, iv, NULL);
+ if (!memeq(vector->cipher, plain.ptr, plain.len + icv))
+ {
+ failed = TRUE;
+ }
+ free(plain.ptr);
+
+ aead->destroy(aead);
+ if (failed)
+ {
+ DBG1(DBG_LIB, "disabled %N: %s test vector failed",
+ encryption_algorithm_names, alg, get_name(vector));
break;
}
}
@@ -151,17 +403,64 @@ static bool test_crypter(private_crypto_tester_t *this,
}
if (!failed)
{
- DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
- encryption_algorithm_names, alg, tested);
+ if (speed)
+ {
+ *speed = bench_aead(this, alg, create);
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points",
+ encryption_algorithm_names, alg, tested, *speed);
+ }
+ else
+ {
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
+ encryption_algorithm_names, alg, tested);
+ }
}
return !failed;
}
/**
- * Implementation of crypto_tester_t.test_signer
+ * Benchmark a signer
*/
-static bool test_signer(private_crypto_tester_t *this,
- integrity_algorithm_t alg, signer_constructor_t create)
+static u_int bench_signer(private_crypto_tester_t *this,
+ encryption_algorithm_t alg, signer_constructor_t create)
+{
+ signer_t *signer;
+
+ signer = create(alg);
+ if (signer)
+ {
+ char key[signer->get_key_size(signer)];
+ char mac[signer->get_block_size(signer)];
+ chunk_t buf;
+ struct timespec start;
+ u_int runs;
+
+ memset(key, 0x12, sizeof(key));
+ signer->set_key(signer, chunk_from_thing(key));
+
+ buf = chunk_alloc(this->bench_size);
+ memset(buf.ptr, 0x34, buf.len);
+
+ runs = 0;
+ start_timing(&start);
+ while (end_timing(&start) < this->bench_time)
+ {
+ signer->get_signature(signer, buf, mac);
+ runs++;
+ signer->verify_signature(signer, buf, chunk_from_thing(mac));
+ runs++;
+ }
+ free(buf.ptr);
+ signer->destroy(signer);
+
+ return runs;
+ }
+ return 0;
+}
+
+METHOD(crypto_tester_t, test_signer, bool,
+ private_crypto_tester_t *this, integrity_algorithm_t alg,
+ signer_constructor_t create, u_int *speed)
{
enumerator_t *enumerator;
signer_test_vector_t *vector;
@@ -226,11 +525,10 @@ static bool test_signer(private_crypto_tester_t *this,
/* signature to existing buffer, using append mode */
if (data.len > 2)
{
- memset(mac.ptr, 0, mac.len);
signer->allocate_signature(signer, chunk_create(data.ptr, 1), NULL);
signer->get_signature(signer, chunk_create(data.ptr + 1, 1), NULL);
- signer->get_signature(signer, chunk_skip(data, 2), mac.ptr);
- if (!memeq(vector->mac, mac.ptr, mac.len))
+ if (!signer->verify_signature(signer, chunk_skip(data, 2),
+ chunk_create(vector->mac, mac.len)))
{
failed = TRUE;
}
@@ -240,8 +538,8 @@ static bool test_signer(private_crypto_tester_t *this,
signer->destroy(signer);
if (failed)
{
- DBG1(DBG_LIB, "disabled %N: test vector %u failed",
- integrity_algorithm_names, alg, tested);
+ DBG1(DBG_LIB, "disabled %N: %s test vector failed",
+ integrity_algorithm_names, alg, get_name(vector));
break;
}
}
@@ -255,17 +553,58 @@ static bool test_signer(private_crypto_tester_t *this,
}
if (!failed)
{
- DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
- integrity_algorithm_names, alg, tested);
+ if (speed)
+ {
+ *speed = bench_signer(this, alg, create);
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points",
+ integrity_algorithm_names, alg, tested, *speed);
+ }
+ else
+ {
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
+ integrity_algorithm_names, alg, tested);
+ }
}
return !failed;
}
/**
- * Implementation of hasher_t.test_hasher
+ * Benchmark a hasher
*/
-static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg,
- hasher_constructor_t create)
+static u_int bench_hasher(private_crypto_tester_t *this,
+ hash_algorithm_t alg, hasher_constructor_t create)
+{
+ hasher_t *hasher;
+
+ hasher = create(alg);
+ if (hasher)
+ {
+ char hash[hasher->get_hash_size(hasher)];
+ chunk_t buf;
+ struct timespec start;
+ u_int runs;
+
+ buf = chunk_alloc(this->bench_size);
+ memset(buf.ptr, 0x34, buf.len);
+
+ runs = 0;
+ start_timing(&start);
+ while (end_timing(&start) < this->bench_time)
+ {
+ hasher->get_hash(hasher, buf, hash);
+ runs++;
+ }
+ free(buf.ptr);
+ hasher->destroy(hasher);
+
+ return runs;
+ }
+ return 0;
+}
+
+METHOD(crypto_tester_t, test_hasher, bool,
+ private_crypto_tester_t *this, hash_algorithm_t alg,
+ hasher_constructor_t create, u_int *speed)
{
enumerator_t *enumerator;
hasher_test_vector_t *vector;
@@ -330,8 +669,8 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg,
hasher->destroy(hasher);
if (failed)
{
- DBG1(DBG_LIB, "disabled %N: test vector %u failed",
- hash_algorithm_names, alg, tested);
+ DBG1(DBG_LIB, "disabled %N: %s test vector failed",
+ hash_algorithm_names, alg, get_name(vector));
break;
}
}
@@ -345,17 +684,58 @@ static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg,
}
if (!failed)
{
- DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
- hash_algorithm_names, alg, tested);
+ if (speed)
+ {
+ *speed = bench_hasher(this, alg, create);
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points",
+ hash_algorithm_names, alg, tested, *speed);
+ }
+ else
+ {
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
+ hash_algorithm_names, alg, tested);
+ }
}
return !failed;
}
/**
- * Implementation of crypto_tester_t.test_prf
+ * Benchmark a PRF
*/
-static bool test_prf(private_crypto_tester_t *this,
- pseudo_random_function_t alg, prf_constructor_t create)
+static u_int bench_prf(private_crypto_tester_t *this,
+ pseudo_random_function_t alg, prf_constructor_t create)
+{
+ prf_t *prf;
+
+ prf = create(alg);
+ if (prf)
+ {
+ char bytes[prf->get_block_size(prf)];
+ chunk_t buf;
+ struct timespec start;
+ u_int runs;
+
+ buf = chunk_alloc(this->bench_size);
+ memset(buf.ptr, 0x34, buf.len);
+
+ runs = 0;
+ start_timing(&start);
+ while (end_timing(&start) < this->bench_time)
+ {
+ prf->get_bytes(prf, buf, bytes);
+ runs++;
+ }
+ free(buf.ptr);
+ prf->destroy(prf);
+
+ return runs;
+ }
+ return 0;
+}
+
+METHOD(crypto_tester_t, test_prf, bool,
+ private_crypto_tester_t *this, pseudo_random_function_t alg,
+ prf_constructor_t create, u_int *speed)
{
enumerator_t *enumerator;
prf_test_vector_t *vector;
@@ -431,8 +811,8 @@ static bool test_prf(private_crypto_tester_t *this,
prf->destroy(prf);
if (failed)
{
- DBG1(DBG_LIB, "disabled %N: test vector %u failed",
- pseudo_random_function_names, alg, tested);
+ DBG1(DBG_LIB, "disabled %N: %s test vector failed",
+ pseudo_random_function_names, alg, get_name(vector));
break;
}
}
@@ -446,17 +826,55 @@ static bool test_prf(private_crypto_tester_t *this,
}
if (!failed)
{
- DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
- pseudo_random_function_names, alg, tested);
+ if (speed)
+ {
+ *speed = bench_prf(this, alg, create);
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points",
+ pseudo_random_function_names, alg, tested, *speed);
+ }
+ else
+ {
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
+ pseudo_random_function_names, alg, tested);
+ }
}
return !failed;
}
/**
- * Implementation of crypto_tester_t.test_rng
+ * Benchmark a RNG
*/
-static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
- rng_constructor_t create)
+static u_int bench_rng(private_crypto_tester_t *this,
+ rng_quality_t quality, rng_constructor_t create)
+{
+ rng_t *rng;
+
+ rng = create(quality);
+ if (rng)
+ {
+ struct timespec start;
+ chunk_t buf;
+ u_int runs;
+
+ runs = 0;
+ buf = chunk_alloc(this->bench_size);
+ start_timing(&start);
+ while (end_timing(&start) < this->bench_time)
+ {
+ rng->get_bytes(rng, buf.len, buf.ptr);
+ runs++;
+ }
+ free(buf.ptr);
+ rng->destroy(rng);
+
+ return runs;
+ }
+ return 0;
+}
+
+METHOD(crypto_tester_t, test_rng, bool,
+ private_crypto_tester_t *this, rng_quality_t quality,
+ rng_constructor_t create, u_int *speed)
{
enumerator_t *enumerator;
rng_test_vector_t *vector;
@@ -515,8 +933,8 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
rng->destroy(rng);
if (failed)
{
- DBG1(DBG_LIB, "disabled %N: test vector %u failed",
- rng_quality_names, quality, tested);
+ DBG1(DBG_LIB, "disabled %N: %s test vector failed",
+ rng_quality_names, quality, get_name(vector));
break;
}
}
@@ -530,63 +948,62 @@ static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
}
if (!failed)
{
- DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
- rng_quality_names, quality, tested);
+ if (speed)
+ {
+ *speed = bench_rng(this, quality, create);
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points",
+ rng_quality_names, quality, tested, *speed);
+ }
+ else
+ {
+ DBG1(DBG_LIB, "enabled %N: passed %u test vectors",
+ rng_quality_names, quality, tested);
+ }
}
return !failed;
}
-/**
- * Implementation of crypter_tester_t.add_crypter_vector
- */
-static void add_crypter_vector(private_crypto_tester_t *this,
- crypter_test_vector_t *vector)
+METHOD(crypto_tester_t, add_crypter_vector, void,
+ private_crypto_tester_t *this, crypter_test_vector_t *vector)
{
this->crypter->insert_last(this->crypter, vector);
}
-/**
- * Implementation of crypter_tester_t.add_signer_vector
- */
-static void add_signer_vector(private_crypto_tester_t *this,
- signer_test_vector_t *vector)
+METHOD(crypto_tester_t, add_aead_vector, void,
+ private_crypto_tester_t *this, aead_test_vector_t *vector)
+{
+ this->aead->insert_last(this->aead, vector);
+}
+
+METHOD(crypto_tester_t, add_signer_vector, void,
+ private_crypto_tester_t *this, signer_test_vector_t *vector)
{
this->signer->insert_last(this->signer, vector);
}
-/**
- * Implementation of crypter_tester_t.add_hasher_vector
- */
-static void add_hasher_vector(private_crypto_tester_t *this,
- hasher_test_vector_t *vector)
+METHOD(crypto_tester_t, add_hasher_vector, void,
+ private_crypto_tester_t *this, hasher_test_vector_t *vector)
{
this->hasher->insert_last(this->hasher, vector);
}
-/**
- * Implementation of crypter_tester_t.add_prf_vector
- */
-static void add_prf_vector(private_crypto_tester_t *this,
- prf_test_vector_t *vector)
+METHOD(crypto_tester_t, add_prf_vector, void,
+ private_crypto_tester_t *this, prf_test_vector_t *vector)
{
this->prf->insert_last(this->prf, vector);
}
-/**
- * Implementation of crypter_tester_t.add_rng_vector
- */
-static void add_rng_vector(private_crypto_tester_t *this,
- rng_test_vector_t *vector)
+METHOD(crypto_tester_t, add_rng_vector, void,
+ private_crypto_tester_t *this, rng_test_vector_t *vector)
{
this->rng->insert_last(this->rng, vector);
}
-/**
- * Implementation of crypto_tester_t.destroy.
- */
-static void destroy(private_crypto_tester_t *this)
+METHOD(crypto_tester_t, destroy, void,
+ private_crypto_tester_t *this)
{
this->crypter->destroy(this->crypter);
+ this->aead->destroy(this->aead);
this->signer->destroy(this->signer);
this->hasher->destroy(this->hasher);
this->prf->destroy(this->prf);
@@ -599,30 +1016,43 @@ static void destroy(private_crypto_tester_t *this)
*/
crypto_tester_t *crypto_tester_create()
{
- private_crypto_tester_t *this = malloc_thing(private_crypto_tester_t);
-
- this->public.test_crypter = (bool(*)(crypto_tester_t*, encryption_algorithm_t alg,size_t key_size, crypter_constructor_t create))test_crypter;
- this->public.test_signer = (bool(*)(crypto_tester_t*, integrity_algorithm_t alg, signer_constructor_t create))test_signer;
- this->public.test_hasher = (bool(*)(crypto_tester_t*, hash_algorithm_t alg, hasher_constructor_t create))test_hasher;
- this->public.test_prf = (bool(*)(crypto_tester_t*, pseudo_random_function_t alg, prf_constructor_t create))test_prf;
- this->public.test_rng = (bool(*)(crypto_tester_t*, rng_quality_t quality, rng_constructor_t create))test_rng;
- this->public.add_crypter_vector = (void(*)(crypto_tester_t*, crypter_test_vector_t *vector))add_crypter_vector;
- this->public.add_signer_vector = (void(*)(crypto_tester_t*, signer_test_vector_t *vector))add_signer_vector;
- this->public.add_hasher_vector = (void(*)(crypto_tester_t*, hasher_test_vector_t *vector))add_hasher_vector;
- this->public.add_prf_vector = (void(*)(crypto_tester_t*, prf_test_vector_t *vector))add_prf_vector;
- this->public.add_rng_vector = (void(*)(crypto_tester_t*, rng_test_vector_t *vector))add_rng_vector;
- this->public.destroy = (void(*)(crypto_tester_t*))destroy;
-
- this->crypter = linked_list_create();
- this->signer = linked_list_create();
- this->hasher = linked_list_create();
- this->prf = linked_list_create();
- this->rng = linked_list_create();
-
- this->required = lib->settings->get_bool(lib->settings,
- "libstrongswan.crypto_test.required", FALSE);
- this->rng_true = lib->settings->get_bool(lib->settings,
- "libstrongswan.crypto_test.rng_true", FALSE);
+ private_crypto_tester_t *this;
+
+ INIT(this,
+ .public = {
+ .test_crypter = _test_crypter,
+ .test_aead = _test_aead,
+ .test_signer = _test_signer,
+ .test_hasher = _test_hasher,
+ .test_prf = _test_prf,
+ .test_rng = _test_rng,
+ .add_crypter_vector = _add_crypter_vector,
+ .add_aead_vector = _add_aead_vector,
+ .add_signer_vector = _add_signer_vector,
+ .add_hasher_vector = _add_hasher_vector,
+ .add_prf_vector = _add_prf_vector,
+ .add_rng_vector = _add_rng_vector,
+ .destroy = _destroy,
+ },
+ .crypter = linked_list_create(),
+ .aead = linked_list_create(),
+ .signer = linked_list_create(),
+ .hasher = linked_list_create(),
+ .prf = linked_list_create(),
+ .rng = linked_list_create(),
+
+ .required = lib->settings->get_bool(lib->settings,
+ "libstrongswan.crypto_test.required", FALSE),
+ .rng_true = lib->settings->get_bool(lib->settings,
+ "libstrongswan.crypto_test.rng_true", FALSE),
+ .bench_time = lib->settings->get_int(lib->settings,
+ "libstrongswan.crypto_test.bench_time", 50),
+ .bench_size = lib->settings->get_int(lib->settings,
+ "libstrongswan.crypto_test.bench_size", 1024),
+ );
+
+ /* enforce a block size of 16, should be fine for all algorithms */
+ this->bench_size = this->bench_size / 16 * 16;
return &this->public;
}
diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h
index ddcc2da51..cef0b3c18 100644
--- a/src/libstrongswan/crypto/crypto_tester.h
+++ b/src/libstrongswan/crypto/crypto_tester.h
@@ -26,6 +26,7 @@ typedef struct crypto_tester_t crypto_tester_t;
#include <crypto/crypto_factory.h>
typedef struct crypter_test_vector_t crypter_test_vector_t;
+typedef struct aead_test_vector_t aead_test_vector_t;
typedef struct signer_test_vector_t signer_test_vector_t;
typedef struct hasher_test_vector_t hasher_test_vector_t;
typedef struct prf_test_vector_t prf_test_vector_t;
@@ -48,6 +49,27 @@ struct crypter_test_vector_t {
u_char *cipher;
};
+struct aead_test_vector_t {
+ /** encryption algorithm this vector tests */
+ encryption_algorithm_t alg;
+ /** key length to use, in bytes */
+ size_t key_size;
+ /** encryption key of test vector */
+ u_char *key;
+ /** initialization vector, using crypters blocksize bytes */
+ u_char *iv;
+ /** length of associated data */
+ size_t alen;
+ /** associated data */
+ u_char *adata;
+ /** length of plain text */
+ size_t len;
+ /** plain text */
+ u_char *plain;
+ /** cipher text */
+ u_char *cipher;
+};
+
struct signer_test_vector_t {
/** signer algorithm this test vector tests */
pseudo_random_function_t alg;
@@ -114,48 +136,67 @@ struct crypto_tester_t {
* Test a crypter algorithm, optionally using a specified key size.
*
* @param alg algorithm to test
- * @param key_size key size to test, 0 for all
+ * @param key_size key size to test, 0 for default
* @param create constructor function for the crypter
+ * @param speed speed test result, NULL to omit
* @return TRUE if test passed
*/
bool (*test_crypter)(crypto_tester_t *this, encryption_algorithm_t alg,
- size_t key_size, crypter_constructor_t create);
+ size_t key_size, crypter_constructor_t create,
+ u_int *speed);
+
+ /**
+ * Test an aead algorithm, optionally using a specified key size.
+ *
+ * @param alg algorithm to test
+ * @param key_size key size to test, 0 for default
+ * @param create constructor function for the aead transform
+ * @param speed speed test result, NULL to omit
+ * @return TRUE if test passed
+ */
+ bool (*test_aead)(crypto_tester_t *this, encryption_algorithm_t alg,
+ size_t key_size, aead_constructor_t create,
+ u_int *speed);
/**
* Test a signer algorithm.
*
* @param alg algorithm to test
* @param create constructor function for the signer
+ * @param speed speed test result, NULL to omit
* @return TRUE if test passed
*/
bool (*test_signer)(crypto_tester_t *this, integrity_algorithm_t alg,
- signer_constructor_t create);
+ signer_constructor_t create, u_int *speed);
/**
* Test a hasher algorithm.
*
* @param alg algorithm to test
* @param create constructor function for the hasher
+ * @param speed speed test result, NULL to omit
* @return TRUE if test passed
*/
bool (*test_hasher)(crypto_tester_t *this, hash_algorithm_t alg,
- hasher_constructor_t create);
+ hasher_constructor_t create, u_int *speed);
/**
* Test a PRF algorithm.
*
* @param alg algorithm to test
* @param create constructor function for the PRF
+ * @param speed speed test result, NULL to omit
* @return TRUE if test passed
*/
bool (*test_prf)(crypto_tester_t *this, pseudo_random_function_t alg,
- prf_constructor_t create);
+ prf_constructor_t create, u_int *speed);
/**
* Test a RNG implementation.
*
* @param alg algorithm to test
* @param create constructor function for the RNG
+ * @param speed speed test result, NULL to omit
* @return TRUE if test passed
*/
bool (*test_rng)(crypto_tester_t *this, rng_quality_t quality,
- rng_constructor_t create);
+ rng_constructor_t create, u_int *speed);
/**
* Add a test vector to test a crypter.
*
@@ -164,6 +205,13 @@ struct crypto_tester_t {
void (*add_crypter_vector)(crypto_tester_t *this,
crypter_test_vector_t *vector);
/**
+ * Add a test vector to test an aead transform.
+ *
+ * @param vector pointer to test vector
+ */
+ void (*add_aead_vector)(crypto_tester_t *this,
+ aead_test_vector_t *vector);
+ /**
* Add a test vector to test a signer.
*
* @param vector pointer to test vector
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 9bd8991fc..5f7365321 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -38,9 +38,10 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_224_BIT, ECP_521_BIT,
"MODP_2048_256",
"ECP_192",
"ECP_224");
-ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_224_BIT,
- "MODP_NULL");
-ENUM_END(diffie_hellman_group_names, MODP_NULL);
+ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_224_BIT,
+ "MODP_NULL",
+ "MODP_CUSTOM");
+ENUM_END(diffie_hellman_group_names, MODP_CUSTOM);
/**
@@ -441,3 +442,20 @@ diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group)
return NULL;
}
+/**
+ * See header.
+ */
+bool diffie_hellman_group_is_ec(diffie_hellman_group_t group)
+{
+ switch (group)
+ {
+ case ECP_256_BIT:
+ case ECP_384_BIT:
+ case ECP_521_BIT:
+ case ECP_192_BIT:
+ case ECP_224_BIT:
+ return TRUE;
+ default:
+ return FALSE;
+ }
+}
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index cdc9c785e..9ae772363 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -57,6 +57,8 @@ enum diffie_hellman_group_t {
ECP_224_BIT = 26,
/** insecure NULL diffie hellman group for testing, in PRIVATE USE */
MODP_NULL = 1024,
+ /** MODP group with custon generator, prime */
+ MODP_CUSTOM = 1025,
};
/**
@@ -145,4 +147,12 @@ struct diffie_hellman_params_t {
*/
diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group);
+/**
+ * Check if a given DH group is an ECDH group
+ *
+ * @param group group to check
+ * @return TUE if group is an ECP group
+ */
+bool diffie_hellman_group_is_ec(diffie_hellman_group_t group);
+
#endif /** DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/crypto/prfs/prf.c b/src/libstrongswan/crypto/prfs/prf.c
index 8681a5b97..12e13ef57 100644
--- a/src/libstrongswan/crypto/prfs/prf.c
+++ b/src/libstrongswan/crypto/prfs/prf.c
@@ -16,12 +16,13 @@
#include "prf.h"
-ENUM_BEGIN(pseudo_random_function_names, PRF_UNDEFINED, PRF_KEYED_SHA1,
+ENUM_BEGIN(pseudo_random_function_names, PRF_UNDEFINED, PRF_CAMELLIA128_XCBC,
"PRF_UNDEFINED",
"PRF_FIPS_SHA1_160",
"PRF_FIPS_DES",
- "PRF_KEYED_SHA1");
-ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_AES128_CMAC, PRF_KEYED_SHA1,
+ "PRF_KEYED_SHA1",
+ "PRF_CAMELLIA128_XCBC");
+ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_AES128_CMAC, PRF_CAMELLIA128_XCBC,
"PRF_HMAC_MD5",
"PRF_HMAC_SHA1",
"PRF_HMAC_TIGER",
diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h
index 6e853444f..ad15205d3 100644
--- a/src/libstrongswan/crypto/prfs/prf.h
+++ b/src/libstrongswan/crypto/prfs/prf.h
@@ -30,8 +30,7 @@ typedef struct prf_t prf_t;
/**
* Pseudo random function, as in IKEv2 RFC 3.3.2.
*
- * PRF algorithms not defined in IKEv2 are allocated in "private use"
- * space.
+ * PRF algorithms not defined in IKEv2 are allocated in "private use" space.
*/
enum pseudo_random_function_t {
PRF_UNDEFINED = 1024,
@@ -55,11 +54,12 @@ enum pseudo_random_function_t {
PRF_FIPS_SHA1_160 = 1025,
/** FIPS 186-2-change1, uses fixed output size of 160bit */
PRF_FIPS_DES = 1026,
- /**
- * Keyed hash algorithm using SHA1, used in EAP-AKA:
+ /** Keyed hash algorithm using SHA1, used in EAP-AKA:
* This PRF uses SHA1, but XORs the key into the IV. No "Final()" operation
* is applied to the SHA1 state. */
PRF_KEYED_SHA1 = 1027,
+ /** draft-kanno-ipsecme-camellia-xcbc, not yet assigned by IANA */
+ PRF_CAMELLIA128_XCBC = 1028,
};
/**
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
index a43dde7ea..10ab9fc23 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.c
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -1,6 +1,6 @@
/* C code produced by gperf version 3.0.3 */
/* Command-line: /usr/bin/gperf -N proposal_get_token -m 10 -C -G -c -t -D */
-/* Computed positions: -k'1,5,7,10,$' */
+/* Computed positions: -k'1,5,7,10,15,$' */
#if !((' ' == 32) && ('!' == 33) && ('"' == 34) && ('#' == 35) \
&& ('%' == 37) && ('&' == 38) && ('\'' == 39) && ('(' == 40) \
@@ -59,12 +59,12 @@ struct proposal_token {
u_int16_t keysize;
};
-#define TOTAL_KEYWORDS 95
+#define TOTAL_KEYWORDS 117
#define MIN_WORD_LENGTH 3
-#define MAX_WORD_LENGTH 12
-#define MIN_HASH_VALUE 5
-#define MAX_HASH_VALUE 137
-/* maximum key range = 133, duplicates = 0 */
+#define MAX_WORD_LENGTH 17
+#define MIN_HASH_VALUE 9
+#define MAX_HASH_VALUE 209
+/* maximum key range = 201, duplicates = 0 */
#ifdef __GNUC__
__inline
@@ -80,38 +80,45 @@ hash (str, len)
{
static const unsigned char asso_values[] =
{
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 3, 11,
- 2, 23, 29, 27, 21, 16, 5, 0, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 17, 138, 1, 0, 1,
- 9, 9, 50, 0, 4, 54, 138, 138, 1, 138,
- 35, 0, 138, 138, 71, 3, 38, 22, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138, 138, 138, 138,
- 138, 138, 138, 138, 138, 138, 138
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 16, 9,
+ 4, 41, 66, 19, 8, 4, 5, 3, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 122, 210, 3, 22, 21,
+ 3, 111, 103, 48, 7, 4, 210, 210, 3, 210,
+ 57, 3, 210, 210, 78, 6, 3, 28, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210, 210, 210, 210,
+ 210, 210, 210, 210, 210, 210, 210
};
register int hval = len;
switch (hval)
{
default:
+ hval += asso_values[(unsigned char)str[14]];
+ /*FALLTHROUGH*/
+ case 14:
+ case 13:
+ case 12:
+ case 11:
+ case 10:
hval += asso_values[(unsigned char)str[9]];
/*FALLTHROUGH*/
case 9:
@@ -135,115 +142,148 @@ hash (str, len)
static const struct proposal_token wordlist[] =
{
+ {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
{"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0},
+ {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
+ {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
+ {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
{"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
{"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
- {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
- {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
+ {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
{"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
- {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
- {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
- {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
+ {"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
+ {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
+ {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
+ {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
+ {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192},
+ {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128},
+ {"camellia192ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
+ {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
+ {"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192},
+ {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128},
+ {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
+ {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
+ {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
+ {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
+ {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
+ {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256},
+ {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+ {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256},
+ {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0},
+ {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
{"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
- {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
{"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
- {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
+ {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
+ {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
{"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
- {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
{"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
- {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
{"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
- {"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
{"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
+ {"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
+ {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
+ {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
+ {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
+ {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
+ {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
+ {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
+ {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
+ {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
+ {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
+ {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
+ {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
+ {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
+ {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
{"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
- {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
{"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
- {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
- {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
- {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
- {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
- {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
+ {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
+ {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
+ {"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
{"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
- {"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
{"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
- {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
+ {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192},
+ {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128},
+ {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192},
+ {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128},
+ {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
{"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
- {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
- {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
+ {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
{"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
- {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
- {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
- {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
+ {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
{"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
- {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
{"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
- {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
- {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
- {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
- {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
- {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
- {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
- {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
- {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
- {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
- {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
- {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
{"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
- {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
- {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
- {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
- {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0},
- {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
- {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
- {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
- {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
+ {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256},
+ {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
+ {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256},
+ {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
+ {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
+ {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192},
+ {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128},
+ {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
{"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
+ {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
{"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
- {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
{"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
- {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
- {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
- {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
- {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
- {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
- {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
- {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
- {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
- {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
- {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
- {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
- {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
{"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
- {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
- {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0},
{"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
{"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
+ {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256},
+ {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
+ {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
+ {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
+ {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
+ {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
{"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
- {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0},
+ {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0},
+ {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
+ {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
{"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
{"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
- {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
{"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0},
+ {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
+ {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
+ {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
{"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
- {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
- {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
- {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
- {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}
+ {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}
};
static const short lookup[] =
{
- -1, -1, -1, -1, -1, 0, 1, -1, 2, -1, 3, -1, 4, 5,
- 6, 7, -1, -1, -1, -1, 8, 9, 10, 11, 12, 13, 14, 15,
- 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, 26, -1, -1,
- 27, 28, 29, 30, 31, 32, 33, -1, 34, 35, 36, 37, 38, 39,
- 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53,
- 54, 55, 56, 57, 58, -1, 59, 60, 61, 62, 63, 64, 65, 66,
- 67, 68, -1, 69, 70, 71, 72, 73, 74, 75, 76, -1, -1, 77,
- 78, 79, 80, 81, -1, -1, 82, 83, -1, -1, 84, 85, -1, 86,
- 87, 88, 89, -1, -1, -1, -1, -1, -1, -1, 90, 91, -1, -1,
- -1, -1, -1, -1, 92, -1, 93, -1, -1, -1, -1, 94
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, 0,
+ 1, -1, -1, -1, -1, -1, 2, -1, -1, -1,
+ -1, 3, 4, -1, -1, -1, -1, -1, 5, 6,
+ 7, 8, -1, -1, -1, 9, 10, 11, 12, 13,
+ 14, 15, 16, 17, 18, 19, 20, 21, 22, -1,
+ -1, -1, -1, 23, 24, 25, 26, 27, 28, 29,
+ 30, -1, 31, -1, 32, 33, 34, 35, 36, 37,
+ 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
+ 48, -1, 49, -1, 50, -1, 51, -1, 52, -1,
+ 53, -1, 54, 55, 56, 57, 58, 59, 60, 61,
+ 62, 63, 64, 65, 66, 67, 68, 69, -1, 70,
+ -1, 71, -1, 72, 73, 74, 75, 76, -1, 77,
+ 78, 79, 80, 81, -1, 82, 83, 84, 85, -1,
+ -1, 86, 87, 88, 89, 90, 91, 92, -1, -1,
+ 93, 94, 95, 96, 97, 98, 99, 100, 101, 102,
+ 103, 104, -1, -1, -1, -1, -1, -1, 105, 106,
+ 107, 108, -1, -1, -1, -1, 109, -1, 110, -1,
+ -1, -1, -1, -1, 111, -1, -1, -1, -1, 112,
+ 113, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, 114, 115, -1, -1, -1, 116
};
#ifdef __GNUC__
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
index 338993821..208c6715b 100644
--- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
@@ -86,6 +86,27 @@ camellia, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128
camellia128, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128
camellia192, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192
camellia256, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256
+camellia128ctr, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128
+camellia192ctr, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192
+camellia256ctr, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256
+camellia128ccm8, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128
+camellia128ccm64, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128
+camellia128ccm12, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128
+camellia128ccm96, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128
+camellia128ccm16, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128
+camellia128ccm128,ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128
+camellia192ccm8, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192
+camellia192ccm64, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192
+camellia192ccm12, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192
+camellia192ccm96, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192
+camellia192ccm16, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192
+camellia192ccm128,ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192
+camellia256ccm8, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256
+camellia256ccm64, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256
+camellia256ccm12, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256
+camellia256ccm96, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256
+camellia256ccm16, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256
+camellia256ccm128,ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256
cast128, ENCRYPTION_ALGORITHM, ENCR_CAST, 128
serpent, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128
serpent128, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128
@@ -107,6 +128,7 @@ sha512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0
sha2_512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0
md5, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0
aesxcbc, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0
+camelliaxcbc, INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0
modpnull, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0
modp768, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0
modp1024, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0
diff --git a/src/libstrongswan/crypto/signers/signer.c b/src/libstrongswan/crypto/signers/signer.c
index e98916bfe..d8659170b 100644
--- a/src/libstrongswan/crypto/signers/signer.c
+++ b/src/libstrongswan/crypto/signers/signer.c
@@ -16,11 +16,14 @@
#include "signer.h"
-ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA2_256_96,
+ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_CAMELLIA_XCBC_96,
"UNDEFINED",
"HMAC_SHA1_128",
- "HMAC_SHA2_256_96");
-ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA2_256_96,
+ "HMAC_SHA2_256_96",
+ "HMAC_SHA2_256_256",
+ "HMAC_SHA2_384_384",
+ "CAMELLIA_XCBC_96");
+ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_CAMELLIA_XCBC_96,
"HMAC_MD5_96",
"HMAC_SHA1_96",
"DES_MAC",
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index 94e8c99b9..e2c224d8b 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -66,6 +66,12 @@ enum integrity_algorithm_t {
AUTH_HMAC_SHA1_128 = 1025,
/** SHA256 96 bit truncation variant, supported by Linux kernels */
AUTH_HMAC_SHA2_256_96 = 1026,
+ /** SHA256 full length tuncation variant, as used in TLS */
+ AUTH_HMAC_SHA2_256_256 = 1027,
+ /** SHA384 full length tuncation variant, as used in TLS */
+ AUTH_HMAC_SHA2_384_384 = 1028,
+ /** draft-kanno-ipsecme-camellia-xcbc, not yet assigned by IANA */
+ AUTH_CAMELLIA_XCBC_96 = 1029,
};
/**
@@ -102,6 +108,10 @@ struct signer_t {
/**
* Verify a signature.
*
+ * To verify a signature of multiple chunks of data, pass the
+ * data to get_signature() with a NULL buffer. verify_signature() acts
+ * as a final call and includes all data fed to get_signature().
+ *
* @param data a chunk containing the data to verify
* @param signature a chunk containing the signature
* @return TRUE, if signature is valid, FALSE otherwise
diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c
index af40f4de6..cec90a616 100644
--- a/src/libstrongswan/crypto/transform.c
+++ b/src/libstrongswan/crypto/transform.c
@@ -15,11 +15,12 @@
#include <crypto/transform.h>
-ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, RANDOM_NUMBER_GENERATOR,
+ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, AEAD_ALGORITHM,
"UNDEFINED_TRANSFORM_TYPE",
"HASH_ALGORITHM",
- "RANDOM_NUMBER_GENERATOR");
-ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, RANDOM_NUMBER_GENERATOR,
+ "RANDOM_NUMBER_GENERATOR",
+ "AEAD_ALGORITHM");
+ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, AEAD_ALGORITHM,
"ENCRYPTION_ALGORITHM",
"PSEUDO_RANDOM_FUNCTION",
"INTEGRITY_ALGORITHM",
diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h
index d11700a73..1a2660199 100644
--- a/src/libstrongswan/crypto/transform.h
+++ b/src/libstrongswan/crypto/transform.h
@@ -32,6 +32,7 @@ enum transform_type_t {
UNDEFINED_TRANSFORM_TYPE = 241,
HASH_ALGORITHM = 242,
RANDOM_NUMBER_GENERATOR = 243,
+ AEAD_ALGORITHM = 244,
ENCRYPTION_ALGORITHM = 1,
PSEUDO_RANDOM_FUNCTION = 2,
INTEGRITY_ALGORITHM = 3,
diff --git a/src/libstrongswan/debug.c b/src/libstrongswan/debug.c
index 21a7e63dd..6ded70248 100644
--- a/src/libstrongswan/debug.c
+++ b/src/libstrongswan/debug.c
@@ -27,6 +27,8 @@ ENUM(debug_names, DBG_DMN, DBG_LIB,
"KNL",
"NET",
"ENC",
+ "TNC",
+ "TLS",
"LIB",
);
@@ -40,6 +42,8 @@ ENUM(debug_lower_names, DBG_DMN, DBG_LIB,
"knl",
"net",
"enc",
+ "tnc",
+ "tls",
"lib",
);
diff --git a/src/libstrongswan/debug.h b/src/libstrongswan/debug.h
index a21111d93..d3399bff6 100644
--- a/src/libstrongswan/debug.h
+++ b/src/libstrongswan/debug.h
@@ -50,6 +50,10 @@ enum debug_t {
DBG_NET,
/** message encoding/decoding */
DBG_ENC,
+ /** trusted network connect */
+ DBG_TNC,
+ /** libtls */
+ DBG_TLS,
/** libstrongswan */
DBG_LIB,
/** number of groups */
diff --git a/src/libstrongswan/eap/eap.c b/src/libstrongswan/eap/eap.c
new file mode 100644
index 000000000..71734017a
--- /dev/null
+++ b/src/libstrongswan/eap/eap.c
@@ -0,0 +1,131 @@
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "eap.h"
+
+ENUM(eap_code_names, EAP_REQUEST, EAP_FAILURE,
+ "EAP_REQUEST",
+ "EAP_RESPONSE",
+ "EAP_SUCCESS",
+ "EAP_FAILURE",
+);
+
+ENUM(eap_code_short_names, EAP_REQUEST, EAP_FAILURE,
+ "REQ",
+ "RES",
+ "SUCC",
+ "FAIL",
+);
+
+ENUM_BEGIN(eap_type_names, EAP_IDENTITY, EAP_GTC,
+ "EAP_IDENTITY",
+ "EAP_NOTIFICATION",
+ "EAP_NAK",
+ "EAP_MD5",
+ "EAP_OTP",
+ "EAP_GTC");
+ENUM_NEXT(eap_type_names, EAP_TLS, EAP_TLS, EAP_GTC,
+ "EAP_TLS");
+ENUM_NEXT(eap_type_names, EAP_SIM, EAP_SIM, EAP_TLS,
+ "EAP_SIM");
+ENUM_NEXT(eap_type_names, EAP_TTLS, EAP_TTLS, EAP_SIM,
+ "EAP_TTLS");
+ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_TTLS,
+ "EAP_AKA");
+ENUM_NEXT(eap_type_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA,
+ "EAP_MSCHAPV2");
+ENUM_NEXT(eap_type_names, EAP_TNC, EAP_TNC, EAP_MSCHAPV2,
+ "EAP_TNC");
+ENUM_NEXT(eap_type_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_TNC,
+ "EAP_RADIUS",
+ "EAP_EXPANDED",
+ "EAP_EXPERIMENTAL");
+ENUM_END(eap_type_names, EAP_EXPERIMENTAL);
+
+ENUM_BEGIN(eap_type_short_names, EAP_IDENTITY, EAP_GTC,
+ "ID",
+ "NTF",
+ "NAK",
+ "MD5",
+ "OTP",
+ "GTC");
+ENUM_NEXT(eap_type_short_names, EAP_TLS, EAP_TLS, EAP_GTC,
+ "TLS");
+ENUM_NEXT(eap_type_short_names, EAP_SIM, EAP_SIM, EAP_TLS,
+ "SIM");
+ENUM_NEXT(eap_type_short_names, EAP_TTLS, EAP_TTLS, EAP_SIM,
+ "TTLS");
+ENUM_NEXT(eap_type_short_names, EAP_AKA, EAP_AKA, EAP_TTLS,
+ "AKA");
+ENUM_NEXT(eap_type_short_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA,
+ "MSCHAPV2");
+ENUM_NEXT(eap_type_short_names, EAP_TNC, EAP_TNC, EAP_MSCHAPV2,
+ "TNC");
+ENUM_NEXT(eap_type_short_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_TNC,
+ "RAD",
+ "EXP",
+ "XP");
+ENUM_END(eap_type_short_names, EAP_EXPERIMENTAL);
+
+ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_SUBJECT_HASH_URL,
+ "RULE_IDENTITY",
+ "RULE_AUTH_CLASS",
+ "RULE_EAP_IDENTITY",
+ "RULE_EAP_TYPE",
+ "RULE_EAP_VENDOR",
+ "RULE_CA_CERT",
+ "RULE_IM_CERT",
+ "RULE_SUBJECT_CERT",
+ "RULE_CRL_VALIDATION",
+ "RULE_OCSP_VALIDATION",
+ "RULE_GROUP",
+ "HELPER_IM_CERT",
+ "HELPER_SUBJECT_CERT",
+ "HELPER_IM_HASH_URL",
+ "HELPER_SUBJECT_HASH_URL",
+);
+
+/*
+ * See header
+ */
+eap_type_t eap_type_from_string(char *name)
+{
+ int i;
+ static struct {
+ char *name;
+ eap_type_t type;
+ } types[] = {
+ {"identity", EAP_IDENTITY},
+ {"md5", EAP_MD5},
+ {"otp", EAP_OTP},
+ {"gtc", EAP_GTC},
+ {"tls", EAP_TLS},
+ {"ttls", EAP_TTLS},
+ {"sim", EAP_SIM},
+ {"aka", EAP_AKA},
+ {"mschapv2", EAP_MSCHAPV2},
+ {"tnc", EAP_TNC},
+ {"radius", EAP_RADIUS},
+ };
+
+ for (i = 0; i < countof(types); i++)
+ {
+ if (strcaseeq(name, types[i].name))
+ {
+ return types[i].type;
+ }
+ }
+ return 0;
+}
diff --git a/src/libstrongswan/eap/eap.h b/src/libstrongswan/eap/eap.h
new file mode 100644
index 000000000..1d55747a4
--- /dev/null
+++ b/src/libstrongswan/eap/eap.h
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup eap eap
+ * @{ @ingroup libstrongswan
+ */
+
+#ifndef EAP_H_
+#define EAP_H_
+
+typedef enum eap_code_t eap_code_t;
+typedef enum eap_type_t eap_type_t;
+
+#include <library.h>
+
+/**
+ * EAP code, type of an EAP message
+ */
+enum eap_code_t {
+ EAP_REQUEST = 1,
+ EAP_RESPONSE = 2,
+ EAP_SUCCESS = 3,
+ EAP_FAILURE = 4,
+};
+
+/**
+ * enum names for eap_code_t.
+ */
+extern enum_name_t *eap_code_names;
+
+/**
+ * short string enum names for eap_code_t.
+ */
+extern enum_name_t *eap_code_short_names;
+
+/**
+ * EAP types, defines the EAP method implementation
+ */
+enum eap_type_t {
+ EAP_IDENTITY = 1,
+ EAP_NOTIFICATION = 2,
+ EAP_NAK = 3,
+ EAP_MD5 = 4,
+ EAP_OTP = 5,
+ EAP_GTC = 6,
+ EAP_TLS = 13,
+ EAP_SIM = 18,
+ EAP_TTLS = 21,
+ EAP_AKA = 23,
+ EAP_MSCHAPV2 = 26,
+ EAP_TNC = 38,
+ /** not a method, but an implementation providing different methods */
+ EAP_RADIUS = 253,
+ EAP_EXPANDED = 254,
+ EAP_EXPERIMENTAL = 255,
+};
+
+/**
+ * enum names for eap_type_t.
+ */
+extern enum_name_t *eap_type_names;
+
+/**
+ * short string enum names for eap_type_t.
+ */
+extern enum_name_t *eap_type_short_names;
+
+/**
+ * Lookup the EAP method type from a string.
+ *
+ * @param name EAP method name (such as "md5", "aka")
+ * @return method type, 0 if unkown
+ */
+eap_type_t eap_type_from_string(char *name);
+
+#endif /** EAP_H_ @}*/
diff --git a/src/libstrongswan/enum.c b/src/libstrongswan/enum.c
index 946a54deb..258a5b410 100644
--- a/src/libstrongswan/enum.c
+++ b/src/libstrongswan/enum.c
@@ -16,12 +16,14 @@
#include <stddef.h>
#include <stdio.h>
+#include <library.h>
+
#include "enum.h"
/**
- * get the name of an enum value in a enum_name_t list
+ * See header.
*/
-static char *enum_name(enum_name_t *e, int val)
+char *enum_to_name(enum_name_t *e, int val)
{
do
{
@@ -35,6 +37,27 @@ static char *enum_name(enum_name_t *e, int val)
}
/**
+ * See header.
+ */
+int enum_from_name(enum_name_t *e, char *name)
+{
+ do
+ {
+ int i, count = e->last - e->first;
+
+ for (i = 0; i < count; i++)
+ {
+ if (strcaseeq(name, e->names[i]))
+ {
+ return e->first + i;
+ }
+ }
+ }
+ while ((e = e->next));
+ return -1;
+}
+
+/**
* Described in header.
*/
int enum_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
@@ -43,7 +66,7 @@ int enum_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
enum_name_t *ed = *((enum_name_t**)(args[0]));
int val = *((int*)(args[1]));
- char *name = enum_name(ed, val);
+ char *name = enum_to_name(ed, val);
if (name == NULL)
{
diff --git a/src/libstrongswan/enum.h b/src/libstrongswan/enum.h
index 691f9f2bc..d5f169772 100644
--- a/src/libstrongswan/enum.h
+++ b/src/libstrongswan/enum.h
@@ -107,6 +107,24 @@ struct enum_name_t {
#define ENUM(name, first, last, ...) ENUM_BEGIN(name, first, last, __VA_ARGS__); ENUM_END(name, last)
/**
+ * Convert a enum value to its string representation.
+ *
+ * @param e enum names for this enum value
+ * @param val enum value to get string for
+ * @return string for enum, NULL if not found
+ */
+char *enum_to_name(enum_name_t *e, int val);
+
+/**
+ * Convert a enum string back to its enum value.
+ *
+ * @param e enum names for this enum value
+ * @param name name to get enum value for
+ * @return enum value, -1 if not found
+ */
+int enum_from_name(enum_name_t *e, char *name);
+
+/**
* printf hook function for enum_names_t.
*
* Arguments are:
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index b61bdf7a0..b7e75aec5 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -65,6 +65,8 @@ void library_deinit()
detailed = lib->settings->get_bool(lib->settings,
"libstrongswan.leak_detective.detailed", TRUE);
+ this->public.scheduler->destroy(this->public.scheduler);
+ this->public.processor->destroy(this->public.processor);
this->public.plugins->destroy(this->public.plugins);
this->public.settings->destroy(this->public.settings);
this->public.credmgr->destroy(this->public.credmgr);
@@ -141,6 +143,8 @@ bool library_init(char *settings)
this->public.encoding = cred_encoding_create();
this->public.fetcher = fetcher_manager_create();
this->public.db = database_factory_create();
+ this->public.processor = processor_create();
+ this->public.scheduler = scheduler_create();
this->public.plugins = plugin_loader_create();
this->public.integrity = NULL;
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index cd5dfb479..034ff10c5 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -43,6 +43,12 @@
* @defgroup plugins plugins
* @ingroup libstrongswan
*
+ * @defgroup processing processing
+ * @ingroup libstrongswan
+ *
+ * @defgroup jobs jobs
+ * @ingroup processing
+ *
* @defgroup threading threading
* @ingroup libstrongswan
*
@@ -64,6 +70,8 @@
#include "settings.h"
#include "integrity_checker.h"
#include "plugins/plugin_loader.h"
+#include "processing/processor.h"
+#include "processing/scheduler.h"
#include "crypto/crypto_factory.h"
#include "fetcher/fetcher_manager.h"
#include "database/database_factory.h"
@@ -119,6 +127,16 @@ struct library_t {
plugin_loader_t *plugins;
/**
+ * process jobs using a thread pool
+ */
+ processor_t *processor;
+
+ /**
+ * schedule jobs
+ */
+ scheduler_t *scheduler;
+
+ /**
* various settings loaded from settings file
*/
settings_t *settings;
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index 9859b75cf..99a520852 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -195,14 +198,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -242,7 +255,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c
index 10d48cf67..f13e33492 100644
--- a/src/libstrongswan/plugins/aes/aes_crypter.c
+++ b/src/libstrongswan/plugins/aes/aes_crypter.c
@@ -1331,11 +1331,8 @@ static void decrypt_block(const private_aes_crypter_t *this, const unsigned char
state_out(out_blk, b0);
}
-/**
- * Implementation of crypter_t.decrypt.
- */
-static void decrypt(private_aes_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *decrypted)
+METHOD(crypter_t, decrypt, void,
+ private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
int pos;
const u_int32_t *iv_i;
@@ -1376,12 +1373,8 @@ static void decrypt(private_aes_crypter_t *this, chunk_t data, chunk_t iv,
}
}
-
-/**
- * Implementation of crypter_t.decrypt.
- */
-static void encrypt (private_aes_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *encrypted)
+METHOD(crypter_t, encrypt, void,
+ private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
int pos;
const u_int32_t *iv_i;
@@ -1417,26 +1410,26 @@ static void encrypt (private_aes_crypter_t *this, chunk_t data, chunk_t iv,
}
}
-/**
- * Implementation of crypter_t.get_block_size.
- */
-static size_t get_block_size (private_aes_crypter_t *this)
+METHOD(crypter_t, get_block_size, size_t,
+ private_aes_crypter_t *this)
{
return AES_BLOCK_SIZE;
}
-/**
- * Implementation of crypter_t.get_key_size.
- */
-static size_t get_key_size (private_aes_crypter_t *this)
+METHOD(crypter_t, get_iv_size, size_t,
+ private_aes_crypter_t *this)
+{
+ return AES_BLOCK_SIZE;
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_aes_crypter_t *this)
{
return this->key_size;
}
-/**
- * Implementation of crypter_t.set_key.
- */
-static void set_key (private_aes_crypter_t *this, chunk_t key)
+METHOD(crypter_t, set_key, void,
+ private_aes_crypter_t *this, chunk_t key)
{
u_int32_t *kf, *kt, rci, f = 0;
u_int8_t *in_key = key.ptr;
@@ -1498,8 +1491,8 @@ static void set_key (private_aes_crypter_t *this, chunk_t key)
}
if(!f)
- {
- u_int32_t i;
+ {
+ u_int32_t i;
kt = this->aes_d_key + nc * this->aes_Nrnd;
kf = this->aes_e_key;
@@ -1517,15 +1510,13 @@ static void set_key (private_aes_crypter_t *this, chunk_t key)
cpy(kt, kf);
#endif
kt -= 2 * nc;
- }
+ }
cpy(kt, kf);
- }
+ }
}
-/**
- * Implementation of crypter_t.destroy and aes_crypter_t.destroy.
- */
-static void destroy (private_aes_crypter_t *this)
+METHOD(crypter_t, destroy, void,
+ private_aes_crypter_t *this)
{
free(this);
}
@@ -1541,36 +1532,38 @@ aes_crypter_t *aes_crypter_create(encryption_algorithm_t algo, size_t key_size)
{
return NULL;
}
-
- this = malloc_thing(private_aes_crypter_t);
+ switch (key_size)
+ {
+ case 0:
+ key_size = 16;
+ break;
+ case 32:
+ case 24:
+ case 16:
+ break;
+ default:
+ return NULL;
+ }
#if !defined(FIXED_TABLES)
if(!tab_gen) { gen_tabs(); tab_gen = 1; }
#endif
- this->key_size = key_size;
- switch(key_size)
- {
- case 32: /* bytes */
- this->aes_Nkey = 8;
- break;
- case 24: /* bytes */
- this->aes_Nkey = 6;
- break;
- case 16: /* bytes */
- this->aes_Nkey = 4;
- break;
- default:
- free(this);
- return NULL;
- }
-
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
- this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
- this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
- this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
-
- return &(this->public);
+ INIT(this,
+ .public = {
+ .crypter = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .key_size = key_size,
+ .aes_Nkey = key_size / 4,
+ );
+
+ return &this->public;
}
diff --git a/src/libstrongswan/plugins/aes/aes_crypter.h b/src/libstrongswan/plugins/aes/aes_crypter.h
index 061d72fd6..473772f04 100644
--- a/src/libstrongswan/plugins/aes/aes_crypter.h
+++ b/src/libstrongswan/plugins/aes/aes_crypter.h
@@ -32,9 +32,9 @@ typedef struct aes_crypter_t aes_crypter_t;
struct aes_crypter_t {
/**
- * The crypter_t interface.
+ * Implements crypter_t interface.
*/
- crypter_t crypter_interface;
+ crypter_t crypter;
};
/**
diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c
index 1e920f8cc..22b47e334 100644
--- a/src/libstrongswan/plugins/aes/aes_plugin.c
+++ b/src/libstrongswan/plugins/aes/aes_plugin.c
@@ -31,10 +31,8 @@ struct private_aes_plugin_t {
aes_plugin_t public;
};
-/**
- * Implementation of aes_plugin_t.destroy
- */
-static void destroy(private_aes_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_aes_plugin_t *this)
{
lib->crypto->remove_crypter(lib->crypto,
(crypter_constructor_t)aes_crypter_create);
@@ -46,9 +44,15 @@ static void destroy(private_aes_plugin_t *this)
*/
plugin_t *aes_plugin_create()
{
- private_aes_plugin_t *this = malloc_thing(private_aes_plugin_t);
-
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ private_aes_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
(crypter_constructor_t)aes_crypter_create);
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index c95e7b778..9f65f4ffb 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -197,14 +200,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -244,7 +257,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c
index d40b437bb..bd3c1ac75 100644
--- a/src/libstrongswan/plugins/agent/agent_plugin.c
+++ b/src/libstrongswan/plugins/agent/agent_plugin.c
@@ -31,10 +31,8 @@ struct private_agent_plugin_t {
agent_plugin_t public;
};
-/**
- * Implementation of agent_plugin_t.agenttroy
- */
-static void destroy(private_agent_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_agent_plugin_t *this)
{
lib->creds->remove_builder(lib->creds,
(builder_function_t)agent_private_key_open);
@@ -46,11 +44,17 @@ static void destroy(private_agent_plugin_t *this)
*/
plugin_t *agent_plugin_create()
{
- private_agent_plugin_t *this = malloc_thing(private_agent_plugin_t);
+ private_agent_plugin_t *this;
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
(builder_function_t)agent_private_key_open);
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c
index 51ddbecc6..0864f4118 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.c
+++ b/src/libstrongswan/plugins/agent/agent_private_key.c
@@ -205,7 +205,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey)
{
break;;
}
- if (pubkey && !private_key_belongs_to(&this->public.interface, pubkey))
+ if (pubkey && !private_key_belongs_to(&this->public.key, pubkey))
{
continue;
}
@@ -221,11 +221,9 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey)
return FALSE;
}
-/**
- * Implementation of agent_private_key.destroy.
- */
-static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+METHOD(private_key_t, sign, bool,
+ private_agent_private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *signature)
{
u_int32_t len, flags;
char buf[2048];
@@ -294,36 +292,28 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
return TRUE;
}
-/**
- * Implementation of agent_private_key.destroy.
- */
-static key_type_t get_type(private_agent_private_key_t *this)
+METHOD(private_key_t, get_type, key_type_t,
+ private_agent_private_key_t *this)
{
return KEY_RSA;
}
-/**
- * Implementation of agent_private_key.destroy.
- */
-static bool decrypt(private_agent_private_key_t *this,
- chunk_t crypto, chunk_t *plain)
+METHOD(private_key_t, decrypt, bool,
+ private_agent_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "private key decryption not supported by ssh-agent");
return FALSE;
}
-/**
- * Implementation of agent_private_key.destroy.
- */
-static size_t get_keysize(private_agent_private_key_t *this)
+METHOD(private_key_t, get_keysize, int,
+ private_agent_private_key_t *this)
{
- return this->key_size;
+ return this->key_size * 8;
}
-/**
- * Implementation of agent_private_key.get_public_key.
- */
-static public_key_t* get_public_key(private_agent_private_key_t *this)
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_agent_private_key_t *this)
{
chunk_t key, n, e;
@@ -336,20 +326,15 @@ static public_key_t* get_public_key(private_agent_private_key_t *this)
BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END);
}
-/**
- * Implementation of private_key_t.get_encoding
- */
-static bool get_encoding(private_agent_private_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(private_key_t, get_encoding, bool,
+ private_agent_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
return FALSE;
}
-/**
- * Implementation of private_key_t.get_fingerprint
- */
-static bool get_fingerprint(private_agent_private_key_t *this,
- cred_encoding_type_t type, chunk_t *fp)
+METHOD(private_key_t, get_fingerprint, bool,
+ private_agent_private_key_t *this, cred_encoding_type_t type, chunk_t *fp)
{
chunk_t n, e, key;
@@ -366,19 +351,15 @@ static bool get_fingerprint(private_agent_private_key_t *this,
CRED_PART_RSA_MODULUS, n, CRED_PART_RSA_PUB_EXP, e, CRED_PART_END);
}
-/**
- * Implementation of agent_private_key.get_ref.
- */
-static private_agent_private_key_t* get_ref(private_agent_private_key_t *this)
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_agent_private_key_t *this)
{
ref_get(&this->ref);
- return this;
+ return &this->public.key;
}
-/**
- * Implementation of agent_private_key.destroy.
- */
-static void destroy(private_agent_private_key_t *this)
+METHOD(private_key_t, destroy, void,
+ private_agent_private_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -420,20 +401,25 @@ agent_private_key_t *agent_private_key_open(key_type_t type, va_list args)
return FALSE;
}
- this = malloc_thing(private_agent_private_key_t);
-
- this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
- this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
- this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
- this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
- this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
- this->public.interface.belongs_to = private_key_belongs_to;
- this->public.interface.equals = private_key_equals;
- this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .belongs_to = private_key_belongs_to,
+ .equals = private_key_equals,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
this->socket = open_connection(path);
if (this->socket < 0)
@@ -441,9 +427,6 @@ agent_private_key_t *agent_private_key_open(key_type_t type, va_list args)
free(this);
return NULL;
}
- this->key = chunk_empty;
- this->ref = 1;
-
if (!read_key(this, pubkey))
{
destroy(this);
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.h b/src/libstrongswan/plugins/agent/agent_private_key.h
index 3d9500c1a..0623f2bb9 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.h
+++ b/src/libstrongswan/plugins/agent/agent_private_key.h
@@ -34,7 +34,7 @@ struct agent_private_key_t {
/**
* Implements private_key_t interface
*/
- private_key_t interface;
+ private_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index 6a82ce94a..d310843ac 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -168,6 +169,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -199,14 +202,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -221,24 +227,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -246,7 +259,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
index fb856ed37..784c07eaf 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
@@ -68,8 +68,6 @@ typedef struct private_blowfish_crypter_t private_blowfish_crypter_t;
/**
* Class implementing the Blowfish symmetric encryption algorithm.
- *
- * @ingroup crypters
*/
struct private_blowfish_crypter_t {
@@ -89,11 +87,9 @@ struct private_blowfish_crypter_t {
u_int32_t key_size;
};
-/**
- * Implementation of crypter_t.decrypt.
- */
-static void decrypt(private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *decrypted)
+METHOD(crypter_t, decrypt, void,
+ private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
+ chunk_t *decrypted)
{
u_int8_t *in, *out;
@@ -114,11 +110,9 @@ static void decrypt(private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
free(iv.ptr);
}
-/**
- * Implementation of crypter_t.decrypt.
- */
-static void encrypt (private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *encrypted)
+METHOD(crypter_t, encrypt, void,
+ private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
+ chunk_t *encrypted)
{
u_int8_t *in, *out;
@@ -139,34 +133,32 @@ static void encrypt (private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
free(iv.ptr);
}
-/**
- * Implementation of crypter_t.get_block_size.
- */
-static size_t get_block_size (private_blowfish_crypter_t *this)
+METHOD(crypter_t, get_block_size, size_t,
+ private_blowfish_crypter_t *this)
{
return BLOWFISH_BLOCK_SIZE;
}
-/**
- * Implementation of crypter_t.get_key_size.
- */
-static size_t get_key_size (private_blowfish_crypter_t *this)
+METHOD(crypter_t, get_iv_size, size_t,
+ private_blowfish_crypter_t *this)
+{
+ return BLOWFISH_BLOCK_SIZE;
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_blowfish_crypter_t *this)
{
return this->key_size;
}
-/**
- * Implementation of crypter_t.set_key.
- */
-static void set_key (private_blowfish_crypter_t *this, chunk_t key)
+METHOD(crypter_t, set_key, void,
+ private_blowfish_crypter_t *this, chunk_t key)
{
BF_set_key(&this->schedule, key.len , key.ptr);
}
-/**
- * Implementation of crypter_t.destroy and blowfish_crypter_t.destroy.
- */
-static void destroy (private_blowfish_crypter_t *this)
+METHOD(crypter_t, destroy, void,
+ private_blowfish_crypter_t *this)
{
free(this);
}
@@ -174,7 +166,8 @@ static void destroy (private_blowfish_crypter_t *this)
/*
* Described in header
*/
-blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t key_size)
+blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo,
+ size_t key_size)
{
private_blowfish_crypter_t *this;
@@ -183,15 +176,20 @@ blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t
return NULL;
}
- this = malloc_thing(private_blowfish_crypter_t);
-
- this->key_size = key_size;
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
- this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
- this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
- this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
-
- return &(this->public);
+ INIT(this,
+ .public = {
+ .crypter = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .key_size = key_size ?: 16,
+ );
+
+ return &this->public;
}
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h
index 71cc09cd0..70dcae66e 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h
@@ -32,9 +32,9 @@ typedef struct blowfish_crypter_t blowfish_crypter_t;
struct blowfish_crypter_t {
/**
- * The crypter_t interface.
+ * Implements crypter_t interface.
*/
- crypter_t crypter_interface;
+ crypter_t crypter;
};
/**
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
index f9fb605b3..6ab093d7b 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
@@ -32,10 +32,8 @@ struct private_blowfish_plugin_t {
blowfish_plugin_t public;
};
-/**
- * Implementation of blowfish_plugin_t.destroy
- */
-static void destroy(private_blowfish_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_blowfish_plugin_t *this)
{
lib->crypto->remove_crypter(lib->crypto,
(crypter_constructor_t)blowfish_crypter_create);
@@ -47,9 +45,15 @@ static void destroy(private_blowfish_plugin_t *this)
*/
plugin_t *blowfish_plugin_create()
{
- private_blowfish_plugin_t *this = malloc_thing(private_blowfish_plugin_t);
-
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ private_blowfish_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH,
(crypter_constructor_t)blowfish_crypter_create);
diff --git a/src/libstrongswan/plugins/ccm/Makefile.am b/src/libstrongswan/plugins/ccm/Makefile.am
new file mode 100644
index 000000000..bca1f0735
--- /dev/null
+++ b/src/libstrongswan/plugins/ccm/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-ccm.la
+else
+plugin_LTLIBRARIES = libstrongswan-ccm.la
+endif
+
+libstrongswan_ccm_la_SOURCES = \
+ ccm_plugin.h ccm_plugin.c \
+ ccm_aead.h ccm_aead.c
+
+libstrongswan_ccm_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
new file mode 100644
index 000000000..017d75c48
--- /dev/null
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -0,0 +1,600 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/ccm
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_ccm_la_LIBADD =
+am_libstrongswan_ccm_la_OBJECTS = ccm_plugin.lo ccm_aead.lo
+libstrongswan_ccm_la_OBJECTS = $(am_libstrongswan_ccm_la_OBJECTS)
+libstrongswan_ccm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_ccm_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_ccm_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_ccm_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_ccm_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_ccm_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ccm.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ccm.la
+libstrongswan_ccm_la_SOURCES = \
+ ccm_plugin.h ccm_plugin.c \
+ ccm_aead.h ccm_aead.c
+
+libstrongswan_ccm_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ccm/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/ccm/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-ccm.la: $(libstrongswan_ccm_la_OBJECTS) $(libstrongswan_ccm_la_DEPENDENCIES)
+ $(libstrongswan_ccm_la_LINK) $(am_libstrongswan_ccm_la_rpath) $(libstrongswan_ccm_la_OBJECTS) $(libstrongswan_ccm_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ccm_aead.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ccm_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.c b/src/libstrongswan/plugins/ccm/ccm_aead.c
new file mode 100644
index 000000000..7fee2b3c4
--- /dev/null
+++ b/src/libstrongswan/plugins/ccm/ccm_aead.c
@@ -0,0 +1,397 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ccm_aead.h"
+
+#define BLOCK_SIZE 16
+#define SALT_SIZE 3
+#define IV_SIZE 8
+#define NONCE_SIZE (SALT_SIZE + IV_SIZE) /* 11 */
+#define Q_SIZE (BLOCK_SIZE - NONCE_SIZE - 1) /* 4 */
+
+typedef struct private_ccm_aead_t private_ccm_aead_t;
+
+/**
+ * Private data of an ccm_aead_t object.
+ */
+struct private_ccm_aead_t {
+
+ /**
+ * Public ccm_aead_t interface.
+ */
+ ccm_aead_t public;
+
+ /**
+ * Underlying CBC crypter.
