diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2015-11-18 14:49:27 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2015-11-18 14:49:27 +0100 |
| commit | 1e980d6be0ef0e243c6fe82b5e855454b97e24a4 (patch) | |
| tree | 0d59eec2ce2ed332434ae80fc78a44db9ad293c5 /src | |
| parent | 5dca9ea0e2931f0e2a056c7964d311bcc30a01b8 (diff) | |
| download | vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.tar.gz vyos-strongswan-1e980d6be0ef0e243c6fe82b5e855454b97e24a4.zip | |
Imported Upstream version 5.3.4
Diffstat (limited to 'src')
135 files changed, 4353 insertions, 1557 deletions
diff --git a/src/_updown/_updown.in b/src/_updown/_updown.in index 6e7abca09..e549e9597 100644 --- a/src/_updown/_updown.in +++ b/src/_updown/_updown.in @@ -427,6 +427,14 @@ up-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed) + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection setup if [ $VPN_LOGGING ] then @@ -451,6 +459,13 @@ down-host-v6:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection teardown if [ $VPN_LOGGING ] then @@ -490,6 +505,15 @@ up-client-v6:iptables) -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT fi # + # allow IP6IP6 traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed). + # INPUT is correct here even for forwarded traffic. + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection setup if [ $VPN_LOGGING ] then @@ -533,6 +557,13 @@ down-client-v6:iptables) $IPSEC_POLICY_OUT -j ACCEPT fi # + # IP6IP6 exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + ip6tables -D INPUT -i $PLUTO_INTERFACE -p 41 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection teardown if [ $VPN_LOGGING ] then diff --git a/src/charon-cmd/charon-cmd.c b/src/charon-cmd/charon-cmd.c index 6f2b6f178..b8f943f51 100644 --- a/src/charon-cmd/charon-cmd.c +++ b/src/charon-cmd/charon-cmd.c @@ -17,14 +17,13 @@ */ #include <stdio.h> -#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */ #include <signal.h> -#undef _POSIX_PTHREAD_SEMANTICS #include <pthread.h> #include <sys/types.h> #include <sys/utsname.h> #include <unistd.h> #include <getopt.h> +#include <errno.h> #include <library.h> #include <hydra.h> @@ -112,12 +111,11 @@ static int run() while (TRUE) { int sig; - int error; - error = sigwait(&set, &sig); - if (error) + sig = sigwaitinfo(&set, NULL); + if (sig == -1) { - DBG1(DBG_DMN, "error %d while waiting for a signal", error); + DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno)); return 1; } switch (sig) @@ -382,7 +380,7 @@ int main(int argc, char *argv[]) lib->plugins->status(lib->plugins, LEVEL_CTRL); /* add handler for SEGV and ILL, - * INT, TERM and HUP are handled by sigwait() in run() */ + * INT, TERM and HUP are handled by sigwaitinfo() in run() */ action.sa_handler = segv_handler; action.sa_flags = 0; sigemptyset(&action.sa_mask); diff --git a/src/charon-nm/charon-nm.c b/src/charon-nm/charon-nm.c index 80551f853..1773e7c39 100644 --- a/src/charon-nm/charon-nm.c +++ b/src/charon-nm/charon-nm.c @@ -18,6 +18,7 @@ #include <signal.h> #include <sys/types.h> #include <unistd.h> +#include <errno.h> #include <hydra.h> #include <daemon.h> @@ -80,12 +81,11 @@ static void run() while (TRUE) { int sig; - int error; - error = sigwait(&set, &sig); - if (error) + sig = sigwaitinfo(&set, NULL); + if (sig == -1) { - DBG1(DBG_DMN, "error %d while waiting for a signal", error); + DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno)); return; } switch (sig) @@ -237,7 +237,7 @@ int main(int argc, char *argv[]) } /* add handler for SEGV and ILL, - * INT and TERM are handled by sigwait() in run() */ + * INT and TERM are handled by sigwaitinfo() in run() */ action.sa_handler = segv_handler; action.sa_flags = 0; sigemptyset(&action.sa_mask); diff --git a/src/charon-systemd/charon-systemd.c b/src/charon-systemd/charon-systemd.c index e391a5397..f302d4527 100644 --- a/src/charon-systemd/charon-systemd.c +++ b/src/charon-systemd/charon-systemd.c @@ -249,12 +249,12 @@ static int run() while (TRUE) { - int sig, error; + int sig; - error = sigwait(&set, &sig); - if (error) + sig = sigwaitinfo(&set, NULL); + if (sig == -1) { - DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(error)); + DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno)); return SS_RC_INITIALIZATION_FAILED; } switch (sig) @@ -393,7 +393,7 @@ int main(int argc, char *argv[]) } /* add handler for SEGV and ILL, - * INT, TERM and HUP are handled by sigwait() in run() */ + * INT, TERM and HUP are handled by sigwaitinfo() in run() */ action.sa_handler = segv_handler; action.sa_flags = 0; sigemptyset(&action.sa_mask); diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c index 7c60f0ca8..52d82f3ad 100644 --- a/src/charon-tkm/src/charon-tkm.c +++ b/src/charon-tkm/src/charon-tkm.c @@ -24,6 +24,7 @@ #include <sys/types.h> #include <unistd.h> #include <libgen.h> +#include <errno.h> #include <hydra.h> #include <daemon.h> @@ -42,6 +43,7 @@ #include "tkm_public_key.h" #include "tkm_cred.h" #include "tkm_encoder.h" +#include "tkm_spi_generator.h" /** * TKM bus listener for IKE authorize events. @@ -98,12 +100,11 @@ static void run() while (TRUE) { int sig; - int error; - error = sigwait(&set, &sig); - if (error) + sig = sigwaitinfo(&set, NULL); + if (sig == -1) { - DBG1(DBG_DMN, "error %d while waiting for a signal", error); + DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno)); return; } switch (sig) @@ -298,6 +299,9 @@ int main(int argc, char *argv[]) PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256), PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create), PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"), + PLUGIN_CALLBACK(tkm_spi_generator_register, NULL), + PLUGIN_PROVIDE(CUSTOM, "tkm-spi-generator"), + PLUGIN_DEPENDS(CUSTOM, "libcharon-sa-managers"), }; lib->plugins->add_static_features(lib->plugins, "tkm-backend", features, countof(features), TRUE, NULL, NULL); @@ -358,7 +362,7 @@ int main(int argc, char *argv[]) lib->encoding->add_encoder(lib->encoding, tkm_encoder_encode); /* add handler for SEGV and ILL, - * INT and TERM are handled by sigwait() in run() */ + * INT and TERM are handled by sigwaitinfo() in run() */ action.sa_handler = segv_handler; action.sa_flags = 0; sigemptyset(&action.sa_mask); diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c index 7a0672aa8..2d22fbdc3 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c @@ -281,9 +281,10 @@ METHOD(kernel_ipsec_t, query_policy, status_t, } METHOD(kernel_ipsec_t, del_policy, status_t, - private_tkm_kernel_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, - mark_t mark, policy_priority_t prio) + private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, + mark_t mark, policy_priority_t priority) { return SUCCESS; } diff --git a/src/charon-tkm/src/tkm/tkm_spi_generator.c b/src/charon-tkm/src/tkm/tkm_spi_generator.c new file mode 100644 index 000000000..eff0ca91e --- /dev/null +++ b/src/charon-tkm/src/tkm/tkm_spi_generator.c @@ -0,0 +1,98 @@ +/* + * Copyright (C) 2015 Reto Buerki + * Copyright (C) 2015 Adrian-Ken Rueegsegger + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <inttypes.h> +#include <library.h> +#include <daemon.h> + +#include "tkm_spi_generator.h" + +/** + * Get SPI callback arguments + */ +typedef struct { + rng_t *rng; + u_int64_t spi_mask; + u_int64_t spi_label; +} get_spi_args_t; + +static get_spi_args_t *spi_args; + +/** + * Callback called to generate an IKE SPI. + * + * @param this Callback args containing rng_t and spi mask & label + * @return labeled SPI + */ +CALLBACK(tkm_get_spi, u_int64_t, + const get_spi_args_t const *this) +{ + u_int64_t spi; + + if (!this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi)) + { + return 0; + } + + return (spi & ~this->spi_mask) | this->spi_label; +} + +bool tkm_spi_generator_register(plugin_t *plugin, + plugin_feature_t *feature, + bool reg, void *cb_data) +{ + u_int64_t spi_mask, spi_label; + char *spi_val; + rng_t *rng; + + if (reg) + { + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); + if (!rng) + { + return FALSE; + } + + spi_val = lib->settings->get_str(lib->settings, "%s.spi_mask", NULL, + lib->ns); + spi_mask = settings_value_as_uint64(spi_val, 0); + + spi_val = lib->settings->get_str(lib->settings, "%s.spi_label", NULL, + lib->ns); + spi_label = settings_value_as_uint64(spi_val, 0); + + INIT(spi_args, + .rng = rng, + .spi_mask = spi_mask, + .spi_label = spi_label, + ); + + charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager, + tkm_get_spi, spi_args); + DBG1(DBG_IKE, "using SPI label 0x%.16"PRIx64" and mask 0x%.16"PRIx64, + spi_label, spi_mask); + } + else + { + if (spi_args) + { + DESTROY_IF(spi_args->rng); + free(spi_args); + } + } + + return TRUE; +} diff --git a/src/charon-tkm/src/tkm/tkm_spi_generator.h b/src/charon-tkm/src/tkm/tkm_spi_generator.h new file mode 100644 index 000000000..5f9ff03c6 --- /dev/null +++ b/src/charon-tkm/src/tkm/tkm_spi_generator.h @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2015 Reto Buerki + * Copyright (C) 2015 Adrian-Ken Rueegsegger + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tkm-spi-generator spi generator + * @{ @ingroup tkm + */ + +#ifndef TKM_SPI_GENERATOR_H_ +#define TKM_SPI_GENERATOR_H_ + +#include <plugins/plugin.h> + +/** + * Register the TKM SPI generator callback. + * + * @return TRUE on success + */ +bool tkm_spi_generator_register(plugin_t *plugin, + plugin_feature_t *feature, + bool reg, void *cb_data); + +#endif /** TKM_SPI_GENERATOR_H_ @}*/ diff --git a/src/charon/charon.c b/src/charon/charon.c index 081e49490..f03b6e1ba 100644 --- a/src/charon/charon.c +++ b/src/charon/charon.c @@ -17,9 +17,7 @@ */ #include <stdio.h> -#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */ #include <signal.h> -#undef _POSIX_PTHREAD_SEMANTICS #include <pthread.h> #include <sys/stat.h> #include <sys/types.h> @@ -110,12 +108,11 @@ static void run() while (TRUE) { int sig; - int error; - error = sigwait(&set, &sig); - if (error) + sig = sigwaitinfo(&set, NULL); + if (sig == -1) { - DBG1(DBG_DMN, "error %d while waiting for a signal", error); + DBG1(DBG_DMN, "waiting for signal failed: %s", strerror(errno)); return; } switch (sig) @@ -434,7 +431,7 @@ int main(int argc, char *argv[]) } /* add handler for SEGV and ILL, - * INT, TERM and HUP are handled by sigwait() in run() */ + * INT, TERM and HUP are handled by sigwaitinfo() in run() */ action.sa_handler = segv_handler; action.sa_flags = 0; sigemptyset(&action.sa_mask); diff --git a/src/conftest/conftest.c b/src/conftest/conftest.c index 584a2698a..9348b64e1 100644 --- a/src/conftest/conftest.c +++ b/src/conftest/conftest.c @@ -382,15 +382,17 @@ static void load_log_levels(file_logger_t *logger, char *section) */ static void load_logger_options(file_logger_t *logger, char *section) { - bool ike_name; char *time_format; + bool add_ms, ike_name; time_format = conftest->test->get_str(conftest->test, "log.%s.time_format", NULL, section); + add_ms = conftest->test->get_bool(conftest->test, + "log.%s.time_add_ms", FALSE, section); ike_name = conftest->test->get_bool(conftest->test, "log.%s.ike_name", FALSE, section); - logger->set_options(logger, time_format, ike_name); + logger->set_options(logger, time_format, add_ms, ike_name); } /** @@ -463,7 +465,7 @@ int main(int argc, char *argv[]) lib->credmgr->add_set(lib->credmgr, &conftest->creds->set); logger = file_logger_create("stdout"); - logger->set_options(logger, NULL, FALSE); + logger->set_options(logger, NULL, FALSE, FALSE); logger->open(logger, FALSE, FALSE); logger->set_level(logger, DBG_ANY, LEVEL_CTRL); charon->bus->add_logger(charon->bus, &logger->logger); @@ -563,7 +565,7 @@ int main(int argc, char *argv[]) sigaddset(&set, SIGTERM); sigprocmask(SIG_BLOCK, &set, NULL); - while (sigwait(&set, &sig) == 0) + while ((sig = sigwaitinfo(&set, NULL)) != -1) { switch (sig) { diff --git a/src/include/Makefile.am b/src/include/Makefile.am index 0284c094a..8e6db88a4 100644 --- a/src/include/Makefile.am +++ b/src/include/Makefile.am @@ -1,2 +1,2 @@ EXTRA_DIST = linux/if_alg.h linux/ipsec.h linux/netlink.h linux/rtnetlink.h \ - linux/pfkeyv2.h linux/udp.h linux/xfrm.h sys/queue.h + linux/pfkeyv2.h linux/udp.h linux/socket.h linux/xfrm.h sys/queue.h diff --git a/src/include/Makefile.in b/src/include/Makefile.in index e2c3cd0c3..5740544ca 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -343,7 +343,7 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ EXTRA_DIST = linux/if_alg.h linux/ipsec.h linux/netlink.h linux/rtnetlink.h \ - linux/pfkeyv2.h linux/udp.h linux/xfrm.h sys/queue.h + linux/pfkeyv2.h linux/udp.h linux/socket.h linux/xfrm.h sys/queue.h all: all-am diff --git a/src/include/linux/socket.h b/src/include/linux/socket.h new file mode 100644 index 000000000..76ab0c685 --- /dev/null +++ b/src/include/linux/socket.h @@ -0,0 +1,21 @@ +#ifndef _UAPI_LINUX_SOCKET_H +#define _UAPI_LINUX_SOCKET_H + +/* + * Desired design of maximum size and alignment (see RFC2553) + */ +#define _K_SS_MAXSIZE 128 /* Implementation specific max size */ +#define _K_SS_ALIGNSIZE (__alignof__ (struct sockaddr *)) + /* Implementation specific desired alignment */ + +typedef unsigned short __kernel_sa_family_t; + +struct __kernel_sockaddr_storage { + __kernel_sa_family_t ss_family; /* address family */ + /* Following field(s) are implementation specific */ + char __data[_K_SS_MAXSIZE - sizeof(unsigned short)]; + /* space to achieve desired size, */ + /* _SS_MAXSIZE value minus size of ss_family */ +} __attribute__ ((aligned(_K_SS_ALIGNSIZE))); /* force desired alignment */ + +#endif /* _UAPI_LINUX_SOCKET_H */ diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8 index 9795451e8..bc7b633b0 100644 --- a/src/ipsec/_ipsec.8 +++ b/src/ipsec/_ipsec.8 @@ -1,4 +1,4 @@ -.TH IPSEC 8 "2013-10-29" "5.3.3dr5" "strongSwan" +.TH IPSEC 8 "2013-10-29" "5.3.4dr1" "strongSwan" . .SH NAME . diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in index 0798830cf..89c7ef753 100644 --- a/src/ipsec/_ipsec.in +++ b/src/ipsec/_ipsec.in @@ -256,10 +256,10 @@ stop) if [ -n "$spid" ] then kill $spid 2>/dev/null - loop=11 + loop=110 while [ $loop -gt 0 ] ; do kill -0 $spid 2>/dev/null || break - sleep 1 + sleep 0.1 loop=$(($loop - 1)) done if [ $loop -eq 0 ] diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk index 5eef6fdc6..10085794b 100644 --- a/src/libcharon/Android.mk +++ b/src/libcharon/Android.mk @@ -228,7 +228,6 @@ endif # build libcharon -------------------------------------------------------------- LOCAL_C_INCLUDES += \ - $(strongswan_PATH)/src/include \ $(strongswan_PATH)/src/libhydra \ $(strongswan_PATH)/src/libstrongswan diff --git a/src/libcharon/bus/listeners/file_logger.c b/src/libcharon/bus/listeners/file_logger.c index e3661bde6..7a53e9338 100644 --- a/src/libcharon/bus/listeners/file_logger.c +++ b/src/libcharon/bus/listeners/file_logger.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Tobias Brunner + * Copyright (C) 2012-2015 Tobias Brunner * Copyright (C) 2006 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -65,6 +65,11 @@ struct private_file_logger_t { char *time_format; /** + * Add milliseconds after the time string + */ + bool add_ms; + + /** * Print the name/# of the IKE_SA? */ bool ike_name; @@ -87,7 +92,9 @@ METHOD(logger_t, log_, void, char timestr[128], namestr[128] = ""; const char *current = message, *next; struct tm tm; - time_t t; + timeval_t tv; + time_t s; + u_int ms = 0; this->lock->read_lock(this->lock); if (!this->out) @@ -97,8 +104,10 @@ METHOD(logger_t, log_, void, } if (this->time_format) { - t = time(NULL); - localtime_r(&t, &tm); + gettimeofday(&tv, NULL); + s = tv.tv_sec; + ms = tv.tv_usec / 1000; + localtime_r(&s, &tm); strftime(timestr, sizeof(timestr), this->time_format, &tm); } if (this->ike_name && ike_sa) @@ -126,8 +135,16 @@ METHOD(logger_t, log_, void, next = strchr(current, '\n'); if (this->time_format) { - fprintf(this->out, "%s %.2d[%N]%s ", - timestr, thread, debug_names, group, namestr); + if (this->add_ms) + { + fprintf(this->out, "%s.%03u %.2d[%N]%s ", + timestr, ms, thread, debug_names, group, namestr); + } + else + { + fprintf(this->out, "%s %.2d[%N]%s ", + timestr, thread, debug_names, group, namestr); + } } else { @@ -182,11 +199,12 @@ METHOD(file_logger_t, set_level, void, } METHOD(file_logger_t, set_options, void, - private_file_logger_t *this, char *time_format, bool ike_name) + private_file_logger_t *this, char *time_format, bool add_ms, bool ike_name) { this->lock->write_lock(this->lock); free(this->time_format); this->time_format = strdupnull(time_format); + this->add_ms = add_ms; this->ike_name = ike_name; this->lock->unlock(this->lock); } diff --git a/src/libcharon/bus/listeners/file_logger.h b/src/libcharon/bus/listeners/file_logger.h index 9e5aed50b..1bcfec150 100644 --- a/src/libcharon/bus/listeners/file_logger.h +++ b/src/libcharon/bus/listeners/file_logger.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Tobias Brunner + * Copyright (C) 2012-2015 Tobias Brunner * Copyright (C) 2006 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -48,9 +48,12 @@ struct file_logger_t { * Set options used by this logger * * @param time_format format of timestamp prefix, as in strftime(), cloned + * @param add_ms TRUE to add the number of milliseconds within the + * current second after the timestamp * @param ike_name TRUE to prefix the name of the IKE_SA */ - void (*set_options) (file_logger_t *this, char *time_format, bool ike_name); + void (*set_options) (file_logger_t *this, char *time_format, bool add_ms, + bool ike_name); /** * Open (or reopen) the log file according to the given parameters diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index ce9301006..aa2a39ce5 100644 --- a/src/libcharon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c @@ -302,7 +302,7 @@ METHOD(peer_cfg_t, select_child_cfg, child_cfg_t*, enumerator_t *enumerator; int best = 0; - DBG2(DBG_CFG, "looking for a child config for %#R=== %#R", my_ts, other_ts); + DBG2(DBG_CFG, "looking for a child config for %#R === %#R", my_ts, other_ts); enumerator = create_child_cfg_enumerator(this); while (enumerator->enumerate(enumerator, ¤t)) { diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index 316be7611..dce2a7144 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2012 Tobias Brunner + * Copyright (C) 2006-2015 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter @@ -324,11 +324,13 @@ static void load_file_logger(private_daemon_t *this, char *filename, file_logger_t *file_logger; debug_t group; level_t def; - bool ike_name, flush_line, append; + bool add_ms, ike_name, flush_line, append; char *time_format; time_format = lib->settings->get_str(lib->settings, "%s.filelog.%s.time_format", NULL, lib->ns, filename); + add_ms = lib->settings->get_bool(lib->settings, + "%s.filelog.%s.time_add_ms", FALSE, lib->ns, filename); ike_name = lib->settings->get_bool(lib->settings, "%s.filelog.%s.ike_name", FALSE, lib->ns, filename); flush_line = lib->settings->get_bool(lib->settings, @@ -337,7 +339,7 @@ static void load_file_logger(private_daemon_t *this, char *filename, "%s.filelog.%s.append", TRUE, lib->ns, filename); file_logger = add_file_logger(this, filename, current_loggers); - file_logger->set_options(file_logger, time_format, ike_name); + file_logger->set_options(file_logger, time_format, add_ms, ike_name); file_logger->open(file_logger, flush_line, append); def = lib->settings->get_int(lib->settings, "%s.filelog.%s.default", 1, @@ -486,8 +488,6 @@ static void destroy(private_daemon_t *this) DESTROY_IF(this->kernel_handler); DESTROY_IF(this->public.traps); DESTROY_IF(this->public.shunts); - DESTROY_IF(this->public.child_sa_manager); - DESTROY_IF(this->public.ike_sa_manager); DESTROY_IF(this->public.controller); DESTROY_IF(this->public.eap); DESTROY_IF(this->public.xauth); @@ -560,7 +560,6 @@ METHOD(daemon_t, start, void, run_scripts(this, "start"); } - /** * Initialize/deinitialize sender and receiver */ @@ -584,12 +583,36 @@ static bool sender_receiver_cb(void *plugin, plugin_feature_t *feature, return TRUE; } +/** + * Initialize/deinitialize IKE_SA/CHILD_SA managers + */ +static bool sa_managers_cb(void *plugin, plugin_feature_t *feature, + bool reg, private_daemon_t *this) +{ + if (reg) + { + this->public.ike_sa_manager = ike_sa_manager_create(); + if (!this->public.ike_sa_manager) + { + return FALSE; + } + this->public.child_sa_manager = child_sa_manager_create(); + } + else + { + DESTROY_IF(this->public.ike_sa_manager); + DESTROY_IF(this->public.child_sa_manager); + } + return TRUE; +} + METHOD(daemon_t, initialize, bool, private_daemon_t *this, char *plugins) { plugin_feature_t features[] = { PLUGIN_PROVIDE(CUSTOM, "libcharon"), PLUGIN_DEPENDS(NONCE_GEN), + PLUGIN_DEPENDS(CUSTOM, "libcharon-sa-managers"), PLUGIN_DEPENDS(CUSTOM, "libcharon-receiver"), PLUGIN_DEPENDS(CUSTOM, "kernel-ipsec"), PLUGIN_DEPENDS(CUSTOM, "kernel-net"), @@ -598,6 +621,10 @@ METHOD(daemon_t, initialize, bool, PLUGIN_DEPENDS(HASHER, HASH_SHA1), PLUGIN_DEPENDS(RNG, RNG_STRONG), PLUGIN_DEPENDS(CUSTOM, "socket"), + PLUGIN_CALLBACK((plugin_feature_callback_t)sa_managers_cb, this), + PLUGIN_PROVIDE(CUSTOM, "libcharon-sa-managers"), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), + PLUGIN_DEPENDS(RNG, RNG_WEAK), }; lib->plugins->add_static_features(lib->plugins, lib->ns, features, countof(features), TRUE, NULL, NULL); @@ -608,13 +635,6 @@ METHOD(daemon_t, initialize, bool, return FALSE; } - this->public.ike_sa_manager = ike_sa_manager_create(); - if (this->public.ike_sa_manager == NULL) - { - return FALSE; - } - this->public.child_sa_manager = child_sa_manager_create(); - /* Queue start_action job */ lib->processor->queue_job(lib->processor, (job_t*)start_action_job_create()); diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c index f7f39f984..16978f486 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009 Tobias Brunner + * Copyright (C) 2009-2015 Tobias Brunner * Copyright (C) 2010 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -81,6 +81,21 @@ struct private_eap_mschapv2_t * Number of retries */ int retries; + + /** + * Provide EAP-Identity + */ + auth_cfg_t *auth; + + /** + * Current state + */ + enum { + S_EXPECT_CHALLENGE, + S_EXPECT_RESPONSE, + S_EXPECT_SUCCESS, + S_DONE, + } state; }; /** @@ -628,6 +643,7 @@ METHOD(eap_method_t, initiate_server, status_t, memcpy(cha->name, name, sizeof(MSCHAPV2_HOST_NAME) - 1); *out = eap_payload_create_data(chunk_create((void*) eap, len)); + this->state = S_EXPECT_RESPONSE; return NEED_MORE; } @@ -747,6 +763,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, memcpy(res->name, userid.ptr, userid.len); *out = eap_payload_create_data(chunk_create((void*) eap, len)); + this->state = S_EXPECT_SUCCESS; return NEED_MORE; } @@ -829,6 +846,7 @@ static status_t process_peer_success(private_eap_mschapv2_t *this, *out = eap_payload_create_data(chunk_create((void*) eap, len)); status = NEED_MORE; + this->state = S_DONE; error: chunk_free(&auth_string); @@ -922,6 +940,7 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this, */ status = FAILED; + this->state = S_DONE; error: chunk_free(&challenge); @@ -946,26 +965,38 @@ METHOD(eap_method_t, process_peer, status_t, eap = (eap_mschapv2_header_t*)data.ptr; + switch (this->state) + { + case S_EXPECT_CHALLENGE: + if (eap->opcode == MSCHAPV2_CHALLENGE) + { + return process_peer_challenge(this, in, out); + } + break; + case S_EXPECT_SUCCESS: + switch (eap->opcode) + { + case MSCHAPV2_SUCCESS: + return process_peer_success(this, in, out); + case MSCHAPV2_FAILURE: + return process_peer_failure(this, in, out); + } + break; + default: + break; + } switch (eap->opcode) { case MSCHAPV2_CHALLENGE: - { - return process_peer_challenge(this, in, out); - } case MSCHAPV2_SUCCESS: - { - return process_peer_success(this, in, out); - } case MSCHAPV2_FAILURE: - { - return process_peer_failure(this, in, out); - } + DBG1(DBG_IKE, "received unexpected EAP-MS-CHAPv2 message with " + "OpCode (%N)!", mschapv2_opcode_names, eap->opcode); + break; default: - { DBG1(DBG_IKE, "EAP-MS-CHAPv2 received packet with unsupported " "OpCode (%N)!", mschapv2_opcode_names, eap->opcode); break; - } } return FAILED; } @@ -1027,6 +1058,8 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, /* delay the response for some time to make brute-force attacks harder */ sleep(RETRY_DELAY); + /* since the error is retryable the state does not change, we still + * expect an MSCHAPV2_RESPONSE from the peer */ return NEED_MORE; } @@ -1058,7 +1091,10 @@ static status_t process_server_response(private_eap_mschapv2_t *this, name_len = min(data.len - RESPONSE_PAYLOAD_LEN, 255); snprintf(buf, sizeof(buf), "%.*s", name_len, res->name); userid = identification_create_from_string(buf); - DBG2(DBG_IKE, "EAP-MS-CHAPv2 username: '%Y'", userid); + if (!userid->equals(userid, this->peer)) + { + DBG1(DBG_IKE, "EAP-MS-CHAPv2 username: '%Y'", userid); + } /* userid can only be destroyed after the last use of username */ username = extract_username(userid->get_encoding(userid)); @@ -1084,7 +1120,6 @@ static status_t process_server_response(private_eap_mschapv2_t *this, chunk_clear(&nt_hash); return FAILED; } - userid->destroy(userid); chunk_clear(&nt_hash); if (memeq_const(res->response.nt_response, this->nt_response.ptr, @@ -1109,9 +1144,12 @@ static status_t process_server_response(private_eap_mschapv2_t *this, chunk_free(&hex); memcpy(eap->data, msg, AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE)); *out = eap_payload_create_data(chunk_create((void*) eap, len)); + + this->auth->add(this->auth, AUTH_RULE_EAP_IDENTITY, userid); + this->state = S_EXPECT_SUCCESS; return NEED_MORE; } - + userid->destroy(userid); return process_server_retry(this, out); } @@ -1137,26 +1175,39 @@ METHOD(eap_method_t, process_server, status_t, eap = (eap_mschapv2_header_t*)data.ptr; + switch (this->state) + { + case S_EXPECT_RESPONSE: + if (eap->opcode == MSCHAPV2_RESPONSE) + { + return process_server_response(this, in, out); + } + break; + case S_EXPECT_SUCCESS: + if (eap->opcode == MSCHAPV2_SUCCESS && + this->msk.ptr) + { + return SUCCESS; + } + break; + default: + break; + } switch (eap->opcode) { - case MSCHAPV2_RESPONSE: - { - return process_server_response(this, in, out); - } - case MSCHAPV2_SUCCESS: - { - return SUCCESS; - } case MSCHAPV2_FAILURE: - { + /* the client may abort the authentication by sending us a failure + * in any state */ return FAILED; - } + case MSCHAPV2_RESPONSE: + case MSCHAPV2_SUCCESS: + DBG1(DBG_IKE, "received unexpected EAP-MS-CHAPv2 message with " + "OpCode (%N)!", mschapv2_opcode_names, eap->opcode); + break; default: - { DBG1(DBG_IKE, "EAP-MS-CHAPv2 received packet with unsupported " "OpCode (%N)!", mschapv2_opcode_names, eap->opcode); break; - } } return FAILED; } @@ -1197,11 +1248,18 @@ METHOD(eap_method_t, is_mutual, bool, return FALSE; } +METHOD(eap_method_t, get_auth, auth_cfg_t*, + private_eap_mschapv2_t *this) +{ + return this->auth; +} + METHOD(eap_method_t, destroy, void, private_eap_mschapv2_t *this) { this->peer->destroy(this->peer); this->server->destroy(this->server); + this->auth->destroy(this->auth); chunk_free(&this->challenge); chunk_free(&this->nt_response); chunk_free(&this->auth_response); @@ -1224,11 +1282,14 @@ static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *ser .get_msk = _get_msk, .get_identifier = _get_identifier, .set_identifier = _set_identifier, + .get_auth = _get_auth, .destroy = _destroy, }, }, .peer = peer->clone(peer), .server = server->clone(server), + .auth = auth_cfg_create(), + .state = S_EXPECT_CHALLENGE, ); return this; diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.c b/src/libcharon/plugins/eap_radius/eap_radius_provider.c index 0cf723711..0f207fbe6 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_provider.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.c @@ -178,18 +178,38 @@ static void add_addr(private_eap_radius_provider_t *this, * Remove the next address from the locked hashtable stored for given id */ static host_t* remove_addr(private_eap_radius_provider_t *this, - hashtable_t *hashtable, uintptr_t id) + hashtable_t *hashtable, uintptr_t id, host_t *addr) { + enumerator_t *enumerator; entry_t *entry; - host_t *addr = NULL; + host_t *found = NULL, *current; entry = hashtable->remove(hashtable, (void*)id); if (entry) { - entry->addrs->remove_first(entry->addrs, (void**)&addr); + enumerator = entry->addrs->create_enumerator(entry->addrs); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (addr->ip_equals(addr, current)) + { /* prefer an exact match */ + entry->addrs->remove_at(entry->addrs, enumerator); + enumerator->destroy(enumerator); + put_or_destroy_entry(hashtable, entry); + return current; + } + if (!found && addr->get_family(addr) == current->get_family(current)) + { /* fallback to the first IP with a matching address family */ + found = current; + } + } + enumerator->destroy(enumerator); + if (found) + { + entry->addrs->remove(entry->addrs, found, NULL); + } put_or_destroy_entry(hashtable, entry); } - return addr; + return found; } /** @@ -326,7 +346,7 @@ METHOD(attribute_provider_t, acquire_address, host_t*, if (streq(name, "radius")) { this->listener.mutex->lock(this->listener.mutex); - addr = remove_addr(this, this->listener.unclaimed, sa); + addr = remove_addr(this, this->listener.unclaimed, sa, requested); if (addr) { add_addr(this, this->listener.claimed, sa, addr->clone(addr)); @@ -357,7 +377,7 @@ METHOD(attribute_provider_t, release_address, bool, if (streq(name, "radius")) { this->listener.mutex->lock(this->listener.mutex); - found = remove_addr(this, this->listener.claimed, sa); + found = remove_addr(this, this->listener.claimed, sa, address); this->listener.mutex->unlock(this->listener.mutex); break; } diff --git a/src/libcharon/plugins/error_notify/error_notify_listener.c b/src/libcharon/plugins/error_notify/error_notify_listener.c index f7a1f49ec..ce577c62c 100644 --- a/src/libcharon/plugins/error_notify/error_notify_listener.c +++ b/src/libcharon/plugins/error_notify/error_notify_listener.c @@ -110,7 +110,7 @@ METHOD(listener_t, alert, bool, list = va_arg(args, linked_list_t*); list2 = va_arg(args, linked_list_t*); snprintf(msg.str, sizeof(msg.str), "the received traffic selectors " - "did not match: %#R=== %#R", list, list2); + "did not match: %#R === %#R", list, list2); break; case ALERT_INSTALL_CHILD_SA_FAILED: msg.type = htonl(ERROR_NOTIFY_INSTALL_CHILD_SA_FAILED); diff --git a/src/libcharon/plugins/ha/ha_child.c b/src/libcharon/plugins/ha/ha_child.c index 17f2d50d1..dbb6adc8f 100644 --- a/src/libcharon/plugins/ha/ha_child.c +++ b/src/libcharon/plugins/ha/ha_child.c @@ -126,7 +126,7 @@ METHOD(listener_t, child_keys, bool, ike_sa->get_my_host(ike_sa), child_sa->get_spi(child_sa, TRUE)); seg_o = this->kernel->get_segment_spi(this->kernel, ike_sa->get_other_host(ike_sa), child_sa->get_spi(child_sa, FALSE)); - DBG1(DBG_CFG, "handling HA CHILD_SA %s{%d} %#R=== %#R " + DBG1(DBG_CFG, "handling HA CHILD_SA %s{%d} %#R === %#R " "(segment in: %d%s, out: %d%s)", child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa), local_ts, remote_ts, seg_i, this->segments->is_active(this->segments, seg_i) ? "*" : "", diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c index afa099309..07ef607c6 100644 --- a/src/libcharon/plugins/ha/ha_dispatcher.c +++ b/src/libcharon/plugins/ha/ha_dispatcher.c @@ -848,7 +848,7 @@ static void process_child_add(private_ha_dispatcher_t *this, seg_o = this->kernel->get_segment_spi(this->kernel, ike_sa->get_other_host(ike_sa), outbound_spi); - DBG1(DBG_CFG, "installed HA CHILD_SA %s{%d} %#R=== %#R " + DBG1(DBG_CFG, "installed HA CHILD_SA %s{%d} %#R === %#R " "(segment in: %d%s, out: %d%s)", child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa), local_ts, remote_ts, seg_i, this->segments->is_active(this->segments, seg_i) ? "*" : "", diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c index 6246dc505..d738e6d13 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c @@ -563,15 +563,16 @@ METHOD(kernel_ipsec_t, query_policy, status_t, } METHOD(kernel_ipsec_t, del_policy, status_t, - private_kernel_libipsec_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark, policy_priority_t priority) { policy_entry_t *policy, *found = NULL; status_t status; status = ipsec->policies->del_policy(ipsec->policies, src_ts, dst_ts, - direction, reqid, mark, priority); + direction, sa->reqid, mark, priority); policy = create_policy_entry(src_ts, dst_ts, direction); diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c index b38ded846..95f79f168 100644 --- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c +++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c @@ -2456,15 +2456,16 @@ METHOD(kernel_ipsec_t, query_policy, status_t, } METHOD(kernel_ipsec_t, del_policy, status_t, - private_kernel_wfp_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark, policy_priority_t priority) { if (direction == POLICY_OUT && priority == POLICY_PRIORITY_ROUTED) { - if (remove_trap(this, reqid, FALSE, src_ts, dst_ts)) + if (remove_trap(this, sa->reqid, FALSE, src_ts, dst_ts)) { - remove_trap(this, reqid, TRUE, src_ts, dst_ts); + remove_trap(this, sa->reqid, TRUE, src_ts, dst_ts); return SUCCESS; } return NOT_FOUND; diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c index 62d43e302..6a86bb899 100644 --- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c @@ -103,8 +103,9 @@ METHOD(kernel_ipsec_t, query_policy, status_t, } METHOD(kernel_ipsec_t, del_policy, status_t, - private_load_tester_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + private_load_tester_ipsec_t *this, host_t *src, host_t *dst, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark, policy_priority_t priority) { return SUCCESS; diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index dbfddbb81..13bf3e775 100644 --- a/src/libcharon/plugins/socket_default/socket_default_socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -148,6 +148,91 @@ struct private_socket_default_socket_t { u_int rr_counter; }; +/** + * Get the destination IPv4 address of a received packet, depending on the + * available mechanism. + */ +#ifdef IP_PKTINFO + +static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) +{ + struct sockaddr_in dst = { + .sin_family = AF_INET, + .sin_port = htons(port), + }; + struct in_pktinfo *pktinfo; + struct in_addr *addr; + + if (cmsgptr->cmsg_type == IP_PKTINFO) + { + pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsgptr); + addr = &pktinfo->ipi_addr; + memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr)); + return host_create_from_sockaddr((sockaddr_t*)&dst); + } + return NULL; +} + +#elif defined(IP_RECVDSTADDR) + +static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) +{ + struct sockaddr_in dst = { + .sin_family = AF_INET, + .sin_port = htons(port), + }; + struct in_addr *addr; + + if (cmsgptr->cmsg_type == IP_RECVDSTADDR) + { + addr = (struct in_addr*)CMSG_DATA(cmsgptr); + memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr)); + return host_create_from_sockaddr((sockaddr_t*)&dst); + } + return NULL; +} + +#else /* IP_PKTINFO || IP_RECVDSTADDR */ + +static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) +{ + return NULL; +} + +#endif /* IP_PKTINFO || IP_RECVDSTADDR */ + +/** + * Get the destination IPv6 address of a received packet, depending on the + * available mechanism. + */ +#ifdef HAVE_IN6_PKTINFO + +static host_t *get_dst_v6(struct cmsghdr *cmsgptr, u_int16_t port) +{ + struct in6_pktinfo *pktinfo; + struct sockaddr_in6 dst = { + .sin6_family = AF_INET6, + .sin6_port = htons(port), + }; + + if (cmsgptr->cmsg_type == IPV6_PKTINFO) + { + pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr); + memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr)); + return host_create_from_sockaddr((sockaddr_t*)&dst); + } + return NULL; +} + +#else /* HAVE_IN6_PKTINFO */ + +static host_t *get_dst_v6(struct cmsghdr *cmsgptr, u_int16_t port) +{ + return NULL; +} + +#endif /* HAVE_IN6_PKTINFO */ + METHOD(socket_t, receiver, status_t, private_socket_default_socket_t *this, packet_t **packet) { @@ -233,48 +318,13 @@ METHOD(socket_t, receiver, status_t, DBG1(DBG_NET, "error reading ancillary data"); return FAILED; } - -#ifdef HAVE_IN6_PKTINFO - if (cmsgptr->cmsg_level == SOL_IPV6 && - cmsgptr->cmsg_type == IPV6_PKTINFO) + if (cmsgptr->cmsg_level == SOL_IP) { - struct in6_pktinfo *pktinfo; - pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsgptr); - struct sockaddr_in6 dst; - - memset(&dst, 0, sizeof(dst)); - memcpy(&dst.sin6_addr, &pktinfo->ipi6_addr, sizeof(dst.sin6_addr)); - dst.sin6_family = AF_INET6; - dst.sin6_port = htons(port); - dest = host_create_from_sockaddr((sockaddr_t*)&dst); + dest = get_dst_v4(cmsgptr, port); } -#endif /* HAVE_IN6_PKTINFO */ - if (cmsgptr->cmsg_level == SOL_IP && -#ifdef IP_PKTINFO - cmsgptr->cmsg_type == IP_PKTINFO -#elif defined(IP_RECVDSTADDR) - cmsgptr->cmsg_type == IP_RECVDSTADDR -#else - FALSE -#endif - ) + else if (cmsgptr->cmsg_level == SOL_IPV6) { - struct in_addr *addr; - struct sockaddr_in dst; - -#ifdef IP_PKTINFO - struct in_pktinfo *pktinfo; - pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsgptr); - addr = &pktinfo->ipi_addr; -#elif defined(IP_RECVDSTADDR) - addr = (struct in_addr*)CMSG_DATA(cmsgptr); -#endif - memset(&dst, 0, sizeof(dst)); - memcpy(&dst.sin_addr, addr, sizeof(dst.sin_addr)); - - dst.sin_family = AF_INET; - dst.sin_port = htons(port); - dest = host_create_from_sockaddr((sockaddr_t*)&dst); + dest = get_dst_v6(cmsgptr, port); } if (dest) { @@ -305,6 +355,107 @@ METHOD(socket_t, receiver, status_t, return SUCCESS; } +/** + * Generic function to send a message. + */ +static ssize_t send_msg_generic(int skt, struct msghdr *msg) +{ + return sendmsg(skt, msg, 0); +} + +/** + * Send a message with the IPv4 source address set, if possible. + */ +#ifdef IP_PKTINFO + +static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src) +{ + char buf[CMSG_SPACE(sizeof(struct in_pktinfo))] = {}; + struct cmsghdr *cmsg; + struct in_addr *addr; + struct in_pktinfo *pktinfo; + struct sockaddr_in *sin; + + msg->msg_control = buf; + msg->msg_controllen = sizeof(buf); + cmsg = CMSG_FIRSTHDR(msg); + cmsg->cmsg_level = SOL_IP; + cmsg->cmsg_type = IP_PKTINFO; + cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); + + pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg); + addr = &pktinfo->ipi_spec_dst; + + sin = (struct sockaddr_in*)src->get_sockaddr(src); + memcpy(addr, &sin->sin_addr, sizeof(struct in_addr)); + return send_msg_generic(skt, msg); +} + +#elif defined(IP_SENDSRCADDR) + +static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src) +{ + char buf[CMSG_SPACE(sizeof(struct in_addr))] = {}; + struct cmsghdr *cmsg; + struct in_addr *addr; + struct sockaddr_in *sin; + + msg->msg_control = buf; + msg->msg_controllen = sizeof(buf); + cmsg = CMSG_FIRSTHDR(msg); + cmsg->cmsg_level = SOL_IP; + cmsg->cmsg_type = IP_SENDSRCADDR; + cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr)); + + addr = (struct in_addr*)CMSG_DATA(cmsg); + + sin = (struct sockaddr_in*)src->get_sockaddr(src); + memcpy(addr, &sin->sin_addr, sizeof(struct in_addr)); + return send_msg_generic(skt, msg); +} + +#else /* IP_PKTINFO || IP_RECVDSTADDR */ + +static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src) +{ + return send_msg_generic(skt, msg); +} + +#endif /* IP_PKTINFO || IP_RECVDSTADDR */ + +/** + * Send a message with the IPv6 source address set, if possible. + */ +#ifdef HAVE_IN6_PKTINFO + +static ssize_t send_msg_v6(int skt, struct msghdr *msg, host_t *src) +{ + char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))] = {}; + struct cmsghdr *cmsg; + struct in6_pktinfo *pktinfo; + struct sockaddr_in6 *sin; + + msg->msg_control = buf; + msg->msg_controllen = sizeof(buf); + cmsg = CMSG_FIRSTHDR(msg); + cmsg->cmsg_level = SOL_IPV6; + cmsg->cmsg_type = IPV6_PKTINFO; + cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); + pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg); + sin = (struct sockaddr_in6*)src->get_sockaddr(src); + memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr)); + return send_msg_generic(skt, msg); +} + +#else /* HAVE_IN6_PKTINFO */ + +static ssize_t send_msg_v6(int skt, struct msghdr *msg, host_t *src) +{ + return send_msg_generic(skt, msg); +} + +#endif /* HAVE_IN6_PKTINFO */ + METHOD(socket_t, sender, status_t, private_socket_default_socket_t *this, packet_t *packet) { @@ -313,7 +464,6 @@ METHOD(socket_t, sender, status_t, chunk_t data; host_t *src, *dst; struct msghdr msg; - struct cmsghdr *cmsg; struct iovec iov; u_int8_t *dscp; @@ -415,56 +565,17 @@ METHOD(socket_t, sender, status_t, { if (family == AF_INET) { -#if defined(IP_PKTINFO) || defined(IP_SENDSRCADDR) - struct in_addr *addr; - struct sockaddr_in *sin; -#ifdef IP_PKTINFO - char buf[CMSG_SPACE(sizeof(struct in_pktinfo))]; - struct in_pktinfo *pktinfo; -#elif defined(IP_SENDSRCADDR) - char buf[CMSG_SPACE(sizeof(struct in_addr))]; -#endif - memset(buf, 0, sizeof(buf)); - msg.msg_control = buf; - msg.msg_controllen = sizeof(buf); - cmsg = CMSG_FIRSTHDR(&msg); - cmsg->cmsg_level = SOL_IP; -#ifdef IP_PKTINFO - cmsg->cmsg_type = IP_PKTINFO; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); - pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg); - addr = &pktinfo->ipi_spec_dst; -#elif defined(IP_SENDSRCADDR) - cmsg->cmsg_type = IP_SENDSRCADDR; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_addr)); - addr = (struct in_addr*)CMSG_DATA(cmsg); -#endif - sin = (struct sockaddr_in*)src->get_sockaddr(src); - memcpy(addr, &sin->sin_addr, sizeof(struct in_addr)); -#endif /* IP_PKTINFO || IP_SENDSRCADDR */ + bytes_sent = send_msg_v4(skt, &msg, src); } -#ifdef HAVE_IN6_PKTINFO else { - char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; - struct in6_pktinfo *pktinfo; - struct sockaddr_in6 *sin; - - memset(buf, 0, sizeof(buf)); - msg.msg_control = buf; - msg.msg_controllen = sizeof(buf); - cmsg = CMSG_FIRSTHDR(&msg); - cmsg->cmsg_level = SOL_IPV6; - cmsg->cmsg_type = IPV6_PKTINFO; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); - pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg); - sin = (struct sockaddr_in6*)src->get_sockaddr(src); - memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr)); + bytes_sent = send_msg_v6(skt, &msg, src); } -#endif /* HAVE_IN6_PKTINFO */ } - - bytes_sent = sendmsg(skt, &msg, 0); + else + { + bytes_sent = send_msg_generic(skt, &msg); + } if (bytes_sent != data.len) { diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c index b82a69e1b..a032134c3 100644 --- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c +++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c @@ -527,6 +527,62 @@ static dynsock_t *find_socket(private_socket_dynamic_socket_t *this, return skt; } +/** + * Generic function to send a message. + */ +static ssize_t send_msg_generic(int skt, struct msghdr *msg) +{ + return sendmsg(skt, msg, 0); +} + +/** + * Send a message with the IPv4 source address set. + */ +static ssize_t send_msg_v4(int skt, struct msghdr *msg, host_t *src) +{ + char buf[CMSG_SPACE(sizeof(struct in_pktinfo))] = {}; + struct cmsghdr *cmsg; + struct in_addr *addr; + struct in_pktinfo *pktinfo; + struct sockaddr_in *sin; + + msg->msg_control = buf; + msg->msg_controllen = sizeof(buf); + cmsg = CMSG_FIRSTHDR(msg); + cmsg->cmsg_level = SOL_IP; + cmsg->cmsg_type = IP_PKTINFO; + cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); + + pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg); + addr = &pktinfo->ipi_spec_dst; + + sin = (struct sockaddr_in*)src->get_sockaddr(src); + memcpy(addr, &sin->sin_addr, sizeof(struct in_addr)); + return send_msg_generic(skt, msg); +} + +/** + * Send a message with the IPv6 source address set. + */ +static ssize_t send_msg_v6(int skt, struct msghdr *msg, host_t *src) +{ + char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))] = {}; + struct cmsghdr *cmsg; + struct in6_pktinfo *pktinfo; + struct sockaddr_in6 *sin; + + msg->msg_control = buf; + msg->msg_controllen = sizeof(buf); + cmsg = CMSG_FIRSTHDR(msg); + cmsg->cmsg_level = SOL_IPV6; + cmsg->cmsg_type = IPV6_PKTINFO; + cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); + pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg); + sin = (struct sockaddr_in6*)src->get_sockaddr(src); + memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr)); + return send_msg_generic(skt, msg); +} + METHOD(socket_t, sender, status_t, private_socket_dynamic_socket_t *this, packet_t *packet) { @@ -536,7 +592,6 @@ METHOD(socket_t, sender, status_t, ssize_t len; chunk_t data; struct msghdr msg; - struct cmsghdr *cmsg; struct iovec iov; src = packet->get_source(packet); @@ -564,43 +619,18 @@ METHOD(socket_t, sender, status_t, { if (family == AF_INET) { - struct in_addr *addr; - struct sockaddr_in *sin; - char buf[CMSG_SPACE(sizeof(struct in_pktinfo))]; - struct in_pktinfo *pktinfo; - - memset(buf, 0, sizeof(buf)); - msg.msg_control = buf; - msg.msg_controllen = sizeof(buf); - cmsg = CMSG_FIRSTHDR(&msg); - cmsg->cmsg_level = SOL_IP; - cmsg->cmsg_type = IP_PKTINFO; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct in_pktinfo)); - pktinfo = (struct in_pktinfo*)CMSG_DATA(cmsg); - addr = &pktinfo->ipi_spec_dst; - sin = (struct sockaddr_in*)src->get_sockaddr(src); - memcpy(addr, &sin->sin_addr, sizeof(struct in_addr)); + len = send_msg_v4(skt->fd, &msg, src); } else { - char buf[CMSG_SPACE(sizeof(struct in6_pktinfo))]; - struct in6_pktinfo *pktinfo; - struct sockaddr_in6 *sin; - - memset(buf, 0, sizeof(buf)); - msg.msg_control = buf; - msg.msg_controllen = sizeof(buf); - cmsg = CMSG_FIRSTHDR(&msg); - cmsg->cmsg_level = SOL_IPV6; - cmsg->cmsg_type = IPV6_PKTINFO; - cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo)); - pktinfo = (struct in6_pktinfo*)CMSG_DATA(cmsg); - sin = (struct sockaddr_in6*)src->get_sockaddr(src); - memcpy(&pktinfo->ipi6_addr, &sin->sin6_addr, sizeof(struct in6_addr)); + len = send_msg_v6(skt->fd, &msg, src); } } + else + { + len = send_msg_generic(skt->fd, &msg); + } - len = sendmsg(skt->fd, &msg, 0); if (len != data.len) { DBG1(DBG_NET, "error writing to socket: %s", strerror(errno)); diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index f71719458..68cf83089 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -346,9 +346,9 @@ static void parse_pubkey_constraints(char *auth, auth_cfg_t *cfg) { "sha256", SIGN_ECDSA_256, KEY_ECDSA, }, { "sha384", SIGN_ECDSA_384, KEY_ECDSA, }, { "sha512", SIGN_ECDSA_521, KEY_ECDSA, }, - { "sha256", SIGN_BLISS_WITH_SHA256, KEY_BLISS, }, - { "sha384", SIGN_BLISS_WITH_SHA384, KEY_BLISS, }, - { "sha512", SIGN_BLISS_WITH_SHA512, KEY_BLISS, }, + { "sha256", SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, }, + { "sha384", SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, }, + { "sha512", SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, }, }; if (rsa_len || ecdsa_len || bliss_strength) diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c index 0125d17c6..5a1a5074d 100644 --- a/src/libcharon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Tobias Brunner + * Copyright (C) 2013-2015 Tobias Brunner * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -298,6 +298,41 @@ static void report_terminate_status(private_stroke_control_t *this, } } +/** + * Call the charon controller to terminate a CHILD_SA + */ +static void charon_terminate(private_stroke_control_t *this, u_int32_t id, + stroke_msg_t *msg, FILE *out, bool child) +{ + if (msg->output_verbosity >= 0) + { + stroke_log_info_t info = { msg->output_verbosity, out }; + status_t status; + + if (child) + { + status = charon->controller->terminate_child(charon->controller, id, + (controller_cb_t)stroke_log, &info, this->timeout); + } + else + { + status = charon->controller->terminate_ike(charon->controller, id, + (controller_cb_t)stroke_log, &info, this->timeout); + } + report_terminate_status(this, status, out, id, child); + } + else if (child) + { + charon->controller->terminate_child(charon->controller, id, + NULL, NULL, 0); + } + else + { + charon->controller->terminate_ike(charon->controller, id, + NULL, NULL, 0); + } +} + METHOD(stroke_control_t, terminate, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) { @@ -307,9 +342,7 @@ METHOD(stroke_control_t, terminate, void, ike_sa_t *ike_sa; enumerator_t *enumerator; linked_list_t *ike_list, *child_list; - stroke_log_info_t info; uintptr_t del; - status_t status; if (!parse_specifier(msg->terminate.name, &id, &name, &child, &all)) { @@ -317,22 +350,9 @@ METHOD(stroke_control_t, terminate, void, return; } - info.out = out; - info.level = msg->output_verbosity; - if (id) { - if (child) - { - status = charon->controller->terminate_child(charon->controller, id, - (controller_cb_t)stroke_log, &info, this->timeout); - } - else - { - status = charon->controller->terminate_ike(charon->controller, id, - (controller_cb_t)stroke_log, &info, this->timeout); - } - return report_terminate_status(this, status, out, id, child); + return charon_terminate(this, id, msg, out, child); } ike_list = linked_list_create(); @@ -380,18 +400,14 @@ METHOD(stroke_control_t, terminate, void, enumerator = child_list->create_enumerator(child_list); while (enumerator->enumerate(enumerator, &del)) { - status = charon->controller->terminate_child(charon->controller, del, - (controller_cb_t)stroke_log, &info, this->timeout); - report_terminate_status(this, status, out, del, TRUE); + charon_terminate(this, del, msg, out, TRUE); } enumerator->destroy(enumerator); enumerator = ike_list->create_enumerator(ike_list); while (enumerator->enumerate(enumerator, &del)) { - status = charon->controller->terminate_ike(charon->controller, del, - (controller_cb_t)stroke_log, &info, this->timeout); - report_terminate_status(this, status, out, del, FALSE); + charon_terminate(this, del, msg, out, FALSE); } enumerator->destroy(enumerator); @@ -548,11 +564,6 @@ METHOD(stroke_control_t, purge_ike, void, child_sa_t *child_sa; linked_list_t *list; uintptr_t del; - stroke_log_info_t info; - status_t status; - - info.out = out; - info.level = msg->output_verbosity; list = linked_list_create(); enumerator = charon->controller->create_ike_sa_enumerator( @@ -572,9 +583,7 @@ METHOD(stroke_control_t, purge_ike, void, enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &del)) { - status = charon->controller->terminate_ike(charon->controller, del, - (controller_cb_t)stroke_log, &info, this->timeout); - report_terminate_status(this, status, out, del, TRUE); + charon_terminate(this, del, msg, out, FALSE); } enumerator->destroy(enumerator); list->destroy(list); diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index c7e4c9c65..c0192b5c0 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -334,7 +334,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) child_sa->create_ts_enumerator(child_sa, TRUE)); other_ts = linked_list_create_from_enumerator( child_sa->create_ts_enumerator(child_sa, FALSE)); - fprintf(out, "\n%12s{%d}: %#R=== %#R\n", + fprintf(out, "\n%12s{%d}: %#R === %#R\n", child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa), my_ts, other_ts); my_ts->destroy(my_ts); @@ -586,7 +586,7 @@ METHOD(stroke_list_t, status, void, { my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); - fprintf(out, "%12s: child: %#R=== %#R%N", + fprintf(out, "%12s: child: %#R === %#R %N", child_cfg->get_name(child_cfg), my_ts, other_ts, ipsec_mode_names, child_cfg->get_mode(child_cfg)); my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy)); @@ -620,7 +620,7 @@ METHOD(stroke_list_t, status, void, } my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL); - fprintf(out, "%12s: %#R=== %#R%N\n", + fprintf(out, "%12s: %#R === %#R %N\n", child_cfg->get_name(child_cfg), my_ts, other_ts, ipsec_mode_names, child_cfg->get_mode(child_cfg)); my_ts->destroy_offset(my_ts, offsetof(traffic_selector_t, destroy)); diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index e20e8ab26..b9531d8a5 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -526,12 +526,21 @@ Unloading fails for pools with leases currently online. List the currently loaded pools. - {} => { + { + leases = <set to yes to include leases> + } => { <pool name>* = { base = <virtual IP pool base address> size = <total number of addresses in the pool> online = <number of leases online> offline = <number of leases offline> + leases = { + <zero-based index>* = { + address = <IP address> + identity = <assigned identity> + status = <online|offline> + } + } } } @@ -587,6 +596,10 @@ command. initiator = <yes, if initiator of IKE_SA> initiator-spi = <hex encoded initiator SPI / cookie> responder-spi = <hex encoded responder SPI / cookie> + nat-local = <yes, if local endpoint is behind a NAT> + nat-remote = <yes, if remote endpoint is behind a NAT> + nat-fake = <yes, if NAT situation has been faked as responder> + nat-any = <yes, if any endpoint is behind a NAT (also if faked)> encr-alg = <IKE encryption algorithm string> encr-keysize = <key size for encr-alg, if applicable> integ-alg = <IKE integrity algorithm string> @@ -596,6 +609,12 @@ command. established = <seconds the IKE_SA has been established> rekey-time = <seconds before IKE_SA gets rekeyed> reauth-time = <seconds before IKE_SA gets re-authenticated> + local-vips = [ + <list of virtual IPs assigned by the remote peer, installed locally> + ] + remote-vips = [ + <list of virtual IPs assigned to the remote peer> + ] tasks-queued = [ <list of currently queued tasks for execution> ] diff --git a/src/libcharon/plugins/vici/vici_attribute.c b/src/libcharon/plugins/vici/vici_attribute.c index f04bae774..9064d3d8c 100644 --- a/src/libcharon/plugins/vici/vici_attribute.c +++ b/src/libcharon/plugins/vici/vici_attribute.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2014 Tobias Brunner + * Copyright (C) 2014-2015 Tobias Brunner * Hochschule fuer Technik Rapperswil * * Copyright (C) 2014 Martin Willi @@ -662,9 +662,16 @@ CALLBACK(get_pools, vici_message_t*, vici_message_t *message) { vici_builder_t *builder; - enumerator_t *enumerator; + enumerator_t *enumerator, *leases; mem_pool_t *vips; pool_t *pool; + identification_t *uid; + host_t *lease; + bool list_leases, on; + char buf[32]; + int i; + + list_leases = message->get_bool(message, FALSE, "leases"); builder = vici_builder_create(); @@ -681,6 +688,23 @@ CALLBACK(get_pools, vici_message_t*, builder->add_kv(builder, "online", "%u", vips->get_online(vips)); builder->add_kv(builder, "offline", "%u", vips->get_offline(vips)); + if (list_leases) + { + i = 0; + builder->begin_section(builder, "leases"); + leases = vips->create_lease_enumerator(vips); + while (leases && leases->enumerate(leases, &uid, &lease, &on)) + { + snprintf(buf, sizeof(buf), "%d", i++); + builder->begin_section(builder, buf); + builder->add_kv(builder, "address", "%H", lease); + builder->add_kv(builder, "identity", "%Y", uid); + builder->add_kv(builder, "status", on ? "online" : "offline"); + builder->end_section(builder); + } + leases->destroy(leases); + builder->end_section(builder); + } builder->end_section(builder); } enumerator->destroy(enumerator); diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c index ffdc034ea..6631184b5 100644 --- a/src/libcharon/plugins/vici/vici_cred.c +++ b/src/libcharon/plugins/vici/vici_cred.c @@ -71,6 +71,7 @@ CALLBACK(load_cert, vici_message_t*, certificate_t *cert; x509_t *x509; chunk_t data; + bool trusted = TRUE; char *str; str = message->get_str(message, NULL, "type"); @@ -99,6 +100,7 @@ CALLBACK(load_cert, vici_message_t*, else if (strcaseeq(str, "x509ac")) { type = CERT_X509_AC; + trusted = FALSE; } else { @@ -131,8 +133,14 @@ CALLBACK(load_cert, vici_message_t*, DBG1(DBG_CFG, "loaded certificate '%Y'", cert->get_subject(cert)); - this->creds->add_cert(this->creds, TRUE, cert); - + if (type == CERT_X509_CRL) + { + this->creds->add_crl(this->creds, (crl_t*)cert); + } + else + { + this->creds->add_cert(this->creds, trusted, cert); + } return create_reply(NULL); } diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 98d264fca..9a3d832da 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -222,6 +222,45 @@ static void list_task_queue(private_vici_query_t *this, vici_builder_t *b, } /** + * Add an IKE_SA condition to the given builder + */ +static void add_condition(vici_builder_t *b, ike_sa_t *ike_sa, + char *key, ike_condition_t cond) +{ + if (ike_sa->has_condition(ike_sa, cond)) + { + b->add_kv(b, key, "yes"); + } +} + +/** + * List virtual IPs + */ +static void list_vips(private_vici_query_t *this, vici_builder_t *b, + ike_sa_t *ike_sa, bool local, char *name) +{ + enumerator_t *enumerator; + bool has = FALSE; + host_t *vip; + + enumerator = ike_sa->create_virtual_ip_enumerator(ike_sa, local); + while (enumerator->enumerate(enumerator, &vip)) + { + if (!has) + { + b->begin_list(b, name); + has = TRUE; + } + b->add_li(b, "%H", vip); + } + enumerator->destroy(enumerator); + if (has) + { + b->end_list(b); + } +} + +/** * List details of an IKE_SA */ static void list_ike(private_vici_query_t *this, vici_builder_t *b, @@ -265,6 +304,11 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, b->add_kv(b, "initiator-spi", "%.16"PRIx64, id->get_initiator_spi(id)); b->add_kv(b, "responder-spi", "%.16"PRIx64, id->get_responder_spi(id)); + add_condition(b, ike_sa, "nat-local", COND_NAT_HERE); + add_condition(b, ike_sa, "nat-remote", COND_NAT_THERE); + add_condition(b, ike_sa, "nat-fake", COND_NAT_FAKE); + add_condition(b, ike_sa, "nat-any", COND_NAT_ANY); + proposal = ike_sa->get_proposal(ike_sa); if (proposal) { @@ -310,6 +354,9 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, } } + list_vips(this, b, ike_sa, TRUE, "local-vips"); + list_vips(this, b, ike_sa, FALSE, "remote-vips"); + list_task_queue(this, b, ike_sa, TASK_QUEUE_QUEUED, "tasks-queued"); list_task_queue(this, b, ike_sa, TASK_QUEUE_ACTIVE, "tasks-active"); list_task_queue(this, b, ike_sa, TASK_QUEUE_PASSIVE, "tasks-passive"); diff --git a/src/libcharon/processing/jobs/initiate_mediation_job.c b/src/libcharon/processing/jobs/initiate_mediation_job.c index 5b5fb9d98..6c01ffe95 100644 --- a/src/libcharon/processing/jobs/initiate_mediation_job.c +++ b/src/libcharon/processing/jobs/initiate_mediation_job.c @@ -161,6 +161,10 @@ METHOD(job_t, initiate, job_requeue_t, } mediated_cfg->destroy(mediated_cfg); } + else + { /* newly created IKE_SA is not checked in yet, try again */ + return JOB_RESCHEDULE_MS(100); + } return JOB_REQUEUE_NONE; } diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 73f2ec9d3..b0f163c83 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -413,8 +413,14 @@ METHOD(enumerator_t, policy_enumerate, bool, { /* protocol mismatch */ continue; } - *my_out = this->ts; - *other_out = other_ts; + if (my_out) + { + *my_out = this->ts; + } + if (other_out) + { + *other_out = other_ts; + } return TRUE; } return FALSE; @@ -775,6 +781,50 @@ static bool require_policy_update() } /** + * Prepare SA config to install/delete policies + */ +static void prepare_sa_cfg(private_child_sa_t *this, ipsec_sa_cfg_t *my_sa, + ipsec_sa_cfg_t *other_sa) +{ + enumerator_t *enumerator; + + *my_sa = (ipsec_sa_cfg_t){ + .mode = this->mode, + .reqid = this->reqid, + .ipcomp = { + .transform = this->ipcomp, + }, + }; + *other_sa = *my_sa; + + my_sa->ipcomp.cpi = this->my_cpi; + other_sa->ipcomp.cpi = this->other_cpi; + + if (this->protocol == PROTO_ESP) + { + my_sa->esp.use = TRUE; + my_sa->esp.spi = this->my_spi; + other_sa->esp.use = TRUE; + other_sa->esp.spi = this->other_spi; + } + else + { + my_sa->ah.use = TRUE; + my_sa->ah.spi = this->my_spi; + other_sa->ah.use = TRUE; + other_sa->ah.spi = this->other_spi; + } + + enumerator = create_policy_enumerator(this); + while (enumerator->enumerate(enumerator, NULL, NULL)) + { + my_sa->policy_count++; + other_sa->policy_count++; + } + enumerator->destroy(enumerator); +} + +/** * Install 3 policies: out, in and forward */ static status_t install_policies_internal(private_child_sa_t *this, @@ -806,20 +856,22 @@ static status_t install_policies_internal(private_child_sa_t *this, * Delete 3 policies: out, in and forward */ static void del_policies_internal(private_child_sa_t *this, - traffic_selector_t *my_ts, traffic_selector_t *other_ts, - policy_priority_t priority) + host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts, + traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa, + ipsec_sa_cfg_t *other_sa, policy_type_t type, policy_priority_t priority) { + hydra->kernel_interface->del_policy(hydra->kernel_interface, - my_ts, other_ts, POLICY_OUT, this->reqid, - this->mark_out, priority); + my_addr, other_addr, my_ts, other_ts, POLICY_OUT, type, + other_sa, this->mark_out, priority); hydra->kernel_interface->del_policy(hydra->kernel_interface, - other_ts, my_ts, POLICY_IN, this->reqid, - this->mark_in, priority); + other_addr, my_addr, other_ts, my_ts, POLICY_IN, + type, my_sa, this->mark_in, priority); if (this->mode != MODE_TRANSPORT) { hydra->kernel_interface->del_policy(hydra->kernel_interface, - other_ts, my_ts, POLICY_FWD, this->reqid, - this->mark_in, priority); + other_addr, my_addr, other_ts, my_ts, POLICY_FWD, + type, my_sa, this->mark_in, priority); } } @@ -864,31 +916,9 @@ METHOD(child_sa_t, add_policies, status_t, if (this->config->install_policy(this->config)) { policy_priority_t priority; - ipsec_sa_cfg_t my_sa = { - .mode = this->mode, - .reqid = this->reqid, - .ipcomp = { - .transform = this->ipcomp, - }, - }, other_sa = my_sa; - - my_sa.ipcomp.cpi = this->my_cpi; - other_sa.ipcomp.cpi = this->other_cpi; - - if (this->protocol == PROTO_ESP) - { - my_sa.esp.use = TRUE; - my_sa.esp.spi = this->my_spi; - other_sa.esp.use = TRUE; - other_sa.esp.spi = this->other_spi; - } - else - { - my_sa.ah.use = TRUE; - my_sa.ah.spi = this->my_spi; - other_sa.ah.use = TRUE; - other_sa.ah.spi = this->other_spi; - } + ipsec_sa_cfg_t my_sa, other_sa; + + prepare_sa_cfg(this, &my_sa, &other_sa); /* if we're not in state CHILD_INSTALLING (i.e. if there is no SAD * entry) we install a trap policy */ @@ -896,14 +926,6 @@ METHOD(child_sa_t, add_policies, status_t, priority = this->trap ? POLICY_PRIORITY_ROUTED : POLICY_PRIORITY_DEFAULT; - enumerator = create_policy_enumerator(this); - while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) - { - my_sa.policy_count++; - other_sa.policy_count++; - } - enumerator->destroy(enumerator); - /* enumerate pairs of traffic selectors */ enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) @@ -1006,47 +1028,24 @@ METHOD(child_sa_t, update, status_t, if (this->config->install_policy(this->config) && require_policy_update()) { - ipsec_sa_cfg_t my_sa = { - .mode = this->mode, - .reqid = this->reqid, - .ipcomp = { - .transform = this->ipcomp, - }, - }, other_sa = my_sa; - - my_sa.ipcomp.cpi = this->my_cpi; - other_sa.ipcomp.cpi = this->other_cpi; - - if (this->protocol == PROTO_ESP) - { - my_sa.esp.use = TRUE; - my_sa.esp.spi = this->my_spi; - other_sa.esp.use = TRUE; - other_sa.esp.spi = this->other_spi; - } - else - { - my_sa.ah.use = TRUE; - my_sa.ah.spi = this->my_spi; - other_sa.ah.use = TRUE; - other_sa.ah.spi = this->other_spi; - } - - /* update policies */ if (!me->ip_equals(me, this->my_addr) || !other->ip_equals(other, this->other_addr)) { + ipsec_sa_cfg_t my_sa, other_sa; enumerator_t *enumerator; traffic_selector_t *my_ts, *other_ts; + prepare_sa_cfg(this, &my_sa, &other_sa); + /* always use high priorities, as hosts getting updated are INSTALLED */ enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { traffic_selector_t *old_my_ts = NULL, *old_other_ts = NULL; /* remove old policies first */ - del_policies_internal(this, my_ts, other_ts, - POLICY_PRIORITY_DEFAULT); + del_policies_internal(this, this->my_addr, this->other_addr, + my_ts, other_ts, &my_sa, &other_sa, + POLICY_IPSEC, POLICY_PRIORITY_DEFAULT); /* check if we have to update a "dynamic" traffic selector */ if (!me->ip_equals(me, this->my_addr) && @@ -1068,21 +1067,20 @@ METHOD(child_sa_t, update, status_t, /* reinstall updated policies */ install_policies_internal(this, me, other, my_ts, other_ts, - &my_sa, &other_sa, POLICY_IPSEC, - POLICY_PRIORITY_DEFAULT); + &my_sa, &other_sa, POLICY_IPSEC, + POLICY_PRIORITY_DEFAULT); /* update fallback policies after the new policy is in place */ - if (old_my_ts || old_other_ts) - { - del_policies_internal(this, old_my_ts ?: my_ts, - old_other_ts ?: other_ts, + del_policies_internal(this, this->my_addr, this->other_addr, + old_my_ts ?: my_ts, + old_other_ts ?: other_ts, + &my_sa, &other_sa, POLICY_DROP, + POLICY_PRIORITY_FALLBACK); + install_policies_internal(this, me, other, my_ts, other_ts, + &my_sa, &other_sa, POLICY_DROP, POLICY_PRIORITY_FALLBACK); - install_policies_internal(this, me, other, my_ts, other_ts, - &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_FALLBACK); - DESTROY_IF(old_my_ts); - DESTROY_IF(old_other_ts); - } + DESTROY_IF(old_my_ts); + DESTROY_IF(old_other_ts); } enumerator->destroy(enumerator); } @@ -1122,15 +1120,21 @@ METHOD(child_sa_t, destroy, void, if (this->config->install_policy(this->config)) { + ipsec_sa_cfg_t my_sa, other_sa; + + prepare_sa_cfg(this, &my_sa, &other_sa); + /* delete all policies in the kernel */ enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { - del_policies_internal(this, my_ts, other_ts, priority); + del_policies_internal(this, this->my_addr, this->other_addr, + my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, priority); if (priority == POLICY_PRIORITY_DEFAULT && require_policy_update()) { - del_policies_internal(this, my_ts, other_ts, - POLICY_PRIORITY_FALLBACK); + del_policies_internal(this, this->my_addr, this->other_addr, + my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP, + POLICY_PRIORITY_FALLBACK); } } enumerator->destroy(enumerator); diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 37d69874d..4625df5b8 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -394,9 +394,17 @@ struct private_ike_sa_manager_t { rng_t *rng; /** - * Lock to access the RNG instance + * Registered callback for IKE SPIs */ - rwlock_t *rng_lock; + struct { + spi_cb_t cb; + void *data; + } spi_cb; + + /** + * Lock to access the RNG instance and the callback + */ + rwlock_t *spi_lock; /** * reuse existing IKE_SAs in checkout_by_config @@ -971,13 +979,17 @@ static u_int64_t get_spi(private_ike_sa_manager_t *this) { u_int64_t spi; - this->rng_lock->read_lock(this->rng_lock); - if (!this->rng || - !this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi)) + this->spi_lock->read_lock(this->spi_lock); + if (this->spi_cb.cb) + { + spi = this->spi_cb.cb(this->spi_cb.data); + } + else if (!this->rng || + !this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi)) { spi = 0; } - this->rng_lock->unlock(this->rng_lock); + this->spi_lock->unlock(this->spi_lock); return spi; } @@ -1188,11 +1200,15 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*, */ static u_int32_t get_message_id_or_hash(message_t *message) { - /* Use the message ID, or the message hash in IKEv1 Main/Aggressive mode */ - if (message->get_major_version(message) == IKEV1_MAJOR_VERSION && - message->get_message_id(message) == 0) + if (message->get_major_version(message) == IKEV1_MAJOR_VERSION) { - return chunk_hash(message->get_packet_data(message)); + /* Use a hash for IKEv1 Phase 1, where we don't have a MID, and Quick + * Mode, where all three messages use the same message ID */ + if (message->get_message_id(message) == 0 || + message->get_exchange_type(message) == QUICK_MODE) + { + return chunk_hash(message->get_packet_data(message)); + } } return message->get_message_id(message); } @@ -1384,7 +1400,8 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, continue; } if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING) - { /* skip IKE_SAs which are not usable */ + { /* skip IKE_SAs which are not usable, wake other waiting threads */ + entry->condvar->signal(entry->condvar); continue; } @@ -1402,6 +1419,8 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, break; } } + /* other threads might be waiting for this entry */ + entry->condvar->signal(entry->condvar); } enumerator->destroy(enumerator); @@ -1434,6 +1453,8 @@ METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*, entry->checked_out = TRUE; break; } + /* other threads might be waiting for this entry */ + entry->condvar->signal(entry->condvar); } } enumerator->destroy(enumerator); @@ -1490,6 +1511,8 @@ METHOD(ike_sa_manager_t, checkout_by_name, ike_sa_t*, ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa)); break; } + /* other threads might be waiting for this entry */ + entry->condvar->signal(entry->condvar); } } enumerator->destroy(enumerator); @@ -1628,8 +1651,27 @@ METHOD(ike_sa_manager_t, checkin, void, * delete any existing IKE_SAs with that peer. */ if (ike_sa->has_condition(ike_sa, COND_INIT_CONTACT_SEEN)) { + /* We can't hold the segment locked while checking the + * uniqueness as this could lead to deadlocks. We mark the + * entry as checked out while we release the lock so no other + * thread can acquire it. Since it is not yet in the list of + * connected peers that will not cause a deadlock as no other + * caller of check_unqiueness() will try to check out this SA */ + entry->checked_out = TRUE; + unlock_single_segment(this, segment); + this->public.check_uniqueness(&this->public, ike_sa, TRUE); ike_sa->set_condition(ike_sa, COND_INIT_CONTACT_SEEN, FALSE); + + /* The entry could have been modified in the mean time, e.g. + * because another SA was added/removed next to it or another + * thread is waiting, but it should still exist, so there is no + * need for a lookup via get_entry_by... */ + lock_single_segment(this, segment); + entry->checked_out = FALSE; + /* We already signaled waiting threads above, we have to do that + * again after checking the SA out and back in again. */ + entry->condvar->signal(entry->condvar); } } @@ -2010,6 +2052,15 @@ METHOD(ike_sa_manager_t, get_half_open_count, u_int, return count; } +METHOD(ike_sa_manager_t, set_spi_cb, void, + private_ike_sa_manager_t *this, spi_cb_t callback, void *data) +{ + this->spi_lock->write_lock(this->spi_lock); + this->spi_cb.cb = callback; + this->spi_cb.data = data; + this->spi_lock->unlock(this->spi_lock); +} + METHOD(ike_sa_manager_t, flush, void, private_ike_sa_manager_t *this) { @@ -2092,10 +2143,12 @@ METHOD(ike_sa_manager_t, flush, void, charon->bus->set_sa(charon->bus, NULL); unlock_all_segments(this); - this->rng_lock->write_lock(this->rng_lock); + this->spi_lock->write_lock(this->spi_lock); this->rng->destroy(this->rng); this->rng = NULL; - this->rng_lock->unlock(this->rng_lock); + this->spi_cb.cb = NULL; + this->spi_cb.data = NULL; + this->spi_lock->unlock(this->spi_lock); } METHOD(ike_sa_manager_t, destroy, void, @@ -2120,7 +2173,7 @@ METHOD(ike_sa_manager_t, destroy, void, free(this->connected_peers_segments); free(this->init_hashes_segments); - this->rng_lock->destroy(this->rng_lock); + this->spi_lock->destroy(this->spi_lock); free(this); } @@ -2167,6 +2220,7 @@ ike_sa_manager_t *ike_sa_manager_create() .get_count = _get_count, .get_half_open_count = _get_half_open_count, .flush = _flush, + .set_spi_cb = _set_spi_cb, .destroy = _destroy, }, ); @@ -2178,7 +2232,7 @@ ike_sa_manager_t *ike_sa_manager_create() free(this); return NULL; } - this->rng_lock = rwlock_create(RWLOCK_TYPE_DEFAULT); + this->spi_lock = rwlock_create(RWLOCK_TYPE_DEFAULT); this->ikesa_limit = lib->settings->get_int(lib->settings, "%s.ikesa_limit", 0, lib->ns); diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h index 3ea928ea5..f1b7c2579 100644 --- a/src/libcharon/sa/ike_sa_manager.h +++ b/src/libcharon/sa/ike_sa_manager.