+ */
+ crypter_t *crypter;
+
+ /**
+ * Length of the integrity check value
+ */
+ size_t icv_size;
+
+ /**
+ * salt to add to nonce
+ */
+ u_char salt[SALT_SIZE];
+};
+
+/**
+ * First block with control information
+ */
+typedef struct __attribute__((packed)) {
+ BITFIELD4(u_int8_t,
+ /* size of p length field q, as q-1 */
+ q_len: 3,
+ /* size of our ICV t, as (t-2)/2 */
+ t_len: 3,
+ /* do we have associated data */
+ assoc: 1,
+ reserved: 1,
+ ) flags;
+ /* nonce value */
+ struct __attribute__((packed)) {
+ u_char salt[SALT_SIZE];
+ u_char iv[IV_SIZE];
+ } nonce;
+ /* lenght of plain text, q */
+ u_char q[Q_SIZE];
+} b0_t;
+
+/**
+ * Counter block
+ */
+typedef struct __attribute__((packed)) {
+ BITFIELD3(u_int8_t,
+ /* size of p length field q, as q-1 */
+ q_len: 3,
+ zero: 3,
+ reserved: 2,
+ ) flags;
+ /* nonce value */
+ struct __attribute__((packed)) {
+ u_char salt[SALT_SIZE];
+ u_char iv[IV_SIZE];
+ } nonce;
+ /* counter value */
+ u_char i[Q_SIZE];
+} ctr_t;
+
+/**
+ * Build the first block B0
+ */
+static void build_b0(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc,
+ chunk_t iv, char *out)
+{
+ b0_t *block = (b0_t*)out;
+
+ block->flags.reserved = 0;
+ block->flags.assoc = assoc.len ? 1 : 0;
+ block->flags.t_len = (this->icv_size - 2) / 2;
+ block->flags.q_len = Q_SIZE - 1;
+ memcpy(block->nonce.salt, this->salt, SALT_SIZE);
+ memcpy(block->nonce.iv, iv.ptr, IV_SIZE);
+ htoun32(block->q, plain.len);
+}
+
+/**
+ * Build a counter block for counter i
+ */
+static void build_ctr(private_ccm_aead_t *this, u_int32_t i, chunk_t iv,
+ char *out)
+{
+ ctr_t *ctr = (ctr_t*)out;
+
+ ctr->flags.reserved = 0;
+ ctr->flags.zero = 0;
+ ctr->flags.q_len = Q_SIZE - 1;
+ memcpy(ctr->nonce.salt, this->salt, SALT_SIZE);
+ memcpy(ctr->nonce.iv, iv.ptr, IV_SIZE);
+ htoun32(ctr->i, i);
+}
+
+/**
+ * En-/Decrypt data
+ */
+static void crypt_data(private_ccm_aead_t *this, chunk_t iv,
+ chunk_t in, chunk_t out)
+{
+ char ctr[BLOCK_SIZE];
+ char zero[BLOCK_SIZE];
+ char block[BLOCK_SIZE];
+
+ build_ctr(this, 1, iv, ctr);
+ memset(zero, 0, BLOCK_SIZE);
+
+ while (in.len > 0)
+ {
+ memcpy(block, ctr, BLOCK_SIZE);
+ this->crypter->encrypt(this->crypter, chunk_from_thing(block),
+ chunk_from_thing(zero), NULL);
+ chunk_increment(chunk_from_thing(ctr));
+
+ if (in.ptr != out.ptr)
+ {
+ memcpy(out.ptr, in.ptr, min(in.len, BLOCK_SIZE));
+ }
+ memxor(out.ptr, block, min(in.len, BLOCK_SIZE));
+ in = chunk_skip(in, BLOCK_SIZE);
+ out = chunk_skip(out, BLOCK_SIZE);
+ }
+}
+
+/**
+ * En-/Decrypt the ICV
+ */
+static void crypt_icv(private_ccm_aead_t *this, chunk_t iv, char *icv)
+{
+ char ctr[BLOCK_SIZE];
+ char zero[BLOCK_SIZE];
+
+ build_ctr(this, 0, iv, ctr);
+ memset(zero, 0, BLOCK_SIZE);
+
+ this->crypter->encrypt(this->crypter, chunk_from_thing(ctr),
+ chunk_from_thing(zero), NULL);
+ memxor(icv, ctr, this->icv_size);
+}
+
+/**
+ * Create the ICV
+ */
+static void create_icv(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc,
+ chunk_t iv, char *icv)
+{
+ char zero[BLOCK_SIZE];
+ chunk_t chunk;
+ char *pos;
+ int r, len;
+
+ memset(zero, 0, BLOCK_SIZE);
+
+ /* calculate number of blocks, including b0 */
+ r = 1;
+ if (assoc.len)
+ { /* assoc gets a 2 byte length header, gets padded to BLOCK_SIZE */
+ r += (2 + assoc.len + BLOCK_SIZE - 1) / BLOCK_SIZE;
+ }
+ /* plain text gets padded to BLOCK_SIZE */
+ r += (plain.len + BLOCK_SIZE - 1) / BLOCK_SIZE;
+
+ /* concatenate data to a new chunk */
+ chunk = chunk_alloc(r * BLOCK_SIZE);
+ /* write control block */
+ build_b0(this, plain, assoc, iv, chunk.ptr);
+ pos = chunk.ptr + BLOCK_SIZE;
+ /* append associated data, with length header */
+ if (assoc.len)
+ {
+ /* currently we support two byte headers only (up to 2^16-2^8 bytes) */
+ htoun16(pos, assoc.len);
+ memcpy(pos + 2, assoc.ptr, assoc.len);
+ pos += 2 + assoc.len;
+ /* padding */
+ len = (BLOCK_SIZE - ((2 + assoc.len) % BLOCK_SIZE)) % BLOCK_SIZE;
+ memset(pos, 0, len);
+ pos += len;
+ }
+ /* write plain data */
+ memcpy(pos, plain.ptr, plain.len);
+ pos += plain.len;
+ /* padding */
+ len = (BLOCK_SIZE - (plain.len % BLOCK_SIZE)) % BLOCK_SIZE;
+
+ memset(pos, 0, len);
+
+ /* encrypt inline with CBC, zero IV */
+ this->crypter->encrypt(this->crypter, chunk, chunk_from_thing(zero), NULL);
+ /* copy last icv_size bytes as ICV to output */
+ memcpy(icv, chunk.ptr + chunk.len - BLOCK_SIZE, this->icv_size);
+
+ /* encrypt the ICV value */
+ crypt_icv(this, iv, icv);
+
+ free(chunk.ptr);
+}
+
+/**
+ * Verify the ICV
+ */
+static bool verify_icv(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc,
+ chunk_t iv, char *icv)
+{
+ char buf[this->icv_size];
+
+ create_icv(this, plain, assoc, iv, buf);
+
+ return memeq(buf, icv, this->icv_size);
+}
+
+METHOD(aead_t, encrypt, void,
+ private_ccm_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv,
+ chunk_t *encrypted)
+{
+ if (encrypted)
+ {
+ *encrypted = chunk_alloc(plain.len + this->icv_size);
+ create_icv(this, plain, assoc, iv, encrypted->ptr + plain.len);
+ crypt_data(this, iv, plain, *encrypted);
+ }
+ else
+ {
+ create_icv(this, plain, assoc, iv, plain.ptr + plain.len);
+ crypt_data(this, iv, plain, plain);
+ }
+}
+
+METHOD(aead_t, decrypt, bool,
+ private_ccm_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv,
+ chunk_t *plain)
+{
+ if (encrypted.len < this->icv_size)
+ {
+ return FALSE;
+ }
+ encrypted.len -= this->icv_size;
+ if (plain)
+ {
+ *plain = chunk_alloc(encrypted.len);
+ crypt_data(this, iv, encrypted, *plain);
+ return verify_icv(this, *plain, assoc, iv,
+ encrypted.ptr + encrypted.len);
+ }
+ else
+ {
+ crypt_data(this, iv, encrypted, encrypted);
+ return verify_icv(this, encrypted, assoc, iv,
+ encrypted.ptr + encrypted.len);
+ }
+}
+
+METHOD(aead_t, get_block_size, size_t,
+ private_ccm_aead_t *this)
+{
+ return 1;
+}
+
+METHOD(aead_t, get_icv_size, size_t,
+ private_ccm_aead_t *this)
+{
+ return this->icv_size;
+}
+
+METHOD(aead_t, get_iv_size, size_t,
+ private_ccm_aead_t *this)
+{
+ return IV_SIZE;
+}
+
+METHOD(aead_t, get_key_size, size_t,
+ private_ccm_aead_t *this)
+{
+ return this->crypter->get_key_size(this->crypter) + SALT_SIZE;
+}
+
+METHOD(aead_t, set_key, void,
+ private_ccm_aead_t *this, chunk_t key)
+{
+ memcpy(this->salt, key.ptr + key.len - SALT_SIZE, SALT_SIZE);
+ key.len -= SALT_SIZE;
+ this->crypter->set_key(this->crypter, key);
+}
+
+METHOD(aead_t, destroy, void,
+ private_ccm_aead_t *this)
+{
+ this->crypter->destroy(this->crypter);
+ free(this);
+}
+
+/**
+ * See header
+ */
+ccm_aead_t *ccm_aead_create(encryption_algorithm_t algo, size_t key_size)
+{
+ private_ccm_aead_t *this;
+ size_t icv_size;
+
+ switch (key_size)
+ {
+ case 0:
+ key_size = 16;
+ break;
+ case 16:
+ case 24:
+ case 32:
+ break;
+ default:
+ return NULL;
+ }
+ switch (algo)
+ {
+ case ENCR_AES_CCM_ICV8:
+ algo = ENCR_AES_CBC;
+ icv_size = 8;
+ break;
+ case ENCR_AES_CCM_ICV12:
+ algo = ENCR_AES_CBC;
+ icv_size = 12;
+ break;
+ case ENCR_AES_CCM_ICV16:
+ algo = ENCR_AES_CBC;
+ icv_size = 16;
+ break;
+ case ENCR_CAMELLIA_CCM_ICV8:
+ algo = ENCR_CAMELLIA_CBC;
+ icv_size = 8;
+ break;
+ case ENCR_CAMELLIA_CCM_ICV12:
+ algo = ENCR_CAMELLIA_CBC;
+ icv_size = 12;
+ break;
+ case ENCR_CAMELLIA_CCM_ICV16:
+ algo = ENCR_CAMELLIA_CBC;
+ icv_size = 16;
+ break;
+ default:
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .aead = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_icv_size = _get_icv_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size),
+ .icv_size = icv_size,
+ );
+
+ if (!this->crypter)
+ {
+ free(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.h b/src/libstrongswan/plugins/ccm/ccm_aead.h
new file mode 100644
index 000000000..d5e302f94
--- /dev/null
+++ b/src/libstrongswan/plugins/ccm/ccm_aead.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ccm_aead ccm_aead
+ * @{ @ingroup ccm
+ */
+
+#ifndef CCM_AEAD_H_
+#define CCM_AEAD_H_
+
+#include <crypto/aead.h>
+
+typedef struct ccm_aead_t ccm_aead_t;
+
+/**
+ * Counter with Cipher Block Chaining-Message Authentication Code (CCM).
+ *
+ * Implements CCM as specified in NIST 800-38B, using AEAD semantics from
+ * RFC 5282, based on RFC4309.
+ */
+struct ccm_aead_t {
+
+ /**
+ * Implements aead_t interface.
+ */
+ aead_t aead;
+};
+
+/**
+ * Create a ccm_aead instance.
+ *
+ * @param key_size key size in bytes
+ * @param algo algorithm to implement, a CCM mode
+ * @return aead, NULL if not supported
+ */
+ccm_aead_t *ccm_aead_create(encryption_algorithm_t algo, size_t key_size);
+
+#endif /** CCM_AEAD_H_ @}*/
diff --git a/src/libstrongswan/plugins/ccm/ccm_plugin.c b/src/libstrongswan/plugins/ccm/ccm_plugin.c
new file mode 100644
index 000000000..5fc3b14d7
--- /dev/null
+++ b/src/libstrongswan/plugins/ccm/ccm_plugin.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ccm_plugin.h"
+
+#include <library.h>
+
+#include "ccm_aead.h"
+
+typedef struct private_ccm_plugin_t private_ccm_plugin_t;
+
+/**
+ * private data of ccm_plugin
+ */
+struct private_ccm_plugin_t {
+
+ /**
+ * public functions
+ */
+ ccm_plugin_t public;
+};
+
+METHOD(plugin_t, destroy, void,
+ private_ccm_plugin_t *this)
+{
+ lib->crypto->remove_aead(lib->crypto,
+ (aead_constructor_t)ccm_aead_create);
+
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *ccm_plugin_create()
+{
+ private_ccm_plugin_t *this;
+
+ INIT(this,
+ .public.plugin.destroy = _destroy,
+ );
+
+ lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV8,
+ (aead_constructor_t)ccm_aead_create);
+ lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV12,
+ (aead_constructor_t)ccm_aead_create);
+ lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV16,
+ (aead_constructor_t)ccm_aead_create);
+ lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV8,
+ (aead_constructor_t)ccm_aead_create);
+ lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV12,
+ (aead_constructor_t)ccm_aead_create);
+ lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16,
+ (aead_constructor_t)ccm_aead_create);
+
+ return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/ccm/ccm_plugin.h b/src/libstrongswan/plugins/ccm/ccm_plugin.h
new file mode 100644
index 000000000..9a3252012
--- /dev/null
+++ b/src/libstrongswan/plugins/ccm/ccm_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ccm ccm
+ * @ingroup plugins
+ *
+ * @defgroup ccm_plugin ccm_plugin
+ * @{ @ingroup ccm
+ */
+
+#ifndef CCM_PLUGIN_H_
+#define CCM_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct ccm_plugin_t ccm_plugin_t;
+
+/**
+ * Plugin providing CCM mode operation.
+ */
+struct ccm_plugin_t {
+
+ /**
+ * Implements plugin interface.
+ */
+ plugin_t plugin;
+};
+
+#endif /** CCM_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/ctr/Makefile.am b/src/libstrongswan/plugins/ctr/Makefile.am
new file mode 100644
index 000000000..893171aab
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-ctr.la
+else
+plugin_LTLIBRARIES = libstrongswan-ctr.la
+endif
+
+libstrongswan_ctr_la_SOURCES = \
+ ctr_plugin.h ctr_plugin.c \
+ ctr_ipsec_crypter.h ctr_ipsec_crypter.c
+
+libstrongswan_ctr_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
new file mode 100644
index 000000000..b51f57113
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -0,0 +1,600 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/ctr
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_ctr_la_LIBADD =
+am_libstrongswan_ctr_la_OBJECTS = ctr_plugin.lo ctr_ipsec_crypter.lo
+libstrongswan_ctr_la_OBJECTS = $(am_libstrongswan_ctr_la_OBJECTS)
+libstrongswan_ctr_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_ctr_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_ctr_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_ctr_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_ctr_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_ctr_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ctr.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ctr.la
+libstrongswan_ctr_la_SOURCES = \
+ ctr_plugin.h ctr_plugin.c \
+ ctr_ipsec_crypter.h ctr_ipsec_crypter.c
+
+libstrongswan_ctr_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ctr/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/ctr/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-ctr.la: $(libstrongswan_ctr_la_OBJECTS) $(libstrongswan_ctr_la_DEPENDENCIES)
+ $(libstrongswan_ctr_la_LINK) $(am_libstrongswan_ctr_la_rpath) $(libstrongswan_ctr_la_OBJECTS) $(libstrongswan_ctr_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ctr_ipsec_crypter.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ctr_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c
new file mode 100644
index 000000000..ddcae423b
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ctr_ipsec_crypter.h"
+
+typedef struct private_ctr_ipsec_crypter_t private_ctr_ipsec_crypter_t;
+
+/**
+ * Private data of an ctr_ipsec_crypter_t object.
+ */
+struct private_ctr_ipsec_crypter_t {
+
+ /**
+ * Public ctr_ipsec_crypter_t interface.
+ */
+ ctr_ipsec_crypter_t public;
+
+ /**
+ * Underlying CBC crypter
+ */
+ crypter_t *crypter;
+
+ /**
+ * counter state
+ */
+ struct {
+ char nonce[4];
+ char iv[8];
+ u_int32_t counter;
+ } __attribute__((packed)) state;
+};
+
+/**
+ * Do the CTR crypto operation
+ */
+static void crypt_ctr(private_ctr_ipsec_crypter_t *this,
+ chunk_t in, chunk_t out)
+{
+ size_t is, bs;
+ chunk_t state;
+
+ is = this->crypter->get_iv_size(this->crypter);
+ bs = sizeof(this->state);
+
+ this->state.counter = htonl(1);
+ state = chunk_create((char*)&this->state, bs);
+
+ while (in.len > 0)
+ {
+ char iv[is], block[bs];
+
+ memset(iv, 0, is);
+ memcpy(block, state.ptr, bs);
+ this->crypter->encrypt(this->crypter,
+ chunk_create(block, bs), chunk_create(iv, is), NULL);
+ chunk_increment(state);
+
+ if (in.ptr != out.ptr)
+ {
+ memcpy(out.ptr, in.ptr, min(in.len, bs));
+ }
+ memxor(out.ptr, block, min(in.len, bs));
+ in = chunk_skip(in, bs);
+ out = chunk_skip(out, bs);
+ }
+}
+
+METHOD(crypter_t, crypt, void,
+ private_ctr_ipsec_crypter_t *this, chunk_t in, chunk_t iv, chunk_t *out)
+{
+ memcpy(this->state.iv, iv.ptr, sizeof(this->state.iv));
+
+ if (out)
+ {
+ *out = chunk_alloc(in.len);
+ crypt_ctr(this, in, *out);
+ }
+ else
+ {
+ crypt_ctr(this, in, in);
+ }
+}
+
+METHOD(crypter_t, get_block_size, size_t,
+ private_ctr_ipsec_crypter_t *this)
+{
+ return 1;
+}
+
+METHOD(crypter_t, get_iv_size, size_t,
+ private_ctr_ipsec_crypter_t *this)
+{
+ return sizeof(this->state.iv);
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_ctr_ipsec_crypter_t *this)
+{
+ return this->crypter->get_key_size(this->crypter)
+ + sizeof(this->state.nonce);
+}
+
+METHOD(crypter_t, set_key, void,
+ private_ctr_ipsec_crypter_t *this, chunk_t key)
+{
+ memcpy(this->state.nonce, key.ptr + key.len - sizeof(this->state.nonce),
+ sizeof(this->state.nonce));
+ key.len -= sizeof(this->state.nonce);
+ this->crypter->set_key(this->crypter, key);
+}
+
+METHOD(crypter_t, destroy, void,
+ private_ctr_ipsec_crypter_t *this)
+{
+ this->crypter->destroy(this->crypter);
+ free(this);
+}
+
+/**
+ * See header
+ */
+ctr_ipsec_crypter_t *ctr_ipsec_crypter_create(encryption_algorithm_t algo,
+ size_t key_size)
+{
+ private_ctr_ipsec_crypter_t *this;
+
+ switch (algo)
+ {
+ case ENCR_AES_CTR:
+ algo = ENCR_AES_CBC;
+ break;
+ case ENCR_CAMELLIA_CTR:
+ algo = ENCR_CAMELLIA_CBC;
+ break;
+ default:
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .crypter = {
+ .encrypt = _crypt,
+ .decrypt = _crypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size),
+ );
+
+ if (!this->crypter)
+ {
+ free(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h
new file mode 100644
index 000000000..db21aec3b
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ctr_ipsec_crypter ctr_ipsec_crypter
+ * @{ @ingroup ctr
+ */
+
+#ifndef CTR_IPSEC_CRYPTER_H_
+#define CTR_IPSEC_CRYPTER_H_
+
+#include <crypto/crypters/crypter.h>
+
+typedef struct ctr_ipsec_crypter_t ctr_ipsec_crypter_t;
+
+/**
+ * Counter Mode wrapper for encryption algorithms, IPsec variant (RFC3686).
+ */
+struct ctr_ipsec_crypter_t {
+
+ /**
+ * Implements crypter_t interface.
+ */
+ crypter_t crypter;
+};
+
+/**
+ * Create a ctr_ipsec_crypter instance.
+ */
+ctr_ipsec_crypter_t *ctr_ipsec_crypter_create();
+
+/**
+ * Create a ctr_ipsec_crypter instance.
+ *
+ * @param key_size key size in bytes
+ * @param algo algorithm to implement, a counter mode
+ * @return crypter, NULL if not supported
+ */
+ctr_ipsec_crypter_t *ctr_ipsec_crypter_create(encryption_algorithm_t algo,
+ size_t key_size);
+
+#endif /** CTR_IPSEC_CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/plugins/ctr/ctr_plugin.c b/src/libstrongswan/plugins/ctr/ctr_plugin.c
new file mode 100644
index 000000000..5e47f23ec
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/ctr_plugin.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ctr_plugin.h"
+
+#include <library.h>
+
+#include "ctr_ipsec_crypter.h"
+
+typedef struct private_ctr_plugin_t private_ctr_plugin_t;
+
+/**
+ * private data of ctr_plugin
+ */
+struct private_ctr_plugin_t {
+
+ /**
+ * public functions
+ */
+ ctr_plugin_t public;
+};
+
+METHOD(plugin_t, destroy, void,
+ private_ctr_plugin_t *this)
+{
+ lib->crypto->remove_crypter(lib->crypto,
+ (crypter_constructor_t)ctr_ipsec_crypter_create);
+
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *ctr_plugin_create()
+{
+ private_ctr_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR,
+ (crypter_constructor_t)ctr_ipsec_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR,
+ (crypter_constructor_t)ctr_ipsec_crypter_create);
+
+ return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/ctr/ctr_plugin.h b/src/libstrongswan/plugins/ctr/ctr_plugin.h
new file mode 100644
index 000000000..7b2f901dc
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/ctr_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ctr ctr
+ * @ingroup plugins
+ *
+ * @defgroup ctr_plugin ctr_plugin
+ * @{ @ingroup ctr
+ */
+
+#ifndef CTR_PLUGIN_H_
+#define CTR_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct ctr_plugin_t ctr_plugin_t;
+
+/**
+ * Plugin providing CTR mode operation of symmetric encryption algorithms.
+ */
+struct ctr_plugin_t {
+
+ /**
+ * Implements plugin interface.
+ */
+ plugin_t plugin;
+};
+
+#endif /** CTR_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index fc3b0ab1a..9cc99063c 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -195,14 +198,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -242,7 +255,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c
index 2341c9052..4835f6461 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.c
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.c
@@ -166,10 +166,12 @@ curl_fetcher_t *curl_fetcher_create()
private_curl_fetcher_t *this;
INIT(this,
- .public.interface = {
- .fetch = _fetch,
- .set_option = _set_option,
- .destroy = _destroy,
+ .public = {
+ .interface = {
+ .fetch = _fetch,
+ .set_option = _set_option,
+ .destroy = _destroy,
+ },
},
.curl = curl_easy_init(),
);
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index 319baa04c..0e8fa7315 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -195,14 +198,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -242,7 +255,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c
index 142e79613..7d9fbe852 100644
--- a/src/libstrongswan/plugins/des/des_crypter.c
+++ b/src/libstrongswan/plugins/des/des_crypter.c
@@ -1416,11 +1416,8 @@ static void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, long len
tin[0]=tin[1]=0;
}
-/**
- * Implementation of crypter_t.decrypt for DES.
- */
-static void decrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *decrypted)
+METHOD(crypter_t, decrypt, void,
+ private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
des_cblock ivb;
u_int8_t *out;
@@ -1437,11 +1434,8 @@ static void decrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv,
}
-/**
- * Implementation of crypter_t.decrypt for DES.
- */
-static void encrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *encrypted)
+METHOD(crypter_t, encrypt, void,
+ private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
des_cblock ivb;
u_int8_t *out;
@@ -1457,11 +1451,8 @@ static void encrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv,
data.len, this->ks, &ivb, DES_ENCRYPT);
}
-/**
- * Implementation of crypter_t.decrypt for DES (ECB).
- */
-static void decrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *decrypted)
+METHOD(crypter_t, decrypt_ecb, void,
+ private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
u_int8_t *out;
@@ -1475,11 +1466,8 @@ static void decrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv,
data.len, this->ks, DES_DECRYPT);
}
-/**
- * Implementation of crypter_t.decrypt for DES (ECB).
- */
-static void encrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *encrypted)
+METHOD(crypter_t, encrypt_ecb, void,
+ private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
u_int8_t *out;
@@ -1493,11 +1481,8 @@ static void encrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv,
data.len, this->ks, DES_ENCRYPT);
}
-/**
- * Implementation of crypter_t.decrypt for 3DES.
- */
-static void decrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *decrypted)
+METHOD(crypter_t, decrypt3, void,
+ private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
des_cblock ivb;
u_int8_t *out;
@@ -1514,11 +1499,8 @@ static void decrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv,
&ivb, DES_DECRYPT);
}
-/**
- * Implementation of crypter_t.decrypt for 3DES.
- */
-static void encrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *encrypted)
+METHOD(crypter_t, encrypt3, void,
+ private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
des_cblock ivb;
u_int8_t *out;
@@ -1535,44 +1517,40 @@ static void encrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv,
&ivb, DES_ENCRYPT);
}
-/**
- * Implementation of crypter_t.get_block_size.
- */
-static size_t get_block_size (private_des_crypter_t *this)
+METHOD(crypter_t, get_block_size, size_t,
+ private_des_crypter_t *this)
{
return sizeof(des_cblock);
}
-/**
- * Implementation of crypter_t.get_key_size.
- */
-static size_t get_key_size (private_des_crypter_t *this)
+METHOD(crypter_t, get_iv_size, size_t,
+ private_des_crypter_t *this)
+{
+ return sizeof(des_cblock);
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_des_crypter_t *this)
{
return this->key_size;
}
-/**
- * Implementation of crypter_t.set_key for DES.
- */
-static void set_key(private_des_crypter_t *this, chunk_t key)
+METHOD(crypter_t, set_key, void,
+ private_des_crypter_t *this, chunk_t key)
{
des_set_key((des_cblock*)(key.ptr), &this->ks);
}
-/**
- * Implementation of crypter_t.set_key for 3DES.
- */
-static void set_key3(private_des_crypter_t *this, chunk_t key)
+METHOD(crypter_t, set_key3, void,
+ private_des_crypter_t *this, chunk_t key)
{
des_set_key((des_cblock*)(key.ptr) + 0, &this->ks3[0]);
des_set_key((des_cblock*)(key.ptr) + 1, &this->ks3[1]);
des_set_key((des_cblock*)(key.ptr) + 2, &this->ks3[2]);
}
-/**
- * Implementation of crypter_t.destroy and des_crypter_t.destroy.
- */
-static void destroy(private_des_crypter_t *this)
+METHOD(crypter_t, destroy, void,
+ private_des_crypter_t *this)
{
free(this);
}
@@ -1582,33 +1560,39 @@ static void destroy(private_des_crypter_t *this)
*/
des_crypter_t *des_crypter_create(encryption_algorithm_t algo)
{
- private_des_crypter_t *this = malloc_thing(private_des_crypter_t);
-
- /* functions of crypter_t interface */
- this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
- this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
- this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
+ private_des_crypter_t *this;
+
+ INIT(this,
+ .public = {
+ .crypter = {
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .destroy = _destroy,
+ },
+ },
+ );
/* use functions depending on algorithm */
switch (algo)
{
case ENCR_DES:
this->key_size = sizeof(des_cblock);
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
+ this->public.crypter.set_key = _set_key;
+ this->public.crypter.encrypt = _encrypt;
+ this->public.crypter.decrypt = _decrypt;
break;
case ENCR_3DES:
this->key_size = 3 * sizeof(des_cblock);
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key3;
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt3;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt3;
+ this->public.crypter.set_key = _set_key3;
+ this->public.crypter.encrypt = _encrypt3;
+ this->public.crypter.decrypt = _decrypt3;
break;
case ENCR_DES_ECB:
this->key_size = sizeof(des_cblock);
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt_ecb;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt_ecb;
+ this->public.crypter.set_key = _set_key;
+ this->public.crypter.encrypt = _encrypt_ecb;
+ this->public.crypter.decrypt = _decrypt_ecb;
break;
default:
free(this);
diff --git a/src/libstrongswan/plugins/des/des_crypter.h b/src/libstrongswan/plugins/des/des_crypter.h
index cffbd4ce3..07215d0c5 100644
--- a/src/libstrongswan/plugins/des/des_crypter.h
+++ b/src/libstrongswan/plugins/des/des_crypter.h
@@ -32,9 +32,9 @@ typedef struct des_crypter_t des_crypter_t;
struct des_crypter_t {
/**
- * The crypter_t interface.
+ * Implements crypter_t interface.
*/
- crypter_t crypter_interface;
+ crypter_t crypter;
};
/**
diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c
index afc82e8d4..43b457ce2 100644
--- a/src/libstrongswan/plugins/des/des_plugin.c
+++ b/src/libstrongswan/plugins/des/des_plugin.c
@@ -31,10 +31,8 @@ struct private_des_plugin_t {
des_plugin_t public;
};
-/**
- * Implementation of des_plugin_t.destroy
- */
-static void destroy(private_des_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_des_plugin_t *this)
{
lib->crypto->remove_crypter(lib->crypto,
(crypter_constructor_t)des_crypter_create);
@@ -46,9 +44,15 @@ static void destroy(private_des_plugin_t *this)
*/
plugin_t *des_plugin_create()
{
- private_des_plugin_t *this = malloc_thing(private_des_plugin_t);
+ private_des_plugin_t *this;
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
lib->crypto->add_crypter(lib->crypto, ENCR_3DES,
(crypter_constructor_t)des_crypter_create);
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index 73f81f4db..7f4529211 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -167,6 +168,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -198,14 +201,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -220,24 +226,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -245,7 +258,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
index 125047b05..bc0ee30ae 100644
--- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
+++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
@@ -50,9 +50,9 @@ plugin_t *dnskey_plugin_create()
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
(builder_function_t)dnskey_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE,
(builder_function_t)dnskey_public_key_load);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index 4ed8276c4..7e2a1ccdf 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -167,6 +168,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -198,14 +201,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -220,24 +226,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -245,7 +258,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/gcm/Makefile.am b/src/libstrongswan/plugins/gcm/Makefile.am
new file mode 100644
index 000000000..ec733fbcc
--- /dev/null
+++ b/src/libstrongswan/plugins/gcm/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-gcm.la
+else
+plugin_LTLIBRARIES = libstrongswan-gcm.la
+endif
+
+libstrongswan_gcm_la_SOURCES = \
+ gcm_plugin.h gcm_plugin.c \
+ gcm_aead.h gcm_aead.c
+
+libstrongswan_gcm_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
new file mode 100644
index 000000000..a4de9ea77
--- /dev/null
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -0,0 +1,600 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/gcm
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_gcm_la_LIBADD =
+am_libstrongswan_gcm_la_OBJECTS = gcm_plugin.lo gcm_aead.lo
+libstrongswan_gcm_la_OBJECTS = $(am_libstrongswan_gcm_la_OBJECTS)
+libstrongswan_gcm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_gcm_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_gcm_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_gcm_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_gcm_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_gcm_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-gcm.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-gcm.la
+libstrongswan_gcm_la_SOURCES = \
+ gcm_plugin.h gcm_plugin.c \
+ gcm_aead.h gcm_aead.c
+
+libstrongswan_gcm_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcm/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcm/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-gcm.la: $(libstrongswan_gcm_la_OBJECTS) $(libstrongswan_gcm_la_DEPENDENCIES)
+ $(libstrongswan_gcm_la_LINK) $(am_libstrongswan_gcm_la_rpath) $(libstrongswan_gcm_la_OBJECTS) $(libstrongswan_gcm_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcm_aead.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcm_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.c b/src/libstrongswan/plugins/gcm/gcm_aead.c
new file mode 100644
index 000000000..0d7d91dbf
--- /dev/null
+++ b/src/libstrongswan/plugins/gcm/gcm_aead.c
@@ -0,0 +1,425 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "gcm_aead.h"
+
+#include <limits.h>
+
+#define BLOCK_SIZE 16
+#define NONCE_SIZE 12
+#define IV_SIZE 8
+#define SALT_SIZE (NONCE_SIZE - IV_SIZE)
+
+typedef struct private_gcm_aead_t private_gcm_aead_t;
+
+/**
+ * Private data of an gcm_aead_t object.
+ */
+struct private_gcm_aead_t {
+
+ /**
+ * Public gcm_aead_t interface.
+ */
+ gcm_aead_t public;
+
+ /**
+ * Underlying CBC crypter.
+ */
+ crypter_t *crypter;
+
+ /**
+ * Size of the integrity check value
+ */
+ size_t icv_size;
+
+ /**
+ * Salt value
+ */
+ char salt[SALT_SIZE];
+
+ /**
+ * GHASH subkey H
+ */
+ char h[BLOCK_SIZE];
+};
+
+/**
+ * Find a suiteable word size and network order conversion functions
+ */
+#if ULONG_MAX == 18446744073709551615UL && defined(htobe64)
+# define htobeword htobe64
+# define bewordtoh be64toh
+# define SHIFT_WORD_TYPE u_int64_t
+#else
+# define htobeword htonl
+# define bewordtoh ntohl
+# define SHIFT_WORD_TYPE u_int32_t
+#endif
+
+/**
+ * Bitshift a block right by one bit
+ */
+static void sr_block(char *block)
+{
+ int i;
+ SHIFT_WORD_TYPE *word = (SHIFT_WORD_TYPE*)block;
+
+ for (i = 0; i < BLOCK_SIZE / sizeof(*word); i++)
+ {
+ word[i] = bewordtoh(word[i]);
+ }
+ for (i = BLOCK_SIZE / sizeof(*word) - 1; i >= 0; i--)
+ {
+ word[i] >>= 1;
+ if (i != 0)
+ {
+ word[i] |= word[i - 1] << (sizeof(*word) * 8 - 1);
+ }
+ }
+ for (i = 0; i < BLOCK_SIZE / sizeof(*word); i++)
+ {
+ word[i] = htobeword(word[i]);
+ }
+}
+
+/**
+ * Naive implementation of block multiplication in GF128, no tables
+ */
+static void mult_block(char *x, char *y, char *res)
+{
+ char z[BLOCK_SIZE], v[BLOCK_SIZE], r;
+ int bit, byte;
+
+ r = 0xE1;
+ memset(z, 0, BLOCK_SIZE);
+ memcpy(v, y, BLOCK_SIZE);
+
+ for (byte = 0; byte < BLOCK_SIZE; byte++)
+ {
+ for (bit = 7; bit >= 0; bit--)
+ {
+ if (x[byte] & (1 << bit))
+ {
+ memxor(z, v, BLOCK_SIZE);
+ }
+ if (v[BLOCK_SIZE - 1] & 0x01)
+ {
+ sr_block(v);
+ v[0] ^= r;
+ }
+ else
+ {
+ sr_block(v);
+ }
+ }
+ }
+ memcpy(res, z, BLOCK_SIZE);
+}
+
+/**
+ * GHASH function
+ */
+static void ghash(private_gcm_aead_t *this, chunk_t x, char *res)
+{
+ char y[BLOCK_SIZE];
+
+ memset(y, 0, BLOCK_SIZE);
+
+ while (x.len)
+ {
+ memxor(y, x.ptr, BLOCK_SIZE);
+ mult_block(y, this->h, y);
+ x = chunk_skip(x, BLOCK_SIZE);
+ }
+ memcpy(res, y, BLOCK_SIZE);
+}
+
+/**
+ * GCTR function, en-/decrypts x inline
+ */
+static void gctr(private_gcm_aead_t *this, char *icb, chunk_t x)
+{
+ char cb[BLOCK_SIZE], iv[BLOCK_SIZE], tmp[BLOCK_SIZE];
+
+ memset(iv, 0, BLOCK_SIZE);
+ memcpy(cb, icb, BLOCK_SIZE);
+
+ while (x.len)
+ {
+ memcpy(tmp, cb, BLOCK_SIZE);
+ this->crypter->encrypt(this->crypter, chunk_from_thing(tmp),
+ chunk_from_thing(iv), NULL);
+ memxor(x.ptr, tmp, min(BLOCK_SIZE, x.len));
+ chunk_increment(chunk_from_thing(cb));
+ x = chunk_skip(x, BLOCK_SIZE);
+ }
+}
+
+/**
+ * Generate the block J0
+ */
+static void create_j(private_gcm_aead_t *this, char *iv, char *j)
+{
+ memcpy(j, this->salt, SALT_SIZE);
+ memcpy(j + SALT_SIZE, iv, IV_SIZE);
+ htoun32(j + SALT_SIZE + IV_SIZE, 1);
+}
+
+/**
+ * Create GHASH subkey H
+ */
+static void create_h(private_gcm_aead_t *this, char *h)
+{
+ char zero[BLOCK_SIZE];
+
+ memset(zero, 0, BLOCK_SIZE);
+ memset(h, 0, BLOCK_SIZE);
+
+ this->crypter->encrypt(this->crypter, chunk_create(h, BLOCK_SIZE),
+ chunk_from_thing(zero), NULL);
+}
+
+/**
+ * Encrypt/decrypt
+ */
+static void crypt(private_gcm_aead_t *this, char *j, chunk_t in, chunk_t out)
+{
+ char icb[BLOCK_SIZE];
+
+ memcpy(icb, j, BLOCK_SIZE);
+ chunk_increment(chunk_from_thing(icb));
+
+ out.len = in.len;
+ if (in.ptr != out.ptr)
+ {
+ memcpy(out.ptr, in.ptr, in.len);
+ }
+ gctr(this, icb, out);
+}
+
+/**
+ * Create ICV
+ */
+static void create_icv(private_gcm_aead_t *this, chunk_t assoc, chunk_t crypt,
+ char *j, char *icv)
+{
+ size_t assoc_pad, crypt_pad;
+ chunk_t chunk;
+ char s[BLOCK_SIZE], *pos;
+
+ assoc_pad = (BLOCK_SIZE - (assoc.len % BLOCK_SIZE)) % BLOCK_SIZE;
+ crypt_pad = (BLOCK_SIZE - (crypt.len % BLOCK_SIZE)) % BLOCK_SIZE;
+
+ /* concatenate data to a new chunk */
+ chunk = chunk_alloc(assoc.len + assoc_pad +
+ crypt.len + crypt_pad + BLOCK_SIZE);
+ pos = chunk.ptr;
+ /* add associated data */
+ memcpy(pos, assoc.ptr, assoc.len);
+ pos += assoc.len;
+ memset(pos, 0, assoc_pad);
+ pos += assoc_pad;
+ /* add encrypted data */
+ memcpy(pos, crypt.ptr, crypt.len);
+ pos += crypt.len;
+ memset(pos, 0, crypt_pad);
+ pos += crypt_pad;
+ /* write associated len */
+ memset(pos, 0, 4);
+ pos += 4;
+ htoun32(pos, assoc.len * 8);
+ pos += 4;
+ /* write encrypted length */
+ memset(pos, 0, 4);
+ pos += 4;
+ htoun32(pos, crypt.len * 8);
+ pos += 4;
+
+ ghash(this, chunk, s);
+ free(chunk.ptr);
+ gctr(this, j, chunk_from_thing(s));
+
+ memcpy(icv, s, this->icv_size);
+}
+
+/**
+ * Verify the ICV value
+ */
+static bool verify_icv(private_gcm_aead_t *this, chunk_t assoc, chunk_t crypt,
+ char *j, char *icv)
+{
+ char tmp[this->icv_size];
+
+ create_icv(this, assoc, crypt, j, tmp);
+
+ return memeq(tmp, icv, this->icv_size);
+}
+
+METHOD(aead_t, encrypt, void,
+ private_gcm_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv,
+ chunk_t *encrypted)
+{
+ char j[BLOCK_SIZE];
+
+ create_j(this, iv.ptr, j);
+
+ if (encrypted)
+ {
+ *encrypted = chunk_alloc(plain.len + this->icv_size);
+ crypt(this, j, plain, *encrypted);
+ create_icv(this, assoc,
+ chunk_create(encrypted->ptr, encrypted->len - this->icv_size),
+ j, encrypted->ptr + encrypted->len - this->icv_size);
+ }
+ else
+ {
+ crypt(this, j, plain, plain);
+ create_icv(this, assoc, plain, j, plain.ptr + plain.len);
+ }
+}
+
+METHOD(aead_t, decrypt, bool,
+ private_gcm_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv,
+ chunk_t *plain)
+{
+ char j[BLOCK_SIZE];
+
+ if (encrypted.len < this->icv_size)
+ {
+ return FALSE;
+ }
+
+ create_j(this, iv.ptr, j);
+
+ encrypted.len -= this->icv_size;
+ if (!verify_icv(this, assoc, encrypted, j, encrypted.ptr + encrypted.len))
+ {
+ return FALSE;
+ }
+ if (plain)
+ {
+ *plain = chunk_alloc(encrypted.len);
+ crypt(this, j, encrypted, *plain);
+ }
+ else
+ {
+ crypt(this, j, encrypted, encrypted);
+ }
+ return TRUE;
+}
+
+METHOD(aead_t, get_block_size, size_t,
+ private_gcm_aead_t *this)
+{
+ return 1;
+}
+
+METHOD(aead_t, get_icv_size, size_t,
+ private_gcm_aead_t *this)
+{
+ return this->icv_size;
+}
+
+METHOD(aead_t, get_iv_size, size_t,
+ private_gcm_aead_t *this)
+{
+ return IV_SIZE;
+}
+
+METHOD(aead_t, get_key_size, size_t,
+ private_gcm_aead_t *this)
+{
+ return this->crypter->get_key_size(this->crypter) + SALT_SIZE;
+}
+
+METHOD(aead_t, set_key, void,
+ private_gcm_aead_t *this, chunk_t key)
+{
+ memcpy(this->salt, key.ptr + key.len - SALT_SIZE, SALT_SIZE);
+ key.len -= SALT_SIZE;
+ this->crypter->set_key(this->crypter, key);
+ create_h(this, this->h);
+}
+
+METHOD(aead_t, destroy, void,
+ private_gcm_aead_t *this)
+{
+ this->crypter->destroy(this->crypter);
+ free(this);
+}
+
+/**
+ * See header
+ */
+gcm_aead_t *gcm_aead_create(encryption_algorithm_t algo, size_t key_size)
+{
+ private_gcm_aead_t *this;
+ size_t icv_size;
+
+ switch (key_size)
+ {
+ case 0:
+ key_size = 16;
+ break;
+ case 16:
+ case 24:
+ case 32:
+ break;
+ default:
+ return NULL;
+ }
+ switch (algo)
+ {
+ case ENCR_AES_GCM_ICV8:
+ algo = ENCR_AES_CBC;
+ icv_size = 8;
+ break;
+ case ENCR_AES_GCM_ICV12:
+ algo = ENCR_AES_CBC;
+ icv_size = 12;
+ break;
+ case ENCR_AES_GCM_ICV16:
+ algo = ENCR_AES_CBC;
+ icv_size = 16;
+ break;
+ default:
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .aead = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_icv_size = _get_icv_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size),
+ .icv_size = icv_size,
+ );
+
+ if (!this->crypter)
+ {
+ free(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.h b/src/libstrongswan/plugins/gcm/gcm_aead.h
new file mode 100644
index 000000000..db4be2442
--- /dev/null
+++ b/src/libstrongswan/plugins/gcm/gcm_aead.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup gcm_aead gcm_aead
+ * @{ @ingroup gcm
+ */
+
+#ifndef GCM_AEAD_H_
+#define GCM_AEAD_H_
+
+#include <crypto/aead.h>
+
+typedef struct gcm_aead_t gcm_aead_t;
+
+/**
+ * Galois/Counter Mode (GCM).
+ *
+ * Implements GCM as specified in NIST 800-38D, using AEAD semantics from
+ * RFC 5282, based on RFC4106.
+ */
+struct gcm_aead_t {
+
+ /**
+ * Implements aead_t interface.
+ */
+ aead_t aead;
+};
+
+/**
+ * Create a gcm_aead instance.
+ *
+ * @param key_size key size in bytes
+ * @param algo algorithm to implement, a gcm mode
+ * @return aead, NULL if not supported
+ */
+gcm_aead_t *gcm_aead_create(encryption_algorithm_t algo, size_t key_size);
+
+#endif /** GCM_AEAD_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcm/gcm_plugin.c b/src/libstrongswan/plugins/gcm/gcm_plugin.c
new file mode 100644
index 000000000..061001b30
--- /dev/null
+++ b/src/libstrongswan/plugins/gcm/gcm_plugin.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "gcm_plugin.h"
+
+#include <library.h>
+
+#include "gcm_aead.h"
+
+typedef struct private_gcm_plugin_t private_gcm_plugin_t;
+
+/**
+ * private data of gcm_plugin
+ */
+struct private_gcm_plugin_t {
+
+ /**
+ * public functions
+ */
+ gcm_plugin_t public;
+};
+
+METHOD(plugin_t, destroy, void,
+ private_gcm_plugin_t *this)
+{
+ lib->crypto->remove_aead(lib->crypto,
+ (aead_constructor_t)gcm_aead_create);
+
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *gcm_plugin_create()
+{
+ private_gcm_plugin_t *this;
+
+ INIT(this,
+ .public.plugin.destroy = _destroy,
+ );
+
+ lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV8,
+ (aead_constructor_t)gcm_aead_create);
+ lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV12,
+ (aead_constructor_t)gcm_aead_create);
+ lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16,
+ (aead_constructor_t)gcm_aead_create);
+
+ return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/gcm/gcm_plugin.h b/src/libstrongswan/plugins/gcm/gcm_plugin.h
new file mode 100644
index 000000000..52676708e
--- /dev/null
+++ b/src/libstrongswan/plugins/gcm/gcm_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup gcm gcm
+ * @ingroup plugins
+ *
+ * @defgroup gcm_plugin gcm_plugin
+ * @{ @ingroup gcm
+ */
+
+#ifndef GCM_PLUGIN_H_
+#define GCM_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct gcm_plugin_t gcm_plugin_t;
+
+/**
+ * Plugin providing GCM mode operation.
+ */
+struct gcm_plugin_t {
+
+ /**
+ * Implements plugin interface.
+ */
+ plugin_t plugin;
+};
+
+#endif /** GCM_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index 09131c4be..00c49c487 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -168,6 +169,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -199,14 +202,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -221,24 +227,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -246,7 +259,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
index 5dbdde32c..599481911 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
@@ -40,15 +40,43 @@ struct private_gcrypt_crypter_t {
* gcrypt algorithm identifier
*/
int alg;
+
+ /**
+ * are we using counter mode?
+ */
+ bool ctr_mode;
+
+ /**
+ * counter state
+ */
+ struct {
+ char nonce[4];
+ char iv[8];
+ u_int32_t counter;
+ } __attribute__((packed)) ctr;
};
/**
- * Implementation of crypter_t.decrypt.
+ * Set the IV for en/decryption
*/
-static void decrypt(private_gcrypt_crypter_t *this, chunk_t data,
- chunk_t iv, chunk_t *dst)
+static void set_iv(private_gcrypt_crypter_t *this, chunk_t iv)
+{
+ if (this->ctr_mode)
+ {
+ memcpy(this->ctr.iv, iv.ptr, sizeof(this->ctr.iv));
+ this->ctr.counter = htonl(1);
+ gcry_cipher_setctr(this->h, &this->ctr, sizeof(this->ctr));
+ }
+ else
+ {
+ gcry_cipher_setiv(this->h, iv.ptr, iv.len);
+ }
+}
+
+METHOD(crypter_t, decrypt, void,
+ private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
- gcry_cipher_setiv(this->h, iv.ptr, iv.len);
+ set_iv(this, iv);
if (dst)
{
@@ -61,13 +89,10 @@ static void decrypt(private_gcrypt_crypter_t *this, chunk_t data,
}
}
-/**
- * Implementation of crypter_t.encrypt.
- */
-static void encrypt(private_gcrypt_crypter_t *this, chunk_t data,
- chunk_t iv, chunk_t *dst)
+METHOD(crypter_t, encrypt, void,
+ private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
- gcry_cipher_setiv(this->h, iv.ptr, iv.len);
+ set_iv(this, iv);
if (dst)
{
@@ -80,40 +105,60 @@ static void encrypt(private_gcrypt_crypter_t *this, chunk_t data,
}
}
-/**
- * Implementation of crypter_t.get_block_size.
- */
-static size_t get_block_size(private_gcrypt_crypter_t *this)
+METHOD(crypter_t, get_block_size, size_t,
+ private_gcrypt_crypter_t *this)
{
size_t len = 0;
+ if (this->ctr_mode)
+ { /* counter mode does not need any padding */
+ return 1;
+ }
gcry_cipher_algo_info(this->alg, GCRYCTL_GET_BLKLEN, NULL, &len);
return len;
}
-/**
- * Implementation of crypter_t.get_key_size.
- */
-static size_t get_key_size(private_gcrypt_crypter_t *this)
+METHOD(crypter_t, get_iv_size, size_t,
+ private_gcrypt_crypter_t *this)
+{
+ size_t len = 0;
+
+ if (this->ctr_mode)
+ {
+ return sizeof(this->ctr.iv);
+ }
+ gcry_cipher_algo_info(this->alg, GCRYCTL_GET_BLKLEN, NULL, &len);
+ return len;
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_gcrypt_crypter_t *this)
{
size_t len = 0;
gcry_cipher_algo_info(this->alg, GCRYCTL_GET_KEYLEN, NULL, &len);
+ if (this->ctr_mode)
+ {
+ return len + sizeof(this->ctr.nonce);
+ }
return len;
}
-/**
- * Implementation of crypter_t.set_key.
- */
-static void set_key(private_gcrypt_crypter_t *this, chunk_t key)
+METHOD(crypter_t, set_key, void,
+ private_gcrypt_crypter_t *this, chunk_t key)
{
+ if (this->ctr_mode)
+ {
+ /* last 4 bytes are the nonce */
+ memcpy(this->ctr.nonce, key.ptr + key.len - sizeof(this->ctr.nonce),
+ sizeof(this->ctr.nonce));
+ key.len -= sizeof(this->ctr.nonce);
+ }
gcry_cipher_setkey(this->h, key.ptr, key.len);
}
-/**
- * Implementation of crypter_t.destroy.
- */
-static void destroy (private_gcrypt_crypter_t *this)
+METHOD(crypter_t, destroy, void,
+ private_gcrypt_crypter_t *this)
{
gcry_cipher_close(this->h);
free(this);
@@ -149,18 +194,19 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
gcrypt_alg = GCRY_CIPHER_CAST5;
break;
case ENCR_BLOWFISH:
- if (key_size != 16)
+ if (key_size != 16 && key_size != 0)
{ /* gcrypt currently supports 128 bit blowfish only */
return NULL;
}
gcrypt_alg = GCRY_CIPHER_BLOWFISH;
break;
- /* case ENCR_AES_CTR:
- mode = GCRY_CIPHER_MODE_CTR; */
+ case ENCR_AES_CTR:
+ mode = GCRY_CIPHER_MODE_CTR;
/* fall */
case ENCR_AES_CBC:
switch (key_size)
{
+ case 0:
case 16:
gcrypt_alg = GCRY_CIPHER_AES128;
break;
@@ -174,13 +220,14 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
return NULL;
}
break;
- /* case ENCR_CAMELLIA_CTR:
- mode = GCRY_CIPHER_MODE_CTR; */
+ case ENCR_CAMELLIA_CTR:
+ mode = GCRY_CIPHER_MODE_CTR;
/* fall */
case ENCR_CAMELLIA_CBC:
switch (key_size)
{
#ifdef HAVE_GCRY_CIPHER_CAMELLIA
+ case 0:
case 16:
gcrypt_alg = GCRY_CIPHER_CAMELLIA128;
break;
@@ -198,6 +245,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
case ENCR_SERPENT_CBC:
switch (key_size)
{
+ case 0:
case 16:
gcrypt_alg = GCRY_CIPHER_SERPENT128;
break;
@@ -214,6 +262,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
case ENCR_TWOFISH_CBC:
switch (key_size)
{
+ case 0:
case 16:
gcrypt_alg = GCRY_CIPHER_TWOFISH128;
break;
@@ -228,9 +277,22 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
return NULL;
}
- this = malloc_thing(private_gcrypt_crypter_t);
+ INIT(this,
+ .public = {
+ .crypter = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .alg = gcrypt_alg,
+ .ctr_mode = mode == GCRY_CIPHER_MODE_CTR,
+ );
- this->alg = gcrypt_alg;
err = gcry_cipher_open(&this->h, gcrypt_alg, mode, 0);
if (err)
{
@@ -239,14 +301,6 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
free(this);
return NULL;
}
-
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *))encrypt;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *))decrypt;
- this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *))get_block_size;
- this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *))get_key_size;
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t))set_key;
- this->public.crypter_interface.destroy = (void (*) (crypter_t *))destroy;
-
return &this->public;
}
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h
index ce0ead4a8..e565e28c7 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h
@@ -33,7 +33,7 @@ struct gcrypt_crypter_t {
/**
* The crypter_t interface.
*/
- crypter_t crypter_interface;
+ crypter_t crypter;
};
/**
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
index 08d6239ad..6c4665da2 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
@@ -73,10 +73,8 @@ struct private_gcrypt_dh_t {
size_t p_len;
};
-/**
- * Implementation of gcrypt_dh_t.set_other_public_value.
- */
-static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value)
+METHOD(diffie_hellman_t, set_other_public_value, void,
+ private_gcrypt_dh_t *this, chunk_t value)
{
gcry_mpi_t p_min_1;
gcry_error_t err;
@@ -134,18 +132,14 @@ static chunk_t export_mpi(gcry_mpi_t value, size_t len)
return chunk;
}
-/**
- * Implementation of gcrypt_dh_t.get_my_public_value.
- */
-static void get_my_public_value(private_gcrypt_dh_t *this, chunk_t *value)
+METHOD(diffie_hellman_t, get_my_public_value, void,
+ private_gcrypt_dh_t *this, chunk_t *value)
{
*value = export_mpi(this->ya, this->p_len);
}
-/**
- * Implementation of gcrypt_dh_t.get_shared_secret.
- */
-static status_t get_shared_secret(private_gcrypt_dh_t *this, chunk_t *secret)
+METHOD(diffie_hellman_t, get_shared_secret, status_t,
+ private_gcrypt_dh_t *this, chunk_t *secret)
{
if (!this->zz)
{
@@ -155,18 +149,14 @@ static status_t get_shared_secret(private_gcrypt_dh_t *this, chunk_t *secret)
return SUCCESS;
}
-/**
- * Implementation of gcrypt_dh_t.get_dh_group.
- */
-static diffie_hellman_group_t get_dh_group(private_gcrypt_dh_t *this)
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_gcrypt_dh_t *this)
{
return this->group;
}
-/**
- * Implementation of gcrypt_dh_t.destroy.
- */
-static void destroy(private_gcrypt_dh_t *this)
+METHOD(diffie_hellman_t, destroy, void,
+ private_gcrypt_dh_t *this)
{
gcry_mpi_release(this->p);
gcry_mpi_release(this->xa);
@@ -178,42 +168,37 @@ static void destroy(private_gcrypt_dh_t *this)
}
/*
- * Described in header.
+ * Generic internal constructor
*/
-gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
+gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len,
+ chunk_t g, chunk_t p)
{
private_gcrypt_dh_t *this;
- diffie_hellman_params_t *params;
gcry_error_t err;
chunk_t random;
rng_t *rng;
- params = diffie_hellman_get_params(group);
- if (!params)
- {
- return NULL;
- }
-
- this = malloc_thing(private_gcrypt_dh_t);
-
- this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
- this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
- this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
- this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
- this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
-
- this->group = group;
- this->p_len = params->prime.len;
- err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG,
- params->prime.ptr, params->prime.len, NULL);
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ .group = group,
+ .p_len = p.len,
+ );
+ err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG, p.ptr, p.len, NULL);
if (err)
{
DBG1(DBG_LIB, "importing mpi modulus failed: %s", gpg_strerror(err));
free(this);
return NULL;
}
- err = gcry_mpi_scan(&this->g, GCRYMPI_FMT_USG,
- params->generator.ptr, params->generator.len, NULL);
+ err = gcry_mpi_scan(&this->g, GCRYMPI_FMT_USG, g.ptr, g.len, NULL);
if (err)
{
DBG1(DBG_LIB, "importing mpi generator failed: %s", gpg_strerror(err));
@@ -225,7 +210,7 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (rng)
{ /* prefer external randomizer */
- rng->allocate_bytes(rng, params->exp_len, &random);
+ rng->allocate_bytes(rng, exp_len, &random);
rng->destroy(rng);
err = gcry_mpi_scan(&this->xa, GCRYMPI_FMT_USG,
random.ptr, random.len, NULL);
@@ -241,21 +226,49 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
}
else
{ /* fallback to gcrypt internal randomizer, shouldn't ever happen */
- this->xa = gcry_mpi_new(params->exp_len * 8);
- gcry_mpi_randomize(this->xa, params->exp_len * 8, GCRY_STRONG_RANDOM);
+ this->xa = gcry_mpi_new(exp_len * 8);
+ gcry_mpi_randomize(this->xa, exp_len * 8, GCRY_STRONG_RANDOM);
}
- if (params->exp_len == this->p_len)
+ if (exp_len == this->p_len)
{
/* achieve bitsof(p)-1 by setting MSB to 0 */
- gcry_mpi_clear_bit(this->xa, params->exp_len * 8 - 1);
+ gcry_mpi_clear_bit(this->xa, exp_len * 8 - 1);
}
this->ya = gcry_mpi_new(this->p_len * 8);
- this->yb = NULL;
- this->zz = NULL;
gcry_mpi_powm(this->ya, this->g, this->xa, this->p);
return &this->public;
}
+
+/*
+ * Described in header.
+ */
+gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
+{
+
+ diffie_hellman_params_t *params;
+
+ params = diffie_hellman_get_params(group);
+ if (!params)
+ {
+ return NULL;
+ }
+ return create_generic(group, params->exp_len,
+ params->generator, params->prime);
+}
+
+/*
+ * Described in header.
+ */
+gcrypt_dh_t *gcrypt_dh_create_custom(diffie_hellman_group_t group,
+ chunk_t g, chunk_t p)
+{
+ if (group == MODP_CUSTOM)
+ {
+ return create_generic(group, p.len, g, p);
+ }
+ return NULL;
+}
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
index 95b68dcd0..a70958dc4 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
@@ -44,5 +44,16 @@ struct gcrypt_dh_t {
*/
gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group);
+/**
+ * Creates a new gcrypt_dh_t object for MODP_CUSTOM.
+ *
+ * @param group MODP_CUSTOM
+ * @param g generator
+ * @param p prime
+ * @return gcrypt_dh_t object, NULL if not supported
+ */
+gcrypt_dh_t *gcrypt_dh_create_custom(diffie_hellman_group_t group,
+ chunk_t g, chunk_t p);
+
#endif /** GCRYPT_DH_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
index 39609c16c..96c87614f 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
@@ -37,27 +37,20 @@ struct private_gcrypt_hasher_t {
gcry_md_hd_t hd;
};
-/**
- * Implementation of hasher_t.get_hash_size.
- */
-static size_t get_hash_size(private_gcrypt_hasher_t *this)
+METHOD(hasher_t, get_hash_size, size_t,
+ private_gcrypt_hasher_t *this)
{
return gcry_md_get_algo_dlen(gcry_md_get_algo(this->hd));
}
-/**
- * Implementation of hasher_t.reset.
- */
-static void reset(private_gcrypt_hasher_t *this)
+METHOD(hasher_t, reset, void,
+ private_gcrypt_hasher_t *this)
{
gcry_md_reset(this->hd);
}
-/**
- * Implementation of hasher_t.get_hash.
- */
-static void get_hash(private_gcrypt_hasher_t *this, chunk_t chunk,
- u_int8_t *hash)
+METHOD(hasher_t, get_hash, void,
+ private_gcrypt_hasher_t *this, chunk_t chunk, u_int8_t *hash)
{
gcry_md_write(this->hd, chunk.ptr, chunk.len);
if (hash)
@@ -67,11 +60,8 @@ static void get_hash(private_gcrypt_hasher_t *this, chunk_t chunk,
}
}
-/**
- * Implementation of hasher_t.allocate_hash.
- */
-static void allocate_hash(private_gcrypt_hasher_t *this, chunk_t chunk,
- chunk_t *hash)
+METHOD(hasher_t, allocate_hash, void,
+ private_gcrypt_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
@@ -84,10 +74,8 @@ static void allocate_hash(private_gcrypt_hasher_t *this, chunk_t chunk,
}
}
-/**
- * Implementation of hasher_t.destroy.
- */
-static void destroy (private_gcrypt_hasher_t *this)
+METHOD(hasher_t, destroy, void,
+ private_gcrypt_hasher_t *this)
{
gcry_md_close(this->hd);
free(this);
@@ -132,7 +120,17 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo)
return NULL;
}
- this = malloc_thing(private_gcrypt_hasher_t);
+ INIT(this,
+ .public = {
+ .hasher = {
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .get_hash_size = _get_hash_size,
+ .reset = _reset,
+ .destroy = _destroy,
+ },
+ },
+ );
err = gcry_md_open(&this->hd, gcrypt_alg, 0);
if (err)
@@ -143,12 +141,6 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo)
return NULL;
}
- this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash;
- this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash;
- this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size;
- this->public.hasher_interface.reset = (void (*) (hasher_t*))reset;
- this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy;
-
return &this->public;
}
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h
index 708ccaafb..a7542bcdd 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h
@@ -33,7 +33,7 @@ struct gcrypt_hasher_t {
/**
* The hasher_t interface.
*/
- hasher_t hasher_interface;
+ hasher_t hasher;
};
/**
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 039036b2c..590add5c8 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -93,10 +93,8 @@ static struct gcry_thread_cbs thread_functions = {
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
-/**
- * Implementation of gcrypt_plugin_t.destroy
- */
-static void destroy(private_gcrypt_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_gcrypt_plugin_t *this)
{
lib->crypto->remove_hasher(lib->crypto,
(hasher_constructor_t)gcrypt_hasher_create);
@@ -106,6 +104,8 @@ static void destroy(private_gcrypt_plugin_t *this)
(rng_constructor_t)gcrypt_rng_create);
lib->crypto->remove_dh(lib->crypto,
(dh_constructor_t)gcrypt_dh_create);
+ lib->crypto->remove_dh(lib->crypto,
+ (dh_constructor_t)gcrypt_dh_create_custom);
lib->creds->remove_builder(lib->creds,
(builder_function_t)gcrypt_rsa_private_key_gen);
lib->creds->remove_builder(lib->creds,
@@ -139,9 +139,13 @@ plugin_t *gcrypt_plugin_create()
}
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
- this = malloc_thing(private_gcrypt_plugin_t);
-
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
/* hashers */
lib->crypto->add_hasher(lib->crypto, HASH_SHA1,
@@ -172,8 +176,14 @@ plugin_t *gcrypt_plugin_create()
(crypter_constructor_t)gcrypt_crypter_create);
lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
(crypter_constructor_t)gcrypt_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR,
+ (crypter_constructor_t)gcrypt_crypter_create);
+#ifdef HAVE_GCRY_CIPHER_CAMELLIA
lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC,
(crypter_constructor_t)gcrypt_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR,
+ (crypter_constructor_t)gcrypt_crypter_create);
+#endif /* HAVE_GCRY_CIPHER_CAMELLIA */
lib->crypto->add_crypter(lib->crypto, ENCR_SERPENT_CBC,
(crypter_constructor_t)gcrypt_crypter_create);
lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC,
@@ -210,13 +220,15 @@ plugin_t *gcrypt_plugin_create()
(dh_constructor_t)gcrypt_dh_create);
lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
(dh_constructor_t)gcrypt_dh_create);
+ lib->crypto->add_dh(lib->crypto, MODP_CUSTOM,
+ (dh_constructor_t)gcrypt_dh_create_custom);
/* RSA */
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
(builder_function_t)gcrypt_rsa_private_key_gen);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE,
(builder_function_t)gcrypt_rsa_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE,
(builder_function_t)gcrypt_rsa_public_key_load);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
index d0d252572..d29755de9 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
@@ -35,11 +35,8 @@ struct private_gcrypt_rng_t {
rng_quality_t quality;
};
-/**
- * Implementation of gcrypt_rng_t.get_bytes.
- */
-static void get_bytes(private_gcrypt_rng_t *this, size_t bytes,
- u_int8_t *buffer)
+METHOD(rng_t, get_bytes, void,
+ private_gcrypt_rng_t *this, size_t bytes, u_int8_t *buffer)
{
switch (this->quality)
{
@@ -55,20 +52,15 @@ static void get_bytes(private_gcrypt_rng_t *this, size_t bytes,
}
}
-/**
- * Implementation of gcrypt_rng_t.allocate_bytes.
- */
-static void allocate_bytes(private_gcrypt_rng_t *this, size_t bytes,
- chunk_t *chunk)
+METHOD(rng_t, allocate_bytes, void,
+ private_gcrypt_rng_t *this, size_t bytes, chunk_t *chunk)
{
*chunk = chunk_alloc(bytes);
get_bytes(this, chunk->len, chunk->ptr);
}
-/**
- * Implementation of gcrypt_rng_t.destroy.