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2008-2015 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -31,6 +31,16 @@ typedef struct ike_sa_manager_t ike_sa_manager_t; #include <config/peer_cfg.h> /** + * Callback called to generate an IKE SPI. + * + * This may be called from multiple threads concurrently. + * + * @param data data supplied during registration of the callback + * @return allocated SPI, 0 on failure + */ +typedef u_int64_t (*spi_cb_t)(void *data); + +/** * Manages and synchronizes access to all IKE_SAs. * * To synchronize access to thread-unsave IKE_SAs, they are checked out for @@ -227,6 +237,15 @@ struct ike_sa_manager_t { bool responder_only); /** + * Set the callback to generate IKE SPIs + * + * @param callback callback to register + * @param data data provided to callback + */ + void (*set_spi_cb)(ike_sa_manager_t *this, spi_cb_t callback, + void *data); + + /** * Delete all existing IKE_SAs and destroy them immediately. * * Threads will be driven out, so all SAs can be deleted cleanly. diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index f5a91dbeb..e428966ad 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -23,14 +23,9 @@ typedef struct private_keymat_v1_t private_keymat_v1_t; /** - * Max. number of IVs to track. + * Max. number of IVs/QMs to track. */ -#define MAX_IV 3 - -/** - * Max. number of Quick Modes to track. - */ -#define MAX_QM 2 +#define MAX_EXCHANGES_DEFAULT 3 /** * Data stored for IVs @@ -110,6 +105,11 @@ struct private_keymat_v1_t { * of QMs are tracked at the same time. Stores qm_data_t objects. */ linked_list_t *qms; + + /** + * Max. number of IVs/Quick Modes to track. + */ + int max_exchanges; }; @@ -874,7 +874,7 @@ static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, u_int32_t mid) } this->qms->insert_first(this->qms, found); /* remove least recently used state if maximum reached */ - if (this->qms->get_count(this->qms) > MAX_QM && + if (this->qms->get_count(this->qms) > this->max_exchanges && this->qms->remove_last(this->qms, (void**)&qm) == SUCCESS) { qm_data_destroy(qm); @@ -1048,7 +1048,7 @@ static iv_data_t *lookup_iv(private_keymat_v1_t *this, u_int32_t mid) } this->ivs->insert_first(this->ivs, found); /* remove least recently used IV if maximum reached */ - if (this->ivs->get_count(this->ivs) > MAX_IV && + if (this->ivs->get_count(this->ivs) > this->max_exchanges && this->ivs->remove_last(this->ivs, (void**)&iv) == SUCCESS) { iv_data_destroy(iv); @@ -1163,6 +1163,8 @@ keymat_v1_t *keymat_v1_create(bool initiator) .ivs = linked_list_create(), .qms = linked_list_create(), .initiator = initiator, + .max_exchanges = lib->settings->get_int(lib->settings, + "%s.max_ikev1_exchanges", MAX_EXCHANGES_DEFAULT, lib->ns), ); return &this->public; diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 678f99df1..3c601a4fa 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -752,6 +752,12 @@ static status_t build_response(private_task_manager_t *this, message_t *request) case ALREADY_DONE: cancelled = TRUE; break; + case INVALID_ARG: + if (task->get_type(task) == TASK_QUICK_MODE) + { /* not responsible for this exchange */ + continue; + } + /* FALL */ case FAILED: default: charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); @@ -929,6 +935,28 @@ static bool have_quick_mode_task(private_task_manager_t *this, u_int32_t mid) } /** + * Check if we still have an aggressive mode task queued + */ +static bool have_aggressive_mode_task(private_task_manager_t *this) +{ + enumerator_t *enumerator; + task_t *task; + bool found = FALSE; + + enumerator = this->passive_tasks->create_enumerator(this->passive_tasks); + while (enumerator->enumerate(enumerator, &task)) + { + if (task->get_type(task) == TASK_AGGRESSIVE_MODE) + { + found = TRUE; + break; + } + } + enumerator->destroy(enumerator); + return found; +} + +/** * handle an incoming request message */ static status_t process_request(private_task_manager_t *this, @@ -1034,6 +1062,12 @@ static status_t process_request(private_task_manager_t *this, case ALREADY_DONE: send_response = FALSE; break; + case INVALID_ARG: + if (task->get_type(task) == TASK_QUICK_MODE) + { /* not responsible for this exchange */ + continue; + } + /* FALL */ case FAILED: default: charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); @@ -1061,6 +1095,22 @@ static status_t process_request(private_task_manager_t *this, * the same message again. */ clear_packets(this->responding.packets); } + if (this->queued && + this->queued->get_exchange_type(this->queued) == INFORMATIONAL_V1) + { + message_t *queued; + status_t status; + + queued = this->queued; + this->queued = NULL; + status = this->public.task_manager.process_message( + &this->public.task_manager, queued); + queued->destroy(queued); + if (status == DESTROY_ME) + { + return status; + } + } if (this->passive_tasks->get_count(this->passive_tasks) == 0 && this->queued_tasks->get_count(this->queued_tasks) > 0) { @@ -1133,7 +1183,8 @@ static status_t process_response(private_task_manager_t *this, this->initiating.type = EXCHANGE_TYPE_UNDEFINED; clear_packets(this->initiating.packets); - if (this->queued && this->active_tasks->get_count(this->active_tasks) == 0) + if (this->queued && !this->active_tasks->get_count(this->active_tasks) && + this->queued->get_exchange_type(this->queued) == TRANSACTION) { queued = this->queued; this->queued = NULL; @@ -1228,6 +1279,29 @@ static status_t parse_message(private_task_manager_t *this, message_t *msg) return status; } +/** + * Queue the given message if possible + */ +static status_t queue_message(private_task_manager_t *this, message_t *msg) +{ + if (this->queued) + { + DBG1(DBG_IKE, "ignoring %N request, queue full", + exchange_type_names, msg->get_exchange_type(msg)); + return FAILED; + } + this->queued = message_create_from_packet(msg->get_packet(msg)); + if (this->queued->parse_header(this->queued) != SUCCESS) + { + this->queued->destroy(this->queued); + this->queued = NULL; + return FAILED; + } + DBG1(DBG_IKE, "queueing %N request as tasks still active", + exchange_type_names, msg->get_exchange_type(msg)); + return SUCCESS; +} + METHOD(task_manager_t, process_message, status_t, private_task_manager_t *this, message_t *msg) { @@ -1328,25 +1402,29 @@ METHOD(task_manager_t, process_message, status_t, } } - if (msg->get_exchange_type(msg) == TRANSACTION && - this->active_tasks->get_count(this->active_tasks)) - { /* main mode not yet complete, queue XAuth/Mode config tasks */ - if (this->queued) + /* drop XAuth/Mode Config/Quick Mode messages until we received the last + * Aggressive Mode message. since Informational messages are not + * retransmitted we queue them. */ + if (have_aggressive_mode_task(this)) + { + if (msg->get_exchange_type(msg) == INFORMATIONAL_V1) { - DBG1(DBG_IKE, "ignoring additional %N request, queue full", - exchange_type_names, TRANSACTION); - return SUCCESS; + return queue_message(this, msg); } - this->queued = message_create_from_packet(msg->get_packet(msg)); - if (this->queued->parse_header(this->queued) != SUCCESS) + else if (msg->get_exchange_type(msg) != AGGRESSIVE) { - this->queued->destroy(this->queued); - this->queued = NULL; + DBG1(DBG_IKE, "ignoring %N request while phase 1 is incomplete", + exchange_type_names, msg->get_exchange_type(msg)); return FAILED; } - DBG1(DBG_IKE, "queueing %N request as tasks still active", - exchange_type_names, TRANSACTION); - return SUCCESS; + } + + /* queue XAuth/Mode Config messages unless the Main Mode exchange we + * initiated is complete */ + if (msg->get_exchange_type(msg) == TRANSACTION && + this->active_tasks->get_count(this->active_tasks)) + { + return queue_message(this, msg); } msg->set_request(msg, TRUE); @@ -1724,6 +1802,8 @@ METHOD(task_manager_t, queue_dpd, void, pow(this->retransmit_base, retransmit)); } } + /* compensate for the already elapsed dpd delay */ + t -= 1000 * peer_cfg->get_dpd(peer_cfg); /* schedule DPD timeout job */ lib->scheduler->schedule_job_ms(lib->scheduler, diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c index d0994a961..a03477e18 100644 --- a/src/libcharon/sa/ikev1/tasks/mode_config.c +++ b/src/libcharon/sa/ikev1/tasks/mode_config.c @@ -482,7 +482,9 @@ static host_t *assign_migrated_vip(linked_list_t *migrated, host_t *requested) enumerator = migrated->create_enumerator(migrated); while (enumerator->enumerate(enumerator, &vip)) { - if (vip->ip_equals(vip, requested)) + if (vip->ip_equals(vip, requested) || + (requested->is_anyaddr(requested) && + requested->get_family(requested) == vip->get_family(vip))) { migrated->remove_at(migrated, enumerator); found = vip; diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.c b/src/libcharon/sa/ikev1/tasks/quick_delete.c index 1b95a8b11..ade59a2dd 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_delete.c +++ b/src/libcharon/sa/ikev1/tasks/quick_delete.c @@ -115,7 +115,7 @@ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol, if (this->expired) { DBG0(DBG_IKE, "closing expired CHILD_SA %s{%d} " - "with SPIs %.8x_i %.8x_o and TS %#R=== %#R", + "with SPIs %.8x_i %.8x_o and TS %#R === %#R", child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa), ntohl(child_sa->get_spi(child_sa, TRUE)), ntohl(child_sa->get_spi(child_sa, FALSE)), my_ts, other_ts); @@ -126,7 +126,7 @@ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol, child_sa->get_usestats(child_sa, FALSE, NULL, &bytes_out, NULL); DBG0(DBG_IKE, "closing CHILD_SA %s{%d} with SPIs " - "%.8x_i (%llu bytes) %.8x_o (%llu bytes) and TS %#R=== %#R", + "%.8x_i (%llu bytes) %.8x_o (%llu bytes) and TS %#R === %#R", child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa), ntohl(child_sa->get_spi(child_sa, TRUE)), bytes_in, ntohl(child_sa->get_spi(child_sa, FALSE)), bytes_out, diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index d6a3f2cd1..e7d26443b 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -388,7 +388,7 @@ static bool install(private_quick_mode_t *this) this->child_sa->create_ts_enumerator(this->child_sa, FALSE)); DBG0(DBG_IKE, "CHILD_SA %s{%d} established " - "with SPIs %.8x_i %.8x_o and TS %#R=== %#R", + "with SPIs %.8x_i %.8x_o and TS %#R === %#R", this->child_sa->get_name(this->child_sa), this->child_sa->get_unique_id(this->child_sa), ntohl(this->child_sa->get_spi(this->child_sa, TRUE)), @@ -1026,7 +1026,7 @@ METHOD(task_t, process_r, status_t, { if (this->mid && this->mid != message->get_message_id(message)) { /* not responsible for this quick mode exchange */ - return NEED_MORE; + return INVALID_ARG; } switch (this->state) @@ -1200,7 +1200,7 @@ METHOD(task_t, build_r, status_t, { if (this->mid && this->mid != message->get_message_id(message)) { /* not responsible for this quick mode exchange */ - return NEED_MORE; + return INVALID_ARG; } switch (this->state) diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c index a770e90ff..c0c91574c 100644 --- a/src/libcharon/sa/ikev1/tasks/xauth.c +++ b/src/libcharon/sa/ikev1/tasks/xauth.c @@ -271,7 +271,10 @@ static bool add_auth_cfg(private_xauth_t *this, identification_t *id, bool local auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_XAUTH); - auth->add(auth, AUTH_RULE_XAUTH_IDENTITY, id->clone(id)); + if (id) + { + auth->add(auth, AUTH_RULE_XAUTH_IDENTITY, id->clone(id)); + } auth->merge(auth, this->ike_sa->get_auth_cfg(this->ike_sa, local), FALSE); this->ike_sa->add_auth_cfg(this->ike_sa, local, auth); @@ -342,7 +345,10 @@ METHOD(task_t, build_i, status_t, break; case SUCCESS: DESTROY_IF(cp); - this->status = XAUTH_OK; + if (add_auth_cfg(this, NULL, FALSE) && allowed(this)) + { + this->status = XAUTH_OK; + } this->public.task.process = _process_i_status; return build_i_status(this, message); default: diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index fce0840e3..55cb5dd9c 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -527,6 +527,7 @@ METHOD(keymat_v2_t, derive_child_keys, bool, case ENCR_AES_GCM_ICV12: case ENCR_AES_GCM_ICV16: case ENCR_AES_CTR: + case ENCR_CAMELLIA_CTR: case ENCR_NULL_AUTH_AES_GMAC: case ENCR_CHACHA20_POLY1305: enc_size += 4; diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index e08f3dab1..97f73d851 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -712,7 +712,7 @@ static status_t select_and_install(private_child_create_t *this, this->child_sa->create_ts_enumerator(this->child_sa, FALSE)); DBG0(DBG_IKE, "CHILD_SA %s{%d} established " - "with SPIs %.8x_i %.8x_o and TS %#R=== %#R", + "with SPIs %.8x_i %.8x_o and TS %#R === %#R", this->child_sa->get_name(this->child_sa), this->child_sa->get_unique_id(this->child_sa), ntohl(this->child_sa->get_spi(this->child_sa, TRUE)), @@ -1245,7 +1245,7 @@ METHOD(task_t, build_r, status_t, } if (this->config == NULL) { - DBG1(DBG_IKE, "traffic selectors %#R=== %#R inacceptable", + DBG1(DBG_IKE, "traffic selectors %#R === %#R inacceptable", this->tsr, this->tsi); charon->bus->alert(charon->bus, ALERT_TS_MISMATCH, this->tsi, this->tsr); message->add_notify(message, FALSE, TS_UNACCEPTABLE, chunk_empty); diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c index f0b11e291..877ae0531 100644 --- a/src/libcharon/sa/ikev2/tasks/child_delete.c +++ b/src/libcharon/sa/ikev2/tasks/child_delete.c @@ -266,7 +266,7 @@ static void log_children(private_child_delete_t *this) if (this->expired) { DBG0(DBG_IKE, "closing expired CHILD_SA %s{%d} " - "with SPIs %.8x_i %.8x_o and TS %#R=== %#R", + "with SPIs %.8x_i %.8x_o and TS %#R === %#R", child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa), ntohl(child_sa->get_spi(child_sa, TRUE)), ntohl(child_sa->get_spi(child_sa, FALSE)), my_ts, other_ts); @@ -277,7 +277,7 @@ static void log_children(private_child_delete_t *this) child_sa->get_usestats(child_sa, FALSE, NULL, &bytes_out, NULL); DBG0(DBG_IKE, "closing CHILD_SA %s{%d} with SPIs %.8x_i " - "(%llu bytes) %.8x_o (%llu bytes) and TS %#R=== %#R", + "(%llu bytes) %.8x_o (%llu bytes) and TS %#R === %#R", child_sa->get_name(child_sa), child_sa->get_unique_id(child_sa), ntohl(child_sa->get_spi(child_sa, TRUE)), bytes_in, ntohl(child_sa->get_spi(child_sa, FALSE)), bytes_out, diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c index 11b0bb281..cbdc5e797 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c +++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c @@ -339,7 +339,11 @@ METHOD(ike_mobike_t, transmit, bool, { if (me->ip_equals(me, me_old)) { - charon->sender->send(charon->sender, packet->clone(packet)); + copy = packet->clone(packet); + /* hosts might have been updated by a peer's MOBIKE exchange */ + copy->set_source(copy, me_old->clone(me_old)); + copy->set_destination(copy, other_old->clone(other_old)); + charon->sender->send(charon->sender, copy); me->destroy(me); return TRUE; } diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c index 9e0eb68ce..dd34c1234 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_natd.c +++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c @@ -129,25 +129,6 @@ static chunk_t generate_natd_hash(private_ike_natd_t *this, } /** - * build a faked NATD payload to enforce UDP encap - */ -static chunk_t generate_natd_hash_faked(private_ike_natd_t *this) -{ - rng_t *rng; - chunk_t chunk; - - rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); - if (!rng || !rng->allocate_bytes(rng, HASH_SIZE_SHA1, &chunk)) - { - DBG1(DBG_IKE, "unable to get random bytes for NATD fake"); - DESTROY_IF(rng); - return chunk_empty; - } - rng->destroy(rng); - return chunk; -} - -/** * Build a NAT detection notify payload. */ static notify_payload_t *build_natd_payload(private_ike_natd_t *this, @@ -162,7 +143,14 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this, config = this->ike_sa->get_ike_cfg(this->ike_sa); if (force_encap(config) && type == NAT_DETECTION_SOURCE_IP) { - hash = generate_natd_hash_faked(this); + u_int32_t addr; + + /* chunk_hash() is randomly keyed so this produces a random IPv4 address + * that changes with every restart but otherwise stays the same */ + addr = chunk_hash(chunk_from_chars(0x00, 0x00, 0x00, 0x00)); + host = host_create_from_chunk(AF_INET, chunk_from_thing(addr), 0); + hash = generate_natd_hash(this, ike_sa_id, host); + host->destroy(host); } else { diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c index 1a984435c..5231994c8 100644 --- a/src/libcharon/sa/shunt_manager.c +++ b/src/libcharon/sa/shunt_manager.c @@ -63,9 +63,9 @@ struct private_shunt_manager_t { static bool install_shunt_policy(child_cfg_t *child) { enumerator_t *e_my_ts, *e_other_ts; - linked_list_t *my_ts_list, *other_ts_list; + linked_list_t *my_ts_list, *other_ts_list, *hosts; traffic_selector_t *my_ts, *other_ts; - host_t *host_any; + host_t *host_any, *host_any6; policy_type_t policy_type; policy_priority_t policy_prio; status_t status = SUCCESS; @@ -85,9 +85,13 @@ static bool install_shunt_policy(child_cfg_t *child) return FALSE; } - my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, NULL); - other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, NULL); host_any = host_create_any(AF_INET); + host_any6 = host_create_any(AF_INET6); + + hosts = linked_list_create_with_items(host_any, host_any6, NULL); + my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts); + other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts); + hosts->destroy(hosts); /* enumerate pairs of traffic selectors */ e_my_ts = my_ts_list->create_enumerator(my_ts_list); @@ -96,6 +100,16 @@ static bool install_shunt_policy(child_cfg_t *child) e_other_ts = other_ts_list->create_enumerator(other_ts_list); while (e_other_ts->enumerate(e_other_ts, &other_ts)) { + if (my_ts->get_type(my_ts) != other_ts->get_type(other_ts)) + { + continue; + } + if (my_ts->get_protocol(my_ts) && + other_ts->get_protocol(other_ts) && + my_ts->get_protocol(my_ts) != other_ts->get_protocol(other_ts)) + { + continue; + } /* install out policy */ status |= hydra->kernel_interface->add_policy( hydra->kernel_interface, host_any, host_any, @@ -125,6 +139,7 @@ static bool install_shunt_policy(child_cfg_t *child) offsetof(traffic_selector_t, destroy)); other_ts_list->destroy_offset(other_ts_list, offsetof(traffic_selector_t, destroy)); + host_any6->destroy(host_any6); host_any->destroy(host_any); return status == SUCCESS; @@ -185,25 +200,35 @@ METHOD(shunt_manager_t, install, bool, static void uninstall_shunt_policy(child_cfg_t *child) { enumerator_t *e_my_ts, *e_other_ts; - linked_list_t *my_ts_list, *other_ts_list; + linked_list_t *my_ts_list, *other_ts_list, *hosts; traffic_selector_t *my_ts, *other_ts; + host_t *host_any, *host_any6; + policy_type_t policy_type; policy_priority_t policy_prio; status_t status = SUCCESS; + ipsec_sa_cfg_t sa = { .mode = MODE_TRANSPORT }; switch (child->get_mode(child)) { case MODE_PASS: + policy_type = POLICY_PASS; policy_prio = POLICY_PRIORITY_PASS; break; case MODE_DROP: + policy_type = POLICY_DROP; policy_prio = POLICY_PRIORITY_FALLBACK; break; default: return; } - my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, NULL); - other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, NULL); + host_any = host_create_any(AF_INET); + host_any6 = host_create_any(AF_INET6); + + hosts = linked_list_create_with_items(host_any, host_any6, NULL); + my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts); + other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts); + hosts->destroy(hosts); /* enumerate pairs of traffic selectors */ e_my_ts = my_ts_list->create_enumerator(my_ts_list); @@ -212,22 +237,35 @@ static void uninstall_shunt_policy(child_cfg_t *child) e_other_ts = other_ts_list->create_enumerator(other_ts_list); while (e_other_ts->enumerate(e_other_ts, &other_ts)) { + if (my_ts->get_type(my_ts) != other_ts->get_type(other_ts)) + { + continue; + } + if (my_ts->get_protocol(my_ts) && + other_ts->get_protocol(other_ts) && + my_ts->get_protocol(my_ts) != other_ts->get_protocol(other_ts)) + { + continue; + } /* uninstall out policy */ status |= hydra->kernel_interface->del_policy( - hydra->kernel_interface, my_ts, other_ts, - POLICY_OUT, 0, child->get_mark(child, FALSE), + hydra->kernel_interface, host_any, host_any, + my_ts, other_ts, POLICY_OUT, policy_type, + &sa, child->get_mark(child, FALSE), policy_prio); /* uninstall in policy */ status |= hydra->kernel_interface->del_policy( - hydra->kernel_interface, other_ts, my_ts, - POLICY_IN, 0, child->get_mark(child, TRUE), + hydra->kernel_interface, host_any, host_any, + other_ts, my_ts, POLICY_IN, policy_type, + &sa, child->get_mark(child, TRUE), policy_prio); /* uninstall forward policy */ status |= hydra->kernel_interface->del_policy( - hydra->kernel_interface, other_ts, my_ts, - POLICY_FWD, 0, child->get_mark(child, TRUE), + hydra->kernel_interface, host_any, host_any, + other_ts, my_ts, POLICY_FWD, policy_type, + &sa, child->get_mark(child, TRUE), policy_prio); } e_other_ts->destroy(e_other_ts); @@ -238,6 +276,8 @@ static void uninstall_shunt_policy(child_cfg_t *child) offsetof(traffic_selector_t, destroy)); other_ts_list->destroy_offset(other_ts_list, offsetof(traffic_selector_t, destroy)); + host_any6->destroy(host_any6); + host_any->destroy(host_any); if (status != SUCCESS) { diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c index 63505c960..90ad7e40e 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c @@ -211,6 +211,7 @@ METHOD(trap_manager_t, install, u_int32_t, if (this->installing == INSTALL_DISABLED) { /* flush() has been called */ this->lock->unlock(this->lock); + other->destroy(other); me->destroy(me); return 0; } @@ -235,6 +236,7 @@ METHOD(trap_manager_t, install, u_int32_t, { DBG1(DBG_CFG, "CHILD_SA '%s' is already being routed", found->name); this->lock->unlock(this->lock); + other->destroy(other); me->destroy(me); return 0; } diff --git a/src/libfast/fast_dispatcher.c b/src/libfast/fast_dispatcher.c index 4daf91905..b4c6ce3a6 100644 --- a/src/libfast/fast_dispatcher.c +++ b/src/libfast/fast_dispatcher.c @@ -383,14 +383,13 @@ METHOD(fast_dispatcher_t, waitsignal, void, private_fast_dispatcher_t *this) { sigset_t set; - int sig; sigemptyset(&set); sigaddset(&set, SIGINT); sigaddset(&set, SIGTERM); sigaddset(&set, SIGHUP); sigprocmask(SIG_BLOCK, &set, NULL); - sigwait(&set, &sig); + sigwaitinfo(&set, NULL); } METHOD(fast_dispatcher_t, destroy, void, diff --git a/src/libhydra/Android.mk b/src/libhydra/Android.mk index af39f04ec..7b62e9529 100644 --- a/src/libhydra/Android.mk +++ b/src/libhydra/Android.mk @@ -20,7 +20,6 @@ LOCAL_SRC_FILES += $(call add_plugin, kernel-netlink) # build libhydra --------------------------------------------------------------- LOCAL_C_INCLUDES += \ - $(strongswan_PATH)/src/include \ $(strongswan_PATH)/src/libstrongswan LOCAL_CFLAGS := $(strongswan_CFLAGS) diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c index ce31bd410..89e95ade9 100644 --- a/src/libhydra/kernel/kernel_interface.c +++ b/src/libhydra/kernel/kernel_interface.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2013 Tobias Brunner + * Copyright (C) 2008-2015 Tobias Brunner * Hochschule fuer Technik Rapperswil * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG @@ -509,16 +509,17 @@ METHOD(kernel_interface_t, query_policy, status_t, } METHOD(kernel_interface_t, del_policy, status_t, - private_kernel_interface_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + private_kernel_interface_t *this, host_t *src, host_t *dst, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark, policy_priority_t priority) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->del_policy(this->ipsec, src_ts, dst_ts, - direction, reqid, mark, priority); + return this->ipsec->del_policy(this->ipsec, src, dst, src_ts, dst_ts, + direction, type, sa, mark, priority); } METHOD(kernel_interface_t, flush_policies, status_t, @@ -738,44 +739,52 @@ METHOD(kernel_interface_t, get_address_by_ts, status_t, } -METHOD(kernel_interface_t, add_ipsec_interface, void, +METHOD(kernel_interface_t, add_ipsec_interface, bool, private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor) { if (!this->ipsec) { this->ipsec_constructor = constructor; this->ipsec = constructor(); + return this->ipsec != NULL; } + return FALSE; } -METHOD(kernel_interface_t, remove_ipsec_interface, void, +METHOD(kernel_interface_t, remove_ipsec_interface, bool, private_kernel_interface_t *this, kernel_ipsec_constructor_t constructor) { if (constructor == this->ipsec_constructor && this->ipsec) { this->ipsec->destroy(this->ipsec); this->ipsec = NULL; + return TRUE; } + return FALSE; } -METHOD(kernel_interface_t, add_net_interface, void, +METHOD(kernel_interface_t, add_net_interface, bool, private_kernel_interface_t *this, kernel_net_constructor_t constructor) { if (!this->net) { this->net_constructor = constructor; this->net = constructor(); + return this->net != NULL; } + return FALSE; } -METHOD(kernel_interface_t, remove_net_interface, void, +METHOD(kernel_interface_t, remove_net_interface, bool, private_kernel_interface_t *this, kernel_net_constructor_t constructor) { if (constructor == this->net_constructor && this->net) { this->net->destroy(this->net); this->net = NULL; + return TRUE; } + return FALSE; } METHOD(kernel_interface_t, add_listener, void, diff --git a/src/libhydra/kernel/kernel_interface.h b/src/libhydra/kernel/kernel_interface.h index 96ce9e26d..45efe8946 100644 --- a/src/libhydra/kernel/kernel_interface.h +++ b/src/libhydra/kernel/kernel_interface.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2013 Tobias Brunner + * Copyright (C) 2006-2015 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -265,9 +265,6 @@ struct kernel_interface_t { /** * Add a policy to the SPD. * - * A policy is always associated to an SA. Traffic which matches a - * policy is handled by the SA with the same reqid. - * * @param src source address of SA * @param dst dest address of SA * @param src_ts traffic selector to match traffic source @@ -309,24 +306,24 @@ struct kernel_interface_t { /** * Remove a policy from the SPD. * - * The kernel interface implements reference counting for policies. - * If the same policy is installed multiple times (in the case of rekeying), - * the reference counter is increased. del_policy() decreases the ref counter - * and removes the policy only when no more references are available. - * + * @param src source address of SA + * @param dst dest address of SA * @param src_ts traffic selector to match traffic source * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_(IN|OUT|FWD) - * @param reqid unique ID of the associated SA - * @param mark optional mark + * @param type type of policy, POLICY_(IPSEC|PASS|DROP) + * @param sa details about the SA(s) tied to this policy + * @param mark mark for this policy * @param priority priority of the policy * @return SUCCESS if operation completed */ status_t (*del_policy) (kernel_interface_t *this, + host_t *src, host_t *dst, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, u_int32_t reqid, - mark_t mark, policy_priority_t priority); + policy_dir_t direction, policy_type_t type, + ipsec_sa_cfg_t *sa, mark_t mark, + policy_priority_t priority); /** * Flush all policies from the SPD. @@ -502,39 +499,49 @@ struct kernel_interface_t { /** * Register an ipsec kernel interface constructor on the manager. * - * @param create constructor to register + * @param create constructor to register + * @return TRUE if the ipsec kernel interface was registered + * successfully, FALSE if an interface was already + * registered or the registration failed */ - void (*add_ipsec_interface)(kernel_interface_t *this, + bool (*add_ipsec_interface)(kernel_interface_t *this, kernel_ipsec_constructor_t create); /** * Unregister an ipsec kernel interface constructor. * - * @param create constructor to unregister + * @param create constructor to unregister + * @return TRUE if the ipsec kernel interface was unregistered + * successfully, FALSE otherwise */ - void (*remove_ipsec_interface)(kernel_interface_t *this, + bool (*remove_ipsec_interface)(kernel_interface_t *this, kernel_ipsec_constructor_t create); /** * Register a network kernel interface constructor on the manager. * - * @param create constructor to register + * @param create constructor to register + * @return TRUE if the kernel net interface was registered + * successfully, FALSE if an interface was already + * registered or the registration failed */ - void (*add_net_interface)(kernel_interface_t *this, + bool (*add_net_interface)(kernel_interface_t *this, kernel_net_constructor_t create); /** * Unregister a network kernel interface constructor. * - * @param create constructor to unregister + * @param create constructor to unregister + * @return TRUE if the kernel net interface was unregistered + * successfully, FALSE otherwise */ - void (*remove_net_interface)(kernel_interface_t *this, + bool (*remove_net_interface)(kernel_interface_t *this, kernel_net_constructor_t create); /** * Add a listener to the kernel interface. * - * @param listener listener to add + * @param listener listener to add */ void (*add_listener)(kernel_interface_t *this, kernel_listener_t *listener); @@ -542,7 +549,7 @@ struct kernel_interface_t { /** * Remove a listener from the kernel interface. * - * @param listener listener to remove + * @param listener listener to remove */ void (*remove_listener)(kernel_interface_t *this, kernel_listener_t *listener); diff --git a/src/libhydra/kernel/kernel_ipsec.c b/src/libhydra/kernel/kernel_ipsec.c index 1a32ab4e7..697b1b33d 100644 --- a/src/libhydra/kernel/kernel_ipsec.c +++ b/src/libhydra/kernel/kernel_ipsec.c @@ -25,13 +25,14 @@ bool kernel_ipsec_register(plugin_t *plugin, plugin_feature_t *feature, { if (reg) { - hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface, + return hydra->kernel_interface->add_ipsec_interface( + hydra->kernel_interface, (kernel_ipsec_constructor_t)data); } else { - hydra->kernel_interface->remove_ipsec_interface(hydra->kernel_interface, + return hydra->kernel_interface->remove_ipsec_interface( + hydra->kernel_interface, (kernel_ipsec_constructor_t)data); } - return TRUE; } diff --git a/src/libhydra/kernel/kernel_ipsec.h b/src/libhydra/kernel/kernel_ipsec.h index 19caaa400..2458db5b9 100644 --- a/src/libhydra/kernel/kernel_ipsec.h +++ b/src/libhydra/kernel/kernel_ipsec.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2012 Tobias Brunner + * Copyright (C) 2006-2015 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter @@ -186,9 +186,6 @@ struct kernel_ipsec_t { /** * Add a policy to the SPD. * - * A policy is always associated to an SA. Traffic which matches a - * policy is handled by the SA with the same reqid. - * * @param src source address of SA * @param dst dest address of SA * @param src_ts traffic selector to match traffic source @@ -231,24 +228,24 @@ struct kernel_ipsec_t { /** * Remove a policy from the SPD. * - * The kernel interface implements reference counting for policies. - * If the same policy is installed multiple times (in the case of rekeying), - * the reference counter is increased. del_policy() decreases the ref counter - * and removes the policy only when no more references are available. - * + * @param src source address of SA + * @param dst dest address of SA * @param src_ts traffic selector to match traffic source * @param dst_ts traffic selector to match traffic dest * @param direction direction of traffic, POLICY_(IN|OUT|FWD) - * @param reqid unique ID of the associated SA - * @param mark optional mark + * @param type type of policy, POLICY_(IPSEC|PASS|DROP) + * @param sa details about the SA(s) tied to this policy + * @param mark mark for this policy * @param priority priority of the policy * @return SUCCESS if operation completed */ status_t (*del_policy) (kernel_ipsec_t *this, + host_t *src, host_t *dst, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, u_int32_t reqid, - mark_t mark, policy_priority_t priority); + policy_dir_t direction, policy_type_t type, + ipsec_sa_cfg_t *sa, mark_t mark, + policy_priority_t priority); /** * Flush all policies from the SPD. diff --git a/src/libhydra/kernel/kernel_net.c b/src/libhydra/kernel/kernel_net.c index 0841ed803..07d8b2999 100644 --- a/src/libhydra/kernel/kernel_net.c +++ b/src/libhydra/kernel/kernel_net.c @@ -25,13 +25,14 @@ bool kernel_net_register(plugin_t *plugin, plugin_feature_t *feature, { if (reg) { - hydra->kernel_interface->add_net_interface(hydra->kernel_interface, + return hydra->kernel_interface->add_net_interface( + hydra->kernel_interface, (kernel_net_constructor_t)data); } else { - hydra->kernel_interface->remove_net_interface(hydra->kernel_interface, + return hydra->kernel_interface->remove_net_interface( + hydra->kernel_interface, (kernel_net_constructor_t)data); } - return TRUE; } diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index 605476ef1..8c506d9f4 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2013 Tobias Brunner + * Copyright (C) 2006-2015 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2008 Andreas Steffen * Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser @@ -318,11 +318,6 @@ struct private_kernel_netlink_ipsec_t { bool proto_port_transport; /** - * Whether to track the history of a policy - */ - bool policy_history; - - /** * Whether to always use UPDATE to install policies */ bool policy_update; @@ -2140,7 +2135,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, { continue; } - tmpl->reqid = policy->reqid; + tmpl->reqid = ipsec->cfg.reqid; tmpl->id.proto = protos[i].proto; tmpl->aalgos = tmpl->ealgos = tmpl->calgos = ~0; tmpl->mode = mode2kernel(proto_mode); @@ -2322,7 +2317,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, current = this->policies->get(this->policies, policy); if (current) { - if (current->reqid != sa->reqid) + if (current->reqid && sa->reqid && current->reqid != sa->reqid) { DBG1(DBG_CFG, "unable to install policy %R === %R %N (mark " "%u/0x%08x) for reqid %u, the same policy for reqid %u exists", @@ -2352,26 +2347,19 @@ METHOD(kernel_ipsec_t, add_policy, status_t, dst_ts, mark, sa); assigned_sa->priority = get_priority(policy, priority); - if (this->policy_history) - { /* insert the SA according to its priority */ - enumerator = policy->used_by->create_enumerator(policy->used_by); - while (enumerator->enumerate(enumerator, (void**)¤t_sa)) + /* insert the SA according to its priority */ + enumerator = policy->used_by->create_enumerator(policy->used_by); + while (enumerator->enumerate(enumerator, (void**)¤t_sa)) + { + if (current_sa->priority >= assigned_sa->priority) { - if (current_sa->priority >= assigned_sa->priority) - { - break; - } - update = FALSE; + break; } - policy->used_by->insert_before(policy->used_by, enumerator, - assigned_sa); - enumerator->destroy(enumerator); - } - else - { /* simply insert it last and only update if it is not installed yet */ - policy->used_by->insert_last(policy->used_by, assigned_sa); - update = !found; + update = FALSE; } + policy->used_by->insert_before(policy->used_by, enumerator, + assigned_sa); + enumerator->destroy(enumerator); if (!update) { /* we don't update the policy if the priority is lower than that of @@ -2482,8 +2470,9 @@ METHOD(kernel_ipsec_t, query_policy, status_t, } METHOD(kernel_ipsec_t, del_policy, status_t, - private_kernel_netlink_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark, policy_priority_t prio) { policy_entry_t *current, policy; @@ -2494,6 +2483,12 @@ METHOD(kernel_ipsec_t, del_policy, status_t, struct xfrm_userpolicy_id *policy_id; bool is_installed = TRUE; u_int32_t priority; + ipsec_sa_t assigned_sa = { + .src = src, + .dst = dst, + .mark = mark, + .cfg = *sa, + }; DBG2(DBG_KNL, "deleting policy %R === %R %N (mark %u/0x%08x)", src_ts, dst_ts, policy_dir_names, direction, @@ -2508,7 +2503,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t, /* find the policy */ this->mutex->lock(this->mutex); current = this->policies->get(this->policies, &policy); - if (!current || current->reqid != reqid) + if (!current) { if (mark.value) { @@ -2525,28 +2520,21 @@ METHOD(kernel_ipsec_t, del_policy, status_t, return NOT_FOUND; } - if (this->policy_history) - { /* remove mapping to SA by reqid and priority */ - priority = get_priority(current, prio); - enumerator = current->used_by->create_enumerator(current->used_by); - while (enumerator->enumerate(enumerator, (void**)&mapping)) + /* remove mapping to SA by reqid and priority */ + priority = get_priority(current, prio); + enumerator = current->used_by->create_enumerator(current->used_by); + while (enumerator->enumerate(enumerator, (void**)&mapping)) + { + if (priority == mapping->priority && type == mapping->type && + ipsec_sa_equals(mapping->sa, &assigned_sa)) { - if (priority == mapping->priority) - { - current->used_by->remove_at(current->used_by, enumerator); - policy_sa_destroy(mapping, &direction, this); - break; - } - is_installed = FALSE; + current->used_by->remove_at(current->used_by, enumerator); + policy_sa_destroy(mapping, &direction, this); + break; } - enumerator->destroy(enumerator); - } - else - { /* remove one of the SAs but don't update the policy */ - current->used_by->remove_last(current->used_by, (void**)&mapping); - policy_sa_destroy(mapping, &direction, this); is_installed = FALSE; } + enumerator->destroy(enumerator); if (current->used_by->get_count(current->used_by) > 0) { /* policy is used by more SAs, keep in kernel */ @@ -2915,7 +2903,6 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() (hashtable_equals_t)ipsec_sa_equals, 32), .bypass = array_create(sizeof(bypass_t), 0), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), - .policy_history = TRUE, .policy_update = lib->settings->get_bool(lib->settings, "%s.plugins.kernel-netlink.policy_update", FALSE, lib->ns), .install_routes = lib->settings->get_bool(lib->settings, diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 5027e1759..c67366b86 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2012 Tobias Brunner + * Copyright (C) 2008-2015 Tobias Brunner * Copyright (C) 2008 Andreas Steffen * Hochschule fuer Technik Rapperswil * @@ -843,7 +843,9 @@ static kernel_algorithm_t encryption_algs[] = { /* {ENCR_DES_IV32, 0 }, */ {ENCR_NULL, SADB_EALG_NULL }, {ENCR_AES_CBC, SADB_X_EALG_AESCBC }, -/* {ENCR_AES_CTR, SADB_X_EALG_AESCTR }, */ +#ifdef SADB_X_EALG_AESCTR + {ENCR_AES_CTR, SADB_X_EALG_AESCTR }, +#endif /* {ENCR_AES_CCM_ICV8, SADB_X_EALG_AES_CCM_ICV8 }, */ /* {ENCR_AES_CCM_ICV12, SADB_X_EALG_AES_CCM_ICV12 }, */ /* {ENCR_AES_CCM_ICV16, SADB_X_EALG_AES_CCM_ICV16 }, */ @@ -2689,8 +2691,9 @@ METHOD(kernel_ipsec_t, query_policy, status_t, } METHOD(kernel_ipsec_t, del_policy, status_t, - private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, + traffic_selector_t *src_ts, traffic_selector_t *dst_ts, + policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark, policy_priority_t prio) { unsigned char request[PFKEY_BUFFER_SIZE]; @@ -2702,6 +2705,11 @@ METHOD(kernel_ipsec_t, del_policy, status_t, bool first = TRUE, is_installed = TRUE; u_int32_t priority; size_t len; + ipsec_sa_t assigned_sa = { + .src = src, + .dst = dst, + .cfg = *sa, + }; if (dir2kernel(direction) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ @@ -2735,7 +2743,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t, enumerator = policy->used_by->create_enumerator(policy->used_by); while (enumerator->enumerate(enumerator, (void**)&mapping)) { - if (reqid == mapping->sa->cfg.reqid && priority == mapping->priority) + if (priority == mapping->priority && + ipsec_sa_equals(mapping->sa, &assigned_sa)) { to_remove = mapping; is_installed = first; diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql index ff6191117..9162e3f87 100644 --- a/src/libimcv/imv/data.sql +++ b/src/libimcv/imv/data.sql @@ -388,6 +388,30 @@ INSERT INTO products ( /* 65 */ 'Debian 7.8 armv7l' ); +INSERT INTO products ( /* 66 */ + name +) VALUES ( + 'Debian 7.9 i686' +); + +INSERT INTO products ( /* 67 */ + name +) VALUES ( + 'Debian 7.9 x86_64' +); + +INSERT INTO products ( /* 68 */ + name +) VALUES ( + 'Debian 7.9 armv6l' +); + +INSERT INTO products ( /* 69 */ + name +) VALUES ( + 'Debian 7.9 armv7l' +); + /* Directories */ INSERT INTO directories ( /* 1 */ @@ -889,6 +913,12 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 4, 66 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 5, 2 ); @@ -955,6 +985,12 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 5, 67 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 6, 9 ); @@ -1201,9 +1237,21 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 14, 68 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 15, 65 ); +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 15, 69 +); + /* Policies */ INSERT INTO policies ( /* 1 */ diff --git a/src/libipsec/Android.mk b/src/libipsec/Android.mk index c5d987977..dffed94f0 100644 --- a/src/libipsec/Android.mk +++ b/src/libipsec/Android.mk @@ -20,7 +20,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(libipsec_la_SOURCES)) # build libipsec --------------------------------------------------------------- LOCAL_C_INCLUDES += \ - $(strongswan_PATH)/src/include \ $(strongswan_PATH)/src/libstrongswan LOCAL_CFLAGS := $(strongswan_CFLAGS) diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c index b742d1576..2b003e390 100644 --- a/src/libipsec/esp_context.c +++ b/src/libipsec/esp_context.c @@ -247,7 +247,19 @@ static bool create_traditional(private_esp_context_t *this, int enc_alg, signer_t *signer = NULL; iv_gen_t *ivg; - crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, enc_key.len); + switch (enc_alg) + { + case ENCR_AES_CTR: + case ENCR_CAMELLIA_CTR: + /* the key includes a 4 byte salt */ + crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, + enc_key.len - 4); + break; + default: + crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, + enc_key.len); + break; + } if (!crypter) { DBG1(DBG_ESP, "failed to create ESP context: unsupported encryption " diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index d019d96e1..db3da8e15 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -15,6 +15,7 @@ crypto/rngs/rng.c crypto/prf_plus.c crypto/signers/signer.c \ crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \ crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \ crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \ +crypto/iv/iv_gen_null.c \ crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \ credentials/credential_factory.c credentials/builder.c \ credentials/cred_encoding.c credentials/keys/private_key.c \ @@ -116,8 +117,7 @@ LOCAL_SRC_FILES += $(call add_plugin, xcbc) # build libstrongswan ---------------------------------------------------------- -LOCAL_CFLAGS := $(strongswan_CFLAGS) \ - -include $(LOCAL_PATH)/AndroidConfigLocal.h +LOCAL_CFLAGS := $(strongswan_CFLAGS) LOCAL_MODULE := libstrongswan diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index adf3687ae..ed3b85dd4 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -13,6 +13,7 @@ crypto/rngs/rng.c crypto/prf_plus.c crypto/signers/signer.c \ crypto/signers/mac_signer.c crypto/crypto_factory.c crypto/crypto_tester.c \ crypto/diffie_hellman.c crypto/aead.c crypto/transform.c \ crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c crypto/iv/iv_gen_seq.c \ +crypto/iv/iv_gen_null.c \ crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \ credentials/credential_factory.c credentials/builder.c \ credentials/cred_encoding.c credentials/keys/private_key.c \ @@ -72,7 +73,7 @@ crypto/prfs/prf.h crypto/prfs/mac_prf.h crypto/rngs/rng.h crypto/nonce_gen.h \ crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \ crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \ crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \ -crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h \ +crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \ crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \ credentials/credential_factory.h credentials/builder.h \ credentials/cred_encoding.h credentials/keys/private_key.h \ @@ -109,7 +110,7 @@ utils/lexparser.h utils/optionsfrom.h utils/capabilities.h utils/backtrace.h \ utils/cpu_feature.h utils/leak_detective.h utils/printf_hook/printf_hook.h \ utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \ utils/parser_helper.h utils/test.h