- */
-static void destroy(private_gcrypt_rng_t *this)
+METHOD(rng_t, destroy, void,
+ private_gcrypt_rng_t *this)
{
free(this);
}
@@ -90,13 +82,16 @@ gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality)
return NULL;
}
- this = malloc_thing(private_gcrypt_rng_t);
-
- this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes;
- this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes;
- this->public.rng.destroy = (void (*) (rng_t *))destroy;
-
- this->quality = quality;
+ INIT(this,
+ .public = {
+ .rng = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .destroy = _destroy,
+ },
+ },
+ .quality = quality,
+ );
return &this->public;
}
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index b8e86aba0..38ce2cd6c 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -192,19 +192,15 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this,
return !!signature->len;
}
-/**
- * Implementation of gcrypt_rsa_private_key.destroy.
- */
-static key_type_t get_type(private_gcrypt_rsa_private_key_t *this)
+METHOD(private_key_t, get_type, key_type_t,
+ private_gcrypt_rsa_private_key_t *this)
{
return KEY_RSA;
}
-/**
- * Implementation of gcrypt_rsa_private_key.destroy.
- */
-static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *sig)
+METHOD(private_key_t, sign, bool,
+ private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *sig)
{
switch (scheme)
{
@@ -229,17 +225,21 @@ static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t sche
}
}
-/**
- * Implementation of gcrypt_rsa_private_key.destroy.
- */
-static bool decrypt(private_gcrypt_rsa_private_key_t *this,
- chunk_t encrypted, chunk_t *plain)
+METHOD(private_key_t, decrypt, bool,
+ private_gcrypt_rsa_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t encrypted, chunk_t *plain)
{
gcry_error_t err;
gcry_sexp_t in, out;
chunk_t padded;
u_char *pos = NULL;;
+ if (scheme != ENCRYPT_RSA_PKCS1)
+ {
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
err = gcry_sexp_build(&in, NULL, "(enc-val(flags)(rsa(a %b)))",
encrypted.len, encrypted.ptr);
if (err)
@@ -277,18 +277,14 @@ static bool decrypt(private_gcrypt_rsa_private_key_t *this,
return TRUE;
}
-/**
- * Implementation of gcrypt_rsa_private_key.get_keysize.
- */
-static size_t get_keysize(private_gcrypt_rsa_private_key_t *this)
+METHOD(private_key_t, get_keysize, int,
+ private_gcrypt_rsa_private_key_t *this)
{
- return gcry_pk_get_nbits(this->key) / 8;
+ return gcry_pk_get_nbits(this->key);
}
-/**
- * Implementation of gcrypt_rsa_private_key.get_public_key.
- */
-static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this)
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_gcrypt_rsa_private_key_t *this)
{
chunk_t n, e;
public_key_t *public;
@@ -304,11 +300,9 @@ static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this)
return public;
}
-/**
- * Implementation of private_key_t.get_encoding
- */
-static bool get_encoding(private_gcrypt_rsa_private_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(private_key_t, get_encoding, bool,
+ private_gcrypt_rsa_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
chunk_t cn, ce, cp, cq, cd, cu, cexp1 = chunk_empty, cexp2 = chunk_empty;
gcry_mpi_t p = NULL, q = NULL, d = NULL, exp1, exp2;
@@ -385,11 +379,9 @@ static bool get_encoding(private_gcrypt_rsa_private_key_t *this,
return success;
}
-/**
- * Implementation of private_key_t.get_fingerprint
- */
-static bool get_fingerprint(private_gcrypt_rsa_private_key_t *this,
- cred_encoding_type_t type, chunk_t *fp)
+METHOD(private_key_t, get_fingerprint, bool,
+ private_gcrypt_rsa_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *fp)
{
chunk_t n, e;
bool success;
@@ -409,19 +401,15 @@ static bool get_fingerprint(private_gcrypt_rsa_private_key_t *this,
return success;
}
-/**
- * Implementation of gcrypt_rsa_private_key.get_ref.
- */
-static private_key_t* get_ref(private_gcrypt_rsa_private_key_t *this)
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_gcrypt_rsa_private_key_t *this)
{
ref_get(&this->ref);
- return &this->public.interface;
+ return &this->public.key;
}
-/**
- * Implementation of gcrypt_rsa_private_key.destroy.
- */
-static void destroy(private_gcrypt_rsa_private_key_t *this)
+METHOD(private_key_t, destroy, void,
+ private_gcrypt_rsa_private_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -434,25 +422,29 @@ static void destroy(private_gcrypt_rsa_private_key_t *this)
/**
* Internal generic constructor
*/
-static private_gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_create_empty()
+static private_gcrypt_rsa_private_key_t *create_empty()
{
- private_gcrypt_rsa_private_key_t *this = malloc_thing(private_gcrypt_rsa_private_key_t);
-
- this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
- this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
- this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
- this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
- this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
- this->public.interface.equals = private_key_equals;
- this->public.interface.belongs_to = private_key_belongs_to;
- this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
-
- this->key = NULL;
- this->ref = 1;
+ private_gcrypt_rsa_private_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
return this;
}
@@ -493,7 +485,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type,
DBG1(DBG_LIB, "building S-expression failed: %s", gpg_strerror(err));
return NULL;
}
- this = gcrypt_rsa_private_key_create_empty();
+ this = create_empty();
err = gcry_pk_genkey(&this->key, param);
gcry_sexp_release(param);
if (err)
@@ -552,7 +544,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type,
break;
}
- this = gcrypt_rsa_private_key_create_empty();
+ this = create_empty();
err = gcry_sexp_build(&this->key, NULL,
"(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))",
n.len, n.ptr, e.len, e.ptr, d.len, d.ptr,
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h
index 4c3605f4b..0f3d66b80 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h
@@ -34,7 +34,7 @@ struct gcrypt_rsa_private_key_t {
/**
* Implements private_key_t interface
*/
- private_key_t interface;
+ private_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
index 80a91b976..f8645da97 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
@@ -159,19 +159,15 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this,
return TRUE;
}
-/**
- * Implementation of public_key_t.get_type.
- */
-static key_type_t get_type(private_gcrypt_rsa_public_key_t *this)
+METHOD(public_key_t, get_type, key_type_t,
+ private_gcrypt_rsa_public_key_t *this)
{
return KEY_RSA;
}
-/**
- * Implementation of public_key_t.verify.
- */
-static bool verify(private_gcrypt_rsa_public_key_t *this,
- signature_scheme_t scheme, chunk_t data, chunk_t signature)
+METHOD(public_key_t, verify, bool,
+ private_gcrypt_rsa_public_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t signature)
{
switch (scheme)
{
@@ -196,15 +192,19 @@ static bool verify(private_gcrypt_rsa_public_key_t *this,
}
}
-/**
- * Implementation of public_key_t.encrypt.
- */
-static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain,
- chunk_t *encrypted)
+METHOD(public_key_t, encrypt_, bool,
+ private_gcrypt_rsa_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t plain, chunk_t *encrypted)
{
gcry_sexp_t in, out;
gcry_error_t err;
+ if (scheme != ENCRYPT_RSA_PKCS1)
+ {
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
/* "pkcs1" uses PKCS 1.5 (section 8.1) block type 2 encryption:
* 00 | 02 | RANDOM | 00 | DATA */
err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(value %b))",
@@ -228,19 +228,15 @@ static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain,
return !!encrypted->len;
}
-/**
- * Implementation of public_key_t.get_keysize.
- */
-static size_t get_keysize(private_gcrypt_rsa_public_key_t *this)
+METHOD(public_key_t, get_keysize, int,
+ private_gcrypt_rsa_public_key_t *this)
{
- return gcry_pk_get_nbits(this->key) / 8;
+ return gcry_pk_get_nbits(this->key);
}
-/**
- * Implementation of private_key_t.get_encoding
- */
-static bool get_encoding(private_gcrypt_rsa_public_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(public_key_t, get_encoding, bool,
+ private_gcrypt_rsa_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
chunk_t n, e;
bool success;
@@ -256,11 +252,9 @@ static bool get_encoding(private_gcrypt_rsa_public_key_t *this,
return success;
}
-/**
- * Implementation of private_key_t.get_fingerprint
- */
-static bool get_fingerprint(private_gcrypt_rsa_public_key_t *this,
- cred_encoding_type_t type, chunk_t *fp)
+METHOD(public_key_t, get_fingerprint, bool,
+ private_gcrypt_rsa_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *fp)
{
chunk_t n, e;
bool success;
@@ -280,19 +274,15 @@ static bool get_fingerprint(private_gcrypt_rsa_public_key_t *this,
return success;
}
-/**
- * Implementation of public_key_t.get_ref.
- */
-static public_key_t* get_ref(private_gcrypt_rsa_public_key_t *this)
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_gcrypt_rsa_public_key_t *this)
{
ref_get(&this->ref);
- return &this->public.interface;
+ return &this->public.key;
}
-/**
- * Implementation of gcrypt_rsa_public_key.destroy.
- */
-static void destroy(private_gcrypt_rsa_public_key_t *this)
+METHOD(public_key_t, destroy, void,
+ private_gcrypt_rsa_public_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -331,21 +321,23 @@ gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_load(key_type_t type,
break;
}
- this = malloc_thing(private_gcrypt_rsa_public_key_t);
-
- this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
- this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
- this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_;
- this->public.interface.equals = public_key_equals;
- this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
- this->public.interface.get_fingerprint = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(public_key_t *this))destroy;
-
- this->key = NULL;
- this->ref = 1;
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt_,
+ .equals = public_key_equals,
+ .get_keysize = _get_keysize,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
err = gcry_sexp_build(&this->key, NULL, "(public-key(rsa(n %b)(e %b)))",
n.len, n.ptr, e.len, e.ptr);
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h
index fa18c357b..ca0a284a2 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h
@@ -34,7 +34,7 @@ struct gcrypt_rsa_public_key_t {
/**
* Implements the public_key_t interface
*/
- public_key_t interface;
+ public_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index bd7100b27..b4ec1ed8d 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -196,14 +199,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -243,7 +256,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
index 4ee449890..e99502b27 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
@@ -85,10 +85,8 @@ struct private_gmp_diffie_hellman_t {
bool computed;
};
-/**
- * Implementation of gmp_diffie_hellman_t.set_other_public_value.
- */
-static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t value)
+METHOD(diffie_hellman_t, set_other_public_value, void,
+ private_gmp_diffie_hellman_t *this, chunk_t value)
{
mpz_t p_min_1;
@@ -146,10 +144,8 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v
mpz_clear(p_min_1);
}
-/**
- * Implementation of gmp_diffie_hellman_t.get_my_public_value.
- */
-static void get_my_public_value(private_gmp_diffie_hellman_t *this,chunk_t *value)
+METHOD(diffie_hellman_t, get_my_public_value, void,
+ private_gmp_diffie_hellman_t *this,chunk_t *value)
{
value->len = this->p_len;
value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->ya);
@@ -159,10 +155,8 @@ static void get_my_public_value(private_gmp_diffie_hellman_t *this,chunk_t *valu
}
}
-/**
- * Implementation of gmp_diffie_hellman_t.get_shared_secret.
- */
-static status_t get_shared_secret(private_gmp_diffie_hellman_t *this, chunk_t *secret)
+METHOD(diffie_hellman_t, get_shared_secret, status_t,
+ private_gmp_diffie_hellman_t *this, chunk_t *secret)
{
if (!this->computed)
{
@@ -177,18 +171,14 @@ static status_t get_shared_secret(private_gmp_diffie_hellman_t *this, chunk_t *s
return SUCCESS;
}
-/**
- * Implementation of gmp_diffie_hellman_t.get_dh_group.
- */
-static diffie_hellman_group_t get_dh_group(private_gmp_diffie_hellman_t *this)
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_gmp_diffie_hellman_t *this)
{
return this->group;
}
-/**
- * Implementation of gmp_diffie_hellman_t.destroy.
- */
-static void destroy(private_gmp_diffie_hellman_t *this)
+METHOD(diffie_hellman_t, destroy, void,
+ private_gmp_diffie_hellman_t *this)
{
mpz_clear(this->p);
mpz_clear(this->xa);
@@ -199,44 +189,38 @@ static void destroy(private_gmp_diffie_hellman_t *this)
free(this);
}
-/*
- * Described in header.
+/**
+ * Generic internal constructor
*/
-gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
+static gmp_diffie_hellman_t *create_generic(diffie_hellman_group_t group,
+ size_t exp_len, chunk_t g, chunk_t p)
{
private_gmp_diffie_hellman_t *this;
- diffie_hellman_params_t *params;
- rng_t *rng;
chunk_t random;
+ rng_t *rng;
- params = diffie_hellman_get_params(group);
- if (!params)
- {
- return NULL;
- }
-
- this = malloc_thing(private_gmp_diffie_hellman_t);
-
- /* public functions */
- this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
- this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
- this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
- this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
- this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ .group = group,
+ .p_len = p.len,
+ );
- /* private variables */
- this->group = group;
mpz_init(this->p);
mpz_init(this->yb);
mpz_init(this->ya);
mpz_init(this->xa);
mpz_init(this->zz);
mpz_init(this->g);
-
- this->computed = FALSE;
- this->p_len = params->prime.len;
- mpz_import(this->p, params->prime.len, 1, 1, 1, 0, params->prime.ptr);
- mpz_import(this->g, params->generator.len, 1, 1, 1, 0, params->generator.ptr);
+ mpz_import(this->g, g.len, 1, 1, 1, 0, g.ptr);
+ mpz_import(this->p, p.len, 1, 1, 1, 0, p.ptr);
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (!rng)
@@ -247,10 +231,10 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
return NULL;
}
- rng->allocate_bytes(rng, params->exp_len, &random);
+ rng->allocate_bytes(rng, exp_len, &random);
rng->destroy(rng);
- if (params->exp_len == this->p_len)
+ if (exp_len == this->p_len)
{
/* achieve bitsof(p)-1 by setting MSB to 0 */
*random.ptr &= 0x7F;
@@ -265,3 +249,29 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
return &this->public;
}
+/*
+ * Described in header.
+ */
+gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
+{
+ diffie_hellman_params_t *params;
+
+ params = diffie_hellman_get_params(group);
+ if (!params)
+ {
+ return NULL;
+ }
+ return create_generic(group, params->exp_len,
+ params->generator, params->prime);
+}
+
+
+gmp_diffie_hellman_t *gmp_diffie_hellman_create_custom(
+ diffie_hellman_group_t group, chunk_t g, chunk_t p)
+{
+ if (group == MODP_CUSTOM)
+ {
+ return create_generic(MODP_CUSTOM, p.len, g, p);
+ }
+ return NULL;
+}
diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
index 2a54eebb1..6d73c0863 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
@@ -45,5 +45,16 @@ struct gmp_diffie_hellman_t {
*/
gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group);
+/**
+ * Creates a new gmp_diffie_hellman_t object for MODP_CUSTOM.
+ *
+ * @param group MODP_CUSTOM
+ * @param g generator
+ * @param p prime
+ * @return gmp_diffie_hellman_t object, NULL if not supported
+ */
+gmp_diffie_hellman_t *gmp_diffie_hellman_create_custom(
+ diffie_hellman_group_t group, chunk_t g, chunk_t p);
+
#endif /** GMP_DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c
index fbce9732f..9b4fad3da 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.c
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c
@@ -33,13 +33,13 @@ struct private_gmp_plugin_t {
gmp_plugin_t public;
};
-/**
- * Implementation of gmp_plugin_t.gmptroy
- */
-static void destroy(private_gmp_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_gmp_plugin_t *this)
{
lib->crypto->remove_dh(lib->crypto,
(dh_constructor_t)gmp_diffie_hellman_create);
+ lib->crypto->remove_dh(lib->crypto,
+ (dh_constructor_t)gmp_diffie_hellman_create_custom);
lib->creds->remove_builder(lib->creds,
(builder_function_t)gmp_rsa_private_key_gen);
lib->creds->remove_builder(lib->creds,
@@ -54,9 +54,15 @@ static void destroy(private_gmp_plugin_t *this)
*/
plugin_t *gmp_plugin_create()
{
- private_gmp_plugin_t *this = malloc_thing(private_gmp_plugin_t);
+ private_gmp_plugin_t *this;
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
@@ -81,11 +87,14 @@ plugin_t *gmp_plugin_create()
lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->crypto->add_dh(lib->crypto, MODP_CUSTOM,
+ (dh_constructor_t)gmp_diffie_hellman_create_custom);
+
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
(builder_function_t)gmp_rsa_private_key_gen);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE,
(builder_function_t)gmp_rsa_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE,
(builder_function_t)gmp_rsa_public_key_load);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index cc9985320..1b6c20817 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -209,7 +209,7 @@ static chunk_t rsasp1(private_gmp_rsa_private_key_t *this, chunk_t data)
}
/**
- * Implementation of gmp_rsa_private_key_t.build_emsa_pkcs1_signature.
+ * Build a signature using the PKCS#1 EMSA scheme
*/
static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
hash_algorithm_t hash_algorithm,
@@ -250,7 +250,7 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
{
free(digestInfo.ptr);
DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len,
- this->k * 8);
+ mpz_sizeinbase(this->n, 2));
return FALSE;
}
@@ -280,19 +280,15 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
return TRUE;
}
-/**
- * Implementation of gmp_rsa_private_key.get_type.
- */
-static key_type_t get_type(private_gmp_rsa_private_key_t *this)
+METHOD(private_key_t, get_type, key_type_t,
+ private_gmp_rsa_private_key_t *this)
{
return KEY_RSA;
}
-/**
- * Implementation of gmp_rsa_private_key.sign.
- */
-static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+METHOD(private_key_t, sign, bool,
+ private_gmp_rsa_private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *signature)
{
switch (scheme)
{
@@ -317,15 +313,19 @@ static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme,
}
}
-/**
- * Implementation of gmp_rsa_private_key.decrypt.
- */
-static bool decrypt(private_gmp_rsa_private_key_t *this, chunk_t crypto,
- chunk_t *plain)
+METHOD(private_key_t, decrypt, bool,
+ private_gmp_rsa_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
{
chunk_t em, stripped;
bool success = FALSE;
+ if (scheme != ENCRYPT_RSA_PKCS1)
+ {
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
/* rsa decryption using PKCS#1 RSADP */
stripped = em = rsadp(this, crypto);
@@ -356,18 +356,14 @@ end:
return success;
}
-/**
- * Implementation of gmp_rsa_private_key.get_keysize.
- */
-static size_t get_keysize(private_gmp_rsa_private_key_t *this)
+METHOD(private_key_t, get_keysize, int,
+ private_gmp_rsa_private_key_t *this)
{
- return this->k;
+ return mpz_sizeinbase(this->n, 2);
}
-/**
- * Implementation of gmp_rsa_private_key.get_public_key.
- */
-static public_key_t* get_public_key(private_gmp_rsa_private_key_t *this)
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_gmp_rsa_private_key_t *this)
{
chunk_t n, e;
public_key_t *public;
@@ -383,27 +379,9 @@ static public_key_t* get_public_key(private_gmp_rsa_private_key_t *this)
return public;
}
-/**
- * Implementation of gmp_rsa_private_key.equals.
- */
-static bool equals(private_gmp_rsa_private_key_t *this, private_key_t *other)
-{
- return private_key_equals(&this->public.interface, other);
-}
-
-/**
- * Implementation of gmp_rsa_private_key.belongs_to.
- */
-static bool belongs_to(private_gmp_rsa_private_key_t *this, public_key_t *public)
-{
- return private_key_belongs_to(&this->public.interface, public);
-}
-
-/**
- * Implementation of private_key_t.get_encoding
- */
-static bool get_encoding(private_gmp_rsa_private_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(private_key_t, get_encoding, bool,
+ private_gmp_rsa_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
chunk_t n, e, d, p, q, exp1, exp2, coeff;
bool success;
@@ -435,11 +413,8 @@ static bool get_encoding(private_gmp_rsa_private_key_t *this,
return success;
}
-/**
- * Implementation of private_key_t.get_fingerprint
- */
-static bool get_fingerprint(private_gmp_rsa_private_key_t *this,
- cred_encoding_type_t type, chunk_t *fp)
+METHOD(private_key_t, get_fingerprint, bool,
+ private_gmp_rsa_private_key_t *this, cred_encoding_type_t type, chunk_t *fp)
{
chunk_t n, e;
bool success;
@@ -459,19 +434,15 @@ static bool get_fingerprint(private_gmp_rsa_private_key_t *this,
return success;
}
-/**
- * Implementation of gmp_rsa_private_key.get_ref.
- */
-static private_gmp_rsa_private_key_t* get_ref(private_gmp_rsa_private_key_t *this)
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_gmp_rsa_private_key_t *this)
{
ref_get(&this->ref);
- return this;
+ return &this->public.key;
}
-/**
- * Implementation of gmp_rsa_private_key.destroy.
- */
-static void destroy(private_gmp_rsa_private_key_t *this)
+METHOD(private_key_t, destroy, void,
+ private_gmp_rsa_private_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -592,23 +563,27 @@ static status_t check(private_gmp_rsa_private_key_t *this)
*/
static private_gmp_rsa_private_key_t *gmp_rsa_private_key_create_empty(void)
{
- private_gmp_rsa_private_key_t *this = malloc_thing(private_gmp_rsa_private_key_t);
-
- this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type;
- this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign;
- this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt;
- this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize;
- this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key;
- this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals;
- this->public.interface.belongs_to = (bool (*) (private_key_t*, public_key_t*))belongs_to;
- this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref;
- this->public.interface.destroy = (void (*) (private_key_t*))destroy;
-
- this->ref = 1;
+ private_gmp_rsa_private_key_t *this;
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
return this;
}
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h
index db1fcf535..32e1f292c 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h
@@ -34,7 +34,7 @@ struct gmp_rsa_private_key_t {
/**
* Implements private_key_t interface
*/
- private_key_t interface;
+ private_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index c114ae80d..a7ba80138 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -273,19 +273,15 @@ end:
return success;
}
-/**
- * Implementation of public_key_t.get_type.
- */
-static key_type_t get_type(private_gmp_rsa_public_key_t *this)
+METHOD(public_key_t, get_type, key_type_t,
+ private_gmp_rsa_public_key_t *this)
{
return KEY_RSA;
}
-/**
- * Implementation of public_key_t.verify.
- */
-static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t signature)
+METHOD(public_key_t, verify, bool,
+ private_gmp_rsa_public_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t signature)
{
switch (scheme)
{
@@ -312,24 +308,21 @@ static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme
#define MIN_PS_PADDING 8
-/**
- * Implementation of public_key_t.encrypt.
- */
-static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
- chunk_t *crypto)
+METHOD(public_key_t, encrypt_, bool,
+ private_gmp_rsa_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t plain, chunk_t *crypto)
{
chunk_t em;
u_char *pos;
int padding, i;
rng_t *rng;
- rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
- if (rng == NULL)
+ if (scheme != ENCRYPT_RSA_PKCS1)
{
- DBG1(DBG_LIB, "no random generator available");
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
return FALSE;
}
-
/* number of pseudo-random padding octets */
padding = this->k - plain.len - 3;
if (padding < MIN_PS_PADDING)
@@ -338,6 +331,12 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
MIN_PS_PADDING);
return FALSE;
}
+ rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+ if (rng == NULL)
+ {
+ DBG1(DBG_LIB, "no random generator available");
+ return FALSE;
+ }
/* padding according to PKCS#1 7.2.1 (RSAES-PKCS1-v1.5-ENCRYPT) */
DBG2(DBG_LIB, "padding %u bytes of data to the rsa modulus size of"
@@ -376,27 +375,15 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
return TRUE;
}
-/**
- * Implementation of gmp_rsa_public_key.equals.
- */
-static bool equals(private_gmp_rsa_public_key_t *this, public_key_t *other)
-{
- return public_key_equals(&this->public.interface, other);
-}
-
-/**
- * Implementation of public_key_t.get_keysize.
- */
-static size_t get_keysize(private_gmp_rsa_public_key_t *this)
+METHOD(public_key_t, get_keysize, int,
+ private_gmp_rsa_public_key_t *this)
{
- return this->k;
+ return mpz_sizeinbase(this->n, 2);
}
-/**
- * Implementation of public_key_t.get_encoding
- */
-static bool get_encoding(private_gmp_rsa_public_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(public_key_t, get_encoding, bool,
+ private_gmp_rsa_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
chunk_t n, e;
bool success;
@@ -412,11 +399,8 @@ static bool get_encoding(private_gmp_rsa_public_key_t *this,
return success;
}
-/**
- * Implementation of public_key_t.get_fingerprint
- */
-static bool get_fingerprint(private_gmp_rsa_public_key_t *this,
- cred_encoding_type_t type, chunk_t *fp)
+METHOD(public_key_t, get_fingerprint, bool,
+ private_gmp_rsa_public_key_t *this, cred_encoding_type_t type, chunk_t *fp)
{
chunk_t n, e;
bool success;
@@ -436,19 +420,15 @@ static bool get_fingerprint(private_gmp_rsa_public_key_t *this,
return success;
}
-/**
- * Implementation of public_key_t.get_ref.
- */
-static private_gmp_rsa_public_key_t* get_ref(private_gmp_rsa_public_key_t *this)
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_gmp_rsa_public_key_t *this)
{
ref_get(&this->ref);
- return this;
+ return &this->public.key;
}
-/**
- * Implementation of gmp_rsa_public_key.destroy.
- */
-static void destroy(private_gmp_rsa_public_key_t *this)
+METHOD(public_key_t, destroy, void,
+ private_gmp_rsa_public_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -490,20 +470,23 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t type, va_list args)
return NULL;
}
- this = malloc_thing(private_gmp_rsa_public_key_t);
-
- this->public.interface.get_type = (key_type_t (*) (public_key_t*))get_type;
- this->public.interface.verify = (bool (*) (public_key_t*, signature_scheme_t, chunk_t, chunk_t))verify;
- this->public.interface.encrypt = (bool (*) (public_key_t*, chunk_t, chunk_t*))encrypt_;
- this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals;
- this->public.interface.get_keysize = (size_t (*) (public_key_t*))get_keysize;
- this->public.interface.get_fingerprint = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (public_key_t* (*) (public_key_t *this))get_ref;
- this->public.interface.destroy = (void (*) (public_key_t *this))destroy;
-
- this->ref = 1;
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt_,
+ .equals = public_key_equals,
+ .get_keysize = _get_keysize,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
mpz_init(this->n);
mpz_init(this->e);
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
index 807f0bb7c..14dd71e0b 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
@@ -35,7 +35,7 @@ struct gmp_rsa_public_key_t {
/**
* Implements the public_key_t interface
*/
- public_key_t interface;
+ public_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index b03ff44a6..42a7d3747 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -196,14 +199,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -243,7 +256,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c
index c1ab48899..c7b2739df 100644
--- a/src/libstrongswan/plugins/hmac/hmac.c
+++ b/src/libstrongswan/plugins/hmac/hmac.c
@@ -30,7 +30,7 @@ struct private_hmac_t {
/**
* Public hmac_t interface.
*/
- hmac_t hmac;
+ hmac_t public;
/**
* Block size, as in RFC.
@@ -53,10 +53,8 @@ struct private_hmac_t {
chunk_t ipaded_key;
};
-/**
- * Implementation of hmac_t.get_mac.
- */
-static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out)
+METHOD(hmac_t, get_mac, void,
+ private_hmac_t *this, chunk_t data, u_int8_t *out)
{
/* H(K XOR opad, H(K XOR ipad, text))
*
@@ -91,37 +89,31 @@ static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out)
}
}
-/**
- * Implementation of hmac_t.allocate_mac.
- */
-static void allocate_mac(private_hmac_t *this, chunk_t data, chunk_t *out)
+METHOD(hmac_t, allocate_mac, void,
+ private_hmac_t *this, chunk_t data, chunk_t *out)
{
/* allocate space and use get_mac */
if (out == NULL)
{
/* append mode */
- this->hmac.get_mac(&(this->hmac), data, NULL);
+ get_mac(this, data, NULL);
}
else
{
out->len = this->h->get_hash_size(this->h);
out->ptr = malloc(out->len);
- this->hmac.get_mac(&(this->hmac), data, out->ptr);
+ get_mac(this, data, out->ptr);
}
}
-/**
- * Implementation of hmac_t.get_block_size.
- */
-static size_t get_block_size(private_hmac_t *this)
+METHOD(hmac_t, get_block_size, size_t,
+ private_hmac_t *this)
{
return this->h->get_hash_size(this->h);
}
-/**
- * Implementation of hmac_t.set_key.
- */
-static void set_key(private_hmac_t *this, chunk_t key)
+METHOD(hmac_t, set_key, void,
+ private_hmac_t *this, chunk_t key)
{
int i;
u_int8_t buffer[this->b];
@@ -151,10 +143,8 @@ static void set_key(private_hmac_t *this, chunk_t key)
this->h->get_hash(this->h, this->ipaded_key, NULL);
}
-/**
- * Implementation of hmac_t.destroy.
- */
-static void destroy(private_hmac_t *this)
+METHOD(hmac_t, destroy, void,
+ private_hmac_t *this)
{
this->h->destroy(this->h);
free(this->opaded_key.ptr);
@@ -167,14 +157,17 @@ static void destroy(private_hmac_t *this)
*/
hmac_t *hmac_create(hash_algorithm_t hash_algorithm)
{
- private_hmac_t *this = malloc_thing(private_hmac_t);
-
- /* set hmac_t methods */
- this->hmac.get_mac = (void (*)(hmac_t *,chunk_t,u_int8_t*))get_mac;
- this->hmac.allocate_mac = (void (*)(hmac_t *,chunk_t,chunk_t*))allocate_mac;
- this->hmac.get_block_size = (size_t (*)(hmac_t *))get_block_size;
- this->hmac.set_key = (void (*)(hmac_t *,chunk_t))set_key;
- this->hmac.destroy = (void (*)(hmac_t *))destroy;
+ private_hmac_t *this;
+
+ INIT(this,
+ .public = {
+ .get_mac = _get_mac,
+ .allocate_mac = _allocate_mac,
+ .get_block_size = _get_block_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ );
/* set b, according to hasher */
switch (hash_algorithm)
@@ -193,7 +186,6 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm)
return NULL;
}
- /* build the hasher */
this->h = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
if (this->h == NULL)
{
@@ -208,5 +200,5 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm)
this->ipaded_key.ptr = malloc(this->b);
this->ipaded_key.len = this->b;
- return &(this->hmac);
+ return &this->public;
}
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c
index e6b9f7a74..73df4dc6c 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.c
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c
@@ -32,10 +32,8 @@ struct private_hmac_plugin_t {
hmac_plugin_t public;
};
-/**
- * Implementation of hmac_plugin_t.hmactroy
- */
-static void destroy(private_hmac_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_hmac_plugin_t *this)
{
lib->crypto->remove_prf(lib->crypto,
(prf_constructor_t)hmac_prf_create);
@@ -49,9 +47,15 @@ static void destroy(private_hmac_plugin_t *this)
*/
plugin_t *hmac_plugin_create()
{
- private_hmac_plugin_t *this = malloc_thing(private_hmac_plugin_t);
+ private_hmac_plugin_t *this;
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256,
(prf_constructor_t)hmac_prf_create);
@@ -72,12 +76,16 @@ plugin_t *hmac_plugin_create()
(signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128,
(signer_constructor_t)hmac_signer_create);
+ lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_256,
+ (signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96,
(signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128,
(signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192,
(signer_constructor_t)hmac_signer_create);
+ lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_384,
+ (signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256,
(signer_constructor_t)hmac_signer_create);
diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.c b/src/libstrongswan/plugins/hmac/hmac_prf.c
index cca6e9570..ca10612f9 100644
--- a/src/libstrongswan/plugins/hmac/hmac_prf.c
+++ b/src/libstrongswan/plugins/hmac/hmac_prf.c
@@ -36,51 +36,39 @@ struct private_hmac_prf_t {
hmac_t *hmac;
};
-/**
- * Implementation of prf_t.get_bytes.
- */
-static void get_bytes(private_hmac_prf_t *this, chunk_t seed, u_int8_t *buffer)
+METHOD(prf_t, get_bytes, void,
+ private_hmac_prf_t *this, chunk_t seed, u_int8_t *buffer)
{
this->hmac->get_mac(this->hmac, seed, buffer);
}
-/**
- * Implementation of prf_t.allocate_bytes.
- */
-static void allocate_bytes(private_hmac_prf_t *this, chunk_t seed, chunk_t *chunk)
+METHOD(prf_t, allocate_bytes, void,
+ private_hmac_prf_t *this, chunk_t seed, chunk_t *chunk)
{
this->hmac->allocate_mac(this->hmac, seed, chunk);
}
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_block_size(private_hmac_prf_t *this)
+METHOD(prf_t, get_block_size, size_t,
+ private_hmac_prf_t *this)
{
return this->hmac->get_block_size(this->hmac);
}
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_key_size(private_hmac_prf_t *this)
+METHOD(prf_t, get_key_size, size_t,
+ private_hmac_prf_t *this)
{
/* for HMAC prfs, IKEv2 uses block size as key size */
return this->hmac->get_block_size(this->hmac);
}
-/**
- * Implementation of prf_t.set_key.
- */
-static void set_key(private_hmac_prf_t *this, chunk_t key)
+METHOD(prf_t, set_key, void,
+ private_hmac_prf_t *this, chunk_t key)
{
this->hmac->set_key(this->hmac, key);
}
-/**
- * Implementation of prf_t.destroy.
- */
-static void destroy(private_hmac_prf_t *this)
+METHOD(prf_t, destroy, void,
+ private_hmac_prf_t *this)
{
this->hmac->destroy(this->hmac);
free(this);
@@ -92,44 +80,47 @@ static void destroy(private_hmac_prf_t *this)
hmac_prf_t *hmac_prf_create(pseudo_random_function_t algo)
{
private_hmac_prf_t *this;
- hash_algorithm_t hash;
+ hmac_t *hmac;
switch (algo)
{
case PRF_HMAC_SHA1:
- hash = HASH_SHA1;
+ hmac = hmac_create(HASH_SHA1);
break;
case PRF_HMAC_MD5:
- hash = HASH_MD5;
+ hmac = hmac_create(HASH_MD5);
break;
case PRF_HMAC_SHA2_256:
- hash = HASH_SHA256;
+ hmac = hmac_create(HASH_SHA256);
break;
case PRF_HMAC_SHA2_384:
- hash = HASH_SHA384;
+ hmac = hmac_create(HASH_SHA384);
break;
case PRF_HMAC_SHA2_512:
- hash = HASH_SHA512;
+ hmac = hmac_create(HASH_SHA512);
break;
default:
return NULL;
}
-
- this = malloc_thing(private_hmac_prf_t);
- this->hmac = hmac_create(hash);
- if (this->hmac == NULL)
+ if (hmac == NULL)
{
- free(this);
return NULL;
}
- this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes;
- this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes;
- this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size;
- this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size;
- this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key;
- this->public.prf_interface.destroy = (void (*) (prf_t *))destroy;
-
- return &(this->public);
+ INIT(this,
+ .public = {
+ .prf = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .get_block_size = _get_block_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .hmac = hmac,
+ );
+
+ return &this->public;
}
diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.h b/src/libstrongswan/plugins/hmac/hmac_prf.h
index 975b456f5..29d7269ae 100644
--- a/src/libstrongswan/plugins/hmac/hmac_prf.h
+++ b/src/libstrongswan/plugins/hmac/hmac_prf.h
@@ -35,9 +35,9 @@ typedef struct hmac_prf_t hmac_prf_t;
struct hmac_prf_t {
/**
- * Generic prf_t interface for this hmac_prf_t class.
+ * Implements prf_t interface.
*/
- prf_t prf_interface;
+ prf_t prf;
};
/**
diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.c b/src/libstrongswan/plugins/hmac/hmac_signer.c
index f82a8f3a1..511a3e3a5 100644
--- a/src/libstrongswan/plugins/hmac/hmac_signer.c
+++ b/src/libstrongswan/plugins/hmac/hmac_signer.c
@@ -41,11 +41,8 @@ struct private_hmac_signer_t {
size_t block_size;
};
-/**
- * Implementation of signer_t.get_signature.
- */
-static void get_signature(private_hmac_signer_t *this,
- chunk_t data, u_int8_t *buffer)
+METHOD(signer_t, get_signature, void,
+ private_hmac_signer_t *this, chunk_t data, u_int8_t *buffer)
{
if (buffer == NULL)
{ /* append mode */
@@ -60,11 +57,8 @@ static void get_signature(private_hmac_signer_t *this,
}
}
-/**
- * Implementation of signer_t.allocate_signature.
- */
-static void allocate_signature (private_hmac_signer_t *this,
- chunk_t data, chunk_t *chunk)
+METHOD(signer_t, allocate_signature, void,
+ private_hmac_signer_t *this, chunk_t data, chunk_t *chunk)
{
if (chunk == NULL)
{ /* append mode */
@@ -83,11 +77,8 @@ static void allocate_signature (private_hmac_signer_t *this,
}
}
-/**
- * Implementation of signer_t.verify_signature.
- */
-static bool verify_signature(private_hmac_signer_t *this,
- chunk_t data, chunk_t signature)
+METHOD(signer_t, verify_signature, bool,
+ private_hmac_signer_t *this, chunk_t data, chunk_t signature)
{
u_int8_t mac[this->hmac->get_block_size(this->hmac)];
@@ -100,38 +91,29 @@ static bool verify_signature(private_hmac_signer_t *this,
return memeq(signature.ptr, mac, this->block_size);
}
-/**
- * Implementation of signer_t.get_key_size.
- */
-static size_t get_key_size(private_hmac_signer_t *this)
+METHOD(signer_t, get_key_size, size_t,
+ private_hmac_signer_t *this)
{
return this->hmac->get_block_size(this->hmac);
}
-/**
- * Implementation of signer_t.get_block_size.
- */
-static size_t get_block_size(private_hmac_signer_t *this)
+METHOD(signer_t, get_block_size, size_t,
+ private_hmac_signer_t *this)
{
return this->block_size;
}
-/**
- * Implementation of signer_t.set_key.
- */
-static void set_key(private_hmac_signer_t *this, chunk_t key)
+METHOD(signer_t, set_key, void,
+ private_hmac_signer_t *this, chunk_t key)
{
this->hmac->set_key(this->hmac, key);
}
-/**
- * Implementation of signer_t.destroy.
- */
-static status_t destroy(private_hmac_signer_t *this)
+METHOD(signer_t, destroy, void,
+ private_hmac_signer_t *this)
{
this->hmac->destroy(this->hmac);
free(this);
- return SUCCESS;
}
/*
@@ -140,66 +122,76 @@ static status_t destroy(private_hmac_signer_t *this)
hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo)
{
private_hmac_signer_t *this;
+ hmac_t *hmac;
size_t trunc;
- hash_algorithm_t hash;
switch (algo)
{
case AUTH_HMAC_SHA1_96:
- hash = HASH_SHA1;
+ hmac = hmac_create(HASH_SHA1);
trunc = 12;
break;
case AUTH_HMAC_SHA1_128:
- hash = HASH_SHA1;
+ hmac = hmac_create(HASH_SHA1);
trunc = 16;
break;
case AUTH_HMAC_SHA1_160:
- hash = HASH_SHA1;
+ hmac = hmac_create(HASH_SHA1);
trunc = 20;
break;
case AUTH_HMAC_MD5_96:
- hash = HASH_MD5;
+ hmac = hmac_create(HASH_MD5);
trunc = 12;
break;
case AUTH_HMAC_MD5_128:
- hash = HASH_MD5;
+ hmac = hmac_create(HASH_MD5);
trunc = 16;
break;
case AUTH_HMAC_SHA2_256_128:
- hash = HASH_SHA256;
+ hmac = hmac_create(HASH_SHA256);
trunc = 16;
break;
case AUTH_HMAC_SHA2_384_192:
- hash = HASH_SHA384;
+ hmac = hmac_create(HASH_SHA384);
trunc = 24;
break;
case AUTH_HMAC_SHA2_512_256:
- hash = HASH_SHA512;
+ hmac = hmac_create(HASH_SHA512);
trunc = 32;
break;
+ case AUTH_HMAC_SHA2_256_256:
+ hmac = hmac_create(HASH_SHA256);
+ trunc = 32;
+ break;
+ case AUTH_HMAC_SHA2_384_384:
+ hmac = hmac_create(HASH_SHA384);
+ trunc = 48;
+ break;
default:
return NULL;
}
- this = malloc_thing(private_hmac_signer_t);
- this->hmac = hmac_create(hash);
- if (this->hmac == NULL)
+ if (hmac == NULL)
{
- free(this);
return NULL;
}
- /* prevent invalid truncation */
- this->block_size = min(trunc, this->hmac->get_block_size(this->hmac));
-
- /* interface functions */
- this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature;
- this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature;
- this->public.signer_interface.verify_signature = (bool (*) (signer_t*, chunk_t, chunk_t))verify_signature;
- this->public.signer_interface.get_key_size = (size_t (*) (signer_t*))get_key_size;
- this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size;
- this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key;
- this->public.signer_interface.destroy = (void (*) (signer_t*))destroy;
-
- return &(this->public);
+
+ INIT(this,
+ .public = {
+ .signer = {
+ .get_signature = _get_signature,
+ .allocate_signature = _allocate_signature,
+ .verify_signature = _verify_signature,
+ .get_key_size = _get_key_size,
+ .get_block_size = _get_block_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .block_size = min(trunc, hmac->get_block_size(hmac)),
+ .hmac = hmac,
+ );
+
+ return &this->public;
}
diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.h b/src/libstrongswan/plugins/hmac/hmac_signer.h
index 0de93440c..5e798683b 100644
--- a/src/libstrongswan/plugins/hmac/hmac_signer.h
+++ b/src/libstrongswan/plugins/hmac/hmac_signer.h
@@ -34,9 +34,9 @@ typedef struct hmac_signer_t hmac_signer_t;
struct hmac_signer_t {
/**
- * generic signer_t interface for this signer
+ * Implements signer_t interface.
*/
- signer_t signer_interface;
+ signer_t signer;
};
/**
@@ -44,8 +44,7 @@ struct hmac_signer_t {
*
* HMAC signatures are often truncated to shorten them to a more usable, but
* still secure enough length.
- * Block size must be equal or smaller then the hash algorithms
- * hash.
+ * Block size must be equal or smaller then the hash algorithms hash.
*
* @param algo algorithm to implement
* @return hmac_signer_t, NULL if not supported
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index b96fd5abf..65a135e76 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -195,14 +198,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -242,7 +255,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 874ee07a2..a78dad97c 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -195,14 +198,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -242,7 +255,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index cc32bca88..6de400e8e 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -195,14 +198,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -242,7 +255,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index 83c1188b6..7d4d42c14 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -197,14 +200,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -244,7 +257,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index de9df7271..a32418b16 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -171,6 +172,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -202,14 +205,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -224,24 +230,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -249,7 +262,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 5645d72d7..b9d97a901 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -416,10 +416,19 @@ static bool parse_authKeyIdentifier_ext(private_openssl_crl_t *this,
static bool parse_crlNumber_ext(private_openssl_crl_t *this,
X509_EXTENSION *ext)
{
- free(this->serial.ptr);
- this->serial = chunk_clone(
- openssl_asn1_str2chunk(X509_EXTENSION_get_data(ext)));
- return this->serial.len != 0;
+ chunk_t chunk;
+
+ chunk = openssl_asn1_str2chunk(X509_EXTENSION_get_data(ext));
+ /* quick and dirty INTEGER unwrap */
+ if (chunk.len > 1 && chunk.ptr[0] == V_ASN1_INTEGER &&
+ chunk.ptr[1] == chunk.len - 2)
+ {
+ chunk = chunk_skip(chunk, 2);
+ free(this->serial.ptr);
+ this->serial = chunk_clone(chunk);
+ return TRUE;
+ }
+ return FALSE;
}
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c
index a8923ab56..2ed07ff0c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c
@@ -41,85 +41,57 @@ struct private_openssl_crypter_t {
};
/**
- * Mapping from the algorithms defined in IKEv2 to
- * OpenSSL algorithm names and their key length
- */
-typedef struct {
- /**
- * Identifier specified in IKEv2
- */
- int ikev2_id;
-
- /**
- * Name of the algorithm, as used in OpenSSL
- */
- char *name;
-
- /**
- * Minimum valid key length in bytes
- */
- size_t key_size_min;
-
- /**
- * Maximum valid key length in bytes
- */
- size_t key_size_max;
-} openssl_algorithm_t;
-
-#define END_OF_LIST -1
-
-/**
- * Algorithms for encryption
- */
-static openssl_algorithm_t encryption_algs[] = {
-/* {ENCR_DES_IV64, "***", 0, 0}, */
- {ENCR_DES, "des", 8, 8}, /* 64 bits */
- {ENCR_3DES, "des3", 24, 24}, /* 192 bits */
- {ENCR_RC5, "rc5", 5, 255}, /* 40 to 2040 bits, RFC 2451 */
- {ENCR_IDEA, "idea", 16, 16}, /* 128 bits, RFC 2451 */
- {ENCR_CAST, "cast", 5, 16}, /* 40 to 128 bits, RFC 2451 */
- {ENCR_BLOWFISH, "blowfish", 5, 56}, /* 40 to 448 bits, RFC 2451 */
-/* {ENCR_3IDEA, "***", 0, 0}, */
-/* {ENCR_DES_IV32, "***", 0, 0}, */
-/* {ENCR_NULL, "***", 0, 0}, */ /* handled separately */
-/* {ENCR_AES_CBC, "***", 0, 0}, */ /* handled separately */
-/* {ENCR_CAMELLIA_CBC, "***", 0, 0}, */ /* handled separately */
-/* {ENCR_AES_CTR, "***", 0, 0}, */ /* disabled in evp.h */
- {END_OF_LIST, NULL, 0, 0},
-};
-
-/**
* Look up an OpenSSL algorithm name and validate its key size
*/
-static char* lookup_algorithm(openssl_algorithm_t *openssl_algo,
- u_int16_t ikev2_algo, size_t *key_size)
+static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size)
{
- while (openssl_algo->ikev2_id != END_OF_LIST)
+ struct {
+ /* identifier specified in IKEv2 */
+ int ikev2_id;
+ /* name of the algorithm, as used in OpenSSL */
+ char *name;
+ /* default key size in bytes */
+ size_t key_def;
+ /* minimum key size */
+ size_t key_min;
+ /* maximum key size */
+ size_t key_max;
+ } mappings[] = {
+ {ENCR_DES, "des", 8, 8, 8},
+ {ENCR_3DES, "des3", 24, 24, 24},
+ {ENCR_RC5, "rc5", 16, 5, 255},
+ {ENCR_IDEA, "idea", 16, 16, 16},
+ {ENCR_CAST, "cast", 16, 5, 16},
+ {ENCR_BLOWFISH, "blowfish", 16, 5, 56},
+ };
+ int i;
+
+ for (i = 0; i < countof(mappings); i++)
{
- if (ikev2_algo == openssl_algo->ikev2_id)
+ if (ikev2_algo == mappings[i].ikev2_id)
{
/* set the key size if it is not set */
- if (*key_size == 0 &&
- (openssl_algo->key_size_min == openssl_algo->key_size_max))
+ if (*key_size == 0)
{
- *key_size = openssl_algo->key_size_min;
+ *key_size = mappings[i].key_def;
}
-
/* validate key size */
- if (*key_size < openssl_algo->key_size_min ||
- *key_size > openssl_algo->key_size_max)
+ if (*key_size < mappings[i].key_min ||
+ *key_size > mappings[i].key_max)
{
return NULL;
}
- return openssl_algo->name;
+ return mappings[i].name;
}
- openssl_algo++;
}
return NULL;
}
-static void crypt(private_openssl_crypter_t *this, chunk_t data,
- chunk_t iv, chunk_t *dst, int enc)
+/**
+ * Do the actual en/decryption in an EVP context
+ */
+static void crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv,
+ chunk_t *dst, int enc)
{
int len;
u_char *out;
@@ -141,53 +113,44 @@ static void crypt(private_openssl_crypter_t *this, chunk_t data,
EVP_CIPHER_CTX_cleanup(&ctx);
}
-/**
- * Implementation of crypter_t.decrypt.
- */
-static void decrypt(private_openssl_crypter_t *this, chunk_t data,
- chunk_t iv, chunk_t *dst)
+METHOD(crypter_t, decrypt, void,
+ private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
crypt(this, data, iv, dst, 0);
}
-
-/**
- * Implementation of crypter_t.encrypt.
- */
-static void encrypt (private_openssl_crypter_t *this, chunk_t data,
- chunk_t iv, chunk_t *dst)
+METHOD(crypter_t, encrypt, void,
+ private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
crypt(this, data, iv, dst, 1);
}
-/**
- * Implementation of crypter_t.get_block_size.
- */
-static size_t get_block_size(private_openssl_crypter_t *this)
+METHOD(crypter_t, get_block_size, size_t,
+ private_openssl_crypter_t *this)
{
return this->cipher->block_size;
}
-/**
- * Implementation of crypter_t.get_key_size.
- */
-static size_t get_key_size(private_openssl_crypter_t *this)
+METHOD(crypter_t, get_iv_size, size_t,
+ private_openssl_crypter_t *this)
+{
+ return this->cipher->block_size;
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_openssl_crypter_t *this)
{
return this->key.len;
}
-/**
- * Implementation of crypter_t.set_key.
- */
-static void set_key(private_openssl_crypter_t *this, chunk_t key)
+METHOD(crypter_t, set_key, void,
+ private_openssl_crypter_t *this, chunk_t key)
{
memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len));
}
-/**
- * Implementation of crypter_t.destroy.
- */
-static void destroy (private_openssl_crypter_t *this)
+METHOD(crypter_t, destroy, void,
+ private_openssl_crypter_t *this)
{
free(this->key.ptr);
free(this);
@@ -201,16 +164,32 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
{
private_openssl_crypter_t *this;
- this = malloc_thing(private_openssl_crypter_t);
+ INIT(this,
+ .public = {
+ .crypter = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ );
switch (algo)
{
case ENCR_NULL:
this->cipher = EVP_enc_null();
+ key_size = 0;
break;
case ENCR_AES_CBC:
switch (key_size)
{
+ case 0:
+ key_size = 16;
+ /* FALL */
case 16: /* AES 128 */
this->cipher = EVP_get_cipherbyname("aes128");
break;
@@ -228,6 +207,9 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
case ENCR_CAMELLIA_CBC:
switch (key_size)
{
+ case 0:
+ key_size = 16;
+ /* FALL */
case 16: /* CAMELLIA 128 */
this->cipher = EVP_get_cipherbyname("camellia128");
break;
@@ -243,11 +225,14 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
}
break;
case ENCR_DES_ECB:
+ key_size = 8;
this->cipher = EVP_des_ecb();
break;
default:
{
- char* name = lookup_algorithm(encryption_algs, algo, &key_size);
+ char* name;
+
+ name = lookup_algorithm(algo, &key_size);
if (!name)
{
/* algo unavailable or key_size invalid */
@@ -268,12 +253,5 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
this->key = chunk_alloc(key_size);
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
- this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
- this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
- this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
-
return &this->public;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.h b/src/libstrongswan/plugins/openssl/openssl_crypter.h
index 7e30ae03c..b12e7a6ab 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.h
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.h
@@ -31,9 +31,9 @@ typedef struct openssl_crypter_t openssl_crypter_t;
struct openssl_crypter_t {
/**
- * The crypter_t interface.
+ * Implements crypter_t interface.
*/
- crypter_t crypter_interface;
+ crypter_t crypter;
};
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index 9a032c54f..b27aa3391 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -57,11 +57,8 @@ struct private_openssl_diffie_hellman_t {
bool computed;
};
-/**
- * Implementation of openssl_diffie_hellman_t.get_my_public_value.
- */
-static void get_my_public_value(private_openssl_diffie_hellman_t *this,
- chunk_t *value)
+METHOD(diffie_hellman_t, get_my_public_value, void,
+ private_openssl_diffie_hellman_t *this, chunk_t *value)
{
*value = chunk_alloc(DH_size(this->dh));
memset(value->ptr, 0, value->len);
@@ -69,11 +66,8 @@ static void get_my_public_value(private_openssl_diffie_hellman_t *this,
value->ptr + value->len - BN_num_bytes(this->dh->pub_key));
}
-/**
- * Implementation of openssl_diffie_hellman_t.get_shared_secret.
- */
-static status_t get_shared_secret(private_openssl_diffie_hellman_t *this,
- chunk_t *secret)
+METHOD(diffie_hellman_t, get_shared_secret, status_t,
+ private_openssl_diffie_hellman_t *this, chunk_t *secret)
{
if (!this->computed)
{
@@ -88,11 +82,8 @@ static status_t get_shared_secret(private_openssl_diffie_hellman_t *this,
}
-/**
- * Implementation of openssl_diffie_hellman_t.set_other_public_value.
- */
-static void set_other_public_value(private_openssl_diffie_hellman_t *this,
- chunk_t value)
+METHOD(diffie_hellman_t, set_other_public_value, void,
+ private_openssl_diffie_hellman_t *this, chunk_t value)
{
int len;
@@ -110,10 +101,8 @@ static void set_other_public_value(private_openssl_diffie_hellman_t *this,
this->computed = TRUE;
}
-/**
- * Implementation of openssl_diffie_hellman_t.get_dh_group.
- */
-static diffie_hellman_group_t get_dh_group(private_openssl_diffie_hellman_t *this)
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_openssl_diffie_hellman_t *this)
{
return this->group;
}
@@ -137,10 +126,8 @@ static status_t set_modulus(private_openssl_diffie_hellman_t *this)
return SUCCESS;
}
-/**
- * Implementation of openssl_diffie_hellman_t.destroy.
- */
-static void destroy(private_openssl_diffie_hellman_t *this)
+METHOD(diffie_hellman_t, destroy, void,
+ private_openssl_diffie_hellman_t *this)
{
BN_clear_free(this->pub_key);
DH_free(this->dh);
@@ -151,15 +138,22 @@ static void destroy(private_openssl_diffie_hellman_t *this)
/*
* Described in header.
*/
-openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group)
+openssl_diffie_hellman_t *openssl_diffie_hellman_create(
+ diffie_hellman_group_t group, chunk_t g, chunk_t p)
{
- private_openssl_diffie_hellman_t *this = malloc_thing(private_openssl_diffie_hellman_t);
-
- this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
- this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
- this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
- this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
- this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
+ private_openssl_diffie_hellman_t *this;
+
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ );
this->dh = DH_new();
if (!this->dh)
@@ -173,11 +167,19 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t g
this->pub_key = BN_new();
this->shared_secret = chunk_empty;
- /* find a modulus according to group */
- if (set_modulus(this) != SUCCESS)
+ if (group == MODP_CUSTOM)
{
- destroy(this);
- return NULL;
+ this->dh->p = BN_bin2bn(p.ptr, p.len, NULL);
+ this->dh->g = BN_bin2bn(g.ptr, g.len, NULL);
+ }
+ else
+ {
+ /* find a modulus according to group */
+ if (set_modulus(this) != SUCCESS)
+ {
+ destroy(this);
+ return NULL;
+ }
}
/* generate my public and private values */
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
index 6c4b4fe81..53dc59c78 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
@@ -40,9 +40,12 @@ struct openssl_diffie_hellman_t {
* Creates a new openssl_diffie_hellman_t object.
*
* @param group Diffie Hellman group number to use
+ * @param g custom generator, if MODP_CUSTOM
+ * @param p custom prime, if MODP_CUSTOM
* @return openssl_diffie_hellman_t object, NULL if not supported
*/
-openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group);
+openssl_diffie_hellman_t *openssl_diffie_hellman_create(
+ diffie_hellman_group_t group, chunk_t g, chunk_t p);
#endif /** OPENSSL_DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index a53e8aea0..32fc2bccd 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -165,7 +165,8 @@ error:
* of the Diffie-Hellman shared secret value is the same as that of the
* Diffie-Hellman public value."
*/
-static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this, chunk_t *shared_secret)
+static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this,
+ chunk_t *shared_secret)
{
const BIGNUM *priv_key;
EC_POINT *secret = NULL;
@@ -209,10 +210,8 @@ error:
return ret;
}
-/**
- * Implementation of openssl_ec_diffie_hellman_t.set_other_public_value.
- */
-static void set_other_public_value(private_openssl_ec_diffie_hellman_t *this, chunk_t value)
+METHOD(diffie_hellman_t, set_other_public_value, void,
+ private_openssl_ec_diffie_hellman_t *this, chunk_t value)
{
if (!chunk2ecp(this->ec_group, value, this->pub_key))
{
@@ -230,18 +229,14 @@ static void set_other_public_value(private_openssl_ec_diffie_hellman_t *this, ch
this->computed = TRUE;
}
-/**
- * Implementation of openssl_ec_diffie_hellman_t.get_my_public_value.
- */
-static void get_my_public_value(private_openssl_ec_diffie_hellman_t *this,chunk_t *value)
+METHOD(diffie_hellman_t, get_my_public_value, void,
+ private_openssl_ec_diffie_hellman_t *this,chunk_t *value)
{
ecp2chunk(this->ec_group, EC_KEY_get0_public_key(this->key), value, FALSE);
}
-/**
- * Implementation of openssl_ec_diffie_hellman_t.get_shared_secret.
- */
-static status_t get_shared_secret(private_openssl_ec_diffie_hellman_t *this, chunk_t *secret)
+METHOD(diffie_hellman_t, get_shared_secret, status_t,
+ private_openssl_ec_diffie_hellman_t *this, chunk_t *secret)
{
if (!this->computed)
{
@@ -251,18 +246,14 @@ static status_t get_shared_secret(private_openssl_ec_diffie_hellman_t *this, chu
return SUCCESS;
}
-/**
- * Implementation of openssl_ec_diffie_hellman_t.get_dh_group.
- */
-static diffie_hellman_group_t get_dh_group(private_openssl_ec_diffie_hellman_t *this)
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_openssl_ec_diffie_hellman_t *this)
{
return this->group;
}
-/**
- * Implementation of openssl_ec_diffie_hellman_t.destroy.
- */
-static void destroy(private_openssl_ec_diffie_hellman_t *this)
+METHOD(diffie_hellman_t, destroy, void,
+ private_openssl_ec_diffie_hellman_t *this)
{
EC_POINT_clear_free(this->pub_key);
EC_KEY_free(this->key);
@@ -275,13 +266,20 @@ static void destroy(private_openssl_ec_diffie_hellman_t *this)
*/
openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group)
{
- private_openssl_ec_diffie_hellman_t *this = malloc_thing(private_openssl_ec_diffie_hellman_t);
-
- this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
- this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
- this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
- this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
- this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
+ private_openssl_ec_diffie_hellman_t *this;
+
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ .group = group,
+ );
switch (group)
{
@@ -328,11 +326,6 @@ openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_gro
return NULL;
}
- this->group = group;
- this->computed = FALSE;
-
- this->shared_secret = chunk_empty;
-
return &this->public;
}
#endif /* OPENSSL_NO_EC */
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index 281155913..f4c4759bf 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -138,11 +138,9 @@ static bool build_der_signature(private_openssl_ec_private_key_t *this,
return built;
}
-/**
- * Implementation of private_key_t.sign.
- */
-static bool sign(private_openssl_ec_private_key_t *this,
- signature_scheme_t scheme, chunk_t data, chunk_t *signature)
+METHOD(private_key_t, sign, bool,
+ private_openssl_ec_private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *signature)
{
switch (scheme)
{
@@ -172,36 +170,38 @@ static bool sign(private_openssl_ec_private_key_t *this,
}
}
-/**
- * Implementation of private_key_t.destroy.
- */
-static bool decrypt(private_openssl_ec_private_key_t *this,
- chunk_t crypto, chunk_t *plain)
+METHOD(private_key_t, decrypt, bool,
+ private_openssl_ec_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "EC private key decryption not implemented");
return FALSE;
}
-/**
- * Implementation of private_key_t.get_keysize.
- */
-static size_t get_keysize(private_openssl_ec_private_key_t *this)
+METHOD(private_key_t, get_keysize, int,
+ private_openssl_ec_private_key_t *this)
{
- return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
+ switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
+ {
+ case NID_X9_62_prime256v1:
+ return 256;
+ case NID_secp384r1:
+ return 384;
+ case NID_secp521r1:
+ return 521;
+ default:
+ return 0;
+ }
}
-/**
- * Implementation of private_key_t.get_type.
- */
-static key_type_t get_type(private_openssl_ec_private_key_t *this)
+METHOD(private_key_t, get_type, key_type_t,
+ private_openssl_ec_private_key_t *this)
{
return KEY_ECDSA;
}
-/**
- * Implementation of private_key_t.get_public_key.
- */
-static public_key_t* get_public_key(private_openssl_ec_private_key_t *this)
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_openssl_ec_private_key_t *this)
{
public_key_t *public;
chunk_t key;
@@ -217,20 +217,16 @@ static public_key_t* get_public_key(private_openssl_ec_private_key_t *this)
return public;
}
-/**
- * Implementation of private_key_t.get_fingerprint.
- */
-static bool get_fingerprint(private_openssl_ec_private_key_t *this,
- cred_encoding_type_t type, chunk_t *fingerprint)
+METHOD(private_key_t, get_fingerprint, bool,
+ private_openssl_ec_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
{
return openssl_ec_fingerprint(this->ec, type, fingerprint);
}
-/**
- * Implementation of private_key_t.get_encoding.
- */
-static bool get_encoding(private_openssl_ec_private_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(private_key_t, get_encoding, bool,
+ private_openssl_ec_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
u_char *p;
@@ -261,19 +257,15 @@ static bool get_encoding(private_openssl_ec_private_key_t *this,
}
}
-/**
- * Implementation of private_key_t.get_ref.
- */
-static private_key_t* get_ref(private_openssl_ec_private_key_t *this)
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_openssl_ec_private_key_t *this)
{
ref_get(&this->ref);
- return &this->public.interface;
+ return &this->public.key;
}
-/**
- * Implementation of private_key_t.destroy.
- */
-static void destroy(private_openssl_ec_private_key_t *this)
+METHOD(private_key_t, destroy, void,
+ private_openssl_ec_private_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -291,23 +283,27 @@ static void destroy(private_openssl_ec_private_key_t *this)
*/
static private_openssl_ec_private_key_t *create_empty(void)
{
- private_openssl_ec_private_key_t *this = malloc_thing(private_openssl_ec_private_key_t);
-
- this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
- this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
- this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
- this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
- this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
- this->public.interface.equals = private_key_equals;
- this->public.interface.belongs_to = private_key_belongs_to;
- this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
-
- this->ec = NULL;
- this->ref = 1;
+ private_openssl_ec_private_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
return this;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
index 720c63f90..f56c95aa1 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
@@ -34,7 +34,7 @@ struct openssl_ec_private_key_t {
/**
* Implements private_key_t interface
*/
- private_key_t interface;
+ private_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index def36c92f..7461695ad 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -130,19 +130,15 @@ static bool verify_der_signature(private_openssl_ec_public_key_t *this,
return valid;
}
-/**
- * Implementation of public_key_t.get_type.
- */
-static key_type_t get_type(private_openssl_ec_public_key_t *this)
+METHOD(public_key_t, get_type, key_type_t,
+ private_openssl_ec_public_key_t *this)
{
return KEY_ECDSA;
}
-/**
- * Implementation of public_key_t.verify.
- */
-static bool verify(private_openssl_ec_public_key_t *this,
- signature_scheme_t scheme, chunk_t data, chunk_t signature)
+METHOD(public_key_t, verify, bool,
+ private_openssl_ec_public_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t signature)
{
switch (scheme)
{
@@ -172,22 +168,28 @@ static bool verify(private_openssl_ec_public_key_t *this,
}
}
-/**
- * Implementation of public_key_t.get_keysize.
- */
-static bool encrypt_(private_openssl_ec_public_key_t *this,
- chunk_t crypto, chunk_t *plain)
+METHOD(public_key_t, encrypt, bool,
+ private_openssl_ec_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "EC public key encryption not implemented");
return FALSE;
}
-/**
- * Implementation of public_key_t.get_keysize.
- */
-static size_t get_keysize(private_openssl_ec_public_key_t *this)
+METHOD(public_key_t, get_keysize, int,
+ private_openssl_ec_public_key_t *this)
{
- return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
+ switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
+ {
+ case NID_X9_62_prime256v1:
+ return 256;
+ case NID_secp384r1:
+ return 384;
+ case NID_secp521r1:
+ return 521;
+ default:
+ return 0;
+ }
}
/**
@@ -232,20 +234,16 @@ bool openssl_ec_fingerprint(EC_KEY *ec, cred_encoding_type_t type, chunk_t *fp)
return TRUE;
}
-/**
- * Implementation of private_key_t.get_fingerprint.