utils/integrity_checker.h utils/process.h \ -utils/utils/strerror.h utils/compat/windows.h utils/compat/apple.h \ +utils/utils/strerror.h utils/compat/windows.h utils/compat/apple.h utils/compat/android.h \ utils/utils/atomics.h utils/utils/types.h utils/utils/byteorder.h \ utils/utils/string.h utils/utils/memory.h utils/utils/tty.h utils/utils/path.h \ utils/utils/status.h utils/utils/object.h utils/utils/time.h utils/utils/align.h @@ -190,7 +191,7 @@ endif EXTRA_DIST = \ asn1/oid.txt asn1/oid.pl \ crypto/proposal/proposal_keywords_static.txt \ -Android.mk AndroidConfigLocal.h +Android.mk BUILT_SOURCES = \ $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \ @@ -288,6 +289,13 @@ if MONOLITHIC endif endif +if USE_SHA3 + SUBDIRS += plugins/sha3 +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/sha3/libstrongswan-sha3.la +endif +endif + if USE_GMP SUBDIRS += plugins/gmp if MONOLITHIC diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index 9598c8b51..284960f5c 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -131,93 +131,95 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_33 = plugins/sha1/libstrongswan-sha1.la @USE_SHA2_TRUE@am__append_34 = plugins/sha2 @MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_35 = plugins/sha2/libstrongswan-sha2.la -@USE_GMP_TRUE@am__append_36 = plugins/gmp -@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_37 = plugins/gmp/libstrongswan-gmp.la -@USE_RDRAND_TRUE@am__append_38 = plugins/rdrand -@MONOLITHIC_TRUE@@USE_RDRAND_TRUE@am__append_39 = plugins/rdrand/libstrongswan-rdrand.la -@USE_AESNI_TRUE@am__append_40 = plugins/aesni -@MONOLITHIC_TRUE@@USE_AESNI_TRUE@am__append_41 = plugins/aesni/libstrongswan-aesni.la -@USE_RANDOM_TRUE@am__append_42 = plugins/random -@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_43 = plugins/random/libstrongswan-random.la -@USE_NONCE_TRUE@am__append_44 = plugins/nonce -@MONOLITHIC_TRUE@@USE_NONCE_TRUE@am__append_45 = plugins/nonce/libstrongswan-nonce.la -@USE_HMAC_TRUE@am__append_46 = plugins/hmac -@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_47 = plugins/hmac/libstrongswan-hmac.la -@USE_CMAC_TRUE@am__append_48 = plugins/cmac -@MONOLITHIC_TRUE@@USE_CMAC_TRUE@am__append_49 = plugins/cmac/libstrongswan-cmac.la -@USE_XCBC_TRUE@am__append_50 = plugins/xcbc -@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_51 = plugins/xcbc/libstrongswan-xcbc.la -@USE_X509_TRUE@am__append_52 = plugins/x509 -@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_53 = plugins/x509/libstrongswan-x509.la -@USE_REVOCATION_TRUE@am__append_54 = plugins/revocation -@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_55 = plugins/revocation/libstrongswan-revocation.la -@USE_CONSTRAINTS_TRUE@am__append_56 = plugins/constraints -@MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE@am__append_57 = plugins/constraints/libstrongswan-constraints.la -@USE_ACERT_TRUE@am__append_58 = plugins/acert -@MONOLITHIC_TRUE@@USE_ACERT_TRUE@am__append_59 = plugins/acert/libstrongswan-acert.la -@USE_PUBKEY_TRUE@am__append_60 = plugins/pubkey -@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_61 = plugins/pubkey/libstrongswan-pubkey.la -@USE_PKCS1_TRUE@am__append_62 = plugins/pkcs1 -@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_63 = plugins/pkcs1/libstrongswan-pkcs1.la -@USE_PKCS7_TRUE@am__append_64 = plugins/pkcs7 -@MONOLITHIC_TRUE@@USE_PKCS7_TRUE@am__append_65 = plugins/pkcs7/libstrongswan-pkcs7.la -@USE_PKCS8_TRUE@am__append_66 = plugins/pkcs8 -@MONOLITHIC_TRUE@@USE_PKCS8_TRUE@am__append_67 = plugins/pkcs8/libstrongswan-pkcs8.la -@USE_PKCS12_TRUE@am__append_68 = plugins/pkcs12 -@MONOLITHIC_TRUE@@USE_PKCS12_TRUE@am__append_69 = plugins/pkcs12/libstrongswan-pkcs12.la -@USE_PGP_TRUE@am__append_70 = plugins/pgp -@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_71 = plugins/pgp/libstrongswan-pgp.la -@USE_DNSKEY_TRUE@am__append_72 = plugins/dnskey -@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_73 = plugins/dnskey/libstrongswan-dnskey.la -@USE_SSHKEY_TRUE@am__append_74 = plugins/sshkey -@MONOLITHIC_TRUE@@USE_SSHKEY_TRUE@am__append_75 = plugins/sshkey/libstrongswan-sshkey.la -@USE_PEM_TRUE@am__append_76 = plugins/pem -@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_77 = plugins/pem/libstrongswan-pem.la -@USE_CURL_TRUE@am__append_78 = plugins/curl -@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_79 = plugins/curl/libstrongswan-curl.la -@USE_FILES_TRUE@am__append_80 = plugins/files -@MONOLITHIC_TRUE@@USE_FILES_TRUE@am__append_81 = plugins/files/libstrongswan-files.la -@USE_WINHTTP_TRUE@am__append_82 = plugins/winhttp -@MONOLITHIC_TRUE@@USE_WINHTTP_TRUE@am__append_83 = plugins/winhttp/libstrongswan-winhttp.la -@USE_UNBOUND_TRUE@am__append_84 = plugins/unbound -@MONOLITHIC_TRUE@@USE_UNBOUND_TRUE@am__append_85 = plugins/unbound/libstrongswan-unbound.la -@USE_SOUP_TRUE@am__append_86 = plugins/soup -@MONOLITHIC_TRUE@@USE_SOUP_TRUE@am__append_87 = plugins/soup/libstrongswan-soup.la -@USE_LDAP_TRUE@am__append_88 = plugins/ldap -@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_89 = plugins/ldap/libstrongswan-ldap.la -@USE_MYSQL_TRUE@am__append_90 = plugins/mysql -@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_91 = plugins/mysql/libstrongswan-mysql.la -@USE_SQLITE_TRUE@am__append_92 = plugins/sqlite -@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_93 = plugins/sqlite/libstrongswan-sqlite.la -@USE_PADLOCK_TRUE@am__append_94 = plugins/padlock -@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_95 = plugins/padlock/libstrongswan-padlock.la -@USE_OPENSSL_TRUE@am__append_96 = plugins/openssl -@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_97 = plugins/openssl/libstrongswan-openssl.la -@USE_GCRYPT_TRUE@am__append_98 = plugins/gcrypt -@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_99 = plugins/gcrypt/libstrongswan-gcrypt.la -@USE_FIPS_PRF_TRUE@am__append_100 = plugins/fips_prf -@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_101 = plugins/fips_prf/libstrongswan-fips-prf.la -@USE_AGENT_TRUE@am__append_102 = plugins/agent -@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_103 = plugins/agent/libstrongswan-agent.la -@USE_KEYCHAIN_TRUE@am__append_104 = plugins/keychain -@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_105 = plugins/keychain/libstrongswan-keychain.la -@USE_PKCS11_TRUE@am__append_106 = plugins/pkcs11 -@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_107 = plugins/pkcs11/libstrongswan-pkcs11.la -@USE_CHAPOLY_TRUE@am__append_108 = plugins/chapoly -@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_109 = plugins/chapoly/libstrongswan-chapoly.la -@USE_CTR_TRUE@am__append_110 = plugins/ctr -@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_111 = plugins/ctr/libstrongswan-ctr.la -@USE_CCM_TRUE@am__append_112 = plugins/ccm -@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_113 = plugins/ccm/libstrongswan-ccm.la -@USE_GCM_TRUE@am__append_114 = plugins/gcm -@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_115 = plugins/gcm/libstrongswan-gcm.la -@USE_NTRU_TRUE@am__append_116 = plugins/ntru -@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_117 = plugins/ntru/libstrongswan-ntru.la -@USE_BLISS_TRUE@am__append_118 = plugins/bliss -@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_119 = plugins/bliss/libstrongswan-bliss.la -@USE_TEST_VECTORS_TRUE@am__append_120 = plugins/test_vectors -@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_121 = plugins/test_vectors/libstrongswan-test-vectors.la -@USE_BLISS_TRUE@am__append_122 = plugins/bliss/tests +@USE_SHA3_TRUE@am__append_36 = plugins/sha3 +@MONOLITHIC_TRUE@@USE_SHA3_TRUE@am__append_37 = plugins/sha3/libstrongswan-sha3.la +@USE_GMP_TRUE@am__append_38 = plugins/gmp +@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_39 = plugins/gmp/libstrongswan-gmp.la +@USE_RDRAND_TRUE@am__append_40 = plugins/rdrand +@MONOLITHIC_TRUE@@USE_RDRAND_TRUE@am__append_41 = plugins/rdrand/libstrongswan-rdrand.la +@USE_AESNI_TRUE@am__append_42 = plugins/aesni +@MONOLITHIC_TRUE@@USE_AESNI_TRUE@am__append_43 = plugins/aesni/libstrongswan-aesni.la +@USE_RANDOM_TRUE@am__append_44 = plugins/random +@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_45 = plugins/random/libstrongswan-random.la +@USE_NONCE_TRUE@am__append_46 = plugins/nonce +@MONOLITHIC_TRUE@@USE_NONCE_TRUE@am__append_47 = plugins/nonce/libstrongswan-nonce.la +@USE_HMAC_TRUE@am__append_48 = plugins/hmac +@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_49 = plugins/hmac/libstrongswan-hmac.la +@USE_CMAC_TRUE@am__append_50 = plugins/cmac +@MONOLITHIC_TRUE@@USE_CMAC_TRUE@am__append_51 = plugins/cmac/libstrongswan-cmac.la +@USE_XCBC_TRUE@am__append_52 = plugins/xcbc +@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_53 = plugins/xcbc/libstrongswan-xcbc.la +@USE_X509_TRUE@am__append_54 = plugins/x509 +@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_55 = plugins/x509/libstrongswan-x509.la +@USE_REVOCATION_TRUE@am__append_56 = plugins/revocation +@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_57 = plugins/revocation/libstrongswan-revocation.la +@USE_CONSTRAINTS_TRUE@am__append_58 = plugins/constraints +@MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE@am__append_59 = plugins/constraints/libstrongswan-constraints.la +@USE_ACERT_TRUE@am__append_60 = plugins/acert +@MONOLITHIC_TRUE@@USE_ACERT_TRUE@am__append_61 = plugins/acert/libstrongswan-acert.la +@USE_PUBKEY_TRUE@am__append_62 = plugins/pubkey +@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_63 = plugins/pubkey/libstrongswan-pubkey.la +@USE_PKCS1_TRUE@am__append_64 = plugins/pkcs1 +@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_65 = plugins/pkcs1/libstrongswan-pkcs1.la +@USE_PKCS7_TRUE@am__append_66 = plugins/pkcs7 +@MONOLITHIC_TRUE@@USE_PKCS7_TRUE@am__append_67 = plugins/pkcs7/libstrongswan-pkcs7.la +@USE_PKCS8_TRUE@am__append_68 = plugins/pkcs8 +@MONOLITHIC_TRUE@@USE_PKCS8_TRUE@am__append_69 = plugins/pkcs8/libstrongswan-pkcs8.la +@USE_PKCS12_TRUE@am__append_70 = plugins/pkcs12 +@MONOLITHIC_TRUE@@USE_PKCS12_TRUE@am__append_71 = plugins/pkcs12/libstrongswan-pkcs12.la +@USE_PGP_TRUE@am__append_72 = plugins/pgp +@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_73 = plugins/pgp/libstrongswan-pgp.la +@USE_DNSKEY_TRUE@am__append_74 = plugins/dnskey +@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_75 = plugins/dnskey/libstrongswan-dnskey.la +@USE_SSHKEY_TRUE@am__append_76 = plugins/sshkey +@MONOLITHIC_TRUE@@USE_SSHKEY_TRUE@am__append_77 = plugins/sshkey/libstrongswan-sshkey.la +@USE_PEM_TRUE@am__append_78 = plugins/pem +@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_79 = plugins/pem/libstrongswan-pem.la +@USE_CURL_TRUE@am__append_80 = plugins/curl +@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_81 = plugins/curl/libstrongswan-curl.la +@USE_FILES_TRUE@am__append_82 = plugins/files +@MONOLITHIC_TRUE@@USE_FILES_TRUE@am__append_83 = plugins/files/libstrongswan-files.la +@USE_WINHTTP_TRUE@am__append_84 = plugins/winhttp +@MONOLITHIC_TRUE@@USE_WINHTTP_TRUE@am__append_85 = plugins/winhttp/libstrongswan-winhttp.la +@USE_UNBOUND_TRUE@am__append_86 = plugins/unbound +@MONOLITHIC_TRUE@@USE_UNBOUND_TRUE@am__append_87 = plugins/unbound/libstrongswan-unbound.la +@USE_SOUP_TRUE@am__append_88 = plugins/soup +@MONOLITHIC_TRUE@@USE_SOUP_TRUE@am__append_89 = plugins/soup/libstrongswan-soup.la +@USE_LDAP_TRUE@am__append_90 = plugins/ldap +@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_91 = plugins/ldap/libstrongswan-ldap.la +@USE_MYSQL_TRUE@am__append_92 = plugins/mysql +@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_93 = plugins/mysql/libstrongswan-mysql.la +@USE_SQLITE_TRUE@am__append_94 = plugins/sqlite +@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_95 = plugins/sqlite/libstrongswan-sqlite.la +@USE_PADLOCK_TRUE@am__append_96 = plugins/padlock +@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_97 = plugins/padlock/libstrongswan-padlock.la +@USE_OPENSSL_TRUE@am__append_98 = plugins/openssl +@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_99 = plugins/openssl/libstrongswan-openssl.la +@USE_GCRYPT_TRUE@am__append_100 = plugins/gcrypt +@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_101 = plugins/gcrypt/libstrongswan-gcrypt.la +@USE_FIPS_PRF_TRUE@am__append_102 = plugins/fips_prf +@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_103 = plugins/fips_prf/libstrongswan-fips-prf.la +@USE_AGENT_TRUE@am__append_104 = plugins/agent +@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_105 = plugins/agent/libstrongswan-agent.la +@USE_KEYCHAIN_TRUE@am__append_106 = plugins/keychain +@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_107 = plugins/keychain/libstrongswan-keychain.la +@USE_PKCS11_TRUE@am__append_108 = plugins/pkcs11 +@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_109 = plugins/pkcs11/libstrongswan-pkcs11.la +@USE_CHAPOLY_TRUE@am__append_110 = plugins/chapoly +@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_111 = plugins/chapoly/libstrongswan-chapoly.la +@USE_CTR_TRUE@am__append_112 = plugins/ctr +@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_113 = plugins/ctr/libstrongswan-ctr.la +@USE_CCM_TRUE@am__append_114 = plugins/ccm +@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_115 = plugins/ccm/libstrongswan-ccm.la +@USE_GCM_TRUE@am__append_116 = plugins/gcm +@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_117 = plugins/gcm/libstrongswan-gcm.la +@USE_NTRU_TRUE@am__append_118 = plugins/ntru +@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_119 = plugins/ntru/libstrongswan-ntru.la +@USE_BLISS_TRUE@am__append_120 = plugins/bliss +@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_121 = plugins/bliss/libstrongswan-bliss.la +@USE_TEST_VECTORS_TRUE@am__append_122 = plugins/test_vectors +@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_123 = plugins/test_vectors/libstrongswan-test-vectors.la +@USE_BLISS_TRUE@am__append_124 = plugins/bliss/tests subdir = src/libstrongswan DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ settings/settings_parser.h settings/settings_parser.c \ @@ -297,7 +299,7 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__append_101) $(am__append_103) $(am__append_105) \ $(am__append_107) $(am__append_109) $(am__append_111) \ $(am__append_113) $(am__append_115) $(am__append_117) \ - $(am__append_119) $(am__append_121) + $(am__append_119) $(am__append_121) $(am__append_123) am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \ asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \ bio/bio_writer.c collections/blocking_queue.c \ @@ -312,11 +314,11 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \ crypto/signers/mac_signer.c crypto/crypto_factory.c \ crypto/crypto_tester.c crypto/diffie_hellman.c crypto/aead.c \ crypto/transform.c crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c \ - crypto/iv/iv_gen_seq.c crypto/mgf1/mgf1.c \ - crypto/mgf1/mgf1_bitspender.c credentials/credential_factory.c \ - credentials/builder.c credentials/cred_encoding.c \ - credentials/keys/private_key.c credentials/keys/public_key.c \ - credentials/keys/shared_key.c \ + crypto/iv/iv_gen_seq.c crypto/iv/iv_gen_null.c \ + crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \ + credentials/credential_factory.c credentials/builder.c \ + credentials/cred_encoding.c credentials/keys/private_key.c \ + credentials/keys/public_key.c credentials/keys/shared_key.c \ credentials/certificates/certificate.c \ credentials/certificates/crl.c \ credentials/certificates/ocsp_response.c \ @@ -397,7 +399,8 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \ crypto/crypto_tester.lo crypto/diffie_hellman.lo \ crypto/aead.lo crypto/transform.lo crypto/iv/iv_gen.lo \ crypto/iv/iv_gen_rand.lo crypto/iv/iv_gen_seq.lo \ - crypto/mgf1/mgf1.lo crypto/mgf1/mgf1_bitspender.lo \ + crypto/iv/iv_gen_null.lo crypto/mgf1/mgf1.lo \ + crypto/mgf1/mgf1_bitspender.lo \ credentials/credential_factory.lo credentials/builder.lo \ credentials/cred_encoding.lo credentials/keys/private_key.lo \ credentials/keys/public_key.lo credentials/keys/shared_key.lo \ @@ -524,10 +527,11 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \ crypto/crypto_tester.h crypto/diffie_hellman.h crypto/aead.h \ crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \ crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h \ - crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \ - credentials/credential_factory.h credentials/builder.h \ - credentials/cred_encoding.h credentials/keys/private_key.h \ - credentials/keys/public_key.h credentials/keys/shared_key.h \ + crypto/iv/iv_gen_null.h crypto/mgf1/mgf1.h \ + crypto/mgf1/mgf1_bitspender.h credentials/credential_factory.h \ + credentials/builder.h credentials/cred_encoding.h \ + credentials/keys/private_key.h credentials/keys/public_key.h \ + credentials/keys/shared_key.h \ credentials/certificates/certificate.h \ credentials/certificates/x509.h credentials/certificates/ac.h \ credentials/certificates/crl.h \ @@ -574,7 +578,8 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \ utils/printf_hook/printf_hook_builtin.h utils/parser_helper.h \ utils/test.h utils/integrity_checker.h utils/process.h \ utils/utils/strerror.h utils/compat/windows.h \ - utils/compat/apple.h utils/utils/atomics.h utils/utils/types.h \ + utils/compat/apple.h utils/compat/android.h \ + utils/utils/atomics.h utils/utils/types.h \ utils/utils/byteorder.h utils/utils/string.h \ utils/utils/memory.h utils/utils/tty.h utils/utils/path.h \ utils/utils/status.h utils/utils/object.h utils/utils/time.h \ @@ -609,18 +614,19 @@ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ plugins/blowfish plugins/rc2 plugins/md4 plugins/md5 \ - plugins/sha1 plugins/sha2 plugins/gmp plugins/rdrand \ - plugins/aesni plugins/random plugins/nonce plugins/hmac \ - plugins/cmac plugins/xcbc plugins/x509 plugins/revocation \ - plugins/constraints plugins/acert plugins/pubkey plugins/pkcs1 \ - plugins/pkcs7 plugins/pkcs8 plugins/pkcs12 plugins/pgp \ - plugins/dnskey plugins/sshkey plugins/pem plugins/curl \ - plugins/files plugins/winhttp plugins/unbound plugins/soup \ - plugins/ldap plugins/mysql plugins/sqlite plugins/padlock \ - plugins/openssl plugins/gcrypt plugins/fips_prf plugins/agent \ - plugins/keychain plugins/pkcs11 plugins/chapoly plugins/ctr \ - plugins/ccm plugins/gcm plugins/ntru plugins/bliss \ - plugins/test_vectors tests plugins/bliss/tests + plugins/sha1 plugins/sha2 plugins/sha3 plugins/gmp \ + plugins/rdrand plugins/aesni plugins/random plugins/nonce \ + plugins/hmac plugins/cmac plugins/xcbc plugins/x509 \ + plugins/revocation plugins/constraints plugins/acert \ + plugins/pubkey plugins/pkcs1 plugins/pkcs7 plugins/pkcs8 \ + plugins/pkcs12 plugins/pgp plugins/dnskey plugins/sshkey \ + plugins/pem plugins/curl plugins/files plugins/winhttp \ + plugins/unbound plugins/soup plugins/ldap plugins/mysql \ + plugins/sqlite plugins/padlock plugins/openssl plugins/gcrypt \ + plugins/fips_prf plugins/agent plugins/keychain plugins/pkcs11 \ + plugins/chapoly plugins/ctr plugins/ccm plugins/gcm \ + plugins/ntru plugins/bliss plugins/test_vectors tests \ + plugins/bliss/tests DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -886,11 +892,11 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \ crypto/signers/mac_signer.c crypto/crypto_factory.c \ crypto/crypto_tester.c crypto/diffie_hellman.c crypto/aead.c \ crypto/transform.c crypto/iv/iv_gen.c crypto/iv/iv_gen_rand.c \ - crypto/iv/iv_gen_seq.c crypto/mgf1/mgf1.c \ - crypto/mgf1/mgf1_bitspender.c credentials/credential_factory.c \ - credentials/builder.c credentials/cred_encoding.c \ - credentials/keys/private_key.c credentials/keys/public_key.c \ - credentials/keys/shared_key.c \ + crypto/iv/iv_gen_seq.c crypto/iv/iv_gen_null.c \ + crypto/mgf1/mgf1.c crypto/mgf1/mgf1_bitspender.c \ + credentials/credential_factory.c credentials/builder.c \ + credentials/cred_encoding.c credentials/keys/private_key.c \ + credentials/keys/public_key.c credentials/keys/shared_key.c \ credentials/certificates/certificate.c \ credentials/certificates/crl.c \ credentials/certificates/ocsp_response.c \ @@ -945,7 +951,7 @@ settings/settings_types.h @USE_DEV_HEADERS_TRUE@crypto/prf_plus.h crypto/signers/signer.h crypto/signers/mac_signer.h \ @USE_DEV_HEADERS_TRUE@crypto/crypto_factory.h crypto/crypto_tester.h crypto/diffie_hellman.h \ @USE_DEV_HEADERS_TRUE@crypto/aead.h crypto/transform.h crypto/pkcs5.h crypto/iv/iv_gen.h \ -@USE_DEV_HEADERS_TRUE@crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h \ +@USE_DEV_HEADERS_TRUE@crypto/iv/iv_gen_rand.h crypto/iv/iv_gen_seq.h crypto/iv/iv_gen_null.h \ @USE_DEV_HEADERS_TRUE@crypto/mgf1/mgf1.h crypto/mgf1/mgf1_bitspender.h \ @USE_DEV_HEADERS_TRUE@credentials/credential_factory.h credentials/builder.h \ @USE_DEV_HEADERS_TRUE@credentials/cred_encoding.h credentials/keys/private_key.h \ @@ -982,7 +988,7 @@ settings/settings_types.h @USE_DEV_HEADERS_TRUE@utils/cpu_feature.h utils/leak_detective.h utils/printf_hook/printf_hook.h \ @USE_DEV_HEADERS_TRUE@utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \ @USE_DEV_HEADERS_TRUE@utils/parser_helper.h utils/test.h utils/integrity_checker.h utils/process.h \ -@USE_DEV_HEADERS_TRUE@utils/utils/strerror.h utils/compat/windows.h utils/compat/apple.h \ +@USE_DEV_HEADERS_TRUE@utils/utils/strerror.h utils/compat/windows.h utils/compat/apple.h utils/compat/android.h \ @USE_DEV_HEADERS_TRUE@utils/utils/atomics.h utils/utils/types.h utils/utils/byteorder.h \ @USE_DEV_HEADERS_TRUE@utils/utils/string.h utils/utils/memory.h utils/utils/tty.h utils/utils/path.h \ @USE_DEV_HEADERS_TRUE@utils/utils/status.h utils/utils/object.h utils/utils/time.h utils/utils/align.h @@ -1007,7 +1013,7 @@ libstrongswan_la_LIBADD = $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) \ $(am__append_101) $(am__append_103) $(am__append_105) \ $(am__append_107) $(am__append_109) $(am__append_111) \ $(am__append_113) $(am__append_115) $(am__append_117) \ - $(am__append_119) $(am__append_121) + $(am__append_119) $(am__append_121) $(am__append_123) AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \ -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \ -DPLUGINDIR=\"${plugindir}\" \ @@ -1023,7 +1029,7 @@ AM_YFLAGS = -v -d EXTRA_DIST = \ asn1/oid.txt asn1/oid.pl \ crypto/proposal/proposal_keywords_static.txt \ -Android.mk AndroidConfigLocal.h +Android.mk BUILT_SOURCES = \ $(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \ @@ -1059,8 +1065,8 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c @MONOLITHIC_FALSE@ $(am__append_106) $(am__append_108) \ @MONOLITHIC_FALSE@ $(am__append_110) $(am__append_112) \ @MONOLITHIC_FALSE@ $(am__append_114) $(am__append_116) \ -@MONOLITHIC_FALSE@ $(am__append_118) $(am__append_120) tests \ -@MONOLITHIC_FALSE@ $(am__append_122) +@MONOLITHIC_FALSE@ $(am__append_118) $(am__append_120) \ +@MONOLITHIC_FALSE@ $(am__append_122) tests $(am__append_124) # build plugins with their own Makefile ####################################### @@ -1089,8 +1095,8 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c @MONOLITHIC_TRUE@ $(am__append_106) $(am__append_108) \ @MONOLITHIC_TRUE@ $(am__append_110) $(am__append_112) \ @MONOLITHIC_TRUE@ $(am__append_114) $(am__append_116) \ -@MONOLITHIC_TRUE@ $(am__append_118) $(am__append_120) . tests \ -@MONOLITHIC_TRUE@ $(am__append_122) +@MONOLITHIC_TRUE@ $(am__append_118) $(am__append_120) \ +@MONOLITHIC_TRUE@ $(am__append_122) . tests $(am__append_124) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -1284,6 +1290,8 @@ crypto/iv/iv_gen_rand.lo: crypto/iv/$(am__dirstamp) \ crypto/iv/$(DEPDIR)/$(am__dirstamp) crypto/iv/iv_gen_seq.lo: crypto/iv/$(am__dirstamp) \ crypto/iv/$(DEPDIR)/$(am__dirstamp) +crypto/iv/iv_gen_null.lo: crypto/iv/$(am__dirstamp) \ + crypto/iv/$(DEPDIR)/$(am__dirstamp) crypto/mgf1/$(am__dirstamp): @$(MKDIR_P) crypto/mgf1 @: > crypto/mgf1/$(am__dirstamp) @@ -1750,6 +1758,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@crypto/hashers/$(DEPDIR)/hash_algorithm_set.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/hashers/$(DEPDIR)/hasher.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen_null.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen_rand.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/iv/$(DEPDIR)/iv_gen_seq.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@crypto/mgf1/$(DEPDIR)/mgf1.Plo@am__quote@ diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index a750f7fcb..a088b0527 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -199,12 +199,12 @@ const oid_t oid_names[] = { { 0x02, 187, 0, 7, "ecdsa-with-SHA256" }, /* 186 */ { 0x03, 188, 0, 7, "ecdsa-with-SHA384" }, /* 187 */ { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 188 */ - {0x2B, 413, 1, 0, "" }, /* 189 */ - { 0x06, 327, 1, 1, "dod" }, /* 190 */ + {0x2B, 416, 1, 0, "" }, /* 189 */ + { 0x06, 330, 1, 1, "dod" }, /* 190 */ { 0x01, 0, 1, 2, "internet" }, /* 191 */ - { 0x04, 278, 1, 3, "private" }, /* 192 */ + { 0x04, 281, 1, 3, "private" }, /* 192 */ { 0x01, 0, 1, 4, "enterprise" }, /* 193 */ - { 0x82, 228, 1, 5, "" }, /* 194 */ + { 0x82, 231, 1, 5, "" }, /* 194 */ { 0x37, 207, 1, 6, "Microsoft" }, /* 195 */ { 0x0A, 200, 1, 7, "" }, /* 196 */ { 0x03, 0, 1, 8, "" }, /* 197 */ @@ -235,254 +235,257 @@ const oid_t oid_names[] = { { 0x07, 223, 0, 10, "BLISS-B-III" }, /* 222 */ { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 223 */ { 0x03, 0, 1, 9, "blissSigType" }, /* 224 */ - { 0x01, 226, 0, 10, "BLISS-with-SHA512" }, /* 225 */ - { 0x02, 227, 0, 10, "BLISS-with-SHA384" }, /* 226 */ - { 0x03, 0, 0, 10, "BLISS-with-SHA256" }, /* 227 */ - { 0x89, 235, 1, 5, "" }, /* 228 */ - { 0x31, 0, 1, 6, "" }, /* 229 */ - { 0x01, 0, 1, 7, "" }, /* 230 */ - { 0x01, 0, 1, 8, "" }, /* 231 */ - { 0x02, 0, 1, 9, "" }, /* 232 */ - { 0x02, 0, 1, 10, "" }, /* 233 */ - { 0x4B, 0, 0, 11, "TCGID" }, /* 234 */ - { 0x97, 239, 1, 5, "" }, /* 235 */ - { 0x55, 0, 1, 6, "" }, /* 236 */ - { 0x01, 0, 1, 7, "" }, /* 237 */ - { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 238 */ - { 0xC1, 0, 1, 5, "" }, /* 239 */ - { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 240 */ - { 0x01, 0, 1, 7, "eess" }, /* 241 */ - { 0x01, 0, 1, 8, "eess1" }, /* 242 */ - { 0x01, 247, 1, 9, "eess1-algs" }, /* 243 */ - { 0x01, 245, 0, 10, "ntru-EESS1v1-SVES" }, /* 244 */ - { 0x02, 246, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 245 */ - { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 246 */ - { 0x02, 277, 1, 9, "eess1-params" }, /* 247 */ - { 0x01, 249, 0, 10, "ees251ep1" }, /* 248 */ - { 0x02, 250, 0, 10, "ees347ep1" }, /* 249 */ - { 0x03, 251, 0, 10, "ees503ep1" }, /* 250 */ - { 0x07, 252, 0, 10, "ees251sp2" }, /* 251 */ - { 0x0C, 253, 0, 10, "ees251ep4" }, /* 252 */ - { 0x0D, 254, 0, 10, "ees251ep5" }, /* 253 */ - { 0x0E, 255, 0, 10, "ees251sp3" }, /* 254 */ - { 0x0F, 256, 0, 10, "ees251sp4" }, /* 255 */ - { 0x10, 257, 0, 10, "ees251sp5" }, /* 256 */ - { 0x11, 258, 0, 10, "ees251sp6" }, /* 257 */ - { 0x12, 259, 0, 10, "ees251sp7" }, /* 258 */ - { 0x13, 260, 0, 10, "ees251sp8" }, /* 259 */ - { 0x14, 261, 0, 10, "ees251sp9" }, /* 260 */ - { 0x22, 262, 0, 10, "ees401ep1" }, /* 261 */ - { 0x23, 263, 0, 10, "ees449ep1" }, /* 262 */ - { 0x24, 264, 0, 10, "ees677ep1" }, /* 263 */ - { 0x25, 265, 0, 10, "ees1087ep2" }, /* 264 */ - { 0x26, 266, 0, 10, "ees541ep1" }, /* 265 */ - { 0x27, 267, 0, 10, "ees613ep1" }, /* 266 */ - { 0x28, 268, 0, 10, "ees887ep1" }, /* 267 */ - { 0x29, 269, 0, 10, "ees1171ep1" }, /* 268 */ - { 0x2A, 270, 0, 10, "ees659ep1" }, /* 269 */ - { 0x2B, 271, 0, 10, "ees761ep1" }, /* 270 */ - { 0x2C, 272, 0, 10, "ees1087ep1" }, /* 271 */ - { 0x2D, 273, 0, 10, "ees1499ep1" }, /* 272 */ - { 0x2E, 274, 0, 10, "ees401ep2" }, /* 273 */ - { 0x2F, 275, 0, 10, "ees439ep1" }, /* 274 */ - { 0x30, 276, 0, 10, "ees593ep1" }, /* 275 */ - { 0x31, 0, 0, 10, "ees743ep1" }, /* 276 */ - { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 277 */ - { 0x05, 0, 1, 3, "security" }, /* 278 */ - { 0x05, 0, 1, 4, "mechanisms" }, /* 279 */ - { 0x07, 324, 1, 5, "id-pkix" }, /* 280 */ - { 0x01, 285, 1, 6, "id-pe" }, /* 281 */ - { 0x01, 283, 0, 7, "authorityInfoAccess" }, /* 282 */ - { 0x03, 284, 0, 7, "qcStatements" }, /* 283 */ - { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 284 */ - { 0x02, 288, 1, 6, "id-qt" }, /* 285 */ - { 0x01, 287, 0, 7, "cps" }, /* 286 */ - { 0x02, 0, 0, 7, "unotice" }, /* 287 */ - { 0x03, 298, 1, 6, "id-kp" }, /* 288 */ - { 0x01, 290, 0, 7, "serverAuth" }, /* 289 */ - { 0x02, 291, 0, 7, "clientAuth" }, /* 290 */ - { 0x03, 292, 0, 7, "codeSigning" }, /* 291 */ - { 0x04, 293, 0, 7, "emailProtection" }, /* 292 */ - { 0x05, 294, 0, 7, "ipsecEndSystem" }, /* 293 */ - { 0x06, 295, 0, 7, "ipsecTunnel" }, /* 294 */ - { 0x07, 296, 0, 7, "ipsecUser" }, /* 295 */ - { 0x08, 297, 0, 7, "timeStamping" }, /* 296 */ - { 0x09, 0, 0, 7, "ocspSigning" }, /* 297 */ - { 0x08, 306, 1, 6, "id-otherNames" }, /* 298 */ - { 0x01, 300, 0, 7, "personalData" }, /* 299 */ - { 0x02, 301, 0, 7, "userGroup" }, /* 300 */ - { 0x03, 302, 0, 7, "id-on-permanentIdentifier" }, /* 301 */ - { 0x04, 303, 0, 7, "id-on-hardwareModuleName" }, /* 302 */ - { 0x05, 304, 0, 7, "xmppAddr" }, /* 303 */ - { 0x06, 305, 0, 7, "id-on-SIM" }, /* 304 */ - { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 305 */ - { 0x0A, 311, 1, 6, "id-aca" }, /* 306 */ - { 0x01, 308, 0, 7, "authenticationInfo" }, /* 307 */ - { 0x02, 309, 0, 7, "accessIdentity" }, /* 308 */ - { 0x03, 310, 0, 7, "chargingIdentity" }, /* 309 */ - { 0x04, 0, 0, 7, "group" }, /* 310 */ - { 0x0B, 312, 0, 6, "subjectInfoAccess" }, /* 311 */ - { 0x30, 0, 1, 6, "id-ad" }, /* 312 */ - { 0x01, 321, 1, 7, "ocsp" }, /* 313 */ - { 0x01, 315, 0, 8, "basic" }, /* 314 */ - { 0x02, 316, 0, 8, "nonce" }, /* 315 */ - { 0x03, 317, 0, 8, "crl" }, /* 316 */ - { 0x04, 318, 0, 8, "response" }, /* 317 */ - { 0x05, 319, 0, 8, "noCheck" }, /* 318 */ - { 0x06, 320, 0, 8, "archiveCutoff" }, /* 319 */ - { 0x07, 0, 0, 8, "serviceLocator" }, /* 320 */ - { 0x02, 322, 0, 7, "caIssuers" }, /* 321 */ - { 0x03, 323, 0, 7, "timeStamping" }, /* 322 */ - { 0x05, 0, 0, 7, "caRepository" }, /* 323 */ - { 0x08, 0, 1, 5, "ipsec" }, /* 324 */ - { 0x02, 0, 1, 6, "certificate" }, /* 325 */ - { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 326 */ - { 0x0E, 333, 1, 1, "oiw" }, /* 327 */ - { 0x03, 0, 1, 2, "secsig" }, /* 328 */ - { 0x02, 0, 1, 3, "algorithms" }, /* 329 */ - { 0x07, 331, 0, 4, "des-cbc" }, /* 330 */ - { 0x1A, 332, 0, 4, "sha-1" }, /* 331 */ - { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 332 */ - { 0x24, 379, 1, 1, "TeleTrusT" }, /* 333 */ - { 0x03, 0, 1, 2, "algorithm" }, /* 334 */ - { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 335 */ - { 0x01, 340, 1, 4, "rsaSignature" }, /* 336 */ - { 0x02, 338, 0, 5, "rsaSigWithripemd160" }, /* 337 */ - { 0x03, 339, 0, 5, "rsaSigWithripemd128" }, /* 338 */ - { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 339 */ - { 0x02, 0, 1, 4, "ecSign" }, /* 340 */ - { 0x01, 342, 0, 5, "ecSignWithsha1" }, /* 341 */ - { 0x02, 343, 0, 5, "ecSignWithripemd160" }, /* 342 */ - { 0x03, 344, 0, 5, "ecSignWithmd2" }, /* 343 */ - { 0x04, 345, 0, 5, "ecSignWithmd5" }, /* 344 */ - { 0x05, 362, 1, 5, "ttt-ecg" }, /* 345 */ - { 0x01, 350, 1, 6, "fieldType" }, /* 346 */ - { 0x01, 0, 1, 7, "characteristictwoField" }, /* 347 */ - { 0x01, 0, 1, 8, "basisType" }, /* 348 */ - { 0x01, 0, 0, 9, "ipBasis" }, /* 349 */ - { 0x02, 352, 1, 6, "keyType" }, /* 350 */ - { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 351 */ - { 0x03, 353, 0, 6, "curve" }, /* 352 */ - { 0x04, 360, 1, 6, "signatures" }, /* 353 */ - { 0x01, 355, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 354 */ - { 0x02, 356, 0, 7, "ecgdsa-with-SHA1" }, /* 355 */ - { 0x03, 357, 0, 7, "ecgdsa-with-SHA224" }, /* 356 */ - { 0x04, 358, 0, 7, "ecgdsa-with-SHA256" }, /* 357 */ - { 0x05, 359, 0, 7, "ecgdsa-with-SHA384" }, /* 358 */ - { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 359 */ - { 0x05, 0, 1, 6, "module" }, /* 360 */ - { 0x01, 0, 0, 7, "1" }, /* 361 */ - { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 362 */ - { 0x01, 0, 1, 6, "ellipticCurve" }, /* 363 */ - { 0x01, 0, 1, 7, "versionOne" }, /* 364 */ - { 0x01, 366, 0, 8, "brainpoolP160r1" }, /* 365 */ - { 0x02, 367, 0, 8, "brainpoolP160t1" }, /* 366 */ - { 0x03, 368, 0, 8, "brainpoolP192r1" }, /* 367 */ - { 0x04, 369, 0, 8, "brainpoolP192t1" }, /* 368 */ - { 0x05, 370, 0, 8, "brainpoolP224r1" }, /* 369 */ - { 0x06, 371, 0, 8, "brainpoolP224t1" }, /* 370 */ - { 0x07, 372, 0, 8, "brainpoolP256r1" }, /* 371 */ - { 0x08, 373, 0, 8, "brainpoolP256t1" }, /* 372 */ - { 0x09, 374, 0, 8, "brainpoolP320r1" }, /* 373 */ - { 0x0A, 375, 0, 8, "brainpoolP320t1" }, /* 374 */ - { 0x0B, 376, 0, 8, "brainpoolP384r1" }, /* 375 */ - { 0x0C, 377, 0, 8, "brainpoolP384t1" }, /* 376 */ - { 0x0D, 378, 0, 8, "brainpoolP512r1" }, /* 377 */ - { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 378 */ - { 0x81, 0, 1, 1, "" }, /* 379 */ - { 0x04, 0, 1, 2, "Certicom" }, /* 380 */ - { 0x00, 0, 1, 3, "curve" }, /* 381 */ - { 0x01, 383, 0, 4, "sect163k1" }, /* 382 */ - { 0x02, 384, 0, 4, "sect163r1" }, /* 383 */ - { 0x03, 385, 0, 4, "sect239k1" }, /* 384 */ - { 0x04, 386, 0, 4, "sect113r1" }, /* 385 */ - { 0x05, 387, 0, 4, "sect113r2" }, /* 386 */ - { 0x06, 388, 0, 4, "secp112r1" }, /* 387 */ - { 0x07, 389, 0, 4, "secp112r2" }, /* 388 */ - { 0x08, 390, 0, 4, "secp160r1" }, /* 389 */ - { 0x09, 391, 0, 4, "secp160k1" }, /* 390 */ - { 0x0A, 392, 0, 4, "secp256k1" }, /* 391 */ - { 0x0F, 393, 0, 4, "sect163r2" }, /* 392 */ - { 0x10, 394, 0, 4, "sect283k1" }, /* 393 */ - { 0x11, 395, 0, 4, "sect283r1" }, /* 394 */ - { 0x16, 396, 0, 4, "sect131r1" }, /* 395 */ - { 0x17, 397, 0, 4, "sect131r2" }, /* 396 */ - { 0x18, 398, 0, 4, "sect193r1" }, /* 397 */ - { 0x19, 399, 0, 4, "sect193r2" }, /* 398 */ - { 0x1A, 400, 0, 4, "sect233k1" }, /* 399 */ - { 0x1B, 401, 0, 4, "sect233r1" }, /* 400 */ - { 0x1C, 402, 0, 4, "secp128r1" }, /* 401 */ - { 0x1D, 403, 0, 4, "secp128r2" }, /* 402 */ - { 0x1E, 404, 0, 4, "secp160r2" }, /* 403 */ - { 0x1F, 405, 0, 4, "secp192k1" }, /* 404 */ - { 0x20, 406, 0, 4, "secp224k1" }, /* 405 */ - { 0x21, 407, 0, 4, "secp224r1" }, /* 406 */ - { 0x22, 408, 0, 4, "secp384r1" }, /* 407 */ - { 0x23, 409, 0, 4, "secp521r1" }, /* 408 */ - { 0x24, 410, 0, 4, "sect409k1" }, /* 409 */ - { 0x25, 411, 0, 4, "sect409r1" }, /* 410 */ - { 0x26, 412, 0, 4, "sect571k1" }, /* 411 */ - { 0x27, 0, 0, 4, "sect571r1" }, /* 412 */ - {0x60, 467, 1, 0, "" }, /* 413 */ - { 0x86, 0, 1, 1, "" }, /* 414 */ - { 0x48, 0, 1, 2, "" }, /* 415 */ - { 0x01, 0, 1, 3, "organization" }, /* 416 */ - { 0x65, 443, 1, 4, "gov" }, /* 417 */ - { 0x03, 0, 1, 5, "csor" }, /* 418 */ - { 0x04, 0, 1, 6, "nistalgorithm" }, /* 419 */ - { 0x01, 430, 1, 7, "aes" }, /* 420 */ - { 0x02, 422, 0, 8, "id-aes128-CBC" }, /* 421 */ - { 0x06, 423, 0, 8, "id-aes128-GCM" }, /* 422 */ - { 0x07, 424, 0, 8, "id-aes128-CCM" }, /* 423 */ - { 0x16, 425, 0, 8, "id-aes192-CBC" }, /* 424 */ - { 0x1A, 426, 0, 8, "id-aes192-GCM" }, /* 425 */ - { 0x1B, 427, 0, 8, "id-aes192-CCM" }, /* 426 */ - { 0x2A, 428, 0, 8, "id-aes256-CBC" }, /* 427 */ - { 0x2E, 429, 0, 8, "id-aes256-GCM" }, /* 428 */ - { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 429 */ - { 0x02, 0, 1, 7, "hashalgs" }, /* 430 */ - { 0x01, 432, 0, 8, "id-sha256" }, /* 431 */ - { 0x02, 433, 0, 8, "id-sha384" }, /* 432 */ - { 0x03, 434, 0, 8, "id-sha512" }, /* 433 */ - { 0x04, 435, 0, 8, "id-sha224" }, /* 434 */ - { 0x05, 436, 0, 8, "id-sha512-224" }, /* 435 */ - { 0x06, 437, 0, 8, "id-sha512-256" }, /* 436 */ - { 0x07, 438, 0, 8, "id-sha3-224" }, /* 437 */ - { 0x08, 439, 0, 8, "id-sha3-256" }, /* 438 */ - { 0x09, 440, 0, 8, "id-sha3-384" }, /* 439 */ - { 0x0A, 441, 0, 8, "id-sha3-512" }, /* 440 */ - { 0x0B, 442, 0, 8, "id-shake128" }, /* 441 */ - { 0x0C, 0, 0, 8, "id-shake256" }, /* 442 */ - { 0x86, 0, 1, 4, "" }, /* 443 */ - { 0xf8, 0, 1, 5, "" }, /* 444 */ - { 0x42, 457, 1, 6, "netscape" }, /* 445 */ - { 0x01, 452, 1, 7, "" }, /* 446 */ - { 0x01, 448, 0, 8, "nsCertType" }, /* 447 */ - { 0x03, 449, 0, 8, "nsRevocationUrl" }, /* 448 */ - { 0x04, 450, 0, 8, "nsCaRevocationUrl" }, /* 449 */ - { 0x08, 451, 0, 8, "nsCaPolicyUrl" }, /* 450 */ - { 0x0d, 0, 0, 8, "nsComment" }, /* 451 */ - { 0x03, 455, 1, 7, "directory" }, /* 452 */ - { 0x01, 0, 1, 8, "" }, /* 453 */ - { 0x03, 0, 0, 9, "employeeNumber" }, /* 454 */ - { 0x04, 0, 1, 7, "policy" }, /* 455 */ - { 0x01, 0, 0, 8, "nsSGC" }, /* 456 */ - { 0x45, 0, 1, 6, "verisign" }, /* 457 */ - { 0x01, 0, 1, 7, "pki" }, /* 458 */ - { 0x09, 0, 1, 8, "attributes" }, /* 459 */ - { 0x02, 461, 0, 9, "messageType" }, /* 460 */ - { 0x03, 462, 0, 9, "pkiStatus" }, /* 461 */ - { 0x04, 463, 0, 9, "failInfo" }, /* 462 */ - { 0x05, 464, 0, 9, "senderNonce" }, /* 463 */ - { 0x06, 465, 0, 9, "recipientNonce" }, /* 464 */ - { 0x07, 466, 0, 9, "transID" }, /* 465 */ - { 0x08, 0, 0, 9, "extensionReq" }, /* 466 */ - {0x67, 0, 1, 0, "" }, /* 467 */ - { 0x81, 0, 1, 1, "" }, /* 468 */ - { 0x05, 0, 1, 2, "" }, /* 469 */ - { 0x02, 0, 1, 3, "tcg-attribute" }, /* 470 */ - { 0x01, 472, 0, 4, "tcg-at-tpmManufacturer" }, /* 471 */ - { 0x02, 473, 0, 4, "tcg-at-tpmModel" }, /* 472 */ - { 0x03, 474, 0, 4, "tcg-at-tpmVersion" }, /* 473 */ - { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 474 */ + { 0x01, 226, 0, 10, "BLISS-with-SHA2-512" }, /* 225 */ + { 0x02, 227, 0, 10, "BLISS-with-SHA2-384" }, /* 226 */ + { 0x03, 228, 0, 10, "BLISS-with-SHA2-256" }, /* 227 */ + { 0x04, 229, 0, 10, "BLISS-with-SHA3-512" }, /* 228 */ + { 0x05, 230, 0, 10, "BLISS-with-SHA3-384" }, /* 229 */ + { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 230 */ + { 0x89, 238, 1, 5, "" }, /* 231 */ + { 0x31, 0, 1, 6, "" }, /* 232 */ + { 0x01, 0, 1, 7, "" }, /* 233 */ + { 0x01, 0, 1, 8, "" }, /* 234 */ + { 0x02, 0, 1, 9, "" }, /* 235 */ + { 0x02, 0, 1, 10, "" }, /* 236 */ + { 0x4B, 0, 0, 11, "TCGID" }, /* 237 */ + { 0x97, 242, 1, 5, "" }, /* 238 */ + { 0x55, 0, 1, 6, "" }, /* 239 */ + { 0x01, 0, 1, 7, "" }, /* 240 */ + { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 241 */ + { 0xC1, 0, 1, 5, "" }, /* 242 */ + { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 243 */ + { 0x01, 0, 1, 7, "eess" }, /* 244 */ + { 0x01, 0, 1, 8, "eess1" }, /* 245 */ + { 0x01, 250, 1, 9, "eess1-algs" }, /* 246 */ + { 0x01, 248, 0, 10, "ntru-EESS1v1-SVES" }, /* 247 */ + { 0x02, 249, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 248 */ + { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 249 */ + { 0x02, 280, 1, 9, "eess1-params" }, /* 250 */ + { 0x01, 252, 0, 10, "ees251ep1" }, /* 251 */ + { 0x02, 253, 0, 10, "ees347ep1" }, /* 252 */ + { 0x03, 254, 0, 10, "ees503ep1" }, /* 253 */ + { 0x07, 255, 0, 10, "ees251sp2" }, /* 254 */ + { 0x0C, 256, 0, 10, "ees251ep4" }, /* 255 */ + { 0x0D, 257, 0, 10, "ees251ep5" }, /* 256 */ + { 0x0E, 258, 0, 10, "ees251sp3" }, /* 257 */ + { 0x0F, 259, 0, 10, "ees251sp4" }, /* 258 */ + { 0x10, 260, 0, 10, "ees251sp5" }, /* 259 */ + { 0x11, 261, 0, 10, "ees251sp6" }, /* 260 */ + { 0x12, 262, 0, 10, "ees251sp7" }, /* 261 */ + { 0x13, 263, 0, 10, "ees251sp8" }, /* 262 */ + { 0x14, 264, 0, 10, "ees251sp9" }, /* 263 */ + { 0x22, 265, 0, 10, "ees401ep1" }, /* 264 */ + { 0x23, 266, 0, 10, "ees449ep1" }, /* 265 */ + { 0x24, 267, 0, 10, "ees677ep1" }, /* 266 */ + { 0x25, 268, 0, 10, "ees1087ep2" }, /* 267 */ + { 0x26, 269, 0, 10, "ees541ep1" }, /* 268 */ + { 0x27, 270, 0, 10, "ees613ep1" }, /* 269 */ + { 0x28, 271, 0, 10, "ees887ep1" }, /* 270 */ + { 0x29, 272, 0, 10, "ees1171ep1" }, /* 271 */ + { 0x2A, 273, 0, 10, "ees659ep1" }, /* 272 */ + { 0x2B, 274, 0, 10, "ees761ep1" }, /* 273 */ + { 0x2C, 275, 0, 10, "ees1087ep1" }, /* 274 */ + { 0x2D, 276, 0, 10, "ees1499ep1" }, /* 275 */ + { 0x2E, 277, 0, 10, "ees401ep2" }, /* 276 */ + { 0x2F, 278, 0, 10, "ees439ep1" }, /* 277 */ + { 0x30, 279, 0, 10, "ees593ep1" }, /* 278 */ + { 0x31, 0, 0, 10, "ees743ep1" }, /* 279 */ + { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 280 */ + { 0x05, 0, 1, 3, "security" }, /* 281 */ + { 0x05, 0, 1, 4, "mechanisms" }, /* 282 */ + { 0x07, 327, 1, 5, "id-pkix" }, /* 283 */ + { 0x01, 288, 1, 6, "id-pe" }, /* 284 */ + { 0x01, 286, 0, 7, "authorityInfoAccess" }, /* 285 */ + { 0x03, 287, 0, 7, "qcStatements" }, /* 286 */ + { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 287 */ + { 0x02, 291, 1, 6, "id-qt" }, /* 288 */ + { 0x01, 290, 0, 7, "cps" }, /* 289 */ + { 0x02, 0, 0, 7, "unotice" }, /* 290 */ + { 0x03, 301, 1, 6, "id-kp" }, /* 291 */ + { 0x01, 293, 0, 7, "serverAuth" }, /* 292 */ + { 0x02, 294, 0, 7, "clientAuth" }, /* 293 */ + { 0x03, 295, 0, 7, "codeSigning" }, /* 294 */ + { 0x04, 296, 0, 7, "emailProtection" }, /* 295 */ + { 0x05, 297, 0, 7, "ipsecEndSystem" }, /* 296 */ + { 0x06, 298, 0, 7, "ipsecTunnel" }, /* 297 */ + { 0x07, 299, 0, 7, "ipsecUser" }, /* 298 */ + { 0x08, 300, 0, 7, "timeStamping" }, /* 299 */ + { 0x09, 0, 0, 7, "ocspSigning" }, /* 300 */ + { 0x08, 309, 1, 6, "id-otherNames" }, /* 301 */ + { 0x01, 303, 0, 7, "personalData" }, /* 302 */ + { 0x02, 304, 0, 7, "userGroup" }, /* 303 */ + { 0x03, 305, 0, 7, "id-on-permanentIdentifier" }, /* 304 */ + { 0x04, 306, 0, 7, "id-on-hardwareModuleName" }, /* 305 */ + { 0x05, 307, 0, 7, "xmppAddr" }, /* 306 */ + { 0x06, 308, 0, 7, "id-on-SIM" }, /* 307 */ + { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 308 */ + { 0x0A, 314, 1, 6, "id-aca" }, /* 309 */ + { 0x01, 311, 0, 7, "authenticationInfo" }, /* 310 */ + { 0x02, 312, 0, 7, "accessIdentity" }, /* 311 */ + { 0x03, 313, 0, 7, "chargingIdentity" }, /* 312 */ + { 0x04, 0, 0, 7, "group" }, /* 313 */ + { 0x0B, 315, 0, 6, "subjectInfoAccess" }, /* 314 */ + { 0x30, 0, 1, 6, "id-ad" }, /* 315 */ + { 0x01, 324, 1, 7, "ocsp" }, /* 316 */ + { 0x01, 318, 0, 8, "basic" }, /* 317 */ + { 0x02, 319, 0, 8, "nonce" }, /* 318 */ + { 0x03, 320, 0, 8, "crl" }, /* 319 */ + { 0x04, 321, 0, 8, "response" }, /* 320 */ + { 0x05, 322, 0, 8, "noCheck" }, /* 321 */ + { 0x06, 323, 0, 8, "archiveCutoff" }, /* 322 */ + { 0x07, 0, 0, 8, "serviceLocator" }, /* 323 */ + { 0x02, 325, 0, 7, "caIssuers" }, /* 324 */ + { 0x03, 326, 0, 7, "timeStamping" }, /* 325 */ + { 0x05, 0, 0, 7, "caRepository" }, /* 326 */ + { 0x08, 0, 1, 5, "ipsec" }, /* 327 */ + { 0x02, 0, 1, 6, "certificate" }, /* 328 */ + { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 329 */ + { 0x0E, 336, 1, 1, "oiw" }, /* 330 */ + { 0x03, 0, 1, 2, "secsig" }, /* 331 */ + { 0x02, 0, 1, 3, "algorithms" }, /* 332 */ + { 0x07, 334, 0, 4, "des-cbc" }, /* 333 */ + { 0x1A, 335, 0, 4, "sha-1" }, /* 334 */ + { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 335 */ + { 0x24, 382, 1, 1, "TeleTrusT" }, /* 336 */ + { 0x03, 0, 1, 2, "algorithm" }, /* 337 */ + { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 338 */ + { 0x01, 343, 1, 4, "rsaSignature" }, /* 339 */ + { 0x02, 341, 0, 5, "rsaSigWithripemd160" }, /* 340 */ + { 0x03, 342, 0, 5, "rsaSigWithripemd128" }, /* 341 */ + { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 342 */ + { 0x02, 0, 1, 4, "ecSign" }, /* 343 */ + { 0x01, 345, 0, 5, "ecSignWithsha1" }, /* 344 */ + { 0x02, 346, 0, 5, "ecSignWithripemd160" }, /* 345 */ + { 0x03, 347, 0, 5, "ecSignWithmd2" }, /* 346 */ + { 0x04, 348, 0, 5, "ecSignWithmd5" }, /* 347 */ + { 0x05, 365, 1, 5, "ttt-ecg" }, /* 348 */ + { 0x01, 353, 1, 6, "fieldType" }, /* 349 */ + { 0x01, 0, 1, 7, "characteristictwoField" }, /* 350 */ + { 0x01, 0, 1, 8, "basisType" }, /* 351 */ + { 0x01, 0, 0, 9, "ipBasis" }, /* 352 */ + { 0x02, 355, 1, 6, "keyType" }, /* 353 */ + { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 354 */ + { 0x03, 356, 0, 6, "curve" }, /* 355 */ + { 0x04, 363, 1, 6, "signatures" }, /* 356 */ + { 0x01, 358, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 357 */ + { 0x02, 359, 0, 7, "ecgdsa-with-SHA1" }, /* 358 */ + { 0x03, 360, 0, 7, "ecgdsa-with-SHA224" }, /* 359 */ + { 0x04, 361, 0, 7, "ecgdsa-with-SHA256" }, /* 360 */ + { 0x05, 362, 0, 7, "ecgdsa-with-SHA384" }, /* 361 */ + { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 362 */ + { 0x05, 0, 1, 6, "module" }, /* 363 */ + { 0x01, 0, 0, 7, "1" }, /* 364 */ + { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 365 */ + { 0x01, 0, 1, 6, "ellipticCurve" }, /* 366 */ + { 0x01, 0, 1, 7, "versionOne" }, /* 367 */ + { 0x01, 369, 0, 8, "brainpoolP160r1" }, /* 368 */ + { 0x02, 370, 0, 8, "brainpoolP160t1" }, /* 369 */ + { 0x03, 371, 0, 8, "brainpoolP192r1" }, /* 370 */ + { 0x04, 372, 0, 8, "brainpoolP192t1" }, /* 371 */ + { 0x05, 373, 0, 8, "brainpoolP224r1" }, /* 372 */ + { 0x06, 374, 0, 8, "brainpoolP224t1" }, /* 373 */ + { 0x07, 375, 0, 8, "brainpoolP256r1" }, /* 374 */ + { 0x08, 376, 0, 8, "brainpoolP256t1" }, /* 375 */ + { 0x09, 377, 0, 8, "brainpoolP320r1" }, /* 376 */ + { 0x0A, 378, 0, 8, "brainpoolP320t1" }, /* 377 */ + { 0x0B, 379, 0, 8, "brainpoolP384r1" }, /* 378 */ + { 0x0C, 380, 0, 8, "brainpoolP384t1" }, /* 379 */ + { 0x0D, 381, 0, 8, "brainpoolP512r1" }, /* 380 */ + { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 381 */ + { 0x81, 0, 1, 1, "" }, /* 382 */ + { 0x04, 0, 1, 2, "Certicom" }, /* 383 */ + { 0x00, 0, 1, 3, "curve" }, /* 384 */ + { 0x01, 386, 0, 4, "sect163k1" }, /* 385 */ + { 0x02, 387, 0, 4, "sect163r1" }, /* 386 */ + { 0x03, 388, 0, 4, "sect239k1" }, /* 387 */ + { 0x04, 389, 0, 4, "sect113r1" }, /* 388 */ + { 0x05, 390, 0, 4, "sect113r2" }, /* 389 */ + { 0x06, 391, 0, 4, "secp112r1" }, /* 390 */ + { 0x07, 392, 0, 4, "secp112r2" }, /* 391 */ + { 0x08, 393, 0, 4, "secp160r1" }, /* 392 */ + { 0x09, 394, 0, 4, "secp160k1" }, /* 393 */ + { 0x0A, 395, 0, 4, "secp256k1" }, /* 394 */ + { 0x0F, 396, 0, 4, "sect163r2" }, /* 395 */ + { 0x10, 397, 0, 4, "sect283k1" }, /* 396 */ + { 0x11, 398, 0, 4, "sect283r1" }, /* 397 */ + { 0x16, 399, 0, 4, "sect131r1" }, /* 398 */ + { 0x17, 400, 0, 4, "sect131r2" }, /* 399 */ + { 0x18, 401, 0, 4, "sect193r1" }, /* 400 */ + { 0x19, 402, 0, 4, "sect193r2" }, /* 401 */ + { 0x1A, 403, 0, 4, "sect233k1" }, /* 402 */ + { 0x1B, 404, 0, 4, "sect233r1" }, /* 403 */ + { 0x1C, 405, 0, 4, "secp128r1" }, /* 404 */ + { 0x1D, 406, 0, 4, "secp128r2" }, /* 405 */ + { 0x1E, 407, 0, 4, "secp160r2" }, /* 406 */ + { 0x1F, 408, 0, 4, "secp192k1" }, /* 407 */ + { 0x20, 409, 0, 4, "secp224k1" }, /* 408 */ + { 0x21, 410, 0, 4, "secp224r1" }, /* 409 */ + { 0x22, 411, 0, 4, "secp384r1" }, /* 410 */ + { 0x23, 412, 0, 4, "secp521r1" }, /* 411 */ + { 0x24, 413, 0, 4, "sect409k1" }, /* 412 */ + { 0x25, 414, 0, 4, "sect409r1" }, /* 413 */ + { 0x26, 415, 0, 4, "sect571k1" }, /* 414 */ + { 0x27, 0, 0, 4, "sect571r1" }, /* 415 */ + {0x60, 470, 1, 0, "" }, /* 416 */ + { 0x86, 0, 1, 1, "" }, /* 417 */ + { 0x48, 0, 1, 2, "" }, /* 418 */ + { 0x01, 0, 1, 3, "organization" }, /* 419 */ + { 0x65, 446, 1, 4, "gov" }, /* 420 */ + { 0x03, 0, 1, 5, "csor" }, /* 421 */ + { 0x04, 0, 1, 6, "nistalgorithm" }, /* 422 */ + { 0x01, 433, 1, 7, "aes" }, /* 423 */ + { 0x02, 425, 0, 8, "id-aes128-CBC" }, /* 424 */ + { 0x06, 426, 0, 8, "id-aes128-GCM" }, /* 425 */ + { 0x07, 427, 0, 8, "id-aes128-CCM" }, /* 426 */ + { 0x16, 428, 0, 8, "id-aes192-CBC" }, /* 427 */ + { 0x1A, 429, 0, 8, "id-aes192-GCM" }, /* 428 */ + { 0x1B, 430, 0, 8, "id-aes192-CCM" }, /* 429 */ + { 0x2A, 431, 0, 8, "id-aes256-CBC" }, /* 430 */ + { 0x2E, 432, 0, 8, "id-aes256-GCM" }, /* 431 */ + { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 432 */ + { 0x02, 0, 1, 7, "hashalgs" }, /* 433 */ + { 0x01, 435, 0, 8, "id-sha256" }, /* 434 */ + { 0x02, 436, 0, 8, "id-sha384" }, /* 435 */ + { 0x03, 437, 0, 8, "id-sha512" }, /* 436 */ + { 0x04, 438, 0, 8, "id-sha224" }, /* 437 */ + { 0x05, 439, 0, 8, "id-sha512-224" }, /* 438 */ + { 0x06, 440, 0, 8, "id-sha512-256" }, /* 439 */ + { 0x07, 441, 0, 8, "id-sha3-224" }, /* 440 */ + { 0x08, 442, 0, 8, "id-sha3-256" }, /* 441 */ + { 0x09, 443, 0, 8, "id-sha3-384" }, /* 442 */ + { 0x0A, 444, 0, 8, "id-sha3-512" }, /* 443 */ + { 0x0B, 445, 0, 8, "id-shake128" }, /* 444 */ + { 0x0C, 0, 0, 8, "id-shake256" }, /* 445 */ + { 0x86, 0, 1, 4, "" }, /* 446 */ + { 0xf8, 0, 1, 5, "" }, /* 447 */ + { 0x42, 460, 1, 6, "netscape" }, /* 448 */ + { 0x01, 455, 1, 7, "" }, /* 449 */ + { 0x01, 451, 0, 8, "nsCertType" }, /* 450 */ + { 0x03, 452, 0, 8, "nsRevocationUrl" }, /* 451 */ + { 0x04, 453, 0, 8, "nsCaRevocationUrl" }, /* 452 */ + { 0x08, 454, 0, 8, "nsCaPolicyUrl" }, /* 453 */ + { 0x0d, 0, 0, 8, "nsComment" }, /* 454 */ + { 0x03, 458, 1, 7, "directory" }, /* 455 */ + { 0x01, 0, 1, 8, "" }, /* 456 */ + { 0x03, 0, 0, 9, "employeeNumber" }, /* 457 */ + { 0x04, 0, 1, 7, "policy" }, /* 458 */ + { 0x01, 0, 0, 8, "nsSGC" }, /* 459 */ + { 0x45, 0, 1, 6, "verisign" }, /* 460 */ + { 0x01, 0, 1, 7, "pki" }, /* 461 */ + { 0x09, 0, 1, 8, "attributes" }, /* 462 */ + { 0x02, 464, 0, 9, "messageType" }, /* 463 */ + { 0x03, 465, 0, 9, "pkiStatus" }, /* 464 */ + { 0x04, 466, 0, 9, "failInfo" }, /* 465 */ + { 0x05, 467, 0, 9, "senderNonce" }, /* 466 */ + { 0x06, 468, 0, 9, "recipientNonce" }, /* 467 */ + { 0x07, 469, 0, 9, "transID" }, /* 468 */ + { 0x08, 0, 0, 9, "extensionReq" }, /* 469 */ + {0x67, 0, 1, 0, "" }, /* 470 */ + { 0x81, 0, 1, 1, "" }, /* 471 */ + { 0x05, 0, 1, 2, "" }, /* 472 */ + { 0x02, 0, 1, 3, "tcg-attribute" }, /* 473 */ + { 0x01, 475, 0, 4, "tcg-at-tpmManufacturer" }, /* 474 */ + { 0x02, 476, 0, 4, "tcg-at-tpmModel" }, /* 475 */ + { 0x03, 477, 0, 4, "tcg-at-tpmVersion" }, /* 476 */ + { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 477 */ }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index 0f7c5d644..b9ed08d2e 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -150,103 +150,110 @@ extern const oid_t oid_names[]; #define OID_BLISS_B_II 221 #define OID_BLISS_B_III 222 #define OID_BLISS_B_IV 223 -#define OID_BLISS_WITH_SHA512 225 -#define OID_BLISS_WITH_SHA384 226 -#define OID_BLISS_WITH_SHA256 227 -#define OID_TCGID 234 -#define OID_BLOWFISH_CBC 238 -#define OID_AUTHORITY_INFO_ACCESS 282 -#define OID_IP_ADDR_BLOCKS 284 -#define OID_POLICY_QUALIFIER_CPS 286 -#define OID_POLICY_QUALIFIER_UNOTICE 287 -#define OID_SERVER_AUTH 289 -#define OID_CLIENT_AUTH 290 -#define OID_OCSP_SIGNING 297 -#define OID_XMPP_ADDR 303 -#define OID_AUTHENTICATION_INFO 307 -#define OID_ACCESS_IDENTITY 308 -#define OID_CHARGING_IDENTITY 309 -#define OID_GROUP 310 -#define OID_OCSP 313 -#define OID_BASIC 314 -#define OID_NONCE 315 -#define OID_CRL 316 -#define OID_RESPONSE 317 -#define OID_NO_CHECK 318 -#define OID_ARCHIVE_CUTOFF 319 -#define OID_SERVICE_LOCATOR 320 -#define OID_CA_ISSUERS 321 -#define OID_IKE_INTERMEDIATE 326 -#define OID_DES_CBC 330 -#define OID_SHA1 331 -#define OID_SHA1_WITH_RSA_OIW 332 -#define OID_ECGDSA_PUBKEY 351 -#define OID_ECGDSA_SIG_WITH_RIPEMD160 354 -#define OID_ECGDSA_SIG_WITH_SHA1 355 -#define OID_ECGDSA_SIG_WITH_SHA224 356 -#define OID_ECGDSA_SIG_WITH_SHA256 357 -#define OID_ECGDSA_SIG_WITH_SHA384 358 -#define OID_ECGDSA_SIG_WITH_SHA512 359 -#define OID_SECT163K1 382 -#define OID_SECT163R1 383 -#define OID_SECT239K1 384 -#define OID_SECT113R1 385 -#define OID_SECT113R2 386 -#define OID_SECT112R1 387 -#define OID_SECT112R2 388 -#define OID_SECT160R1 389 -#define OID_SECT160K1 390 -#define OID_SECT256K1 391 -#define OID_SECT163R2 392 -#define OID_SECT283K1 393 -#define OID_SECT283R1 394 -#define OID_SECT131R1 395 -#define OID_SECT131R2 396 -#define OID_SECT193R1 397 -#define OID_SECT193R2 398 -#define OID_SECT233K1 399 -#define OID_SECT233R1 400 -#define OID_SECT128R1 401 -#define OID_SECT128R2 402 -#define OID_SECT160R2 403 -#define OID_SECT192K1 404 -#define OID_SECT224K1 405 -#define OID_SECT224R1 406 -#define OID_SECT384R1 407 -#define OID_SECT521R1 408 -#define OID_SECT409K1 409 -#define OID_SECT409R1 410 -#define OID_SECT571K1 411 -#define OID_SECT571R1 412 -#define OID_AES128_CBC 421 -#define OID_AES128_GCM 422 -#define OID_AES128_CCM 423 -#define OID_AES192_CBC 424 -#define OID_AES192_GCM 425 -#define OID_AES192_CCM 426 -#define OID_AES256_CBC 427 -#define OID_AES256_GCM 428 -#define OID_AES256_CCM 429 -#define OID_SHA256 431 -#define OID_SHA384 432 -#define OID_SHA512 433 -#define OID_SHA224 434 -#define OID_NS_REVOCATION_URL 448 -#define OID_NS_CA_REVOCATION_URL 449 -#define OID_NS_CA_POLICY_URL 450 -#define OID_NS_COMMENT 451 -#define OID_EMPLOYEE_NUMBER 454 -#define OID_PKI_MESSAGE_TYPE 460 -#define OID_PKI_STATUS 461 -#define OID_PKI_FAIL_INFO 462 -#define OID_PKI_SENDER_NONCE 463 -#define OID_PKI_RECIPIENT_NONCE 464 -#define OID_PKI_TRANS_ID 465 -#define OID_TPM_MANUFACTURER 471 -#define OID_TPM_MODEL 472 -#define OID_TPM_VERSION 473 -#define OID_TPM_ID_LABEL 474 +#define OID_BLISS_WITH_SHA2_512 225 +#define OID_BLISS_WITH_SHA2_384 226 +#define OID_BLISS_WITH_SHA2_256 227 +#define OID_BLISS_WITH_SHA3_512 228 +#define OID_BLISS_WITH_SHA3_384 229 +#define OID_BLISS_WITH_SHA3_256 230 +#define OID_TCGID 237 +#define OID_BLOWFISH_CBC 241 +#define OID_AUTHORITY_INFO_ACCESS 285 +#define OID_IP_ADDR_BLOCKS 287 +#define OID_POLICY_QUALIFIER_CPS 289 +#define OID_POLICY_QUALIFIER_UNOTICE 290 +#define OID_SERVER_AUTH 292 +#define OID_CLIENT_AUTH 293 +#define OID_OCSP_SIGNING 300 +#define OID_XMPP_ADDR 306 +#define OID_AUTHENTICATION_INFO 310 +#define OID_ACCESS_IDENTITY 311 +#define OID_CHARGING_IDENTITY 312 +#define OID_GROUP 313 +#define OID_OCSP 316 +#define OID_BASIC 317 +#define OID_NONCE 318 +#define OID_CRL 319 +#define OID_RESPONSE 320 +#define OID_NO_CHECK 321 +#define OID_ARCHIVE_CUTOFF 322 +#define OID_SERVICE_LOCATOR 323 +#define OID_CA_ISSUERS 324 +#define OID_IKE_INTERMEDIATE 329 +#define OID_DES_CBC 333 +#define OID_SHA1 334 +#define OID_SHA1_WITH_RSA_OIW 335 +#define OID_ECGDSA_PUBKEY 354 +#define OID_ECGDSA_SIG_WITH_RIPEMD160 357 +#define OID_ECGDSA_SIG_WITH_SHA1 358 +#define OID_ECGDSA_SIG_WITH_SHA224 359 +#define OID_ECGDSA_SIG_WITH_SHA256 360 +#define OID_ECGDSA_SIG_WITH_SHA384 361 +#define OID_ECGDSA_SIG_WITH_SHA512 362 +#define OID_SECT163K1 385 +#define OID_SECT163R1 386 +#define OID_SECT239K1 387 +#define OID_SECT113R1 388 +#define OID_SECT113R2 389 +#define OID_SECT112R1 390 +#define OID_SECT112R2 391 +#define OID_SECT160R1 392 +#define OID_SECT160K1 393 +#define OID_SECT256K1 394 +#define OID_SECT163R2 395 +#define OID_SECT283K1 396 +#define OID_SECT283R1 397 +#define OID_SECT131R1 398 +#define OID_SECT131R2 399 +#define OID_SECT193R1 400 +#define OID_SECT193R2 401 +#define OID_SECT233K1 402 +#define OID_SECT233R1 403 +#define OID_SECT128R1 404 +#define OID_SECT128R2 405 +#define OID_SECT160R2 406 +#define OID_SECT192K1 407 +#define OID_SECT224K1 408 +#define OID_SECT224R1 409 +#define OID_SECT384R1 410 +#define OID_SECT521R1 411 +#define OID_SECT409K1 412 +#define OID_SECT409R1 413 +#define OID_SECT571K1 414 +#define OID_SECT571R1 415 +#define OID_AES128_CBC 424 +#define OID_AES128_GCM 425 +#define OID_AES128_CCM 426 +#define OID_AES192_CBC 427 +#define OID_AES192_GCM 428 +#define OID_AES192_CCM 429 +#define OID_AES256_CBC 430 +#define OID_AES256_GCM 431 +#define OID_AES256_CCM 432 +#define OID_SHA256 434 +#define OID_SHA384 435 +#define OID_SHA512 436 +#define OID_SHA224 437 +#define OID_SHA3_224 440 +#define OID_SHA3_256 441 +#define OID_SHA3_384 442 +#define OID_SHA3_512 443 +#define OID_NS_REVOCATION_URL 451 +#define OID_NS_CA_REVOCATION_URL 452 +#define OID_NS_CA_POLICY_URL 453 +#define OID_NS_COMMENT 454 +#define OID_EMPLOYEE_NUMBER 457 +#define OID_PKI_MESSAGE_TYPE 463 +#define OID_PKI_STATUS 464 +#define OID_PKI_FAIL_INFO 465 +#define OID_PKI_SENDER_NONCE 466 +#define OID_PKI_RECIPIENT_NONCE 467 +#define OID_PKI_TRANS_ID 468 +#define OID_TPM_MANUFACTURER 474 +#define OID_TPM_MODEL 475 +#define OID_TPM_VERSION 476 +#define OID_TPM_ID_LABEL 477 -#define OID_MAX 475 +#define OID_MAX 478 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index 919d24c43..64dedcb33 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -223,9 +223,12 @@ 0x07 "BLISS-B-III" OID_BLISS_B_III 0x08 "BLISS-B-IV" OID_BLISS_B_IV 0x03 "blissSigType" - 0x01 "BLISS-with-SHA512" OID_BLISS_WITH_SHA512 - 0x02 "BLISS-with-SHA384" OID_BLISS_WITH_SHA384 - 0x03 "BLISS-with-SHA256" OID_BLISS_WITH_SHA256 + 0x01 "BLISS-with-SHA2-512" OID_BLISS_WITH_SHA2_512 + 0x02 "BLISS-with-SHA2-384" OID_BLISS_WITH_SHA2_384 + 0x03 "BLISS-with-SHA2-256" OID_BLISS_WITH_SHA2_256 + 0x04 "BLISS-with-SHA3-512" OID_BLISS_WITH_SHA3_512 + 0x05 "BLISS-with-SHA3-384" OID_BLISS_WITH_SHA3_384 + 0x06 "BLISS-with-SHA3-256" OID_BLISS_WITH_SHA3_256 0x89 "" 0x31 "" 0x01 "" @@ -435,10 +438,10 @@ 0x04 "id-sha224" OID_SHA224 0x05 "id-sha512-224" 0x06 "id-sha512-256" - 0x07 "id-sha3-224" - 0x08 "id-sha3-256" - 0x09 "id-sha3-384" - 0x0A "id-sha3-512" + 0x07 "id-sha3-224" OID_SHA3_224 + 0x08 "id-sha3-256" OID_SHA3_256 + 0x09 "id-sha3-384" OID_SHA3_384 + 0x0A "id-sha3-512" OID_SHA3_512 0x0B "id-shake128" 0x0C "id-shake256" 0x86 "" diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 1e93f021a..9988d8021 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -951,9 +951,9 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy { entry_t entry; - while (array_remove(other->entries, ARRAY_HEAD, &entry)) - { - array_insert(this->entries, ARRAY_TAIL, &entry); + while (array_remove(other->entries, ARRAY_TAIL, &entry)) + { /* keep order but prefer new values (esp. for single valued ones) */ + array_insert(this->entries, ARRAY_HEAD, &entry); } array_compress(other->entries); } diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c index bd5915e60..d6f211a34 100644 --- a/src/libstrongswan/credentials/keys/public_key.c +++ b/src/libstrongswan/credentials/keys/public_key.c @@ -1,7 +1,7 @@ /* * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2015 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -27,7 +27,7 @@ ENUM(key_type_names, KEY_ANY, KEY_BLISS, "BLISS" ); -ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA512, +ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA3_512, "UNKNOWN", "RSA_EMSA_PKCS1_NULL", "RSA_EMSA_PKCS1_MD5", @@ -44,9 +44,12 @@ ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_BLISS_WITH_SHA512, "ECDSA-256", "ECDSA-384", "ECDSA-521", - "BLISS_WITH_SHA256", - "BLISS_WITH_SHA384", - "BLISS_WITH_SHA512", + "BLISS_WITH_SHA2_256", + "BLISS_WITH_SHA2_384", + "BLISS_WITH_SHA2_512", + "BLISS_WITH_SHA3_256", + "BLISS_WITH_SHA3_384", + "BLISS_WITH_SHA3_512", ); ENUM(encryption_scheme_names, ENCRYPT_UNKNOWN, ENCRYPT_RSA_OAEP_SHA512, @@ -137,12 +140,18 @@ signature_scheme_t signature_scheme_from_oid(int oid) case OID_ECDSA_WITH_SHA512: return SIGN_ECDSA_WITH_SHA512_DER; case OID_BLISS_PUBLICKEY: - case OID_BLISS_WITH_SHA512: - return SIGN_BLISS_WITH_SHA512; - case OID_BLISS_WITH_SHA256: - return SIGN_BLISS_WITH_SHA256; - case OID_BLISS_WITH_SHA384: - return SIGN_BLISS_WITH_SHA384; + case OID_BLISS_WITH_SHA2_512: + return SIGN_BLISS_WITH_SHA2_512; + case OID_BLISS_WITH_SHA2_384: + return SIGN_BLISS_WITH_SHA2_384; + case OID_BLISS_WITH_SHA2_256: + return SIGN_BLISS_WITH_SHA2_256; + case OID_BLISS_WITH_SHA3_512: + return SIGN_BLISS_WITH_SHA3_512; + case OID_BLISS_WITH_SHA3_384: + return SIGN_BLISS_WITH_SHA3_384; + case OID_BLISS_WITH_SHA3_256: + return SIGN_BLISS_WITH_SHA3_256; } return SIGN_UNKNOWN; } @@ -181,12 +190,18 @@ int signature_scheme_to_oid(signature_scheme_t scheme) return OID_ECDSA_WITH_SHA384; case SIGN_ECDSA_WITH_SHA512_DER: return OID_ECDSA_WITH_SHA512; - case SIGN_BLISS_WITH_SHA256: - return OID_BLISS_WITH_SHA256; - case SIGN_BLISS_WITH_SHA384: - return OID_BLISS_WITH_SHA384; - case SIGN_BLISS_WITH_SHA512: - return OID_BLISS_WITH_SHA512; + case SIGN_BLISS_WITH_SHA2_256: + return OID_BLISS_WITH_SHA2_256; + case SIGN_BLISS_WITH_SHA2_384: + return OID_BLISS_WITH_SHA2_384; + case SIGN_BLISS_WITH_SHA2_512: + return OID_BLISS_WITH_SHA2_512; + case SIGN_BLISS_WITH_SHA3_256: + return OID_BLISS_WITH_SHA3_256; + case SIGN_BLISS_WITH_SHA3_384: + return OID_BLISS_WITH_SHA3_384; + case SIGN_BLISS_WITH_SHA3_512: + return OID_BLISS_WITH_SHA3_512; } return OID_UNKNOWN; } @@ -207,9 +222,9 @@ static struct { { SIGN_ECDSA_WITH_SHA256_DER, KEY_ECDSA, 256 }, { SIGN_ECDSA_WITH_SHA384_DER, KEY_ECDSA, 384 }, { SIGN_ECDSA_WITH_SHA512_DER, KEY_ECDSA, 0 }, - { SIGN_BLISS_WITH_SHA256, KEY_BLISS, 128 }, - { SIGN_BLISS_WITH_SHA384, KEY_BLISS, 192 }, - { SIGN_BLISS_WITH_SHA512, KEY_BLISS, 0 }, + { SIGN_BLISS_WITH_SHA2_256, KEY_BLISS, 128 }, + { SIGN_BLISS_WITH_SHA2_384, KEY_BLISS, 192 }, + { SIGN_BLISS_WITH_SHA2_512, KEY_BLISS, 0 } }; /** @@ -284,9 +299,12 @@ key_type_t key_type_from_signature_scheme(signature_scheme_t scheme) case SIGN_ECDSA_384: case SIGN_ECDSA_521: return KEY_ECDSA; - case SIGN_BLISS_WITH_SHA256: - case SIGN_BLISS_WITH_SHA384: - case SIGN_BLISS_WITH_SHA512: + case SIGN_BLISS_WITH_SHA2_256: + case SIGN_BLISS_WITH_SHA2_384: + case SIGN_BLISS_WITH_SHA2_512: + case SIGN_BLISS_WITH_SHA3_256: + case SIGN_BLISS_WITH_SHA3_384: + case SIGN_BLISS_WITH_SHA3_512: return KEY_BLISS; } return KEY_ANY; diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index 66e98b294..ce48f9b7e 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -1,7 +1,7 @@ /* * Copyright (C) 2015 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2015 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -94,12 +94,18 @@ enum signature_scheme_t { SIGN_ECDSA_384, /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */ SIGN_ECDSA_521, - /** BLISS with SHA-256 */ - SIGN_BLISS_WITH_SHA256, - /** BLISS with SHA-384 */ - SIGN_BLISS_WITH_SHA384, - /** BLISS with SHA-512 */ - SIGN_BLISS_WITH_SHA512, + /** BLISS with SHA-2_256 */ + SIGN_BLISS_WITH_SHA2_256, + /** BLISS with SHA-2_384 */ + SIGN_BLISS_WITH_SHA2_384, + /** BLISS with SHA-2_512 */ + SIGN_BLISS_WITH_SHA2_512, + /** BLISS with SHA-3_256 */ + SIGN_BLISS_WITH_SHA3_256, + /** BLISS with SHA-3_384 */ + SIGN_BLISS_WITH_SHA3_384, + /** BLISS with SHA-3_512 */ + SIGN_BLISS_WITH_SHA3_512, }; /** diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c index 38eebea9c..e220593d4 100644 --- a/src/libstrongswan/crypto/hashers/hasher.c +++ b/src/libstrongswan/crypto/hashers/hasher.c @@ -1,8 +1,9 @@ /* * Copyright (C) 2012-2015 Tobias Brunner + * Copyright (C) 2015 Andreas Steffen * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -24,26 +25,34 @@ ENUM_BEGIN(hash_algorithm_names, HASH_SHA1, HASH_SHA512, "HASH_SHA256", "HASH_SHA384", "HASH_SHA512"); -ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA224, HASH_SHA512, +ENUM_NEXT(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_SHA512, "HASH_UNKNOWN", "HASH_MD2", "HASH_MD4", "HASH_MD5", - "HASH_SHA224"); -ENUM_END(hash_algorithm_names, HASH_SHA224); + "HASH_SHA224", + "HASH_SHA3_224", + "HASH_SHA3_256", + "HASH_SHA3_384", + "HASH_SHA3_512"); +ENUM_END(hash_algorithm_names, HASH_SHA3_512); ENUM_BEGIN(hash_algorithm_short_names, HASH_SHA1, HASH_SHA512, "sha1", "sha256", "sha384", "sha512"); -ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA224, HASH_SHA512, +ENUM_NEXT(hash_algorithm_short_names, HASH_UNKNOWN, HASH_SHA3_512, HASH_SHA512, "unknown", "md2", "md4", "md5", - "sha224"); -ENUM_END(hash_algorithm_short_names, HASH_SHA224); + "sha224", + "sha3_224", + "sha3_256", + "sha3_384", + "sha3_512"); +ENUM_END(hash_algorithm_short_names, HASH_SHA3_512); /* * Described in header. @@ -73,6 +82,14 @@ hash_algorithm_t hasher_algorithm_from_oid(int oid) case OID_SHA512: case OID_SHA512_WITH_RSA: return HASH_SHA512; + case OID_SHA3_224: + return HASH_SHA3_224; + case OID_SHA3_256: + return HASH_SHA3_256; + case OID_SHA3_384: + return HASH_SHA3_384; + case OID_SHA3_512: + return HASH_SHA3_512; default: return HASH_UNKNOWN; } @@ -242,6 +259,10 @@ integrity_algorithm_t hasher_algorithm_to_integrity(hash_algorithm_t alg, case HASH_MD2: case HASH_MD4: case HASH_SHA224: + case HASH_SHA3_224: + case HASH_SHA3_256: + case HASH_SHA3_384: + case HASH_SHA3_512: case HASH_UNKNOWN: break; } @@ -265,6 +286,10 @@ bool hasher_algorithm_for_ikev2(hash_algorithm_t alg) case HASH_MD4: case HASH_MD5: case HASH_SHA224: + case HASH_SHA3_224: + case HASH_SHA3_256: + case HASH_SHA3_384: + case HASH_SHA3_512: break; } return FALSE; @@ -300,6 +325,18 @@ int hasher_algorithm_to_oid(hash_algorithm_t alg) case HASH_SHA512: oid = OID_SHA512; break; + case HASH_SHA3_224: + oid = OID_SHA3_224; + break; + case HASH_SHA3_256: + oid = OID_SHA3_256; + break; + case HASH_SHA3_384: + oid = OID_SHA3_384; + break; + case HASH_SHA3_512: + oid = OID_SHA3_512; + break; default: oid = OID_UNKNOWN; } @@ -351,11 +388,17 @@ int hasher_signature_algorithm_to_oid(hash_algorithm_t alg, key_type_t key) switch (alg) { case HASH_SHA256: - return OID_BLISS_WITH_SHA256; + return OID_BLISS_WITH_SHA2_256; case HASH_SHA384: - return OID_BLISS_WITH_SHA384; + return OID_BLISS_WITH_SHA2_384; case HASH_SHA512: - return OID_BLISS_WITH_SHA512; + return OID_BLISS_WITH_SHA2_512; + case HASH_SHA3_256: + return OID_BLISS_WITH_SHA3_256; + case HASH_SHA3_384: + return OID_BLISS_WITH_SHA3_384; + case HASH_SHA3_512: + return OID_BLISS_WITH_SHA3_512; default: return OID_UNKNOWN; } @@ -385,18 +428,24 @@ hash_algorithm_t hasher_from_signature_scheme(signature_scheme_t scheme) case SIGN_RSA_EMSA_PKCS1_SHA256: case SIGN_ECDSA_WITH_SHA256_DER: case SIGN_ECDSA_256: - case SIGN_BLISS_WITH_SHA256: + case SIGN_BLISS_WITH_SHA2_256: return HASH_SHA256; case SIGN_RSA_EMSA_PKCS1_SHA384: case SIGN_ECDSA_WITH_SHA384_DER: case SIGN_ECDSA_384: - case SIGN_BLISS_WITH_SHA384: + case SIGN_BLISS_WITH_SHA2_384: return HASH_SHA384; case SIGN_RSA_EMSA_PKCS1_SHA512: case SIGN_ECDSA_WITH_SHA512_DER: case SIGN_ECDSA_521: - case SIGN_BLISS_WITH_SHA512: + case SIGN_BLISS_WITH_SHA2_512: return HASH_SHA512; + case SIGN_BLISS_WITH_SHA3_256: + return HASH_SHA3_256; + case SIGN_BLISS_WITH_SHA3_384: + return HASH_SHA3_384; + case SIGN_BLISS_WITH_SHA3_512: + return HASH_SHA3_512; } return HASH_UNKNOWN; } diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index 772586308..272502cf0 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -45,6 +45,10 @@ enum hash_algorithm_t { HASH_MD4 = 1026, HASH_MD5 = 1027, HASH_SHA224 = 1028, + HASH_SHA3_224 = 1029, + HASH_SHA3_256 = 1030, + HASH_SHA3_384 = 1031, + HASH_SHA3_512 = 1032 }; #define HASH_SIZE_MD2 16 diff --git a/src/libstrongswan/crypto/iv/iv_gen.c b/src/libstrongswan/crypto/iv/iv_gen.c index 7d6570a74..c70627723 100644 --- a/src/libstrongswan/crypto/iv/iv_gen.c +++ b/src/libstrongswan/crypto/iv/iv_gen.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2015 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2015 Martin Willi * Copyright (C) 2015 revosec AG * @@ -16,6 +19,7 @@ #include "iv_gen.h" #include "iv_gen_rand.h" #include "iv_gen_seq.h" +#include "iv_gen_null.h" /** * See header. @@ -52,6 +56,7 @@ iv_gen_t* iv_gen_create_for_alg(encryption_algorithm_t alg) case ENCR_NULL_AUTH_AES_GMAC: return iv_gen_seq_create(); case ENCR_NULL: + return iv_gen_null_create(); case ENCR_UNDEFINED: case ENCR_DES_ECB: case ENCR_DES_IV32: diff --git a/src/libstrongswan/crypto/iv/iv_gen_null.c b/src/libstrongswan/crypto/iv/iv_gen_null.c new file mode 100644 index 000000000..b13de0674 --- /dev/null +++ b/src/libstrongswan/crypto/iv/iv_gen_null.c @@ -0,0 +1,63 @@ +/* + * Copyright (C) 2015 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "iv_gen_null.h" + +typedef struct private_iv_gen_t private_iv_gen_t; + +/** + * Private data of an iv_gen_t object. + */ +struct private_iv_gen_t { + + /** + * Public iv_gen_t interface. + */ + iv_gen_t public; +}; + +METHOD(iv_gen_t, get_iv, bool, + private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) +{ + return size == 0; +} + +METHOD(iv_gen_t, allocate_iv, bool, + private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) +{ + *chunk = chunk_empty; + return size == 0; +} + +METHOD(iv_gen_t, destroy, void, + private_iv_gen_t *this) +{ + free(this); +} + +iv_gen_t *iv_gen_null_create() +{ + private_iv_gen_t *this; + + INIT(this, + .public = { + .get_iv = _get_iv, + .allocate_iv = _allocate_iv, + .destroy = _destroy, + }, + ); + + return &this->public; +} diff --git a/src/libstrongswan/crypto/iv/iv_gen_null.h b/src/libstrongswan/crypto/iv/iv_gen_null.h new file mode 100644 index 000000000..b63f0c3e9 --- /dev/null +++ b/src/libstrongswan/crypto/iv/iv_gen_null.h @@ -0,0 +1,32 @@ +/* + * Copyright (C) 2015 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @{ @ingroup iv + */ + +#ifndef IV_GEN_NULL_H_ +#define IV_GEN_NULL_H_ + +#include <crypto/iv/iv_gen.h> + +/** + * Create an IV generator that does not actually generate an IV. + * + * @return IV generator + */ +iv_gen_t *iv_gen_null_create(); + +#endif /** IV_GEN_NULL_H_ @}*/ diff --git a/src/libstrongswan/plugins/bliss/bliss_plugin.c b/src/libstrongswan/plugins/bliss/bliss_plugin.c index 07597c318..4adcf1e76 100644 --- a/src/libstrongswan/plugins/bliss/bliss_plugin.c +++ b/src/libstrongswan/plugins/bliss/bliss_plugin.c @@ -55,19 +55,31 @@ METHOD(plugin_t, get_features, int, PLUGIN_REGISTER(PUBKEY, bliss_public_key_load, TRUE), PLUGIN_PROVIDE(PUBKEY, KEY_ANY), /* signature schemes, private */ - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA256), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_256), PLUGIN_DEPENDS(HASHER, HASH_SHA256), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_384), PLUGIN_DEPENDS(HASHER, HASH_SHA384), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA512), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA2_512), PLUGIN_DEPENDS(HASHER, HASH_SHA512), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_256), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_256), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_384), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_BLISS_WITH_SHA3_512), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_512), /* signature verification schemes */ - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_256), PLUGIN_DEPENDS(HASHER, HASH_SHA256), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_384), PLUGIN_DEPENDS(HASHER, HASH_SHA384), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA2_512), PLUGIN_DEPENDS(HASHER, HASH_SHA512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_256), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_384), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_BLISS_WITH_SHA3_512), + PLUGIN_DEPENDS(HASHER, HASH_SHA3_512), }; *features = f; diff --git a/src/libstrongswan/plugins/bliss/bliss_private_key.c b/src/libstrongswan/plugins/bliss/bliss_private_key.c index 1386eeb2d..20bbc6ac5 100644 --- a/src/libstrongswan/plugins/bliss/bliss_private_key.c +++ b/src/libstrongswan/plugins/bliss/bliss_private_key.c @@ -511,12 +511,18 @@ METHOD(private_key_t, sign, bool, { switch (scheme) { - case SIGN_BLISS_WITH_SHA256: + case SIGN_BLISS_WITH_SHA2_256: return sign_bliss(this, HASH_SHA256, data, signature); - case SIGN_BLISS_WITH_SHA384: + case SIGN_BLISS_WITH_SHA2_384: return sign_bliss(this, HASH_SHA384, data, signature); - case SIGN_BLISS_WITH_SHA512: + case SIGN_BLISS_WITH_SHA2_512: return sign_bliss(this, HASH_SHA512, data, signature); + case SIGN_BLISS_WITH_SHA3_256: + return sign_bliss(this, HASH_SHA3_256, data, signature); + case SIGN_BLISS_WITH_SHA3_384: + return sign_bliss(this, HASH_SHA3_384, data, signature); + case SIGN_BLISS_WITH_SHA3_512: + return sign_bliss(this, HASH_SHA3_512, data, signature); default: DBG1(DBG_LIB, "signature scheme %N not supported with BLISS", signature_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/bliss/bliss_public_key.c b/src/libstrongswan/plugins/bliss/bliss_public_key.c index 2b305f6c2..93d1165eb 100644 --- a/src/libstrongswan/plugins/bliss/bliss_public_key.c +++ b/src/libstrongswan/plugins/bliss/bliss_public_key.c @@ -193,12 +193,18 @@ METHOD(public_key_t, verify, bool, { switch (scheme) { - case SIGN_BLISS_WITH_SHA256: + case SIGN_BLISS_WITH_SHA2_256: return verify_bliss(this, HASH_SHA256, data, signature); - case SIGN_BLISS_WITH_SHA384: + case SIGN_BLISS_WITH_SHA2_384: return verify_bliss(this, HASH_SHA384, data, signature); - case SIGN_BLISS_WITH_SHA512: + case SIGN_BLISS_WITH_SHA2_512: return verify_bliss(this, HASH_SHA512, data, signature); + case SIGN_BLISS_WITH_SHA3_256: + return verify_bliss(this, HASH_SHA3_256, data, signature); + case SIGN_BLISS_WITH_SHA3_384: + return verify_bliss(this, HASH_SHA3_384, data, signature); + case SIGN_BLISS_WITH_SHA3_512: + return verify_bliss(this, HASH_SHA3_512, data, signature); default: DBG1(DBG_LIB, "signature scheme %N not supported by BLISS", signature_scheme_names, scheme); diff --git a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c index 8b4e9cbf0..a3e4420a9 100644 --- a/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c +++ b/src/libstrongswan/plugins/bliss/tests/suites/test_bliss_sign.c @@ -36,13 +36,13 @@ START_TEST(test_bliss_sign_all) switch (k) { case 1: - signature_scheme = SIGN_BLISS_WITH_SHA256; + signature_scheme = SIGN_BLISS_WITH_SHA2_256; break; case 2: - signature_scheme = SIGN_BLISS_WITH_SHA384; + signature_scheme = SIGN_BLISS_WITH_SHA2_384; break; default: - signature_scheme = SIGN_BLISS_WITH_SHA512; + signature_scheme = SIGN_BLISS_WITH_SHA2_512; } /* enforce BLISS-B key for k = 2, 3 */ @@ -176,14 +176,14 @@ START_TEST(test_bliss_sign_fail) /* generate valid signature */ msg = chunk_from_str("Hello Dolly!"); - ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA512, msg, &signature)); + ck_assert(privkey->sign(privkey, SIGN_BLISS_WITH_SHA2_512, msg, &signature)); /* verify with invalid signature scheme */ ck_assert(!pubkey->verify(pubkey, SIGN_UNKNOWN, msg, signature)); /* corrupt signature */ signature.ptr[signature.len - 1] ^= 0x80; - ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA512, msg, signature)); + ck_assert(!pubkey->verify(pubkey, SIGN_BLISS_WITH_SHA2_512, msg, signature)); free(signature.ptr); privkey->destroy(privkey); diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index 7653c1986..9207f11b6 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -123,7 +123,7 @@ METHOD(fetcher_t, fetch, status_t, curl_easy_setopt(this->curl, CURLOPT_HTTPHEADER, this->headers); } - DBG2(DBG_LIB, " sending http request to '%s'...", uri); + DBG2(DBG_LIB, " sending request to '%s'...", uri); curl_status = curl_easy_perform(this->curl); switch (curl_status) { @@ -137,10 +137,10 @@ METHOD(fetcher_t, fetch, status_t, { *this->result = result; } - status = (result >= 200 && result < 300) ? SUCCESS : FAILED; + status = (result < 400) ? SUCCESS : FAILED; break; default: - DBG1(DBG_LIB, "libcurl http request failed [%d]: %s", curl_status, + DBG1(DBG_LIB, "libcurl request failed [%d]: %s", curl_status, error); status = FAILED; break; diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c index cac442fc0..49ec48804 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c @@ -18,6 +18,7 @@ #ifndef OPENSSL_NO_DH +#include <openssl/bn.h> #include <openssl/dh.h> #include "openssl_diffie_hellman.h" diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index a1af500e2..11d6e8ec5 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -17,6 +17,7 @@ #ifndef OPENSSL_NO_EC +#include <openssl/bn.h> #include <openssl/ec.h> #include <openssl/objects.h> #include <openssl/bn.h> diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 10a35c1fd..de02f302d 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -23,6 +23,7 @@ #include <utils/debug.h> +#include <openssl/bn.h> #include <openssl/evp.h> #include <openssl/rsa.h> #ifndef OPENSSL_NO_ENGINE diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index aa54d3bbd..db928569f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -23,6 +23,7 @@ #include <utils/debug.h> +#include <openssl/bn.h> #include <openssl/evp.h> #include <openssl/rsa.h> #include <openssl/x509.h> diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c index 0e61086b1..2f9813701 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.c +++ b/src/libstrongswan/plugins/openssl/openssl_util.c @@ -18,6 +18,7 @@ #include <utils/debug.h> +#include <openssl/bn.h> #include <openssl/evp.h> #include <openssl/x509.h> diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index f7ac347d2..01d0495be 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -356,6 +356,7 @@ static plugin_entry_t *load_plugin(private_plugin_loader_t *this, char *name, { plugin_entry_t *entry; void *handle; + int flag = RTLD_LAZY; switch (create_plugin(this, RTLD_DEFAULT, name, FALSE, critical, &entry)) { @@ -380,15 +381,19 @@ static plugin_entry_t *load_plugin(private_plugin_loader_t *this, char *name, return NULL; } } - handle = dlopen(file, RTLD_LAZY + if (lib->settings->get_bool(lib->settings, "%s.dlopen_use_rtld_now", + lib->ns, FALSE)) + { + flag = RTLD_NOW; + } #ifdef RTLD_NODELETE - /* if supported, do not unload library when unloading a plugin. It really - * doesn't matter in productive systems, but causes many (dependency) - * library reloads during unit tests. Some libraries can't handle that, + /* If supported, do not unload the library when unloading a plugin. It + * really doesn't matter in productive systems, but causes many (dependency) + * library reloads during unit tests. Some libraries can't handle that, e.g. * GnuTLS leaks file descriptors in its library load/unload functions. */ - | RTLD_NODELETE + flag |= RTLD_NODELETE; #endif - ); + handle = dlopen(file, flag); if (handle == NULL) { DBG1(DBG_LIB, "plugin '%s' failed to load: %s", name, dlerror()); diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c index 36d5446b8..177b3c2e5 100644 --- a/src/libstrongswan/plugins/random/random_rng.c +++ b/src/libstrongswan/plugins/random/random_rng.c @@ -56,6 +56,7 @@ METHOD(rng_t, get_bytes, bool, DBG1(DBG_LIB, "reading from random FD %d failed: %s, retrying...", this->fd, strerror(errno)); sleep(1); + continue; } done += got; } diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index 9fd5b2a22..fdcb9902b 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -367,7 +367,7 @@ static certificate_t* fetch_crl(char *url) return NULL; } crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, - BUILD_BLOB_ASN1_DER, chunk, BUILD_END); + BUILD_BLOB_PEM, chunk, BUILD_END); chunk_free(&chunk); if (!crl) { diff --git a/src/libstrongswan/plugins/sha3/Makefile.am b/src/libstrongswan/plugins/sha3/Makefile.am new file mode 100644 index 000000000..7ccf58ce6 --- /dev/null +++ b/src/libstrongswan/plugins/sha3/Makefile.am @@ -0,0 +1,16 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-sha3.la +else +plugin_LTLIBRARIES = libstrongswan-sha3.la +endif + +libstrongswan_sha3_la_SOURCES = \ + sha3_plugin.h sha3_plugin.c sha3_hasher.c sha3_hasher.h + +libstrongswan_sha3_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in new file mode 100644 index 000000000..3034ea537 --- /dev/null +++ b/src/libstrongswan/plugins/sha3/Makefile.in @@ -0,0 +1,774 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/sha3 +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(top_srcdir)/depcomp +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_sha3_la_LIBADD = +am_libstrongswan_sha3_la_OBJECTS = sha3_plugin.lo sha3_hasher.lo +libstrongswan_sha3_la_OBJECTS = $(am_libstrongswan_sha3_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +libstrongswan_sha3_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_sha3_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_sha3_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_sha3_la_rpath = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(libstrongswan_sha3_la_SOURCES) +DIST_SOURCES = $(libstrongswan_sha3_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = \ + $(PLUGIN_CFLAGS) + +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-sha3.