- */
-static bool get_fingerprint(private_openssl_ec_public_key_t *this,
- cred_encoding_type_t type, chunk_t *fingerprint)
+METHOD(public_key_t, get_fingerprint, bool,
+ private_openssl_ec_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
{
return openssl_ec_fingerprint(this->ec, type, fingerprint);
}
-/**
- * Implementation of private_key_t.get_encoding.
- */
-static bool get_encoding(private_openssl_ec_public_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(public_key_t, get_encoding, bool,
+ private_openssl_ec_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
u_char *p;
@@ -276,19 +274,15 @@ static bool get_encoding(private_openssl_ec_public_key_t *this,
}
}
-/**
- * Implementation of public_key_t.get_ref.
- */
-static public_key_t* get_ref(private_openssl_ec_public_key_t *this)
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_openssl_ec_public_key_t *this)
{
ref_get(&this->ref);
- return &this->public.interface;
+ return &this->public.key;
}
-/**
- * Implementation of openssl_ec_public_key.destroy.
- */
-static void destroy(private_openssl_ec_public_key_t *this)
+METHOD(public_key_t, destroy, void,
+ private_openssl_ec_public_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -306,21 +300,25 @@ static void destroy(private_openssl_ec_public_key_t *this)
*/
static private_openssl_ec_public_key_t *create_empty()
{
- private_openssl_ec_public_key_t *this = malloc_thing(private_openssl_ec_public_key_t);
-
- this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
- this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
- this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_;
- this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
- this->public.interface.equals = public_key_equals;
- this->public.interface.get_fingerprint = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(public_key_t *this))destroy;
-
- this->ec = NULL;
- this->ref = 1;
+ private_openssl_ec_public_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt,
+ .get_keysize = _get_keysize,
+ .equals = public_key_equals,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
return this;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
index 29d607d38..8094083a7 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
@@ -34,7 +34,7 @@ struct openssl_ec_public_key_t {
/**
* Implements the public_key_t interface
*/
- public_key_t interface;
+ public_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c
index 7556bc594..d81f4b21e 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hasher.c
+++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c
@@ -90,27 +90,20 @@ static char* lookup_algorithm(openssl_algorithm_t *openssl_algo,
return NULL;
}
-/**
- * Implementation of hasher_t.get_hash_size.
- */
-static size_t get_hash_size(private_openssl_hasher_t *this)
+METHOD(hasher_t, get_hash_size, size_t,
+ private_openssl_hasher_t *this)
{
return this->hasher->md_size;
}
-/**
- * Implementation of hasher_t.reset.
- */
-static void reset(private_openssl_hasher_t *this)
+METHOD(hasher_t, reset, void,
+ private_openssl_hasher_t *this)
{
EVP_DigestInit_ex(this->ctx, this->hasher, NULL);
}
-/**
- * Implementation of hasher_t.get_hash.
- */
-static void get_hash(private_openssl_hasher_t *this, chunk_t chunk,
- u_int8_t *hash)
+METHOD(hasher_t, get_hash, void,
+ private_openssl_hasher_t *this, chunk_t chunk, u_int8_t *hash)
{
EVP_DigestUpdate(this->ctx, chunk.ptr, chunk.len);
if (hash)
@@ -120,11 +113,8 @@ static void get_hash(private_openssl_hasher_t *this, chunk_t chunk,
}
}
-/**
- * Implementation of hasher_t.allocate_hash.
- */
-static void allocate_hash(private_openssl_hasher_t *this, chunk_t chunk,
- chunk_t *hash)
+METHOD(hasher_t, allocate_hash, void,
+ private_openssl_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
@@ -137,10 +127,8 @@ static void allocate_hash(private_openssl_hasher_t *this, chunk_t chunk,
}
}
-/**
- * Implementation of hasher_t.destroy.
- */
-static void destroy (private_openssl_hasher_t *this)
+METHOD(hasher_t, destroy, void,
+ private_openssl_hasher_t *this)
{
EVP_MD_CTX_destroy(this->ctx);
free(this);
@@ -160,7 +148,17 @@ openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo)
return NULL;
}
- this = malloc_thing(private_openssl_hasher_t);
+ INIT(this,
+ .public = {
+ .hasher = {
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .get_hash_size = _get_hash_size,
+ .reset = _reset,
+ .destroy = _destroy,
+ },
+ },
+ );
this->hasher = EVP_get_digestbyname(name);
if (!this->hasher)
@@ -170,12 +168,6 @@ openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo)
return NULL;
}
- this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash;
- this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash;
- this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size;
- this->public.hasher_interface.reset = (void (*) (hasher_t*))reset;
- this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy;
-
this->ctx = EVP_MD_CTX_create();
/* initialization */
diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.h b/src/libstrongswan/plugins/openssl/openssl_hasher.h
index fd7a043d1..b03f6891b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hasher.h
+++ b/src/libstrongswan/plugins/openssl/openssl_hasher.h
@@ -31,9 +31,9 @@ typedef struct openssl_hasher_t openssl_hasher_t;
struct openssl_hasher_t {
/**
- * The hasher_t interface.
+ * Implements hasher_t interface.
*/
- hasher_t hasher_interface;
+ hasher_t hasher;
};
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 31697dcb8..0ab4eda9c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -16,6 +16,7 @@
#include <openssl/evp.h>
#include <openssl/conf.h>
+#include <openssl/rand.h>
#include <openssl/crypto.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
@@ -24,6 +25,7 @@
#include "openssl_plugin.h"
#include <library.h>
+#include <debug.h>
#include <threading/thread.h>
#include <threading/mutex.h>
#include "openssl_util.h"
@@ -151,6 +153,31 @@ static void threading_init()
}
/**
+ * Seed the OpenSSL RNG, if required
+ */
+static bool seed_rng()
+{
+ rng_t *rng = NULL;
+ char buf[32];
+
+ while (RAND_status() != 1)
+ {
+ if (!rng)
+ {
+ rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+ if (!rng)
+ {
+ return FALSE;
+ }
+ }
+ rng->get_bytes(rng, sizeof(buf), buf);
+ RAND_seed(buf, sizeof(buf));
+ }
+ DESTROY_IF(rng);
+ return TRUE;
+}
+
+/**
* cleanup OpenSSL threading locks
*/
static void threading_cleanup()
@@ -166,10 +193,8 @@ static void threading_cleanup()
mutex = NULL;
}
-/**
- * Implementation of openssl_plugin_t.destroy
- */
-static void destroy(private_openssl_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_openssl_plugin_t *this)
{
lib->crypto->remove_crypter(lib->crypto,
(crypter_constructor_t)openssl_crypter_create);
@@ -218,9 +243,15 @@ static void destroy(private_openssl_plugin_t *this)
*/
plugin_t *openssl_plugin_create()
{
- private_openssl_plugin_t *this = malloc_thing(private_openssl_plugin_t);
+ private_openssl_plugin_t *this;
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
threading_init();
@@ -233,6 +264,13 @@ plugin_t *openssl_plugin_create()
ENGINE_register_all_complete();
#endif /* OPENSSL_NO_ENGINE */
+ if (!seed_rng())
+ {
+ DBG1(DBG_CFG, "no RNG found to seed OpenSSL");
+ destroy(this);
+ return NULL;
+ }
+
/* crypter */
lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
(crypter_constructor_t)openssl_crypter_create);
@@ -312,33 +350,35 @@ plugin_t *openssl_plugin_create()
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, MODP_CUSTOM,
+ (dh_constructor_t)openssl_diffie_hellman_create);
/* rsa */
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE,
(builder_function_t)openssl_rsa_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
(builder_function_t)openssl_rsa_private_key_gen);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
(builder_function_t)openssl_rsa_private_key_connect);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE,
(builder_function_t)openssl_rsa_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
(builder_function_t)openssl_rsa_public_key_load);
#ifndef OPENSSL_NO_EC
/* ecdsa */
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, TRUE,
(builder_function_t)openssl_ec_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, FALSE,
(builder_function_t)openssl_ec_private_key_gen);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, TRUE,
(builder_function_t)openssl_ec_public_key_load);
#endif /* OPENSSL_NO_EC */
/* X509 certificates */
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, TRUE,
(builder_function_t)openssl_x509_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, TRUE,
(builder_function_t)openssl_crl_load);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 5817ade9e..0b607c386 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -131,19 +131,16 @@ error:
return success;
}
-/**
- * Implementation of openssl_rsa_private_key.get_type.
- */
-static key_type_t get_type(private_openssl_rsa_private_key_t *this)
+
+METHOD(private_key_t, get_type, key_type_t,
+ private_openssl_rsa_private_key_t *this)
{
return KEY_RSA;
}
-/**
- * Implementation of openssl_rsa_private_key.sign.
- */
-static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+METHOD(private_key_t, sign, bool,
+ private_openssl_rsa_private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *signature)
{
switch (scheme)
{
@@ -168,28 +165,47 @@ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t sch
}
}
-/**
- * Implementation of openssl_rsa_private_key.decrypt.
- */
-static bool decrypt(private_openssl_rsa_private_key_t *this,
- chunk_t crypto, chunk_t *plain)
+METHOD(private_key_t, decrypt, bool,
+ private_openssl_rsa_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
{
- DBG1(DBG_LIB, "RSA private key decryption not implemented");
- return FALSE;
+ int padding, len;
+ char *decrypted;
+
+ switch (scheme)
+ {
+ case ENCRYPT_RSA_PKCS1:
+ padding = RSA_PKCS1_PADDING;
+ break;
+ case ENCRYPT_RSA_OAEP_SHA1:
+ padding = RSA_PKCS1_OAEP_PADDING;
+ break;
+ default:
+ DBG1(DBG_LIB, "encryption scheme %N not supported via openssl",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
+ decrypted = malloc(RSA_size(this->rsa));
+ len = RSA_private_decrypt(crypto.len, crypto.ptr, decrypted,
+ this->rsa, padding);
+ if (len < 0)
+ {
+ DBG1(DBG_LIB, "RSA decryption failed");
+ free(decrypted);
+ return FALSE;
+ }
+ *plain = chunk_create(decrypted, len);
+ return TRUE;
}
-/**
- * Implementation of openssl_rsa_private_key.get_keysize.
- */
-static size_t get_keysize(private_openssl_rsa_private_key_t *this)
+METHOD(private_key_t, get_keysize, int,
+ private_openssl_rsa_private_key_t *this)
{
- return RSA_size(this->rsa);
+ return RSA_size(this->rsa) * 8;
}
-/**
- * Implementation of openssl_rsa_private_key.get_public_key.
- */
-static public_key_t* get_public_key(private_openssl_rsa_private_key_t *this)
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_openssl_rsa_private_key_t *this)
{
chunk_t enc;
public_key_t *key;
@@ -204,20 +220,16 @@ static public_key_t* get_public_key(private_openssl_rsa_private_key_t *this)
return key;
}
-/**
- * Implementation of public_key_t.get_fingerprint.
- */
-static bool get_fingerprint(private_openssl_rsa_private_key_t *this,
- cred_encoding_type_t type, chunk_t *fingerprint)
+METHOD(private_key_t, get_fingerprint, bool,
+ private_openssl_rsa_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
{
return openssl_rsa_fingerprint(this->rsa, type, fingerprint);
}
-/*
- * Implementation of public_key_t.get_encoding.
- */
-static bool get_encoding(private_openssl_rsa_private_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(private_key_t, get_encoding, bool,
+ private_openssl_rsa_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
u_char *p;
@@ -252,19 +264,15 @@ static bool get_encoding(private_openssl_rsa_private_key_t *this,
}
}
-/**
- * Implementation of openssl_rsa_private_key.get_ref.
- */
-static private_openssl_rsa_private_key_t* get_ref(private_openssl_rsa_private_key_t *this)
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_openssl_rsa_private_key_t *this)
{
ref_get(&this->ref);
- return this;
+ return &this->public.key;
}
-/**
- * Implementation of openssl_rsa_private_key.destroy.
- */
-static void destroy(private_openssl_rsa_private_key_t *this)
+METHOD(private_key_t, destroy, void,
+ private_openssl_rsa_private_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -280,25 +288,29 @@ static void destroy(private_openssl_rsa_private_key_t *this)
/**
* Internal generic constructor
*/
-static private_openssl_rsa_private_key_t *create_empty(void)
+static private_openssl_rsa_private_key_t *create_empty()
{
- private_openssl_rsa_private_key_t *this = malloc_thing(private_openssl_rsa_private_key_t);
-
- this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type;
- this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign;
- this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt;
- this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize;
- this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key;
- this->public.interface.equals = private_key_equals;
- this->public.interface.belongs_to = private_key_belongs_to;
- this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref;
- this->public.interface.destroy = (void (*) (private_key_t*))destroy;
-
- this->engine = FALSE;
- this->ref = 1;
+ private_openssl_rsa_private_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
return this;
}
@@ -444,6 +456,48 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type,
}
/**
+ * Login to engine with a PIN specified for a keyid
+ */
+static bool login(ENGINE *engine, chunk_t keyid)
+{
+ enumerator_t *enumerator;
+ shared_key_t *shared;
+ identification_t *id;
+ chunk_t key;
+ char pin[64];
+ bool found = FALSE, success = FALSE;
+
+ id = identification_create_from_encoding(ID_KEY_ID, keyid);
+ enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
+ SHARED_PIN, id, NULL);
+ while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
+ {
+ found = TRUE;
+ key = shared->get_key(shared);
+ if (snprintf(pin, sizeof(pin), "%.*s", key.len, key.ptr) >= sizeof(pin))
+ {
+ continue;
+ }
+ if (ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0))
+ {
+ success = TRUE;
+ break;
+ }
+ else
+ {
+ DBG1(DBG_CFG, "setting PIN on engine failed");
+ }
+ }
+ enumerator->destroy(enumerator);
+ id->destroy(id);
+ if (!found)
+ {
+ DBG1(DBG_CFG, "no PIN found for %#B", &keyid);
+ }
+ return success;
+}
+
+/**
* See header.
*/
openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
@@ -451,20 +505,25 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
{
#ifndef OPENSSL_NO_ENGINE
private_openssl_rsa_private_key_t *this;
- char *keyid = NULL, *pin = NULL;
+ char *engine_id = NULL;
+ char keyname[64];
+ chunk_t keyid = chunk_empty;;
EVP_PKEY *key;
- char *engine_id;
ENGINE *engine;
+ int slot = -1;
while (TRUE)
{
switch (va_arg(args, builder_part_t))
{
- case BUILD_SMARTCARD_KEYID:
- keyid = va_arg(args, char*);
+ case BUILD_PKCS11_KEYID:
+ keyid = va_arg(args, chunk_t);
continue;
- case BUILD_SMARTCARD_PIN:
- pin = va_arg(args, char*);
+ case BUILD_PKCS11_SLOT:
+ slot = va_arg(args, int);
+ continue;
+ case BUILD_PKCS11_MODULE:
+ engine_id = va_arg(args, char*);
continue;
case BUILD_END:
break;
@@ -473,17 +532,31 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
}
break;
}
- if (!keyid || !pin)
+ if (!keyid.len || keyid.len > 40)
{
return NULL;
}
- engine_id = lib->settings->get_str(lib->settings,
+ memset(keyname, 0, sizeof(keyname));
+ if (slot != -1)
+ {
+ snprintf(keyname, sizeof(keyname), "%d:", slot);
+ }
+ if (sizeof(keyname) - strlen(keyname) <= keyid.len * 4 / 3 + 1)
+ {
+ return NULL;
+ }
+ chunk_to_hex(keyid, keyname + strlen(keyname), FALSE);
+
+ if (!engine_id)
+ {
+ engine_id = lib->settings->get_str(lib->settings,
"libstrongswan.plugins.openssl.engine_id", "pkcs11");
+ }
engine = ENGINE_by_id(engine_id);
if (!engine)
{
- DBG1(DBG_LIB, "engine '%s' is not available", engine_id);
+ DBG2(DBG_LIB, "engine '%s' is not available", engine_id);
return NULL;
}
if (!ENGINE_init(engine))
@@ -492,18 +565,17 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
ENGINE_free(engine);
return NULL;
}
- if (!ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0))
+ if (!login(engine, keyid))
{
- DBG1(DBG_LIB, "failed to set PIN on engine '%s'", engine_id);
+ DBG1(DBG_LIB, "login to engine '%s' failed", engine_id);
ENGINE_free(engine);
return NULL;
}
-
- key = ENGINE_load_private_key(engine, keyid, NULL, NULL);
+ key = ENGINE_load_private_key(engine, keyname, NULL, NULL);
if (!key)
{
DBG1(DBG_LIB, "failed to load private key with ID '%s' from "
- "engine '%s'", keyid, engine_id);
+ "engine '%s'", keyname, engine_id);
ENGINE_free(engine);
return NULL;
}
@@ -512,6 +584,11 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
this = create_empty();
this->rsa = EVP_PKEY_get1_RSA(key);
this->engine = TRUE;
+ if (!this->rsa)
+ {
+ destroy(this);
+ return NULL;
+ }
return &this->public;
#else /* OPENSSL_NO_ENGINE */
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
index 079dfa46a..60889d651 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
@@ -34,7 +34,7 @@ struct openssl_rsa_private_key_t {
/**
* Implements private_key_t interface
*/
- private_key_t interface;
+ private_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index 6ac61a65c..422e31521 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -114,19 +114,15 @@ error:
return valid;
}
-/**
- * Implementation of public_key_t.get_type.
- */
-static key_type_t get_type(private_openssl_rsa_public_key_t *this)
+METHOD(public_key_t, get_type, key_type_t,
+ private_openssl_rsa_public_key_t *this)
{
return KEY_RSA;
}
-/**
- * Implementation of public_key_t.verify.
- */
-static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t signature)
+METHOD(public_key_t, verify, bool,
+ private_openssl_rsa_public_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t signature)
{
switch (scheme)
{
@@ -151,22 +147,43 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc
}
}
-/**
- * Implementation of public_key_t.get_keysize.
- */
-static bool encrypt_(private_openssl_rsa_public_key_t *this,
- chunk_t crypto, chunk_t *plain)
+METHOD(public_key_t, encrypt, bool,
+ private_openssl_rsa_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t plain, chunk_t *crypto)
{
- DBG1(DBG_LIB, "RSA public key encryption not implemented");
- return FALSE;
+ int padding, len;
+ char *encrypted;
+
+ switch (scheme)
+ {
+ case ENCRYPT_RSA_PKCS1:
+ padding = RSA_PKCS1_PADDING;
+ break;
+ case ENCRYPT_RSA_OAEP_SHA1:
+ padding = RSA_PKCS1_OAEP_PADDING;
+ break;
+ default:
+ DBG1(DBG_LIB, "decryption scheme %N not supported via openssl",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
+ encrypted = malloc(RSA_size(this->rsa));
+ len = RSA_public_encrypt(plain.len, plain.ptr, encrypted,
+ this->rsa, padding);
+ if (len < 0)
+ {
+ DBG1(DBG_LIB, "RSA decryption failed");
+ free(encrypted);
+ return FALSE;
+ }
+ *crypto = chunk_create(encrypted, len);
+ return TRUE;
}
-/**
- * Implementation of public_key_t.get_keysize.
- */
-static size_t get_keysize(private_openssl_rsa_public_key_t *this)
+METHOD(public_key_t, get_keysize, int,
+ private_openssl_rsa_public_key_t *this)
{
- return RSA_size(this->rsa);
+ return RSA_size(this->rsa) * 8;
}
/**
@@ -211,20 +228,16 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp)
return TRUE;
}
-/**
- * Implementation of public_key_t.get_fingerprint.
- */
-static bool get_fingerprint(private_openssl_rsa_public_key_t *this,
- cred_encoding_type_t type, chunk_t *fingerprint)
+METHOD(public_key_t, get_fingerprint, bool,
+ private_openssl_rsa_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
{
return openssl_rsa_fingerprint(this->rsa, type, fingerprint);
}
-/*
- * Implementation of public_key_t.get_encoding.
- */
-static bool get_encoding(private_openssl_rsa_public_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(public_key_t, get_encoding, bool,
+ private_openssl_rsa_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
u_char *p;
@@ -262,19 +275,15 @@ static bool get_encoding(private_openssl_rsa_public_key_t *this,
}
}
-/**
- * Implementation of public_key_t.get_ref.
- */
-static public_key_t* get_ref(private_openssl_rsa_public_key_t *this)
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_openssl_rsa_public_key_t *this)
{
ref_get(&this->ref);
- return &this->public.interface;
+ return &this->public.key;
}
-/**
- * Implementation of openssl_rsa_public_key.destroy.
- */
-static void destroy(private_openssl_rsa_public_key_t *this)
+METHOD(public_key_t, destroy, void,
+ private_openssl_rsa_public_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -292,21 +301,25 @@ static void destroy(private_openssl_rsa_public_key_t *this)
*/
static private_openssl_rsa_public_key_t *create_empty()
{
- private_openssl_rsa_public_key_t *this = malloc_thing(private_openssl_rsa_public_key_t);
-
- this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
- this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
- this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_;
- this->public.interface.equals = public_key_equals;
- this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
- this->public.interface.get_fingerprint = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(public_key_t *this))destroy;
-
- this->rsa = NULL;
- this->ref = 1;
+ private_openssl_rsa_public_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt,
+ .equals = public_key_equals,
+ .get_keysize = _get_keysize,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
return this;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
index 620aa51ce..021257d3c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
@@ -33,7 +33,7 @@ struct openssl_rsa_public_key_t {
/**
* Implements the public_key_t interface
*/
- public_key_t interface;
+ public_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
index b65388010..20f2fa984 100644
--- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
+++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
@@ -124,13 +124,15 @@ openssl_sha1_prf_t *openssl_sha1_prf_create(pseudo_random_function_t algo)
}
INIT(this,
- .public.prf = {
- .get_block_size = _get_block_size,
- .get_bytes = _get_bytes,
- .allocate_bytes = _allocate_bytes,
- .get_key_size = _get_key_size,
- .set_key = _set_key,
- .destroy = _destroy,
+ .public = {
+ .prf = {
+ .get_block_size = _get_block_size,
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
},
);
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 1c9bb699e..aa39bc93d 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -187,6 +187,15 @@ static identification_t *general_name2id(GENERAL_NAME *name)
}
case GEN_DIRNAME :
return openssl_x509_name2id(name->d.directoryName);
+ case GEN_OTHERNAME:
+ if (OBJ_obj2nid(name->d.otherName->type_id) == NID_ms_upn &&
+ name->d.otherName->value->type == V_ASN1_UTF8STRING)
+ {
+ return identification_create_from_encoding(ID_RFC822_ADDR,
+ openssl_asn1_str2chunk(
+ name->d.otherName->value->value.utf8string));
+ }
+ return NULL;
default:
return NULL;
}
@@ -286,10 +295,23 @@ METHOD(certificate_t, has_subject, id_match_t,
identification_t *current;
enumerator_t *enumerator;
id_match_t match, best;
+ chunk_t encoding;
if (subject->get_type(subject) == ID_KEY_ID)
{
- if (chunk_equals(this->hash, subject->get_encoding(subject)))
+ encoding = subject->get_encoding(subject);
+
+ if (chunk_equals(this->hash, encoding))
+ {
+ return ID_MATCH_PERFECT;
+ }
+ if (this->subjectKeyIdentifier.len &&
+ chunk_equals(this->subjectKeyIdentifier, encoding))
+ {
+ return ID_MATCH_PERFECT;
+ }
+ if (this->pubkey &&
+ this->pubkey->has_fingerprint(this->pubkey, encoding))
{
return ID_MATCH_PERFECT;
}
@@ -756,6 +778,38 @@ static bool parse_extensions(private_openssl_x509_t *this)
}
/**
+ * Parse ExtendedKeyUsage
+ */
+static void parse_extKeyUsage(private_openssl_x509_t *this)
+{
+ EXTENDED_KEY_USAGE *usage;
+ int i;
+
+ usage = X509_get_ext_d2i(this->x509, NID_ext_key_usage, NULL, NULL);
+ if (usage)
+ {
+ for (i = 0; i < sk_ASN1_OBJECT_num(usage); i++)
+ {
+ switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(usage, i)))
+ {
+ case NID_server_auth:
+ this->flags |= X509_SERVER_AUTH;
+ break;
+ case NID_client_auth:
+ this->flags |= X509_CLIENT_AUTH;
+ break;
+ case NID_OCSP_sign:
+ this->flags |= X509_OCSP_SIGNER;
+ break;
+ default:
+ break;
+ }
+ }
+ sk_ASN1_OBJECT_pop_free(usage, ASN1_OBJECT_free);
+ }
+}
+
+/**
* Parse a DER encoded x509 certificate
*/
static bool parse_certificate(private_openssl_x509_t *this)
@@ -814,6 +868,7 @@ static bool parse_certificate(private_openssl_x509_t *this)
{
return TRUE;
}
+ parse_extKeyUsage(this);
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher)
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index adb8f08d1..46953f681 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -167,6 +168,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -198,14 +201,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -220,24 +226,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -245,7 +258,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
index 9edea4bd3..06c20292f 100644
--- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
+++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
@@ -78,8 +78,8 @@ static void padlock_crypt(void *key, void *ctrl, void *src, void *dst,
: "eax", "ecx", "edx", "esi", "edi");
}
-/*
- * Implementation of crypter_t.crypt
+/**
+ * Do encryption/decryption operation using Padlock control word
*/
static void crypt(private_padlock_aes_crypter_t *this, char *iv,
chunk_t src, chunk_t *dst, bool enc)
@@ -107,53 +107,44 @@ static void crypt(private_padlock_aes_crypter_t *this, char *iv,
src.len / AES_BLOCK_SIZE, iv_aligned);
}
-/**
- * Implementation of crypter_t.decrypt.
- */
-static void decrypt(private_padlock_aes_crypter_t *this, chunk_t data,
- chunk_t iv, chunk_t *dst)
+METHOD(crypter_t, decrypt, void,
+ private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
crypt(this, iv.ptr, data, dst, TRUE);
}
-
-/**
- * Implementation of crypter_t.encrypt.
- */
-static void encrypt (private_padlock_aes_crypter_t *this, chunk_t data,
- chunk_t iv, chunk_t *dst)
+METHOD(crypter_t, encrypt, void,
+ private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
crypt(this, iv.ptr, data, dst, FALSE);
}
-/**
- * Implementation of crypter_t.get_block_size.
- */
-static size_t get_block_size(private_padlock_aes_crypter_t *this)
+METHOD(crypter_t, get_block_size, size_t,
+ private_padlock_aes_crypter_t *this)
{
return AES_BLOCK_SIZE;
}
-/**
- * Implementation of crypter_t.get_key_size.
- */
-static size_t get_key_size(private_padlock_aes_crypter_t *this)
+METHOD(crypter_t, get_iv_size, size_t,
+ private_padlock_aes_crypter_t *this)
+{
+ return AES_BLOCK_SIZE;
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_padlock_aes_crypter_t *this)
{
return this->key.len;
}
-/**
- * Implementation of crypter_t.set_key.
- */
-static void set_key(private_padlock_aes_crypter_t *this, chunk_t key)
+METHOD(crypter_t, set_key, void,
+ private_padlock_aes_crypter_t *this, chunk_t key)
{
memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len));
}
-/**
- * Implementation of crypter_t.destroy and aes_crypter_t.destroy.
- */
-static void destroy (private_padlock_aes_crypter_t *this)
+METHOD(crypter_t, destroy, void,
+ private_padlock_aes_crypter_t *this)
{
free(this->key.ptr);
free(this);
@@ -171,29 +162,33 @@ padlock_aes_crypter_t *padlock_aes_crypter_create(encryption_algorithm_t algo,
{
return NULL;
}
-
- this = malloc_thing(private_padlock_aes_crypter_t);
-
switch (key_size)
{
+ case 0:
+ key_size = 16;
+ /* FALL */
case 16: /* AES 128 */
break;
case 24: /* AES-192 */
case 32: /* AES-256 */
/* These need an expanded key, currently not supported, FALL */
default:
- free(this);
return NULL;
}
- this->key = chunk_alloc(key_size);
-
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
- this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
- this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
- this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
-
+ INIT(this,
+ .public = {
+ .crypter = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .key = chunk_alloc(key_size),
+ );
return &this->public;
}
diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h
index d4c7a7577..1c804860c 100644
--- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h
+++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h
@@ -32,9 +32,9 @@ typedef struct padlock_aes_crypter_t padlock_aes_crypter_t;
struct padlock_aes_crypter_t {
/**
- * The crypter_t interface.
+ * Implements crypter_t interface.
*/
- crypter_t crypter_interface;
+ crypter_t crypter;
};
/**
diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c
index c9606ae15..027c53c7b 100644
--- a/src/libstrongswan/plugins/padlock/padlock_plugin.c
+++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c
@@ -101,10 +101,8 @@ static padlock_feature_t get_padlock_features()
return 0;
}
-/**
- * Implementation of aes_plugin_t.destroy
- */
-static void destroy(private_padlock_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_padlock_plugin_t *this)
{
if (this->features & PADLOCK_RNG_ENABLED)
{
@@ -133,11 +131,17 @@ static void destroy(private_padlock_plugin_t *this)
*/
plugin_t *padlock_plugin_create()
{
- private_padlock_plugin_t *this = malloc_thing(private_padlock_plugin_t);
+ private_padlock_plugin_t *this;
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ .features = get_padlock_features(),
+ );
- this->features = get_padlock_features();
if (!this->features)
{
free(this);
diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.c b/src/libstrongswan/plugins/padlock/padlock_rng.c
index 8ff46081b..3d805df9d 100644
--- a/src/libstrongswan/plugins/padlock/padlock_rng.c
+++ b/src/libstrongswan/plugins/padlock/padlock_rng.c
@@ -53,15 +53,15 @@ struct private_padlock_rng_t {
*/
static void rng(char *buf, int len, int quality)
{
- while (len > 0)
+ while (len > 0)
{
int status;
/* run XSTORE until we have all bytes needed. We do not use REP, as
* this should not be performance critical and it's easier this way. */
asm volatile (
- ".byte 0x0F,0xA7,0xC0 \n\t"
- : "=D"(buf), "=a"(status)
+ ".byte 0x0F,0xA7,0xC0 \n\t"
+ : "=D"(buf), "=a"(status)
: "d"(quality), "D"(buf));
/* bits[0..4] of status word contains the number of bytes read */
@@ -69,11 +69,8 @@ static void rng(char *buf, int len, int quality)
}
}
-/**
- * Implementation of padlock_rng_t.allocate_bytes.
- */
-static void allocate_bytes(private_padlock_rng_t *this, size_t bytes,
- chunk_t *chunk)
+METHOD(rng_t, allocate_bytes, void,
+ private_padlock_rng_t *this, size_t bytes, chunk_t *chunk)
{
chunk->len = bytes;
/* padlock requires some additional bytes */
@@ -82,11 +79,8 @@ static void allocate_bytes(private_padlock_rng_t *this, size_t bytes,
rng(chunk->ptr, chunk->len, this->quality);
}
-/**
- * Implementation of padlock_rng_t.get_bytes.
- */
-static void get_bytes(private_padlock_rng_t *this, size_t bytes,
- u_int8_t *buffer)
+METHOD(rng_t, get_bytes, void,
+ private_padlock_rng_t *this, size_t bytes, u_int8_t *buffer)
{
chunk_t chunk;
@@ -96,10 +90,8 @@ static void get_bytes(private_padlock_rng_t *this, size_t bytes,
chunk_clear(&chunk);
}
-/**
- * Implementation of padlock_rng_t.destroy.
- */
-static void destroy(private_padlock_rng_t *this)
+METHOD(rng_t, destroy, void,
+ private_padlock_rng_t *this)
{
free(this);
}
@@ -109,11 +101,17 @@ static void destroy(private_padlock_rng_t *this)
*/
padlock_rng_t *padlock_rng_create(rng_quality_t quality)
{
- private_padlock_rng_t *this = malloc_thing(private_padlock_rng_t);
-
- this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes;
- this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes;
- this->public.rng.destroy = (void (*) (rng_t *))destroy;
+ private_padlock_rng_t *this;
+
+ INIT(this,
+ .public = {
+ .rng = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .destroy = _destroy,
+ },
+ },
+ );
/* map RNG quality to Padlock quality factor */
switch (quality)
@@ -127,8 +125,10 @@ padlock_rng_t *padlock_rng_create(rng_quality_t quality)
case RNG_TRUE:
this->quality = PADLOCK_QF3;
break;
+ default:
+ free(this);
+ return NULL;
}
-
return &this->public;
}
diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
index 60b516675..66a077353 100644
--- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
+++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
@@ -83,19 +83,14 @@ static void append_data(private_padlock_sha1_hasher_t *this, chunk_t data)
this->data.len += data.len;
}
-/**
- * Implementation of hasher_t.reset.
- */
-static void reset(private_padlock_sha1_hasher_t *this)
+METHOD(hasher_t, reset, void,
+ private_padlock_sha1_hasher_t *this)
{
chunk_free(&this->data);
}
-/**
- * Implementation of hasher_t.get_hash.
- */
-static void get_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk,
- u_int8_t *hash)
+METHOD(hasher_t, get_hash, void,
+ private_padlock_sha1_hasher_t *this, chunk_t chunk, u_int8_t *hash)
{
if (hash)
{
@@ -116,11 +111,8 @@ static void get_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk,
}
}
-/**
- * Implementation of hasher_t.allocate_hash.
- */
-static void allocate_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk,
- chunk_t *hash)
+METHOD(hasher_t, allocate_hash, void,
+ private_padlock_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
@@ -133,18 +125,14 @@ static void allocate_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk,
}
}
-/**
- * Implementation of hasher_t.get_hash_size.
- */
-static size_t get_hash_size(private_padlock_sha1_hasher_t *this)
+METHOD(hasher_t, get_hash_size, size_t,
+ private_padlock_sha1_hasher_t *this)
{
return HASH_SIZE_SHA1;
}
-/**
- * Implementation of hasher_t.destroy.
- */
-static void destroy(private_padlock_sha1_hasher_t *this)
+METHOD(hasher_t, destroy, void,
+ private_padlock_sha1_hasher_t *this)
{
free(this->data.ptr);
free(this);
@@ -161,15 +149,16 @@ padlock_sha1_hasher_t *padlock_sha1_hasher_create(hash_algorithm_t algo)
{
return NULL;
}
-
- this = malloc_thing(private_padlock_sha1_hasher_t);
- this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash;
- this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash;
- this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size;
- this->public.hasher_interface.reset = (void (*) (hasher_t*))reset;
- this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy;
-
- this->data = chunk_empty;
-
- return &(this->public);
+ INIT(this,
+ .public = {
+ .hasher = {
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .get_hash_size = _get_hash_size,
+ .reset = _reset,
+ .destroy = _destroy,
+ },
+ },
+ );
+ return &this->public;
}
diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h
index 740bdfe98..2d2b2b45d 100644
--- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h
+++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h
@@ -34,7 +34,7 @@ struct padlock_sha1_hasher_t {
/**
* Implements hasher_t interface.
*/
- hasher_t hasher_interface;
+ hasher_t hasher;
};
/**
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index e19a66fa5..cf5acdd1c 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -196,14 +199,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -243,7 +256,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index a15c3f258..b760adda9 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -127,8 +127,8 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
}
crypter->set_key(crypter, key);
- if (iv.len != crypter->get_block_size(crypter) ||
- blob->len % iv.len)
+ if (iv.len != crypter->get_iv_size(crypter) ||
+ blob->len % crypter->get_block_size(crypter))
{
crypter->destroy(crypter);
DBG1(DBG_LIB, " data size is not multiple of block size");
@@ -167,8 +167,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
/**
* Converts a PEM encoded file into its binary form (RFC 1421, RFC 934)
*/
-static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data,
- bool *pgp)
+static status_t pem_to_bin(chunk_t *blob, bool *pgp)
{
typedef enum {
PEM_PRE = 0,
@@ -187,9 +186,10 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data
chunk_t dst = *blob;
chunk_t line = chunk_empty;
chunk_t iv = chunk_empty;
- chunk_t passphrase;
- int try = 0;
u_char iv_buf[HASH_SIZE_MD5];
+ status_t status = NOT_FOUND;
+ enumerator_t *enumerator;
+ shared_key_t *shared;
dst.len = 0;
iv.ptr = iv_buf;
@@ -326,36 +326,35 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data
{
return SUCCESS;
}
- if (!cb)
- {
- DBG1(DBG_LIB, " missing passphrase");
- return INVALID_ARG;
- }
- while (TRUE)
+
+ enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
+ SHARED_PRIVATE_KEY_PASS, NULL, NULL);
+ while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
- passphrase = cb(cb_data, ++try);
- if (!passphrase.len || !passphrase.ptr)
+ chunk_t passphrase, chunk;
+
+ passphrase = shared->get_key(shared);
+ chunk = chunk_clone(*blob);
+ status = pem_decrypt(&chunk, alg, key_size, iv, passphrase);
+ if (status == SUCCESS)
{
- return INVALID_ARG;
+ memcpy(blob->ptr, chunk.ptr, chunk.len);
+ blob->len = chunk.len;
}
- switch (pem_decrypt(blob, alg, key_size, iv, passphrase))
- {
- case INVALID_ARG:
- /* bad passphrase, retry */
- continue;
- case SUCCESS:
- return SUCCESS;
- default:
- return FAILED;
+ free(chunk.ptr);
+ if (status != INVALID_ARG)
+ { /* try again only if passphrase invalid */
+ break;
}
}
+ enumerator->destroy(enumerator);
+ return status;
}
/**
* load the credential from a blob
*/
static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
- chunk_t(*cb)(void*,int), void *cb_data,
x509_flag_t flags)
{
void *cred = NULL;
@@ -364,7 +363,7 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
blob = chunk_clone(blob);
if (!is_asn1(blob))
{
- if (pem_to_bin(&blob, cb, cb_data, &pgp) != SUCCESS)
+ if (pem_to_bin(&blob, &pgp) != SUCCESS)
{
chunk_clear(&blob);
return NULL;
@@ -394,7 +393,6 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
* load the credential from a file
*/
static void *load_from_file(char *file, credential_type_t type, int subtype,
- chunk_t(*cb)(void*,int), void *cb_data,
x509_flag_t flags)
{
void *cred = NULL;
@@ -425,8 +423,7 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
return NULL;
}
- cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype,
- cb, cb_data, flags);
+ cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype, flags);
munmap(addr, sb.st_size);
close(fd);
@@ -437,7 +434,6 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
* load the credential from a file descriptor
*/
static void *load_from_fd(int fd, credential_type_t type, int subtype,
- chunk_t(*cb)(void*,int), void *cb_data,
x509_flag_t flags)
{
char buf[8096];
@@ -464,20 +460,7 @@ static void *load_from_fd(int fd, credential_type_t type, int subtype,
return NULL;
}
}
- return load_from_blob(chunk_create(buf, total), type, subtype,
- cb, cb_data, flags);
-}
-
-/**
- * passphrase callback to use if passphrase given
- */
-static chunk_t given_passphrase_cb(chunk_t *passphrase, int try)
-{
- if (try > 1)
- { /* try only once for given passphrases */
- return chunk_empty;
- }
- return *passphrase;
+ return load_from_blob(chunk_create(buf, total), type, subtype, flags);
}
/**
@@ -487,9 +470,7 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
{
char *file = NULL;
int fd = -1;
- chunk_t pem = chunk_empty, passphrase = chunk_empty;
- chunk_t (*cb)(void *data, int try) = NULL;
- void *cb_data = NULL;
+ chunk_t pem = chunk_empty;
int flags = 0;
while (TRUE)
@@ -505,18 +486,6 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
case BUILD_BLOB_PEM:
pem = va_arg(args, chunk_t);
continue;
- case BUILD_PASSPHRASE:
- passphrase = va_arg(args, chunk_t);
- if (passphrase.len && passphrase.ptr)
- {
- cb = (void*)given_passphrase_cb;
- cb_data = &passphrase;
- }
- continue;
- case BUILD_PASSPHRASE_CALLBACK:
- cb = va_arg(args, chunk_t(*)(void*,int));
- cb_data = va_arg(args, void*);
- continue;
case BUILD_X509_FLAG:
flags = va_arg(args, int);
continue;
@@ -530,15 +499,15 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
if (pem.len)
{
- return load_from_blob(pem, type, subtype, cb, cb_data, flags);
+ return load_from_blob(pem, type, subtype, flags);
}
if (file)
{
- return load_from_file(file, type, subtype, cb, cb_data, flags);
+ return load_from_file(file, type, subtype, flags);
}
if (fd != -1)
{
- return load_from_fd(fd, type, subtype, cb, cb_data, flags);
+ return load_from_fd(fd, type, subtype, flags);
}
return NULL;
}
diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c
index 810901b7a..83efb155b 100644
--- a/src/libstrongswan/plugins/pem/pem_plugin.c
+++ b/src/libstrongswan/plugins/pem/pem_plugin.c
@@ -57,49 +57,49 @@ plugin_t *pem_plugin_create()
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
/* register private key PEM decoding builders */
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
(builder_function_t)pem_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
(builder_function_t)pem_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, FALSE,
(builder_function_t)pem_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_DSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_DSA, FALSE,
(builder_function_t)pem_private_key_load);
/* register public key PEM decoding builders */
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
(builder_function_t)pem_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE,
(builder_function_t)pem_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, FALSE,
(builder_function_t)pem_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_DSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_DSA, FALSE,
(builder_function_t)pem_public_key_load);
/* register certificate PEM decoding builders */
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_ANY,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_ANY, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE,
(builder_function_t)pem_certificate_load);
/* register pluto specific certificate formats */
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL, FALSE,
(builder_function_t)pem_certificate_load);
/* register PEM encoder */
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index a5bc5eb39..0098147a9 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -196,14 +199,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -243,7 +256,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c
index 84c9bfddd..440e70a18 100644
--- a/src/libstrongswan/plugins/pgp/pgp_builder.c
+++ b/src/libstrongswan/plugins/pgp/pgp_builder.c
@@ -129,7 +129,7 @@ static bool sign_not_allowed(private_key_t *this, signature_scheme_t scheme,
/**
* Implementation of private_key_t.decrypt for signature-only keys
*/
-static bool decrypt_not_allowed(private_key_t *this,
+static bool decrypt_not_allowed(private_key_t *this, encryption_scheme_t scheme,
chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "decryption failed - signature only key");
diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c
index 3ed1faf01..41e0a5df6 100644
--- a/src/libstrongswan/plugins/pgp/pgp_plugin.c
+++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c
@@ -60,16 +60,16 @@ plugin_t *pgp_plugin_create()
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
(builder_function_t)pgp_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE,
(builder_function_t)pgp_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
(builder_function_t)pgp_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
(builder_function_t)pgp_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE,
(builder_function_t)pgp_cert_load);
lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode);
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index 947f52d82..8b41499a7 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -197,14 +200,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -244,7 +257,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
index 35ec2d2bf..d3afb5c67 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
@@ -56,11 +56,11 @@ plugin_t *pkcs1_plugin_create()
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
(builder_function_t)pkcs1_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE,
(builder_function_t)pkcs1_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
(builder_function_t)pkcs1_private_key_load);
lib->encoding->add_encoder(lib->encoding, pkcs1_encoder_encode);
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.am b/src/libstrongswan/plugins/pkcs11/Makefile.am
new file mode 100644
index 000000000..199039d95
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.am
@@ -0,0 +1,21 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-pkcs11.la
+else
+plugin_LTLIBRARIES = libstrongswan-pkcs11.la
+endif
+
+libstrongswan_pkcs11_la_SOURCES = \
+ pkcs11_plugin.h pkcs11_plugin.c pkcs11.h \
+ pkcs11_library.h pkcs11_library.c \
+ pkcs11_creds.h pkcs11_creds.c \
+ pkcs11_private_key.h pkcs11_private_key.c \
+ pkcs11_public_key.h pkcs11_public_key.c \
+ pkcs11_hasher.h pkcs11_hasher.c \
+ pkcs11_manager.h pkcs11_manager.c
+
+libstrongswan_pkcs11_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in
new file mode 100644
index 000000000..c27310910
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.in
@@ -0,0 +1,614 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/pkcs11
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_pkcs11_la_LIBADD =
+am_libstrongswan_pkcs11_la_OBJECTS = pkcs11_plugin.lo \
+ pkcs11_library.lo pkcs11_creds.lo pkcs11_private_key.lo \
+ pkcs11_public_key.lo pkcs11_hasher.lo pkcs11_manager.lo
+libstrongswan_pkcs11_la_OBJECTS = \
+ $(am_libstrongswan_pkcs11_la_OBJECTS)
+libstrongswan_pkcs11_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_pkcs11_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_pkcs11_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_pkcs11_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_pkcs11_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_pkcs11_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pkcs11.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pkcs11.la
+libstrongswan_pkcs11_la_SOURCES = \
+ pkcs11_plugin.h pkcs11_plugin.c pkcs11.h \
+ pkcs11_library.h pkcs11_library.c \
+ pkcs11_creds.h pkcs11_creds.c \
+ pkcs11_private_key.h pkcs11_private_key.c \
+ pkcs11_public_key.h pkcs11_public_key.c \
+ pkcs11_hasher.h pkcs11_hasher.c \
+ pkcs11_manager.h pkcs11_manager.c
+
+libstrongswan_pkcs11_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs11/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs11/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-pkcs11.la: $(libstrongswan_pkcs11_la_OBJECTS) $(libstrongswan_pkcs11_la_DEPENDENCIES)
+ $(libstrongswan_pkcs11_la_LINK) $(am_libstrongswan_pkcs11_la_rpath) $(libstrongswan_pkcs11_la_OBJECTS) $(libstrongswan_pkcs11_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_creds.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_hasher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_library.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_private_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_public_key.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11.h b/src/libstrongswan/plugins/pkcs11/pkcs11.h
new file mode 100644
index 000000000..2e6a1e3ed
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11.h
@@ -0,0 +1,1357 @@
+/* pkcs11.h
+ Copyright 2006, 2007 g10 Code GmbH
+ Copyright 2006 Andreas Jellinghaus
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+ the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. */
+
+/* Please submit changes back to the Scute project at
+ http://www.scute.org/ (or send them to marcus@g10code.com), so that
+ they can be picked up by other projects from there as well. */
+
+/* This file is a modified implementation of the PKCS #11 standard by
+ RSA Security Inc. It is mostly a drop-in replacement, with the
+ following change:
+
+ This header file does not require any macro definitions by the user
+ (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros
+ for you (if useful, some are missing, let me know if you need
+ more).
+
+ There is an additional API available that does comply better to the
+ GNU coding standard. It can be switched on by defining
+ CRYPTOKI_GNU before including this header file. For this, the
+ following changes are made to the specification:
+
+ All structure types are changed to a "struct ck_foo" where CK_FOO
+ is the type name in PKCS #11.
+
+ All non-structure types are changed to ck_foo_t where CK_FOO is the
+ lowercase version of the type name in PKCS #11. The basic types
+ (CK_ULONG et al.) are removed without substitute.
+
+ All members of structures are modified in the following way: Type
+ indication prefixes are removed, and underscore characters are
+ inserted before words. Then the result is lowercased.
+
+ Note that function names are still in the original case, as they
+ need for ABI compatibility.
+
+ CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use
+ <stdbool.h>.