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-sha3.la +libstrongswan_sha3_la_SOURCES = \ + sha3_plugin.h sha3_plugin.c sha3_hasher.c sha3_hasher.h + +libstrongswan_sha3_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha3/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha3/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +libstrongswan-sha3.la: $(libstrongswan_sha3_la_OBJECTS) $(libstrongswan_sha3_la_DEPENDENCIES) $(EXTRA_libstrongswan_sha3_la_DEPENDENCIES) + $(AM_V_CCLD)$(libstrongswan_sha3_la_LINK) $(am_libstrongswan_sha3_la_rpath) $(libstrongswan_sha3_la_OBJECTS) $(libstrongswan_sha3_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha3_hasher.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha3_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/sha3/sha3_hasher.c b/src/libstrongswan/plugins/sha3/sha3_hasher.c new file mode 100644 index 000000000..b34a02594 --- /dev/null +++ b/src/libstrongswan/plugins/sha3/sha3_hasher.c @@ -0,0 +1,527 @@ +/* + * Copyright (C) 2015 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * Based on the implementation by the Keccak, Keyak and Ketje Teams, namely, + * Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche and + * Ronny Van Keer, hereby denoted as "the implementer". + * + * To the extent possible under law, the implementer has waived all copyright + * and related or neighboring rights to the source code in this file. + * http://creativecommons.org/publicdomain/zero/1.0/ + */ + +#include <string.h> + +#include "sha3_hasher.h" + +typedef struct private_sha3_hasher_t private_sha3_hasher_t; + +#define KECCAK_STATE_SIZE 200 /* bytes */ +#define KECCAK_MAX_RATE 144 /* bytes */ +#define DELIMITED_SUFFIX 0x06 + +static const uint64_t round_constants[] = { + 0x0000000000000001ULL, + 0x0000000000008082ULL, + 0x800000000000808aULL, + 0x8000000080008000ULL, + 0x000000000000808bULL, + 0x0000000080000001ULL, + 0x8000000080008081ULL, + 0x8000000000008009ULL, + 0x000000000000008aULL, + 0x0000000000000088ULL, + 0x0000000080008009ULL, + 0x000000008000000aULL, + 0x000000008000808bULL, + 0x800000000000008bULL, + 0x8000000000008089ULL, + 0x8000000000008003ULL, + 0x8000000000008002ULL, + 0x8000000000000080ULL, + 0x000000000000800aULL, + 0x800000008000000aULL, + 0x8000000080008081ULL, + 0x8000000000008080ULL, + 0x0000000080000001ULL, + 0x8000000080008008ULL +}; + +/** + * Private data structure with hashing context for SHA-3 + */ +struct private_sha3_hasher_t { + + /** + * Public interface for this hasher. + */ + sha3_hasher_t public; + + /** + * SHA-3 algorithm to be used + */ + hash_algorithm_t algorithm; + + /** + * Internal state of 1600 bits as defined by FIPS-202 + */ + uint8_t state[KECCAK_STATE_SIZE]; + + /** + * Rate in bytes + */ + u_int rate; + + /** + * Rate input buffer + */ + uint8_t rate_buffer[KECCAK_MAX_RATE]; + + /** + * Index pointing to the current position in the rate buffer + */ + u_int rate_index; + +}; + +#if BYTE_ORDER != LITTLE_ENDIAN +/** + * Function to load a 64-bit value using the little-endian (LE) convention. + * On a LE platform, this could be greatly simplified using a cast. + */ +static uint64_t load64(const uint8_t *x) +{ + int i; + uint64_t u = 0; + + for (i = 7; i >= 0; --i) + { + u <<= 8; + u |= x[i]; + } + return u; +} + +/** + * Function to store a 64-bit value using the little-endian (LE) convention. + * On a LE platform, this could be greatly simplified using a cast. + */ +static void store64(uint8_t *x, uint64_t u) +{ + u_int i; + + for (i = 0; i < 8; ++i) + { + x[i] = u; + u >>= 8; + } +} + +/** + * Function to XOR into a 64-bit value using the little-endian (LE) convention. + * On a LE platform, this could be greatly simplified using a cast. + */ +static void xor64(uint8_t *x, uint64_t u) +{ + u_int i; + + for (i = 0; i < 8; ++i) + { + x[i] ^= u; + u >>= 8; + } +} +#endif + +/** + * Some macros used by the Keccak-f[1600] permutation. + */ +#define ROL64(a, offset) ((((uint64_t)a) << offset) ^ (((uint64_t)a) >> (64-offset))) + +#if BYTE_ORDER == LITTLE_ENDIAN + #define readLane(i) (((uint64_t*)state)[i]) + #define writeLane(i, lane) (((uint64_t*)state)[i]) = (lane) + #define XORLane(i, lane) (((uint64_t*)state)[i]) ^= (lane) +#elif BYTE_ORDER == BIG_ENDIAN + #define readLane(i) load64((uint8_t*)state+sizeof(uint64_t)*i)) + #define writeLane(i, lane) store64((uint8_t*)state+sizeof(uint64_t)*i, lane) + #define XORLane(i, lane) xor64((uint8_t*)state+sizeof(uint64_t)*i, lane) +#endif + +/** + * Function that computes the Keccak-f[1600] permutation on the given state. + */ +static void keccak_f1600_state_permute(void *state) +{ + int round; + + for (round = 0; round < 24; round++) + { + { /* θ step (see [Keccak Reference, Section 2.3.2]) */ + + uint64_t C[5], D; + + /* Compute the parity of the columns */ + C[0] = readLane(0) ^ readLane( 5) ^ readLane(10) + ^ readLane(15) ^ readLane(20); + C[1] = readLane(1) ^ readLane( 6) ^ readLane(11) + ^ readLane(16) ^ readLane(21); + C[2] = readLane(2) ^ readLane( 7) ^ readLane(12) + ^ readLane(17) ^ readLane(22); + C[3] = readLane(3) ^ readLane( 8) ^ readLane(13) + ^ readLane(18) ^ readLane(23); + C[4] = readLane(4) ^ readLane( 9) ^ readLane(14) + ^ readLane(19) ^ readLane(24); + + /* Compute and add the θ effect to the whole column */ + D = C[4] ^ ROL64(C[1], 1); + XORLane( 0, D); + XORLane( 5, D); + XORLane(10, D); + XORLane(15, D); + XORLane(20, D); + + D = C[0] ^ ROL64(C[2], 1); + XORLane( 1, D); + XORLane( 6, D); + XORLane(11, D); + XORLane(16, D); + XORLane(21, D); + + D = C[1] ^ ROL64(C[3], 1); + XORLane( 2, D); + XORLane( 7, D); + XORLane(12, D); + XORLane(17, D); + XORLane(22, D); + + D = C[2] ^ ROL64(C[4], 1); + XORLane( 3, D); + XORLane( 8, D); + XORLane(13, D); + XORLane(18, D); + XORLane(23, D); + + D = C[3] ^ ROL64(C[0], 1); + XORLane( 4, D); + XORLane( 9, D); + XORLane(14, D); + XORLane(19, D); + XORLane(24, D); + } + + { /* ρ and π steps (see [Keccak Reference, Sections 2.3.3 and 2.3.4]) */ + + uint64_t t1, t2; + + t1 = readLane( 1); + + t2 = readLane(10); + writeLane(10, ROL64(t1, 1)); + + t1 = readLane( 7); + writeLane( 7, ROL64(t2, 3)); + + t2 = readLane(11); + writeLane(11, ROL64(t1, 6)); + + t1 = readLane(17); + writeLane(17, ROL64(t2, 10)); + + t2 = readLane(18); + writeLane(18, ROL64(t1, 15)); + + t1 = readLane( 3); + writeLane( 3, ROL64(t2, 21)); + + t2 = readLane( 5); + writeLane( 5, ROL64(t1, 28)); + + t1 = readLane(16); + writeLane(16, ROL64(t2, 36)); + + t2 = readLane( 8); + writeLane( 8, ROL64(t1, 45)); + + t1 = readLane(21); + writeLane(21, ROL64(t2, 55)); + + t2 = readLane(24); + writeLane(24, ROL64(t1, 2)); + + t1 = readLane( 4); + writeLane( 4, ROL64(t2, 14)); + + t2 = readLane(15); + writeLane(15, ROL64(t1, 27)); + + t1 = readLane(23); + writeLane(23, ROL64(t2, 41)); + + t2 = readLane(19); + writeLane(19, ROL64(t1, 56)); + + t1 = readLane(13); + writeLane(13, ROL64(t2, 8)); + + t2 = readLane(12); + writeLane(12, ROL64(t1, 25)); + + t1 = readLane( 2); + writeLane( 2, ROL64(t2, 43)); + + t2 = readLane(20); + writeLane(20, ROL64(t1, 62)); + + t1 = readLane(14); + writeLane(14, ROL64(t2, 18)); + + t2 = readLane(22); + writeLane(22, ROL64(t1, 39)); + + t1 = readLane( 9); + writeLane( 9, ROL64(t2, 61)); + + t2 = readLane( 6); + writeLane( 6, ROL64(t1, 20)); + + writeLane( 1, ROL64(t2, 44)); + } + + { /* χ step (see [Keccak Reference, Section 2.3.1]) */ + + uint64_t t[5]; + + t[0] = readLane(0); + t[1] = readLane(1); + t[2] = readLane(2); + t[3] = readLane(3); + t[4] = readLane(4); + + writeLane(0, t[0] ^ ((~t[1]) & t[2])); + writeLane(1, t[1] ^ ((~t[2]) & t[3])); + writeLane(2, t[2] ^ ((~t[3]) & t[4])); + writeLane(3, t[3] ^ ((~t[4]) & t[0])); + writeLane(4, t[4] ^ ((~t[0]) & t[1])); + + t[0] = readLane(5); + t[1] = readLane(6); + t[2] = readLane(7); + t[3] = readLane(8); + t[4] = readLane(9); + + writeLane(5, t[0] ^ ((~t[1]) & t[2])); + writeLane(6, t[1] ^ ((~t[2]) & t[3])); + writeLane(7, t[2] ^ ((~t[3]) & t[4])); + writeLane(8, t[3] ^ ((~t[4]) & t[0])); + writeLane(9, t[4] ^ ((~t[0]) & t[1])); + + t[0] = readLane(10); + t[1] = readLane(11); + t[2] = readLane(12); + t[3] = readLane(13); + t[4] = readLane(14); + + writeLane(10, t[0] ^ ((~t[1]) & t[2])); + writeLane(11, t[1] ^ ((~t[2]) & t[3])); + writeLane(12, t[2] ^ ((~t[3]) & t[4])); + writeLane(13, t[3] ^ ((~t[4]) & t[0])); + writeLane(14, t[4] ^ ((~t[0]) & t[1])); + + t[0] = readLane(15); + t[1] = readLane(16); + t[2] = readLane(17); + t[3] = readLane(18); + t[4] = readLane(19); + + writeLane(15, t[0] ^ ((~t[1]) & t[2])); + writeLane(16, t[1] ^ ((~t[2]) & t[3])); + writeLane(17, t[2] ^ ((~t[3]) & t[4])); + writeLane(18, t[3] ^ ((~t[4]) & t[0])); + writeLane(19, t[4] ^ ((~t[0]) & t[1])); + + t[0] = readLane(20); + t[1] = readLane(21); + t[2] = readLane(22); + t[3] = readLane(23); + t[4] = readLane(24); + + writeLane(20, t[0] ^ ((~t[1]) & t[2])); + writeLane(21, t[1] ^ ((~t[2]) & t[3])); + writeLane(22, t[2] ^ ((~t[3]) & t[4])); + writeLane(23, t[3] ^ ((~t[4]) & t[0])); + writeLane(24, t[4] ^ ((~t[0]) & t[1])); + } + + { /* ι step (see [Keccak Reference, Section 2.3.5]) */ + + XORLane(0, round_constants[round]); + } + } +} + +METHOD(hasher_t, reset, bool, + private_sha3_hasher_t *this) +{ + memset(this->state, 0x00, KECCAK_STATE_SIZE); + this->rate_index = 0; + + return TRUE; +} + +METHOD(hasher_t, get_hash_size, size_t, + private_sha3_hasher_t *this) +{ + switch (this->algorithm) + { + case HASH_SHA3_224: + return HASH_SIZE_SHA224; + case HASH_SHA3_256: + return HASH_SIZE_SHA256; + case HASH_SHA3_384: + return HASH_SIZE_SHA384; + case HASH_SHA3_512: + return HASH_SIZE_SHA512; + default: + return 0; + } +} + +static void sha3_absorb(private_sha3_hasher_t *this, chunk_t data) +{ + uint64_t *buffer_lanes, *state_lanes; + size_t len, rate_lanes; + int i; + + buffer_lanes = (uint64_t*)this->rate_buffer; + state_lanes = (uint64_t*)this->state; + rate_lanes = this->rate / sizeof(uint64_t); + + while (data.len) + { + len = min(data.len, this->rate - this->rate_index); + memcpy(this->rate_buffer + this->rate_index, data.ptr, len); + this->rate_index += len; + data.ptr += len; + data.len -= len; + + if (this->rate_index == this->rate) + { + for (i = 0; i < rate_lanes; i++) + { + state_lanes[i] ^= buffer_lanes[i]; + } + this->rate_index = 0; + + keccak_f1600_state_permute(this->state); + } + } +} + +static void sha3_final(private_sha3_hasher_t *this) +{ + uint64_t *buffer_lanes, *state_lanes; + size_t rate_lanes, remainder; + int i; + + /* Add the delimitedSuffix as the first bit of padding */ + this->rate_buffer[this->rate_index++] = DELIMITED_SUFFIX; + + buffer_lanes = (uint64_t*)this->rate_buffer; + state_lanes = (uint64_t*)this->state; + rate_lanes = this->rate_index / sizeof(uint64_t); + + remainder = this->rate_index - rate_lanes * sizeof(uint64_t); + if (remainder) + { + memset(this->rate_buffer + this->rate_index, 0x00, + sizeof(uint64_t) - remainder); + rate_lanes++; + } + for (i = 0; i < rate_lanes; i++) + { + state_lanes[i] ^= buffer_lanes[i]; + } + + /* Add the second bit of padding */ + this->state[this->rate - 1] ^= 0x80; + + /* Switch to the squeezing phase */ + keccak_f1600_state_permute(this->state); +} + +METHOD(hasher_t, get_hash, bool, + private_sha3_hasher_t *this, chunk_t chunk, uint8_t *buffer) +{ + sha3_absorb(this, chunk); + + if (buffer != NULL) + { + sha3_final(this); + memcpy(buffer, this->state, get_hash_size(this)); + reset(this); + } + return TRUE; +} + +METHOD(hasher_t, allocate_hash, bool, + private_sha3_hasher_t *this, chunk_t chunk, chunk_t *hash) +{ + chunk_t allocated_hash; + + sha3_absorb(this, chunk); + + if (hash != NULL) + { + sha3_final(this); + allocated_hash = chunk_alloc(get_hash_size(this)); + memcpy(allocated_hash.ptr, this->state, allocated_hash.len); + reset(this); + *hash = allocated_hash; + } + return TRUE; +} + +METHOD(hasher_t, destroy, void, + sha3_hasher_t *this) +{ + free(this); +} + +/* + * Described in header. + */ +sha3_hasher_t *sha3_hasher_create(hash_algorithm_t algorithm) +{ + private_sha3_hasher_t *this; + + switch (algorithm) + { + case HASH_SHA3_224: + case HASH_SHA3_256: + case HASH_SHA3_384: + case HASH_SHA3_512: + break; + default: + return NULL; + } + + INIT(this, + .public = { + .hasher_interface = { + .reset = _reset, + .get_hash_size = _get_hash_size, + .get_hash = _get_hash, + .allocate_hash = _allocate_hash, + .destroy = _destroy, + }, + }, + .algorithm = algorithm, + ); + + this->rate = KECCAK_STATE_SIZE - 2*get_hash_size(this); + reset(this); + + return &this->public; +} diff --git a/src/libstrongswan/plugins/sha3/sha3_hasher.h b/src/libstrongswan/plugins/sha3/sha3_hasher.h new file mode 100644 index 000000000..2f18d35b0 --- /dev/null +++ b/src/libstrongswan/plugins/sha3/sha3_hasher.h @@ -0,0 +1,48 @@ +/* + * Copyright (C) 2015 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sha3_hasher sha3_hasher + * @{ @ingroup sha3_p + */ + +#ifndef SHA3_HASHER_H_ +#define SHA3_HASHER_H_ + +typedef struct sha3_hasher_t sha3_hasher_t; + +#include <crypto/hashers/hasher.h> + +/** + * Implementation of hasher_t interface using the SHA-3 algorithm family + * SHA3_224, SHA3_256, SHA3_384 and SHA3_512 as defined by FIPS-202. + */ +struct sha3_hasher_t { + + /** + * Generic hasher_t interface for this hasher. + */ + hasher_t hasher_interface; +}; + +/** + * Creates a new sha3_hasher_t. + * + * @param algorithm HASH3_224, HASH_SHA3_256, HASH_SHA3_384 or HASH_SHA3_512 + * @return sha3_hasher_t object, NULL if not supported + */ +sha3_hasher_t *sha3_hasher_create(hash_algorithm_t algorithm); + +#endif /** SHA3_HASHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/sha3/sha3_plugin.c b/src/libstrongswan/plugins/sha3/sha3_plugin.c new file mode 100644 index 000000000..28068f38e --- /dev/null +++ b/src/libstrongswan/plugins/sha3/sha3_plugin.c @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2015 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "sha3_plugin.h" + +#include <library.h> +#include "sha3_hasher.h" + +typedef struct private_sha3_plugin_t private_sha3_plugin_t; + +/** + * private data of sha3_plugin + */ +struct private_sha3_plugin_t { + + /** + * public functions + */ + sha3_plugin_t public; +}; + +METHOD(plugin_t, get_name, char*, + private_sha3_plugin_t *this) +{ + return "sha3"; +} + +METHOD(plugin_t, get_features, int, + private_sha3_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(HASHER, sha3_hasher_create), + PLUGIN_PROVIDE(HASHER, HASH_SHA3_224), + PLUGIN_PROVIDE(HASHER, HASH_SHA3_256), + PLUGIN_PROVIDE(HASHER, HASH_SHA3_384), + PLUGIN_PROVIDE(HASHER, HASH_SHA3_512), + }; + *features = f; + return countof(f); +} + +METHOD(plugin_t, destroy, void, + private_sha3_plugin_t *this) +{ + free(this); +} + +/* + * see header file + */ +plugin_t *sha3_plugin_create() +{ + private_sha3_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + ); + + return &this->public.plugin; +} + diff --git a/src/libstrongswan/plugins/sha3/sha3_plugin.h b/src/libstrongswan/plugins/sha3/sha3_plugin.h new file mode 100644 index 000000000..09c8e5d81 --- /dev/null +++ b/src/libstrongswan/plugins/sha3/sha3_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2015 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup sha3_p sha3 + * @ingroup plugins + * + * @defgroup sha3_plugin sha3_plugin + * @{ @ingroup sha3_p + */ + +#ifndef SHA3_PLUGIN_H_ +#define SHA3_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct sha3_plugin_t sha3_plugin_t; + +/** + * Plugin implementing the SHA356, SHA384 and SHA512 algorithms in software. + */ +struct sha3_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** SHA3_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am index 72ba4ceef..ab540e78e 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.am +++ b/src/libstrongswan/plugins/test_vectors/Makefile.am @@ -40,6 +40,7 @@ libstrongswan_test_vectors_la_SOURCES = \ test_vectors/sha1_hmac.c \ test_vectors/sha2.c \ test_vectors/sha2_hmac.c \ + test_vectors/sha3.c \ test_vectors/fips_prf.c \ test_vectors/modp.c \ test_vectors/modpsub.c \ diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index fa7c3cb82..100f3b15a 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -142,9 +142,10 @@ am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \ test_vectors/md2.lo test_vectors/md4.lo test_vectors/md5.lo \ test_vectors/md5_hmac.lo test_vectors/sha1.lo \ test_vectors/sha1_hmac.lo test_vectors/sha2.lo \ - test_vectors/sha2_hmac.lo test_vectors/fips_prf.lo \ - test_vectors/modp.lo test_vectors/modpsub.lo \ - test_vectors/ecp.lo test_vectors/ecpbp.lo test_vectors/rng.lo + test_vectors/sha2_hmac.lo test_vectors/sha3.lo \ + test_vectors/fips_prf.lo test_vectors/modp.lo \ + test_vectors/modpsub.lo test_vectors/ecp.lo \ + test_vectors/ecpbp.lo test_vectors/rng.lo libstrongswan_test_vectors_la_OBJECTS = \ $(am_libstrongswan_test_vectors_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) @@ -482,6 +483,7 @@ libstrongswan_test_vectors_la_SOURCES = \ test_vectors/sha1_hmac.c \ test_vectors/sha2.c \ test_vectors/sha2_hmac.c \ + test_vectors/sha3.c \ test_vectors/fips_prf.c \ test_vectors/modp.c \ test_vectors/modpsub.c \ @@ -632,6 +634,8 @@ test_vectors/sha2.lo: test_vectors/$(am__dirstamp) \ test_vectors/$(DEPDIR)/$(am__dirstamp) test_vectors/sha2_hmac.lo: test_vectors/$(am__dirstamp) \ test_vectors/$(DEPDIR)/$(am__dirstamp) +test_vectors/sha3.lo: test_vectors/$(am__dirstamp) \ + test_vectors/$(DEPDIR)/$(am__dirstamp) test_vectors/fips_prf.lo: test_vectors/$(am__dirstamp) \ test_vectors/$(DEPDIR)/$(am__dirstamp) test_vectors/modp.lo: test_vectors/$(am__dirstamp) \ @@ -690,6 +694,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha1_hmac.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha2.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha2_hmac.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/sha3.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@test_vectors/$(DEPDIR)/twofish_cbc.Plo@am__quote@ .c.o: diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h index 57c218c16..3ff211da8 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors.h +++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h @@ -184,6 +184,30 @@ TEST_VECTOR_HASHER(sha384_3) TEST_VECTOR_HASHER(sha512_1) TEST_VECTOR_HASHER(sha512_2) TEST_VECTOR_HASHER(sha512_3) +TEST_VECTOR_HASHER(sha3_224_0) +TEST_VECTOR_HASHER(sha3_256_0) +TEST_VECTOR_HASHER(sha3_384_0) +TEST_VECTOR_HASHER(sha3_512_0) +TEST_VECTOR_HASHER(sha3_224_1) +TEST_VECTOR_HASHER(sha3_256_1) +TEST_VECTOR_HASHER(sha3_384_1) +TEST_VECTOR_HASHER(sha3_512_1) +TEST_VECTOR_HASHER(sha3_224_2) +TEST_VECTOR_HASHER(sha3_256_2) +TEST_VECTOR_HASHER(sha3_384_2) +TEST_VECTOR_HASHER(sha3_512_2) +TEST_VECTOR_HASHER(sha3_224_143) +TEST_VECTOR_HASHER(sha3_256_135) +TEST_VECTOR_HASHER(sha3_384_103) +TEST_VECTOR_HASHER(sha3_512_71) +TEST_VECTOR_HASHER(sha3_224_144) +TEST_VECTOR_HASHER(sha3_256_136) +TEST_VECTOR_HASHER(sha3_384_104) +TEST_VECTOR_HASHER(sha3_512_72) +TEST_VECTOR_HASHER(sha3_224_255) +TEST_VECTOR_HASHER(sha3_256_255) +TEST_VECTOR_HASHER(sha3_384_255) +TEST_VECTOR_HASHER(sha3_512_255) TEST_VECTOR_PRF(aes_xcbc_p1) TEST_VECTOR_PRF(aes_xcbc_p2) diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c new file mode 100644 index 000000000..e659f66f4 --- /dev/null +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha3.c @@ -0,0 +1,328 @@ +/* + * Copyright (C) 2015 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the Licenseor (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be usefulbut + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <crypto/crypto_tester.h> + +/** + * SHA-3_224 vectors from "https://github.com/gvanas/KeccakCodePackage/" + */ +hasher_test_vector_t sha3_224_0 = { + .alg = HASH_SHA3_224, .len = 0, + .data = "", + .hash = "\x6B\x4E\x03\x42\x36\x67\xDB\xB7\x3B\x6E\x15\x45\x4F\x0E\xB1\xAB" + "\xD4\x59\x7F\x9A\x1B\x07\x8E\x3F\x5B\x5A\x6B\xC7" + +}; + +hasher_test_vector_t sha3_224_1 = { + .alg = HASH_SHA3_224, .len = 1, + .data = "\xCC", + .hash = "\xDF\x70\xAD\xC4\x9B\x2E\x76\xEE\xE3\xA6\x93\x1B\x93\xFA\x41\x84" + "\x1C\x3A\xF2\xCD\xF5\xB3\x2A\x18\xB5\x47\x8C\x39" +}; + +hasher_test_vector_t sha3_224_2 = { + .alg = HASH_SHA3_224, .len = 2, + .data = "\x41\xFB", + .hash = "\xBF\xF2\x95\x86\x1D\xAE\xDF\x33\xE7\x05\x19\xB1\xE2\xBC\xB4\xC2" + "\xE9\xFE\x33\x64\xD7\x89\xBC\x3B\x17\x30\x1C\x15" +}; + +hasher_test_vector_t sha3_224_143 = { + .alg = HASH_SHA3_224, .len = 143, + .data = "\xEA\x40\xE8\x3C\xB1\x8B\x3A\x24\x2C\x1E\xCC\x6C\xCD\x0B\x78\x53" + "\xA4\x39\xDA\xB2\xC5\x69\xCF\xC6\xDC\x38\xA1\x9F\x5C\x90\xAC\xBF" + "\x76\xAE\xF9\xEA\x37\x42\xFF\x3B\x54\xEF\x7D\x36\xEB\x7C\xE4\xFF" + "\x1C\x9A\xB3\xBC\x11\x9C\xFF\x6B\xE9\x3C\x03\xE2\x08\x78\x33\x35" + "\xC0\xAB\x81\x37\xBE\x5B\x10\xCD\xC6\x6F\xF3\xF8\x9A\x1B\xDD\xC6" + "\xA1\xEE\xD7\x4F\x50\x4C\xBE\x72\x90\x69\x0B\xB2\x95\xA8\x72\xB9" + "\xE3\xFE\x2C\xEE\x9E\x6C\x67\xC4\x1D\xB8\xEF\xD7\xD8\x63\xCF\x10" + "\xF8\x40\xFE\x61\x8E\x79\x36\xDA\x3D\xCA\x5C\xA6\xDF\x93\x3F\x24" + "\xF6\x95\x4B\xA0\x80\x1A\x12\x94\xCD\x8D\x7E\x66\xDF\xAF\xEC", + .hash = "\xAB\x0F\xD3\x08\x59\x05\x74\xD6\xF6\x13\x02\x32\xD9\xFA\xFA\x9F" + "\xFC\xFE\xA7\x85\x79\xA6\xA8\xF6\x7C\x59\x04\x20" +}; + +hasher_test_vector_t sha3_224_144 = { + .alg = HASH_SHA3_224, .len = 144, + .data = "\x15\x7D\x5B\x7E\x45\x07\xF6\x6D\x9A\x26\x74\x76\xD3\x38\x31\xE7" + "\xBB\x76\x8D\x4D\x04\xCC\x34\x38\xDA\x12\xF9\x01\x02\x63\xEA\x5F" + "\xCA\xFB\xDE\x25\x79\xDB\x2F\x6B\x58\xF9\x11\xD5\x93\xD5\xF7\x9F" + "\xB0\x5F\xE3\x59\x6E\x3F\xA8\x0F\xF2\xF7\x61\xD1\xB0\xE5\x70\x80" + "\x05\x5C\x11\x8C\x53\xE5\x3C\xDB\x63\x05\x52\x61\xD7\xC9\xB2\xB3" + "\x9B\xD9\x0A\xCC\x32\x52\x0C\xBB\xDB\xDA\x2C\x4F\xD8\x85\x6D\xBC" + "\xEE\x17\x31\x32\xA2\x67\x91\x98\xDA\xF8\x30\x07\xA9\xB5\xC5\x15" + "\x11\xAE\x49\x76\x6C\x79\x2A\x29\x52\x03\x88\x44\x4E\xBE\xFE\x28" + "\x25\x6F\xB3\x3D\x42\x60\x43\x9C\xBA\x73\xA9\x47\x9E\xE0\x0C\x63", + .hash = "\xD5\x13\x42\x00\xDC\x98\xF4\xCA\x48\x0C\xD2\x4D\x24\x49\x77\x37" + "\x25\x2B\x55\x97\x7A\xE5\xA8\x69\xBA\x27\x08\x9D" +}; + +hasher_test_vector_t sha3_224_255 = { + .alg = HASH_SHA3_224, .len = 255, + .data = "\x3A\x3A\x81\x9C\x48\xEF\xDE\x2A\xD9\x14\xFB\xF0\x0E\x18\xAB\x6B" + "\xC4\xF1\x45\x13\xAB\x27\xD0\xC1\x78\xA1\x88\xB6\x14\x31\xE7\xF5" + "\x62\x3C\xB6\x6B\x23\x34\x67\x75\xD3\x86\xB5\x0E\x98\x2C\x49\x3A" + "\xDB\xBF\xC5\x4B\x9A\x3C\xD3\x83\x38\x23\x36\xA1\xA0\xB2\x15\x0A" + "\x15\x35\x8F\x33\x6D\x03\xAE\x18\xF6\x66\xC7\x57\x3D\x55\xC4\xFD" + "\x18\x1C\x29\xE6\xCC\xFD\xE6\x3E\xA3\x5F\x0A\xDF\x58\x85\xCF\xC0" + "\xA3\xD8\x4A\x2B\x2E\x4D\xD2\x44\x96\xDB\x78\x9E\x66\x31\x70\xCE" + "\xF7\x47\x98\xAA\x1B\xBC\xD4\x57\x4E\xA0\xBB\xA4\x04\x89\xD7\x64" + "\xB2\xF8\x3A\xAD\xC6\x6B\x14\x8B\x4A\x0C\xD9\x52\x46\xC1\x27\xD5" + "\x87\x1C\x4F\x11\x41\x86\x90\xA5\xDD\xF0\x12\x46\xA0\xC8\x0A\x43" + "\xC7\x00\x88\xB6\x18\x36\x39\xDC\xFD\xA4\x12\x5B\xD1\x13\xA8\xF4" + "\x9E\xE2\x3E\xD3\x06\xFA\xAC\x57\x6C\x3F\xB0\xC1\xE2\x56\x67\x1D" + "\x81\x7F\xC2\x53\x4A\x52\xF5\xB4\x39\xF7\x2E\x42\x4D\xE3\x76\xF4" + "\xC5\x65\xCC\xA8\x23\x07\xDD\x9E\xF7\x6D\xA5\xB7\xC4\xEB\x7E\x08" + "\x51\x72\xE3\x28\x80\x7C\x02\xD0\x11\xFF\xBF\x33\x78\x53\x78\xD7" + "\x9D\xC2\x66\xF6\xA5\xBE\x6B\xB0\xE4\xA9\x2E\xCE\xEB\xAE\xB1", + .hash = "\x94\x68\x9E\xA9\xF3\x47\xDD\xA8\xDD\x79\x8A\x85\x86\x05\x86\x87" + "\x43\xC6\xBD\x03\xA6\xA6\x5C\x60\x85\xD5\x2B\xED" +}; + +/** + * SHA-3_256 vectors from "https://github.com/gvanas/KeccakCodePackage/" + */ +hasher_test_vector_t sha3_256_0 = { + .alg = HASH_SHA3_256, .len = 0, + .data = "", + .hash = "\xA7\xFF\xC6\xF8\xBF\x1E\xD7\x66\x51\xC1\x47\x56\xA0\x61\xD6\x62" + "\xF5\x80\xFF\x4D\xE4\x3B\x49\xFA\x82\xD8\x0A\x4B\x80\xF8\x43\x4A" +}; + +hasher_test_vector_t sha3_256_1 = { + .alg = HASH_SHA3_256, .len = 1, + .data = "\xCC", + .hash = "\x67\x70\x35\x39\x1C\xD3\x70\x12\x93\xD3\x85\xF0\x37\xBA\x32\x79" + "\x62\x52\xBB\x7C\xE1\x80\xB0\x0B\x58\x2D\xD9\xB2\x0A\xAA\xD7\xF0" +}; + +hasher_test_vector_t sha3_256_2 = { + .alg = HASH_SHA3_256, .len = 2, + .data = "\x41\xFB", + .hash = "\x39\xF3\x1B\x6E\x65\x3D\xFC\xD9\xCA\xED\x26\x02\xFD\x87\xF6\x1B" + "\x62\x54\xF5\x81\x31\x2F\xB6\xEE\xEC\x4D\x71\x48\xFA\x2E\x72\xAA" +}; + +hasher_test_vector_t sha3_256_135 = { + .alg = HASH_SHA3_256, .len = 135, + .data = "\xB7\x71\xD5\xCE\xF5\xD1\xA4\x1A\x93\xD1\x56\x43\xD7\x18\x1D\x2A" + "\x2E\xF0\xA8\xE8\x4D\x91\x81\x2F\x20\xED\x21\xF1\x47\xBE\xF7\x32" + "\xBF\x3A\x60\xEF\x40\x67\xC3\x73\x4B\x85\xBC\x8C\xD4\x71\x78\x0F" + "\x10\xDC\x9E\x82\x91\xB5\x83\x39\xA6\x77\xB9\x60\x21\x8F\x71\xE7" + "\x93\xF2\x79\x7A\xEA\x34\x94\x06\x51\x28\x29\x06\x5D\x37\xBB\x55" + "\xEA\x79\x6F\xA4\xF5\x6F\xD8\x89\x6B\x49\xB2\xCD\x19\xB4\x32\x15" + "\xAD\x96\x7C\x71\x2B\x24\xE5\x03\x2D\x06\x52\x32\xE0\x2C\x12\x74" + "\x09\xD2\xED\x41\x46\xB9\xD7\x5D\x76\x3D\x52\xDB\x98\xD9\x49\xD3" + "\xB0\xFE\xD6\xA8\x05\x2F\xBB", + .hash = "\xA1\x9E\xEE\x92\xBB\x20\x97\xB6\x4E\x82\x3D\x59\x77\x98\xAA\x18" + "\xBE\x9B\x7C\x73\x6B\x80\x59\xAB\xFD\x67\x79\xAC\x35\xAC\x81\xB5" +}; + +hasher_test_vector_t sha3_256_136 = { + .alg = HASH_SHA3_256, .len = 136, + .data = "\xB3\x2D\x95\xB0\xB9\xAA\xD2\xA8\x81\x6D\xE6\xD0\x6D\x1F\x86\x00" + "\x85\x05\xBD\x8C\x14\x12\x4F\x6E\x9A\x16\x3B\x5A\x2A\xDE\x55\xF8" + "\x35\xD0\xEC\x38\x80\xEF\x50\x70\x0D\x3B\x25\xE4\x2C\xC0\xAF\x05" + "\x0C\xCD\x1B\xE5\xE5\x55\xB2\x30\x87\xE0\x4D\x7B\xF9\x81\x36\x22" + "\x78\x0C\x73\x13\xA1\x95\x4F\x87\x40\xB6\xEE\x2D\x3F\x71\xF7\x68" + "\xDD\x41\x7F\x52\x04\x82\xBD\x3A\x08\xD4\xF2\x22\xB4\xEE\x9D\xBD" + "\x01\x54\x47\xB3\x35\x07\xDD\x50\xF3\xAB\x42\x47\xC5\xDE\x9A\x8A" + "\xBD\x62\xA8\xDE\xCE\xA0\x1E\x3B\x87\xC8\xB9\x27\xF5\xB0\x8B\xEB" + "\x37\x67\x4C\x6F\x8E\x38\x0C\x04", + .hash = "\xDF\x67\x3F\x41\x05\x37\x9F\xF6\xB7\x55\xEE\xAB\x20\xCE\xB0\xDC" + "\x77\xB5\x28\x63\x64\xFE\x16\xC5\x9C\xC8\xA9\x07\xAF\xF0\x77\x32" +}; + +hasher_test_vector_t sha3_256_255 = { + .alg = HASH_SHA3_256, .len = 255, + .data = "\x3A\x3A\x81\x9C\x48\xEF\xDE\x2A\xD9\x14\xFB\xF0\x0E\x18\xAB\x6B" + "\xC4\xF1\x45\x13\xAB\x27\xD0\xC1\x78\xA1\x88\xB6\x14\x31\xE7\xF5" + "\x62\x3C\xB6\x6B\x23\x34\x67\x75\xD3\x86\xB5\x0E\x98\x2C\x49\x3A" + "\xDB\xBF\xC5\x4B\x9A\x3C\xD3\x83\x38\x23\x36\xA1\xA0\xB2\x15\x0A" + "\x15\x35\x8F\x33\x6D\x03\xAE\x18\xF6\x66\xC7\x57\x3D\x55\xC4\xFD" + "\x18\x1C\x29\xE6\xCC\xFD\xE6\x3E\xA3\x5F\x0A\xDF\x58\x85\xCF\xC0" + "\xA3\xD8\x4A\x2B\x2E\x4D\xD2\x44\x96\xDB\x78\x9E\x66\x31\x70\xCE" + "\xF7\x47\x98\xAA\x1B\xBC\xD4\x57\x4E\xA0\xBB\xA4\x04\x89\xD7\x64" + "\xB2\xF8\x3A\xAD\xC6\x6B\x14\x8B\x4A\x0C\xD9\x52\x46\xC1\x27\xD5" + "\x87\x1C\x4F\x11\x41\x86\x90\xA5\xDD\xF0\x12\x46\xA0\xC8\x0A\x43" + "\xC7\x00\x88\xB6\x18\x36\x39\xDC\xFD\xA4\x12\x5B\xD1\x13\xA8\xF4" + "\x9E\xE2\x3E\xD3\x06\xFA\xAC\x57\x6C\x3F\xB0\xC1\xE2\x56\x67\x1D" + "\x81\x7F\xC2\x53\x4A\x52\xF5\xB4\x39\xF7\x2E\x42\x4D\xE3\x76\xF4" + "\xC5\x65\xCC\xA8\x23\x07\xDD\x9E\xF7\x6D\xA5\xB7\xC4\xEB\x7E\x08" + "\x51\x72\xE3\x28\x80\x7C\x02\xD0\x11\xFF\xBF\x33\x78\x53\x78\xD7" + "\x9D\xC2\x66\xF6\xA5\xBE\x6B\xB0\xE4\xA9\x2E\xCE\xEB\xAE\xB1", + .hash = "\xC1\x1F\x35\x22\xA8\xFB\x7B\x35\x32\xD8\x0B\x6D\x40\x02\x3A\x92" + "\xB4\x89\xAD\xDA\xD9\x3B\xF5\xD6\x4B\x23\xF3\x5E\x96\x63\x52\x1C" +}; + +/** + * SHA-3_384 vectors from "https://github.com/gvanas/KeccakCodePackage/" + */ +hasher_test_vector_t sha3_384_0 = { + .alg = HASH_SHA3_384, .len = 0, + .data = "", + .hash = "\x0C\x63\xA7\x5B\x84\x5E\x4F\x7D\x01\x10\x7D\x85\x2E\x4C\x24\x85" + "\xC5\x1A\x50\xAA\xAA\x94\xFC\x61\x99\x5E\x71\xBB\xEE\x98\x3A\x2A" + "\xC3\x71\x38\x31\x26\x4A\xDB\x47\xFB\x6B\xD1\xE0\x58\xD5\xF0\x04" +}; + +hasher_test_vector_t sha3_384_1 = { + .alg = HASH_SHA3_384, .len = 1, + .data = "\xCC", + .hash = "\x5E\xE7\xF3\x74\x97\x3C\xD4\xBB\x3D\xC4\x1E\x30\x81\x34\x67\x98" + "\x49\x7F\xF6\xE3\x6C\xB9\x35\x22\x81\xDF\xE0\x7D\x07\xFC\x53\x0C" + "\xA9\xAD\x8E\xF7\xAA\xD5\x6E\xF5\xD4\x1B\xE8\x3D\x5E\x54\x38\x07" +}; + +hasher_test_vector_t sha3_384_2 = { + .alg = HASH_SHA3_384, .len = 2, + .data = "\x41\xFB", + .hash = "\x1D\xD8\x16\x09\xDC\xC2\x90\xEF\xFD\x7A\xC0\xA9\x5D\x4A\x20\x82" + "\x15\x80\xE5\x6B\xD5\x0D\xBD\x84\x39\x20\x65\x0B\xE7\xA8\x0A\x17" + "\x19\x57\x7D\xA3\x37\xCF\xDF\x86\xE5\x1C\x76\x4C\xAA\x2E\x10\xBD" +}; + +hasher_test_vector_t sha3_384_103 = { + .alg = HASH_SHA3_384, .len = 103, + .data = "\xF1\x3C\x97\x2C\x52\xCB\x3C\xC4\xA4\xDF\x28\xC9\x7F\x2D\xF1\x1C" + "\xE0\x89\xB8\x15\x46\x6B\xE8\x88\x63\x24\x3E\xB3\x18\xC2\xAD\xB1" + "\xA4\x17\xCB\x10\x41\x30\x85\x98\x54\x17\x20\x19\x7B\x9B\x1C\xB5" + "\xBA\x23\x18\xBD\x55\x74\xD1\xDF\x21\x74\xAF\x14\x88\x41\x49\xBA" + "\x9B\x2F\x44\x6D\x60\x9D\xF2\x40\xCE\x33\x55\x99\x95\x7B\x8E\xC8" + "\x08\x76\xD9\xA0\x85\xAE\x08\x49\x07\xBC\x59\x61\xB2\x0B\xF5\xF6" + "\xCA\x58\xD5\xDA\xB3\x8A\xDB", + .hash = "\x0A\x83\x4E\x11\x1B\x4E\x84\x0E\x78\x7C\x19\x74\x84\x65\xA4\x7D" + "\x88\xB3\xF0\xF3\xDA\xAF\x15\xDB\x25\x53\x6B\xDC\x60\x78\xFA\x9C" + "\x05\xE6\xC9\x53\x83\x02\x74\x22\x39\x68\x84\x7D\xA8\xBF\xD2\x0D" +}; + +hasher_test_vector_t sha3_384_104 = { + .alg = HASH_SHA3_384, .len = 104, + .data = "\xE3\x57\x80\xEB\x97\x99\xAD\x4C\x77\x53\x5D\x4D\xDB\x68\x3C\xF3" + "\x3E\xF3\x67\x71\x53\x27\xCF\x4C\x4A\x58\xED\x9C\xBD\xCD\xD4\x86" + "\xF6\x69\xF8\x01\x89\xD5\x49\xA9\x36\x4F\xA8\x2A\x51\xA5\x26\x54" + "\xEC\x72\x1B\xB3\xAA\xB9\x5D\xCE\xB4\xA8\x6A\x6A\xFA\x93\x82\x6D" + "\xB9\x23\x51\x7E\x92\x8F\x33\xE3\xFB\xA8\x50\xD4\x56\x60\xEF\x83" + "\xB9\x87\x6A\xCC\xAF\xA2\xA9\x98\x7A\x25\x4B\x13\x7C\x6E\x14\x0A" + "\x21\x69\x1E\x10\x69\x41\x38\x48", + .hash = "\xD1\xC0\xFA\x85\xC8\xD1\x83\xBE\xFF\x99\xAD\x9D\x75\x2B\x26\x3E" + "\x28\x6B\x47\x7F\x79\xF0\x71\x0B\x01\x03\x17\x01\x73\x97\x81\x33" + "\x44\xB9\x9D\xAF\x3B\xB7\xB1\xBC\x5E\x8D\x72\x2B\xAC\x85\x94\x3A" +}; + +hasher_test_vector_t sha3_384_255 = { + .alg = HASH_SHA3_384, .len = 255, + .data = "\x3A\x3A\x81\x9C\x48\xEF\xDE\x2A\xD9\x14\xFB\xF0\x0E\x18\xAB\x6B" + "\xC4\xF1\x45\x13\xAB\x27\xD0\xC1\x78\xA1\x88\xB6\x14\x31\xE7\xF5" + "\x62\x3C\xB6\x6B\x23\x34\x67\x75\xD3\x86\xB5\x0E\x98\x2C\x49\x3A" + "\xDB\xBF\xC5\x4B\x9A\x3C\xD3\x83\x38\x23\x36\xA1\xA0\xB2\x15\x0A" + "\x15\x35\x8F\x33\x6D\x03\xAE\x18\xF6\x66\xC7\x57\x3D\x55\xC4\xFD" + "\x18\x1C\x29\xE6\xCC\xFD\xE6\x3E\xA3\x5F\x0A\xDF\x58\x85\xCF\xC0" + "\xA3\xD8\x4A\x2B\x2E\x4D\xD2\x44\x96\xDB\x78\x9E\x66\x31\x70\xCE" + "\xF7\x47\x98\xAA\x1B\xBC\xD4\x57\x4E\xA0\xBB\xA4\x04\x89\xD7\x64" + "\xB2\xF8\x3A\xAD\xC6\x6B\x14\x8B\x4A\x0C\xD9\x52\x46\xC1\x27\xD5" + "\x87\x1C\x4F\x11\x41\x86\x90\xA5\xDD\xF0\x12\x46\xA0\xC8\x0A\x43" + "\xC7\x00\x88\xB6\x18\x36\x39\xDC\xFD\xA4\x12\x5B\xD1\x13\xA8\xF4" + "\x9E\xE2\x3E\xD3\x06\xFA\xAC\x57\x6C\x3F\xB0\xC1\xE2\x56\x67\x1D" + "\x81\x7F\xC2\x53\x4A\x52\xF5\xB4\x39\xF7\x2E\x42\x4D\xE3\x76\xF4" + "\xC5\x65\xCC\xA8\x23\x07\xDD\x9E\xF7\x6D\xA5\xB7\xC4\xEB\x7E\x08" + "\x51\x72\xE3\x28\x80\x7C\x02\xD0\x11\xFF\xBF\x33\x78\x53\x78\xD7" + "\x9D\xC2\x66\xF6\xA5\xBE\x6B\xB0\xE4\xA9\x2E\xCE\xEB\xAE\xB1", + .hash = "\x12\x8D\xC6\x11\x76\x2B\xE9\xB1\x35\xB3\x73\x94\x84\xCF\xAA\xDC" + "\xA7\x48\x1D\x68\x51\x4F\x3D\xFD\x6F\x5D\x78\xBB\x18\x63\xAE\x68" + "\x13\x08\x35\xCD\xC7\x06\x1A\x7E\xD9\x64\xB3\x2F\x1D\xB7\x5E\xE1" +}; + +/** + * SHA-3_512 vectors from "https://github.com/gvanas/KeccakCodePackage/" + */ +hasher_test_vector_t sha3_512_0 = { + .alg = HASH_SHA3_512, .len = 0, + .data = "", + .hash = "\xA6\x9F\x73\xCC\xA2\x3A\x9A\xC5\xC8\xB5\x67\xDC\x18\x5A\x75\x6E" + "\x97\xC9\x82\x16\x4F\xE2\x58\x59\xE0\xD1\xDC\xC1\x47\x5C\x80\xA6" + "\x15\xB2\x12\x3A\xF1\xF5\xF9\x4C\x11\xE3\xE9\x40\x2C\x3A\xC5\x58" + "\xF5\x00\x19\x9D\x95\xB6\xD3\xE3\x01\x75\x85\x86\x28\x1D\xCD\x26" +}; + +hasher_test_vector_t sha3_512_1 = { + .alg = HASH_SHA3_512, .len = 1, + .data = "\xCC", + .hash = "\x39\x39\xFC\xC8\xB5\x7B\x63\x61\x25\x42\xDA\x31\xA8\x34\xE5\xDC" + "\xC3\x6E\x2E\xE0\xF6\x52\xAC\x72\xE0\x26\x24\xFA\x2E\x5A\xDE\xEC" + "\xC7\xDD\x6B\xB3\x58\x02\x24\xB4\xD6\x13\x87\x06\xFC\x6E\x80\x59" + "\x7B\x52\x80\x51\x23\x0B\x00\x62\x1C\xC2\xB2\x29\x99\xEA\xA2\x05" +}; + +hasher_test_vector_t sha3_512_2 = { + .alg = HASH_SHA3_512, .len = 2, + .data = "\x41\xFB", + .hash = "\xAA\x09\x28\x65\xA4\x06\x94\xD9\x17\x54\xDB\xC7\x67\xB5\x20\x2C" + "\x54\x6E\x22\x68\x77\x14\x7A\x95\xCB\x8B\x4C\x8F\x87\x09\xFE\x8C" + "\xD6\x90\x52\x56\xB0\x89\xDA\x37\x89\x6E\xA5\xCA\x19\xD2\xCD\x9A" + "\xB9\x4C\x71\x92\xFC\x39\xF7\xCD\x4D\x59\x89\x75\xA3\x01\x3C\x69" +}; + +hasher_test_vector_t sha3_512_71 = { + .alg = HASH_SHA3_512, .len = 71, + .data = "\x13\xBD\x28\x11\xF6\xED\x2B\x6F\x04\xFF\x38\x95\xAC\xEE\xD7\xBE" + "\xF8\xDC\xD4\x5E\xB1\x21\x79\x1B\xC1\x94\xA0\xF8\x06\x20\x6B\xFF" + "\xC3\xB9\x28\x1C\x2B\x30\x8B\x1A\x72\x9C\xE0\x08\x11\x9D\xD3\x06" + "\x6E\x93\x78\xAC\xDC\xC5\x0A\x98\xA8\x2E\x20\x73\x88\x00\xB6\xCD" + "\xDB\xE5\xFE\x96\x94\xAD\x6D", + .hash = "\xDE\xF4\xAB\x6C\xDA\x88\x39\x72\x9A\x03\xE0\x00\x84\x66\x04\xB1" + "\x7F\x03\xC5\xD5\xD7\xEC\x23\xC4\x83\x67\x0A\x13\xE1\x15\x73\xC1" + "\xE9\x34\x7A\x63\xEC\x69\xA5\xAB\xB2\x13\x05\xF9\x38\x2E\xCD\xAA" + "\xAB\xC6\x85\x0F\x92\x84\x0E\x86\xF8\x8F\x4D\xAB\xFC\xD9\x3C\xC0" +}; + +hasher_test_vector_t sha3_512_72 = { + .alg = HASH_SHA3_512, .len = 72, + .data = "\x1E\xED\x9C\xBA\x17\x9A\x00\x9E\xC2\xEC\x55\x08\x77\x3D\xD3\x05" + "\x47\x7C\xA1\x17\xE6\xD5\x69\xE6\x6B\x5F\x64\xC6\xBC\x64\x80\x1C" + "\xE2\x5A\x84\x24\xCE\x4A\x26\xD5\x75\xB8\xA6\xFB\x10\xEA\xD3\xFD" + "\x19\x92\xED\xDD\xEE\xC2\xEB\xE7\x15\x0D\xC9\x8F\x63\xAD\xC3\x23" + "\x7E\xF5\x7B\x91\x39\x7A\xA8\xA7", + .hash = "\xA3\xE1\x68\xB0\xD6\xC1\x43\xEE\x9E\x17\xEA\xE9\x29\x30\xB9\x7E" + "\x66\x00\x35\x6B\x73\xAE\xBB\x5D\x68\x00\x5D\xD1\xD0\x74\x94\x45" + "\x1A\x37\x05\x2F\x7B\x39\xFF\x03\x0C\x1A\xE1\xD7\xEF\xC4\xE0\xC3" + "\x66\x7E\xB7\xA7\x6C\x62\x7E\xC1\x43\x54\xC4\xF6\xA7\x96\xE2\xC6" +}; + +hasher_test_vector_t sha3_512_255 = { + .alg = HASH_SHA3_512, .len = 255, + .data = "\x3A\x3A\x81\x9C\x48\xEF\xDE\x2A\xD9\x14\xFB\xF0\x0E\x18\xAB\x6B" + "\xC4\xF1\x45\x13\xAB\x27\xD0\xC1\x78\xA1\x88\xB6\x14\x31\xE7\xF5" + "\x62\x3C\xB6\x6B\x23\x34\x67\x75\xD3\x86\xB5\x0E\x98\x2C\x49\x3A" + "\xDB\xBF\xC5\x4B\x9A\x3C\xD3\x83\x38\x23\x36\xA1\xA0\xB2\x15\x0A" + "\x15\x35\x8F\x33\x6D\x03\xAE\x18\xF6\x66\xC7\x57\x3D\x55\xC4\xFD" + "\x18\x1C\x29\xE6\xCC\xFD\xE6\x3E\xA3\x5F\x0A\xDF\x58\x85\xCF\xC0" + "\xA3\xD8\x4A\x2B\x2E\x4D\xD2\x44\x96\xDB\x78\x9E\x66\x31\x70\xCE" + "\xF7\x47\x98\xAA\x1B\xBC\xD4\x57\x4E\xA0\xBB\xA4\x04\x89\xD7\x64" + "\xB2\xF8\x3A\xAD\xC6\x6B\x14\x8B\x4A\x0C\xD9\x52\x46\xC1\x27\xD5" + "\x87\x1C\x4F\x11\x41\x86\x90\xA5\xDD\xF0\x12\x46\xA0\xC8\x0A\x43" + "\xC7\x00\x88\xB6\x18\x36\x39\xDC\xFD\xA4\x12\x5B\xD1\x13\xA8\xF4" + "\x9E\xE2\x3E\xD3\x06\xFA\xAC\x57\x6C\x3F\xB0\xC1\xE2\x56\x67\x1D" + "\x81\x7F\xC2\x53\x4A\x52\xF5\xB4\x39\xF7\x2E\x42\x4D\xE3\x76\xF4" + "\xC5\x65\xCC\xA8\x23\x07\xDD\x9E\xF7\x6D\xA5\xB7\xC4\xEB\x7E\x08" + "\x51\x72\xE3\x28\x80\x7C\x02\xD0\x11\xFF\xBF\x33\x78\x53\x78\xD7" + "\x9D\xC2\x66\xF6\xA5\xBE\x6B\xB0\xE4\xA9\x2E\xCE\xEB\xAE\xB1", + .hash = "\x6E\x8B\x8B\xD1\x95\xBD\xD5\x60\x68\x9A\xF2\x34\x8B\xDC\x74\xAB" + "\x7C\xD0\x5E\xD8\xB9\xA5\x77\x11\xE9\xBE\x71\xE9\x72\x6F\xDA\x45" + "\x91\xFE\xE1\x22\x05\xED\xAC\xAF\x82\xFF\xBB\xAF\x16\xDF\xF9\xE7" + "\x02\xA7\x08\x86\x20\x80\x16\x6C\x2F\xF6\xBA\x37\x9B\xC7\xFF\xC2" +}; + diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index eb5b01986..e32f8eefe 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -266,8 +266,8 @@ static chunk_t build_optionalSignature(private_x509_ocsp_request_t *this, scheme = SIGN_ECDSA_WITH_SHA1_DER; break; case KEY_BLISS: - oid = OID_BLISS_WITH_SHA512; - scheme = SIGN_BLISS_WITH_SHA512; + oid = OID_BLISS_WITH_SHA2_512; + scheme = SIGN_BLISS_WITH_SHA2_512; break; default: DBG1(DBG_LIB, "unable to sign OCSP request, %N signature not " diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c index 668632459..a6298b394 100644 --- a/src/libstrongswan/selectors/traffic_selector.c +++ b/src/libstrongswan/selectors/traffic_selector.c @@ -219,9 +219,8 @@ int traffic_selector_printf_hook(printf_hook_data_t *data, enumerator_t *enumerator; char from_str[INET6_ADDRSTRLEN] = ""; char to_str[INET6_ADDRSTRLEN] = ""; - char *serv_proto = NULL; - bool has_proto; - bool has_ports; + char *serv_proto = NULL, *sep = ""; + bool has_proto, has_ports; size_t written = 0; u_int32_t from[4], to[4]; @@ -235,8 +234,8 @@ int traffic_selector_printf_hook(printf_hook_data_t *data, enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, (void**)&this)) { - /* call recursivly */ - written += print_in_hook(data, "%R ", this); + written += print_in_hook(data, "%s%R", sep, this); + sep = " "; } enumerator->destroy(enumerator); return written; diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c index 305ebe620..56cc2f19b 100644 --- a/src/libstrongswan/settings/settings.c +++ b/src/libstrongswan/settings/settings.c @@ -540,6 +540,31 @@ METHOD(settings_t, get_int, int, /** * Described in header */ +inline u_int64_t settings_value_as_uint64(char *value, u_int64_t def) +{ + u_int64_t intval; + char *end; + int base = 10; + + if (value) + { + errno = 0; + if (value[0] == '0' && value[1] == 'x') + { /* manually detect 0x prefix as we want to avoid octal encoding */ + base = 16; + } + intval = strtoull(value, &end, base); + if (errno == 0 && *end == 0 && end != value) + { + return intval; + } + } + return def; +} + +/** + * Described in header + */ inline double settings_value_as_double(char *value, double def) { double dval; diff --git a/src/libstrongswan/settings/settings.h b/src/libstrongswan/settings/settings.h index 4ef80d0f6..a133a3681 100644 --- a/src/libstrongswan/settings/settings.h +++ b/src/libstrongswan/settings/settings.h @@ -51,6 +51,15 @@ bool settings_value_as_bool(char *value, bool def); int settings_value_as_int(char *value, int def); /** + * Convert a string value returned by a key/value enumerator to an u_int64_t. + * + * @see settings_t.create_key_value_enumerator() + * @param value the string value + * @param def the default value, if value is NULL or invalid + */ +u_int64_t settings_value_as_uint64(char *value, u_int64_t def); + +/** * Convert a string value returned by a key/value enumerator to a double. * * @see settings_t.create_key_value_enumerator() diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c index 14cc32122..067abf0d9 100644 --- a/src/libstrongswan/tests/suites/test_hasher.c +++ b/src/libstrongswan/tests/suites/test_hasher.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2013 Andreas Steffen + * Copyright (C) 2013-2015 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -28,30 +28,38 @@ typedef struct { }hasher_oid_t; static hasher_oid_t oids[] = { - { OID_MD2, HASH_MD2, KEY_ANY }, - { OID_MD5, HASH_MD5, KEY_ANY }, - { OID_SHA1, HASH_SHA1, KEY_ANY }, - { OID_SHA224, HASH_SHA224, KEY_ANY }, - { OID_SHA256, HASH_SHA256, KEY_ANY }, - { OID_SHA384, HASH_SHA384, KEY_ANY }, - { OID_SHA512, HASH_SHA512, KEY_ANY }, - { OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY }, - { OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA }, - { OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA }, - { OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA }, - { OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA }, - { OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA }, - { OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA }, - { OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA }, - { OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA }, - { OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA }, - { OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA }, - { OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA }, - { OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA }, - { OID_BLISS_WITH_SHA256, HASH_SHA256, KEY_BLISS }, - { OID_BLISS_WITH_SHA384, HASH_SHA384, KEY_BLISS }, - { OID_BLISS_WITH_SHA512, HASH_SHA512, KEY_BLISS }, - { OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA } + { OID_MD2, HASH_MD2, KEY_ANY }, /* 0 */ + { OID_MD5, HASH_MD5, KEY_ANY }, /* 1 */ + { OID_SHA1, HASH_SHA1, KEY_ANY }, /* 2 */ + { OID_SHA224, HASH_SHA224, KEY_ANY }, /* 3 */ + { OID_SHA256, HASH_SHA256, KEY_ANY }, /* 4 */ + { OID_SHA384, HASH_SHA384, KEY_ANY }, /* 5 */ + { OID_SHA512, HASH_SHA512, KEY_ANY }, /* 6 */ + { OID_SHA3_224, HASH_SHA3_224, KEY_ANY }, /* 7 */ + { OID_SHA3_256, HASH_SHA3_256, KEY_ANY }, /* 8 */ + { OID_SHA3_384, HASH_SHA3_384, KEY_ANY }, /* 9 */ + { OID_SHA3_512, HASH_SHA3_512, KEY_ANY }, /* 10 */ + { OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY }, /* 11 */ + { OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA }, /* 12 */ + { OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA }, /* 13 */ + { OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA }, /* 14 */ + { OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA }, /* 15 */ + { OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA }, /* 16 */ + { OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA }, /* 17 */ + { OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA }, /* 18 */ + { OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA }, /* 19 */ + { OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA }, /* 20 */ + { OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA }, /* 21 */ + { OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA }, /* 22 */ + { OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA }, /* 23 */ + { OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA }, /* 24 */ + { OID_BLISS_WITH_SHA2_256, HASH_SHA256, KEY_BLISS }, /* 25 */ + { OID_BLISS_WITH_SHA2_384, HASH_SHA384, KEY_BLISS }, /* 26 */ + { OID_BLISS_WITH_SHA2_512, HASH_SHA512, KEY_BLISS }, /* 27 */ + { OID_BLISS_WITH_SHA3_256, HASH_SHA3_256, KEY_BLISS }, /* 28 */ + { OID_BLISS_WITH_SHA3_384, HASH_SHA3_384, KEY_BLISS }, /* 29 */ + { OID_BLISS_WITH_SHA3_512, HASH_SHA3_512, KEY_BLISS }, /* 30 */ + { OID_UNKNOWN, HASH_UNKNOWN, KEY_BLISS } /* 31 */ }; START_TEST(test_hasher_from_oid) @@ -74,6 +82,44 @@ START_TEST(test_hasher_sig_to_oid) END_TEST typedef struct { + signature_scheme_t scheme; + hash_algorithm_t alg; +}hasher_sig_scheme_t; + +static hasher_sig_scheme_t sig_schemes[] = { + { SIGN_UNKNOWN, HASH_UNKNOWN }, + { SIGN_RSA_EMSA_PKCS1_NULL, HASH_UNKNOWN }, + { SIGN_RSA_EMSA_PKCS1_MD5, HASH_MD5 }, + { SIGN_RSA_EMSA_PKCS1_SHA1, HASH_SHA1 }, + { SIGN_RSA_EMSA_PKCS1_SHA224, HASH_SHA224 }, + { SIGN_RSA_EMSA_PKCS1_SHA256, HASH_SHA256 }, + { SIGN_RSA_EMSA_PKCS1_SHA384, HASH_SHA384 }, + { SIGN_RSA_EMSA_PKCS1_SHA512, HASH_SHA512 }, + { SIGN_ECDSA_WITH_SHA1_DER, HASH_SHA1 }, + { SIGN_ECDSA_WITH_SHA256_DER, HASH_SHA256 }, + { SIGN_ECDSA_WITH_SHA384_DER, HASH_SHA384 }, + { SIGN_ECDSA_WITH_SHA512_DER, HASH_SHA512 }, + { SIGN_ECDSA_WITH_NULL, HASH_UNKNOWN }, + { SIGN_ECDSA_256, HASH_SHA256 }, + { SIGN_ECDSA_384, HASH_SHA384 }, + { SIGN_ECDSA_521, HASH_SHA512 }, + { SIGN_BLISS_WITH_SHA2_256, HASH_SHA256 }, + { SIGN_BLISS_WITH_SHA2_384, HASH_SHA384 }, + { SIGN_BLISS_WITH_SHA2_512, HASH_SHA512 }, + { SIGN_BLISS_WITH_SHA3_256, HASH_SHA3_256 }, + { SIGN_BLISS_WITH_SHA3_384, HASH_SHA3_384 }, + { SIGN_BLISS_WITH_SHA3_512, HASH_SHA3_512 }, + { 30, HASH_UNKNOWN } +}; + +START_TEST(test_hasher_from_sig_scheme) +{ + ck_assert(hasher_from_signature_scheme(sig_schemes[_i].scheme) == + sig_schemes[_i].alg); +} +END_TEST + +typedef struct { pseudo_random_function_t prf; hash_algorithm_t alg; }hasher_prf_t; @@ -157,6 +203,35 @@ START_TEST(test_hasher_to_integrity) } END_TEST + +typedef struct { + hash_algorithm_t alg; + bool ikev2; +}hasher_ikev2_t; + +static hasher_ikev2_t ikev2[] = { + { HASH_SHA1, TRUE }, + { HASH_SHA256, TRUE }, + { HASH_SHA384, TRUE }, + { HASH_SHA512, TRUE }, + { HASH_UNKNOWN, FALSE }, + { HASH_MD2, FALSE }, + { HASH_MD4, FALSE }, + { HASH_MD5, FALSE }, + { HASH_SHA224, FALSE }, + { HASH_SHA3_224, FALSE }, + { HASH_SHA3_256, FALSE }, + { HASH_SHA3_384, FALSE }, + { HASH_SHA3_512, FALSE }, + { 30, FALSE } +}; + +START_TEST(test_hasher_for_ikev2) +{ + ck_assert(hasher_algorithm_for_ikev2(ikev2[_i].alg) == ikev2[_i].ikev2); +} +END_TEST + Suite *hasher_suite_create() { Suite *s; @@ -169,11 +244,15 @@ Suite *hasher_suite_create() suite_add_tcase(s, tc); tc = tcase_create("to_oid"); - tcase_add_loop_test(tc, test_hasher_to_oid, 0, 8); + tcase_add_loop_test(tc, test_hasher_to_oid, 0, 12); suite_add_tcase(s, tc); tc = tcase_create("sig_to_oid"); - tcase_add_loop_test(tc, test_hasher_sig_to_oid, 7, countof(oids)); + tcase_add_loop_test(tc, test_hasher_sig_to_oid, 11, countof(oids)); + suite_add_tcase(s, tc); + + tc = tcase_create("from_sig_scheme"); + tcase_add_loop_test(tc, test_hasher_from_sig_scheme, 0, countof(sig_schemes)); suite_add_tcase(s, tc); tc = tcase_create("from_prf"); @@ -188,5 +267,9 @@ Suite *hasher_suite_create() tcase_add_loop_test(tc, test_hasher_to_integrity, 0, 17); suite_add_tcase(s, tc); + tc = tcase_create("for_ikev2"); + tcase_add_loop_test(tc, test_hasher_for_ikev2, 0, countof(ikev2)); + suite_add_tcase(s, tc); + return s; } diff --git a/src/libstrongswan/tests/suites/test_identification.c b/src/libstrongswan/tests/suites/test_identification.c index ff14ba897..9554d2919 100644 --- a/src/libstrongswan/tests/suites/test_identification.c +++ b/src/libstrongswan/tests/suites/test_identification.c @@ -550,6 +550,7 @@ START_TEST(test_matches) a = identification_create_from_string("C=CH, E=moon@strongswan.org, CN=moon"); ck_assert(id_matches(a, "C=CH, E=moon@strongswan.org, CN=moon", ID_MATCH_PERFECT)); + ck_assert(id_matches(a, "C=CH, E=*@strongswan.org, CN=moon", ID_MATCH_NONE)); ck_assert(id_matches(a, "C=CH, E=*, CN=moon", ID_MATCH_ONE_WILDCARD)); ck_assert(id_matches(a, "C=CH, E=*, CN=*", ID_MATCH_ONE_WILDCARD - 1)); ck_assert(id_matches(a, "C=*, E=*, CN=*", ID_MATCH_ONE_WILDCARD - 2)); diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c index bead9d795..5ddd0bb9a 100644 --- a/src/libstrongswan/tests/suites/test_settings.c +++ b/src/libstrongswan/tests/suites/test_settings.c @@ -317,6 +317,26 @@ START_TEST(test_set_int) } END_TEST +START_TEST(test_value_as_unit64) +{ + test_int_eq(1, settings_value_as_uint64(NULL, 1)); + test_int_eq(1, settings_value_as_uint64("", 1)); + test_int_eq(1, settings_value_as_uint64("2a", 1)); + test_int_eq(1, settings_value_as_uint64("a2", 1)); + test_int_eq(1, settings_value_as_uint64("2.0", 1)); + + test_int_eq(10, settings_value_as_uint64("10", 0)); + test_int_eq(10, settings_value_as_uint64("010", 0)); + test_int_eq(16, settings_value_as_uint64("0x010", 0)); + test_int_eq(0x2a, settings_value_as_uint64("0x2a", 0)); + + test_int_eq(0xffffffffffffffffLL, settings_value_as_uint64("0xffffffffffffffff", 0)); + test_int_eq(0xffffffff00000000LL, settings_value_as_uint64("0xffffffff00000000", 0)); + test_int_eq(0xffffffff00000000LL, settings_value_as_uint64("18446744069414584320", 0)); + test_int_eq(0xffffffff00000001LL, settings_value_as_uint64("18446744069414584321", 0)); +} +END_TEST + START_SETUP(setup_double_config) { create_settings(chunk_from_str( @@ -1158,6 +1178,10 @@ Suite *settings_suite_create() tcase_add_test(tc, test_set_int); suite_add_tcase(s, tc); + tc = tcase_create("settings_value_as_uint64"); + tcase_add_test(tc, test_value_as_unit64); + suite_add_tcase(s, tc); + tc = tcase_create("get/set_double"); tcase_add_checked_fixture(tc, setup_double_config, teardown_config); tcase_add_test(tc, test_get_double); diff --git a/src/libstrongswan/tests/suites/test_traffic_selector.c b/src/libstrongswan/tests/suites/test_traffic_selector.c index bec32d2d8..5c0fb754d 100644 --- a/src/libstrongswan/tests/suites/test_traffic_selector.c +++ b/src/libstrongswan/tests/suites/test_traffic_selector.c @@ -770,17 +770,17 @@ START_TEST(test_printf_hook_hash) list = linked_list_create_with_items( traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 65535), NULL); - verify_list("10.1.0.0/16 ", NULL, list); + verify_list("10.1.0.0/16", NULL, list); list = linked_list_create_with_items( traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 65535), traffic_selector_create_from_cidr("10.1.0.1/32", IPPROTO_UDP, 1234, 1235), NULL); - verify_list("10.1.0.0/16 10.1.0.1/32[udp/1234-1235] ", "10.1.0.0/16 10.1.0.1/32[17/1234-1235] ", list); + verify_list("10.1.0.0/16 10.1.0.1/32[udp/1234-1235]", "10.1.0.0/16 10.1.0.1/32[17/1234-1235]", list); list = linked_list_create_with_items( traffic_selector_create_from_cidr("10.1.0.0/16", 0, 0, 65535), traffic_selector_create_from_string(IPPROTO_UDP, TS_IPV4_ADDR_RANGE, "10.1.0.1", 1234, "10.1.0.99", 1235), NULL); - verify_list("10.1.0.0/16 10.1.0.1..10.1.0.99[udp/1234-1235] ", "10.1.0.0/16 10.1.0.1..10.1.0.99[17/1234-1235] ", list); + verify_list("10.1.0.0/16 10.1.0.1..10.1.0.99[udp/1234-1235]", "10.1.0.0/16 10.1.0.1..10.1.0.99[17/1234-1235]", list); } END_TEST diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index b38f2cb52..104b0b2c0 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -789,9 +789,9 @@ static struct { {KEY_ECDSA, 256, { SIGN_ECDSA_WITH_SHA256_DER, SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }}, {KEY_ECDSA, 384, { SIGN_ECDSA_WITH_SHA384_DER, SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }}, {KEY_ECDSA, 512, { SIGN_ECDSA_WITH_SHA512_DER, SIGN_UNKNOWN }}, - {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA256, SIGN_BLISS_WITH_SHA384, SIGN_BLISS_WITH_SHA512, SIGN_UNKNOWN }}, - {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA384, SIGN_BLISS_WITH_SHA512, SIGN_UNKNOWN }}, - {KEY_BLISS, 256, { SIGN_BLISS_WITH_SHA512, SIGN_UNKNOWN }}, + {KEY_BLISS, 128, { SIGN_BLISS_WITH_SHA2_256, SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }}, + {KEY_BLISS, 192, { SIGN_BLISS_WITH_SHA2_384, SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }}, + {KEY_BLISS, 256, { SIGN_BLISS_WITH_SHA2_512, SIGN_UNKNOWN }}, }; START_TEST(test_signature_schemes_for_key) diff --git a/src/libstrongswan/AndroidConfigLocal.h b/src/libstrongswan/utils/compat/android.h index ae0e60633..b3ea9c475 100644 --- a/src/libstrongswan/AndroidConfigLocal.h +++ b/src/libstrongswan/utils/compat/android.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Tobias Brunner + * Copyright (C) 2010-2015 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -13,10 +13,19 @@ * for more details. */ +/** + * @defgroup android android + * @{ @ingroup compat + */ + +#ifndef ANDROID_H_ +#define ANDROID_H_ + /* stuff defined in AndroidConfig.h, which is included using the -include * command-line option, thus cannot be undefined using -U CFLAGS options. * the reason we have to undefine these flags in the first place, is that * AndroidConfig.h defines them as 0, which in turn means that they are * actually defined. */ - #undef HAVE_BACKTRACE + +#endif /** ANDROID_H_ @}*/ diff --git a/src/libstrongswan/utils/compat/windows.h b/src/libstrongswan/utils/compat/windows.h index fd4f1f196..f7e6207a5 100644 --- a/src/libstrongswan/utils/compat/windows.h +++ b/src/libstrongswan/utils/compat/windows.h @@ -221,6 +221,11 @@ static inline int setenv(const char *name, const char *value, int overwrite) #define RTLD_LAZY 1 /** + * Immediate binding, ignored on Windows + */ +#define RTLD_NOW 2 + +/** * Default handle targeting .exe */ #define RTLD_DEFAULT (NULL) diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index b4a4db802..47d72ee98 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -20,6 +20,7 @@ #include <unistd.h> #include <limits.h> #include <ctype.h> +#include <errno.h> #ifndef WIN32 # include <signal.h> #endif @@ -117,17 +118,35 @@ void wait_sigint() void wait_sigint() { sigset_t set; - int sig; sigemptyset(&set); sigaddset(&set, SIGINT); sigaddset(&set, SIGTERM); sigprocmask(SIG_BLOCK, &set, NULL); - sigwait(&set, &sig); + sigwaitinfo(&set, NULL); } -#endif +#ifndef HAVE_SIGWAITINFO +int sigwaitinfo(const sigset_t *set, void *info) +{ + int sig, err; + + if (info) + { /* we don't replicate siginfo_t, fail if anybody tries to use it */ + errno = EINVAL; + return -1; + } + err = sigwait(set, &sig); + if (err != 0) + { + errno = err; + sig = -1; + } + return sig; +} +#endif /* HAVE_SIGWAITINFO */ +#endif /* WIN32 */ #ifndef HAVE_CLOSEFROM /** diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h index acc15c42a..18b17b120 100644 --- a/src/libstrongswan/utils/utils.h +++ b/src/libstrongswan/utils/utils.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2014 Tobias Brunner + * Copyright (C) 2008-2015 Tobias Brunner * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -38,6 +38,7 @@ # include <netinet/in.h> # include <sched.h> # include <poll.h> +# include <signal.h> #endif #include "utils/types.h" @@ -56,6 +57,9 @@ #ifdef __APPLE__ # include "compat/apple.h" #endif +#ifdef __ANDROID__ +# include "compat/android.h" +#endif /** * Initialize utility functions @@ -148,6 +152,19 @@ void utils_deinit(); */ #define ignore_result(call) { if(call){}; } +#if !defined(HAVE_SIGWAITINFO) && !defined(WIN32) +/** + * Block and wait for a set of signals + * + * We don't replicate the functionality of siginfo_t. If info is not NULL + * -1 is returend and errno is set to EINVAL. + * + * @param set set of signals to wait for + * @param info must be NULL + */ +int sigwaitinfo(const sigset_t *set, void *info); +#endif + /** * Portable function to wait for SIGINT/SIGTERM (or equivalent). */ diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc.c b/src/libtnccs/plugins/tnc_imc/tnc_imc.c index 623da7f62..822df3f27 100644 --- a/src/libtnccs/plugins/tnc_imc/tnc_imc.c +++ b/src/libtnccs/plugins/tnc_imc/tnc_imc.c @@ -349,10 +349,16 @@ static private_tnc_imc_t* tnc_imc_create_empty(char *name) imc_t* tnc_imc_create(char *name, char *path) { private_tnc_imc_t *this; + int flag = RTLD_LAZY; this = tnc_imc_create_empty(name); - this->handle = dlopen(path, RTLD_LAZY); + if (lib->settings->get_bool(lib->settings, "%s.dlopen_use_rtld_now", + lib->ns, FALSE)) + { + flag = RTLD_NOW; + } + this->handle = dlopen(path, flag); if (!this->handle) { DBG1(DBG_TNC, "IMC \"%s\" failed to load: %s", name, dlerror()); diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv.c b/src/libtnccs/plugins/tnc_imv/tnc_imv.c index 039f1fcf1..9a0304172 100644 --- a/src/libtnccs/plugins/tnc_imv/tnc_imv.c +++ b/src/libtnccs/plugins/tnc_imv/tnc_imv.c @@ -345,10 +345,16 @@ static private_tnc_imv_t* tnc_imv_create_empty(char *name) imv_t* tnc_imv_create(char *name, char *path) { private_tnc_imv_t *this; + int flag = RTLD_LAZY; this = tnc_imv_create_empty(name); - this->handle = dlopen(path, RTLD_LAZY); + if (lib->settings->get_bool(lib->settings, "%s.dlopen_use_rtld_now", + lib->ns, FALSE)) + { + flag = RTLD_NOW; + } + this->handle = dlopen(path, flag); if (!this->handle) { DBG1(DBG_TNC, "IMV \"%s\" failed to load: %s", name, dlerror()); diff --git a/src/medsrv/Makefile.am b/src/medsrv/Makefile.am index 94ab0cf67..bee7ae1f0 100644 --- a/src/medsrv/Makefile.am +++ b/src/medsrv/Makefile.am @@ -35,11 +35,11 @@ templates/peer/list.cs medsrv_templates_staticdir = ${medsrv_templatesdir}/static medsrv_templates_static_DATA = templates/header.cs templates/footer.cs \ templates/static/style.css templates/static/strongswan.png \ -templates/static/favicon.ico templates/static/mootools.js templates/static/script.js +templates/static/favicon.ico EXTRA_DIST = templates/header.cs templates/footer.cs \ templates/static/style.css templates/static/strongswan.png \ -templates/static/favicon.ico templates/static/mootools.js templates/static/script.js \ +templates/static/favicon.ico \ templates/peer/add.cs templates/peer/edit.cs templates/peer/list.cs \ templates/user/login.cs templates/user/add.cs templates/user/edit.cs \ templates/user/help.cs diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in index 7265457f1..42830e186 100644 --- a/src/medsrv/Makefile.in +++ b/src/medsrv/Makefile.in @@ -466,11 +466,11 @@ templates/peer/list.cs medsrv_templates_staticdir = ${medsrv_templatesdir}/static medsrv_templates_static_DATA = templates/header.cs templates/footer.cs \ templates/static/style.css templates/static/strongswan.png \ -templates/static/favicon.ico templates/static/mootools.js templates/static/script.js +templates/static/favicon.ico EXTRA_DIST = templates/header.cs templates/footer.cs \ templates/static/style.css templates/static/strongswan.png \ -templates/static/favicon.ico templates/static/mootools.js templates/static/script.js \ +templates/static/favicon.ico \ templates/peer/add.cs templates/peer/edit.cs templates/peer/list.cs \ templates/user/login.cs templates/user/add.cs templates/user/edit.cs \ templates/user/help.cs diff --git a/src/medsrv/templates/peer/add.cs b/src/medsrv/templates/peer/add.cs index 28a994f7f..27fdf0685 100644 --- a/src/medsrv/templates/peer/add.cs +++ b/src/medsrv/templates/peer/add.cs @@ -6,7 +6,7 @@ <table class="peer"> <tr> <td><label for="alias">Alias</label></td> - <td><input type="text" id="alias" name="alias" class="focus" maxlength="30" value="<?cs var:alias ?>";"/></td> + <td><input type="text" id="alias" name="alias" autofocus maxlength="30" value="<?cs var:alias ?>";"/></td> </tr> <tr> <td valign="top"><label for="public_key">Public Key</label></td> diff --git a/src/medsrv/templates/peer/edit.cs b/src/medsrv/templates/peer/edit.cs index 76fb9dafc..942762b49 100644 --- a/src/medsrv/templates/peer/edit.cs +++ b/src/medsrv/templates/peer/edit.cs @@ -6,7 +6,7 @@ <table class="peer"> <tr> <td><label for="alias">Alias</label></td> - <td><input type="text" id="alias" name="alias" maxlength="30" class="focus" value="<?cs var:alias ?>"/></td> + <td><input type="text" id="alias" name="alias" maxlength="30" autofocus value="<?cs var:alias ?>"/></td> </tr> <tr> <td valign="top"><label for="public_key">Public Key</label></td> diff --git a/src/medsrv/templates/static/mootools.js b/src/medsrv/templates/static/mootools.js deleted file mode 100644 index d953a1c06..000000000 --- a/src/medsrv/templates/static/mootools.js +++ /dev/null @@ -1,341 +0,0 @@ -//MooTools, <http://mootools.net>, My Object Oriented (JavaScript) Tools. Copyright (c) 2006-2008 Valerio Proietti, <http://mad4milk.net>, MIT Style License. - -var MooTools={version:"1.2dev",build:""};var Native=function(J){J=J||{};var F=J.afterImplement||function(){};var G=J.generics;G=(G!==false);var H=J.legacy; -var E=J.initialize;var B=J.protect;var A=J.name;var C=E||H;C.constructor=Native;C.$family={name:"native"};if(H&&E){C.prototype=H.prototype;}C.prototype.constructor=C; -if(A){var D=A.toLowerCase();C.prototype.$family={name:D};Native.typize(C,D);}var I=function(M,K,N,L){if(!B||L||!M.prototype[K]){M.prototype[K]=N;}if(G){Native.genericize(M,K,B); -}F.call(M,K,N);return M;};C.implement=function(L,K,N){if(typeof L=="string"){return I(this,L,K,N);}for(var M in L){I(this,M,L[M],K);}return this;};C.alias=function(M,K,N){if(typeof M=="string"){M=this.prototype[M]; -if(M){I(this,K,M,N);}}else{for(var L in M){this.alias(L,M[L],K);}}return this;};return C;};Native.implement=function(D,C){for(var B=0,A=D.length;B<A;B++){D[B].implement(C); -}};Native.genericize=function(B,C,A){if((!A||!B[C])&&typeof B.prototype[C]=="function"){B[C]=function(){var D=Array.prototype.slice.call(arguments);return B.prototype[C].apply(D.shift(),D); -};}};Native.typize=function(A,B){if(!A.type){A.type=function(C){return($type(C)===B);};}};Native.alias=function(E,B,A,F){for(var D=0,C=E.length;D<C;D++){E[D].alias(B,A,F); -}};(function(B){for(var A in B){Native.typize(B[A],A);}})({"boolean":Boolean,"native":Native,object:Object});(function(B){for(var A in B){new Native({name:A,initialize:B[A],protect:true}); -}})({String:String,Function:Function,Number:Number,Array:Array,RegExp:RegExp,Date:Date});(function(B,A){for(var C=A.length;C--;C){Native.genericize(B,A[C],true); -}return arguments.callee;})(Array,["pop","push","reverse","shift","sort","splice","unshift","concat","join","slice","toString","valueOf","indexOf","lastIndexOf"])(String,["charAt","charCodeAt","concat","indexOf","lastIndexOf","match","replace","search","slice","split","substr","substring","toLowerCase","toUpperCase","valueOf"]); -function $chk(A){return !!(A||A===0);}function $clear(A){clearTimeout(A);clearInterval(A);return null;}function $defined(A){return(A!=undefined);}function $empty(){}function $arguments(A){return function(){return arguments[A]; -};}function $lambda(A){return(typeof A=="function")?A:function(){return A;};}function $extend(C,A){for(var B in (A||{})){C[B]=A[B];}return C;}function $unlink(C){var B; -switch($type(C)){case"object":B={};for(var E in C){B[E]=$unlink(C[E]);}break;case"hash":B=$unlink(C.getClean());break;case"array":B=[];for(var D=0,A=C.length; -D<A;D++){B[D]=$unlink(C[D]);}break;default:return C;}return B;}function $merge(){var E={};for(var D=0,A=arguments.length;D<A;D++){var B=arguments[D];if($type(B)!="object"){continue; -}for(var C in B){var G=B[C],F=E[C];E[C]=(F&&$type(G)=="object"&&$type(F)=="object")?$merge(F,G):$unlink(G);}}return E;}function $pick(){for(var B=0,A=arguments.length; -B<A;B++){if(arguments[B]!=undefined){return arguments[B];}}return null;}function $random(B,A){return Math.floor(Math.random()*(A-B+1)+B);}function $splat(B){var A=$type(B); -return(A)?((A!="array"&&A!="arguments")?[B]:B):[];}var $time=Date.now||function(){return new Date().getTime();};function $try(){for(var B=0,A=arguments.length; -B<A;B++){try{return arguments[B]();}catch(C){}}return null;}function $type(A){if(A==undefined){return false;}if(A.$family){return(A.$family.name=="number"&&!isFinite(A))?false:A.$family.name; -}if(A.nodeName){switch(A.nodeType){case 1:return"element";case 3:return(/\S/).test(A.nodeValue)?"textnode":"whitespace";}}else{if(typeof A.length=="number"){if(A.callee){return"arguments"; -}else{if(A.item){return"collection";}}}}return typeof A;}var Hash=new Native({name:"Hash",initialize:function(A){if($type(A)=="hash"){A=$unlink(A.getClean()); -}for(var B in A){this[B]=A[B];}return this;}});Hash.implement({getLength:function(){var B=0;for(var A in this){if(this.hasOwnProperty(A)){B++;}}return B; -},forEach:function(B,C){for(var A in this){if(this.hasOwnProperty(A)){B.call(C,this[A],A,this);}}},getClean:function(){var B={};for(var A in this){if(this.hasOwnProperty(A)){B[A]=this[A]; -}}return B;}});Hash.alias("forEach","each");function $H(A){return new Hash(A);}Array.implement({forEach:function(C,D){for(var B=0,A=this.length;B<A;B++){C.call(D,this[B],B,this); -}}});Array.alias("forEach","each");function $A(C){if(C.item){var D=[];for(var B=0,A=C.length;B<A;B++){D[B]=C[B];}return D;}return Array.prototype.slice.call(C); -}function $each(C,B,D){var A=$type(C);((A=="arguments"||A=="collection"||A=="array")?Array:Hash).each(C,B,D);}var Browser=new Hash({Engine:{name:"unknown",version:""},Platform:{name:(navigator.platform.match(/mac|win|linux/i)||["other"])[0].toLowerCase()},Features:{xpath:!!(document.evaluate),air:!!(window.runtime)},Plugins:{}}); -if(window.opera){Browser.Engine={name:"presto",version:(document.getElementsByClassName)?950:925};}else{if(window.ActiveXObject){Browser.Engine={name:"trident",version:(window.XMLHttpRequest)?5:4}; -}else{if(!navigator.taintEnabled){Browser.Engine={name:"webkit",version:(Browser.Features.xpath)?420:419};}else{if(document.getBoxObjectFor!=null){Browser.Engine={name:"gecko",version:(document.getElementsByClassName)?19:18}; -}}}}Browser.Engine[Browser.Engine.name]=Browser.Engine[Browser.Engine.name+Browser.Engine.version]=true;if(window.orientation!=undefined){Browser.Platform.name="ipod"; -}Browser.Platform[Browser.Platform.name]=true;Browser.Request=function(){return $try(function(){return new XMLHttpRequest();},function(){return new ActiveXObject("MSXML2.XMLHTTP"); -});};Browser.Features.xhr=!!(Browser.Request());Browser.Plugins.Flash=(function(){var A=($try(function(){return navigator.plugins["Shockwave Flash"].description; -},function(){return new ActiveXObject("ShockwaveFlash.ShockwaveFlash").GetVariable("$version");})||"0 r0").match(/\d+/g);return{version:parseInt(A[0]||0+"."+A[1]||0),build:parseInt(A[2]||0)}; -})();function $exec(B){if(!B){return B;}if(window.execScript){window.execScript(B);}else{var A=document.createElement("script");A.setAttribute("type","text/javascript"); -A.text=B;document.head.appendChild(A);document.head.removeChild(A);}return B;}Native.UID=1;var $uid=(Browser.Engine.trident)?function(A){return(A.uid||(A.uid=[Native.UID++]))[0]; -}:function(A){return A.uid||(A.uid=Native.UID++);};var Window=new Native({name:"Window",legacy:(Browser.Engine.trident)?null:window.Window,initialize:function(A){$uid(A); -if(!A.Element){A.Element=$empty;if(Browser.Engine.webkit){A.document.createElement("iframe");}A.Element.prototype=(Browser.Engine.webkit)?window["[[DOMElement.prototype]]"]:{}; -}return $extend(A,Window.Prototype);},afterImplement:function(B,A){window[B]=Window.Prototype[B]=A;}});Window.Prototype={$family:{name:"window"}};new Window(window); -var Document=new Native({name:"Document",legacy:(Browser.Engine.trident)?null:window.Document,initialize:function(A){$uid(A);A.head=A.getElementsByTagName("head")[0]; -A.html=A.getElementsByTagName("html")[0];A.window=A.defaultView||A.parentWindow;if(Browser.Engine.trident4){$try(function(){A.execCommand("BackgroundImageCache",false,true); -});}return $extend(A,Document.Prototype);},afterImplement:function(B,A){document[B]=Document.Prototype[B]=A;}});Document.Prototype={$family:{name:"document"}}; -new Document(document);Array.implement({every:function(C,D){for(var B=0,A=this.length;B<A;B++){if(!C.call(D,this[B],B,this)){return false;}}return true; -},filter:function(D,E){var C=[];for(var B=0,A=this.length;B<A;B++){if(D.call(E,this[B],B,this)){C.push(this[B]);}}return C;},clean:function(){return this.filter($defined); -},indexOf:function(C,D){var A=this.length;for(var B=(D<0)?Math.max(0,A+D):D||0;B<A;B++){if(this[B]===C){return B;}}return -1;},map:function(D,E){var C=[]; -for(var B=0,A=this.length;B<A;B++){C[B]=D.call(E,this[B],B,this);}return C;},some:function(C,D){for(var B=0,A=this.length;B<A;B++){if(C.call(D,this[B],B,this)){return true; -}}return false;},associate:function(C){var D={},B=Math.min(this.length,C.length);for(var A=0;A<B;A++){D[C[A]]=this[A];}return D;},link:function(C){var A={}; -for(var E=0,B=this.length;E<B;E++){for(var D in C){if(C[D](this[E])){A[D]=this[E];delete C[D];break;}}}return A;},contains:function(A,B){return this.indexOf(A,B)!=-1; -},extend:function(C){for(var B=0,A=C.length;B<A;B++){this.push(C[B]);}return this;},getLast:function(){return(this.length)?this[this.length-1]:null;},getRandom:function(){return(this.length)?this[$random(0,this.length-1)]:null; -},include:function(A){if(!this.contains(A)){this.push(A);}return this;},combine:function(C){for(var B=0,A=C.length;B<A;B++){this.include(C[B]);}return this; -},erase:function(B){for(var A=this.length;A--;A){if(this[A]===B){this.splice(A,1);}}return this;},empty:function(){this.length=0;return this;},flatten:function(){var D=[]; -for(var B=0,A=this.length;B<A;B++){var C=$type(this[B]);if(!C){continue;}D=D.concat((C=="array"||C=="collection"||C=="arguments")?Array.flatten(this[B]):this[B]); -}return D;},hexToRgb:function(B){if(this.length!=3){return null;}var A=this.map(function(C){if(C.length==1){C+=C;}return C.toInt(16);});return(B)?A:"rgb("+A+")"; -},rgbToHex:function(D){if(this.length<3){return null;}if(this.length==4&&this[3]==0&&!D){return"transparent";}var B=[];for(var A=0;A<3;A++){var C=(this[A]-0).toString(16); -B.push((C.length==1)?"0"+C:C);}return(D)?B:"#"+B.join("");}});Function.implement({extend:function(A){for(var B in A){this[B]=A[B];}return this;},create:function(B){var A=this; -B=B||{};return function(D){var C=B.arguments;C=(C!=undefined)?$splat(C):Array.slice(arguments,(B.event)?1:0);if(B.event){C=[D||window.event].extend(C); -}var E=function(){return A.apply(B.bind||null,C);};if(B.delay){return setTimeout(E,B.delay);}if(B.periodical){return setInterval(E,B.periodical);}if(B.attempt){return $try(E); -}return E();};},pass:function(A,B){return this.create({arguments:A,bind:B});},attempt:function(A,B){return this.create({arguments:A,bind:B,attempt:true})(); -},bind:function(B,A){return this.create({bind:B,arguments:A});},bindWithEvent:function(B,A){return this.create({bind:B,event:true,arguments:A});},delay:function(B,C,A){return this.create({delay:B,bind:C,arguments:A})(); -},periodical:function(A,C,B){return this.create({periodical:A,bind:C,arguments:B})();},run:function(A,B){return this.apply(B,$splat(A));}});Number.implement({limit:function(B,A){return Math.min(A,Math.max(B,this)); -},round:function(A){A=Math.pow(10,A||0);return Math.round(this*A)/A;},times:function(B,C){for(var A=0;A<this;A++){B.call(C,A,this);}},toFloat:function(){return parseFloat(this); -},toInt:function(A){return parseInt(this,A||10);}});Number.alias("times","each");(function(B){var A={};B.each(function(C){if(!Number[C]){A[C]=function(){return Math[C].apply(null,[this].concat($A(arguments))); -};}});Number.implement(A);})(["abs","acos","asin","atan","atan2","ceil","cos","exp","floor","log","max","min","pow","sin","sqrt","tan"]);String.implement({test:function(A,B){return((typeof A=="string")?new RegExp(A,B):A).test(this); -},contains:function(A,B){return(B)?(B+this+B).indexOf(B+A+B)>-1:this.indexOf(A)>-1;},trim:function(){return this.replace(/^\s+|\s+$/g,"");},clean:function(){return this.replace(/\s+/g," ").trim(); -},camelCase:function(){return this.replace(/-\D/g,function(A){return A.charAt(1).toUpperCase();});},hyphenate:function(){return this.replace(/[A-Z]/g,function(A){return("-"+A.charAt(0).toLowerCase()); -});},capitalize:function(){return this.replace(/\b[a-z]/g,function(A){return A.toUpperCase();});},escapeRegExp:function(){return this.replace(/([-.*+?^${}()|[\]\/\\])/g,"\\$1"); -},toInt:function(A){return parseInt(this,A||10);},toFloat:function(){return parseFloat(this);},hexToRgb:function(B){var A=this.match(/^#?(\w{1,2})(\w{1,2})(\w{1,2})$/); -return(A)?A.slice(1).hexToRgb(B):null;},rgbToHex:function(B){var A=this.match(/\d{1,3}/g);return(A)?A.rgbToHex(B):null;},stripScripts:function(B){var A=""; -var C=this.replace(/<script[^>]*>([\s\S]*?)<\/script>/gi,function(){A+=arguments[1]+"\n";return"";});if(B===true){$exec(A);}else{if($type(B)=="function"){B(A,C); -}}return C;},substitute:function(A,B){return this.replace(B||(/\\?\{([^}]+)\}/g),function(D,C){if(D.charAt(0)=="\\"){return D.slice(1);}return(A[C]!=undefined)?A[C]:""; -});}});Hash.implement({has:Object.prototype.hasOwnProperty,keyOf:function(B){for(var A in this){if(this.hasOwnProperty(A)&&this[A]===B){return A;}}return null; -},hasValue:function(A){return(Hash.keyOf(this,A)!==null);},extend:function(A){Hash.each(A,function(C,B){Hash.set(this,B,C);},this);return this;},combine:function(A){Hash.each(A,function(C,B){Hash.include(this,B,C); -},this);return this;},erase:function(A){if(this.hasOwnProperty(A)){delete this[A];}return this;},get:function(A){return(this.hasOwnProperty(A))?this[A]:null; -},set:function(A,B){if(!this[A]||this.hasOwnProperty(A)){this[A]=B;}return this;},empty:function(){Hash.each(this,function(B,A){delete this[A];},this); -return this;},include:function(B,C){var A=this[B];if(A==undefined){this[B]=C;}return this;},map:function(B,C){var A=new Hash;Hash.each(this,function(E,D){A.set(D,B.call(C,E,D,this)); -},this);return A;},filter:function(B,C){var A=new Hash;Hash.each(this,function(E,D){if(B.call(C,E,D,this)){A.set(D,E);}},this);return A;},every:function(B,C){for(var A in this){if(this.hasOwnProperty(A)&&!B.call(C,this[A],A)){return false; -}}return true;},some:function(B,C){for(var A in this){if(this.hasOwnProperty(A)&&B.call(C,this[A],A)){return true;}}return false;},getKeys:function(){var A=[]; -Hash.each(this,function(C,B){A.push(B);});return A;},getValues:function(){var A=[];Hash.each(this,function(B){A.push(B);});return A;},toQueryString:function(A){var B=[]; -Hash.each(this,function(F,E){if(A){E=A+"["+E+"]";}var D;switch($type(F)){case"object":D=Hash.toQueryString(F,E);break;case"array":var C={};F.each(function(H,G){C[G]=H; -});D=Hash.toQueryString(C,E);break;default:D=E+"="+encodeURIComponent(F);}if(F!=undefined){B.push(D);}});return B.join("&");}});Hash.alias({keyOf:"indexOf",hasValue:"contains"}); -var Event=new Native({name:"Event",initialize:function(A,F){F=F||window;var K=F.document;A=A||F.event;if(A.$extended){return A;}this.$extended=true;var J=A.type; -var G=A.target||A.srcElement;while(G&&G.nodeType==3){G=G.parentNode;}if(J.test(/key/)){var B=A.which||A.keyCode;var M=Event.Keys.keyOf(B);if(J=="keydown"){var D=B-111; -if(D>0&&D<13){M="f"+D;}}M=M||String.fromCharCode(B).toLowerCase();}else{if(J.match(/(click|mouse|menu)/i)){K=(!K.compatMode||K.compatMode=="CSS1Compat")?K.html:K.body; -var I={x:A.pageX||A.clientX+K.scrollLeft,y:A.pageY||A.clientY+K.scrollTop};var C={x:(A.pageX)?A.pageX-F.pageXOffset:A.clientX,y:(A.pageY)?A.pageY-F.pageYOffset:A.clientY}; -if(J.match(/DOMMouseScroll|mousewheel/)){var H=(A.wheelDelta)?A.wheelDelta/120:-(A.detail||0)/3;}var E=(A.which==3)||(A.button==2);var L=null;if(J.match(/over|out/)){switch(J){case"mouseover":L=A.relatedTarget||A.fromElement; -break;case"mouseout":L=A.relatedTarget||A.toElement;}if(!(function(){while(L&&L.nodeType==3){L=L.parentNode;}return true;}).create({attempt:Browser.Engine.gecko})()){L=false; -}}}}return $extend(this,{event:A,type:J,page:I,client:C,rightClick:E,wheel:H,relatedTarget:L,target:G,code:B,key:M,shift:A.shiftKey,control:A.ctrlKey,alt:A.altKey,meta:A.metaKey}); -}});Event.Keys=new Hash({enter:13,up:38,down:40,left:37,right:39,esc:27,space:32,backspace:8,tab:9,"delete":46});Event.implement({stop:function(){return this.stopPropagation().preventDefault(); -},stopPropagation:function(){if(this.event.stopPropagation){this.event.stopPropagation();}else{this.event.cancelBubble=true;}return this;},preventDefault:function(){if(this.event.preventDefault){this.event.preventDefault(); -}else{this.event.returnValue=false;}return this;}});var Class=new Native({name:"Class",initialize:function(B){B=B||{};var A=function(E){for(var D in this){this[D]=$unlink(this[D]); -}for(var F in Class.Mutators){if(!this[F]){continue;}Class.Mutators[F](this,this[F]);delete this[F];}this.constructor=A;if(E===$empty){return this;}var C=(this.initialize)?this.initialize.apply(this,arguments):this; -if(this.options&&this.options.initialize){this.options.initialize.call(this);}return C;};$extend(A,this);A.constructor=Class;A.prototype=B;return A;}}); -Class.implement({implement:function(){Class.Mutators.Implements(this.prototype,Array.slice(arguments));return this;}});Class.Mutators={Implements:function(A,B){$splat(B).each(function(C){$extend(A,($type(C)=="class")?new C($empty):C); -});},Extends:function(self,klass){var instance=new klass($empty);delete instance.parent;delete instance.parentOf;for(var key in instance){var current=self[key],previous=instance[key]; -if(current==undefined){self[key]=previous;continue;}var ctype=$type(current),ptype=$type(previous);if(ctype!=ptype){continue;}switch(ctype){case"function":if(!arguments.callee.caller){self[key]=eval("("+String(current).replace(/\bthis\.parent\(\s*(\))?/g,function(full,close){return"arguments.callee._parent_.call(this"+(close||", "); -})+")");}self[key]._parent_=previous;break;case"object":self[key]=$merge(previous,current);}}self.parent=function(){return arguments.callee.caller._parent_.apply(this,arguments); -};self.parentOf=function(descendant){return descendant._parent_.apply(this,Array.slice(arguments,1));};}};var Chain=new Class({chain:function(){this.