+
+ If CRYPTOKI_COMPAT is defined before including this header file,
+ then none of the API changes above take place, and the API is the
+ one defined by the PKCS #11 standard. */
+
+#ifndef PKCS11_H
+#define PKCS11_H 1
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+/* The version of cryptoki we implement. The revision is changed with
+ each modification of this file. If you do not use the "official"
+ version of this file, please consider deleting the revision macro
+ (you may use a macro with a different name to keep track of your
+ versions). */
+#define CRYPTOKI_VERSION_MAJOR 2
+#define CRYPTOKI_VERSION_MINOR 20
+#define CRYPTOKI_VERSION_REVISION 6
+
+
+/* Compatibility interface is default, unless CRYPTOKI_GNU is
+ given. */
+#ifndef CRYPTOKI_GNU
+#ifndef CRYPTOKI_COMPAT
+#define CRYPTOKI_COMPAT 1
+#endif
+#endif
+
+/* System dependencies. */
+
+#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
+
+/* There is a matching pop below. */
+#pragma pack(push, cryptoki, 1)
+
+#ifdef CRYPTOKI_EXPORTS
+#define CK_SPEC __declspec(dllexport)
+#else
+#define CK_SPEC __declspec(dllimport)
+#endif
+
+#else
+
+#define CK_SPEC
+
+#endif
+
+
+#ifdef CRYPTOKI_COMPAT
+ /* If we are in compatibility mode, switch all exposed names to the
+ PKCS #11 variant. There are corresponding #undefs below. */
+
+#define ck_flags_t CK_FLAGS
+#define ck_version _CK_VERSION
+
+#define ck_info _CK_INFO
+#define cryptoki_version cryptokiVersion
+#define manufacturer_id manufacturerID
+#define library_description libraryDescription
+#define library_version libraryVersion
+
+#define ck_notification_t CK_NOTIFICATION
+#define ck_slot_id_t CK_SLOT_ID
+
+#define ck_slot_info _CK_SLOT_INFO
+#define slot_description slotDescription
+#define hardware_version hardwareVersion
+#define firmware_version firmwareVersion
+
+#define ck_token_info _CK_TOKEN_INFO
+#define serial_number serialNumber
+#define max_session_count ulMaxSessionCount
+#define session_count ulSessionCount
+#define max_rw_session_count ulMaxRwSessionCount
+#define rw_session_count ulRwSessionCount
+#define max_pin_len ulMaxPinLen
+#define min_pin_len ulMinPinLen
+#define total_public_memory ulTotalPublicMemory
+#define free_public_memory ulFreePublicMemory
+#define total_private_memory ulTotalPrivateMemory
+#define free_private_memory ulFreePrivateMemory
+#define utc_time utcTime
+
+#define ck_session_handle_t CK_SESSION_HANDLE
+#define ck_user_type_t CK_USER_TYPE
+#define ck_state_t CK_STATE
+
+#define ck_session_info _CK_SESSION_INFO
+#define slot_id slotID
+#define device_error ulDeviceError
+
+#define ck_object_handle_t CK_OBJECT_HANDLE
+#define ck_object_class_t CK_OBJECT_CLASS
+#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE
+#define ck_key_type_t CK_KEY_TYPE
+#define ck_certificate_type_t CK_CERTIFICATE_TYPE
+#define ck_attribute_type_t CK_ATTRIBUTE_TYPE
+
+#define ck_attribute _CK_ATTRIBUTE
+#define value pValue
+#define value_len ulValueLen
+
+#define ck_date _CK_DATE
+
+#define ck_mechanism_type_t CK_MECHANISM_TYPE
+
+#define ck_mechanism _CK_MECHANISM
+#define parameter pParameter
+#define parameter_len ulParameterLen
+
+#define ck_mechanism_info _CK_MECHANISM_INFO
+#define min_key_size ulMinKeySize
+#define max_key_size ulMaxKeySize
+
+#define ck_rv_t CK_RV
+#define ck_notify_t CK_NOTIFY
+
+#define ck_function_list _CK_FUNCTION_LIST
+
+#define ck_createmutex_t CK_CREATEMUTEX
+#define ck_destroymutex_t CK_DESTROYMUTEX
+#define ck_lockmutex_t CK_LOCKMUTEX
+#define ck_unlockmutex_t CK_UNLOCKMUTEX
+
+#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS
+#define create_mutex CreateMutex
+#define destroy_mutex DestroyMutex
+#define lock_mutex LockMutex
+#define unlock_mutex UnlockMutex
+#define reserved pReserved
+
+#endif /* CRYPTOKI_COMPAT */
+
+
+
+typedef unsigned long ck_flags_t;
+
+struct ck_version
+{
+ unsigned char major;
+ unsigned char minor;
+};
+
+
+struct ck_info
+{
+ struct ck_version cryptoki_version;
+ unsigned char manufacturer_id[32];
+ ck_flags_t flags;
+ unsigned char library_description[32];
+ struct ck_version library_version;
+};
+
+
+typedef unsigned long ck_notification_t;
+
+#define CKN_SURRENDER (0)
+
+
+typedef unsigned long ck_slot_id_t;
+
+
+struct ck_slot_info
+{
+ unsigned char slot_description[64];
+ unsigned char manufacturer_id[32];
+ ck_flags_t flags;
+ struct ck_version hardware_version;
+ struct ck_version firmware_version;
+};
+
+
+#define CKF_TOKEN_PRESENT (1 << 0)
+#define CKF_REMOVABLE_DEVICE (1 << 1)
+#define CKF_HW_SLOT (1 << 2)
+#define CKF_ARRAY_ATTRIBUTE (1 << 30)
+
+
+struct ck_token_info
+{
+ unsigned char label[32];
+ unsigned char manufacturer_id[32];
+ unsigned char model[16];
+ unsigned char serial_number[16];
+ ck_flags_t flags;
+ unsigned long max_session_count;
+ unsigned long session_count;
+ unsigned long max_rw_session_count;
+ unsigned long rw_session_count;
+ unsigned long max_pin_len;
+ unsigned long min_pin_len;
+ unsigned long total_public_memory;
+ unsigned long free_public_memory;
+ unsigned long total_private_memory;
+ unsigned long free_private_memory;
+ struct ck_version hardware_version;
+ struct ck_version firmware_version;
+ unsigned char utc_time[16];
+};
+
+
+#define CKF_RNG (1 << 0)
+#define CKF_WRITE_PROTECTED (1 << 1)
+#define CKF_LOGIN_REQUIRED (1 << 2)
+#define CKF_USER_PIN_INITIALIZED (1 << 3)
+#define CKF_RESTORE_KEY_NOT_NEEDED (1 << 5)
+#define CKF_CLOCK_ON_TOKEN (1 << 6)
+#define CKF_PROTECTED_AUTHENTICATION_PATH (1 << 8)
+#define CKF_DUAL_CRYPTO_OPERATIONS (1 << 9)
+#define CKF_TOKEN_INITIALIZED (1 << 10)
+#define CKF_SECONDARY_AUTHENTICATION (1 << 11)
+#define CKF_USER_PIN_COUNT_LOW (1 << 16)
+#define CKF_USER_PIN_FINAL_TRY (1 << 17)
+#define CKF_USER_PIN_LOCKED (1 << 18)
+#define CKF_USER_PIN_TO_BE_CHANGED (1 << 19)
+#define CKF_SO_PIN_COUNT_LOW (1 << 20)
+#define CKF_SO_PIN_FINAL_TRY (1 << 21)
+#define CKF_SO_PIN_LOCKED (1 << 22)
+#define CKF_SO_PIN_TO_BE_CHANGED (1 << 23)
+
+#define CK_UNAVAILABLE_INFORMATION ((unsigned long) -1)
+#define CK_EFFECTIVELY_INFINITE (0)
+
+
+typedef unsigned long ck_session_handle_t;
+
+#define CK_INVALID_HANDLE (0)
+
+
+typedef unsigned long ck_user_type_t;
+
+#define CKU_SO (0)
+#define CKU_USER (1)
+#define CKU_CONTEXT_SPECIFIC (2)
+
+
+typedef unsigned long ck_state_t;
+
+#define CKS_RO_PUBLIC_SESSION (0)
+#define CKS_RO_USER_FUNCTIONS (1)
+#define CKS_RW_PUBLIC_SESSION (2)
+#define CKS_RW_USER_FUNCTIONS (3)
+#define CKS_RW_SO_FUNCTIONS (4)
+
+
+struct ck_session_info
+{
+ ck_slot_id_t slot_id;
+ ck_state_t state;
+ ck_flags_t flags;
+ unsigned long device_error;
+};
+
+#define CKF_RW_SESSION (1 << 1)
+#define CKF_SERIAL_SESSION (1 << 2)
+
+
+typedef unsigned long ck_object_handle_t;
+
+
+typedef unsigned long ck_object_class_t;
+
+#define CKO_DATA (0)
+#define CKO_CERTIFICATE (1)
+#define CKO_PUBLIC_KEY (2)
+#define CKO_PRIVATE_KEY (3)
+#define CKO_SECRET_KEY (4)
+#define CKO_HW_FEATURE (5)
+#define CKO_DOMAIN_PARAMETERS (6)
+#define CKO_MECHANISM (7)
+#define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_hw_feature_type_t;
+
+#define CKH_MONOTONIC_COUNTER (1)
+#define CKH_CLOCK (2)
+#define CKH_USER_INTERFACE (3)
+#define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_key_type_t;
+
+#define CKK_RSA (0)
+#define CKK_DSA (1)
+#define CKK_DH (2)
+#define CKK_ECDSA (3)
+#define CKK_EC (3)
+#define CKK_X9_42_DH (4)
+#define CKK_KEA (5)
+#define CKK_GENERIC_SECRET (0x10)
+#define CKK_RC2 (0x11)
+#define CKK_RC4 (0x12)
+#define CKK_DES (0x13)
+#define CKK_DES2 (0x14)
+#define CKK_DES3 (0x15)
+#define CKK_CAST (0x16)
+#define CKK_CAST3 (0x17)
+#define CKK_CAST128 (0x18)
+#define CKK_RC5 (0x19)
+#define CKK_IDEA (0x1a)
+#define CKK_SKIPJACK (0x1b)
+#define CKK_BATON (0x1c)
+#define CKK_JUNIPER (0x1d)
+#define CKK_CDMF (0x1e)
+#define CKK_AES (0x1f)
+#define CKK_BLOWFISH (0x20)
+#define CKK_TWOFISH (0x21)
+#define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_certificate_type_t;
+
+#define CKC_X_509 (0)
+#define CKC_X_509_ATTR_CERT (1)
+#define CKC_WTLS (2)
+#define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_attribute_type_t;
+
+#define CKA_CLASS (0)
+#define CKA_TOKEN (1)
+#define CKA_PRIVATE (2)
+#define CKA_LABEL (3)
+#define CKA_APPLICATION (0x10)
+#define CKA_VALUE (0x11)
+#define CKA_OBJECT_ID (0x12)
+#define CKA_CERTIFICATE_TYPE (0x80)
+#define CKA_ISSUER (0x81)
+#define CKA_SERIAL_NUMBER (0x82)
+#define CKA_AC_ISSUER (0x83)
+#define CKA_OWNER (0x84)
+#define CKA_ATTR_TYPES (0x85)
+#define CKA_TRUSTED (0x86)
+#define CKA_CERTIFICATE_CATEGORY (0x87)
+#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88)
+#define CKA_URL (0x89)
+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8a)
+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8b)
+#define CKA_CHECK_VALUE (0x90)
+#define CKA_KEY_TYPE (0x100)
+#define CKA_SUBJECT (0x101)
+#define CKA_ID (0x102)
+#define CKA_SENSITIVE (0x103)
+#define CKA_ENCRYPT (0x104)
+#define CKA_DECRYPT (0x105)
+#define CKA_WRAP (0x106)
+#define CKA_UNWRAP (0x107)
+#define CKA_SIGN (0x108)
+#define CKA_SIGN_RECOVER (0x109)
+#define CKA_VERIFY (0x10a)
+#define CKA_VERIFY_RECOVER (0x10b)
+#define CKA_DERIVE (0x10c)
+#define CKA_START_DATE (0x110)
+#define CKA_END_DATE (0x111)
+#define CKA_MODULUS (0x120)
+#define CKA_MODULUS_BITS (0x121)
+#define CKA_PUBLIC_EXPONENT (0x122)
+#define CKA_PRIVATE_EXPONENT (0x123)
+#define CKA_PRIME_1 (0x124)
+#define CKA_PRIME_2 (0x125)
+#define CKA_EXPONENT_1 (0x126)
+#define CKA_EXPONENT_2 (0x127)
+#define CKA_COEFFICIENT (0x128)
+#define CKA_PRIME (0x130)
+#define CKA_SUBPRIME (0x131)
+#define CKA_BASE (0x132)
+#define CKA_PRIME_BITS (0x133)
+#define CKA_SUB_PRIME_BITS (0x134)
+#define CKA_VALUE_BITS (0x160)
+#define CKA_VALUE_LEN (0x161)
+#define CKA_EXTRACTABLE (0x162)
+#define CKA_LOCAL (0x163)
+#define CKA_NEVER_EXTRACTABLE (0x164)
+#define CKA_ALWAYS_SENSITIVE (0x165)
+#define CKA_KEY_GEN_MECHANISM (0x166)
+#define CKA_MODIFIABLE (0x170)
+#define CKA_ECDSA_PARAMS (0x180)
+#define CKA_EC_PARAMS (0x180)
+#define CKA_EC_POINT (0x181)
+#define CKA_SECONDARY_AUTH (0x200)
+#define CKA_AUTH_PIN_FLAGS (0x201)
+#define CKA_ALWAYS_AUTHENTICATE (0x202)
+#define CKA_WRAP_WITH_TRUSTED (0x210)
+#define CKA_HW_FEATURE_TYPE (0x300)
+#define CKA_RESET_ON_INIT (0x301)
+#define CKA_HAS_RESET (0x302)
+#define CKA_PIXEL_X (0x400)
+#define CKA_PIXEL_Y (0x401)
+#define CKA_RESOLUTION (0x402)
+#define CKA_CHAR_ROWS (0x403)
+#define CKA_CHAR_COLUMNS (0x404)
+#define CKA_COLOR (0x405)
+#define CKA_BITS_PER_PIXEL (0x406)
+#define CKA_CHAR_SETS (0x480)
+#define CKA_ENCODING_METHODS (0x481)
+#define CKA_MIME_TYPES (0x482)
+#define CKA_MECHANISM_TYPE (0x500)
+#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501)
+#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502)
+#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503)
+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211)
+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212)
+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600)
+#define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+struct ck_attribute
+{
+ ck_attribute_type_t type;
+ void *value;
+ unsigned long value_len;
+};
+
+
+struct ck_date
+{
+ unsigned char year[4];
+ unsigned char month[2];
+ unsigned char day[2];
+};
+
+
+typedef unsigned long ck_mechanism_type_t;
+
+#define CKM_RSA_PKCS_KEY_PAIR_GEN (0)
+#define CKM_RSA_PKCS (1)
+#define CKM_RSA_9796 (2)
+#define CKM_RSA_X_509 (3)
+#define CKM_MD2_RSA_PKCS (4)
+#define CKM_MD5_RSA_PKCS (5)
+#define CKM_SHA1_RSA_PKCS (6)
+#define CKM_RIPEMD128_RSA_PKCS (7)
+#define CKM_RIPEMD160_RSA_PKCS (8)
+#define CKM_RSA_PKCS_OAEP (9)
+#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xa)
+#define CKM_RSA_X9_31 (0xb)
+#define CKM_SHA1_RSA_X9_31 (0xc)
+#define CKM_RSA_PKCS_PSS (0xd)
+#define CKM_SHA1_RSA_PKCS_PSS (0xe)
+#define CKM_DSA_KEY_PAIR_GEN (0x10)
+#define CKM_DSA (0x11)
+#define CKM_DSA_SHA1 (0x12)
+#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20)
+#define CKM_DH_PKCS_DERIVE (0x21)
+#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30)
+#define CKM_X9_42_DH_DERIVE (0x31)
+#define CKM_X9_42_DH_HYBRID_DERIVE (0x32)
+#define CKM_X9_42_MQV_DERIVE (0x33)
+#define CKM_SHA256_RSA_PKCS (0x40)
+#define CKM_SHA384_RSA_PKCS (0x41)
+#define CKM_SHA512_RSA_PKCS (0x42)
+#define CKM_SHA256_RSA_PKCS_PSS (0x43)
+#define CKM_SHA384_RSA_PKCS_PSS (0x44)
+#define CKM_SHA512_RSA_PKCS_PSS (0x45)
+#define CKM_RC2_KEY_GEN (0x100)
+#define CKM_RC2_ECB (0x101)
+#define CKM_RC2_CBC (0x102)
+#define CKM_RC2_MAC (0x103)
+#define CKM_RC2_MAC_GENERAL (0x104)
+#define CKM_RC2_CBC_PAD (0x105)
+#define CKM_RC4_KEY_GEN (0x110)
+#define CKM_RC4 (0x111)
+#define CKM_DES_KEY_GEN (0x120)
+#define CKM_DES_ECB (0x121)
+#define CKM_DES_CBC (0x122)
+#define CKM_DES_MAC (0x123)
+#define CKM_DES_MAC_GENERAL (0x124)
+#define CKM_DES_CBC_PAD (0x125)
+#define CKM_DES2_KEY_GEN (0x130)
+#define CKM_DES3_KEY_GEN (0x131)
+#define CKM_DES3_ECB (0x132)
+#define CKM_DES3_CBC (0x133)
+#define CKM_DES3_MAC (0x134)
+#define CKM_DES3_MAC_GENERAL (0x135)
+#define CKM_DES3_CBC_PAD (0x136)
+#define CKM_CDMF_KEY_GEN (0x140)
+#define CKM_CDMF_ECB (0x141)
+#define CKM_CDMF_CBC (0x142)
+#define CKM_CDMF_MAC (0x143)
+#define CKM_CDMF_MAC_GENERAL (0x144)
+#define CKM_CDMF_CBC_PAD (0x145)
+#define CKM_MD2 (0x200)
+#define CKM_MD2_HMAC (0x201)
+#define CKM_MD2_HMAC_GENERAL (0x202)
+#define CKM_MD5 (0x210)
+#define CKM_MD5_HMAC (0x211)
+#define CKM_MD5_HMAC_GENERAL (0x212)
+#define CKM_SHA_1 (0x220)
+#define CKM_SHA_1_HMAC (0x221)
+#define CKM_SHA_1_HMAC_GENERAL (0x222)
+#define CKM_RIPEMD128 (0x230)
+#define CKM_RIPEMD128_HMAC (0x231)
+#define CKM_RIPEMD128_HMAC_GENERAL (0x232)
+#define CKM_RIPEMD160 (0x240)
+#define CKM_RIPEMD160_HMAC (0x241)
+#define CKM_RIPEMD160_HMAC_GENERAL (0x242)
+#define CKM_SHA256 (0x250)
+#define CKM_SHA256_HMAC (0x251)
+#define CKM_SHA256_HMAC_GENERAL (0x252)
+#define CKM_SHA384 (0x260)
+#define CKM_SHA384_HMAC (0x261)
+#define CKM_SHA384_HMAC_GENERAL (0x262)
+#define CKM_SHA512 (0x270)
+#define CKM_SHA512_HMAC (0x271)
+#define CKM_SHA512_HMAC_GENERAL (0x272)
+#define CKM_CAST_KEY_GEN (0x300)
+#define CKM_CAST_ECB (0x301)
+#define CKM_CAST_CBC (0x302)
+#define CKM_CAST_MAC (0x303)
+#define CKM_CAST_MAC_GENERAL (0x304)
+#define CKM_CAST_CBC_PAD (0x305)
+#define CKM_CAST3_KEY_GEN (0x310)
+#define CKM_CAST3_ECB (0x311)
+#define CKM_CAST3_CBC (0x312)
+#define CKM_CAST3_MAC (0x313)
+#define CKM_CAST3_MAC_GENERAL (0x314)
+#define CKM_CAST3_CBC_PAD (0x315)
+#define CKM_CAST5_KEY_GEN (0x320)
+#define CKM_CAST128_KEY_GEN (0x320)
+#define CKM_CAST5_ECB (0x321)
+#define CKM_CAST128_ECB (0x321)
+#define CKM_CAST5_CBC (0x322)
+#define CKM_CAST128_CBC (0x322)
+#define CKM_CAST5_MAC (0x323)
+#define CKM_CAST128_MAC (0x323)
+#define CKM_CAST5_MAC_GENERAL (0x324)
+#define CKM_CAST128_MAC_GENERAL (0x324)
+#define CKM_CAST5_CBC_PAD (0x325)
+#define CKM_CAST128_CBC_PAD (0x325)
+#define CKM_RC5_KEY_GEN (0x330)
+#define CKM_RC5_ECB (0x331)
+#define CKM_RC5_CBC (0x332)
+#define CKM_RC5_MAC (0x333)
+#define CKM_RC5_MAC_GENERAL (0x334)
+#define CKM_RC5_CBC_PAD (0x335)
+#define CKM_IDEA_KEY_GEN (0x340)
+#define CKM_IDEA_ECB (0x341)
+#define CKM_IDEA_CBC (0x342)
+#define CKM_IDEA_MAC (0x343)
+#define CKM_IDEA_MAC_GENERAL (0x344)
+#define CKM_IDEA_CBC_PAD (0x345)
+#define CKM_GENERIC_SECRET_KEY_GEN (0x350)
+#define CKM_CONCATENATE_BASE_AND_KEY (0x360)
+#define CKM_CONCATENATE_BASE_AND_DATA (0x362)
+#define CKM_CONCATENATE_DATA_AND_BASE (0x363)
+#define CKM_XOR_BASE_AND_DATA (0x364)
+#define CKM_EXTRACT_KEY_FROM_KEY (0x365)
+#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370)
+#define CKM_SSL3_MASTER_KEY_DERIVE (0x371)
+#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372)
+#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373)
+#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374)
+#define CKM_TLS_MASTER_KEY_DERIVE (0x375)
+#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376)
+#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377)
+#define CKM_SSL3_MD5_MAC (0x380)
+#define CKM_SSL3_SHA1_MAC (0x381)
+#define CKM_MD5_KEY_DERIVATION (0x390)
+#define CKM_MD2_KEY_DERIVATION (0x391)
+#define CKM_SHA1_KEY_DERIVATION (0x392)
+#define CKM_PBE_MD2_DES_CBC (0x3a0)
+#define CKM_PBE_MD5_DES_CBC (0x3a1)
+#define CKM_PBE_MD5_CAST_CBC (0x3a2)
+#define CKM_PBE_MD5_CAST3_CBC (0x3a3)
+#define CKM_PBE_MD5_CAST5_CBC (0x3a4)
+#define CKM_PBE_MD5_CAST128_CBC (0x3a4)
+#define CKM_PBE_SHA1_CAST5_CBC (0x3a5)
+#define CKM_PBE_SHA1_CAST128_CBC (0x3a5)
+#define CKM_PBE_SHA1_RC4_128 (0x3a6)
+#define CKM_PBE_SHA1_RC4_40 (0x3a7)
+#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8)
+#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9)
+#define CKM_PBE_SHA1_RC2_128_CBC (0x3aa)
+#define CKM_PBE_SHA1_RC2_40_CBC (0x3ab)
+#define CKM_PKCS5_PBKD2 (0x3b0)
+#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0)
+#define CKM_KEY_WRAP_LYNKS (0x400)
+#define CKM_KEY_WRAP_SET_OAEP (0x401)
+#define CKM_SKIPJACK_KEY_GEN (0x1000)
+#define CKM_SKIPJACK_ECB64 (0x1001)
+#define CKM_SKIPJACK_CBC64 (0x1002)
+#define CKM_SKIPJACK_OFB64 (0x1003)
+#define CKM_SKIPJACK_CFB64 (0x1004)
+#define CKM_SKIPJACK_CFB32 (0x1005)
+#define CKM_SKIPJACK_CFB16 (0x1006)
+#define CKM_SKIPJACK_CFB8 (0x1007)
+#define CKM_SKIPJACK_WRAP (0x1008)
+#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009)
+#define CKM_SKIPJACK_RELAYX (0x100a)
+#define CKM_KEA_KEY_PAIR_GEN (0x1010)
+#define CKM_KEA_KEY_DERIVE (0x1011)
+#define CKM_FORTEZZA_TIMESTAMP (0x1020)
+#define CKM_BATON_KEY_GEN (0x1030)
+#define CKM_BATON_ECB128 (0x1031)
+#define CKM_BATON_ECB96 (0x1032)
+#define CKM_BATON_CBC128 (0x1033)
+#define CKM_BATON_COUNTER (0x1034)
+#define CKM_BATON_SHUFFLE (0x1035)
+#define CKM_BATON_WRAP (0x1036)
+#define CKM_ECDSA_KEY_PAIR_GEN (0x1040)
+#define CKM_EC_KEY_PAIR_GEN (0x1040)
+#define CKM_ECDSA (0x1041)
+#define CKM_ECDSA_SHA1 (0x1042)
+#define CKM_ECDH1_DERIVE (0x1050)
+#define CKM_ECDH1_COFACTOR_DERIVE (0x1051)
+#define CKM_ECMQV_DERIVE (0x1052)
+#define CKM_JUNIPER_KEY_GEN (0x1060)
+#define CKM_JUNIPER_ECB128 (0x1061)
+#define CKM_JUNIPER_CBC128 (0x1062)
+#define CKM_JUNIPER_COUNTER (0x1063)
+#define CKM_JUNIPER_SHUFFLE (0x1064)
+#define CKM_JUNIPER_WRAP (0x1065)
+#define CKM_FASTHASH (0x1070)
+#define CKM_AES_KEY_GEN (0x1080)
+#define CKM_AES_ECB (0x1081)
+#define CKM_AES_CBC (0x1082)
+#define CKM_AES_MAC (0x1083)
+#define CKM_AES_MAC_GENERAL (0x1084)
+#define CKM_AES_CBC_PAD (0x1085)
+#define CKM_DSA_PARAMETER_GEN (0x2000)
+#define CKM_DH_PKCS_PARAMETER_GEN (0x2001)
+#define CKM_X9_42_DH_PARAMETER_GEN (0x2002)
+#define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+struct ck_mechanism
+{
+ ck_mechanism_type_t mechanism;
+ void *parameter;
+ unsigned long parameter_len;
+};
+
+
+struct ck_mechanism_info
+{
+ unsigned long min_key_size;
+ unsigned long max_key_size;
+ ck_flags_t flags;
+};
+
+#define CKF_HW (1 << 0)
+#define CKF_ENCRYPT (1 << 8)
+#define CKF_DECRYPT (1 << 9)
+#define CKF_DIGEST (1 << 10)
+#define CKF_SIGN (1 << 11)
+#define CKF_SIGN_RECOVER (1 << 12)
+#define CKF_VERIFY (1 << 13)
+#define CKF_VERIFY_RECOVER (1 << 14)
+#define CKF_GENERATE (1 << 15)
+#define CKF_GENERATE_KEY_PAIR (1 << 16)
+#define CKF_WRAP (1 << 17)
+#define CKF_UNWRAP (1 << 18)
+#define CKF_DERIVE (1 << 19)
+#define CKF_EXTENSION ((unsigned long) (1 << 31))
+
+
+/* Flags for C_WaitForSlotEvent. */
+#define CKF_DONT_BLOCK (1)
+
+
+typedef unsigned long ck_rv_t;
+
+
+typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
+ ck_notification_t event, void *application);
+
+/* Forward reference. */
+struct ck_function_list;
+
+#define _CK_DECLARE_FUNCTION(name, args) \
+typedef ck_rv_t (*CK_ ## name) args; \
+ck_rv_t CK_SPEC name args
+
+_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args));
+_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved));
+_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info));
+_CK_DECLARE_FUNCTION (C_GetFunctionList,
+ (struct ck_function_list **function_list));
+
+_CK_DECLARE_FUNCTION (C_GetSlotList,
+ (unsigned char token_present, ck_slot_id_t *slot_list,
+ unsigned long *count));
+_CK_DECLARE_FUNCTION (C_GetSlotInfo,
+ (ck_slot_id_t slot_id, struct ck_slot_info *info));
+_CK_DECLARE_FUNCTION (C_GetTokenInfo,
+ (ck_slot_id_t slot_id, struct ck_token_info *info));
+_CK_DECLARE_FUNCTION (C_WaitForSlotEvent,
+ (ck_flags_t flags, ck_slot_id_t *slot, void *reserved));
+_CK_DECLARE_FUNCTION (C_GetMechanismList,
+ (ck_slot_id_t slot_id,
+ ck_mechanism_type_t *mechanism_list,
+ unsigned long *count));
+_CK_DECLARE_FUNCTION (C_GetMechanismInfo,
+ (ck_slot_id_t slot_id, ck_mechanism_type_t type,
+ struct ck_mechanism_info *info));
+_CK_DECLARE_FUNCTION (C_InitToken,
+ (ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label));
+_CK_DECLARE_FUNCTION (C_InitPIN,
+ (ck_session_handle_t session, unsigned char *pin,
+ unsigned long pin_len));
+_CK_DECLARE_FUNCTION (C_SetPIN,
+ (ck_session_handle_t session, unsigned char *old_pin,
+ unsigned long old_len, unsigned char *new_pin,
+ unsigned long new_len));
+
+_CK_DECLARE_FUNCTION (C_OpenSession,
+ (ck_slot_id_t slot_id, ck_flags_t flags,
+ void *application, ck_notify_t notify,
+ ck_session_handle_t *session));
+_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session));
+_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id));
+_CK_DECLARE_FUNCTION (C_GetSessionInfo,
+ (ck_session_handle_t session,
+ struct ck_session_info *info));
+_CK_DECLARE_FUNCTION (C_GetOperationState,
+ (ck_session_handle_t session,
+ unsigned char *operation_state,
+ unsigned long *operation_state_len));
+_CK_DECLARE_FUNCTION (C_SetOperationState,
+ (ck_session_handle_t session,
+ unsigned char *operation_state,
+ unsigned long operation_state_len,
+ ck_object_handle_t encryption_key,
+ ck_object_handle_t authentiation_key));
+_CK_DECLARE_FUNCTION (C_Login,
+ (ck_session_handle_t session, ck_user_type_t user_type,
+ unsigned char *pin, unsigned long pin_len));
+_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session));
+
+_CK_DECLARE_FUNCTION (C_CreateObject,
+ (ck_session_handle_t session,
+ struct ck_attribute *templ,
+ unsigned long count, ck_object_handle_t *object));
+_CK_DECLARE_FUNCTION (C_CopyObject,
+ (ck_session_handle_t session, ck_object_handle_t object,
+ struct ck_attribute *templ, unsigned long count,
+ ck_object_handle_t *new_object));
+_CK_DECLARE_FUNCTION (C_DestroyObject,
+ (ck_session_handle_t session,
+ ck_object_handle_t object));
+_CK_DECLARE_FUNCTION (C_GetObjectSize,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ unsigned long *size));
+_CK_DECLARE_FUNCTION (C_GetAttributeValue,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count));
+_CK_DECLARE_FUNCTION (C_SetAttributeValue,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count));
+_CK_DECLARE_FUNCTION (C_FindObjectsInit,
+ (ck_session_handle_t session,
+ struct ck_attribute *templ,
+ unsigned long count));
+_CK_DECLARE_FUNCTION (C_FindObjects,
+ (ck_session_handle_t session,
+ ck_object_handle_t *object,
+ unsigned long max_object_count,
+ unsigned long *object_count));
+_CK_DECLARE_FUNCTION (C_FindObjectsFinal,
+ (ck_session_handle_t session));
+
+_CK_DECLARE_FUNCTION (C_EncryptInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Encrypt,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *encrypted_data,
+ unsigned long *encrypted_data_len));
+_CK_DECLARE_FUNCTION (C_EncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_EncryptFinal,
+ (ck_session_handle_t session,
+ unsigned char *last_encrypted_part,
+ unsigned long *last_encrypted_part_len));
+
+_CK_DECLARE_FUNCTION (C_DecryptInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Decrypt,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len));
+_CK_DECLARE_FUNCTION (C_DecryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len));
+_CK_DECLARE_FUNCTION (C_DecryptFinal,
+ (ck_session_handle_t session,
+ unsigned char *last_part,
+ unsigned long *last_part_len));
+
+_CK_DECLARE_FUNCTION (C_DigestInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism));
+_CK_DECLARE_FUNCTION (C_Digest,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *digest,
+ unsigned long *digest_len));
+_CK_DECLARE_FUNCTION (C_DigestUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_DigestKey,
+ (ck_session_handle_t session, ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_DigestFinal,
+ (ck_session_handle_t session,
+ unsigned char *digest,
+ unsigned long *digest_len));
+
+_CK_DECLARE_FUNCTION (C_SignInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Sign,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len));
+_CK_DECLARE_FUNCTION (C_SignUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_SignFinal,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long *signature_len));
+_CK_DECLARE_FUNCTION (C_SignRecoverInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_SignRecover,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len));
+
+_CK_DECLARE_FUNCTION (C_VerifyInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Verify,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long signature_len));
+_CK_DECLARE_FUNCTION (C_VerifyUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_VerifyFinal,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long signature_len));
+_CK_DECLARE_FUNCTION (C_VerifyRecoverInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_VerifyRecover,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long signature_len,
+ unsigned char *data,
+ unsigned long *data_len));
+
+_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len));
+_CK_DECLARE_FUNCTION (C_SignEncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len));
+
+_CK_DECLARE_FUNCTION (C_GenerateKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ struct ck_attribute *templ,
+ unsigned long count,
+ ck_object_handle_t *key));
+_CK_DECLARE_FUNCTION (C_GenerateKeyPair,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ struct ck_attribute *public_key_template,
+ unsigned long public_key_attribute_count,
+ struct ck_attribute *private_key_template,
+ unsigned long private_key_attribute_count,
+ ck_object_handle_t *public_key,
+ ck_object_handle_t *private_key));
+_CK_DECLARE_FUNCTION (C_WrapKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t wrapping_key,
+ ck_object_handle_t key,
+ unsigned char *wrapped_key,
+ unsigned long *wrapped_key_len));
+_CK_DECLARE_FUNCTION (C_UnwrapKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t unwrapping_key,
+ unsigned char *wrapped_key,
+ unsigned long wrapped_key_len,
+ struct ck_attribute *templ,
+ unsigned long attribute_count,
+ ck_object_handle_t *key));
+_CK_DECLARE_FUNCTION (C_DeriveKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t base_key,
+ struct ck_attribute *templ,
+ unsigned long attribute_count,
+ ck_object_handle_t *key));
+
+_CK_DECLARE_FUNCTION (C_SeedRandom,
+ (ck_session_handle_t session, unsigned char *seed,
+ unsigned long seed_len));
+_CK_DECLARE_FUNCTION (C_GenerateRandom,
+ (ck_session_handle_t session,
+ unsigned char *random_data,
+ unsigned long random_len));
+
+_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
+_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));
+
+
+struct ck_function_list
+{
+ struct ck_version version;
+ CK_C_Initialize C_Initialize;
+ CK_C_Finalize C_Finalize;
+ CK_C_GetInfo C_GetInfo;
+ CK_C_GetFunctionList C_GetFunctionList;
+ CK_C_GetSlotList C_GetSlotList;
+ CK_C_GetSlotInfo C_GetSlotInfo;
+ CK_C_GetTokenInfo C_GetTokenInfo;
+ CK_C_GetMechanismList C_GetMechanismList;
+ CK_C_GetMechanismInfo C_GetMechanismInfo;
+ CK_C_InitToken C_InitToken;
+ CK_C_InitPIN C_InitPIN;
+ CK_C_SetPIN C_SetPIN;
+ CK_C_OpenSession C_OpenSession;
+ CK_C_CloseSession C_CloseSession;
+ CK_C_CloseAllSessions C_CloseAllSessions;
+ CK_C_GetSessionInfo C_GetSessionInfo;
+ CK_C_GetOperationState C_GetOperationState;
+ CK_C_SetOperationState C_SetOperationState;
+ CK_C_Login C_Login;
+ CK_C_Logout C_Logout;
+ CK_C_CreateObject C_CreateObject;
+ CK_C_CopyObject C_CopyObject;
+ CK_C_DestroyObject C_DestroyObject;
+ CK_C_GetObjectSize C_GetObjectSize;
+ CK_C_GetAttributeValue C_GetAttributeValue;
+ CK_C_SetAttributeValue C_SetAttributeValue;
+ CK_C_FindObjectsInit C_FindObjectsInit;
+ CK_C_FindObjects C_FindObjects;
+ CK_C_FindObjectsFinal C_FindObjectsFinal;
+ CK_C_EncryptInit C_EncryptInit;
+ CK_C_Encrypt C_Encrypt;
+ CK_C_EncryptUpdate C_EncryptUpdate;
+ CK_C_EncryptFinal C_EncryptFinal;
+ CK_C_DecryptInit C_DecryptInit;
+ CK_C_Decrypt C_Decrypt;
+ CK_C_DecryptUpdate C_DecryptUpdate;
+ CK_C_DecryptFinal C_DecryptFinal;
+ CK_C_DigestInit C_DigestInit;
+ CK_C_Digest C_Digest;
+ CK_C_DigestUpdate C_DigestUpdate;
+ CK_C_DigestKey C_DigestKey;
+ CK_C_DigestFinal C_DigestFinal;
+ CK_C_SignInit C_SignInit;
+ CK_C_Sign C_Sign;
+ CK_C_SignUpdate C_SignUpdate;
+ CK_C_SignFinal C_SignFinal;
+ CK_C_SignRecoverInit C_SignRecoverInit;
+ CK_C_SignRecover C_SignRecover;
+ CK_C_VerifyInit C_VerifyInit;
+ CK_C_Verify C_Verify;
+ CK_C_VerifyUpdate C_VerifyUpdate;
+ CK_C_VerifyFinal C_VerifyFinal;
+ CK_C_VerifyRecoverInit C_VerifyRecoverInit;
+ CK_C_VerifyRecover C_VerifyRecover;
+ CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
+ CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
+ CK_C_SignEncryptUpdate C_SignEncryptUpdate;
+ CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
+ CK_C_GenerateKey C_GenerateKey;
+ CK_C_GenerateKeyPair C_GenerateKeyPair;
+ CK_C_WrapKey C_WrapKey;
+ CK_C_UnwrapKey C_UnwrapKey;
+ CK_C_DeriveKey C_DeriveKey;
+ CK_C_SeedRandom C_SeedRandom;
+ CK_C_GenerateRandom C_GenerateRandom;
+ CK_C_GetFunctionStatus C_GetFunctionStatus;
+ CK_C_CancelFunction C_CancelFunction;
+ CK_C_WaitForSlotEvent C_WaitForSlotEvent;
+};
+
+
+typedef ck_rv_t (*ck_createmutex_t) (void **mutex);
+typedef ck_rv_t (*ck_destroymutex_t) (void *mutex);
+typedef ck_rv_t (*ck_lockmutex_t) (void *mutex);
+typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex);
+
+
+struct ck_c_initialize_args
+{
+ ck_createmutex_t create_mutex;
+ ck_destroymutex_t destroy_mutex;
+ ck_lockmutex_t lock_mutex;
+ ck_unlockmutex_t unlock_mutex;
+ ck_flags_t flags;
+ void *reserved;
+};
+
+
+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0)
+#define CKF_OS_LOCKING_OK (1 << 1)
+
+#define CKR_OK (0)
+#define CKR_CANCEL (1)
+#define CKR_HOST_MEMORY (2)
+#define CKR_SLOT_ID_INVALID (3)
+#define CKR_GENERAL_ERROR (5)
+#define CKR_FUNCTION_FAILED (6)
+#define CKR_ARGUMENTS_BAD (7)
+#define CKR_NO_EVENT (8)
+#define CKR_NEED_TO_CREATE_THREADS (9)
+#define CKR_CANT_LOCK (0xa)
+#define CKR_ATTRIBUTE_READ_ONLY (0x10)
+#define CKR_ATTRIBUTE_SENSITIVE (0x11)
+#define CKR_ATTRIBUTE_TYPE_INVALID (0x12)
+#define CKR_ATTRIBUTE_VALUE_INVALID (0x13)
+#define CKR_DATA_INVALID (0x20)
+#define CKR_DATA_LEN_RANGE (0x21)
+#define CKR_DEVICE_ERROR (0x30)
+#define CKR_DEVICE_MEMORY (0x31)
+#define CKR_DEVICE_REMOVED (0x32)
+#define CKR_ENCRYPTED_DATA_INVALID (0x40)
+#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41)
+#define CKR_FUNCTION_CANCELED (0x50)
+#define CKR_FUNCTION_NOT_PARALLEL (0x51)
+#define CKR_FUNCTION_NOT_SUPPORTED (0x54)
+#define CKR_KEY_HANDLE_INVALID (0x60)
+#define CKR_KEY_SIZE_RANGE (0x62)
+#define CKR_KEY_TYPE_INCONSISTENT (0x63)
+#define CKR_KEY_NOT_NEEDED (0x64)
+#define CKR_KEY_CHANGED (0x65)
+#define CKR_KEY_NEEDED (0x66)
+#define CKR_KEY_INDIGESTIBLE (0x67)
+#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68)
+#define CKR_KEY_NOT_WRAPPABLE (0x69)
+#define CKR_KEY_UNEXTRACTABLE (0x6a)
+#define CKR_MECHANISM_INVALID (0x70)
+#define CKR_MECHANISM_PARAM_INVALID (0x71)
+#define CKR_OBJECT_HANDLE_INVALID (0x82)
+#define CKR_OPERATION_ACTIVE (0x90)
+#define CKR_OPERATION_NOT_INITIALIZED (0x91)
+#define CKR_PIN_INCORRECT (0xa0)
+#define CKR_PIN_INVALID (0xa1)
+#define CKR_PIN_LEN_RANGE (0xa2)
+#define CKR_PIN_EXPIRED (0xa3)
+#define CKR_PIN_LOCKED (0xa4)
+#define CKR_SESSION_CLOSED (0xb0)
+#define CKR_SESSION_COUNT (0xb1)
+#define CKR_SESSION_HANDLE_INVALID (0xb3)
+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4)
+#define CKR_SESSION_READ_ONLY (0xb5)
+#define CKR_SESSION_EXISTS (0xb6)
+#define CKR_SESSION_READ_ONLY_EXISTS (0xb7)
+#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8)
+#define CKR_SIGNATURE_INVALID (0xc0)
+#define CKR_SIGNATURE_LEN_RANGE (0xc1)
+#define CKR_TEMPLATE_INCOMPLETE (0xd0)
+#define CKR_TEMPLATE_INCONSISTENT (0xd1)
+#define CKR_TOKEN_NOT_PRESENT (0xe0)
+#define CKR_TOKEN_NOT_RECOGNIZED (0xe1)
+#define CKR_TOKEN_WRITE_PROTECTED (0xe2)
+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0)
+#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1)
+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2)
+#define CKR_USER_ALREADY_LOGGED_IN (0x100)
+#define CKR_USER_NOT_LOGGED_IN (0x101)
+#define CKR_USER_PIN_NOT_INITIALIZED (0x102)
+#define CKR_USER_TYPE_INVALID (0x103)
+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104)
+#define CKR_USER_TOO_MANY_TYPES (0x105)
+#define CKR_WRAPPED_KEY_INVALID (0x110)
+#define CKR_WRAPPED_KEY_LEN_RANGE (0x112)
+#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113)
+#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114)
+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115)
+#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120)
+#define CKR_RANDOM_NO_RNG (0x121)
+#define CKR_DOMAIN_PARAMS_INVALID (0x130)
+#define CKR_BUFFER_TOO_SMALL (0x150)
+#define CKR_SAVED_STATE_INVALID (0x160)
+#define CKR_INFORMATION_SENSITIVE (0x170)
+#define CKR_STATE_UNSAVEABLE (0x180)
+#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190)
+#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191)
+#define CKR_MUTEX_BAD (0x1a0)
+#define CKR_MUTEX_NOT_LOCKED (0x1a1)
+#define CKR_FUNCTION_REJECTED (0x200)
+#define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+
+/* Compatibility layer. */
+
+#ifdef CRYPTOKI_COMPAT
+
+#undef CK_DEFINE_FUNCTION
+#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name
+
+/* For NULL. */
+#include <stddef.h>
+
+typedef unsigned char CK_BYTE;
+typedef unsigned char CK_CHAR;
+typedef unsigned char CK_UTF8CHAR;
+typedef unsigned char CK_BBOOL;
+typedef unsigned long int CK_ULONG;
+typedef long int CK_LONG;
+typedef CK_BYTE *CK_BYTE_PTR;
+typedef CK_CHAR *CK_CHAR_PTR;
+typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR;
+typedef CK_ULONG *CK_ULONG_PTR;
+typedef void *CK_VOID_PTR;
+typedef void **CK_VOID_PTR_PTR;
+#define CK_FALSE 0
+#define CK_TRUE 1
+#ifndef CK_DISABLE_TRUE_FALSE
+#ifndef FALSE
+#define FALSE 0
+#endif
+#ifndef TRUE
+#define TRUE 1
+#endif
+#endif
+
+typedef struct ck_version CK_VERSION;
+typedef struct ck_version *CK_VERSION_PTR;
+
+typedef struct ck_info CK_INFO;
+typedef struct ck_info *CK_INFO_PTR;
+
+typedef ck_slot_id_t *CK_SLOT_ID_PTR;
+
+typedef struct ck_slot_info CK_SLOT_INFO;
+typedef struct ck_slot_info *CK_SLOT_INFO_PTR;
+
+typedef struct ck_token_info CK_TOKEN_INFO;
+typedef struct ck_token_info *CK_TOKEN_INFO_PTR;
+
+typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR;
+
+typedef struct ck_session_info CK_SESSION_INFO;
+typedef struct ck_session_info *CK_SESSION_INFO_PTR;
+
+typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR;
+
+typedef ck_object_class_t *CK_OBJECT_CLASS_PTR;
+
+typedef struct ck_attribute CK_ATTRIBUTE;
+typedef struct ck_attribute *CK_ATTRIBUTE_PTR;
+
+typedef struct ck_date CK_DATE;
+typedef struct ck_date *CK_DATE_PTR;
+
+typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;
+
+typedef struct ck_mechanism CK_MECHANISM;
+typedef struct ck_mechanism *CK_MECHANISM_PTR;
+
+typedef struct ck_mechanism_info CK_MECHANISM_INFO;
+typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;
+
+typedef struct ck_function_list CK_FUNCTION_LIST;
+typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
+typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
+
+typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
+typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
+
+#define NULL_PTR NULL
+
+/* Delete the helper macros defined at the top of the file. */
+#undef ck_flags_t
+#undef ck_version
+
+#undef ck_info
+#undef cryptoki_version
+#undef manufacturer_id
+#undef library_description
+#undef library_version
+
+#undef ck_notification_t
+#undef ck_slot_id_t
+
+#undef ck_slot_info
+#undef slot_description
+#undef hardware_version
+#undef firmware_version
+
+#undef ck_token_info
+#undef serial_number
+#undef max_session_count
+#undef session_count
+#undef max_rw_session_count
+#undef rw_session_count
+#undef max_pin_len
+#undef min_pin_len
+#undef total_public_memory
+#undef free_public_memory
+#undef total_private_memory
+#undef free_private_memory
+#undef utc_time
+
+#undef ck_session_handle_t
+#undef ck_user_type_t
+#undef ck_state_t
+
+#undef ck_session_info
+#undef slot_id
+#undef device_error
+
+#undef ck_object_handle_t
+#undef ck_object_class_t
+#undef ck_hw_feature_type_t
+#undef ck_key_type_t
+#undef ck_certificate_type_t
+#undef ck_attribute_type_t
+
+#undef ck_attribute
+#undef value
+#undef value_len
+
+#undef ck_date
+
+#undef ck_mechanism_type_t
+
+#undef ck_mechanism
+#undef parameter
+#undef parameter_len
+
+#undef ck_mechanism_info
+#undef min_key_size
+#undef max_key_size
+
+#undef ck_rv_t
+#undef ck_notify_t
+
+#undef ck_function_list
+
+#undef ck_createmutex_t
+#undef ck_destroymutex_t
+#undef ck_lockmutex_t
+#undef ck_unlockmutex_t
+
+#undef ck_c_initialize_args
+#undef create_mutex
+#undef destroy_mutex
+#undef lock_mutex
+#undef unlock_mutex
+#undef reserved
+
+#endif /* CRYPTOKI_COMPAT */
+
+
+/* System dependencies. */
+#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
+#pragma pack(pop, cryptoki)
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* PKCS11_H */
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c
new file mode 100644
index 000000000..1b1448c6a
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c
@@ -0,0 +1,249 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_creds.h"
+
+#include <debug.h>
+#include <utils/linked_list.h>
+
+typedef struct private_pkcs11_creds_t private_pkcs11_creds_t;
+
+/**
+ * Private data of an pkcs11_creds_t object.
+ */
+struct private_pkcs11_creds_t {
+
+ /**
+ * Public pkcs11_creds_t interface.
+ */
+ pkcs11_creds_t public;
+
+ /**
+ * PKCS# library
+ */
+ pkcs11_library_t *lib;
+
+ /**
+ * Token slot
+ */
+ CK_SLOT_ID slot;
+
+ /**
+ * List of trusted certificates
+ */
+ linked_list_t *trusted;
+
+ /**
+ * List of untrusted certificates
+ */
+ linked_list_t *untrusted;
+};
+
+/**
+ * Find certificates, optionally trusted
+ */
+static void find_certificates(private_pkcs11_creds_t *this,
+ CK_SESSION_HANDLE session, CK_BBOOL trusted)
+{
+ CK_OBJECT_CLASS class = CKO_CERTIFICATE;
+ CK_CERTIFICATE_TYPE type = CKC_X_509;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_CERTIFICATE_TYPE, &type, sizeof(type)},
+ {CKA_TRUSTED, &trusted, sizeof(trusted)},
+ };
+ CK_OBJECT_HANDLE object;
+ CK_ATTRIBUTE attr[] = {
+ {CKA_VALUE, NULL, 0},
+ {CKA_LABEL, NULL, 0},
+ };
+ enumerator_t *enumerator;
+ linked_list_t *raw;
+ certificate_t *cert;
+ struct {
+ chunk_t value;
+ chunk_t label;
+ } *entry;
+
+ raw = linked_list_create();
+ enumerator = this->lib->create_object_enumerator(this->lib,
+ session, tmpl, countof(tmpl), attr, countof(attr));
+ while (enumerator->enumerate(enumerator, &object))
+ {
+ entry = malloc(sizeof(*entry));
+ entry->value = chunk_clone(
+ chunk_create(attr[0].pValue, attr[0].ulValueLen));
+ entry->label = chunk_clone(
+ chunk_create(attr[1].pValue, attr[1].ulValueLen));
+ raw->insert_last(raw, entry);
+ }
+ enumerator->destroy(enumerator);
+
+ while (raw->remove_first(raw, (void**)&entry) == SUCCESS)
+ {
+ cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ BUILD_BLOB_ASN1_DER, entry->value,
+ BUILD_END);
+ if (cert)
+ {
+ DBG1(DBG_CFG, " loaded %strusted cert '%.*s'",
+ trusted ? "" : "un", entry->label.len, entry->label.ptr);
+ /* trusted certificates are also returned as untrusted */
+ this->untrusted->insert_last(this->untrusted, cert);
+ if (trusted)
+ {
+ this->trusted->insert_last(this->trusted, cert->get_ref(cert));
+ }
+ }
+ else
+ {
+ DBG1(DBG_CFG, " loading cert '%.*s' failed",
+ entry->label.len, entry->label.ptr);
+ }
+ free(entry->value.ptr);
+ free(entry->label.ptr);
+ free(entry);
+ }
+ raw->destroy(raw);
+}
+
+/**
+ * Load in the certificates from the token
+ */
+static bool load_certificates(private_pkcs11_creds_t *this)
+{
+ CK_SESSION_HANDLE session;
+ CK_RV rv;
+
+ rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION,
+ NULL, NULL, &session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening session failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+
+ find_certificates(this, session, CK_TRUE);
+ find_certificates(this, session, CK_FALSE);
+
+ this->lib->f->C_CloseSession(session);
+ return TRUE;
+}
+
+/**
+ * filter function for certs enumerator
+ */
+static bool certs_filter(identification_t *id,
+ certificate_t **in, certificate_t **out)
+{
+ public_key_t *public;
+ certificate_t *cert = *in;
+
+ if (id == NULL || cert->has_subject(cert, id))
+ {
+ *out = *in;
+ return TRUE;
+ }
+ public = cert->get_public_key(cert);
+ if (public)
+ {
+ if (public->has_fingerprint(public, id->get_encoding(id)))
+ {
+ public->destroy(public);
+ *out = *in;
+ return TRUE;
+ }
+ public->destroy(public);
+ }
+ return FALSE;
+}
+
+METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
+ private_pkcs11_creds_t *this, certificate_type_t cert, key_type_t key,
+ identification_t *id, bool trusted)
+{
+ enumerator_t *inner;
+
+ if (cert != CERT_X509 && cert != CERT_ANY)
+ {
+ return NULL;
+ }
+ if (trusted)
+ {
+ inner = this->trusted->create_enumerator(this->trusted);
+ }
+ else
+ {
+ inner = this->untrusted->create_enumerator(this->untrusted);
+ }
+ return enumerator_create_filter(inner, (void*)certs_filter, id, NULL);
+}
+
+METHOD(pkcs11_creds_t, get_library, pkcs11_library_t*,
+ private_pkcs11_creds_t *this)
+{
+ return this->lib;
+}
+
+METHOD(pkcs11_creds_t, get_slot, CK_SLOT_ID,
+ private_pkcs11_creds_t *this)
+{
+ return this->slot;
+}
+
+METHOD(pkcs11_creds_t, destroy, void,
+ private_pkcs11_creds_t *this)
+{
+ this->trusted->destroy_offset(this->trusted,
+ offsetof(certificate_t, destroy));
+ this->untrusted->destroy_offset(this->untrusted,
+ offsetof(certificate_t, destroy));
+ free(this);
+}
+
+/**
+ * See header
+ */
+pkcs11_creds_t *pkcs11_creds_create(pkcs11_library_t *p11, CK_SLOT_ID slot)
+{
+ private_pkcs11_creds_t *this;
+
+ INIT(this,
+ .public = {
+ .set = {
+ .create_shared_enumerator = (void*)enumerator_create_empty,
+ .create_private_enumerator = (void*)enumerator_create_empty,
+ .create_cert_enumerator = _create_cert_enumerator,
+ .create_cdp_enumerator = (void*)enumerator_create_empty,
+ .cache_cert = (void*)nop,
+ },
+ .get_library = _get_library,
+ .get_slot = _get_slot,
+ .destroy = _destroy,
+ },
+ .lib = p11,
+ .slot = slot,
+ .trusted = linked_list_create(),
+ .untrusted = linked_list_create(),
+ );
+
+ if (!load_certificates(this))
+ {
+ destroy(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.h b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.h
new file mode 100644
index 000000000..c40a8dea6
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11_creds pkcs11_creds
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_CREDS_H_
+#define PKCS11_CREDS_H_
+
+typedef struct pkcs11_creds_t pkcs11_creds_t;
+
+#include "pkcs11_library.h"
+
+#include <credentials/credential_manager.h>
+
+/**
+ * Credential set on top on a PKCS#11 token.
+ */
+struct pkcs11_creds_t {
+
+ /**
+ * Implements credential_set_t.
+ */
+ credential_set_t set;
+
+ /**
+ * Get the PKCS#11 library this set uses.
+ *
+ * @return library
+ */
+ pkcs11_library_t* (*get_library)(pkcs11_creds_t *this);
+
+ /**
+ * Get the slot of the token this set uses.
+ *
+ * @return slot
+ */
+ CK_SLOT_ID (*get_slot)(pkcs11_creds_t *this);
+
+ /**
+ * Destroy a pkcs11_creds_t.
+ */
+ void (*destroy)(pkcs11_creds_t *this);
+};
+
+/**
+ * Create a pkcs11_creds instance.
+ *
+ * @param p11 loaded PKCS#11 library
+ * @param slot slot of the token we hand out credentials
+ */
+pkcs11_creds_t *pkcs11_creds_create(pkcs11_library_t *p11, CK_SLOT_ID slot);
+
+#endif /** PKCS11_CREDS_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
new file mode 100644
index 000000000..6d327be40
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
@@ -0,0 +1,323 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_hasher.h"
+
+#include <unistd.h>
+
+#include <debug.h>
+#include <threading/mutex.h>
+
+#include "pkcs11_manager.h"
+
+typedef struct private_pkcs11_hasher_t private_pkcs11_hasher_t;
+
+/**
+ * Private data of an pkcs11_hasher_t object.
+ */
+struct private_pkcs11_hasher_t {
+
+ /**
+ * Public pkcs11_hasher_t interface.
+ */
+ pkcs11_hasher_t public;
+
+ /**
+ * PKCS#11 library
+ */
+ pkcs11_library_t *lib;
+
+ /**
+ * Mechanism for this hasher
+ */
+ CK_MECHANISM_PTR mech;
+
+ /**
+ * Token session
+ */
+ CK_SESSION_HANDLE session;
+
+ /**
+ * size of the hash
+ */
+ size_t size;
+
+ /**
+ * Mutex to lock the tokens hashing engine
+ */
+ mutex_t *mutex;
+
+ /**
+ * do we have an initialized state?
+ */
+ bool have_state;
+
+ /**
+ * state buffer
+ */
+ CK_BYTE_PTR state;
+
+ /**
+ * Length of the state buffer
+ */
+ CK_ULONG state_len;
+};
+
+METHOD(hasher_t, get_hash_size, size_t,
+ private_pkcs11_hasher_t *this)
+{
+ return this->size;
+}
+
+/**
+ * Save the Operation state to host memory
+ */
+static void save_state(private_pkcs11_hasher_t *this)
+{
+ CK_RV rv;
+
+ while (TRUE)
+ {
+ if (!this->state)
+ {
+ rv = this->lib->f->C_GetOperationState(this->session, NULL,
+ &this->state_len);
+ if (rv != CKR_OK)
+ {
+ break;
+ }
+ this->state = malloc(this->state_len);
+ }
+ rv = this->lib->f->C_GetOperationState(this->session, this->state,
+ &this->state_len);
+ switch (rv)
+ {
+ case CKR_BUFFER_TOO_SMALL:
+ free(this->state);
+ this->state = NULL;
+ continue;
+ case CKR_OK:
+ this->have_state = TRUE;
+ return;
+ default:
+ break;
+ }
+ break;
+ }
+ DBG1(DBG_CFG, "C_GetOperationState() failed: %N", ck_rv_names, rv);
+ abort();
+}
+
+/**
+ * Load the Operation state from host memory
+ */
+static void load_state(private_pkcs11_hasher_t *this)
+{
+ CK_RV rv;
+
+ rv = this->lib->f->C_SetOperationState(this->session, this->state,
+ this->state_len, CK_INVALID_HANDLE, CK_INVALID_HANDLE);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_SetOperationState() failed: %N", ck_rv_names, rv);
+ abort();
+ }
+ this->have_state = FALSE;
+}
+
+METHOD(hasher_t, reset, void,
+ private_pkcs11_hasher_t *this)
+{
+ this->have_state = FALSE;
+}
+
+METHOD(hasher_t, get_hash, void,
+ private_pkcs11_hasher_t *this, chunk_t chunk, u_int8_t *hash)
+{
+ CK_RV rv;
+ CK_ULONG len;
+
+ this->mutex->lock(this->mutex);
+ if (this->have_state)
+ {
+ load_state(this);
+ }
+ else
+ {
+ rv = this->lib->f->C_DigestInit(this->session, this->mech);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_DigestInit() failed: %N", ck_rv_names, rv);
+ abort();
+ }
+ }
+ if (chunk.len)
+ {
+ rv = this->lib->f->C_DigestUpdate(this->session, chunk.ptr, chunk.len);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_DigestUpdate() failed: %N", ck_rv_names, rv);
+ abort();
+ }
+ }
+ if (hash)
+ {
+ len = this->size;
+ rv = this->lib->f->C_DigestFinal(this->session,
+ hash, &len);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_DigestFinal() failed: %N", ck_rv_names, rv);
+ abort();
+ }
+ }
+ else
+ {
+ save_state(this);
+ }
+ this->mutex->unlock(this->mutex);
+}
+
+METHOD(hasher_t, allocate_hash, void,
+ private_pkcs11_hasher_t *this, chunk_t chunk, chunk_t *hash)
+{
+ if (hash)
+ {
+ *hash = chunk_alloc(this->size);
+ get_hash(this, chunk, hash->ptr);
+ }
+ else
+ {
+ get_hash(this, chunk, NULL);
+ }
+}
+
+METHOD(hasher_t, destroy, void,
+ private_pkcs11_hasher_t *this)
+{
+ this->lib->f->C_CloseSession(this->session);
+ this->mutex->destroy(this->mutex);
+ free(this);
+}
+
+/**
+ * Get the Cryptoki mechanism for a hash algorithm
+ */
+static CK_MECHANISM_PTR algo_to_mechanism(hash_algorithm_t algo, size_t *size)
+{
+ static struct {
+ hash_algorithm_t algo;
+ CK_MECHANISM mechanism;
+ size_t size;
+ } mappings[] = {
+ {HASH_MD2, {CKM_MD2, NULL, 0}, HASH_SIZE_MD2},
+ {HASH_MD5, {CKM_MD5, NULL, 0}, HASH_SIZE_MD5},
+ {HASH_SHA1, {CKM_SHA_1, NULL, 0}, HASH_SIZE_SHA1},
+ {HASH_SHA256, {CKM_SHA256, NULL, 0}, HASH_SIZE_SHA256},
+ {HASH_SHA384, {CKM_SHA384, NULL, 0}, HASH_SIZE_SHA384},
+ {HASH_SHA512, {CKM_SHA512, NULL, 0}, HASH_SIZE_SHA512},
+ };
+ int i;
+
+ for (i = 0; i < countof(mappings); i++)
+ {
+ if (mappings[i].algo == algo)
+ {
+ *size = mappings[i].size;
+ return &mappings[i].mechanism;
+ }
+ }
+ return NULL;
+}
+
+/**
+ * Find a token we can use for a hash algorithm
+ */
+static pkcs11_library_t* find_token(hash_algorithm_t algo,
+ CK_SESSION_HANDLE *session, CK_MECHANISM_PTR *mout, size_t *size)
+{
+ enumerator_t *tokens, *mechs;
+ pkcs11_manager_t *manager;
+ pkcs11_library_t *current, *found = NULL;
+ CK_MECHANISM_TYPE type;
+ CK_MECHANISM_PTR mech;
+ CK_SLOT_ID slot;
+
+ mech = algo_to_mechanism(algo, size);
+ if (!mech)
+ {
+ return NULL;
+ }
+ manager = pkcs11_manager_get();
+ if (!manager)
+ {
+ return NULL;
+ }
+ tokens = manager->create_token_enumerator(manager);
+ while (tokens->enumerate(tokens, &current, &slot))
+ {
+ mechs = current->create_mechanism_enumerator(current, slot);
+ while (mechs->enumerate(mechs, &type, NULL))
+ {
+ if (type == mech->mechanism)
+ {
+ if (current->f->C_OpenSession(slot, CKF_SERIAL_SESSION,
+ NULL, NULL, session) == CKR_OK)
+ {
+ found = current;
+ *mout = mech;
+ break;
+ }
+ }
+ }
+ mechs->destroy(mechs);
+ if (found)
+ {
+ break;
+ }
+ }
+ tokens->destroy(tokens);
+ return found;
+}
+
+/**
+ * See header
+ */
+pkcs11_hasher_t *pkcs11_hasher_create(hash_algorithm_t algo)
+{
+ private_pkcs11_hasher_t *this;
+
+ INIT(this,
+ .public = {
+ .hasher = {
+ .get_hash_size = _get_hash_size,
+ .reset = _reset,
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .destroy = _destroy,
+ },
+ },
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ );
+
+ this->lib = find_token(algo, &this->session, &this->mech, &this->size);
+ if (!this->lib)
+ {
+ free(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h
new file mode 100644
index 000000000..9c55d463e
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11_hasher pkcs11_hasher
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_HASHER_H_
+#define PKCS11_HASHER_H_
+
+#include <crypto/hashers/hasher.h>
+
+typedef struct pkcs11_hasher_t pkcs11_hasher_t;
+
+/**
+ * Hash implementation using a PKCS#11 token.
+ */
+struct pkcs11_hasher_t {
+
+ /**
+ * Implements hasher_t interface.
+ */
+ hasher_t hasher;
+};
+
+/**
+ * Creates a PKCS#11 based hasher.
+ *
+ * @param algo hash algorithm
+ * @return hasher, NULL if not supported
+ */
+pkcs11_hasher_t *pkcs11_hasher_create(hash_algorithm_t algo);
+
+#endif /** PKCS11_HASHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
new file mode 100644
index 000000000..9fb1b7769
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
@@ -0,0 +1,869 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_library.h"
+
+#include <dlfcn.h>
+
+#include <library.h>
+#include <debug.h>
+#include <threading/mutex.h>
+#include <utils/linked_list.h>
+
+typedef struct private_pkcs11_library_t private_pkcs11_library_t;
+
+
+ENUM_BEGIN(ck_rv_names, CKR_OK, CKR_CANT_LOCK,
+ "OK",
+ "CANCEL",
+ "HOST_MEMORY",
+ "SLOT_ID_INVALID",
+ "(0x04)",
+ "GENERAL_ERROR",
+ "FUNCTION_FAILED",
+ "ARGUMENTS_BAD",
+ "NO_EVENT",
+ "NEED_TO_CREATE_THREADS",
+ "CANT_LOCK");
+ENUM_NEXT(ck_rv_names, CKR_ATTRIBUTE_READ_ONLY, CKR_ATTRIBUTE_VALUE_INVALID,
+ CKR_CANT_LOCK,
+ "ATTRIBUTE_READ_ONLY",
+ "ATTRIBUTE_SENSITIVE",
+ "ATTRIBUTE_TYPE_INVALID",
+ "ATTRIBUTE_VALUE_INVALID");
+ENUM_NEXT(ck_rv_names, CKR_DATA_INVALID, CKR_DATA_LEN_RANGE,
+ CKR_ATTRIBUTE_VALUE_INVALID,
+ "DATA_INVALID"
+ "DATA_LEN_RANGE");
+ENUM_NEXT(ck_rv_names, CKR_DEVICE_ERROR, CKR_DEVICE_REMOVED,
+ CKR_DATA_LEN_RANGE,
+ "DEVICE_ERROR",
+ "DEVICE_MEMORY",
+ "DEVICE_REMOVED");
+ENUM_NEXT(ck_rv_names, CKR_ENCRYPTED_DATA_INVALID, CKR_ENCRYPTED_DATA_LEN_RANGE,
+ CKR_DEVICE_REMOVED,
+ "ENCRYPTED_DATA_INVALID",
+ "ENCRYPTED_DATA_LEN_RANGE");
+ENUM_NEXT(ck_rv_names, CKR_FUNCTION_CANCELED, CKR_FUNCTION_NOT_SUPPORTED,
+ CKR_ENCRYPTED_DATA_LEN_RANGE,
+ "FUNCTION_CANCELED",
+ "FUNCTION_NOT_PARALLEL",
+ "(0x52)",
+ "(0x53)",
+ "FUNCTION_NOT_SUPPORTED");
+ENUM_NEXT(ck_rv_names, CKR_KEY_HANDLE_INVALID, CKR_KEY_UNEXTRACTABLE,
+ CKR_FUNCTION_NOT_SUPPORTED,
+ "KEY_HANDLE_INVALID",
+ "(0x61)",
+ "KEY_SIZE_RANGE",
+ "KEY_TYPE_INCONSISTENT",
+ "KEY_NOT_NEEDED",
+ "KEY_CHANGED",
+ "KEY_NEEDED",
+ "KEY_INDIGESTIBLE",
+ "KEY_FUNCTION_NOT_PERMITTED",
+ "KEY_NOT_WRAPPABLE",
+ "KEY_UNEXTRACTABLE");
+ENUM_NEXT(ck_rv_names, CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID,
+ CKR_KEY_UNEXTRACTABLE,
+ "MECHANISM_INVALID",
+ "MECHANISM_PARAM_INVALID");
+ENUM_NEXT(ck_rv_names, CKR_OBJECT_HANDLE_INVALID, CKR_OBJECT_HANDLE_INVALID,
+ CKR_MECHANISM_PARAM_INVALID,
+ "OBJECT_HANDLE_INVALID");
+ENUM_NEXT(ck_rv_names, CKR_OPERATION_ACTIVE, CKR_OPERATION_NOT_INITIALIZED,
+ CKR_OBJECT_HANDLE_INVALID,
+ "OPERATION_ACTIVE",
+ "OPERATION_NOT_INITIALIZED");
+ENUM_NEXT(ck_rv_names, CKR_PIN_INCORRECT, CKR_PIN_LOCKED,
+ CKR_OPERATION_NOT_INITIALIZED,
+ "PIN_INCORRECT",
+ "PIN_INVALID",
+ "PIN_LEN_RANGE",
+ "PIN_EXPIRED",
+ "PIN_LOCKED");
+ENUM_NEXT(ck_rv_names, CKR_SESSION_CLOSED, CKR_SESSION_READ_WRITE_SO_EXISTS,
+ CKR_PIN_LOCKED,
+ "SESSION_CLOSED",
+ "SESSION_COUNT",
+ "(0xb2)",
+ "SESSION_HANDLE_INVALID",
+ "SESSION_PARALLEL_NOT_SUPPORTED",
+ "SESSION_READ_ONLY",
+ "SESSION_EXISTS",
+ "SESSION_READ_ONLY_EXISTS",
+ "SESSION_READ_WRITE_SO_EXISTS");
+ENUM_NEXT(ck_rv_names, CKR_SIGNATURE_INVALID, CKR_SIGNATURE_LEN_RANGE,
+ CKR_SESSION_READ_WRITE_SO_EXISTS,
+ "SIGNATURE_INVALID",
+ "SIGNATURE_LEN_RANGE");
+ENUM_NEXT(ck_rv_names, CKR_TEMPLATE_INCOMPLETE, CKR_TEMPLATE_INCONSISTENT,
+ CKR_SIGNATURE_LEN_RANGE,
+ "TEMPLATE_INCOMPLETE",
+ "TEMPLATE_INCONSISTENT",
+);
+ENUM_NEXT(ck_rv_names, CKR_TOKEN_NOT_PRESENT, CKR_TOKEN_WRITE_PROTECTED,
+ CKR_TEMPLATE_INCONSISTENT,
+ "TOKEN_NOT_PRESENT",
+ "TOKEN_NOT_RECOGNIZED",
+ "TOKEN_WRITE_PROTECTED");
+ENUM_NEXT(ck_rv_names, CKR_UNWRAPPING_KEY_HANDLE_INVALID, CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT,
+ CKR_TOKEN_WRITE_PROTECTED,
+ "UNWRAPPING_KEY_HANDLE_INVALID",
+ "UNWRAPPING_KEY_SIZE_RANGE",
+ "UNWRAPPING_KEY_TYPE_INCONSISTENT");
+ENUM_NEXT(ck_rv_names, CKR_USER_ALREADY_LOGGED_IN, CKR_USER_TOO_MANY_TYPES,
+ CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT,
+ "USER_ALREADY_LOGGED_IN",
+ "USER_NOT_LOGGED_IN",
+ "USER_PIN_NOT_INITIALIZED",
+ "USER_TYPE_INVALID",
+ "USER_ANOTHER_ALREADY_LOGGED_IN",
+ "USER_TOO_MANY_TYPES");
+ENUM_NEXT(ck_rv_names, CKR_WRAPPED_KEY_INVALID, CKR_WRAPPING_KEY_TYPE_INCONSISTENT,
+ CKR_USER_TOO_MANY_TYPES,
+ "WRAPPED_KEY_INVALID",
+ "(0x111)",
+ "WRAPPED_KEY_LEN_RANGE",
+ "WRAPPING_KEY_HANDLE_INVALID",
+ "WRAPPING_KEY_SIZE_RANGE",
+ "WRAPPING_KEY_TYPE_INCONSISTENT");
+ENUM_NEXT(ck_rv_names, CKR_RANDOM_SEED_NOT_SUPPORTED, CKR_RANDOM_NO_RNG,
+ CKR_WRAPPING_KEY_TYPE_INCONSISTENT,
+ "RANDOM_SEED_NOT_SUPPORTED",
+ "RANDOM_NO_RNG");
+ENUM_NEXT(ck_rv_names, CKR_DOMAIN_PARAMS_INVALID, CKR_DOMAIN_PARAMS_INVALID,
+ CKR_RANDOM_NO_RNG,
+ "DOMAIN_PARAMS_INVALID");
+ENUM_NEXT(ck_rv_names, CKR_BUFFER_TOO_SMALL, CKR_BUFFER_TOO_SMALL,
+ CKR_DOMAIN_PARAMS_INVALID,
+ "BUFFER_TOO_SMALL");
+ENUM_NEXT(ck_rv_names, CKR_SAVED_STATE_INVALID, CKR_SAVED_STATE_INVALID,
+ CKR_BUFFER_TOO_SMALL,
+ "SAVED_STATE_INVALID");
+ENUM_NEXT(ck_rv_names, CKR_INFORMATION_SENSITIVE, CKR_INFORMATION_SENSITIVE,
+ CKR_SAVED_STATE_INVALID,
+ "INFORMATION_SENSITIVE");
+ENUM_NEXT(ck_rv_names, CKR_STATE_UNSAVEABLE, CKR_STATE_UNSAVEABLE,
+ CKR_INFORMATION_SENSITIVE,
+ "STATE_UNSAVEABLE");
+ENUM_NEXT(ck_rv_names, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_CRYPTOKI_ALREADY_INITIALIZED,
+ CKR_STATE_UNSAVEABLE,
+ "CRYPTOKI_NOT_INITIALIZED",
+ "CRYPTOKI_ALREADY_INITIALIZED");
+ENUM_NEXT(ck_rv_names, CKR_MUTEX_BAD, CKR_MUTEX_NOT_LOCKED,
+ CKR_CRYPTOKI_ALREADY_INITIALIZED,
+ "MUTEX_BAD",
+ "MUTEX_NOT_LOCKED");
+ENUM_NEXT(ck_rv_names, CKR_FUNCTION_REJECTED, CKR_FUNCTION_REJECTED,
+ CKR_MUTEX_NOT_LOCKED,
+ "FUNCTION_REJECTED");
+ENUM_END(ck_rv_names, CKR_FUNCTION_REJECTED);
+
+
+ENUM_BEGIN(ck_mech_names, CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_DSA_SHA1,
+ "RSA_PKCS_KEY_PAIR_GEN",
+ "RSA_PKCS",
+ "RSA_9796",
+ "RSA_X_509",
+ "MD2_RSA_PKCS",
+ "MD5_RSA_PKCS",
+ "SHA1_RSA_PKCS",
+ "RIPEMD128_RSA_PKCS",
+ "RIPEMD160_RSA_PKCS",
+ "RSA_PKCS_OAEP",
+ "RSA_X9_31_KEY_PAIR_GEN",
+ "RSA_X9_31",
+ "SHA1_RSA_X9_31",
+ "RSA_PKCS_PSS",
+ "SHA1_RSA_PKCS_PSS",
+ "(0xf)",
+ "DSA_KEY_PAIR_GEN",
+ "DSA",
+ "DSA_SHA1");
+ENUM_NEXT(ck_mech_names, CKM_DH_PKCS_KEY_PAIR_GEN, CKM_DH_PKCS_DERIVE,
+ CKM_DSA_SHA1,
+ "DH_PKCS_KEY_PAIR_GEN",
+ "DH_PKCS_DERIVE");
+ENUM_NEXT(ck_mech_names, CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_MQV_DERIVE,
+ CKM_DH_PKCS_DERIVE,
+ "X9_42_DH_KEY_PAIR_GEN",
+ "X9_42_DH_DERIVE",
+ "X9_42_DH_HYBRID_DERIVE",
+ "X9_42_MQV_DERIVE");
+ENUM_NEXT(ck_mech_names, CKM_SHA256_RSA_PKCS, CKM_SHA512_RSA_PKCS_PSS,
+ CKM_X9_42_MQV_DERIVE,
+ "SHA256_RSA_PKCS",
+ "SHA384_RSA_PKCS",
+ "SHA512_RSA_PKCS",
+ "SHA256_RSA_PKCS_PSS",
+ "SHA384_RSA_PKCS_PSS",
+ "SHA512_RSA_PKCS_PSS");
+ENUM_NEXT(ck_mech_names, CKM_RC2_KEY_GEN, CKM_RC2_CBC_PAD,
+ CKM_SHA512_RSA_PKCS_PSS,
+ "RC2_KEY_GEN",
+ "RC2_ECB",
+ "RC2_CBC",
+ "RC2_MAC",
+ "RC2_MAC_GENERAL",
+ "RC2_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_RC4_KEY_GEN, CKM_RC4,
+ CKM_RC2_CBC_PAD,
+ "RC4_KEY_GEN",
+ "RC4");
+ENUM_NEXT(ck_mech_names, CKM_DES_KEY_GEN, CKM_DES_CBC_PAD,
+ CKM_RC4,
+ "DES_KEY_GEN",
+ "DES_ECB",
+ "DES_CBC",
+ "DES_MAC",
+ "DES_MAC_GENERAL",
+ "DES_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_DES2_KEY_GEN, CKM_DES3_CBC_PAD,
+ CKM_DES_CBC_PAD,
+ "DES2_KEY_GEN",
+ "DES3_KEY_GEN",
+ "DES3_ECB",
+ "DES3_CBC",
+ "DES3_MAC",
+ "DES3_MAC_GENERAL",
+ "DES3_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_CDMF_KEY_GEN, CKM_CDMF_CBC_PAD,
+ CKM_DES3_CBC_PAD,
+ "CDMF_KEY_GEN",
+ "CDMF_ECB",
+ "CDMF_CBC",
+ "CDMF_MAC",
+ "CDMF_MAC_GENERAL",
+ "CDMF_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_MD2, CKM_MD2_HMAC_GENERAL,
+ CKM_CDMF_CBC_PAD,
+ "MD2",
+ "MD2_HMAC",
+ "MD2_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_MD5, CKM_MD5_HMAC_GENERAL,
+ CKM_MD2_HMAC_GENERAL,
+ "MD5",
+ "MD5_HMAC",
+ "MD5_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_SHA_1, CKM_SHA_1_HMAC_GENERAL,
+ CKM_MD5_HMAC_GENERAL,
+ "SHA_1",
+ "SHA_1_HMAC",
+ "SHA_1_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_RIPEMD128, CKM_RIPEMD128_HMAC_GENERAL,
+ CKM_SHA_1_HMAC_GENERAL,
+ "RIPEMD128",
+ "RIPEMD128_HMAC",
+ "RIPEMD128_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_RIPEMD160, CKM_RIPEMD160_HMAC_GENERAL,
+ CKM_RIPEMD128_HMAC_GENERAL,
+ "RIPEMD160",
+ "RIPEMD160_HMAC",
+ "RIPEMD160_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_SHA256, CKM_SHA256_HMAC_GENERAL,
+ CKM_RIPEMD160_HMAC_GENERAL,
+ "SHA256",
+ "SHA256_HMAC",
+ "SHA256_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_SHA384, CKM_SHA384_HMAC_GENERAL,
+ CKM_SHA256_HMAC_GENERAL,
+ "SHA384",
+ "SHA384_HMAC",
+ "SHA384_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_SHA512, CKM_SHA512_HMAC_GENERAL,
+ CKM_SHA384_HMAC_GENERAL ,
+ "SHA512",
+ "SHA512_HMAC",
+ "SHA512_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_CAST_KEY_GEN, CKM_CAST_CBC_PAD,
+ CKM_SHA512_HMAC_GENERAL,
+ "CAST_KEY_GEN",
+ "CAST_ECB",
+ "CAST_CBC",
+ "CAST_MAC",
+ "CAST_MAC_GENERAL",
+ "CAST_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_CAST3_KEY_GEN, CKM_CAST3_CBC_PAD,
+ CKM_CAST_CBC_PAD,
+ "CAST3_KEY_GEN",
+ "CAST3_ECB",
+ "CAST3_CBC",
+ "CAST3_MAC",
+ "CAST3_MAC_GENERAL",
+ "CAST3_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_CAST128_KEY_GEN, CKM_CAST128_CBC_PAD,
+ CKM_CAST3_CBC_PAD,
+ "CAST128_KEY_GEN",
+ "CAST128_ECB",
+ "CAST128_CBC",
+ "CAST128_MAC",
+ "CAST128_MAC_GENERAL",
+ "CAST128_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_RC5_KEY_GEN, CKM_RC5_CBC_PAD,
+ CKM_CAST128_CBC_PAD,
+ "RC5_KEY_GEN",
+ "RC5_ECB",
+ "RC5_CBC",
+ "RC5_MAC",
+ "RC5_MAC_GENERAL",
+ "RC5_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_IDEA_KEY_GEN, CKM_IDEA_CBC_PAD,
+ CKM_RC5_CBC_PAD,
+ "IDEA_KEY_GEN",
+ "IDEA_ECB",
+ "IDEA_CBC",
+ "IDEA_MAC",
+ "IDEA_MAC_GENERAL",
+ "IDEA_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_GENERIC_SECRET_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN,
+ CKM_IDEA_CBC_PAD,
+ "GENERIC_SECRET_KEY_GEN");
+ENUM_NEXT(ck_mech_names, CKM_CONCATENATE_BASE_AND_KEY, CKM_EXTRACT_KEY_FROM_KEY,
+ CKM_GENERIC_SECRET_KEY_GEN,
+ "CONCATENATE_BASE_AND_KEY",
+ "(0x361)",
+ "CONCATENATE_BASE_AND_DATA",
+ "CONCATENATE_DATA_AND_BASE",
+ "XOR_BASE_AND_DATA",
+ "EXTRACT_KEY_FROM_KEY");
+ENUM_NEXT(ck_mech_names, CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_MASTER_KEY_DERIVE_DH,
+ CKM_EXTRACT_KEY_FROM_KEY,
+ "SSL3_PRE_MASTER_KEY_GEN",
+ "SSL3_MASTER_KEY_DERIVE",
+ "SSL3_KEY_AND_MAC_DERIVE",
+ "SSL3_MASTER_KEY_DERIVE_DH",
+ "TLS_PRE_MASTER_KEY_GEN",
+ "TLS_MASTER_KEY_DERIVE",
+ "TLS_KEY_AND_MAC_DERIVE",
+ "TLS_MASTER_KEY_DERIVE_DH");
+ENUM_NEXT(ck_mech_names, CKM_SSL3_MD5_MAC, CKM_SSL3_SHA1_MAC,
+ CKM_TLS_MASTER_KEY_DERIVE_DH,
+ "SSL3_MD5_MAC",
+ "SSL3_SHA1_MAC");
+ENUM_NEXT(ck_mech_names, CKM_MD5_KEY_DERIVATION, CKM_SHA1_KEY_DERIVATION,
+ CKM_SSL3_SHA1_MAC,
+ "MD5_KEY_DERIVATION",
+ "MD2_KEY_DERIVATION",
+ "SHA1_KEY_DERIVATION");
+ENUM_NEXT(ck_mech_names, CKM_PBE_MD2_DES_CBC, CKM_PBE_SHA1_RC2_40_CBC,
+ CKM_SHA1_KEY_DERIVATION,
+ "PBE_MD2_DES_CBC",
+ "PBE_MD5_DES_CBC",
+ "PBE_MD5_CAST_CBC",
+ "PBE_MD5_CAST3_CBC",
+ "PBE_MD5_CAST128_CBC",
+ "PBE_SHA1_CAST128_CBC",
+ "PBE_SHA1_RC4_128",
+ "PBE_SHA1_RC4_40",
+ "PBE_SHA1_DES3_EDE_CBC",
+ "PBE_SHA1_DES2_EDE_CBC",
+ "PBE_SHA1_RC2_128_CBC",
+ "PBE_SHA1_RC2_40_CBC");
+ENUM_NEXT(ck_mech_names, CKM_PKCS5_PBKD2, CKM_PKCS5_PBKD2,
+ CKM_PBE_SHA1_RC2_40_CBC,
+ "PKCS5_PBKD2");
+ENUM_NEXT(ck_mech_names, CKM_PBA_SHA1_WITH_SHA1_HMAC, CKM_PBA_SHA1_WITH_SHA1_HMAC,
+ CKM_PKCS5_PBKD2,
+ "PBA_SHA1_WITH_SHA1_HMAC");
+ENUM_NEXT(ck_mech_names, CKM_KEY_WRAP_LYNKS, CKM_KEY_WRAP_SET_OAEP,
+ CKM_PBA_SHA1_WITH_SHA1_HMAC,
+ "KEY_WRAP_LYNKS",
+ "KEY_WRAP_SET_OAEP");
+ENUM_NEXT(ck_mech_names, CKM_SKIPJACK_KEY_GEN, CKM_SKIPJACK_RELAYX,
+ CKM_KEY_WRAP_SET_OAEP,
+ "SKIPJACK_KEY_GEN",
+ "SKIPJACK_ECB64",
+ "SKIPJACK_CBC64",
+ "SKIPJACK_OFB64",
+ "SKIPJACK_CFB64",
+ "SKIPJACK_CFB32",
+ "SKIPJACK_CFB16",
+ "SKIPJACK_CFB8",
+ "SKIPJACK_WRAP",
+ "SKIPJACK_PRIVATE_WRAP",
+ "SKIPJACK_RELAYX");
+ENUM_NEXT(ck_mech_names, CKM_KEA_KEY_PAIR_GEN, CKM_KEA_KEY_DERIVE,
+ CKM_SKIPJACK_RELAYX,
+ "KEA_KEY_PAIR_GEN",
+ "KEA_KEY_DERIVE");
+ENUM_NEXT(ck_mech_names, CKM_FORTEZZA_TIMESTAMP, CKM_FORTEZZA_TIMESTAMP,
+ CKM_KEA_KEY_DERIVE,
+ "FORTEZZA_TIMESTAMP");
+ENUM_NEXT(ck_mech_names, CKM_BATON_KEY_GEN, CKM_BATON_WRAP,
+ CKM_FORTEZZA_TIMESTAMP,
+ "BATON_KEY_GEN",
+ "BATON_ECB128",
+ "BATON_ECB96",
+ "BATON_CBC128",
+ "BATON_COUNTER",
+ "BATON_SHUFFLE",
+ "BATON_WRAP");
+ENUM_NEXT(ck_mech_names, CKM_ECDSA_KEY_PAIR_GEN, CKM_ECDSA_SHA1,
+ CKM_BATON_WRAP,
+ "ECDSA_KEY_PAIR_GEN",
+ "ECDSA",
+ "ECDSA_SHA1");
+ENUM_NEXT(ck_mech_names, CKM_ECDH1_DERIVE, CKM_ECMQV_DERIVE,
+ CKM_ECDSA_SHA1,
+ "ECDH1_DERIVE",
+ "ECDH1_COFACTOR_DERIVE",
+ "ECMQV_DERIVE");
+ENUM_NEXT(ck_mech_names, CKM_JUNIPER_KEY_GEN, CKM_JUNIPER_WRAP,
+ CKM_ECMQV_DERIVE,
+ "JUNIPER_KEY_GEN",
+ "JUNIPER_ECB128",
+ "JUNIPER_CBC128",
+ "JUNIPER_COUNTER",
+ "JUNIPER_SHUFFLE",
+ "JUNIPER_WRAP");
+ENUM_NEXT(ck_mech_names, CKM_FASTHASH, CKM_FASTHASH,
+ CKM_JUNIPER_WRAP,
+ "FASTHASH");
+ENUM_NEXT(ck_mech_names, CKM_AES_KEY_GEN, CKM_AES_CBC_PAD,
+ CKM_FASTHASH,
+ "AES_KEY_GEN",
+ "AES_ECB",
+ "AES_CBC",
+ "AES_MAC",
+ "AES_MAC_GENERAL",
+ "AES_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_DSA_PARAMETER_GEN, CKM_X9_42_DH_PARAMETER_GEN,
+ CKM_AES_CBC_PAD,
+ "DSA_PARAMETER_GEN",
+ "DH_PKCS_PARAMETER_GEN",
+ "X9_42_DH_PARAMETER_GEN");
+ENUM_END(ck_mech_names, CKM_X9_42_DH_PARAMETER_GEN);
+
+/**
+ * Private data of an pkcs11_library_t object.
+ */
+struct private_pkcs11_library_t {
+
+ /**
+ * Public pkcs11_library_t interface.
+ */
+ pkcs11_library_t public;
+
+ /**
+ * dlopen() handle
+ */
+ void *handle;
+
+ /**
+ * Name as passed to the constructor
+ */
+ char *name;
+};
+
+METHOD(pkcs11_library_t, get_name, char*,
+ private_pkcs11_library_t *this)
+{
+ return this->name;
+}
+
+/**
+ * Object enumerator
+ */
+typedef struct {
+ /* implements enumerator_t */
+ enumerator_t public;
+ /* session */
+ CK_SESSION_HANDLE session;
+ /* pkcs11 library */
+ pkcs11_library_t *lib;
+ /* attributes to retreive */
+ CK_ATTRIBUTE_PTR attr;
+ /* number of attributes */
+ CK_ULONG count;
+ /* currently allocated attributes, to free */
+ linked_list_t *freelist;
+} object_enumerator_t;
+
+/**
+ * Free contents of attributes in a list
+ */
+static void free_attrs(object_enumerator_t *this)
+{
+ CK_ATTRIBUTE_PTR attr;
+
+ while (this->freelist->remove_last(this->freelist, (void**)&attr) == SUCCESS)
+ {
+ free(attr->pValue);
+ attr->pValue = NULL;
+ attr->ulValueLen = 0;
+ }
+}
+
+/**
+ * Get attributes for a given object during enumeration
+ */
+static bool get_attributes(object_enumerator_t *this, CK_OBJECT_HANDLE object)
+{
+ CK_RV rv;
+ int i;
+
+ free_attrs(this);
+
+ /* get length of objects first */
+ rv = this->lib->f->C_GetAttributeValue(this->session, object,
+ this->attr, this->count);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetAttributeValue(NULL) error: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ /* allocate required chunks */
+ for (i = 0; i < this->count; i++)
+ {
+ if (this->attr[i].pValue == NULL &&
+ this->attr[i].ulValueLen != 0 && this->attr[i].ulValueLen != -1)
+ {
+ this->attr[i].pValue = malloc(this->attr[i].ulValueLen);
+ this->freelist->insert_last(this->freelist, &this->attr[i]);
+ }
+ }
+ /* get the data */
+ rv = this->lib->f->C_GetAttributeValue(this->session, object,
+ this->attr, this->count);
+ if (rv != CKR_OK)
+ {
+ free_attrs(this);
+ DBG1(DBG_CFG, "C_GetAttributeValue(NULL) error: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(enumerator_t, object_enumerate, bool,
+ object_enumerator_t *this, CK_OBJECT_HANDLE *out)
+{
+ CK_OBJECT_HANDLE object;
+ CK_ULONG found;
+ CK_RV rv;
+
+ rv = this->lib->f->C_FindObjects(this->session, &object, 1, &found);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_FindObjects() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ if (found)
+ {
+ if (this->attr)
+ {
+ if (!get_attributes(this, object))
+ {
+ return FALSE;
+ }
+ }
+ *out = object;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+METHOD(enumerator_t, object_destroy, void,
+ object_enumerator_t *this)
+{
+ this->lib->f->C_FindObjectsFinal(this->session);
+ free_attrs(this);
+ this->freelist->destroy(this->freelist);
+ free(this);
+}
+
+METHOD(pkcs11_library_t, create_object_enumerator, enumerator_t*,
+ private_pkcs11_library_t *this, CK_SESSION_HANDLE session,
+ CK_ATTRIBUTE_PTR tmpl, CK_ULONG tcount,
+ CK_ATTRIBUTE_PTR attr, CK_ULONG acount)
+{
+ object_enumerator_t *enumerator;
+ CK_RV rv;
+
+ rv = this->public.f->C_FindObjectsInit(session, tmpl, tcount);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_FindObjectsInit() failed: %N", ck_rv_names, rv);
+ return enumerator_create_empty();
+ }
+
+ INIT(enumerator,
+ .public = {
+ .enumerate = (void*)_object_enumerate,
+ .destroy = _object_destroy,
+ },
+ .session = session,
+ .lib = &this->public,
+ .attr = attr,
+ .count = acount,
+ .freelist = linked_list_create(),
+ );
+ return &enumerator->public;
+}
+
+/**
+ * Enumerator over mechanisms
+ */
+typedef struct {
+ /* implements enumerator_t */
+ enumerator_t public;
+ /* PKCS#11 library */
+ pkcs11_library_t *lib;
+ /* slot of token */
+ CK_SLOT_ID slot;
+ /* mechanism type list */
+ CK_MECHANISM_TYPE_PTR mechs;
+ /* number of mechanism types */
+ CK_ULONG count;
+ /* current mechanism */
+ CK_ULONG current;
+} mechanism_enumerator_t;
+
+METHOD(enumerator_t, enumerate_mech, bool,
+ mechanism_enumerator_t *this, CK_MECHANISM_TYPE* type,
+ CK_MECHANISM_INFO *info)
+{
+ CK_RV rv;
+
+ if (this->current >= this->count)
+ {
+ return FALSE;
+ }
+ if (info)
+ {
+ rv = this->lib->f->C_GetMechanismInfo(this->slot,
+ this->mechs[this->current], info);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetMechanismInfo() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ }
+ *type = this->mechs[this->current++];
+ return TRUE;
+}
+
+METHOD(enumerator_t, destroy_mech, void,
+ mechanism_enumerator_t *this)
+{
+ free(this->mechs);
+ free(this);
+}
+
+METHOD(pkcs11_library_t, create_mechanism_enumerator, enumerator_t*,
+ private_pkcs11_library_t *this, CK_SLOT_ID slot)
+{
+ mechanism_enumerator_t *enumerator;
+ CK_RV rv;
+
+ INIT(enumerator,
+ .public = {
+ .enumerate = (void*)_enumerate_mech,
+ .destroy = _destroy_mech,
+ },
+ .lib = &this->public,
+ .slot = slot,
+ );
+
+ rv = enumerator->lib->f->C_GetMechanismList(slot, NULL, &enumerator->count);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetMechanismList() failed: %N", ck_rv_names, rv);
+ free(enumerator);
+ return enumerator_create_empty();
+ }
+ enumerator->mechs = malloc(sizeof(CK_MECHANISM_TYPE) * enumerator->count);
+ enumerator->lib->f->C_GetMechanismList(slot, enumerator->mechs,
+ &enumerator->count);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetMechanismList() failed: %N", ck_rv_names, rv);
+ destroy_mech(enumerator);
+ return enumerator_create_empty();
+ }
+ return &enumerator->public;
+}
+
+METHOD(pkcs11_library_t, destroy, void,
+ private_pkcs11_library_t *this)
+{
+ this->public.f->C_Finalize(NULL);
+ dlclose(this->handle);
+ free(this);
+}
+
+/**
+ * See header
+ */
+void pkcs11_library_trim(char *str, int len)
+{
+ int i;
+
+ str[len - 1] = '\0';
+ for (i = len - 2; i > 0; i--)
+ {
+ if (str[i] == ' ')
+ {
+ str[i] = '\0';
+ continue;
+ }
+ break;
+ }
+}
+
+/**
+ * Mutex creation callback
+ */
+static CK_RV CreateMutex(CK_VOID_PTR_PTR data)
+{
+ *data = mutex_create(MUTEX_TYPE_DEFAULT);
+ return CKR_OK;
+}
+
+/**
+ * Mutex destruction callback
+ */
+static CK_RV DestroyMutex(CK_VOID_PTR data)
+{
+ mutex_t *mutex = (mutex_t*)data;
+
+ mutex->destroy(mutex);
+ return CKR_OK;
+}
+
+/**
+ * Mutex lock callback
+ */
+static CK_RV LockMutex(CK_VOID_PTR data)
+{
+ mutex_t *mutex = (mutex_t*)data;
+
+ mutex->lock(mutex);
+ return CKR_OK;
+}
+
+/**
+ * Mutex unlock callback
+ */
+static CK_RV UnlockMutex(CK_VOID_PTR data)
+{
+ mutex_t *mutex = (mutex_t*)data;
+
+ mutex->unlock(mutex);
+ return CKR_OK;
+}
+
+/**
+ * Initialize a PKCS#11 library
+ */
+static bool initialize(private_pkcs11_library_t *this, char *name, char *file)
+{
+ CK_C_GetFunctionList pC_GetFunctionList;
+ CK_INFO info;
+ CK_RV rv;
+ CK_C_INITIALIZE_ARGS args = {
+ .CreateMutex = CreateMutex,
+ .DestroyMutex = DestroyMutex,
+ .LockMutex = LockMutex,
+ .UnlockMutex = UnlockMutex,
+ };
+
+ pC_GetFunctionList = dlsym(this->handle, "C_GetFunctionList");
+ if (!pC_GetFunctionList)
+ {
+ DBG1(DBG_CFG, "C_GetFunctionList not found for '%s': %s", name, dlerror());
+ return FALSE;
+ }
+ rv = pC_GetFunctionList(&this->public.f);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetFunctionList() error for '%s': %N",
+ name, ck_rv_names, rv);
+ return FALSE;
+ }
+
+ rv = this->public.f->C_Initialize(&args);
+ if (rv == CKR_CANT_LOCK)
+ { /* try OS locking */
+ memset(&args, 0, sizeof(args));
+ args.flags = CKF_OS_LOCKING_OK;
+ rv = this->public.f->C_Initialize(&args);
+ }
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_Initialize() error for '%s': %N",
+ name, ck_rv_names, rv);
+ return FALSE;
+ }
+ rv = this->public.f->C_GetInfo(&info);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetInfo() error for '%s': %N",
+ name, ck_rv_names, rv);
+ this->public.f->C_Finalize(NULL);
+ return FALSE;
+ }
+
+ pkcs11_library_trim(info.manufacturerID,
+ strnlen(info.manufacturerID, sizeof(info.manufacturerID)));
+ pkcs11_library_trim(info.libraryDescription,
+ strnlen(info.libraryDescription, sizeof(info.libraryDescription)));
+
+ DBG1(DBG_CFG, "loaded PKCS#11 v%d.%d library '%s' (%s)",
+ info.cryptokiVersion.major, info.cryptokiVersion.minor, name, file);
+ DBG1(DBG_CFG, " %s: %s v%d.%d",
+ info.manufacturerID, info.libraryDescription,
+ info.libraryVersion.major, info.libraryVersion.minor);
+ if (args.flags & CKF_OS_LOCKING_OK)
+ {
+ DBG1(DBG_CFG, " uses OS locking functions");
+ }
+ return TRUE;
+}
+
+/**
+ * See header
+ */
+pkcs11_library_t *pkcs11_library_create(char *name, char *file)
+{
+ private_pkcs11_library_t *this;
+
+ INIT(this,
+ .public = {
+ .get_name = _get_name,
+ .create_object_enumerator = _create_object_enumerator,
+ .create_mechanism_enumerator = _create_mechanism_enumerator,
+ .destroy = _destroy,
+ },
+ .name = name,
+ .handle = dlopen(file, RTLD_LAZY),
+ );
+
+ if (!this->handle)
+ {
+ DBG1(DBG_CFG, "opening PKCS#11 library failed: %s", dlerror());
+ free(this);
+ return NULL;
+ }
+
+ if (!initialize(this, name, file))
+ {
+ dlclose(this->handle);
+ free(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h
new file mode 100644
index 000000000..1457d24d4
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h
@@ -0,0 +1,110 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11_library pkcs11_library
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_LIBRARY_H_
+#define PKCS11_LIBRARY_H_
+
+typedef struct pkcs11_library_t pkcs11_library_t;
+
+#include "pkcs11.h"
+
+#include <enum.h>
+#include <utils/enumerator.h>
+
+/**
+ * A loaded and initialized PKCS#11 library.
+ */
+struct pkcs11_library_t {
+
+ /**
+ * PKCS#11 function list, as returned by C_GetFunctionList
+ */
+ CK_FUNCTION_LIST_PTR f;
+
+ /**
+ * Get the name this instance was created with.
+ *
+ * @return name, as passed to constructor
+ */
+ char* (*get_name)(pkcs11_library_t *this);
+
+ /**
+ * Create an enumerator over CK_OBJECT_HANDLE using a search template.
+ *
+ * An optional attribute array is automatically filled in with the
+ * objects associated attributes. If the value of an output attribute
+ * is NULL, the value gets allocated/freed during enumeration.
+ *
+ * @param session session to use
+ * @param tmpl search template
+ * @param tcount number of attributes in the search template
+ * @param attr attributes to read from object
+ * @param acount number of attributes to read
+ */
+ enumerator_t* (*create_object_enumerator)(pkcs11_library_t *this,
+ CK_SESSION_HANDLE session, CK_ATTRIBUTE_PTR tmpl, CK_ULONG tcount,
+ CK_ATTRIBUTE_PTR attr, CK_ULONG acount);
+
+ /**
+ * Create an enumerator over supported mechanisms of a token.
+ *
+ * The resulting enumerator enumerates over the mechanism type, and if
+ * a non-NULL pointer is given, over the mechanism info details.
+ *
+ * @param slot slot of the token
+ * @return enumerator over (CK_MECHANISM_TYPE, CK_MECHANISM_INFO)
+ */
+ enumerator_t* (*create_mechanism_enumerator)(pkcs11_library_t *this,
+ CK_SLOT_ID slot);
+
+ /**
+ * Destroy a pkcs11_library_t.
+ */
+ void (*destroy)(pkcs11_library_t *this);
+};
+
+/**
+ * Enum names for CK_RV return values
+ */
+extern enum_name_t *ck_rv_names;
+
+/**
+ * Enum names for CK_MECHANISM_TYPE values
+ */
+extern enum_name_t *ck_mech_names;
+
+/**
+ * Trim/null terminate a string returned by the varius PKCS#11 functions.
+ *
+ * @param str string to trim
+ * @param len max length of the string
+ */
+void pkcs11_library_trim(char *str, int len);
+
+/**
+ * Create a pkcs11_library instance.
+ *
+ * @param name an arbitrary name, for debugging
+ * @param file pkcs11 library file to dlopen()
+ * @return library abstraction
+ */
+pkcs11_library_t *pkcs11_library_create(char *name, char *file);
+
+#endif /** PKCS11_LIBRARY_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
new file mode 100644
index 000000000..0c27600a6
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
@@ -0,0 +1,407 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_manager.h"
+
+#include <debug.h>
+#include <utils/linked_list.h>
+#include <threading/thread.h>
+
+#include "pkcs11_library.h"
+
+#include <processing/jobs/callback_job.h>
+
+typedef struct private_pkcs11_manager_t private_pkcs11_manager_t;
+
+/**
+ * Private data of an pkcs11_manager_t object.
+ */
+struct private_pkcs11_manager_t {
+
+ /**
+ * Public pkcs11_manager_t interface.
+ */
+ pkcs11_manager_t public;
+
+ /**
+ * List of loaded libraries, as lib_entry_t
+ */
+ linked_list_t *libs;
+
+ /**
+ * Slot event callback function
+ */
+ pkcs11_manager_token_event_t cb;
+
+ /**
+ * Slot event user data
+ */
+ void *data;
+};
+
+/**
+ * Entry for a loaded library
+ */
+typedef struct {
+ /* back reference to this */
+ private_pkcs11_manager_t *this;
+ /* associated library path */
+ char *path;
+ /* loaded library */
+ pkcs11_library_t *lib;
+ /* event dispatcher job */
+ callback_job_t *job;
+} lib_entry_t;
+
+/**
+ * Destroy a lib_entry_t
+ */
+static void lib_entry_destroy(lib_entry_t *entry)
+{
+ if (entry->job)
+ {
+ entry->job->cancel(entry->job);
+ }
+ entry->lib->destroy(entry->lib);
+ free(entry);
+}
+
+/**
+ * Print supported mechanisms of a token in a slot
+ */
+static void print_mechs(lib_entry_t *entry, CK_SLOT_ID slot)
+{
+ enumerator_t *enumerator;
+ CK_MECHANISM_TYPE type;
+ CK_MECHANISM_INFO info;
+
+ enumerator = entry->lib->create_mechanism_enumerator(entry->lib, slot);
+ while (enumerator->enumerate(enumerator, &type, &info))
+ {
+ DBG2(DBG_CFG, " %N %lu-%lu [ %s%s%s%s%s%s%s%s%s%s%s%s%s]",
+ ck_mech_names, type,
+ info.ulMinKeySize, info.ulMaxKeySize,
+ info.flags & CKF_HW ? "HW " : "",
+ info.flags & CKF_ENCRYPT ? "ENCR " : "",
+ info.flags & CKF_DECRYPT ? "DECR " : "",
+ info.flags & CKF_DIGEST ? "DGST " : "",
+ info.flags & CKF_SIGN ? "SIGN " : "",
+ info.flags & CKF_SIGN_RECOVER ? "SIGN_RCVR " : "",
+ info.flags & CKF_VERIFY ? "VRFY " : "",
+ info.flags & CKF_VERIFY_RECOVER ? "VRFY_RCVR " : "",
+ info.flags & CKF_GENERATE ? "GEN " : "",
+ info.flags & CKF_GENERATE_KEY_PAIR ? "GEN_KEY_PAIR " : "",
+ info.flags & CKF_WRAP ? "WRAP " : "",
+ info.flags & CKF_UNWRAP ? "UNWRAP " : "",
+ info.flags & CKF_DERIVE ? "DERIVE " : "");
+ }
+ enumerator->destroy(enumerator);
+}
+
+/**
+ * Handle a token
+ */
+static void handle_token(lib_entry_t *entry, CK_SLOT_ID slot)
+{
+ CK_TOKEN_INFO info;
+ CK_RV rv;
+
+ rv = entry->lib->f->C_GetTokenInfo(slot, &info);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetTokenInfo failed: %N", ck_rv_names, rv);
+ return;
+ }
+ pkcs11_library_trim(info.label, sizeof(info.label));
+ pkcs11_library_trim(info.manufacturerID, sizeof(info.manufacturerID));
+ pkcs11_library_trim(info.model, sizeof(info.model));
+ DBG1(DBG_CFG, " %s (%s: %s)",
+ info.label, info.manufacturerID, info.model);
+
+ print_mechs(entry, slot);
+}
+
+/**
+ * Handle slot changes
+ */
+static void handle_slot(lib_entry_t *entry, CK_SLOT_ID slot, bool hot)
+{
+ CK_SLOT_INFO info;
+ CK_RV rv;
+
+ rv = entry->lib->f->C_GetSlotInfo(slot, &info);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetSlotInfo failed: %N", ck_rv_names, rv);
+ return;
+ }
+
+ pkcs11_library_trim(info.slotDescription, sizeof(info.slotDescription));
+ if (info.flags & CKF_TOKEN_PRESENT)
+ {
+ DBG1(DBG_CFG, " found token in slot '%s':%lu (%s)",
+ entry->lib->get_name(entry->lib), slot, info.slotDescription);
+ handle_token(entry, slot);
+ if (hot)
+ {
+ entry->this->cb(entry->this->data, entry->lib, slot, TRUE);
+ }
+ }
+ else
+ {
+ DBG1(DBG_CFG, "token removed from slot '%s':%lu (%s)",
+ entry->lib->get_name(entry->lib), slot, info.slotDescription);
+ if (hot)
+ {
+ entry->this->cb(entry->this->data, entry->lib, slot, FALSE);
+ }
+ }
+}
+
+/**
+ * Dispatch slot events
+ */
+static job_requeue_t dispatch_slot_events(lib_entry_t *entry)
+{
+ CK_SLOT_ID slot;
+ CK_RV rv;
+ bool old;
+
+ old = thread_cancelability(TRUE);
+ rv = entry->lib->f->C_WaitForSlotEvent(0, &slot, NULL);
+ thread_cancelability(old);
+ if (rv == CKR_FUNCTION_NOT_SUPPORTED || rv == CKR_NO_EVENT)
+ {
+ DBG1(DBG_CFG, "module '%s' does not support hot-plugging, cancelled",
+ entry->lib->get_name(entry->lib));
+ return JOB_REQUEUE_NONE;
+ }
+ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
+ { /* C_Finalize called, abort */
+ return JOB_REQUEUE_NONE;
+ }
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "error in C_WaitForSlotEvent: %N", ck_rv_names, rv);
+ }
+ handle_slot(entry, slot, TRUE);
+
+ return JOB_REQUEUE_DIRECT;
+}
+
+/**
+ * End dispatching, unset job
+ */
+static void end_dispatch(lib_entry_t *entry)
+{
+ entry->job = NULL;
+}
+
+/**
+ * Get the slot list of a library
+ */
+static CK_SLOT_ID_PTR get_slot_list(pkcs11_library_t *p11, CK_ULONG *out)
+{
+ CK_SLOT_ID_PTR slots;
+ CK_ULONG count;
+ CK_RV rv;
+
+ rv = p11->f->C_GetSlotList(TRUE, NULL, &count);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetSlotList() failed: %N", ck_rv_names, rv);
+ return NULL;
+ }
+ if (count == 0)
+ {
+ return NULL;
+ }
+ slots = malloc(sizeof(CK_SLOT_ID) * count);
+ rv = p11->f->C_GetSlotList(TRUE, slots, &count);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetSlotList() failed: %N", ck_rv_names, rv);
+ free(slots);
+ return NULL;
+ }
+ *out = count;
+ return slots;
+}
+
+/**
+ * Query the slots for tokens
+ */
+static void query_slots(lib_entry_t *entry)
+{
+ CK_ULONG count;
+ CK_SLOT_ID_PTR slots;
+ int i;
+
+ slots = get_slot_list(entry->lib, &count);
+ if (slots)
+ {
+ for (i = 0; i < count; i++)
+ {
+ handle_slot(entry, slots[i], FALSE);
+ }
+ free(slots);
+ }
+}
+
+/**
+ * Token enumerator
+ */
+typedef struct {
+ /* implements enumerator */
+ enumerator_t public;
+ /* inner enumerator over PKCS#11 libraries */
+ enumerator_t *inner;
+ /* active library entry */
+ lib_entry_t *entry;
+ /* slot list with tokens */
+ CK_SLOT_ID_PTR slots;
+ /* number of slots */
+ CK_ULONG count;
+ /* current slot */
+ int current;
+} token_enumerator_t;
+
+METHOD(enumerator_t, enumerate_token, bool,
+ token_enumerator_t *this, pkcs11_library_t **out, CK_SLOT_ID *slot)
+{
+ if (this->current >= this->count)
+ {
+ free(this->slots);
+ this->slots = NULL;
+ this->current = 0;
+ }
+ while (!this->slots)
+ {
+ if (!this->inner->enumerate(this->inner, &this->entry))
+ {
+ return FALSE;
+ }
+ this->slots = get_slot_list(this->entry->lib, &this->count);
+ }
+ *out = this->entry->lib;
+ *slot = this->slots[this->current++];
+ return TRUE;
+}
+
+METHOD(enumerator_t, destroy_token, void,
+ token_enumerator_t *this)
+{
+ this->inner->destroy(this->inner);
+ free(this->slots);
+ free(this);
+}
+
+METHOD(pkcs11_manager_t, create_token_enumerator, enumerator_t*,
+ private_pkcs11_manager_t *this)
+{
+ token_enumerator_t *enumerator;
+
+ INIT(enumerator,
+ .public = {
+ .enumerate = (void*)_enumerate_token,
+ .destroy = _destroy_token,
+ },
+ .inner = this->libs->create_enumerator(this->libs),
+ );
+ return &enumerator->public;
+}
+
+/**
+ * Singleton instance
+ */
+static private_pkcs11_manager_t *singleton = NULL;
+
+METHOD(pkcs11_manager_t, destroy, void,
+ private_pkcs11_manager_t *this)
+{
+ this->libs->destroy_function(this->libs, (void*)lib_entry_destroy);
+ free(this);
+ singleton = NULL;
+}
+
+/**
+ * See header
+ */
+pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb,
+ void *data)
+{
+ private_pkcs11_manager_t *this;
+ enumerator_t *enumerator;
+ lib_entry_t *entry;
+ char *module;
+
+ INIT(this,
+ .public = {
+ .create_token_enumerator = _create_token_enumerator,
+ .destroy = _destroy,
+ },
+ .libs = linked_list_create(),
+ .cb = cb,
+ .data = data,
+ );
+
+ enumerator = lib->settings->create_section_enumerator(lib->settings,
+ "libstrongswan.plugins.pkcs11.modules");
+ while (enumerator->enumerate(enumerator, &module))
+ {
+ INIT(entry,
+ .this = this,
+ );
+
+ entry->path = lib->settings->get_str(lib->settings,
+ "libstrongswan.plugins.pkcs11.modules.%s.path", NULL, module);
+ if (!entry->path)
+ {
+ DBG1(DBG_CFG, "PKCS11 module '%s' misses library path", module);
+ free(entry);
+ continue;
+ }
+ entry->lib = pkcs11_library_create(module, entry->path);
+ if (!entry->lib)
+ {
+ free(entry);
+ continue;
+ }
+ this->libs->insert_last(this->libs, entry);
+ }
+ enumerator->destroy(enumerator);
+
+ singleton = this;
+
+ enumerator = this->libs->create_enumerator(this->libs);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ query_slots(entry);
+ entry->job = callback_job_create((void*)dispatch_slot_events,
+ entry, (void*)end_dispatch, NULL);
+ lib->processor->queue_job(lib->processor, (job_t*)entry->job);
+ }
+ enumerator->destroy(enumerator);
+
+ return &this->public;
+}
+
+/**
+ * See header
+ */
+pkcs11_manager_t *pkcs11_manager_get()
+{
+ return (pkcs11_manager_t*)singleton;
+}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h
new file mode 100644
index 000000000..b80d67324
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11_manager pkcs11_manager
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_MANAGER_H_
+#define PKCS11_MANAGER_H_
+
+typedef struct pkcs11_manager_t pkcs11_manager_t;
+
+#include <library.h>
+
+#include "pkcs11_library.h"
+
+/**
+ * Token event callback function.
+ *
+ * @param data user supplied data, as passed to pkcs11_manager_create()
+ * @param p11 loaded PKCS#11 library token belongs to
+ * @param slot slot number the event occured in
+ * @param add TRUE if token was added to the slot, FALSE if removed
+ */
+typedef void (*pkcs11_manager_token_event_t)(void *data, pkcs11_library_t *p11,
+ CK_SLOT_ID slot, bool add);
+
+
+/**
+ * Manages multiple PKCS#11 libraries with hot pluggable slots
+ */
+struct pkcs11_manager_t {
+
+ /**
+ * Create an enumerator over all tokens.
+ *
+ * @return enumerator over (pkcs11_library_t*,CK_SLOT_ID)
+ */
+ enumerator_t* (*create_token_enumerator)(pkcs11_manager_t *this);
+
+ /**
+ * Destroy a pkcs11_manager_t.
+ */
+ void (*destroy)(pkcs11_manager_t *this);
+};
+
+/**
+ * Create a pkcs11_manager instance.
+ *
+ * @param cb token event callback function
+ * @param data user data to pass to token event callback
+ * @return instance
+ */
+pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb,
+ void *data);
+
+
+/**
+ * Get the singleton instance of the manager
+ *
+ * @return instance, NULL if none available
+ */
+pkcs11_manager_t *pkcs11_manager_get();
+
+#endif /** PKCS11_MANAGER_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
new file mode 100644
index 000000000..ace405c23
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
@@ -0,0 +1,176 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_plugin.h"
+
+#include <library.h>
+#include <debug.h>
+#include <utils/linked_list.h>
+#include <threading/mutex.h>
+
+#include "pkcs11_manager.h"
+#include "pkcs11_creds.h"
+#include "pkcs11_private_key.h"
+#include "pkcs11_public_key.h"
+#include "pkcs11_hasher.h"
+
+typedef struct private_pkcs11_plugin_t private_pkcs11_plugin_t;
+
+/**
+ * private data of pkcs11_plugin
+ */
+struct private_pkcs11_plugin_t {
+
+ /**
+ * public functions
+ */
+ pkcs11_plugin_t public;
+
+ /**
+ * PKCS#11 library/slot manager
+ */
+ pkcs11_manager_t *manager;
+
+ /**
+ * List of credential sets, pkcs11_creds_t
+ */
+ linked_list_t *creds;
+
+ /**
+ * mutex to lock list
+ */
+ mutex_t *mutex;
+};
+
+/**
+ * Token event callback function
+ */
+static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
+ CK_SLOT_ID slot, bool add)
+{
+ enumerator_t *enumerator;
+ pkcs11_creds_t *creds, *found = NULL;;
+
+ if (add)
+ {
+ creds = pkcs11_creds_create(p11, slot);
+ if (creds)
+ {
+ this->mutex->lock(this->mutex);
+ this->creds->insert_last(this->creds, creds);
+ this->mutex->unlock(this->mutex);
+ lib->credmgr->add_set(lib->credmgr, &creds->set);
+ }
+ }
+ else
+ {
+ this->mutex->lock(this->mutex);
+ enumerator = this->creds->create_enumerator(this->creds);
+ while (enumerator->enumerate(enumerator, &creds))
+ {
+ if (creds->get_library(creds) == p11 &&
+ creds->get_slot(creds) == slot)
+ {
+ found = creds;
+ this->creds->remove_at(this->creds, enumerator);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->mutex->unlock(this->mutex);
+
+ if (found)
+ {
+ lib->credmgr->remove_set(lib->credmgr, &found->set);
+ found->destroy(found);
+ /* flush the cache after a token is gone */
+ lib->credmgr->flush_cache(lib->credmgr, CERT_X509);
+ }
+ }
+}
+
+METHOD(plugin_t, destroy, void,
+ private_pkcs11_plugin_t *this)
+{
+ pkcs11_creds_t *creds;
+
+ lib->creds->remove_builder(lib->creds,
+ (builder_function_t)pkcs11_private_key_connect);
+ while (this->creds->remove_last(this->creds, (void**)&creds) == SUCCESS)
+ {
+ lib->credmgr->remove_set(lib->credmgr, &creds->set);
+ creds->destroy(creds);
+ }
+ lib->crypto->remove_hasher(lib->crypto,
+ (hasher_constructor_t)pkcs11_hasher_create);
+ this->creds->destroy(this->creds);
+ this->manager->destroy(this->manager);
+ this->mutex->destroy(this->mutex);
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *pkcs11_plugin_create()
+{
+ private_pkcs11_plugin_t *this;
+ enumerator_t *enumerator;
+ pkcs11_library_t *p11;
+ CK_SLOT_ID slot;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ .creds = linked_list_create(),
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ );
+
+ this->manager = pkcs11_manager_create((void*)token_event_cb, this);
+
+ if (lib->settings->get_bool(lib->settings,
+ "libstrongswan.plugins.pkcs11.use_hasher", FALSE))
+ {
+ lib->crypto->add_hasher(lib->crypto, HASH_MD2,
+ (hasher_constructor_t)pkcs11_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_MD5,
+ (hasher_constructor_t)pkcs11_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_SHA1,
+ (hasher_constructor_t)pkcs11_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_SHA256,
+ (hasher_constructor_t)pkcs11_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_SHA384,
+ (hasher_constructor_t)pkcs11_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_SHA512,
+ (hasher_constructor_t)pkcs11_hasher_create);
+ }
+
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
+ (builder_function_t)pkcs11_private_key_connect);
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE,
+ (builder_function_t)pkcs11_public_key_load);
+
+ enumerator = this->manager->create_token_enumerator(this->manager);
+ while (enumerator->enumerate(enumerator, &p11, &slot))
+ {
+ token_event_cb(this, p11, slot, TRUE);
+ }
+ enumerator->destroy(enumerator);
+
+ return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h
new file mode 100644
index 000000000..432e2173a
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11 pkcs11
+ * @ingroup plugins
+ *
+ * @defgroup pkcs11_plugin pkcs11_plugin
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_PLUGIN_H_
+#define PKCS11_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct pkcs11_plugin_t pkcs11_plugin_t;
+
+/**
+ * Plugin providing PKCS#11 token support.
+ */
+struct pkcs11_plugin_t {
+
+ /**
+ * Implements plugin interface,
+ */
+ plugin_t plugin;
+};
+
+#endif /** PKCS11_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
new file mode 100644
index 000000000..cabca3f54
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
@@ -0,0 +1,600 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_private_key.h"
+
+#include "pkcs11_library.h"
+#include "pkcs11_manager.h"
+
+#include <debug.h>
+#include <threading/mutex.h>
+
+typedef struct private_pkcs11_private_key_t private_pkcs11_private_key_t;
+
+/**
+ * Private data of an pkcs11_private_key_t object.
+ */
+struct private_pkcs11_private_key_t {
+
+ /**
+ * Public pkcs11_private_key_t interface.
+ */
+ pkcs11_private_key_t public;
+
+ /**
+ * PKCS#11 module
+ */
+ pkcs11_library_t *lib;
+
+ /**
+ * Token session
+ */
+ CK_SESSION_HANDLE session;
+
+ /**
+ * Mutex to lock session
+ */
+ mutex_t *mutex;
+
+ /**
+ * Key object on the token
+ */
+ CK_OBJECT_HANDLE object;
+
+ /**
+ * Key requires reauthentication for each signature/decryption
+ */
+ CK_BBOOL reauth;
+
+ /**
+ * Keyid of the key we use
+ */
+ identification_t *keyid;
+
+ /**
+ * Associated public key
+ */
+ public_key_t *pubkey;
+
+ /**
+ * References to this key
+ */
+ refcount_t ref;
+};
+
+METHOD(private_key_t, get_type, key_type_t,
+ private_pkcs11_private_key_t *this)
+{
+ return this->pubkey->get_type(this->pubkey);
+}
+
+METHOD(private_key_t, get_keysize, int,
+ private_pkcs11_private_key_t *this)
+{
+ return this->pubkey->get_keysize(this->pubkey);
+}
+
+/**
+ * See header.
+ */
+CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme)
+{
+ static struct {
+ signature_scheme_t scheme;
+ CK_MECHANISM mechanism;
+ } mappings[] = {
+ {SIGN_RSA_EMSA_PKCS1_NULL, {CKM_RSA_PKCS, NULL, 0}},
+ {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0}},
+ {SIGN_RSA_EMSA_PKCS1_SHA256, {CKM_SHA256_RSA_PKCS, NULL, 0}},
+ {SIGN_RSA_EMSA_PKCS1_SHA384, {CKM_SHA384_RSA_PKCS, NULL, 0}},
+ {SIGN_RSA_EMSA_PKCS1_SHA512, {CKM_SHA512_RSA_PKCS, NULL, 0}},
+ {SIGN_RSA_EMSA_PKCS1_MD5, {CKM_MD5_RSA_PKCS, NULL, 0}},
+ };
+ int i;
+
+ for (i = 0; i < countof(mappings); i++)
+ {
+ if (mappings[i].scheme == scheme)
+ {
+ return &mappings[i].mechanism;
+ }
+ }
+ return NULL;
+}
+
+/**
+ * See header.
+ */
+CK_MECHANISM_PTR pkcs11_encryption_scheme_to_mech(encryption_scheme_t scheme)
+{
+ static struct {
+ encryption_scheme_t scheme;
+ CK_MECHANISM mechanism;
+ } mappings[] = {
+ {ENCRYPT_RSA_PKCS1, {CKM_RSA_PKCS, NULL, 0}},
+ {ENCRYPT_RSA_OAEP_SHA1, {CKM_RSA_PKCS_OAEP, NULL, 0}},
+ };
+ int i;
+
+ for (i = 0; i < countof(mappings); i++)
+ {
+ if (mappings[i].scheme == scheme)
+ {
+ return &mappings[i].mechanism;
+ }
+ }
+ return NULL;
+}
+
+/**
+ * Reauthenticate to do a signature
+ */
+static bool reauth(private_pkcs11_private_key_t *this)
+{
+ enumerator_t *enumerator;
+ shared_key_t *shared;
+ chunk_t pin;
+ CK_RV rv;
+ bool found = FALSE, success = FALSE;
+
+ enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
+ SHARED_PIN, this->keyid, NULL);
+ while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
+ {
+ found = TRUE;
+ pin = shared->get_key(shared);
+ rv = this->lib->f->C_Login(this->session, CKU_CONTEXT_SPECIFIC,
+ pin.ptr, pin.len);
+ if (rv == CKR_OK)
+ {
+ success = TRUE;
+ break;
+ }
+ DBG1(DBG_CFG, "reauthentication login failed: %N", ck_rv_names, rv);
+ }
+ enumerator->destroy(enumerator);
+
+ if (!found)
+ {
+ DBG1(DBG_CFG, "private key requires reauthentication, but no PIN found");
+ return FALSE;
+ }
+ return success;
+}
+
+METHOD(private_key_t, sign, bool,
+ private_pkcs11_private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *signature)
+{
+ CK_MECHANISM_PTR mechanism;
+ CK_BYTE_PTR buf;
+ CK_ULONG len;
+ CK_RV rv;
+
+ mechanism = pkcs11_signature_scheme_to_mech(scheme);
+ if (!mechanism)
+ {
+ DBG1(DBG_LIB, "signature scheme %N not supported",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+ this->mutex->lock(this->mutex);
+ rv = this->lib->f->C_SignInit(this->session, mechanism, this->object);
+ if (this->reauth && !reauth(this))
+ {
+ return FALSE;
+ }
+ if (rv != CKR_OK)
+ {
+ this->mutex->unlock(this->mutex);
+ DBG1(DBG_LIB, "C_SignInit() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ len = (get_keysize(this) + 7) / 8;
+ buf = malloc(len);
+ rv = this->lib->f->C_Sign(this->session, data.ptr, data.len, buf, &len);
+ this->mutex->unlock(this->mutex);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_LIB, "C_Sign() failed: %N", ck_rv_names, rv);
+ free(buf);
+ return FALSE;
+ }
+ *signature = chunk_create(buf, len);
+ return TRUE;
+}
+
+METHOD(private_key_t, decrypt, bool,
+ private_pkcs11_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypt, chunk_t *plain)
+{
+ CK_MECHANISM_PTR mechanism;
+ CK_BYTE_PTR buf;
+ CK_ULONG len;
+ CK_RV rv;
+
+ mechanism = pkcs11_encryption_scheme_to_mech(scheme);
+ if (!mechanism)
+ {
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
+ this->mutex->lock(this->mutex);
+ rv = this->lib->f->C_DecryptInit(this->session, mechanism, this->object);
+ if (this->reauth && !reauth(this))
+ {
+ return FALSE;
+ }
+ if (rv != CKR_OK)
+ {
+ this->mutex->unlock(this->mutex);
+ DBG1(DBG_LIB, "C_DecryptInit() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ len = (get_keysize(this) + 7) / 8;
+ buf = malloc(len);
+ rv = this->lib->f->C_Decrypt(this->session, crypt.ptr, crypt.len, buf, &len);
+ this->mutex->unlock(this->mutex);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_LIB, "C_Decrypt() failed: %N", ck_rv_names, rv);
+ free(buf);
+ return FALSE;
+ }
+ *plain = chunk_create(buf, len);
+ return TRUE;
+}
+
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_pkcs11_private_key_t *this)
+{
+ return this->pubkey->get_ref(this->pubkey);
+}
+
+METHOD(private_key_t, get_fingerprint, bool,
+ private_pkcs11_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
+{
+ return this->pubkey->get_fingerprint(this->pubkey, type, fingerprint);
+}
+
+METHOD(private_key_t, get_encoding, bool,
+ private_pkcs11_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ return FALSE;
+}
+
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_pkcs11_private_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.key;
+}
+
+METHOD(private_key_t, destroy, void,
+ private_pkcs11_private_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ if (this->pubkey)
+ {
+ this->pubkey->destroy(this->pubkey);
+ }
+ this->mutex->destroy(this->mutex);
+ this->keyid->destroy(this->keyid);
+ this->lib->f->C_CloseSession(this->session);
+ free(this);
+ }
+}
+
+/**
+ * Find the PKCS#11 library by its friendly name
+ */
+static pkcs11_library_t* find_lib(char *module)
+{
+ pkcs11_manager_t *manager;
+ enumerator_t *enumerator;
+ pkcs11_library_t *p11, *found = NULL;
+ CK_SLOT_ID slot;
+
+ manager = pkcs11_manager_get();
+ if (!manager)
+ {
+ return NULL;
+ }
+ enumerator = manager->create_token_enumerator(manager);
+ while (enumerator->enumerate(enumerator, &p11, &slot))
+ {
+ if (streq(module, p11->get_name(p11)))
+ {
+ found = p11;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return found;
+}
+
+/**
+ * Find the PKCS#11 lib having a keyid, and optionally a slot
+ */
+static pkcs11_library_t* find_lib_by_keyid(chunk_t keyid, int *slot)
+{
+ pkcs11_manager_t *manager;
+ enumerator_t *enumerator;
+ pkcs11_library_t *p11, *found = NULL;
+ CK_SLOT_ID current;
+
+ manager = pkcs11_manager_get();
+ if (!manager)
+ {
+ return NULL;
+ }
+ enumerator = manager->create_token_enumerator(manager);
+ while (enumerator->enumerate(enumerator, &p11, &current))
+ {
+ if (*slot == -1 || *slot == current)
+ {
+ /* we look for a public key, it is usually readable without login */
+ CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_ID, keyid.ptr, keyid.len},
+ };
+ CK_OBJECT_HANDLE object;
+ CK_SESSION_HANDLE session;
+ CK_RV rv;
+ enumerator_t *keys;
+
+ rv = p11->f->C_OpenSession(current, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N",
+ ck_rv_names, rv);
+ continue;
+ }
+ keys = p11->create_object_enumerator(p11, session,
+ tmpl, countof(tmpl), NULL, 0);
+ if (keys->enumerate(keys, &object))
+ {
+ DBG1(DBG_CFG, "found key on PKCS#11 token '%s':%d",
+ p11->get_name(p11), current);
+ found = p11;
+ *slot = current;
+ }
+ keys->destroy(keys);
+ p11->f->C_CloseSession(session);
+ if (found)
+ {
+ break;
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+ return found;
+}
+
+/**
+ * Find the key on the token
+ */
+static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid)
+{
+ CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_ID, keyid.ptr, keyid.len},
+ };
+ CK_OBJECT_HANDLE object;
+ CK_KEY_TYPE type;
+ CK_BBOOL reauth;
+ CK_ATTRIBUTE attr[] = {
+ {CKA_KEY_TYPE, &type, sizeof(type)},
+ {CKA_ALWAYS_AUTHENTICATE, &reauth, sizeof(reauth)},
+ {CKA_MODULUS, NULL, 0},
+ {CKA_PUBLIC_EXPONENT, NULL, 0},
+ };
+ enumerator_t *enumerator;
+ chunk_t modulus, pubexp;
+
+ enumerator = this->lib->create_object_enumerator(this->lib,
+ this->session, tmpl, countof(tmpl), attr, countof(attr));
+ if (enumerator->enumerate(enumerator, &object))
+ {
+ switch (type)
+ {
+ case CKK_RSA:
+ if (attr[2].ulValueLen == -1 || attr[3].ulValueLen == -1)
+ {
+ DBG1(DBG_CFG, "reading modulus/exponent from PKCS#1 failed");
+ break;
+ }
+ modulus = chunk_create(attr[2].pValue, attr[2].ulValueLen);
+ pubexp = chunk_create(attr[3].pValue, attr[3].ulValueLen);
+ this->pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
+ KEY_RSA, BUILD_RSA_MODULUS, modulus,
+ BUILD_RSA_PUB_EXP, pubexp, BUILD_END);
+ if (!this->pubkey)
+ {
+ DBG1(DBG_CFG, "extracting public key from PKCS#11 RSA "
+ "private key failed");
+ }
+ this->reauth = reauth;
+ this->object = object;
+ break;
+ default:
+ DBG1(DBG_CFG, "PKCS#11 key type %d not supported", type);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return this->pubkey != NULL;
+}
+
+/**
+ * Find a PIN and try to log in
+ */
+static bool login(private_pkcs11_private_key_t *this, int slot)
+{
+ enumerator_t *enumerator;
+ shared_key_t *shared;
+ chunk_t pin;
+ CK_RV rv;
+ CK_SESSION_INFO info;
+ bool found = FALSE, success = FALSE;
+
+ rv = this->lib->f->C_GetSessionInfo(this->session, &info);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetSessionInfo failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ if (info.state != CKS_RO_PUBLIC_SESSION &&
+ info.state != CKS_RW_PUBLIC_SESSION)
+ { /* already logged in with another session, skip */
+ return TRUE;
+ }
+
+ enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
+ SHARED_PIN, this->keyid, NULL);
+ while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
+ {
+ found = TRUE;
+ pin = shared->get_key(shared);
+ rv = this->lib->f->C_Login(this->session, CKU_USER, pin.ptr, pin.len);
+ if (rv == CKR_OK)
+ {
+ success = TRUE;
+ break;
+ }
+ DBG1(DBG_CFG, "login to '%s':%d failed: %N",
+ this->lib->get_name(this->lib), slot, ck_rv_names, rv);
+ }
+ enumerator->destroy(enumerator);
+
+ if (!found)
+ {
+ DBG1(DBG_CFG, "no PIN found for PKCS#11 key %Y", this->keyid);
+ return FALSE;
+ }
+ return success;
+}
+
+/**
+ * See header.
+ */
+pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
+{
+ private_pkcs11_private_key_t *this;
+ char *module = NULL;
+ chunk_t keyid = chunk_empty;
+ int slot = -1;
+ CK_RV rv;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_PKCS11_KEYID:
+ keyid = va_arg(args, chunk_t);
+ continue;
+ case BUILD_PKCS11_SLOT:
+ slot = va_arg(args, int);
+ continue;
+ case BUILD_PKCS11_MODULE:
+ module = va_arg(args, char*);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+ if (!keyid.len)
+ {
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
+
+ if (module && slot != -1)
+ {
+ this->lib = find_lib(module);
+ if (!this->lib)
+ {
+ DBG1(DBG_CFG, "PKCS#11 module '%s' not found", module);
+ free(this);
+ return NULL;
+ }
+ }
+ else
+ {
+ this->lib = find_lib_by_keyid(keyid, &slot);
+ if (!this->lib)
+ {
+ DBG1(DBG_CFG, "no PKCS#11 module found having a keyid %#B", &keyid);
+ free(this);
+ return NULL;
+ }
+ }
+
+ rv = this->lib->f->C_OpenSession(slot, CKF_SERIAL_SESSION,
+ NULL, NULL, &this->session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening private key session on '%s':%d failed: %N",
+ module, slot, ck_rv_names, rv);
+ free(this);
+ return NULL;
+ }
+
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ this->keyid = identification_create_from_encoding(ID_KEY_ID, keyid);
+
+ if (!login(this, slot))
+ {
+ destroy(this);
+ return NULL;
+ }
+
+ if (!find_key(this, keyid))
+ {
+ destroy(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h
new file mode 100644
index 000000000..428913f0a
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11_private_key pkcs11_private_key
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_PRIVATE_KEY_H_
+#define PKCS11_PRIVATE_KEY_H_
+
+typedef struct pkcs11_private_key_t pkcs11_private_key_t;
+
+#include <credentials/builder.h>
+#include <credentials/keys/private_key.h>
+
+#include "pkcs11.h"
+
+/**
+ * Private Key implementation on top of PKCS#11.
+ */
+struct pkcs11_private_key_t {
+
+ /**
+ * Implements private_key_t interface.
+ */
+ private_key_t key;
+};
+
+/**
+ * Open a private key on a PKCS#11 device.
+ *
+ * Accepts the BUILD_SMARTCARD_KEYID and the BUILD_SMARTCARD_PIN arguments.
+ *
+ * @param type type of the key
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args);
+
+/**
+ * Get the Cryptoki mechanism for a signature scheme.
+ */
+CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme);
+
+/**
+ * Get the Cryptoki mechanism for a encryption scheme.
+ */
+CK_MECHANISM_PTR pkcs11_encryption_scheme_to_mech(encryption_scheme_t scheme);
+
+#endif /** PKCS11_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
new file mode 100644
index 000000000..8d32d9a3f
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
@@ -0,0 +1,473 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_public_key.h"
+
+#include "pkcs11.h"
+#include "pkcs11_private_key.h"
+#include "pkcs11_manager.h"
+
+#include <debug.h>
+#include <threading/mutex.h>
+
+typedef struct private_pkcs11_public_key_t private_pkcs11_public_key_t;
+
+/**
+ * Private data of an pkcs11_public_key_t object.
+ */
+struct private_pkcs11_public_key_t {
+
+ /**
+ * Public pkcs11_public_key_t interface.
+ */
+ pkcs11_public_key_t public;
+
+ /**
+ * Type of the key
+ */
+ key_type_t type;
+
+ /**
+ * Key size in bytes
+ */
+ size_t k;
+
+ /**
+ * PKCS#11 library this key uses
+ */
+ pkcs11_library_t *lib;
+
+ /**
+ * Slot the token is in
+ */
+ CK_SLOT_ID slot;
+
+ /**
+ * Session we use
+ */
+ CK_SESSION_HANDLE session;
+
+ /**
+ * Object handle to the key
+ */
+ CK_OBJECT_HANDLE object;
+
+ /**
+ * Mutex to lock session
+ */
+ mutex_t *mutex;
+
+ /**
+ * References to this key
+ */
+ refcount_t ref;
+};
+
+METHOD(public_key_t, get_type, key_type_t,
+ private_pkcs11_public_key_t *this)
+{
+ return this->type;
+}
+
+METHOD(public_key_t, get_keysize, int,
+ private_pkcs11_public_key_t *this)
+{
+ return this->k * 8;
+}
+
+METHOD(public_key_t, verify, bool,
+ private_pkcs11_public_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t sig)
+{
+ CK_MECHANISM_PTR mechanism;
+ CK_RV rv;
+
+ mechanism = pkcs11_signature_scheme_to_mech(scheme);
+ if (!mechanism)
+ {
+ DBG1(DBG_LIB, "signature scheme %N not supported",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+ if (sig.len && sig.ptr[0] == 0)
+ { /* trim leading zero byte in sig */
+ sig = chunk_skip(sig, 1);
+ }
+ this->mutex->lock(this->mutex);
+ rv = this->lib->f->C_VerifyInit(this->session, mechanism, this->object);
+ if (rv != CKR_OK)
+ {
+ this->mutex->unlock(this->mutex);
+ DBG1(DBG_LIB, "C_VerifyInit() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ rv = this->lib->f->C_Verify(this->session, data.ptr, data.len,
+ sig.ptr, sig.len);
+ this->mutex->unlock(this->mutex);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_LIB, "C_Verify() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(public_key_t, encrypt, bool,
+ private_pkcs11_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t plain, chunk_t *crypt)
+{
+ CK_MECHANISM_PTR mechanism;
+ CK_BYTE_PTR buf;
+ CK_ULONG len;
+ CK_RV rv;
+
+ mechanism = pkcs11_encryption_scheme_to_mech(scheme);
+ if (!mechanism)
+ {
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
+ this->mutex->lock(this->mutex);
+ rv = this->lib->f->C_EncryptInit(this->session, mechanism, this->object);
+ if (rv != CKR_OK)
+ {
+ this->mutex->unlock(this->mutex);
+ DBG1(DBG_LIB, "C_EncryptInit() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ len = (get_keysize(this) + 7) / 8;
+ buf = malloc(len);
+ rv = this->lib->f->C_Encrypt(this->session, plain.ptr, plain.len, buf, &len);
+ this->mutex->unlock(this->mutex);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_LIB, "C_Encrypt() failed: %N", ck_rv_names, rv);
+ free(buf);
+ return FALSE;
+ }
+ *crypt = chunk_create(buf, len);
+ return TRUE;
+}
+
+/**
+ * Encode RSA key using a given encoding type
+ */
+static bool encode_rsa(private_pkcs11_public_key_t *this,
+ cred_encoding_type_t type, void *cache, chunk_t *encoding)
+{
+ CK_RV rv;
+ bool success = FALSE;
+ chunk_t n, e;
+ CK_ATTRIBUTE attr[] = {
+ {CKA_MODULUS, NULL, 0},
+ {CKA_PUBLIC_EXPONENT, NULL, 0},
+ };
+
+ rv = this->lib->f->C_GetAttributeValue(this->session, this->object,
+ attr, countof(attr));
+ if (rv != CKR_OK ||
+ attr[0].ulValueLen == 0 || attr[0].ulValueLen == -1 ||
+ attr[1].ulValueLen == 0 || attr[1].ulValueLen == -1)
+ {
+ return FALSE;
+ }
+ attr[0].pValue = malloc(attr[0].ulValueLen);
+ attr[1].pValue = malloc(attr[1].ulValueLen);
+ rv = this->lib->f->C_GetAttributeValue(this->session, this->object,
+ attr, countof(attr));
+ if (rv == CKR_OK)
+ {
+ n = chunk_create(attr[0].pValue, attr[0].ulValueLen);
+ e = chunk_create(attr[1].pValue, attr[1].ulValueLen);
+ success = lib->encoding->encode(lib->encoding, type, cache, encoding,
+ CRED_PART_RSA_MODULUS, n, CRED_PART_RSA_PUB_EXP, e, CRED_PART_END);
+ }
+ free(attr[0].pValue);
+ free(attr[1].pValue);
+ return success;
+}
+
+METHOD(public_key_t, get_encoding, bool,
+ private_pkcs11_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ switch (this->type)
+ {
+ case KEY_RSA:
+ return encode_rsa(this, type, NULL, encoding);
+ default:
+ return FALSE;
+ }
+}
+
+METHOD(public_key_t, get_fingerprint, bool,
+ private_pkcs11_public_key_t *this, cred_encoding_type_t type, chunk_t *fp)
+{
+ if (lib->encoding->get_cache(lib->encoding, type, this, fp))
+ {
+ return TRUE;
+ }
+ switch (this->type)
+ {
+ case KEY_RSA:
+ return encode_rsa(this, type, this, fp);
+ default:
+ return FALSE;
+ }
+}
+
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_pkcs11_public_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.key;
+}
+
+METHOD(public_key_t, destroy, void,
+ private_pkcs11_public_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ lib->encoding->clear_cache(lib->encoding, this);
+ this->lib->f->C_CloseSession(this->session);
+ this->mutex->destroy(this->mutex);
+ free(this);
+ }
+}
+
+/**
+ * Create an empty PKCS#11 public key
+ */
+static private_pkcs11_public_key_t *create(key_type_t type, size_t k,
+ pkcs11_library_t *p11, CK_SLOT_ID slot,
+ CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
+{
+ private_pkcs11_public_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt,
+ .equals = public_key_equals,
+ .get_keysize = _get_keysize,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .type = type,
+ .k = k,
+ .lib = p11,
+ .slot = slot,
+ .session = session,
+ .object = object,
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .ref = 1,
+ );
+
+ return this;
+}
+
+/**
+ * Find a key object, including PKCS11 library and slot
+ */
+static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e)
+{
+ private_pkcs11_public_key_t *this = NULL;
+ pkcs11_manager_t *manager;
+ enumerator_t *enumerator, *keys;
+ pkcs11_library_t *p11;
+ CK_SLOT_ID slot;
+
+ manager = pkcs11_manager_get();
+ if (!manager)
+ {
+ return NULL;
+ }
+
+ enumerator = manager->create_token_enumerator(manager);
+ while (enumerator->enumerate(enumerator, &p11, &slot))
+ {
+ CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
+ CK_KEY_TYPE type = CKK_RSA;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_KEY_TYPE, &type, sizeof(type)},
+ {CKA_MODULUS, n.ptr, n.len},
+ {CKA_PUBLIC_EXPONENT, e.ptr, e.len},
+ };
+ CK_OBJECT_HANDLE object;
+ CK_SESSION_HANDLE session;
+ CK_RV rv;
+
+ rv = p11->f->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv);
+ continue;
+ }
+ keys = p11->create_object_enumerator(p11, session,
+ tmpl, countof(tmpl), NULL, 0);
+ if (keys->enumerate(keys, &object))
+ {
+ this = create(KEY_RSA, n.len, p11, slot, session, object);
+ keys->destroy(keys);
+ break;
+ }
+ keys->destroy(keys);
+ p11->f->C_CloseSession(session);
+ }
+ enumerator->destroy(enumerator);
+ return this;
+}
+
+/**
+ * Create a key object in a suitable token session
+ */
+static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e)
+{
+ private_pkcs11_public_key_t *this = NULL;
+ pkcs11_manager_t *manager;
+ enumerator_t *enumerator, *mechs;
+ pkcs11_library_t *p11;
+ CK_SLOT_ID slot;
+
+ manager = pkcs11_manager_get();
+ if (!manager)
+ {
+ return NULL;
+ }
+
+ enumerator = manager->create_token_enumerator(manager);
+ while (enumerator->enumerate(enumerator, &p11, &slot))
+ {
+ CK_MECHANISM_TYPE mech;
+ CK_MECHANISM_INFO info;
+ CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
+ CK_KEY_TYPE type = CKK_RSA;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_KEY_TYPE, &type, sizeof(type)},
+ {CKA_MODULUS, n.ptr, n.len},
+ {CKA_PUBLIC_EXPONENT, e.ptr, e.len}
+ };
+ CK_OBJECT_HANDLE object;
+ CK_SESSION_HANDLE session;
+ CK_RV rv;
+
+ mechs = p11->create_mechanism_enumerator(p11, slot);
+ while (mechs->enumerate(mechs, &mech, &info))
+ {
+ if (!(info.flags & CKF_VERIFY))
+ {
+ continue;
+ }
+ switch (mech)
+ {
+ case CKM_RSA_PKCS:
+ case CKM_SHA1_RSA_PKCS:
+ case CKM_SHA256_RSA_PKCS:
+ case CKM_SHA384_RSA_PKCS:
+ case CKM_SHA512_RSA_PKCS:
+ case CKM_MD5_RSA_PKCS:
+ break;
+ default:
+ continue;
+ }
+ rv = p11->f->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N",
+ ck_rv_names, rv);
+ continue;
+ }
+ rv = p11->f->C_CreateObject(session, tmpl, countof(tmpl), &object);
+ if (rv == CKR_OK)
+ {
+ this = create(KEY_RSA, n.len, p11, slot, session, object);
+ DBG2(DBG_CFG, "created RSA public key on token '%s':%d ",
+ p11->get_name(p11), slot);
+ break;
+ }
+ else
+ {
+ DBG1(DBG_CFG, "creating RSA public key on token '%s':%d "
+ "failed: %N", p11->get_name(p11), slot, ck_rv_names, rv);
+ p11->f->C_CloseSession(session);
+ }
+ }
+ mechs->destroy(mechs);
+ if (this)
+ {
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return this;
+}
+
+/**
+ * See header
+ */
+pkcs11_public_key_t *pkcs11_public_key_load(key_type_t type, va_list args)
+{
+ private_pkcs11_public_key_t *this;
+ chunk_t n, e;
+
+ n = e = chunk_empty;
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_RSA_MODULUS:
+ n = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_PUB_EXP:
+ e = va_arg(args, chunk_t);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+ if (type == KEY_RSA && e.ptr && n.ptr)
+ {
+ if (n.len && n.ptr[0] == 0)
+ { /* trim leading zero byte in modulus */
+ n = chunk_skip(n, 1);
+ }
+ this = find_rsa_key(n, e);
+ if (this)
+ {
+ return &this->public;
+ }
+ this = create_rsa_key(n, e);
+ if (this)
+ {
+ return &this->public;
+ }
+ }
+ return NULL;
+}
+
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h
new file mode 100644
index 000000000..4fd94620e
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11_public_key pkcs11_public_key
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_PUBLIC_KEY_H_
+#define PKCS11_PUBLIC_KEY_H_
+
+typedef struct pkcs11_public_key_t pkcs11_public_key_t;
+
+#include <credentials/builder.h>
+#include <credentials/keys/private_key.h>
+
+/**
+ * PKCS#11 based public key implementation.
+ */
+struct pkcs11_public_key_t {
+
+ /**
+ * Implements public_key_t.
+ */
+ public_key_t key;
+};
+
+/**
+ * Create a public key in a PKCS#11 session.
+ *
+ * @param type type of the key
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+pkcs11_public_key_t *pkcs11_public_key_load(key_type_t type, va_list args);
+
+#endif /** PKCS11_PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c
index 336d0bc02..e1427bf15 100644
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@@ -189,7 +189,6 @@ static bool load(private_plugin_loader_t *this, char *path, char *list)
plugin = load_plugin(this, path, token);
if (plugin)
{
- /* insert in front to destroy them in reverse order */
this->plugins->insert_last(this->plugins, plugin);
this->names->insert_last(this->names, token);
}
@@ -215,12 +214,13 @@ static void unload(private_plugin_loader_t *this)
plugin_t *plugin;
char *name;
- while (this->plugins->remove_first(this->plugins,
+ /* unload plugins in reverse order */
+ while (this->plugins->remove_last(this->plugins,
(void**)&plugin) == SUCCESS)
{
plugin->destroy(plugin);
}
- while (this->names->remove_first(this->names, (void**)&name) == SUCCESS)
+ while (this->names->remove_last(this->names, (void**)&name) == SUCCESS)
{
free(name);
}
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index 4dc5985cd..495223855 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -197,14 +200,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -244,7 +257,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
index b0eabc9ee..6f41ada2a 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
@@ -50,7 +50,7 @@ plugin_t *pubkey_plugin_create()
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, FALSE,
(builder_function_t)pubkey_cert_wrap);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index af929080d..efd24c761 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -197,14 +200,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -244,7 +257,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in
index 871566e65..16a9d21c5 100644
--- a/src/libstrongswan/plugins/revocation/Makefile.in
+++ b/src/libstrongswan/plugins/revocation/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -168,6 +169,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -199,14 +202,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -221,24 +227,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -246,7 +259,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/revocation/revocation_plugin.c b/src/libstrongswan/plugins/revocation/revocation_plugin.c
index d352a9583..02393b907 100644
--- a/src/libstrongswan/plugins/revocation/revocation_plugin.c
+++ b/src/libstrongswan/plugins/revocation/revocation_plugin.c
@@ -52,7 +52,11 @@ plugin_t *revocation_plugin_create()
private_revocation_plugin_t *this;
INIT(this,
- .public.plugin.destroy = _destroy,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
.validator = revocation_validator_create(),
);
lib->credmgr->add_validator(lib->credmgr, &this->validator->validator);
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index 703764e5e..1036bedfc 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -196,14 +199,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -243,7 +256,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index 5e490f2e5..579e6f9b0 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -195,14 +198,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -242,7 +255,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index 6d81d0d81..9c9b57f98 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -167,6 +168,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -198,14 +201,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -220,24 +226,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -245,7 +258,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am
index 6d3b05d19..049301977 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.am
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.am
@@ -13,9 +13,14 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors_plugin.h test_vectors_plugin.c test_vectors.h \
test_vectors/3des_cbc.c \
test_vectors/aes_cbc.c \
+ test_vectors/aes_ctr.c \
test_vectors/aes_xcbc.c \
+ test_vectors/aes_ccm.c \
+ test_vectors/aes_gcm.c \
test_vectors/blowfish.c \
test_vectors/camellia_cbc.c \
+ test_vectors/camellia_ctr.c \
+ test_vectors/camellia_xcbc.c \
test_vectors/cast.c \
test_vectors/des.c \
test_vectors/idea.c \
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index 20a6db81e..9be3f825a 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -75,10 +76,11 @@ am__installdirs = "$(DESTDIR)$(plugindir)"
LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_test_vectors_la_LIBADD =
am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \
- 3des_cbc.lo aes_cbc.lo aes_xcbc.lo blowfish.lo camellia_cbc.lo \
- cast.lo des.lo idea.lo null.lo rc5.lo serpent_cbc.lo \
- twofish_cbc.lo md2.lo md4.lo md5.lo md5_hmac.lo sha1.lo \
- sha1_hmac.lo sha2.lo sha2_hmac.lo fips_prf.lo rng.lo
+ 3des_cbc.lo aes_cbc.lo aes_ctr.lo aes_xcbc.lo aes_ccm.lo \
+ aes_gcm.lo blowfish.lo camellia_cbc.lo camellia_ctr.lo \
+ camellia_xcbc.lo cast.lo des.lo idea.lo null.lo rc5.lo \
+ serpent_cbc.lo twofish_cbc.lo md2.lo md4.lo md5.lo md5_hmac.lo \
+ sha1.lo sha1_hmac.lo sha2.lo sha2_hmac.lo fips_prf.lo rng.lo
libstrongswan_test_vectors_la_OBJECTS = \
$(am_libstrongswan_test_vectors_la_OBJECTS)
libstrongswan_test_vectors_la_LINK = $(LIBTOOL) --tag=CC \
@@ -171,6 +173,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -202,14 +206,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -224,24 +231,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -249,7 +263,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
@@ -269,9 +286,14 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors_plugin.h test_vectors_plugin.c test_vectors.h \
test_vectors/3des_cbc.c \
test_vectors/aes_cbc.c \
+ test_vectors/aes_ctr.c \
test_vectors/aes_xcbc.c \
+ test_vectors/aes_ccm.c \
+ test_vectors/aes_gcm.c \
test_vectors/blowfish.c \
test_vectors/camellia_cbc.c \
+ test_vectors/camellia_ctr.c \
+ test_vectors/camellia_xcbc.c \
test_vectors/cast.c \
test_vectors/des.c \
test_vectors/idea.c \
@@ -376,9 +398,14 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/3des_cbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_cbc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_ccm.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_ctr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_gcm.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_xcbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/blowfish.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/camellia_cbc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/camellia_ctr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/camellia_xcbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cast.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/des.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fips_prf.Plo@am__quote@
@@ -433,6 +460,13 @@ aes_cbc.lo: test_vectors/aes_cbc.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_cbc.lo `test -f 'test_vectors/aes_cbc.c' || echo '$(srcdir)/'`test_vectors/aes_cbc.c
+aes_ctr.lo: test_vectors/aes_ctr.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_ctr.lo -MD -MP -MF $(DEPDIR)/aes_ctr.Tpo -c -o aes_ctr.lo `test -f 'test_vectors/aes_ctr.c' || echo '$(srcdir)/'`test_vectors/aes_ctr.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_ctr.Tpo $(DEPDIR)/aes_ctr.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_ctr.c' object='aes_ctr.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_ctr.lo `test -f 'test_vectors/aes_ctr.c' || echo '$(srcdir)/'`test_vectors/aes_ctr.c
+
aes_xcbc.lo: test_vectors/aes_xcbc.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_xcbc.lo -MD -MP -MF $(DEPDIR)/aes_xcbc.Tpo -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_xcbc.Tpo $(DEPDIR)/aes_xcbc.Plo
@@ -440,6 +474,20 @@ aes_xcbc.lo: test_vectors/aes_xcbc.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c
+aes_ccm.lo: test_vectors/aes_ccm.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_ccm.lo -MD -MP -MF $(DEPDIR)/aes_ccm.Tpo -c -o aes_ccm.lo `test -f 'test_vectors/aes_ccm.c' || echo '$(srcdir)/'`test_vectors/aes_ccm.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_ccm.Tpo $(DEPDIR)/aes_ccm.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_ccm.c' object='aes_ccm.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_ccm.lo `test -f 'test_vectors/aes_ccm.c' || echo '$(srcdir)/'`test_vectors/aes_ccm.c
+
+aes_gcm.lo: test_vectors/aes_gcm.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_gcm.lo -MD -MP -MF $(DEPDIR)/aes_gcm.Tpo -c -o aes_gcm.lo `test -f 'test_vectors/aes_gcm.c' || echo '$(srcdir)/'`test_vectors/aes_gcm.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_gcm.Tpo $(DEPDIR)/aes_gcm.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_gcm.c' object='aes_gcm.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_gcm.lo `test -f 'test_vectors/aes_gcm.c' || echo '$(srcdir)/'`test_vectors/aes_gcm.c
+
blowfish.lo: test_vectors/blowfish.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT blowfish.lo -MD -MP -MF $(DEPDIR)/blowfish.Tpo -c -o blowfish.lo `test -f 'test_vectors/blowfish.c' || echo '$(srcdir)/'`test_vectors/blowfish.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/blowfish.Tpo $(DEPDIR)/blowfish.Plo
@@ -454,6 +502,20 @@ camellia_cbc.lo: test_vectors/camellia_cbc.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o camellia_cbc.lo `test -f 'test_vectors/camellia_cbc.c' || echo '$(srcdir)/'`test_vectors/camellia_cbc.c
+camellia_ctr.lo: test_vectors/camellia_ctr.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT camellia_ctr.lo -MD -MP -MF $(DEPDIR)/camellia_ctr.Tpo -c -o camellia_ctr.lo `test -f 'test_vectors/camellia_ctr.c' || echo '$(srcdir)/'`test_vectors/camellia_ctr.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/camellia_ctr.Tpo $(DEPDIR)/camellia_ctr.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/camellia_ctr.c' object='camellia_ctr.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o camellia_ctr.lo `test -f 'test_vectors/camellia_ctr.c' || echo '$(srcdir)/'`test_vectors/camellia_ctr.c
+
+camellia_xcbc.lo: test_vectors/camellia_xcbc.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT camellia_xcbc.lo -MD -MP -MF $(DEPDIR)/camellia_xcbc.Tpo -c -o camellia_xcbc.lo `test -f 'test_vectors/camellia_xcbc.c' || echo '$(srcdir)/'`test_vectors/camellia_xcbc.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/camellia_xcbc.Tpo $(DEPDIR)/camellia_xcbc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/camellia_xcbc.c' object='camellia_xcbc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o camellia_xcbc.lo `test -f 'test_vectors/camellia_xcbc.c' || echo '$(srcdir)/'`test_vectors/camellia_xcbc.c
+
cast.lo: test_vectors/cast.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cast.lo -MD -MP -MF $(DEPDIR)/cast.Tpo -c -o cast.lo `test -f 'test_vectors/cast.c' || echo '$(srcdir)/'`test_vectors/cast.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cast.Tpo $(DEPDIR)/cast.Plo
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h
index b182dd829..ab4689c1c 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors.h
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h
@@ -19,6 +19,15 @@ TEST_VECTOR_CRYPTER(aes_cbc3)
TEST_VECTOR_CRYPTER(aes_cbc4)
TEST_VECTOR_CRYPTER(aes_cbc5)
TEST_VECTOR_CRYPTER(aes_cbc6)
+TEST_VECTOR_CRYPTER(aes_ctr1)
+TEST_VECTOR_CRYPTER(aes_ctr2)
+TEST_VECTOR_CRYPTER(aes_ctr3)
+TEST_VECTOR_CRYPTER(aes_ctr4)
+TEST_VECTOR_CRYPTER(aes_ctr5)
+TEST_VECTOR_CRYPTER(aes_ctr6)
+TEST_VECTOR_CRYPTER(aes_ctr7)
+TEST_VECTOR_CRYPTER(aes_ctr8)
+TEST_VECTOR_CRYPTER(aes_ctr9)
TEST_VECTOR_CRYPTER(blowfish1)
TEST_VECTOR_CRYPTER(blowfish2)
TEST_VECTOR_CRYPTER(camellia_cbc1)
@@ -27,6 +36,15 @@ TEST_VECTOR_CRYPTER(camellia_cbc3)
TEST_VECTOR_CRYPTER(camellia_cbc4)
TEST_VECTOR_CRYPTER(camellia_cbc5)
TEST_VECTOR_CRYPTER(camellia_cbc6)
+TEST_VECTOR_CRYPTER(camellia_ctr1)
+TEST_VECTOR_CRYPTER(camellia_ctr2)
+TEST_VECTOR_CRYPTER(camellia_ctr3)
+TEST_VECTOR_CRYPTER(camellia_ctr4)
+TEST_VECTOR_CRYPTER(camellia_ctr5)
+TEST_VECTOR_CRYPTER(camellia_ctr6)
+TEST_VECTOR_CRYPTER(camellia_ctr7)
+TEST_VECTOR_CRYPTER(camellia_ctr8)
+TEST_VECTOR_CRYPTER(camellia_ctr9)
TEST_VECTOR_CRYPTER(cast1)
TEST_VECTOR_CRYPTER(des_cbc1)
TEST_VECTOR_CRYPTER(des_cbc2)
@@ -49,11 +67,31 @@ TEST_VECTOR_CRYPTER(twofish_cbc1)
TEST_VECTOR_CRYPTER(twofish_cbc2)
TEST_VECTOR_CRYPTER(twofish_cbc3)
+TEST_VECTOR_AEAD(aes_ccm1)
+TEST_VECTOR_AEAD(aes_ccm2)
+TEST_VECTOR_AEAD(aes_ccm3)
+TEST_VECTOR_AEAD(aes_ccm4)
+TEST_VECTOR_AEAD(aes_ccm5)
+TEST_VECTOR_AEAD(aes_ccm6)
+TEST_VECTOR_AEAD(aes_ccm7)
+TEST_VECTOR_AEAD(aes_ccm8)
+TEST_VECTOR_AEAD(aes_ccm9)
+TEST_VECTOR_AEAD(aes_ccm10)
+TEST_VECTOR_AEAD(aes_ccm11)
+TEST_VECTOR_AEAD(aes_gcm1)
+TEST_VECTOR_AEAD(aes_gcm2)
+TEST_VECTOR_AEAD(aes_gcm3)
+TEST_VECTOR_AEAD(aes_gcm4)
+TEST_VECTOR_AEAD(aes_gcm5)
+TEST_VECTOR_AEAD(aes_gcm6)
+TEST_VECTOR_AEAD(aes_gcm7)
+
TEST_VECTOR_SIGNER(aes_xcbc_s1)
TEST_VECTOR_SIGNER(aes_xcbc_s2)
TEST_VECTOR_SIGNER(aes_xcbc_s3)
TEST_VECTOR_SIGNER(aes_xcbc_s4)
TEST_VECTOR_SIGNER(aes_xcbc_s5)
+TEST_VECTOR_SIGNER(camellia_xcbc_s1)
TEST_VECTOR_SIGNER(md5_hmac_s1)
TEST_VECTOR_SIGNER(md5_hmac_s2)
TEST_VECTOR_SIGNER(md5_hmac_s3)
@@ -118,6 +156,9 @@ TEST_VECTOR_PRF(aes_xcbc_p4)
TEST_VECTOR_PRF(aes_xcbc_p5)
TEST_VECTOR_PRF(aes_xcbc_p6)
TEST_VECTOR_PRF(aes_xcbc_p7)
+TEST_VECTOR_PRF(camellia_xcbc_p1)
+TEST_VECTOR_PRF(camellia_xcbc_p2)
+TEST_VECTOR_PRF(camellia_xcbc_p3)
TEST_VECTOR_PRF(md5_hmac_p1)
TEST_VECTOR_PRF(md5_hmac_p2)
TEST_VECTOR_PRF(md5_hmac_p3)
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c
new file mode 100644
index 000000000..8de180ad5
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c
@@ -0,0 +1,157 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * Test vectors with 11 bytes nonces are hard to find, neither RFC3610 nor
+ * NIST 800-38C has one. These vectors are taken from the Linux kernel,
+ * originally from "fips cavs fax files on hand at Red Hat".
+ */
+aead_test_vector_t aes_ccm1 = {
+ .alg = ENCR_AES_CCM_ICV16, .key_size = 16, .len = 32, .alen = 0,
+ .key = "\x83\xac\x54\x66\xc2\xeb\xe5\x05\x2e\x01\xd1\xfc\x5d\x82\x66\x2e"
+ "\x96\xac\x59",
+ .iv = "\x30\x07\xa1\xe2\xa2\xc7\x55\x24",
+ .plain = "\x19\xc8\x81\xf6\xe9\x86\xff\x93\x0b\x78\x67\xe5\xbb\xb7\xfc\x6e"
+ "\x83\x77\xb3\xa6\x0c\x8c\x9f\x9c\x35\x2e\xad\xe0\x62\xf9\x91\xa1",
+ .cipher = "\xab\x6f\xe1\x69\x1d\x19\x99\xa8\x92\xa0\xc4\x6f\x7e\xe2\x8b\xb1"
+ "\x70\xbb\x8c\xa6\x4c\x6e\x97\x8a\x57\x2b\xbe\x5d\x98\xa6\xb1\x32"
+ "\xda\x24\xea\xd9\xa1\x39\x98\xfd\xa4\xbe\xd9\xf2\x1a\x6d\x22\xa8",
+};
+
+aead_test_vector_t aes_ccm2 = {
+ .alg = ENCR_AES_CCM_ICV16, .key_size = 16, .len = 32, .alen = 32,
+ .key = "\x1e\x2c\x7e\x01\x41\x9a\xef\xc0\x0d\x58\x96\x6e\x5c\xa2\x4b\xd3"
+ "\x4f\xa3\x19",
+ .iv = "\xd3\x01\x5a\xd8\x30\x60\x15\x56",
+ .adata = "\xda\xe6\x28\x9c\x45\x2d\xfd\x63\x5e\xda\x4c\xb6\xe6\xfc\xf9\xb7"
+ "\x0c\x56\xcb\xe4\xe0\x05\x7a\xe1\x0a\x63\x09\x78\xbc\x2c\x55\xde",
+ .plain = "\x87\xa3\x36\xfd\x96\xb3\x93\x78\xa9\x28\x63\xba\x12\xa3\x14\x85"
+ "\x57\x1e\x06\xc9\x7b\x21\xef\x76\x7f\x38\x7e\x8e\x29\xa4\x3e\x7e",
+ .cipher = "\x8a\x1e\x11\xf0\x02\x6b\xe2\x19\xfc\x70\xc4\x6d\x8e\xb7\x99\xab"
+ "\xc5\x4b\xa2\xac\xd3\xf3\x48\xff\x3b\xb5\xce\x53\xef\xde\xbb\x02"
+ "\xa9\x86\x15\x6c\x13\xfe\xda\x0a\x22\xb8\x29\x3d\xd8\x39\x9a\x23",
+};
+
+aead_test_vector_t aes_ccm3 = {
+ .alg = ENCR_AES_CCM_ICV16, .key_size = 24, .len = 0, .alen = 32,
+ .key = "\xf4\x6b\xc2\x75\x62\xfe\xb4\xe1\xa3\xf0\xff\xdd\x4e\x4b\x12\x75"
+ "\x53\x14\x73\x66\x8d\x88\xf6\x80\xa0\x20\x35",
+ .iv = "\x26\xf2\x21\x8d\x50\x20\xda\xe2",
+ .adata = "\x5b\x9e\x13\x67\x02\x5e\xef\xc1\x6c\xf9\xd7\x1e\x52\x8f\x7a\x47"
+ "\xe9\xd4\xcf\x20\x14\x6e\xf0\x2d\xd8\x9e\x2b\x56\x10\x23\x56\xe7",
+ .cipher = "\x36\xea\x7a\x70\x08\xdc\x6a\xbc\xad\x0c\x7a\x63\xf6\x61\xfd\x9b",
+};
+
+aead_test_vector_t aes_ccm4 = {
+ .alg = ENCR_AES_CCM_ICV16, .key_size = 24, .len = 32, .alen = 32,
+ .key = "\x56\xdf\x5c\x8f\x26\x3f\x0e\x42\xef\x7a\xd3\xce\xfc\x84\x60\x62"
+ "\xca\xb4\x40\xaf\x5f\xc9\xc9\x01\xd6\x3c\x8c",
+ .iv = "\x86\x84\xb6\xcd\xef\x09\x2e\x94",
+ .adata = "\x02\x65\x78\x3c\xe9\x21\x30\x91\xb1\xb9\xda\x76\x9a\x78\x6d\x95"
+ "\xf2\x88\x32\xa3\xf2\x50\xcb\x4c\xe3\x00\x73\x69\x84\x69\x87\x79",
+ .plain = "\x9f\xd2\x02\x4b\x52\x49\x31\x3c\x43\x69\x3a\x2d\x8e\x70\xad\x7e"
+ "\xe0\xe5\x46\x09\x80\x89\x13\xb2\x8c\x8b\xd9\x3f\x86\xfb\xb5\x6b",
+ .cipher = "\x39\xdf\x7c\x3c\x5a\x29\xb9\x62\x5d\x51\xc2\x16\xd8\xbd\x06\x9f"
+ "\x9b\x6a\x09\x70\xc1\x51\x83\xc2\x66\x88\x1d\x4f\x9a\xda\xe0\x1e"
+ "\xc7\x79\x11\x58\xe5\x6b\x20\x40\x7a\xea\x46\x42\x8b\xe4\x6f\xe1",
+};
+
+aead_test_vector_t aes_ccm5 = {
+ .alg = ENCR_AES_CCM_ICV8, .key_size = 32, .len = 32, .alen = 32,
+ .key = "\xe0\x8d\x99\x71\x60\xd7\x97\x1a\xbd\x01\x99\xd5\x8a\xdf\x71\x3a"
+ "\xd3\xdf\x24\x4b\x5e\x3d\x4b\x4e\x30\x7a\xb9\xd8\x53\x0a\x5e\x2b"
+ "\x1e\x29\x91",
+ .iv = "\xad\x8e\xc1\x53\x0a\xcf\x2d\xbe",
+ .adata = "\x19\xb6\x1f\x57\xc4\xf3\xf0\x8b\x78\x2b\x94\x02\x29\x0f\x42\x27"
+ "\x6b\x75\xcb\x98\x34\x08\x7e\x79\xe4\x3e\x49\x0d\x84\x8b\x22\x87",
+ .plain = "\xe1\xd9\xd8\x13\xeb\x3a\x75\x3f\x9d\xbd\x5f\x66\xbe\xdc\xbb\x66"
+ "\xbf\x17\x99\x62\x4a\x39\x27\x1f\x1d\xdc\x24\xae\x19\x2f\x98\x4c",
+ .cipher = "\x19\xb8\x61\x33\x45\x2b\x43\x96\x6f\x51\xd0\x20\x30\x7d\x9b\xc6"
+ "\x26\x3d\xf8\xc9\x65\x16\xa8\x9f\xf0\x62\x17\x34\xf2\x1e\x8d\x75"
+ "\x4e\x13\xcc\xc0\xc3\x2a\x54\x2d",
+};
+
+aead_test_vector_t aes_ccm6 = {
+ .alg = ENCR_AES_CCM_ICV12, .key_size = 32, .len = 32, .alen = 32,
+ .key = "\x7c\xc8\x18\x3b\x8d\x99\xe0\x7c\x45\x41\xb8\xbd\x5c\xa7\xc2\x32"
+ "\x8a\xb8\x02\x59\xa4\xfe\xa9\x2c\x09\x75\x9a\x9b\x3c\x9b\x27\x39"
+ "\xf9\xd9\x4e",
+ .iv = "\x63\xb5\x3d\x9d\x43\xf6\x1e\x50",
+ .adata = "\x57\xf5\x6b\x8b\x57\x5c\x3d\x3b\x13\x02\x01\x0c\x83\x4c\x96\x35"
+ "\x8e\xd6\x39\xcf\x7d\x14\x9b\x94\xb0\x39\x36\xe6\x8f\x57\xe0\x13",
+ .plain = "\x3b\x6c\x29\x36\xb6\xef\x07\xa6\x83\x72\x07\x4f\xcf\xfa\x66\x89"
+ "\x5f\xca\xb1\xba\xd5\x8f\x2c\x27\x30\xdb\x75\x09\x93\xd4\x65\xe4",
+ .cipher = "\xb0\x88\x5a\x33\xaa\xe5\xc7\x1d\x85\x23\xc7\xc6\x2f\xf4\x1e\x3d"
+ "\xcc\x63\x44\x25\x07\x78\x4f\x9e\x96\xb8\x88\xeb\xbc\x48\x1f\x06"
+ "\x39\xaf\x39\xac\xd8\x4a\x80\x39\x7b\x72\x8a\xf7",
+};
+
+aead_test_vector_t aes_ccm7 = {
+ .alg = ENCR_AES_CCM_ICV16, .key_size = 32, .len = 32, .alen = 32,
+ .key = "\xab\xd0\xe9\x33\x07\x26\xe5\x83\x8c\x76\x95\xd4\xb6\xdc\xf3\x46"
+ "\xf9\x8f\xad\xe3\x02\x13\x83\x77\x3f\xb0\xf1\xa1\xa1\x22\x0f\x2b"
+ "\x24\xa7\x8b",
+ .iv = "\x07\xcb\xcc\x0e\xe6\x33\xbf\xf5",
+ .adata = "\xd4\xdb\x30\x1d\x03\xfe\xfd\x5f\x87\xd4\x8c\xb6\xb6\xf1\x7a\x5d"
+ "\xab\x90\x65\x8d\x8e\xca\x4d\x4f\x16\x0c\x40\x90\x4b\xc7\x36\x73",
+ .plain = "\xf5\xc6\x7d\x48\xc1\xb7\xe6\x92\x97\x5a\xca\xc4\xa9\x6d\xf9\x3d"
+ "\x6c\xde\xbc\xf1\x90\xea\x6a\xb2\x35\x86\x36\xaf\x5c\xfe\x4b\x3a",
+ .cipher = "\x83\x6f\x40\x87\x72\xcf\xc1\x13\xef\xbb\x80\x21\x04\x6c\x58\x09"
+ "\x07\x1b\xfc\xdf\xc0\x3f\x5b\xc7\xe0\x79\xa8\x6e\x71\x7c\x3f\xcf"
+ "\x5c\xda\xb2\x33\xe5\x13\xe2\x0d\x74\xd1\xef\xb5\x0f\x3a\xb5\xf8",
+};
+
+aead_test_vector_t aes_ccm8 = {
+ .alg = ENCR_AES_CCM_ICV8, .key_size = 16, .len = 0, .alen = 0,
+ .key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1\xff\x80\x2e\x48\x7d\x82\xf8\xb9"
+ "\xaf\x94\x87",
+ .iv = "\x78\x35\x82\x81\x7f\x88\x94\x68",
+ .cipher = "\x41\x3c\xb8\x87\x73\xcb\xf3\xf3",
+};
+
+aead_test_vector_t aes_ccm9 = {
+ .alg = ENCR_AES_CCM_ICV8, .key_size = 24, .len = 0, .alen = 32,
+ .key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3"
+ "\xa4\x48\x93\x39\x26\x71\x4a\xc6\xee\x49\x83",
+ .iv = "\xe9\xa9\xff\xe9\x57\xba\xfd\x9e",
+ .adata = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1\x58\x7c\xf2\x5c\x6d\x39\x0a\x64"
+ "\xa4\xf0\x13\x05\xd1\x77\x99\x67\x11\xc4\xc6\xdb\x00\x56\x36\x61",
+ .cipher = "\x71\x99\xfa\xf4\x44\x12\x68\x9b",
+};
+
+aead_test_vector_t aes_ccm10 = {
+ .alg = ENCR_AES_CCM_ICV8, .key_size = 32, .len = 0, .alen = 0,
+ .key = "\xa4\x4b\x54\x29\x0a\xb8\x6d\x01\x5b\x80\x2a\xcf\x25\xc4\xb7\x5c"
+ "\x20\x2c\xad\x30\xc2\x2b\x41\xfb\x0e\x85\xbc\x33\xad\x0f\x2b\xff"
+ "\xee\x49\x83",
+ .iv = "\xe9\xa9\xff\xe9\x57\xba\xfd\x9e",
+ .cipher = "\x1f\xb8\x8f\xa3\xdd\x54\x00\xf2",
+};
+
+aead_test_vector_t aes_ccm11 = {
+ .alg = ENCR_AES_CCM_ICV8, .key_size = 24, .len = 32, .alen = 32,
+ .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7\x96\xe5\xc5\x68\xaa\x95\x35\xe0"
+ "\x29\xa0\xba\x9e\x48\x78\xd1\xba\xee\x49\x83",
+ .iv = "\xe9\xa9\xff\xe9\x57\xba\xfd\x9e",
+ .adata = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1\x58\x7c\xf2\x5c\x6d\x39\x0a\x64"
+ "\xa4\xf0\x13\x05\xd1\x77\x99\x67\x11\xc4\xc6\xdb\x00\x56\x36\x61",
+ .plain = "\x85\x34\x66\x42\xc8\x92\x0f\x36\x58\xe0\x6b\x91\x3c\x98\x5c\xbb"
+ "\x0a\x85\xcc\x02\xad\x7a\x96\xe9\x65\x43\xa4\xc3\x0f\xdc\x55\x81",
+ .cipher = "\xfb\xe5\x5d\x34\xbe\xe5\xe8\xe7\x5a\xef\x2f\xbf\x1f\x7f\xd4\xb2"
+ "\x66\xca\x61\x1e\x96\x7a\x61\xb3\x1c\x16\x45\x52\xba\x04\x9c\x9f"
+ "\xb1\xd2\x40\xbc\x52\x7c\x6f\xb1",
+};
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c
new file mode 100644
index 000000000..1e5126a70
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c
@@ -0,0 +1,148 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * Test 1 of RFC3686
+ */
+crypter_test_vector_t aes_ctr1 = {
+ .alg = ENCR_AES_CTR, .key_size = 16, .len = 16,
+ .key = "\xae\x68\x52\xf8\x12\x10\x67\xcc\x4b\xf7\xa5\x76\x55\x77\xf3\x9e"
+ "\x00\x00\x00\x30",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "Single block msg",
+ .cipher = "\xe4\x09\x5d\x4f\xb7\xa7\xb3\x79\x2d\x61\x75\xa3\x26\x13\x11\xb8"
+};
+
+/**
+ * Test 2 of RFC3686
+ */
+crypter_test_vector_t aes_ctr2 = {
+ .alg = ENCR_AES_CTR, .key_size = 16, .len = 32,
+ .key = "\x7e\x24\x06\x78\x17\xfa\xe0\xd7\x43\xd6\xce\x1f\x32\x53\x91\x63"
+ "\x00\x6c\xb6\xdb",
+ .iv = "\xc0\x54\x3b\x59\xda\x48\xd9\x0b",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .cipher = "\x51\x04\xa1\x06\x16\x8a\x72\xd9\x79\x0d\x41\xee\x8e\xda\xd3\x88"
+ "\xeb\x2e\x1e\xfc\x46\xda\x57\xc8\xfc\xe6\x30\xdf\x91\x41\xbe\x28"
+};
+
+/**
+ * Test 3 of RFC3686
+ */
+crypter_test_vector_t aes_ctr3 = {
+ .alg = ENCR_AES_CTR, .key_size = 16, .len = 36,
+ .key = "\x76\x91\xbe\x03\x5e\x50\x20\xa8\xac\x6e\x61\x85\x29\xf9\xa0\xdc"
+ "\x00\xe0\x01\x7b",
+ .iv = "\x27\x77\x7f\x3f\x4a\x17\x86\xf0",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23",
+ .cipher = "\xc1\xcf\x48\xa8\x9f\x2f\xfd\xd9\xcf\x46\x52\xe9\xef\xdb\x72\xd7"
+ "\x45\x40\xa4\x2b\xde\x6d\x78\x36\xd5\x9a\x5c\xea\xae\xf3\x10\x53"
+ "\x25\xb2\x07\x2f",
+};
+
+/**
+ * Test 4 of RFC3686
+ */
+crypter_test_vector_t aes_ctr4 = {
+ .alg = ENCR_AES_CTR, .key_size = 24, .len = 16,
+ .key = "\x16\xaf\x5b\x14\x5f\xc9\xf5\x79\xc1\x75\xf9\x3e\x3b\xfb\x0e\xed"
+ "\x86\x3d\x06\xcc\xfd\xb7\x85\x15"
+ "\x00\x00\x00\x48",
+ .iv = "\x36\x73\x3c\x14\x7d\x6d\x93\xcb",
+ .plain = "Single block msg",
+ .cipher = "\x4b\x55\x38\x4f\xe2\x59\xc9\xc8\x4e\x79\x35\xa0\x03\xcb\xe9\x28",
+};
+
+/**
+ * Test 5 of RFC3686
+ */
+crypter_test_vector_t aes_ctr5 = {
+ .alg = ENCR_AES_CTR, .key_size = 24, .len = 32,
+ .key = "\x7c\x5c\xb2\x40\x1b\x3d\xc3\x3c\x19\xe7\x34\x08\x19\xe0\xf6\x9c"
+ "\x67\x8c\x3d\xb8\xe6\xf6\xa9\x1a"
+ "\x00\x96\xb0\x3b",
+ .iv = "\x02\x0c\x6e\xad\xc2\xcb\x50\x0d",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .cipher = "\x45\x32\x43\xfc\x60\x9b\x23\x32\x7e\xdf\xaa\xfa\x71\x31\xcd\x9f"
+ "\x84\x90\x70\x1c\x5a\xd4\xa7\x9c\xfc\x1f\xe0\xff\x42\xf4\xfb\x00",
+};
+
+/**
+ * Test 6 of RFC3686
+ */
+crypter_test_vector_t aes_ctr6 = {
+ .alg = ENCR_AES_CTR, .key_size = 24, .len = 36,
+ .key = "\x02\xbf\x39\x1e\xe8\xec\xb1\x59\xb9\x59\x61\x7b\x09\x65\x27\x9b"
+ "\xf5\x9b\x60\xa7\x86\xd3\xe0\xfe"
+ "\x00\x07\xbd\xfd",
+ .iv = "\x5c\xbd\x60\x27\x8d\xcc\x09\x12",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23",
+ .cipher = "\x96\x89\x3f\xc5\x5e\x5c\x72\x2f\x54\x0b\x7d\xd1\xdd\xf7\xe7\x58"
+ "\xd2\x88\xbc\x95\xc6\x91\x65\x88\x45\x36\xc8\x11\x66\x2f\x21\x88"
+ "\xab\xee\x09\x35",
+};
+
+/**
+ * Test 7 of RFC3686
+ */
+crypter_test_vector_t aes_ctr7 = {
+ .alg = ENCR_AES_CTR, .key_size = 32, .len = 16,
+ .key = "\x77\x6b\xef\xf2\x85\x1d\xb0\x6f\x4c\x8a\x05\x42\xc8\x69\x6f\x6c"
+ "\x6a\x81\xaf\x1e\xec\x96\xb4\xd3\x7f\xc1\xd6\x89\xe6\xc1\xc1\x04"
+ "\x00\x00\x00\x60",
+ .iv = "\xdb\x56\x72\xc9\x7a\xa8\xf0\xb2",
+ .plain = "Single block msg",
+ .cipher = "\x14\x5a\xd0\x1d\xbf\x82\x4e\xc7\x56\x08\x63\xdc\x71\xe3\xe0\xc0",
+};
+
+/**
+ * Test 8 of RFC3686
+ */
+crypter_test_vector_t aes_ctr8 = {
+ .alg = ENCR_AES_CTR, .key_size = 32, .len = 32,
+ .key = "\xf6\xd6\x6d\x6b\xd5\x2d\x59\xbb\x07\x96\x36\x58\x79\xef\xf8\x86"
+ "\xc6\x6d\xd5\x1a\x5b\x6a\x99\x74\x4b\x50\x59\x0c\x87\xa2\x38\x84"
+ "\x00\xfa\xac\x24",
+ .iv = "\xc1\x58\x5e\xf1\x5a\x43\xd8\x75",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .cipher = "\xf0\x5e\x23\x1b\x38\x94\x61\x2c\x49\xee\x00\x0b\x80\x4e\xb2\xa9"
+ "\xb8\x30\x6b\x50\x8f\x83\x9d\x6a\x55\x30\x83\x1d\x93\x44\xaf\x1c",
+};
+
+/**
+ * Test 9 of RFC3686
+ */
+crypter_test_vector_t aes_ctr9 = {
+ .alg = ENCR_AES_CTR, .key_size = 32, .len = 36,
+ .key = "\xff\x7a\x61\x7c\xe6\x91\x48\xe4\xf1\x72\x6e\x2f\x43\x58\x1d\xe2"
+ "\xaa\x62\xd9\xf8\x05\x53\x2e\xdf\xf1\xee\xd6\x87\xfb\x54\x15\x3d"
+ "\x00\x1c\xc5\xb7",
+ .iv = "\x51\xa5\x1d\x70\xa1\xc1\x11\x48",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23",
+ .cipher = "\xeb\x6c\x52\x82\x1d\x0b\xbb\xf7\xce\x75\x94\x46\x2a\xca\x4f\xaa"
+ "\xb4\x07\xdf\x86\x65\x69\xfd\x07\xf4\x8c\xc0\xb5\x83\xd6\x07\x1f"
+ "\x1e\xc0\xe6\xb8",
+};
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c
new file mode 100644
index 000000000..7534633e1
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * From the Linux kernel, those with an IV. Originally from
+ * McGrew & Viega - http://citeseer.ist.psu.edu/656989.html
+ */
+aead_test_vector_t aes_gcm1 = {
+ .alg = ENCR_AES_GCM_ICV8, .key_size = 16, .len = 64, .alen = 0,
+ .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xca\xfe\xba\xbe",
+ .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
+ .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
+ "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
+ "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
+ "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85"
+ "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6",
+};
+
+aead_test_vector_t aes_gcm2 = {
+ .alg = ENCR_AES_GCM_ICV12, .key_size = 16, .len = 64, .alen = 0,
+ .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xca\xfe\xba\xbe",
+ .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
+ .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
+ "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
+ "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
+ "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85"
+ "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6\x2c\xf3\x5a\xbd",
+};
+
+aead_test_vector_t aes_gcm3 = {
+ .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .len = 64, .alen = 0,
+ .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xca\xfe\xba\xbe",
+ .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
+ .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
+ "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
+ "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
+ "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85"
+ "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6\x2c\xf3\x5a\xbd\x2b\xa6\xfa\xb4",
+};
+
+aead_test_vector_t aes_gcm4 = {
+ .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .len = 60, .alen = 20,
+ .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xca\xfe\xba\xbe",
+ .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39",
+ .adata = "\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef"
+ "\xab\xad\xda\xd2",
+ .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
+ "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
+ "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
+ "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x5b\xc9\x4f\xbc"
+ "\x32\x21\xa5\xdb\x94\xfa\xe9\x5a\xe7\x12\x1a\x47",
+};
+
+aead_test_vector_t aes_gcm5 = {
+ .alg = ENCR_AES_GCM_ICV16, .key_size = 24, .len = 64, .alen = 0,
+ .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xfe\xff\xe9\x92\x86\x65\x73\x1c\xca\xfe\xba\xbe",
+ .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
+ .cipher = "\x39\x80\xca\x0b\x3c\x00\xe8\x41\xeb\x06\xfa\xc4\x87\x2a\x27\x57"
+ "\x85\x9e\x1c\xea\xa6\xef\xd9\x84\x62\x85\x93\xb4\x0c\xa1\xe1\x9c"
+ "\x7d\x77\x3d\x00\xc1\x44\xc5\x25\xac\x61\x9d\x18\xc8\x4a\x3f\x47"
+ "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9\xcc\xda\x27\x10\xac\xad\xe2\x56"
+ "\x99\x24\xa7\xc8\x58\x73\x36\xbf\xb1\x18\x02\x4d\xb8\x67\x4a\x14",
+};
+
+aead_test_vector_t aes_gcm6 = {
+ .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .len = 64, .alen = 0,
+ .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xca\xfe\xba\xbe",
+ .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
+ .cipher = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07\xf4\x7f\x37\xa3\x2a\x84\x42\x7d"
+ "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9\x75\x98\xa2\xbd\x25\x55\xd1\xaa"
+ "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d\xa7\xb0\x8b\x10\x56\x82\x88\x38"
+ "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a\xbc\xc9\xf6\x62\x89\x80\x15\xad"
+ "\xb0\x94\xda\xc5\xd9\x34\x71\xbd\xec\x1a\x50\x22\x70\xe3\xcc\x6c",
+};
+
+aead_test_vector_t aes_gcm7 = {
+ .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .len = 60, .alen = 20,
+ .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xca\xfe\xba\xbe",
+ .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .adata = "\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef"
+ "\xab\xad\xda\xd2",
+ .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39",
+ .cipher = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07\xf4\x7f\x37\xa3\x2a\x84\x42\x7d"
+ "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9\x75\x98\xa2\xbd\x25\x55\xd1\xaa"
+ "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d\xa7\xb0\x8b\x10\x56\x82\x88\x38"
+ "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a\xbc\xc9\xf6\x62\x76\xfc\x6e\xce"
+ "\x0f\x4e\x17\x68\xcd\xdf\x88\x53\xbb\x2d\x55\x1b",
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c
new file mode 100644
index 000000000..241e6ca7a
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c
@@ -0,0 +1,148 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * Test 1 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr1 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 16, .len = 16,
+ .key = "\xae\x68\x52\xf8\x12\x10\x67\xcc\x4b\xf7\xa5\x76\x55\x77\xf3\x9e"
+ "\x00\x00\x00\x30",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "Single block msg",
+ .cipher = "\xd0\x9d\xc2\x9a\x82\x14\x61\x9a\x20\x87\x7c\x76\xdb\x1f\x0b\x3f"
+};
+
+/**
+ * Test 2 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr2 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 16, .len = 32,
+ .key = "\x7e\x24\x06\x78\x17\xfa\xe0\xd7\x43\xd6\xce\x1f\x32\x53\x91\x63"
+ "\x00\x6c\xb6\xdb",
+ .iv = "\xc0\x54\x3b\x59\xda\x48\xd9\x0b",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .cipher = "\xdb\xf3\xc7\x8d\xc0\x83\x96\xd4\xda\x7c\x90\x77\x65\xbb\xcb\x44"
+ "\x2b\x8e\x8e\x0f\x31\xf0\xdc\xa7\x2c\x74\x17\xe3\x53\x60\xe0\x48"
+};
+
+/**
+ * Test 3 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr3 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 16, .len = 36,
+ .key = "\x76\x91\xbe\x03\x5e\x50\x20\xa8\xac\x6e\x61\x85\x29\xf9\xa0\xdc"
+ "\x00\xe0\x01\x7b",
+ .iv = "\x27\x77\x7f\x3f\x4a\x17\x86\xf0",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23",
+ .cipher = "\xb1\x9d\x1f\xcd\xcb\x75\xeb\x88\x2f\x84\x9c\xe2\x4d\x85\xcf\x73"
+ "\x9c\xe6\x4b\x2b\x5c\x9d\x73\xf1\x4f\x2d\x5d\x9d\xce\x98\x89\xcd"
+ "\xdf\x50\x86\x96",
+};
+
+/**
+ * Test 4 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr4 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 24, .len = 16,
+ .key = "\x16\xaf\x5b\x14\x5f\xc9\xf5\x79\xc1\x75\xf9\x3e\x3b\xfb\x0e\xed"
+ "\x86\x3d\x06\xcc\xfd\xb7\x85\x15"
+ "\x00\x00\x00\x48",
+ .iv = "\x36\x73\x3c\x14\x7d\x6d\x93\xcb",
+ .plain = "Single block msg",
+ .cipher = "\x23\x79\x39\x9e\x8a\x8d\x2b\x2b\x16\x70\x2f\xc7\x8b\x9e\x96\x96",
+};
+
+/**
+ * Test 5 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr5 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 24, .len = 32,
+ .key = "\x7c\x5c\xb2\x40\x1b\x3d\xc3\x3c\x19\xe7\x34\x08\x19\xe0\xf6\x9c"
+ "\x67\x8c\x3d\xb8\xe6\xf6\xa9\x1a"
+ "\x00\x96\xb0\x3b",
+ .iv = "\x02\x0c\x6e\xad\xc2\xcb\x50\x0d",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .cipher = "\x7d\xef\x34\xf7\xa5\xd0\xe4\x15\x67\x4b\x7f\xfc\xae\x67\xc7\x5d"
+ "\xd0\x18\xb8\x6f\xf2\x30\x51\xe0\x56\x39\x2a\x99\xf3\x5a\x4c\xed",
+};
+
+/**
+ * Test 6 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr6 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 24, .len = 36,
+ .key = "\x02\xbf\x39\x1e\xe8\xec\xb1\x59\xb9\x59\x61\x7b\x09\x65\x27\x9b"
+ "\xf5\x9b\x60\xa7\x86\xd3\xe0\xfe"
+ "\x00\x07\xbd\xfd",
+ .iv = "\x5c\xbd\x60\x27\x8d\xcc\x09\x12",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23",
+ .cipher = "\x57\x10\xe5\x56\xe1\x48\x7a\x20\xb5\xac\x0e\x73\xf1\x9e\x4e\x78"
+ "\x76\xf3\x7f\xdc\x91\xb1\xef\x4d\x4d\xad\xe8\xe6\x66\xa6\x4d\x0e"
+ "\xd5\x57\xab\x57",
+};
+
+/**
+ * Test 7 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr7 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 32, .len = 16,
+ .key = "\x77\x6b\xef\xf2\x85\x1d\xb0\x6f\x4c\x8a\x05\x42\xc8\x69\x6f\x6c"
+ "\x6a\x81\xaf\x1e\xec\x96\xb4\xd3\x7f\xc1\xd6\x89\xe6\xc1\xc1\x04"
+ "\x00\x00\x00\x60",
+ .iv = "\xdb\x56\x72\xc9\x7a\xa8\xf0\xb2",
+ .plain = "Single block msg",
+ .cipher = "\x34\x01\xf9\xc8\x24\x7e\xff\xce\xbd\x69\x94\x71\x4c\x1b\xbb\x11",
+};
+
+/**
+ * Test 8 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr8 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 32, .len = 32,
+ .key = "\xf6\xd6\x6d\x6b\xd5\x2d\x59\xbb\x07\x96\x36\x58\x79\xef\xf8\x86"
+ "\xc6\x6d\xd5\x1a\x5b\x6a\x99\x74\x4b\x50\x59\x0c\x87\xa2\x38\x84"
+ "\x00\xfa\xac\x24",
+ .iv = "\xc1\x58\x5e\xf1\x5a\x43\xd8\x75",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .cipher = "\xd6\xc3\x03\x92\x24\x6f\x78\x08\xa8\x3c\x2b\x22\xa8\x83\x9e\x45"
+ "\xe5\x1c\xd4\x8a\x1c\xdf\x40\x6e\xbc\x9c\xc2\xd3\xab\x83\x41\x08",
+};
+
+/**
+ * Test 9 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr9 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 32, .len = 36,
+ .key = "\xff\x7a\x61\x7c\xe6\x91\x48\xe4\xf1\x72\x6e\x2f\x43\x58\x1d\xe2"
+ "\xaa\x62\xd9\xf8\x05\x53\x2e\xdf\xf1\xee\xd6\x87\xfb\x54\x15\x3d"
+ "\x00\x1c\xc5\xb7",
+ .iv = "\x51\xa5\x1d\x70\xa1\xc1\x11\x48",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23",
+ .cipher = "\xa4\xda\x23\xfc\xe6\xa5\xff\xaa\x6d\x64\xae\x9a\x06\x52\xa4\x2c"
+ "\xd1\x61\xa3\x4b\x65\xf9\x67\x9f\x75\xc0\x1f\x10\x1f\x71\x27\x6f"
+ "\x15\xef\x0d\x8d",
+};
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c
new file mode 100644
index 000000000..2a58b3732
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * draft-kanno-ipsecme-camellia-xcbc Test Case #1
+ */
+signer_test_vector_t camellia_xcbc_s1 = {
+ .alg = AUTH_CAMELLIA_XCBC_96, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .data = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .mac = "\x3d\x04\x2d\xd4\xe7\xbc\x79\x1c\xee\x32\x04\x15",
+};
+
+prf_test_vector_t camellia_xcbc_p1 = {
+ .alg = PRF_CAMELLIA128_XCBC, .key_size = 16, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .out = "\x3d\x04\x2d\xd4\xe7\xbc\x79\x1c\xee\x32\x04\x15\xc5\xe3\x26\xd6",
+};
+
+/**
+ * draft-kanno-ipsecme-camellia-xcbc Test Case #2
+ */
+prf_test_vector_t camellia_xcbc_p2 = {
+ .alg = PRF_CAMELLIA128_XCBC, .key_size = 10, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09",
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .out = "\xb9\x16\xb4\x23\x42\x0a\x90\x6c\xd7\xd7\xb6\x72\xa2\x4e\x97\x6f",
+};
+
+/**
+ * draft-kanno-ipsecme-camellia-xcbc Test #3
+ */
+prf_test_vector_t camellia_xcbc_p3 = {
+ .alg = PRF_CAMELLIA128_XCBC, .key_size = 18, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\xed\xcb",
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .out = "\xb9\x71\x46\x36\x9d\x31\x94\x0f\xf5\x7a\x0d\xdf\x22\x33\xc1\xd2",
+};
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
index 234d237f3..f3a254d8d 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
@@ -20,6 +20,7 @@
/* define symbols of all test vectors */
#define TEST_VECTOR_CRYPTER(x) crypter_test_vector_t x;
+#define TEST_VECTOR_AEAD(x) aead_test_vector_t x;
#define TEST_VECTOR_SIGNER(x) signer_test_vector_t x;
#define TEST_VECTOR_HASHER(x) hasher_test_vector_t x;
#define TEST_VECTOR_PRF(x) prf_test_vector_t x;
@@ -28,12 +29,14 @@
#include "test_vectors.h"
#undef TEST_VECTOR_CRYPTER
+#undef TEST_VECTOR_AEAD
#undef TEST_VECTOR_SIGNER
#undef TEST_VECTOR_HASHER
#undef TEST_VECTOR_PRF
#undef TEST_VECTOR_RNG
#define TEST_VECTOR_CRYPTER(x)
+#define TEST_VECTOR_AEAD(x)
#define TEST_VECTOR_SIGNER(x)
#define TEST_VECTOR_HASHER(x)
#define TEST_VECTOR_PRF(x)
@@ -48,6 +51,14 @@ static crypter_test_vector_t *crypter[] = {
#undef TEST_VECTOR_CRYPTER
#define TEST_VECTOR_CRYPTER(x)
+#undef TEST_VECTOR_AEAD
+#define TEST_VECTOR_AEAD(x) &x,
+static aead_test_vector_t *aead[] = {
+#include "test_vectors.h"
+};
+#undef TEST_VECTOR_AEAD
+#define TEST_VECTOR_AEAD(x)
+
#undef TEST_VECTOR_SIGNER
#define TEST_VECTOR_SIGNER(x) &x,
static signer_test_vector_t *signer[] = {
@@ -116,6 +127,11 @@ plugin_t *test_vectors_plugin_create()
lib->crypto->add_test_vector(lib->crypto,
ENCRYPTION_ALGORITHM, crypter[i]);
}
+ for (i = 0; i < countof(aead); i++)
+ {
+ lib->crypto->add_test_vector(lib->crypto,
+ AEAD_ALGORITHM, aead[i]);
+ }
for (i = 0; i < countof(signer); i++)
{
lib->crypto->add_test_vector(lib->crypto,
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index f40427f3f..b1cc2f168 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -197,14 +200,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -244,7 +257,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 92b576aa5..559090aa0 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -260,7 +260,7 @@ static const asn1Object_t otherNameObjects[] = {
/**
* Extracts an otherName
*/
-static bool parse_otherName(chunk_t blob, int level0)
+static bool parse_otherName(chunk_t *blob, int level0, id_type_t *type)
{
asn1_parser_t *parser;
chunk_t object;
@@ -268,7 +268,7 @@ static bool parse_otherName(chunk_t blob, int level0)
int oid = OID_UNKNOWN;
bool success = FALSE;
- parser = asn1_parser_create(otherNameObjects, blob);
+ parser = asn1_parser_create(otherNameObjects, *blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
@@ -279,13 +279,27 @@ static bool parse_otherName(chunk_t blob, int level0)
oid = asn1_known_oid(object);
break;
case ON_OBJ_VALUE:
- if (oid == OID_XMPP_ADDR)
+ switch (oid)
{
- if (!asn1_parse_simple_object(&object, ASN1_UTF8STRING,
- parser->get_level(parser)+1, "xmppAddr"))
- {
- goto end;
- }
+ case OID_XMPP_ADDR:
+ if (!asn1_parse_simple_object(&object, ASN1_UTF8STRING,
+ parser->get_level(parser)+1, "xmppAddr"))
+ {
+ goto end;
+ }
+ break;
+ case OID_USER_PRINCIPAL_NAME:
+ if (asn1_parse_simple_object(&object, ASN1_UTF8STRING,
+ parser->get_level(parser)+1, "msUPN"))
+ { /* we handle UPNs as RFC822 addr */
+ *blob = object;
+ *type = ID_RFC822_ADDR;
+ }
+ else
+ {
+ goto end;
+ }
+ break;
}
break;
default:
@@ -379,7 +393,8 @@ static identification_t *parse_generalName(chunk_t blob, int level0)
}
break;
case GN_OBJ_OTHER_NAME:
- if (!parse_otherName(object, parser->get_level(parser)+1))
+ if (!parse_otherName(&object, parser->get_level(parser)+1,
+ &id_type))
{
goto end;
}
@@ -1091,15 +1106,28 @@ static id_match_t has_subject(private_x509_cert_t *this, identification_t *subje
identification_t *current;
enumerator_t *enumerator;
id_match_t match, best;
+ chunk_t encoding;
- if (this->encoding_hash.ptr && subject->get_type(subject) == ID_KEY_ID)
+ if (subject->get_type(subject) == ID_KEY_ID)
{
- if (chunk_equals(this->encoding_hash, subject->get_encoding(subject)))
+ encoding = subject->get_encoding(subject);
+
+ if (this->encoding_hash.len &&
+ chunk_equals(this->encoding_hash, encoding))
+ {
+ return ID_MATCH_PERFECT;
+ }
+ if (this->subjectKeyIdentifier.len &&
+ chunk_equals(this->subjectKeyIdentifier, encoding))
+ {
+ return ID_MATCH_PERFECT;
+ }
+ if (this->public_key &&
+ this->public_key->has_fingerprint(this->public_key, encoding))
{
return ID_MATCH_PERFECT;
}
}
-
best = this->subject->matches(this->subject, subject);
enumerator = this->subjectAltNames->create_enumerator(this->subjectAltNames);
while (enumerator->enumerate(enumerator, &current))
diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c
index bfb0ca621..7b488484e 100644
--- a/src/libstrongswan/plugins/x509/x509_pkcs10.c
+++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c
@@ -684,7 +684,7 @@ x509_pkcs10_t *x509_pkcs10_gen(certificate_type_t type, va_list args)
enumerator->destroy(enumerator);
continue;
}
- case BUILD_PASSPHRASE:
+ case BUILD_CHALLENGE_PWD:
cert->challengePassword = chunk_clone(va_arg(args, chunk_t));
continue;
case BUILD_DIGEST_ALG:
diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c
index 8391781e2..11a7f023c 100644
--- a/src/libstrongswan/plugins/x509/x509_plugin.c
+++ b/src/libstrongswan/plugins/x509/x509_plugin.c
@@ -73,25 +73,25 @@ plugin_t *x509_plugin_create()
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, FALSE,
(builder_function_t)x509_cert_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, TRUE,
(builder_function_t)x509_cert_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, FALSE,
(builder_function_t)x509_ac_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, TRUE,
(builder_function_t)x509_ac_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, TRUE,
(builder_function_t)x509_crl_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, FALSE,
(builder_function_t)x509_crl_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, FALSE,
(builder_function_t)x509_ocsp_request_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, TRUE,
(builder_function_t)x509_ocsp_response_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, FALSE,
(builder_function_t)x509_pkcs10_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, TRUE,
(builder_function_t)x509_pkcs10_load);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 69bba8d6f..e82e5246f 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -196,14 +199,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -243,7 +256,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c
index b9f03eeac..be18d92b8 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc.c
@@ -27,10 +27,11 @@ typedef struct private_xcbc_t private_xcbc_t;
* The variable names are the same as in the RFC.
*/
struct private_xcbc_t {
+
/**
* Public xcbc_t interface.
*/
- xcbc_t xcbc;
+ xcbc_t public;
/**
* Block size, in bytes
@@ -135,9 +136,9 @@ static void final(private_xcbc_t *this, u_int8_t *out)
if (this->remaining_bytes == this->b && !this->zero)
{
/* a) If the blocksize of M[n] is 128 bits:
- * XOR M[n] with E[n-1] and Key K2, then encrypt the result with
- * Key K1, yielding E[n].
- */
+ * XOR M[n] with E[n-1] and Key K2, then encrypt the result with
+ * Key K1, yielding E[n].
+ */
memxor(this->e, this->remaining, this->b);
memxor(this->e, this->k2, this->b);
this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL);
@@ -147,20 +148,20 @@ static void final(private_xcbc_t *this, u_int8_t *out)
/* b) If the blocksize of M[n] is less than 128 bits:
*
* i) Pad M[n] with a single "1" bit, followed by the number of
- * "0" bits (possibly none) required to increase M[n]'s
- * blocksize to 128 bits.
- */
- if (this->remaining_bytes < this->b)
- {
- this->remaining[this->remaining_bytes] = 0x80;
- while (++this->remaining_bytes < this->b)
- {
- this->remaining[this->remaining_bytes] = 0x00;
- }
- }
- /* ii) XOR M[n] with E[n-1] and Key K3, then encrypt the result
- * with Key K1, yielding E[n].
- */
+ * "0" bits (possibly none) required to increase M[n]'s
+ * blocksize to 128 bits.
+ */
+ if (this->remaining_bytes < this->b)
+ {
+ this->remaining[this->remaining_bytes] = 0x80;
+ while (++this->remaining_bytes < this->b)
+ {
+ this->remaining[this->remaining_bytes] = 0x00;
+ }
+ }
+ /* ii) XOR M[n] with E[n-1] and Key K3, then encrypt the result
+ * with Key K1, yielding E[n].
+ */
memxor(this->e, this->remaining, this->b);
memxor(this->e, this->k3, this->b);
this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL);
@@ -174,10 +175,8 @@ static void final(private_xcbc_t *this, u_int8_t *out)
this->zero = TRUE;
}
-/**
- * Implementation of xcbc_t.get_mac.
- */
-static void get_mac(private_xcbc_t *this, chunk_t data, u_int8_t *out)
+METHOD(xcbc_t, get_mac, void,
+ private_xcbc_t *this, chunk_t data, u_int8_t *out)
{
/* update E, do not process last block */
update(this, data);
@@ -188,18 +187,14 @@ static void get_mac(private_xcbc_t *this, chunk_t data, u_int8_t *out)
}
}
-/**
- * Implementation of xcbc_t.get_block_size.
- */
-static size_t get_block_size(private_xcbc_t *this)
+METHOD(xcbc_t, get_block_size, size_t,
+ private_xcbc_t *this)
{
return this->b;
}
-/**
- * Implementation of xcbc_t.set_key.
- */
-static void set_key(private_xcbc_t *this, chunk_t key)
+METHOD(xcbc_t, set_key, void,
+ private_xcbc_t *this, chunk_t key)
{
chunk_t iv, k1, lengthened;
@@ -228,11 +223,11 @@ static void set_key(private_xcbc_t *this, chunk_t key)
/*
* (1) Derive 3 128-bit keys (K1, K2 and K3) from the 128-bit secret
- * key K, as follows:
- * K1 = 0x01010101010101010101010101010101 encrypted with Key K
- * K2 = 0x02020202020202020202020202020202 encrypted with Key K
- * K3 = 0x03030303030303030303030303030303 encrypted with Key K
- */
+ * key K, as follows:
+ * K1 = 0x01010101010101010101010101010101 encrypted with Key K
+ * K2 = 0x02020202020202020202020202020202 encrypted with Key K
+ * K3 = 0x03030303030303030303030303030303 encrypted with Key K
+ */
this->k1->set_key(this->k1, lengthened);
memset(this->k2, 0x02, this->b);
this->k1->encrypt(this->k1, chunk_create(this->k2, this->b), iv, NULL);
@@ -243,10 +238,8 @@ static void set_key(private_xcbc_t *this, chunk_t key)
this->k1->set_key(this->k1, k1);
}
-/**
- * Implementation of xcbc_t.destroy.
- */
-static void destroy(private_xcbc_t *this)
+METHOD(xcbc_t, destroy, void,
+ private_xcbc_t *this)
{
this->k1->destroy(this->k1);
free(this->k2);
@@ -263,35 +256,38 @@ xcbc_t *xcbc_create(encryption_algorithm_t algo, size_t key_size)
{
private_xcbc_t *this;
crypter_t *crypter;
+ u_int8_t b;
crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size);
if (!crypter)
{
return NULL;
}
+ b = crypter->get_block_size(crypter);
/* input and output of crypter must be equal for xcbc */
- if (crypter->get_block_size(crypter) != key_size)
+ if (b != key_size)
{
crypter->destroy(crypter);
return NULL;
}
- this = malloc_thing(private_xcbc_t);
- this->xcbc.get_mac = (void (*)(xcbc_t *,chunk_t,u_int8_t*))get_mac;
- this->xcbc.get_block_size = (size_t (*)(xcbc_t *))get_block_size;
- this->xcbc.set_key = (void (*)(xcbc_t *,chunk_t))set_key;
- this->xcbc.destroy = (void (*)(xcbc_t *))destroy;
-
- this->b = crypter->get_block_size(crypter);
- this->k1 = crypter;
- this->k2 = malloc(this->b);
- this->k3 = malloc(this->b);
- this->e = malloc(this->b);
- memset(this->e, 0, this->b);
- this->remaining = malloc(this->b);
- this->remaining_bytes = 0;
- this->zero = TRUE;
-
- return &this->xcbc;
+ INIT(this,
+ .public = {
+ .get_mac = _get_mac,
+ .get_block_size = _get_block_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ .b = b,
+ .k1 = crypter,
+ .k2 = malloc(b),
+ .k3 = malloc(b),
+ .e = malloc(b),
+ .remaining = malloc(b),
+ .zero = TRUE,
+ );
+ memset(this->e, 0, b);
+
+ return &this->public;
}
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
index 9d903bfaa..88156f383 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
@@ -32,15 +32,13 @@ struct private_xcbc_plugin_t {
xcbc_plugin_t public;
};
-/**
- * Implementation of xcbc_plugin_t.xcbctroy
- */
-static void destroy(private_xcbc_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_xcbc_plugin_t *this)
{
lib->crypto->remove_prf(lib->crypto,
- (prf_constructor_t)xcbc_prf_create);
+ (prf_constructor_t)xcbc_prf_create);
lib->crypto->remove_signer(lib->crypto,
- (signer_constructor_t)xcbc_signer_create);
+ (signer_constructor_t)xcbc_signer_create);
free(this);
}
@@ -49,14 +47,24 @@ static void destroy(private_xcbc_plugin_t *this)
*/
plugin_t *xcbc_plugin_create()
{
- private_xcbc_plugin_t *this = malloc_thing(private_xcbc_plugin_t);
+ private_xcbc_plugin_t *this;
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC,
- (prf_constructor_t)xcbc_prf_create);
+ (prf_constructor_t)xcbc_prf_create);
+ lib->crypto->add_prf(lib->crypto, PRF_CAMELLIA128_XCBC,
+ (prf_constructor_t)xcbc_prf_create);
lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96,
- (signer_constructor_t)xcbc_signer_create);
+ (signer_constructor_t)xcbc_signer_create);
+ lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96,
+ (signer_constructor_t)xcbc_signer_create);
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.c b/src/libstrongswan/plugins/xcbc/xcbc_prf.c
index 2459dc616..ac9e1fda0 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_prf.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.c
@@ -35,18 +35,14 @@ struct private_xcbc_prf_t {
xcbc_t *xcbc;
};
-/**
- * Implementation of prf_t.get_bytes.
- */
-static void get_bytes(private_xcbc_prf_t *this, chunk_t seed, u_int8_t *buffer)
+METHOD(prf_t, get_bytes, void,
+ private_xcbc_prf_t *this, chunk_t seed, u_int8_t *buffer)
{
this->xcbc->get_mac(this->xcbc, seed, buffer);
}
-/**
- * Implementation of prf_t.allocate_bytes.
- */
-static void allocate_bytes(private_xcbc_prf_t *this, chunk_t seed, chunk_t *chunk)
+METHOD(prf_t, allocate_bytes, void,
+ private_xcbc_prf_t *this, chunk_t seed, chunk_t *chunk)
{
if (chunk)
{
@@ -59,35 +55,27 @@ static void allocate_bytes(private_xcbc_prf_t *this, chunk_t seed, chunk_t *chun
}
}
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_block_size(private_xcbc_prf_t *this)
+METHOD(prf_t, get_block_size, size_t,
+ private_xcbc_prf_t *this)
{
return this->xcbc->get_block_size(this->xcbc);
}
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_key_size(private_xcbc_prf_t *this)
+METHOD(prf_t, get_key_size, size_t,
+ private_xcbc_prf_t *this)
{
/* in xcbc, block and key size are always equal */
return this->xcbc->get_block_size(this->xcbc);
}
-/**
- * Implementation of prf_t.set_key.
- */
-static void set_key(private_xcbc_prf_t *this, chunk_t key)
+METHOD(prf_t, set_key, void,
+ private_xcbc_prf_t *this, chunk_t key)
{
this->xcbc->set_key(this->xcbc, key);
}
-/**
- * Implementation of prf_t.destroy.
- */
-static void destroy(private_xcbc_prf_t *this)
+METHOD(prf_t, destroy, void,
+ private_xcbc_prf_t *this)
{
this->xcbc->destroy(this->xcbc);
free(this);
@@ -106,6 +94,9 @@ xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo)
case PRF_AES128_XCBC:
xcbc = xcbc_create(ENCR_AES_CBC, 16);
break;
+ case PRF_CAMELLIA128_XCBC:
+ xcbc = xcbc_create(ENCR_CAMELLIA_CBC, 16);
+ break;
default:
return NULL;
}
@@ -114,15 +105,19 @@ xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo)
return NULL;
}
- this = malloc_thing(private_xcbc_prf_t);
- this->xcbc = xcbc;
-
- this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes;
- this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes;
- this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size;
- this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size;
- this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key;
- this->public.prf_interface.destroy = (void (*) (prf_t *))destroy;
+ INIT(this,
+ .public = {
+ .prf = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .get_block_size = _get_block_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .xcbc = xcbc,
+ );
return &this->public;
}
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.h b/src/libstrongswan/plugins/xcbc/xcbc_prf.h
index d2db9af41..294a853b4 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_prf.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.h
@@ -34,9 +34,9 @@ typedef struct xcbc_prf_t xcbc_prf_t;
struct xcbc_prf_t {
/**
- * Generic prf_t interface for this xcbc_prf_t class.
+ * Implements prf_t interface.
*/
- prf_t prf_interface;
+ prf_t prf;
};
/**
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.c b/src/libstrongswan/plugins/xcbc/xcbc_signer.c
index 1c98d39d7..ece592323 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_signer.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.c
@@ -41,11 +41,8 @@ struct private_xcbc_signer_t {
size_t block_size;
};
-/**
- * Implementation of signer_t.get_signature.
- */
-static void get_signature(private_xcbc_signer_t *this,
- chunk_t data, u_int8_t *buffer)
+METHOD(signer_t, get_signature, void,
+ private_xcbc_signer_t *this, chunk_t data, u_int8_t *buffer)
{
if (buffer == NULL)
{ /* append mode */
@@ -60,11 +57,8 @@ static void get_signature(private_xcbc_signer_t *this,
}
}
-/**
- * Implementation of signer_t.allocate_signature.
- */
-static void allocate_signature (private_xcbc_signer_t *this,
- chunk_t data, chunk_t *chunk)
+METHOD(signer_t, allocate_signature, void,
+ private_xcbc_signer_t *this, chunk_t data, chunk_t *chunk)
{
if (chunk == NULL)
{ /* append mode */
@@ -83,11 +77,8 @@ static void allocate_signature (private_xcbc_signer_t *this,
}
}
-/**
- * Implementation of signer_t.verify_signature.
- */
-static bool verify_signature(private_xcbc_signer_t *this,
- chunk_t data, chunk_t signature)
+METHOD(signer_t, verify_signature, bool,
+ private_xcbc_signer_t *this, chunk_t data, chunk_t signature)
{
u_int8_t mac[this->xcbc->get_block_size(this->xcbc)];
@@ -100,38 +91,29 @@ static bool verify_signature(private_xcbc_signer_t *this,
return memeq(signature.ptr, mac, this->block_size);
}
-/**
- * Implementation of signer_t.get_key_size.
- */
-static size_t get_key_size(private_xcbc_signer_t *this)
+METHOD(signer_t, get_key_size, size_t,
+ private_xcbc_signer_t *this)
{
return this->xcbc->get_block_size(this->xcbc);
}
-/**
- * Implementation of signer_t.get_block_size.
- */
-static size_t get_block_size(private_xcbc_signer_t *this)
+METHOD(signer_t, get_block_size, size_t,
+ private_xcbc_signer_t *this)
{
return this->block_size;
}
-/**
- * Implementation of signer_t.set_key.
- */
-static void set_key(private_xcbc_signer_t *this, chunk_t key)
+METHOD(signer_t, set_key, void,
+ private_xcbc_signer_t *this, chunk_t key)
{
this->xcbc->set_key(this->xcbc, key);
}
-/**
- * Implementation of signer_t.destroy.
- */
-static status_t destroy(private_xcbc_signer_t *this)
+METHOD(signer_t, destroy, void,
+ private_xcbc_signer_t *this)
{
this->xcbc->destroy(this->xcbc);
free(this);
- return SUCCESS;
}
/*
@@ -149,6 +131,10 @@ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo)
xcbc = xcbc_create(ENCR_AES_CBC, 16);
trunc = 12;
break;
+ case AUTH_CAMELLIA_XCBC_96:
+ xcbc = xcbc_create(ENCR_CAMELLIA_CBC, 16);
+ trunc = 12;
+ break;
default:
return NULL;
}
@@ -157,18 +143,21 @@ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo)
return NULL;
}
- this = malloc_thing(private_xcbc_signer_t);
- this->xcbc = xcbc;
- this->block_size = min(trunc, xcbc->get_block_size(xcbc));
-
- /* interface functions */
- this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature;
- this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature;
- this->public.signer_interface.verify_signature = (bool (*) (signer_t*, chunk_t, chunk_t))verify_signature;
- this->public.signer_interface.get_key_size = (size_t (*) (signer_t*))get_key_size;
- this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size;
- this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key;
- this->public.signer_interface.destroy = (void (*) (signer_t*))destroy;
+ INIT(this,
+ .public = {
+ .signer = {
+ .get_signature = _get_signature,
+ .allocate_signature = _allocate_signature,
+ .verify_signature = _verify_signature,
+ .get_key_size = _get_key_size,
+ .get_block_size = _get_block_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .xcbc = xcbc,
+ .block_size = min(trunc, xcbc->get_block_size(xcbc)),
+ );
return &this->public;
}
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.h b/src/libstrongswan/plugins/xcbc/xcbc_signer.h
index 181cfe299..56b55f223 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_signer.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.h
@@ -31,9 +31,9 @@ typedef struct xcbc_signer_t xcbc_signer_t;
struct xcbc_signer_t {
/**
- * generic signer_t interface for this signer
+ * Implements signer_t interface.
*/
- signer_t signer_interface;
+ signer_t signer;
};
/**
diff --git a/src/libstrongswan/printf_hook.c b/src/libstrongswan/printf_hook.c
index 037f0b918..4d4cef829 100644
--- a/src/libstrongswan/printf_hook.c
+++ b/src/libstrongswan/printf_hook.c
@@ -133,6 +133,14 @@ static int custom_arginfo(const struct printf_info *info, size_t n, int *argtype
#include <unistd.h> /* for STDOUT_FILENO */
/**
+ * These are used below, whenever the public wrapper functions are called before
+ * initialization or after destruction.
+ */
+#undef vprintf
+#undef vfprintf
+#undef vsnprintf
+
+/**
* Vstr custom format specifier callback function.
*/
static int custom_fmt_cb(Vstr_base *base, size_t pos, Vstr_fmt_spec *fmt_spec)
@@ -177,13 +185,16 @@ static void vstr_fmt_add_handler(Vstr_conf *conf, printf_hook_handler_t *handler
switch(handler->numargs)
{
case 1:
- vstr_fmt_add(conf, handler->name, custom_fmt_cb, at[0], VSTR_TYPE_FMT_END);
+ vstr_fmt_add(conf, handler->name, custom_fmt_cb, at[0],
+ VSTR_TYPE_FMT_END);
break;
case 2:
- vstr_fmt_add(conf, handler->name, custom_fmt_cb, at[0], at[1], VSTR_TYPE_FMT_END);
+ vstr_fmt_add(conf, handler->name, custom_fmt_cb, at[0],
+ at[1], VSTR_TYPE_FMT_END);
break;
case 3:
- vstr_fmt_add(conf, handler->name, custom_fmt_cb, at[0], at[1], at[2], VSTR_TYPE_FMT_END);
+ vstr_fmt_add(conf, handler->name, custom_fmt_cb, at[0],
+ at[1], at[2], VSTR_TYPE_FMT_END);
break;
}
}
@@ -193,7 +204,7 @@ static void vstr_fmt_add_handler(Vstr_conf *conf, printf_hook_handler_t *handler
*/
#include <threading/thread_value.h>
-static thread_value_t *vstr_conf;
+static thread_value_t *vstr_conf = NULL;
static Vstr_conf *create_vstr_conf()
{
@@ -216,12 +227,15 @@ static Vstr_conf *create_vstr_conf()
static inline Vstr_conf *get_vstr_conf()
{
- Vstr_conf *conf;
- conf = (Vstr_conf*)vstr_conf->get(vstr_conf);
- if (!conf)
+ Vstr_conf *conf = NULL;
+ if (vstr_conf)
{
- conf = create_vstr_conf();
- vstr_conf->set(vstr_conf, conf);
+ conf = (Vstr_conf*)vstr_conf->get(vstr_conf);
+ if (!conf)
+ {
+ conf = create_vstr_conf();
+ vstr_conf->set(vstr_conf, conf);
+ }
}
return conf;
}
@@ -265,11 +279,20 @@ int vstr_wrapper_snprintf(char *str, size_t size, const char *format, ...)
va_end(args);
return written;
}
-static inline int vstr_wrapper_vprintf_internal(int fd, const char *format,
+int vstr_wrapper_asprintf(char **str, const char *format, ...)
+{
+ int written;
+ va_list args;
+ va_start(args, format);
+ written = vstr_wrapper_vasprintf(str, format, args);
+ va_end(args);
+ return written;
+}
+static inline int vstr_wrapper_vprintf_internal(Vstr_conf *conf, int fd,
+ const char *format,
va_list args)
{
int written;
- Vstr_conf *conf = get_vstr_conf();
Vstr_base *s = vstr_make_base(conf);
vstr_add_vfmt(s, 0, format, args);
written = s->len;
@@ -289,24 +312,39 @@ static inline int vstr_wrapper_vprintf_internal(int fd, const char *format,
}
int vstr_wrapper_vprintf(const char *format, va_list args)
{
- return vstr_wrapper_vprintf_internal(STDOUT_FILENO, format, args);
+ Vstr_conf *conf = get_vstr_conf();
+ if (conf)
+ {
+ return vstr_wrapper_vprintf_internal(conf, STDOUT_FILENO, format, args);
+ }
+ return vprintf(format, args);
}
int vstr_wrapper_vfprintf(FILE *stream, const char *format, va_list args)
{
- return vstr_wrapper_vprintf_internal(fileno(stream), format, args);
+ Vstr_conf *conf = get_vstr_conf();
+ if (conf)
+ {
+ return vstr_wrapper_vprintf_internal(conf, fileno(stream), format,
+ args);
+ }
+ return vfprintf(stream, format, args);
}
static inline int vstr_wrapper_vsnprintf_internal(char *str, size_t size,
const char *format,
va_list args)
{
- int written;
Vstr_conf *conf = get_vstr_conf();
- Vstr_base *s = vstr_make_base(conf);
- vstr_add_vfmt(s, 0, format, args);
- written = s->len;
- vstr_export_cstr_buf(s, 1, s->len, str, (size > 0) ? size : s->len + 1);
- vstr_free_base(s);
- return written;
+ if (conf)
+ {
+ int written;
+ Vstr_base *s = vstr_make_base(conf);
+ vstr_add_vfmt(s, 0, format, args);
+ written = s->len;
+ vstr_export_cstr_buf(s, 1, s->len, str, (size > 0) ? size : s->len + 1);
+ vstr_free_base(s);
+ return written;
+ }
+ return vsnprintf(str, size, format, args);
}
int vstr_wrapper_vsprintf(char *str, const char *format, va_list args)
{
@@ -317,7 +355,26 @@ int vstr_wrapper_vsnprintf(char *str, size_t size, const char *format,
{
return (size > 0) ? vstr_wrapper_vsnprintf_internal(str, size, format, args) : 0;
}
-
+int vstr_wrapper_vasprintf(char **str, const char *format, va_list args)
+{
+ size_t len = 100;
+ int written;
+ *str = malloc(len);
+ while (TRUE)
+ {
+ va_list ac;
+ va_copy(ac, args);
+ written = vstr_wrapper_vsnprintf_internal(*str, len, format, ac);
+ va_end(ac);
+ if (written < len)
+ {
+ break;
+ }
+ len = written + 1;
+ *str = realloc(*str, len);
+ }
+ return written;
+}
#endif
/**
@@ -408,6 +465,7 @@ static void destroy(private_printf_hook_t *this)
#ifdef USE_VSTR
/* freeing the Vstr_conf of the main thread */
vstr_conf->destroy(vstr_conf);
+ vstr_conf = NULL;
vstr_free_conf(conf);
vstr_exit();
#endif
diff --git a/src/libstrongswan/printf_hook.h b/src/libstrongswan/printf_hook.h
index ce7e10b24..11fd66ce9 100644
--- a/src/libstrongswan/printf_hook.h
+++ b/src/libstrongswan/printf_hook.h
@@ -58,21 +58,25 @@ int vstr_wrapper_printf(const char *format, ...);
int vstr_wrapper_fprintf(FILE *stream, const char *format, ...);
int vstr_wrapper_sprintf(char *str, const char *format, ...);
int vstr_wrapper_snprintf(char *str, size_t size, const char *format, ...);
+int vstr_wrapper_asprintf(char **str, const char *format, ...);
int vstr_wrapper_vprintf(const char *format, va_list ap);
int vstr_wrapper_vfprintf(FILE *stream, const char *format, va_list ap);
int vstr_wrapper_vsprintf(char *str, const char *format, va_list ap);
int vstr_wrapper_vsnprintf(char *str, size_t size, const char *format, va_list ap);
+int vstr_wrapper_vasprintf(char **str, const char *format, va_list ap);
#define printf vstr_wrapper_printf
#define fprintf vstr_wrapper_fprintf
#define sprintf vstr_wrapper_sprintf
#define snprintf vstr_wrapper_snprintf
+#define asprintf vstr_wrapper_asprintf
#define vprintf vstr_wrapper_vprintf
#define vfprintf vstr_wrapper_vfprintf
#define vsprintf vstr_wrapper_vsprintf
#define vsnprintf vstr_wrapper_vsnprintf
+#define vasprintf vstr_wrapper_vasprintf
#endif
@@ -83,7 +87,7 @@ int vstr_wrapper_vsnprintf(char *str, size_t size, const char *format, va_list a
* @param len length of the buffer
* @param spec format specifier
* @param args arguments array
- * @return number of characters written
+ * @return number of characters written
*/
typedef int (*printf_hook_function_t)(char *dst, size_t len,
printf_hook_spec_t *spec,
diff --git a/src/libstrongswan/processing/jobs/callback_job.c b/src/libstrongswan/processing/jobs/callback_job.c
new file mode 100644
index 000000000..556cbd907
--- /dev/null
+++ b/src/libstrongswan/processing/jobs/callback_job.c
@@ -0,0 +1,271 @@
+/*
+ * Copyright (C) 2009 Tobias Brunner
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "callback_job.h"
+
+#include <semaphore.h>
+
+#include <threading/thread.h>
+#include <threading/condvar.h>
+#include <threading/mutex.h>
+#include <utils/linked_list.h>
+
+typedef struct private_callback_job_t private_callback_job_t;
+
+/**
+ * Private data of an callback_job_t Object.
+ */
+struct private_callback_job_t {
+ /**
+ * Public callback_job_t interface.
+ */
+ callback_job_t public;
+
+ /**
+ * Callback to call on execution
+ */
+ callback_job_cb_t callback;
+
+ /**
+ * parameter to supply to callback
+ */
+ void *data;
+
+ /**
+ * cleanup function for data
+ */
+ callback_job_cleanup_t cleanup;
+
+ /**
+ * thread of the job, if running
+ */
+ thread_t *thread;
+
+ /**
+ * mutex to access jobs interna
+ */
+ mutex_t *mutex;
+
+ /**
+ * list of asociated child jobs
+ */
+ linked_list_t *children;
+
+ /**
+ * parent of this job, or NULL
+ */
+ private_callback_job_t *parent;
+
+ /**
+ * TRUE if the job got cancelled
+ */
+ bool cancelled;
+
+ /**
+ * condvar to synchronize the cancellation/destruction of the job
+ */
+ condvar_t *destroyable;
+
+ /**
+ * semaphore to synchronize the termination of the assigned thread.
+ *
+ * separately allocated during cancellation, so that we can wait on it
+ * without risking that it gets freed too early during destruction.
+ */
+ sem_t *terminated;
+};
+
+/**
+ * unregister a child from its parent, if any.
+ * note: this->mutex has to be locked
+ */
+static void unregister(private_callback_job_t *this)
+{
+ if (this->parent)
+ {
+ this->parent->mutex->lock(this->parent->mutex);
+ if (this->parent->cancelled && !this->cancelled)
+ {
+ /* if the parent has been cancelled but we have not yet, we do not
+ * unregister until we got cancelled by the parent. */
+ this->parent->mutex->unlock(this->parent->mutex);
+ this->destroyable->wait(this->destroyable, this->mutex);
+ this->parent->mutex->lock(this->parent->mutex);
+ }
+ this->parent->children->remove(this->parent->children, this, NULL);
+ this->parent->mutex->unlock(this->parent->mutex);
+ this->parent = NULL;
+ }
+}
+
+/**
+ * Implements job_t.destroy.
+ */
+static void destroy(private_callback_job_t *this)
+{
+ this->mutex->lock(this->mutex);
+ unregister(this);
+ if (this->cleanup)
+ {
+ this->cleanup(this->data);
+ }
+ if (this->terminated)
+ {
+ sem_post(this->terminated);
+ }
+ this->children->destroy(this->children);
+ this->destroyable->destroy(this->destroyable);
+ this->mutex->unlock(this->mutex);
+ this->mutex->destroy(this->mutex);
+ free(this);
+}
+
+/**
+ * Implementation of callback_job_t.cancel.
+ */
+static void cancel(private_callback_job_t *this)
+{
+ callback_job_t *child;
+ sem_t *terminated = NULL;
+
+ this->mutex->lock(this->mutex);
+ this->cancelled = TRUE;
+ /* terminate children */
+ while (this->children->get_first(this->children, (void**)&child) == SUCCESS)
+ {
+ this->mutex->unlock(this->mutex);
+ child->cancel(child);
+ this->mutex->lock(this->mutex);
+ }
+ if (this->thread)
+ {
+ /* terminate the thread, if there is currently one executing the job.
+ * we wait for its termination using a semaphore */
+ this->thread->cancel(this->thread);
+ terminated = this->terminated = malloc_thing(sem_t);
+ sem_init(terminated, 0, 0);
+ }
+ else
+ {
+ /* if the job is currently queued, it gets terminated later.
+ * we can't wait, because it might not get executed at all.
+ * we also unregister the queued job manually from its parent (the
+ * others get unregistered during destruction) */
+ unregister(this);
+ }
+ this->destroyable->signal(this->destroyable);
+ this->mutex->unlock(this->mutex);
+
+ if (terminated)
+ {
+ sem_wait(terminated);
+ sem_destroy(terminated);
+ free(terminated);
+ }
+}
+
+/**
+ * Implementation of job_t.execute.
+ */
+static void execute(private_callback_job_t *this)
+{
+ bool cleanup = FALSE, requeue = FALSE;
+
+ thread_cleanup_push((thread_cleanup_t)destroy, this);
+
+ this->mutex->lock(this->mutex);
+ this->thread = thread_current();
+ this->mutex->unlock(this->mutex);
+
+ while (TRUE)
+ {
+ this->mutex->lock(this->mutex);
+ if (this->cancelled)
+ {
+ this->mutex->unlock(this->mutex);
+ cleanup = TRUE;
+ break;
+ }
+ this->mutex->unlock(this->mutex);
+ switch (this->callback(this->data))
+ {
+ case JOB_REQUEUE_DIRECT:
+ continue;
+ case JOB_REQUEUE_FAIR:
+ {
+ requeue = TRUE;
+ break;
+ }
+ case JOB_REQUEUE_NONE:
+ default:
+ {
+ cleanup = TRUE;
+ break;
+ }
+ }
+ break;
+ }
+ this->mutex->lock(this->mutex);
+ this->thread = NULL;
+ this->mutex->unlock(this->mutex);
+ /* manually create a cancellation point to avoid that a cancelled thread
+ * goes back into the thread pool */
+ thread_cancellation_point();
+ if (requeue)
+ {
+ lib->processor->queue_job(lib->processor,
+ &this->public.job_interface);
+ }
+ thread_cleanup_pop(cleanup);
+}
+
+/*
+ * Described in header.
+ */
+callback_job_t *callback_job_create(callback_job_cb_t cb, void *data,
+ callback_job_cleanup_t cleanup,
+ callback_job_t *parent)
+{
+ private_callback_job_t *this = malloc_thing(private_callback_job_t);
+
+ /* interface functions */
+ this->public.job_interface.execute = (void (*) (job_t *)) execute;
+ this->public.job_interface.destroy = (void (*) (job_t *)) destroy;
+ this->public.cancel = (void(*)(callback_job_t*))cancel;
+
+ /* private variables */
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ this->callback = cb;
+ this->data = data;
+ this->cleanup = cleanup;
+ this->thread = 0;
+ this->children = linked_list_create();
+ this->parent = (private_callback_job_t*)parent;
+ this->cancelled = FALSE;
+ this->destroyable = condvar_create(CONDVAR_TYPE_DEFAULT);
+ this->terminated = NULL;
+
+ /* register us at parent */
+ if (parent)
+ {
+ this->parent->mutex->lock(this->parent->mutex);
+ this->parent->children->insert_last(this->parent->children, this);
+ this->parent->mutex->unlock(this->parent->mutex);
+ }
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/processing/jobs/callback_job.h b/src/libstrongswan/processing/jobs/callback_job.h
new file mode 100644
index 000000000..62da1edd1
--- /dev/null
+++ b/src/libstrongswan/processing/jobs/callback_job.h
@@ -0,0 +1,118 @@
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup callback_job callback_job
+ * @{ @ingroup jobs
+ */
+
+#ifndef CALLBACK_JOB_H_
+#define CALLBACK_JOB_H_
+
+typedef struct callback_job_t callback_job_t;
+
+#include <library.h>
+#include <processing/jobs/job.h>
+
+
+typedef enum job_requeue_t job_requeue_t;
+
+/**
+ * Job requeueing policy
+ *
+ * The job requeueing policy defines how a job is handled when the callback
+ * function returns.
+ */
+enum job_requeue_t {
+
+ /**
+ * Do not requeue job, destroy it
+ */
+ JOB_REQUEUE_NONE,
+
+ /**
+ * Reque the job fairly, meaning it has to requeue as any other job
+ */
+ JOB_REQUEUE_FAIR,
+
+ /**
+ * Reexecute the job directly, without the need of requeueing it
+ */
+ JOB_REQUEUE_DIRECT,
+};
+
+/**
+ * The callback function to use for the callback job.
+ *
+ * This is the function to use as callback for a callback job. It receives
+ * a parameter supplied to the callback jobs constructor.
+ *
+ * @param data param supplied to job
+ * @return requeing policy how to requeue the job
+ */
+typedef job_requeue_t (*callback_job_cb_t)(void *data);
+
+/**
+ * Cleanup function to use for data cleanup.
+ *
+ * The callback has an optional user argument which receives data. However,
+ * this data may be cleaned up if it is allocated. This is the function
+ * to supply to the constructor.
+ *
+ * @param data param supplied to job
+ * @return requeing policy how to requeue the job
+ */
+typedef void (*callback_job_cleanup_t)(void *data);
+
+/**
+ * Class representing an callback Job.
+ *
+ * This is a special job which allows a simple callback function to
+ * be executed by a thread of the thread pool. This allows simple execution
+ * of asynchronous methods, without to manage threads.
+ */
+struct callback_job_t {
+ /**
+ * The job_t interface.
+ */
+ job_t job_interface;
+
+ /**
+ * Cancel the job's thread and wait for its termination. This only works
+ * reliably for jobs that always use JOB_REQUEUE_FAIR or JOB_REQUEUE_DIRECT,
+ * otherwise the job may already be destroyed when cancel is called. */
+ void (*cancel)(callback_job_t *this);
+};
+
+/**
+ * Creates a callback job.
+ *
+ * The cleanup function is called when the job gets destroyed to destroy
+ * the associated data.
+ * If parent is not NULL, the specified job gets an association. Whenever
+ * the parent gets cancelled (or runs out), all of its children are cancelled,
+ * too.
+ *
+ * @param cb callback to call from the processor
+ * @param data user data to supply to callback
+ * @param cleanup destructor for data on destruction, or NULL
+ * @param parent parent of this job
+ * @return callback_job_t object
+ */
+callback_job_t *callback_job_create(callback_job_cb_t cb, void *data,
+ callback_job_cleanup_t cleanup,
+ callback_job_t *parent);
+
+#endif /** CALLBACK_JOB_H_ @}*/
diff --git a/src/libstrongswan/processing/jobs/job.h b/src/libstrongswan/processing/jobs/job.h
new file mode 100644
index 000000000..0f1c16ebe
--- /dev/null
+++ b/src/libstrongswan/processing/jobs/job.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup job job
+ * @{ @ingroup jobs
+ */
+
+#ifndef JOB_H_
+#define JOB_H_
+
+typedef struct job_t job_t;
+
+#include <library.h>
+
+/**
+ * Job-Interface as it is stored in the job queue.
+ */
+struct job_t {
+
+ /**
+ * Execute a job.
+ *
+ * The processing facility executes a job using this method. Jobs are
+ * one-shot, they destroy themself after execution, so don't use a job
+ * once it has been executed.
+ */
+ void (*execute) (job_t *this);
+
+ /**
+ * Destroy a job.
+ *
+ * Is only called whenever a job was not executed (e.g. due daemon shutdown).
+ * After execution, jobs destroy themself.
+ */
+ void (*destroy) (job_t *job);
+};
+
+#endif /** JOB_H_ @}*/
diff --git a/src/libstrongswan/processing/processor.c b/src/libstrongswan/processing/processor.c
new file mode 100644
index 000000000..2a44f61e8
--- /dev/null
+++ b/src/libstrongswan/processing/processor.c
@@ -0,0 +1,273 @@
+/*
+ * Copyright (C) 2005-2007 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include "processor.h"
+
+#include <debug.h>
+#include <threading/thread.h>
+#include <threading/condvar.h>
+#include <threading/mutex.h>
+#include <utils/linked_list.h>
+
+
+typedef struct private_processor_t private_processor_t;
+
+/**
+ * Private data of processor_t class.
+ */
+struct private_processor_t {
+ /**
+ * Public processor_t interface.
+ */
+ processor_t public;
+
+ /**
+ * Number of running threads
+ */
+ u_int total_threads;
+
+ /**
+ * Desired number of threads
+ */
+ u_int desired_threads;
+
+ /**
+ * Number of threads waiting for work
+ */
+ u_int idle_threads;
+
+ /**
+ * All threads managed in the pool (including threads that have been
+ * cancelled, this allows to join them during destruction)
+ */
+ linked_list_t *threads;
+
+ /**
+ * The jobs are stored in a linked list
+ */
+ linked_list_t *list;
+
+ /**
+ * access to linked_list is locked through this mutex
+ */
+ mutex_t *mutex;
+
+ /**
+ * Condvar to wait for new jobs
+ */
+ condvar_t *job_added;
+
+ /**
+ * Condvar to wait for terminated threads
+ */
+ condvar_t *thread_terminated;
+};
+
+static void process_jobs(private_processor_t *this);
+
+/**
+ * restart a terminated thread
+ */
+static void restart(private_processor_t *this)
+{
+ thread_t *thread;
+
+ DBG2(DBG_JOB, "terminated worker thread, ID: %u", thread_current_id());
+
+ /* respawn thread if required */
+ this->mutex->lock(this->mutex);
+ if (this->desired_threads < this->total_threads ||
+ (thread = thread_create((thread_main_t)process_jobs, this)) == NULL)
+ {
+ this->total_threads--;
+ this->thread_terminated->signal(this->thread_terminated);
+ }
+ else
+ {
+ this->threads->insert_last(this->threads, thread);
+ }
+ this->mutex->unlock(this->mutex);
+}
+
+/**
+ * Process queued jobs, called by the worker threads
+ */
+static void process_jobs(private_processor_t *this)
+{
+ /* worker threads are not cancellable by default */
+ thread_cancelability(FALSE);
+
+ DBG2(DBG_JOB, "started worker thread, ID: %u", thread_current_id());
+
+ this->mutex->lock(this->mutex);
+ while (this->desired_threads >= this->total_threads)
+ {
+ job_t *job;
+
+ if (this->list->get_count(this->list) == 0)
+ {
+ this->idle_threads++;
+ this->job_added->wait(this->job_added, this->mutex);
+ this->idle_threads--;
+ continue;
+ }
+ this->list->remove_first(this->list, (void**)&job);
+ this->mutex->unlock(this->mutex);
+ /* terminated threads are restarted, so we have a constant pool */
+ thread_cleanup_push((thread_cleanup_t)restart, this);
+ job->execute(job);
+ thread_cleanup_pop(FALSE);
+ this->mutex->lock(this->mutex);
+ }
+ this->mutex->unlock(this->mutex);
+ restart(this);
+}
+
+/**
+ * Implementation of processor_t.get_total_threads.
+ */
+static u_int get_total_threads(private_processor_t *this)
+{
+ u_int count;
+ this->mutex->lock(this->mutex);
+ count = this->total_threads;
+ this->mutex->unlock(this->mutex);
+ return count;
+}
+
+/**
+ * Implementation of processor_t.get_idle_threads.
+ */
+static u_int get_idle_threads(private_processor_t *this)
+{
+ u_int count;
+ this->mutex->lock(this->mutex);
+ count = this->idle_threads;
+ this->mutex->unlock(this->mutex);
+ return count;
+}
+
+/**
+ * implements processor_t.get_job_load
+ */
+static u_int get_job_load(private_processor_t *this)
+{
+ u_int load;
+ this->mutex->lock(this->mutex);
+ load = this->list->get_count(this->list);
+ this->mutex->unlock(this->mutex);
+ return load;
+}
+
+/**
+ * implements function processor_t.queue_job
+ */
+static void queue_job(private_processor_t *this, job_t *job)
+{
+ this->mutex->lock(this->mutex);
+ this->list->insert_last(this->list, job);
+ this->job_added->signal(this->job_added);
+ this->mutex->unlock(this->mutex);
+}
+
+/**
+ * Implementation of processor_t.set_threads.
+ */
+static void set_threads(private_processor_t *this, u_int count)
+{
+ this->mutex->lock(this->mutex);
+ if (count > this->total_threads)
+ { /* increase thread count */
+ int i;
+ thread_t *current;
+
+ this->desired_threads = count;
+ DBG1(DBG_JOB, "spawning %d worker threads", count - this->total_threads);
+ for (i = this->total_threads; i < count; i++)
+ {
+ current = thread_create((thread_main_t)process_jobs, this);
+ if (current)
+ {
+ this->threads->insert_last(this->threads, current);
+ this->total_threads++;
+ }
+ }
+ }
+ else if (count < this->total_threads)
+ { /* decrease thread count */
+ this->desired_threads = count;
+ }
+ this->job_added->broadcast(this->job_added);
+ this->mutex->unlock(this->mutex);
+}
+
+/**
+ * Implementation of processor_t.destroy.
+ */
+static void destroy(private_processor_t *this)
+{
+ thread_t *current;
+ set_threads(this, 0);
+ this->mutex->lock(this->mutex);
+ while (this->total_threads > 0)
+ {
+ this->job_added->broadcast(this->job_added);
+ this->thread_terminated->wait(this->thread_terminated, this->mutex);
+ }
+ while (this->threads->remove_first(this->threads,
+ (void**)&current) == SUCCESS)
+ {
+ current->join(current);
+ }
+ this->mutex->unlock(this->mutex);
+ this->thread_terminated->destroy(this->thread_terminated);
+ this->job_added->destroy(this->job_added);
+ this->mutex->destroy(this->mutex);
+ this->list->destroy_offset(this->list, offsetof(job_t, destroy));
+ this->threads->destroy(this->threads);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+processor_t *processor_create(size_t pool_size)
+{
+ private_processor_t *this = malloc_thing(private_processor_t);
+
+ this->public.get_total_threads = (u_int(*)(processor_t*))get_total_threads;
+ this->public.get_idle_threads = (u_int(*)(processor_t*))get_idle_threads;
+ this->public.get_job_load = (u_int(*)(processor_t*))get_job_load;
+ this->public.queue_job = (void(*)(processor_t*, job_t*))queue_job;
+ this->public.set_threads = (void(*)(processor_t*, u_int))set_threads;
+ this->public.destroy = (void(*)(processor_t*))destroy;
+
+ this->list = linked_list_create();
+ this->threads = linked_list_create();
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ this->job_added = condvar_create(CONDVAR_TYPE_DEFAULT);
+ this->thread_terminated = condvar_create(CONDVAR_TYPE_DEFAULT);
+ this->total_threads = 0;
+ this->desired_threads = 0;
+ this->idle_threads = 0;
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/processing/processor.h b/src/libstrongswan/processing/processor.h
new file mode 100644
index 000000000..bebbe3a15
--- /dev/null
+++ b/src/libstrongswan/processing/processor.h
@@ -0,0 +1,94 @@
+/*
+ * Copyright (C) 2005-2007 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup processor processor
+ * @{ @ingroup processing
+ */
+
+#ifndef PROCESSOR_H_
+#define PROCESSOR_H_
+
+typedef struct processor_t processor_t;
+
+#include <stdlib.h>
+
+#include <library.h>
+#include <processing/jobs/job.h>
+
+/**
+ * The processor uses threads to process queued jobs.
+ */
+struct processor_t {
+
+ /**
+ * Get the total number of threads used by the processor.
+ *
+ * @return size of thread pool
+ */
+ u_int (*get_total_threads) (processor_t *this);
+
+ /**
+ * Get the number of threads currently waiting.
+ *
+ * @return number of idle threads
+ */
+ u_int (*get_idle_threads) (processor_t *this);
+
+ /**
+ * Get the number of queued jobs.
+ *
+ * @return number of items in queue
+ */
+ u_int (*get_job_load) (processor_t *this);
+
+ /**
+ * Adds a job to the queue.
+ *
+ * This function is non blocking and adds a job_t to the queue.
+ *
+ * @param job job to add to the queue
+ */
+ void (*queue_job) (processor_t *this, job_t *job);
+
+ /**
+ * Set the number of threads to use in the processor.
+ *
+ * If the number of threads is smaller than number of currently running
+ * threads, thread count is decreased. Use 0 to disable the processor.
+ * This call blocks if it decreases thread count until threads have
+ * terminated, so make sure there are not too many blocking jobs.
+ *
+ * @param count number of threads to allocate
+ */
+ void (*set_threads)(processor_t *this, u_int count);
+
+ /**
+ * Destroy a processor object.
+ */
+ void (*destroy) (processor_t *processor);
+};
+
+/**
+ * Create the thread pool without any threads.
+ *
+ * Use the set_threads method to start processing jobs.
+ *
+ * @return processor_t object
+ */
+processor_t *processor_create();
+
+#endif /** PROCESSOR_H_ @}*/
diff --git a/src/libstrongswan/processing/scheduler.c b/src/libstrongswan/processing/scheduler.c
new file mode 100644
index 000000000..e23f04598
--- /dev/null
+++ b/src/libstrongswan/processing/scheduler.c
@@ -0,0 +1,358 @@
+/*
+ * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdlib.h>
+
+#include "scheduler.h"
+
+#include <debug.h>
+#include <processing/processor.h>
+#include <processing/jobs/callback_job.h>
+#include <threading/thread.h>
+#include <threading/condvar.h>
+#include <threading/mutex.h>
+
+/* the initial size of the heap */
+#define HEAP_SIZE_DEFAULT 64
+
+typedef struct event_t event_t;
+
+/**
+ * Event containing a job and a schedule time
+ */
+struct event_t {
+ /**
+ * Time to fire the event.
+ */
+ timeval_t time;
+
+ /**
+ * Every event has its assigned job.
+ */
+ job_t *job;
+};
+
+/**
+ * destroy an event and its job
+ */
+static void event_destroy(event_t *event)
+{
+ event->job->destroy(event->job);
+ free(event);
+}
+
+typedef struct private_scheduler_t private_scheduler_t;
+
+/**
+ * Private data of a scheduler_t object.
+ */
+struct private_scheduler_t {
+
+ /**
+ * Public part of a scheduler_t object.
+ */
+ scheduler_t public;
+
+ /**
+ * Job which queues scheduled jobs to the processor.
+ */
+ callback_job_t *job;
+
+ /**
+ * The heap in which the events are stored.
+ */
+ event_t **heap;
+
+ /**
+ * The size of the heap.
+ */
+ u_int heap_size;
+
+ /**
+ * The number of scheduled events.
+ */
+ u_int event_count;
+
+ /**
+ * Exclusive access to list
+ */
+ mutex_t *mutex;
+
+ /**
+ * Condvar to wait for next job.
+ */
+ condvar_t *condvar;
+};
+
+/**
+ * Comparse two timevals, return >0 if a > b, <0 if a < b and =0 if equal
+ */
+static int timeval_cmp(timeval_t *a, timeval_t *b)
+{
+ if (a->tv_sec > b->tv_sec)
+ {
+ return 1;
+ }
+ if (a->tv_sec < b->tv_sec)
+ {
+ return -1;
+ }
+ if (a->tv_usec > b->tv_usec)
+ {
+ return 1;
+ }
+ if (a->tv_usec < b->tv_usec)
+ {
+ return -1;
+ }
+ return 0;
+}
+
+/**
+ * Returns the top event without removing it. Returns NULL if the heap is empty.
+ */
+static event_t *peek_event(private_scheduler_t *this)
+{
+ return this->event_count > 0 ? this->heap[1] : NULL;
+}
+
+/**
+ * Removes the top event from the heap and returns it. Returns NULL if the heap
+ * is empty.
+ */
+static event_t *remove_event(private_scheduler_t *this)
+{
+ event_t *event, *top;
+ if (!this->event_count)
+ {
+ return NULL;
+ }
+
+ /* store the value to return */
+ event = this->heap[1];
+ /* move the bottom event to the top */
+ top = this->heap[1] = this->heap[this->event_count];
+
+ if (--this->event_count > 1)
+ {
+ /* seep down the top event */
+ u_int position = 1;
+ while ((position << 1) <= this->event_count)
+ {
+ u_int child = position << 1;
+
+ if ((child + 1) <= this->event_count &&
+ timeval_cmp(&this->heap[child + 1]->time,
+ &this->heap[child]->time) < 0)
+ {
+ /* the "right" child is smaller */
+ child++;
+ }
+
+ if (timeval_cmp(&top->time, &this->heap[child]->time) <= 0)
+ {
+ /* the top event fires before the smaller of the two children,
+ * stop */
+ break;
+ }
+
+ /* swap with the smaller child */
+ this->heap[position] = this->heap[child];
+ position = child;
+ }
+ this->heap[position] = top;
+ }
+ return event;
+}
+
+/**
+ * Get events from the queue and pass it to the processor
+ */
+static job_requeue_t schedule(private_scheduler_t * this)
+{
+ timeval_t now;
+ event_t *event;
+ bool timed = FALSE, oldstate;
+
+ this->mutex->lock(this->mutex);
+
+ time_monotonic(&now);
+
+ if ((event = peek_event(this)) != NULL)
+ {
+ if (timeval_cmp(&now, &event->time) >= 0)
+ {
+ remove_event(this);
+ this->mutex->unlock(this->mutex);
+ DBG2(DBG_JOB, "got event, queuing job for execution");
+ lib->processor->queue_job(lib->processor, event->job);
+ free(event);
+ return JOB_REQUEUE_DIRECT;
+ }
+ timersub(&event->time, &now, &now);
+ if (now.tv_sec)
+ {
+ DBG2(DBG_JOB, "next event in %ds %dms, waiting",
+ now.tv_sec, now.tv_usec/1000);
+ }
+ else
+ {
+ DBG2(DBG_JOB, "next event in %dms, waiting", now.tv_usec/1000);
+ }
+ timed = TRUE;
+ }
+ thread_cleanup_push((thread_cleanup_t)this->mutex->unlock, this->mutex);
+ oldstate = thread_cancelability(TRUE);
+
+ if (timed)
+ {
+ this->condvar->timed_wait_abs(this->condvar, this->mutex, event->time);
+ }
+ else
+ {
+ DBG2(DBG_JOB, "no events, waiting");
+ this->condvar->wait(this->condvar, this->mutex);
+ }
+ thread_cancelability(oldstate);
+ thread_cleanup_pop(TRUE);
+ return JOB_REQUEUE_DIRECT;
+}
+
+/**
+ * Implements scheduler_t.get_job_load
+ */
+static u_int get_job_load(private_scheduler_t *this)
+{
+ int count;
+ this->mutex->lock(this->mutex);
+ count = this->event_count;
+ this->mutex->unlock(this->mutex);
+ return count;
+}
+
+/**
+ * Implements scheduler_t.schedule_job_tv.
+ */
+static void schedule_job_tv(private_scheduler_t *this, job_t *job, timeval_t tv)
+{
+ event_t *event;
+ u_int position;
+
+ event = malloc_thing(event_t);
+ event->job = job;
+ event->time = tv;
+
+ this->mutex->lock(this->mutex);
+
+ this->event_count++;
+ if (this->event_count > this->heap_size)
+ {
+ /* double the size of the heap */
+ this->heap_size <<= 1;
+ this->heap = (event_t**)realloc(this->heap,
+ (this->heap_size + 1) * sizeof(event_t*));
+ }
+ /* "put" the event to the bottom */
+ position = this->event_count;
+
+ /* then bubble it up */
+ while (position > 1 && timeval_cmp(&this->heap[position >> 1]->time,
+ &event->time) > 0)
+ {
+ /* parent has to be fired after the new event, move up */
+ this->heap[position] = this->heap[position >> 1];
+ position >>= 1;
+ }
+ this->heap[position] = event;
+
+ this->condvar->signal(this->condvar);
+ this->mutex->unlock(this->mutex);
+}
+
+/**
+ * Implements scheduler_t.schedule_job.
+ */
+static void schedule_job(private_scheduler_t *this, job_t *job, u_int32_t s)
+{
+ timeval_t tv;
+
+ time_monotonic(&tv);
+ tv.tv_sec += s;
+
+ schedule_job_tv(this, job, tv);
+}
+
+/**
+ * Implements scheduler_t.schedule_job_ms.
+ */
+static void schedule_job_ms(private_scheduler_t *this, job_t *job, u_int32_t ms)
+{
+ timeval_t tv, add;
+
+ time_monotonic(&tv);
+ add.tv_sec = ms / 1000;
+ add.tv_usec = (ms % 1000) * 1000;
+
+ timeradd(&tv, &add, &tv);
+
+ schedule_job_tv(this, job, tv);
+}
+
+/**
+ * Implementation of scheduler_t.destroy.
+ */
+static void destroy(private_scheduler_t *this)
+{
+ event_t *event;
+ this->job->cancel(this->job);
+ this->condvar->destroy(this->condvar);
+ this->mutex->destroy(this->mutex);
+ while ((event = remove_event(this)) != NULL)
+ {
+ event_destroy(event);
+ }
+ free(this->heap);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+scheduler_t * scheduler_create()
+{
+ private_scheduler_t *this = malloc_thing(private_scheduler_t);
+
+ this->public.get_job_load = (u_int (*) (scheduler_t *this)) get_job_load;
+ this->public.schedule_job = (void (*) (scheduler_t *this, job_t *job, u_int32_t s)) schedule_job;
+ this->public.schedule_job_ms = (void (*) (scheduler_t *this, job_t *job, u_int32_t ms)) schedule_job_ms;
+ this->public.schedule_job_tv = (void (*) (scheduler_t *this, job_t *job, timeval_t tv)) schedule_job_tv;
+ this->public.destroy = (void(*)(scheduler_t*)) destroy;
+
+ /* Note: the root of the heap is at index 1 */
+ this->event_count = 0;
+ this->heap_size = HEAP_SIZE_DEFAULT;
+ this->heap = (event_t**)calloc(this->heap_size + 1, sizeof(event_t*));
+
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT);
+
+ this->job = callback_job_create((callback_job_cb_t)schedule, this, NULL, NULL);
+ lib->processor->queue_job(lib->processor, (job_t*)this->job);
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/processing/scheduler.h b/src/libstrongswan/processing/scheduler.h
new file mode 100644
index 000000000..f2c72550f
--- /dev/null
+++ b/src/libstrongswan/processing/scheduler.h
@@ -0,0 +1,130 @@
+/*
+ * Copyright (C) 2009 Tobias Brunner
+ * Copyright (C) 2005-2007 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup scheduler scheduler
+ * @{ @ingroup processing
+ */
+
+#ifndef SCHEDULER_H_
+#define SCHEDULER_H_
+
+typedef struct scheduler_t scheduler_t;
+
+#include <library.h>
+#include <processing/jobs/job.h>
+
+/**
+ * The scheduler queues timed events which are then passed to the processor.
+ *
+ * The scheduler is implemented as a heap. A heap is a special kind of tree-
+ * based data structure that satisfies the following property: if B is a child
+ * node of A, then key(A) >= (or <=) key(B). So either the element with the
+ * greatest (max-heap) or the smallest (min-heap) key is the root of the heap.
+ * We use a min-heap whith the key being the absolute unix time at which an
+ * event is scheduled. So the root is always the event that will fire next.
+ *
+ * An earlier implementation of the scheduler used a sorted linked list to store
+ * the events. That had the advantage that removing the next event was extremely
+ * fast, also, adding an event scheduled before or after all other events was
+ * equally fast (all in O(1)). The problem was, though, that adding an event
+ * in-between got slower, as the number of events grew larger (O(n)).
+ * For each connection there could be several events: IKE-rekey, NAT-keepalive,
+ * retransmissions, expire (half-open), and others. So a gateway that probably
+ * has to handle thousands of concurrent connnections has to be able to queue a
+ * large number of events as fast as possible. Locking makes this even worse, to
+ * provide thread-safety, no events can be processed, while an event is queued,
+ * so making the insertion fast is even more important.
+ *
+ * That's the advantage of the heap. Adding an element to the heap can be
+ * achieved in O(log n) - on the other hand, removing the root node also
+ * requires O(log n) operations. Consider 10000 queued events. Inserting a new
+ * event in the list implementation required up to 10000 comparisons. In the
+ * heap implementation, the worst case is about 13.3 comparisons. That's a
+ * drastic improvement.
+ *
+ * The implementation itself uses a binary tree mapped to a one-based array to
+ * store the elements. This reduces storage overhead and simplifies navigation:
+ * the children of the node at position n are at position 2n and 2n+1 (likewise
+ * the parent node of the node at position n is at position [n/2]). Thus,
+ * navigating up and down the tree is reduced to simple index computations.
+ *
+ * Adding an element to the heap works as follows: The heap is always filled
+ * from left to right, until a row is full, then the next row is filled. Mapped
+ * to an array this gets as simple as putting the new element to the first free
+ * position. In a one-based array that position equals the number of elements
+ * currently stored in the heap. Then the heap property has to be restored, i.e.
+ * the new element has to be "bubbled up" the tree until the parent node's key
+ * is smaller or the element got the new root of the tree.
+ *
+ * Removing the next event from the heap works similarly. The event itself is
+ * the root node and stored at position 1 of the array. After removing it, the
+ * root has to be replaced and the heap property has to be restored. This is
+ * done by moving the bottom element (last row, rightmost element) to the root
+ * and then "seep it down" by swapping it with child nodes until none of the
+ * children has a smaller key or it is again a leaf node.
+ */
+struct scheduler_t {
+
+ /**
+ * Adds a event to the queue, using a relative time offset in s.
+ *
+ * @param job job to schedule
+ * @param time relative time to schedule job, in s
+ */
+ void (*schedule_job) (scheduler_t *this, job_t *job, u_int32_t s);
+
+ /**
+ * Adds a event to the queue, using a relative time offset in ms.
+ *
+ * @param job job to schedule
+ * @param time relative time to schedule job, in ms
+ */
+ void (*schedule_job_ms) (scheduler_t *this, job_t *job, u_int32_t ms);
+
+ /**
+ * Adds a event to the queue, using an absolut time.
+ *
+ * The passed timeval should be calculated based on the time_monotonic()
+ * function.
+ *
+ * @param job job to schedule
+ * @param time absolut time to schedule job
+ */
+ void (*schedule_job_tv) (scheduler_t *this, job_t *job, timeval_t tv);
+
+ /**
+ * Returns number of jobs scheduled.
+ *
+ * @return number of scheduled jobs
+ */
+ u_int (*get_job_load) (scheduler_t *this);
+
+ /**
+ * Destroys a scheduler object.
+ */
+ void (*destroy) (scheduler_t *this);
+};
+
+/**
+ * Create a scheduler.
+ *
+ * @return scheduler_t object
+ */
+scheduler_t *scheduler_create(void);
+
+#endif /** SCHEDULER_H_ @}*/
diff --git a/src/libstrongswan/settings.c b/src/libstrongswan/settings.c
index 610e2b8ea..d85abb1df 100644
--- a/src/libstrongswan/settings.c
+++ b/src/libstrongswan/settings.c
@@ -88,11 +88,60 @@ struct kv_t {
};
/**
- * find a section by a given key
+ * Print a format key, but consume already processed arguments
*/
-static section_t *find_section(section_t *section, char *key, va_list args)
+static bool print_key(char *buf, int len, char *start, char *key, va_list args)
{
- char name[512], *pos;
+ va_list copy;
+ bool res;
+ char *pos;
+
+ va_copy(copy, args);
+ while (start < key)
+ {
+ pos = strchr(start, '%');
+ if (!pos)
+ {
+ start += strlen(start) + 1;
+ continue;
+ }
+ pos++;
+ switch (*pos)
+ {
+ case 'd':
+ va_arg(copy, int);
+ break;
+ case 's':
+ va_arg(copy, char*);
+ break;
+ case 'N':
+ va_arg(copy, enum_name_t*);
+ va_arg(copy, int);
+ break;
+ case '%':
+ break;
+ default:
+ DBG1(DBG_CFG, "settings with %%%c not supported!", *pos);
+ break;
+ }
+ start = pos;
+ if (*start)
+ {
+ start++;
+ }
+ }
+ res = vsnprintf(buf, len, key, copy) < len;
+ va_end(copy);
+ return res;
+}
+
+/**
+ * find a section by a given key, using buffered key, reusable buffer
+ */
+static section_t *find_section_buffered(section_t *section,
+ char *start, char *key, va_list args, char *buf, int len)
+{
+ char *pos;
enumerator_t *enumerator;
section_t *current, *found = NULL;
@@ -100,21 +149,20 @@ static section_t *find_section(section_t *section, char *key, va_list args)
{
return NULL;
}
- if (vsnprintf(name, sizeof(name), key, args) >= sizeof(name))
- {
- return NULL;
- }
-
- pos = strchr(name, '.');
+ pos = strchr(key, '.');
if (pos)
{
*pos = '\0';
pos++;
}
+ if (!print_key(buf, len, start, key, args))
+ {
+ return NULL;
+ }
enumerator = section->sections->create_enumerator(section->sections);
while (enumerator->enumerate(enumerator, &current))
{
- if (streq(current->name, name))
+ if (streq(current->name, buf))
{
found = current;
break;
@@ -123,37 +171,55 @@ static section_t *find_section(section_t *section, char *key, va_list args)
enumerator->destroy(enumerator);
if (found && pos)
{
- return find_section(found, pos, args);
+ return find_section_buffered(found, start, pos, args, buf, len);
}
return found;
}
-static char *find_value(section_t *section, char *key, va_list args)
+/**
+ * find a section by a given key
+ */
+static section_t *find_section(section_t *section, char *key, va_list args)
{
- char name[512], *pos, *value = NULL;
- enumerator_t *enumerator;
- kv_t *kv;
- section_t *current, *found = NULL;
+ char buf[128], keybuf[512];
- if (section == NULL)
+ if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
{
return NULL;
}
+ return find_section_buffered(section, keybuf, keybuf, args, buf, sizeof(buf));
+}
+
+/**
+ * Find the string value for a key, using buffered key, reusable buffer
+ */
+static char *find_value_buffered(section_t *section,
+ char *start, char *key, va_list args, char *buf, int len)
+{
+ char *pos, *value = NULL;
+ enumerator_t *enumerator;
+ kv_t *kv;
+ section_t *current, *found = NULL;
- if (vsnprintf(name, sizeof(name), key, args) >= sizeof(name))
+ if (section == NULL)
{
return NULL;
}
- pos = strchr(name, '.');
+ pos = strchr(key, '.');
if (pos)
{
*pos = '\0';
pos++;
+
+ if (!print_key(buf, len, start, key, args))
+ {
+ return NULL;
+ }
enumerator = section->sections->create_enumerator(section->sections);
while (enumerator->enumerate(enumerator, &current))
{
- if (streq(current->name, name))
+ if (streq(current->name, buf))
{
found = current;
break;
@@ -162,15 +228,19 @@ static char *find_value(section_t *section, char *key, va_list args)
enumerator->destroy(enumerator);
if (found)
{
- return find_value(found, pos, args);
+ return find_value_buffered(found, start, pos, args, buf, len);
}
}
else
{
+ if (!print_key(buf, len, start, key, args))
+ {
+ return NULL;
+ }
enumerator = section->kv->create_enumerator(section->kv);
while (enumerator->enumerate(enumerator, &kv))
{
- if (streq(kv->key, name))
+ if (streq(kv->key, buf))
{
value = kv->value;
break;
@@ -182,6 +252,20 @@ static char *find_value(section_t *section, char *key, va_list args)
}
/**
+ * Find the string value for a key
+ */
+static char *find_value(section_t *section, char *key, va_list args)
+{
+ char buf[128], keybuf[512];
+
+ if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
+ {
+ return NULL;
+ }
+ return find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf));
+}
+
+/**
* Implementation of settings_t.get.
*/
static char* get_str(private_settings_t *this, char *key, char *def, ...)
diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h
index f274fb33c..486de8def 100644
--- a/src/libstrongswan/settings.h
+++ b/src/libstrongswan/settings.h
@@ -49,8 +49,11 @@ typedef struct settings_t settings_t;
}
@endcode
*
- * The values are accesses using the get() functions using dotted keys, e.g.
+ * The values are accessed using the get() functions using dotted keys, e.g.
* section-one.subsection.othervalue
+ *
+ * Currently only a limited set of printf format specifiers are supported
+ * (namely %s, %d and %N, see implementation for details).
*/
struct settings_t {
diff --git a/src/libstrongswan/utils.c b/src/libstrongswan/utils.c
index 63958593d..b868d538d 100644
--- a/src/libstrongswan/utils.c
+++ b/src/libstrongswan/utils.c
@@ -28,7 +28,7 @@
#include "enum.h"
#include "debug.h"
-ENUM(status_names, SUCCESS, DESTROY_ME,
+ENUM(status_names, SUCCESS, NEED_MORE,
"SUCCESS",
"FAILED",
"OUT_OF_RES",
diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h
index 04551835e..35d3bebd1 100644
--- a/src/libstrongswan/utils.h
+++ b/src/libstrongswan/utils.h
@@ -138,6 +138,28 @@
static ret name(this, ##__VA_ARGS__)
/**
+ * Architecture independent bitfield definition helpers (at least with GCC).
+ *
+ * Defines a bitfield with a type t and a fixed size of bitfield members, e.g.:
+ * BITFIELD2(u_int8_t,
+ * low: 4,
+ * high: 4,
+ * ) flags;
+ * The member defined first placed at bit 0.
+ */
+#if BYTE_ORDER == LITTLE_ENDIAN
+#define BITFIELD2(t, a, b,...) struct { t a; t b; __VA_ARGS__}
+#define BITFIELD3(t, a, b, c,...) struct { t a; t b; t c; __VA_ARGS__}
+#define BITFIELD4(t, a, b, c, d,...) struct { t a; t b; t c; t d; __VA_ARGS__}
+#define BITFIELD5(t, a, b, c, d, e,...) struct { t a; t b; t c; t d; t e; __VA_ARGS__}
+#elif BYTE_ORDER == BIG_ENDIAN
+#define BITFIELD2(t, a, b,...) struct { t b; t a; __VA_ARGS__}
+#define BITFIELD3(t, a, b, c,...) struct { t c; t b; t a; __VA_ARGS__}
+#define BITFIELD4(t, a, b, c, d,...) struct { t d; t c; t b; t a; __VA_ARGS__}
+#define BITFIELD5(t, a, b, c, d, e,...) struct { t e; t d; t c; t b; t a; __VA_ARGS__}
+#endif
+
+/**
* Macro to allocate a sized type.
*/
#define malloc_thing(thing) ((thing*)malloc(sizeof(thing)))
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index 3caeb8f0e..0696c1030 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -930,7 +930,11 @@ identification_t *identification_create_from_string(char *string)
else
{ /* not IPv4, mostly FQDN */
this = identification_create(ID_FQDN);
- this->encoded = chunk_create(strdup(string), strlen(string));
+ this->encoded.len = strlen(string);
+ if (this->encoded.len)
+ {
+ this->encoded.ptr = strdup(string);
+ }
}
return &this->public;
}
@@ -947,7 +951,11 @@ identification_t *identification_create_from_string(char *string)
else
{ /* not IPv4/6 fallback to KEY_ID */
this = identification_create(ID_KEY_ID);
- this->encoded = chunk_create(strdup(string), strlen(string));
+ this->encoded.len = strlen(string);
+ if (this->encoded.len)
+ {
+ this->encoded.ptr = strdup(string);
+ }
}
return &this->public;
}
@@ -969,14 +977,22 @@ identification_t *identification_create_from_string(char *string)
{
this = identification_create(ID_FQDN);
string += 1;
- this->encoded = chunk_create(strdup(string), strlen(string));
+ this->encoded.len = strlen(string);
+ if (this->encoded.len)
+ {
+ this->encoded.ptr = strdup(string);
+ }
return &this->public;
}
}
else
{
this = identification_create(ID_RFC822_ADDR);
- this->encoded = chunk_create(strdup(string), strlen(string));
+ this->encoded.len = strlen(string);
+ if (this->encoded.len)
+ {
+ this->encoded.ptr = strdup(string);
+ }
return &this->public;
}
}
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index 0673878a5..5673fc32d 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -181,8 +181,11 @@ char *whitelist[] = {
"register_printf_specifier",
"syslog",
"vsyslog",
+ "__syslog_chk",
+ "__vsyslog_chk",
"getaddrinfo",
"setlocale",
+ "getpass",
/* ignore dlopen, as we do not dlclose to get proper leak reports */
"dlopen",
"dlerror",
@@ -213,6 +216,8 @@ char *whitelist[] = {
"gcry_check_version",
"gcry_randomize",
"gcry_create_nonce",
+ /* NSPR */
+ "PR_CallOnce",
};
/**
diff --git a/src/libstrongswan/utils/linked_list.h b/src/libstrongswan/utils/linked_list.h
index ba5f28f6a..1444c93fc 100644
--- a/src/libstrongswan/utils/linked_list.h
+++ b/src/libstrongswan/utils/linked_list.h
@@ -34,8 +34,8 @@ typedef struct linked_list_t linked_list_t;
* @param item current list item
* @param ... user supplied data (only pointers, at most 5)
* @return
- * - TRUE, if the item matched
- * - FALSE, otherwise
+ * - TRUE, if the item matched
+ * - FALSE, otherwise
*/
typedef bool (*linked_list_match_t)(void *item, ...);
@@ -57,7 +57,7 @@ struct linked_list_t {
/**
* Gets the count of items in the list.
*
- * @return number of items in list
+ * @return number of items in list
*/
int (*get_count) (linked_list_t *this);
@@ -69,7 +69,7 @@ struct linked_list_t {
* @deprecated Iterator is obsolete and will disappear, it is too
* complicated to implement. Use enumerator instead.
*
- * @param forward iterator direction (TRUE: front to end)
+ * @param forward iterator direction (TRUE: front to end)
* @return new iterator_t object
*/
iterator_t *(*create_iterator) (linked_list_t *this, bool forward);
@@ -94,7 +94,7 @@ struct linked_list_t {
/**
* Removes the first item in the list and returns its value.
*
- * @param item returned value of first item, or NULL
+ * @param item returned value of first item, or NULL
* @return SUCCESS, or NOT_FOUND if list is empty
*/
status_t (*remove_first) (linked_list_t *this, void **item);
@@ -107,18 +107,20 @@ struct linked_list_t {
void (*remove_at)(linked_list_t *this, enumerator_t *enumerator);
/**
- * Remove items from the list matching item.
+ * Remove items from the list matching the given item.
*
- * If a compare function is given, it is called for each item, where
- * the first parameter is the current list item and the second parameter
- * is the supplied item parameter.
- * If compare is NULL, compare is done by pointer.
+ * If a compare function is given, it is called for each item, with the
+ * first parameter being the current list item and the second parameter
+ * being the supplied item. Return TRUE from the compare function to remove
+ * the item, return FALSE to keep it in the list.
+ *
+ * If compare is NULL, comparison is done by pointers.
*
* @param item item to remove/pass to comparator
* @param compare compare function, or NULL
* @return number of removed items
*/
- int (*remove)(linked_list_t *this, void *item, bool (*compare)(void *,void*));
+ int (*remove)(linked_list_t *this, void *item, bool (*compare)(void*,void*));
/**
* Returns the value of the first list item without removing it.
@@ -132,7 +134,7 @@ struct linked_list_t {
/**
* Inserts a new item at the end of the list.
*
- * @param item value to insert into list
+ * @param item value to insert into list
*/
void (*insert_last) (linked_list_t *this, void *item);
@@ -148,7 +150,7 @@ struct linked_list_t {
/**
* Returns the value of the last list item without removing it.
*
- * @param this calling object
+ * @param this calling object
* @param item returned value of last item
* @return SUCCESS, NOT_FOUND if list is empty
*/
@@ -203,6 +205,8 @@ struct linked_list_t {
* which can be evalutated at compile time using the offsetof
* macro, e.g.: list->invoke(list, offsetof(object_t, method));
*
+ * @warning Only use pointers as user supplied data.
+ *
* @param offset offset of the method to invoke on objects
* @param ... user data to supply to called function (limited to 5 arguments)
*/
@@ -211,6 +215,8 @@ struct linked_list_t {
/**
* Invoke a function on all of the contained objects.
*
+ * @warning Only use pointers as user supplied data.
+ *
* @param function offset of the method to invoke on objects
* @param ... user data to supply to called function (limited to 5 arguments)
*/
@@ -265,7 +271,7 @@ struct linked_list_t {
/**
* Creates an empty linked list object.
*
- * @return linked_list_t object.
+ * @return linked_list_t object.
*/
linked_list_t *linked_list_create(void);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 07:03:07 +0000