$chain=(this.$chain||[]).extend(arguments); -return this;},callChain:function(){return(this.$chain&&this.$chain.length)?this.$chain.shift().apply(this,arguments):false;},clearChain:function(){if(this.$chain){this.$chain.empty(); -}return this;}});var Events=new Class({addEvent:function(C,B,A){C=Events.removeOn(C);if(B!=$empty){this.$events=this.$events||{};this.$events[C]=this.$events[C]||[]; -this.$events[C].include(B);if(A){B.internal=true;}}return this;},addEvents:function(A){for(var B in A){this.addEvent(B,A[B]);}return this;},fireEvent:function(C,B,A){C=Events.removeOn(C); -if(!this.$events||!this.$events[C]){return this;}this.$events[C].each(function(D){D.create({bind:this,delay:A,"arguments":B})();},this);return this;},removeEvent:function(B,A){B=Events.removeOn(B); -if(!this.$events||!this.$events[B]){return this;}if(!A.internal){this.$events[B].erase(A);}return this;},removeEvents:function(C){for(var D in this.$events){if(C&&C!=D){continue; -}var B=this.$events[D];for(var A=B.length;A--;A){this.removeEvent(D,B[A]);}}return this;}});Events.removeOn=function(A){return A.replace(/^on([A-Z])/,function(B,C){return C.toLowerCase(); -});};var Options=new Class({setOptions:function(){this.options=$merge.run([this.options].extend(arguments));if(!this.addEvent){return this;}for(var A in this.options){if($type(this.options[A])!="function"||!(/^on[A-Z]/).test(A)){continue; -}this.addEvent(A,this.options[A]);delete this.options[A];}return this;}});Document.implement({newElement:function(A,B){if(Browser.Engine.trident&&B){["name","type","checked"].each(function(C){if(!B[C]){return ; -}A+=" "+C+'="'+B[C]+'"';if(C!="checked"){delete B[C];}});A="<"+A+">";}return $.element(this.createElement(A)).set(B);},newTextNode:function(A){return this.createTextNode(A); -},getDocument:function(){return this;},getWindow:function(){return this.defaultView||this.parentWindow;},purge:function(){var C=this.getElementsByTagName("*"); -for(var B=0,A=C.length;B<A;B++){Browser.freeMem(C[B]);}}});var Element=new Native({name:"Element",legacy:window.Element,initialize:function(A,B){var C=Element.Constructors.get(A); -if(C){return C(B);}if(typeof A=="string"){return document.newElement(A,B);}return $(A).set(B);},afterImplement:function(A,B){if(!Array[A]){Elements.implement(A,Elements.multi(A)); -}Element.Prototype[A]=B;}});Element.Prototype={$family:{name:"element"}};Element.Constructors=new Hash;var IFrame=new Native({name:"IFrame",generics:false,initialize:function(){var E=Array.link(arguments,{properties:Object.type,iframe:$defined}); -var C=E.properties||{};var B=$(E.iframe)||false;var D=C.onload||$empty;delete C.onload;C.id=C.name=$pick(C.id,C.name,B.id,B.name,"IFrame_"+$time());B=new Element(B||"iframe",C); -var A=function(){var F=$try(function(){return B.contentWindow.location.host;});if(F&&F==window.location.host){var H=new Window(B.contentWindow);var G=new Document(B.contentWindow.document); -$extend(H.Element.prototype,Element.Prototype);}D.call(B.contentWindow,B.contentWindow.document);};(!window.frames[C.id])?B.addListener("load",A):A();return B; -}});var Elements=new Native({initialize:function(F,B){B=$extend({ddup:true,cash:true},B);F=F||[];if(B.ddup||B.cash){var G={},E=[];for(var C=0,A=F.length; -C<A;C++){var D=$.element(F[C],!B.cash);if(B.ddup){if(G[D.uid]){continue;}G[D.uid]=true;}E.push(D);}F=E;}return(B.cash)?$extend(F,this):F;}});Elements.implement({filter:function(A,B){if(!A){return this; -}return new Elements(Array.filter(this,(typeof A=="string")?function(C){return C.match(A);}:A,B));}});Elements.multi=function(A){return function(){var B=[]; -var F=true;for(var D=0,C=this.length;D<C;D++){var E=this[D][A].apply(this[D],arguments);B.push(E);if(F){F=($type(E)=="element");}}return(F)?new Elements(B):B; -};};Window.implement({$:function(B,C){if(B&&B.$family&&B.uid){return B;}var A=$type(B);return($[A])?$[A](B,C,this.document):null;},$$:function(A){if(arguments.length==1&&typeof A=="string"){return this.document.getElements(A); -}var F=[];var C=Array.flatten(arguments);for(var D=0,B=C.length;D<B;D++){var E=C[D];switch($type(E)){case"element":E=[E];break;case"string":E=this.document.getElements(E,true); -break;default:E=false;}if(E){F.extend(E);}}return new Elements(F);},getDocument:function(){return this.document;},getWindow:function(){return this;}}); -$.string=function(C,B,A){C=A.getElementById(C);return(C)?$.element(C,B):null;};$.element=function(A,D){$uid(A);if(!D&&!A.$family&&!(/^object|embed$/i).test(A.tagName)){var B=Element.Prototype; -for(var C in B){A[C]=B[C];}}return A;};$.object=function(B,C,A){if(B.toElement){return $.element(B.toElement(A),C);}return null;};$.textnode=$.whitespace=$.window=$.document=$arguments(0); -Native.implement([Element,Document],{getElement:function(A,B){return $(this.getElements(A,true)[0]||null,B);},getElements:function(A,D){A=A.split(","); -var C=[];var B=(A.length>1);A.each(function(E){var F=this.getElementsByTagName(E.trim());(B)?C.extend(F):C=F;},this);return new Elements(C,{ddup:B,cash:!D}); -}});Element.Storage={get:function(A){return(this[A]||(this[A]={}));}};Element.Inserters=new Hash({before:function(B,A){if(A.parentNode){A.parentNode.insertBefore(B,A); -}},after:function(B,A){if(!A.parentNode){return ;}var C=A.nextSibling;(C)?A.parentNode.insertBefore(B,C):A.parentNode.appendChild(B);},bottom:function(B,A){A.appendChild(B); -},top:function(B,A){var C=A.firstChild;(C)?A.insertBefore(B,C):A.appendChild(B);}});Element.Inserters.inside=Element.Inserters.bottom;Element.Inserters.each(function(C,B){var A=B.capitalize(); -Element.implement("inject"+A,function(D){C(this,$(D,true));return this;});Element.implement("grab"+A,function(D){C($(D,true),this);return this;});});Element.implement({getDocument:function(){return this.ownerDocument; -},getWindow:function(){return this.ownerDocument.getWindow();},getElementById:function(D,C){var B=this.ownerDocument.getElementById(D);if(!B){return null; -}for(var A=B.parentNode;A!=this;A=A.parentNode){if(!A){return null;}}return $.element(B,C);},set:function(D,B){switch($type(D)){case"object":for(var C in D){this.set(C,D[C]); -}break;case"string":var A=Element.Properties.get(D);(A&&A.set)?A.set.apply(this,Array.slice(arguments,1)):this.setProperty(D,B);}return this;},get:function(B){var A=Element.Properties.get(B); -return(A&&A.get)?A.get.apply(this,Array.slice(arguments,1)):this.getProperty(B);},erase:function(B){var A=Element.Properties.get(B);(A&&A.erase)?A.erase.apply(this,Array.slice(arguments,1)):this.removeProperty(B); -return this;},match:function(A){return(!A||Element.get(this,"tag")==A);},inject:function(B,A){Element.Inserters.get(A||"bottom")(this,$(B,true));return this; -},wraps:function(B,A){B=$(B,true);return this.replaces(B).grab(B,A);},grab:function(B,A){Element.Inserters.get(A||"bottom")($(B,true),this);return this; -},appendText:function(B,A){return this.grab(this.getDocument().newTextNode(B),A);},adopt:function(){Array.flatten(arguments).each(function(A){A=$(A,true); -if(A){this.appendChild(A);}},this);return this;},dispose:function(){return(this.parentNode)?this.parentNode.removeChild(this):this;},clone:function(D,C){switch($type(this)){case"element":var H={}; -for(var G=0,E=this.attributes.length;G<E;G++){var B=this.attributes[G],L=B.nodeName.toLowerCase();if(Browser.Engine.trident&&(/input/i).test(this.tagName)&&(/width|height/).test(L)){continue; -}var K=(L=="style"&&this.style)?this.style.cssText:B.nodeValue;if(!$chk(K)||L=="uid"||(L=="id"&&!C)){continue;}if(K!="inherit"&&["string","number"].contains($type(K))){H[L]=K; -}}var J=new Element(this.nodeName.toLowerCase(),H);if(D!==false){for(var I=0,F=this.childNodes.length;I<F;I++){var A=Element.clone(this.childNodes[I],true,C); -if(A){J.grab(A);}}}return J;case"textnode":return document.newTextNode(this.nodeValue);}return null;},replaces:function(A){A=$(A,true);A.parentNode.replaceChild(this,A); -return this;},hasClass:function(A){return this.className.contains(A," ");},addClass:function(A){if(!this.hasClass(A)){this.className=(this.className+" "+A).clean(); -}return this;},removeClass:function(A){this.className=this.className.replace(new RegExp("(^|\\s)"+A+"(?:\\s|$)"),"$1").clean();return this;},toggleClass:function(A){return this.hasClass(A)?this.removeClass(A):this.addClass(A); -},getComputedStyle:function(B){if(this.currentStyle){return this.currentStyle[B.camelCase()];}var A=this.getWindow().getComputedStyle(this,null);return(A)?A.getPropertyValue([B.hyphenate()]):null; -},empty:function(){$A(this.childNodes).each(function(A){Browser.freeMem(A);Element.empty(A);Element.dispose(A);},this);return this;},destroy:function(){Browser.freeMem(this.empty().dispose()); -return null;},getSelected:function(){return new Elements($A(this.options).filter(function(A){return A.selected;}));},toQueryString:function(){var A=[]; -this.getElements("input, select, textarea").each(function(B){if(!B.name||B.disabled){return ;}var C=(B.tagName.toLowerCase()=="select")?Element.getSelected(B).map(function(D){return D.value; -}):((B.type=="radio"||B.type=="checkbox")&&!B.checked)?null:B.value;$splat(C).each(function(D){if(D){A.push(B.name+"="+encodeURIComponent(D));}});});return A.join("&"); -},getProperty:function(C){var B=Element.Attributes,A=B.Props[C];var D=(A)?this[A]:this.getAttribute(C,2);return(B.Bools[C])?!!D:(A)?D:D||null;},getProperties:function(){var A=$A(arguments); -return A.map(function(B){return this.getProperty(B);},this).associate(A);},setProperty:function(D,E){var C=Element.Attributes,B=C.Props[D],A=$defined(E); -if(B&&C.Bools[D]){E=(E||!A)?true:false;}else{if(!A){return this.removeProperty(D);}}(B)?this[B]=E:this.setAttribute(D,E);return this;},setProperties:function(A){for(var B in A){this.setProperty(B,A[B]); -}return this;},removeProperty:function(D){var C=Element.Attributes,B=C.Props[D],A=(B&&C.Bools[D]);(B)?this[B]=(A)?false:"":this.removeAttribute(D);return this; -},removeProperties:function(){Array.each(arguments,this.removeProperty,this);return this;}});(function(){var A=function(D,B,I,C,F,H){var E=D[I||B];var G=[]; -while(E){if(E.nodeType==1&&(!C||Element.match(E,C))){G.push(E);if(!F){break;}}E=E[B];}return(F)?new Elements(G,{ddup:false,cash:!H}):$(G[0],H);};Element.implement({getPrevious:function(B,C){return A(this,"previousSibling",null,B,false,C); -},getAllPrevious:function(B,C){return A(this,"previousSibling",null,B,true,C);},getNext:function(B,C){return A(this,"nextSibling",null,B,false,C);},getAllNext:function(B,C){return A(this,"nextSibling",null,B,true,C); -},getFirst:function(B,C){return A(this,"nextSibling","firstChild",B,false,C);},getLast:function(B,C){return A(this,"previousSibling","lastChild",B,false,C); -},getParent:function(B,C){return A(this,"parentNode",null,B,false,C);},getParents:function(B,C){return A(this,"parentNode",null,B,true,C);},getChildren:function(B,C){return A(this,"nextSibling","firstChild",B,true,C); -},hasChild:function(B){B=$(B,true);return(!!B&&$A(this.getElementsByTagName(B.tagName)).contains(B));}});})();Element.Properties=new Hash;Element.Properties.style={set:function(A){this.style.cssText=A; -},get:function(){return this.style.cssText;},erase:function(){this.style.cssText="";}};Element.Properties.tag={get:function(){return this.tagName.toLowerCase(); -}};Element.Properties.href={get:function(){return(!this.href)?null:this.href.replace(new RegExp("^"+document.location.protocol+"//"+document.location.host),""); -}};Element.Properties.html={set:function(){return this.innerHTML=Array.flatten(arguments).join("");}};Native.implement([Element,Window,Document],{addListener:function(B,A){if(this.addEventListener){this.addEventListener(B,A,false); -}else{this.attachEvent("on"+B,A);}return this;},removeListener:function(B,A){if(this.removeEventListener){this.removeEventListener(B,A,false);}else{this.detachEvent("on"+B,A); -}return this;},retrieve:function(B,A){var D=Element.Storage.get(this.uid);var C=D[B];if($defined(A)&&!$defined(C)){C=D[B]=A;}return $pick(C);},store:function(B,A){var C=Element.Storage.get(this.uid); -C[B]=A;return this;},eliminate:function(A){var B=Element.Storage.get(this.uid);delete B[A];return this;}});Element.Attributes=new Hash({Props:{html:"innerHTML","class":"className","for":"htmlFor",text:(Browser.Engine.trident)?"innerText":"textContent"},Bools:["compact","nowrap","ismap","declare","noshade","checked","disabled","readonly","multiple","selected","noresize","defer"],Camels:["value","accessKey","cellPadding","cellSpacing","colSpan","frameBorder","maxLength","readOnly","rowSpan","tabIndex","useMap"]}); -Browser.freeMem=function(A){if(!A){return ;}if(Browser.Engine.trident&&(/object/i).test(A.tagName)){for(var B in A){if(typeof A[B]=="function"){A[B]=$empty; -}}Element.dispose(A);}if(A.uid&&A.removeEvents){A.removeEvents();}};(function(B){var C=B.Bools,A=B.Camels;B.Bools=C=C.associate(C);Hash.extend(Hash.combine(B.Props,C),A.associate(A.map(function(D){return D.toLowerCase(); -})));B.erase("Camels");})(Element.Attributes);window.addListener("unload",function(){window.removeListener("unload",arguments.callee);document.purge(); -if(Browser.Engine.trident){CollectGarbage();}});Element.Properties.events={set:function(A){this.addEvents(A);}};Native.implement([Element,Window,Document],{addEvent:function(E,G){var H=this.retrieve("events",{}); -H[E]=H[E]||{keys:[],values:[]};if(H[E].keys.contains(G)){return this;}H[E].keys.push(G);var F=E,A=Element.Events.get(E),C=G,I=this;if(A){if(A.onAdd){A.onAdd.call(this,G); -}if(A.condition){C=function(J){if(A.condition.call(this,J)){return G.call(this,J);}return false;};}F=A.base||F;}var D=function(){return G.call(I);};var B=Element.NativeEvents[F]||0; -if(B){if(B==2){D=function(J){J=new Event(J,I.getWindow());if(C.call(I,J)===false){J.stop();}};}this.addListener(F,D);}H[E].values.push(D);return this;},removeEvent:function(D,C){var B=this.retrieve("events"); -if(!B||!B[D]){return this;}var G=B[D].keys.indexOf(C);if(G==-1){return this;}var A=B[D].keys.splice(G,1)[0];var F=B[D].values.splice(G,1)[0];var E=Element.Events.get(D); -if(E){if(E.onRemove){E.onRemove.call(this,C);}D=E.base||D;}return(Element.NativeEvents[D])?this.removeListener(D,F):this;},addEvents:function(A){for(var B in A){this.addEvent(B,A[B]); -}return this;},removeEvents:function(B){var A=this.retrieve("events");if(!A){return this;}if(!B){for(var C in A){this.removeEvents(C);}A=null;}else{if(A[B]){while(A[B].keys[0]){this.removeEvent(B,A[B].keys[0]); -}A[B]=null;}}return this;},fireEvent:function(D,B,A){var C=this.retrieve("events");if(!C||!C[D]){return this;}C[D].keys.each(function(E){E.create({bind:this,delay:A,"arguments":B})(); -},this);return this;},cloneEvents:function(D,A){D=$(D);var C=D.retrieve("events");if(!C){return this;}if(!A){for(var B in C){this.cloneEvents(D,B);}}else{if(C[A]){C[A].keys.each(function(E){this.addEvent(A,E); -},this);}}return this;}});Element.NativeEvents={click:2,dblclick:2,mouseup:2,mousedown:2,contextmenu:2,mousewheel:2,DOMMouseScroll:2,mouseover:2,mouseout:2,mousemove:2,selectstart:2,selectend:2,keydown:2,keypress:2,keyup:2,focus:2,blur:2,change:2,reset:2,select:2,submit:2,load:1,unload:1,beforeunload:2,resize:1,move:1,DOMContentLoaded:1,readystatechange:1,error:1,abort:1,scroll:1}; -(function(){var A=function(B){var C=B.relatedTarget;if(C==undefined){return true;}if(C===false){return false;}return($type(this)!="document"&&C!=this&&C.prefix!="xul"&&!this.hasChild(C)); -};Element.Events=new Hash({mouseenter:{base:"mouseover",condition:A},mouseleave:{base:"mouseout",condition:A},mousewheel:{base:(Browser.Engine.gecko)?"DOMMouseScroll":"mousewheel"}}); -})();Element.Properties.styles={set:function(A){this.setStyles(A);}};Element.Properties.opacity={set:function(A,B){if(!B){if(A==0){if(this.style.visibility!="hidden"){this.style.visibility="hidden"; -}}else{if(this.style.visibility!="visible"){this.style.visibility="visible";}}}if(!this.currentStyle||!this.currentStyle.hasLayout){this.style.zoom=1;}if(Browser.Engine.trident){this.style.filter=(A==1)?"":"alpha(opacity="+A*100+")"; -}this.style.opacity=A;this.store("opacity",A);},get:function(){return this.retrieve("opacity",1);}};Element.implement({setOpacity:function(A){return this.set("opacity",A,true); -},getOpacity:function(){return this.get("opacity");},setStyle:function(B,A){switch(B){case"opacity":return this.set("opacity",parseFloat(A));case"float":B=(Browser.Engine.trident)?"styleFloat":"cssFloat"; -}B=B.camelCase();if($type(A)!="string"){var C=(Element.Styles.get(B)||"@").split(" ");A=$splat(A).map(function(E,D){if(!C[D]){return"";}return($type(E)=="number")?C[D].replace("@",Math.round(E)):E; -}).join(" ");}else{if(A==String(Number(A))){A=Math.round(A);}}this.style[B]=A;return this;},getStyle:function(G){switch(G){case"opacity":return this.get("opacity"); -case"float":G=(Browser.Engine.trident)?"styleFloat":"cssFloat";}G=G.camelCase();var A=this.style[G];if(!$chk(A)){A=[];for(var F in Element.ShortStyles){if(G!=F){continue; -}for(var E in Element.ShortStyles[F]){A.push(this.getStyle(E));}return A.join(" ");}A=this.getComputedStyle(G);}if(A){A=String(A);var C=A.match(/rgba?\([\d\s,]+\)/); -if(C){A=A.replace(C[0],C[0].rgbToHex());}}if(Browser.Engine.presto||(Browser.Engine.trident&&!$chk(parseInt(A)))){if(G.test(/^(height|width)$/)){var B=(G=="width")?["left","right"]:["top","bottom"],D=0; -B.each(function(H){D+=this.getStyle("border-"+H+"-width").toInt()+this.getStyle("padding-"+H).toInt();},this);return this["offset"+G.capitalize()]-D+"px"; -}if(Browser.Engine.presto&&String(A).test("px")){return A;}if(G.test(/(border(.+)Width|margin|padding)/)){return"0px";}}return A;},setStyles:function(B){for(var A in B){this.setStyle(A,B[A]); -}return this;},getStyles:function(){var A={};Array.each(arguments,function(B){A[B]=this.getStyle(B);},this);return A;}});Element.Styles=new Hash({left:"@px",top:"@px",bottom:"@px",right:"@px",width:"@px",height:"@px",maxWidth:"@px",maxHeight:"@px",minWidth:"@px",minHeight:"@px",backgroundColor:"rgb(@, @, @)",backgroundPosition:"@px @px",color:"rgb(@, @, @)",fontSize:"@px",letterSpacing:"@px",lineHeight:"@px",clip:"rect(@px @px @px @px)",margin:"@px @px @px @px",padding:"@px @px @px @px",border:"@px @ rgb(@, @, @) @px @ rgb(@, @, @) @px @ rgb(@, @, @)",borderWidth:"@px @px @px @px",borderStyle:"@ @ @ @",borderColor:"rgb(@, @, @) rgb(@, @, @) rgb(@, @, @) rgb(@, @, @)",zIndex:"@",zoom:"@",fontWeight:"@",textIndent:"@px",opacity:"@"}); -Element.ShortStyles={margin:{},padding:{},border:{},borderWidth:{},borderStyle:{},borderColor:{}};["Top","Right","Bottom","Left"].each(function(G){var F=Element.ShortStyles; -var B=Element.Styles;["margin","padding"].each(function(H){var I=H+G;F[H][I]=B[I]="@px";});var E="border"+G;F.border[E]=B[E]="@px @ rgb(@, @, @)";var D=E+"Width",A=E+"Style",C=E+"Color"; -F[E]={};F.borderWidth[D]=F[E][D]=B[D]="@px";F.borderStyle[A]=F[E][A]=B[A]="@";F.borderColor[C]=F[E][C]=B[C]="rgb(@, @, @)";});(function(){Element.implement({scrollTo:function(H,I){if(B(this)){this.getWindow().scrollTo(H,I); -}else{this.scrollLeft=H;this.scrollTop=I;}return this;},getSize:function(){if(B(this)){return this.getWindow().getSize();}return{x:this.offsetWidth,y:this.offsetHeight}; -},getScrollSize:function(){if(B(this)){return this.getWindow().getScrollSize();}return{x:this.scrollWidth,y:this.scrollHeight};},getScroll:function(){if(B(this)){return this.getWindow().getScroll(); -}return{x:this.scrollLeft,y:this.scrollTop};},getScrolls:function(){var I=this,H={x:0,y:0};while(I&&!B(I)){H.x+=I.scrollLeft;H.y+=I.scrollTop;I=I.parentNode; -}return H;},getOffsetParent:function(){var H=this;if(B(H)){return null;}if(!Browser.Engine.trident){return H.offsetParent;}while((H=H.parentNode)&&!B(H)){if(D(H,"position")!="static"){return H; -}}return null;},getOffsets:function(){var I=this,H={x:0,y:0};if(B(this)){return H;}while(I&&!B(I)){H.x+=I.offsetLeft;H.y+=I.offsetTop;if(Browser.Engine.gecko){if(!F(I)){H.x+=C(I); -H.y+=G(I);}var J=I.parentNode;if(J&&D(J,"overflow")!="visible"){H.x+=C(J);H.y+=G(J);}}else{if(I!=this&&(Browser.Engine.trident||Browser.Engine.webkit)){H.x+=C(I); -H.y+=G(I);}}I=I.offsetParent;if(Browser.Engine.trident){while(I&&!I.currentStyle.hasLayout){I=I.offsetParent;}}}if(Browser.Engine.gecko&&!F(this)){H.x-=C(this); -H.y-=G(this);}return H;},getPosition:function(K){if(B(this)){return{x:0,y:0};}var L=this.getOffsets(),I=this.getScrolls();var H={x:L.x-I.x,y:L.y-I.y};var J=(K&&(K=$(K)))?K.getPosition():{x:0,y:0}; -return{x:H.x-J.x,y:H.y-J.y};},getCoordinates:function(J){if(B(this)){return this.getWindow().getCoordinates();}var H=this.getPosition(J),I=this.getSize(); -var K={left:H.x,top:H.y,width:I.x,height:I.y};K.right=K.left+K.width;K.bottom=K.top+K.height;return K;},computePosition:function(H){return{left:H.x-E(this,"margin-left"),top:H.y-E(this,"margin-top")}; -},position:function(H){return this.setStyles(this.computePosition(H));}});Native.implement([Document,Window],{getSize:function(){var I=this.getWindow(); -if(Browser.Engine.presto||Browser.Engine.webkit){return{x:I.innerWidth,y:I.innerHeight};}var H=A(this);return{x:H.clientWidth,y:H.clientHeight};},getScroll:function(){var I=this.getWindow(); -var H=A(this);return{x:I.pageXOffset||H.scrollLeft,y:I.pageYOffset||H.scrollTop};},getScrollSize:function(){var I=A(this);var H=this.getSize();return{x:Math.max(I.scrollWidth,H.x),y:Math.max(I.scrollHeight,H.y)}; -},getPosition:function(){return{x:0,y:0};},getCoordinates:function(){var H=this.getSize();return{top:0,left:0,bottom:H.y,right:H.x,height:H.y,width:H.x}; -}});var D=Element.getComputedStyle;function E(H,I){return D(H,I).toInt()||0;}function F(H){return D(H,"-moz-box-sizing")=="border-box";}function G(H){return E(H,"border-top-width"); -}function C(H){return E(H,"border-left-width");}function B(H){return(/^(?:body|html)$/i).test(H.tagName);}function A(H){var I=H.getDocument();return(!I.compatMode||I.compatMode=="CSS1Compat")?I.html:I.body; -}})();Native.implement([Window,Document,Element],{getHeight:function(){return this.getSize().y;},getWidth:function(){return this.getSize().x;},getScrollTop:function(){return this.getScroll().y; -},getScrollLeft:function(){return this.getScroll().x;},getScrollHeight:function(){return this.getScrollSize().y;},getScrollWidth:function(){return this.getScrollSize().x; -},getTop:function(){return this.getPosition().y;},getLeft:function(){return this.getPosition().x;}});Native.implement([Document,Element],{getElements:function(H,G){H=H.split(","); -var C,E={};for(var D=0,B=H.length;D<B;D++){var A=H[D],F=Selectors.Utils.search(this,A,E);if(D!=0&&F.item){F=$A(F);}C=(D==0)?F:(C.item)?$A(C).concat(F):C.concat(F); -}return new Elements(C,{ddup:(H.length>1),cash:!G});}});Element.implement({match:function(B){if(!B){return true;}var D=Selectors.Utils.parseTagAndID(B); -var A=D[0],E=D[1];if(!Selectors.Filters.byID(this,E)||!Selectors.Filters.byTag(this,A)){return false;}var C=Selectors.Utils.parseSelector(B);return(C)?Selectors.Utils.filter(this,C,{}):true; -}});var Selectors={Cache:{nth:{},parsed:{}}};Selectors.RegExps={id:(/#([\w-]+)/),tag:(/^(\w+|\*)/),quick:(/^(\w+|\*)$/),splitter:(/\s*([+>~\s])\s*([a-zA-Z#.*:\[])/g),combined:(/\.([\w-]+)|\[(\w+)(?:([!*^$~|]?=)["']?(.*?)["']?)?\]|:([\w-]+)(?:\(["']?(.*?)?["']?\)|$)/g)}; -Selectors.Utils={chk:function(B,C){if(!C){return true;}var A=$uid(B);if(!C[A]){return C[A]=true;}return false;},parseNthArgument:function(F){if(Selectors.Cache.nth[F]){return Selectors.Cache.nth[F]; -}var C=F.match(/^([+-]?\d*)?([a-z]+)?([+-]?\d*)?$/);if(!C){return false;}var E=parseInt(C[1]);var B=(E||E===0)?E:1;var D=C[2]||false;var A=parseInt(C[3])||0; -if(B!=0){A--;while(A<1){A+=B;}while(A>=B){A-=B;}}else{B=A;D="index";}switch(D){case"n":C={a:B,b:A,special:"n"};break;case"odd":C={a:2,b:0,special:"n"}; -break;case"even":C={a:2,b:1,special:"n"};break;case"first":C={a:0,special:"index"};break;case"last":C={special:"last-child"};break;case"only":C={special:"only-child"}; -break;default:C={a:(B-1),special:"index"};}return Selectors.Cache.nth[F]=C;},parseSelector:function(E){if(Selectors.Cache.parsed[E]){return Selectors.Cache.parsed[E]; -}var D,H={classes:[],pseudos:[],attributes:[]};while((D=Selectors.RegExps.combined.exec(E))){var I=D[1],G=D[2],F=D[3],B=D[4],C=D[5],J=D[6];if(I){H.classes.push(I); -}else{if(C){var A=Selectors.Pseudo.get(C);if(A){H.pseudos.push({parser:A,argument:J});}else{H.attributes.push({name:C,operator:"=",value:J});}}else{if(G){H.attributes.push({name:G,operator:F,value:B}); -}}}}if(!H.classes.length){delete H.classes;}if(!H.attributes.length){delete H.attributes;}if(!H.pseudos.length){delete H.pseudos;}if(!H.classes&&!H.attributes&&!H.pseudos){H=null; -}return Selectors.Cache.parsed[E]=H;},parseTagAndID:function(B){var A=B.match(Selectors.RegExps.tag);var C=B.match(Selectors.RegExps.id);return[(A)?A[1]:"*",(C)?C[1]:false]; -},filter:function(F,C,E){var D;if(C.classes){for(D=C.classes.length;D--;D){var G=C.classes[D];if(!Selectors.Filters.byClass(F,G)){return false;}}}if(C.attributes){for(D=C.attributes.length; -D--;D){var B=C.attributes[D];if(!Selectors.Filters.byAttribute(F,B.name,B.operator,B.value)){return false;}}}if(C.pseudos){for(D=C.pseudos.length;D--;D){var A=C.pseudos[D]; -if(!Selectors.Filters.byPseudo(F,A.parser,A.argument,E)){return false;}}}return true;},getByTagAndID:function(B,A,D){if(D){var C=(B.getElementById)?B.getElementById(D,true):Element.getElementById(B,D,true); -return(C&&Selectors.Filters.byTag(C,A))?[C]:[];}else{return B.getElementsByTagName(A);}},search:function(J,I,O){var B=[];var C=I.trim().replace(Selectors.RegExps.splitter,function(Z,Y,X){B.push(Y); -return":)"+X;}).split(":)");var K,F,E,V;for(var U=0,Q=C.length;U<Q;U++){var T=C[U];if(U==0&&Selectors.RegExps.quick.test(T)){K=J.getElementsByTagName(T); -continue;}var A=B[U-1];var L=Selectors.Utils.parseTagAndID(T);var W=L[0],M=L[1];if(U==0){K=Selectors.Utils.getByTagAndID(J,W,M);}else{var D={},H=[];for(var S=0,R=K.length; -S<R;S++){H=Selectors.Getters[A](H,K[S],W,M,D);}K=H;}var G=Selectors.Utils.parseSelector(T);if(G){E=[];for(var P=0,N=K.length;P<N;P++){V=K[P];if(Selectors.Utils.filter(V,G,O)){E.push(V); -}}K=E;}}return K;}};Selectors.Getters={" ":function(H,G,I,A,E){var D=Selectors.Utils.getByTagAndID(G,I,A);for(var C=0,B=D.length;C<B;C++){var F=D[C];if(Selectors.Utils.chk(F,E)){H.push(F); -}}return H;},">":function(H,G,I,A,F){var C=Selectors.Utils.getByTagAndID(G,I,A);for(var E=0,D=C.length;E<D;E++){var B=C[E];if(B.parentNode==G&&Selectors.Utils.chk(B,F)){H.push(B); -}}return H;},"+":function(C,B,A,E,D){while((B=B.nextSibling)){if(B.nodeType==1){if(Selectors.Utils.chk(B,D)&&Selectors.Filters.byTag(B,A)&&Selectors.Filters.byID(B,E)){C.push(B); -}break;}}return C;},"~":function(C,B,A,E,D){while((B=B.nextSibling)){if(B.nodeType==1){if(!Selectors.Utils.chk(B,D)){break;}if(Selectors.Filters.byTag(B,A)&&Selectors.Filters.byID(B,E)){C.push(B); -}}}return C;}};Selectors.Filters={byTag:function(B,A){return(A=="*"||(B.tagName&&B.tagName.toLowerCase()==A));},byID:function(A,B){return(!B||(A.id&&A.id==B)); -},byClass:function(B,A){return(B.className&&B.className.contains(A," "));},byPseudo:function(A,D,C,B){return D.call(A,C,B);},byAttribute:function(C,D,B,E){var A=Element.prototype.getProperty.call(C,D); -if(!A){return false;}if(!B||E==undefined){return true;}switch(B){case"=":return(A==E);case"*=":return(A.contains(E));case"^=":return(A.substr(0,E.length)==E); -case"$=":return(A.substr(A.length-E.length)==E);case"!=":return(A!=E);case"~=":return A.contains(E," ");case"|=":return A.contains(E,"-");}return false; -}};Selectors.Pseudo=new Hash({empty:function(){return !(this.innerText||this.textContent||"").length;},not:function(A){return !Element.match(this,A);},contains:function(A){return(this.innerText||this.textContent||"").contains(A); -},"first-child":function(){return Selectors.Pseudo.index.call(this,0);},"last-child":function(){var A=this;while((A=A.nextSibling)){if(A.nodeType==1){return false; -}}return true;},"only-child":function(){var B=this;while((B=B.previousSibling)){if(B.nodeType==1){return false;}}var A=this;while((A=A.nextSibling)){if(A.nodeType==1){return false; -}}return true;},"nth-child":function(G,E){G=(G==undefined)?"n":G;var C=Selectors.Utils.parseNthArgument(G);if(C.special!="n"){return Selectors.Pseudo[C.special].call(this,C.a,E); -}var F=0;E.positions=E.positions||{};var D=$uid(this);if(!E.positions[D]){var B=this;while((B=B.previousSibling)){if(B.nodeType!=1){continue;}F++;var A=E.positions[$uid(B)]; -if(A!=undefined){F=A+F;break;}}E.positions[D]=F;}return(E.positions[D]%C.a==C.b);},index:function(A){var B=this,C=0;while((B=B.previousSibling)){if(B.nodeType==1&&++C>A){return false; -}}return(C==A);},even:function(B,A){return Selectors.Pseudo["nth-child"].call(this,"2n+1",A);},odd:function(B,A){return Selectors.Pseudo["nth-child"].call(this,"2n",A); -}});Element.Events.domready={onAdd:function(A){if(Browser.loaded){A.call(this);}}};(function(){var B=function(){if(Browser.loaded){return ;}Browser.loaded=true; -window.fireEvent("domready");document.fireEvent("domready");};switch(Browser.Engine.name){case"webkit":(function(){(["loaded","complete"].contains(document.readyState))?B():arguments.callee.delay(50); -})();break;case"trident":var A=document.createElement("div");(function(){($try(function(){A.doScroll("left");return $(A).inject(document.body).set("html","temp").dispose(); -}))?B():arguments.callee.delay(50);})();break;default:window.addEvent("load",B);document.addEvent("DOMContentLoaded",B);}})();var JSON=new Hash({encode:function(B){switch($type(B)){case"string":return'"'+B.replace(/[\x00-\x1f\\"]/g,JSON.$replaceChars)+'"'; -case"array":return"["+String(B.map(JSON.encode).filter($defined))+"]";case"object":case"hash":var A=[];Hash.each(B,function(E,D){var C=JSON.encode(E);if(C){A.push(JSON.encode(D)+":"+C); -}});return"{"+A+"}";case"number":case"boolean":return String(B);case false:return"null";}return null;},$specialChars:{"\b":"\\b","\t":"\\t","\n":"\\n","\f":"\\f","\r":"\\r",'"':'\\"',"\\":"\\\\"},$replaceChars:function(A){return JSON.$specialChars[A]||"\\u00"+Math.floor(A.charCodeAt()/16).toString(16)+(A.charCodeAt()%16).toString(16); -},decode:function(string,secure){if($type(string)!="string"||!string.length){return null;}if(secure&&!(/^[,:{}\[\]0-9.\-+Eaeflnr-u \n\r\t]*$/).test(string.replace(/\\./g,"@").replace(/"[^"\\\n\r]*"/g,""))){return null; -}return eval("("+string+")");}});Native.implement([Hash,Array,String,Number],{toJSON:function(){return JSON.encode(this);}});var Cookie=new Class({Implements:Options,options:{path:false,domain:false,duration:false,secure:false,document:document},initialize:function(B,A){this.key=B; -this.setOptions(A);},write:function(B){B=encodeURIComponent(B);if(this.options.domain){B+="; domain="+this.options.domain;}if(this.options.path){B+="; path="+this.options.path; -}if(this.options.duration){var A=new Date();A.setTime(A.getTime()+this.options.duration*24*60*60*1000);B+="; expires="+A.toGMTString();}if(this.options.secure){B+="; secure"; -}this.options.document.cookie=this.key+"="+B;return this;},read:function(){var A=this.options.document.cookie.match("(?:^|;)\\s*"+this.key.escapeRegExp()+"=([^;]*)"); -return(A)?decodeURIComponent(A[1]):null;},dispose:function(){new Cookie(this.key,$merge(this.options,{duration:-1})).write("");return this;}});Cookie.write=function(B,C,A){return new Cookie(B,A).write(C); -};Cookie.read=function(A){return new Cookie(A).read();};Cookie.dispose=function(B,A){return new Cookie(B,A).dispose();};var Swiff=new Class({Implements:[Options],options:{id:null,height:1,width:1,container:null,properties:{},params:{quality:"high",allowScriptAccess:"always",wMode:"transparent",swLiveConnect:true},callBacks:{},vars:{}},toElement:function(){return this.object; -},initialize:function(L,M){this.instance="Swiff_"+$time();this.setOptions(M);M=this.options;var B=this.id=M.id||this.instance;var A=$(M.container);Swiff.CallBacks[this.instance]={}; -var E=M.params,G=M.vars,F=M.callBacks;var H=$extend({height:M.height,width:M.width},M.properties);var K=this;for(var D in F){Swiff.CallBacks[this.instance][D]=(function(N){return function(){return N.apply(K.object,arguments); -};})(F[D]);G[D]="Swiff.CallBacks."+this.instance+"."+D;}E.flashVars=Hash.toQueryString(G);if(Browser.Engine.trident){H.classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"; -E.movie=L;}else{H.type="application/x-shockwave-flash";H.data=L;}var J='<object id="'+B+'"';for(var I in H){J+=" "+I+'="'+H[I]+'"';}J+=">";for(var C in E){if(E[C]){J+='<param name="'+C+'" value="'+E[C]+'" />'; -}}J+="</object>";this.object=((A)?A.empty():new Element("div")).set("html",J).firstChild;},replaces:function(A){A=$(A,true);A.parentNode.replaceChild(this.toElement(),A); -return this;},inject:function(A){$(A,true).appendChild(this.toElement());return this;},remote:function(){return Swiff.remote.apply(Swiff,[this.toElement()].extend(arguments)); -}});Swiff.CallBacks={};Swiff.remote=function(obj,fn){var rs=obj.CallFunction('<invoke name="'+fn+'" returntype="javascript">'+__flash__argumentsToXML(arguments,2)+"</invoke>"); -return eval(rs);};var Fx=new Class({Implements:[Chain,Events,Options],options:{fps:50,unit:false,duration:500,link:"ignore",transition:function(A){return -(Math.cos(Math.PI*A)-1)/2; -}},initialize:function(A){this.subject=this.subject||this;this.setOptions(A);this.options.duration=Fx.Durations[this.options.duration]||this.options.duration.toInt(); -var B=this.options.wait;if(B===false){this.options.link="cancel";}},step:function(){var A=$time();if(A<this.time+this.options.duration){var B=this.options.transition((A-this.time)/this.options.duration); -this.set(this.compute(this.from,this.to,B));}else{this.set(this.compute(this.from,this.to,1));this.complete();}},set:function(A){return A;},compute:function(C,B,A){return Fx.compute(C,B,A); -},check:function(A){if(!this.timer){return true;}switch(this.options.link){case"cancel":this.cancel();return true;case"chain":this.chain(A.bind(this,Array.slice(arguments,1))); -return false;}return false;},start:function(B,A){if(!this.check(arguments.callee,B,A)){return this;}this.from=B;this.to=A;this.time=0;this.startTimer(); -this.onStart();return this;},complete:function(){if(this.stopTimer()){this.onComplete();}return this;},cancel:function(){if(this.stopTimer()){this.onCancel(); -}return this;},onStart:function(){this.fireEvent("start",this.subject);},onComplete:function(){this.fireEvent("complete",this.subject);if(!this.callChain()){this.fireEvent("chainComplete",this.subject); -}},onCancel:function(){this.fireEvent("cancel",this.subject).clearChain();},pause:function(){this.stopTimer();return this;},resume:function(){this.startTimer(); -return this;},stopTimer:function(){if(!this.timer){return false;}this.time=$time()-this.time;this.timer=$clear(this.timer);return true;},startTimer:function(){if(this.timer){return false; -}this.time=$time()-this.time;this.timer=this.step.periodical(Math.round(1000/this.options.fps),this);return true;}});Fx.compute=function(C,B,A){return(B-C)*A+C; -};Fx.Durations={"short":250,normal:500,"long":1000};Fx.CSS=new Class({Extends:Fx,prepare:function(D,E,B){B=$splat(B);var C=B[1];if(!$chk(C)){B[1]=B[0]; -B[0]=D.getStyle(E);}var A=B.map(this.parse);return{from:A[0],to:A[1]};},parse:function(A){A=$lambda(A)();A=(typeof A=="string")?A.split(" "):$splat(A); -return A.map(function(C){C=String(C);var B=false;Fx.CSS.Parsers.each(function(F,E){if(B){return ;}var D=F.parse(C);if($chk(D)){B={value:D,parser:F};}}); -B=B||{value:C,parser:Fx.CSS.Parsers.String};return B;});},compute:function(D,C,B){var A=[];(Math.min(D.length,C.length)).times(function(E){A.push({value:D[E].parser.compute(D[E].value,C[E].value,B),parser:D[E].parser}); -});A.$family={name:"fx:css:value"};return A;},serve:function(C,B){if($type(C)!="fx:css:value"){C=this.parse(C);}var A=[];C.each(function(D){A=A.concat(D.parser.serve(D.value,B)); -});return A;},render:function(A,D,C,B){A.setStyle(D,this.serve(C,B));},search:function(A){if(Fx.CSS.Cache[A]){return Fx.CSS.Cache[A];}var B={};Array.each(document.styleSheets,function(E,D){var C=E.href; -if(C&&C.contains("://")&&!C.contains(document.domain)){return ;}var F=E.rules||E.cssRules;Array.each(F,function(I,G){if(!I.style){return ;}var H=(I.selectorText)?I.selectorText.replace(/^\w+/,function(J){return J.toLowerCase(); -}):null;if(!H||!H.test("^"+A+"$")){return ;}Element.Styles.each(function(K,J){if(!I.style[J]||Element.ShortStyles[J]){return ;}K=String(I.style[J]);B[J]=(K.test(/^rgb/))?K.rgbToHex():K; -});});});return Fx.CSS.Cache[A]=B;}});Fx.CSS.Cache={};Fx.CSS.Parsers=new Hash({Color:{parse:function(A){if(A.match(/^#[0-9a-f]{3,6}$/i)){return A.hexToRgb(true); -}return((A=A.match(/(\d+),\s*(\d+),\s*(\d+)/)))?[A[1],A[2],A[3]]:false;},compute:function(C,B,A){return C.map(function(E,D){return Math.round(Fx.compute(C[D],B[D],A)); -});},serve:function(A){return A.map(Number);}},Number:{parse:parseFloat,compute:Fx.compute,serve:function(B,A){return(A)?B+A:B;}},String:{parse:$lambda(false),compute:$arguments(1),serve:$arguments(0)}}); -Fx.Tween=new Class({Extends:Fx.CSS,initialize:function(B,A){this.element=this.subject=$(B);this.parent(A);},set:function(B,A){if(arguments.length==1){A=B; -B=this.property||this.options.property;}this.render(this.element,B,A,this.options.unit);return this;},start:function(C,E,D){if(!this.check(arguments.callee,C,E,D)){return this; -}var B=Array.flatten(arguments);this.property=this.options.property||B.shift();var A=this.prepare(this.element,this.property,B);return this.parent(A.from,A.to); -}});Element.Properties.tween={set:function(A){var B=this.retrieve("tween");if(B){B.cancel();}return this.eliminate("tween").store("tween:options",$extend({link:"cancel"},A)); -},get:function(A){if(A||!this.retrieve("tween")){if(A||!this.retrieve("tween:options")){this.set("tween",A);}this.store("tween",new Fx.Tween(this,this.retrieve("tween:options"))); -}return this.retrieve("tween");}};Element.implement({tween:function(A,C,B){this.get("tween").start(arguments);return this;},fade:function(C){var E=this.get("tween"),D="opacity",A; -C=$pick(C,"toggle");switch(C){case"in":E.start(D,1);break;case"out":E.start(D,0);break;case"show":E.set(D,1);break;case"hide":E.set(D,0);break;case"toggle":var B=this.retrieve("fade:flag",this.get("opacity")==1); -E.start(D,(B)?0:1);this.store("fade:flag",!B);A=true;break;default:E.start(D,arguments);}if(!A){this.eliminate("fade:flag");}return this;},highlight:function(C,A){if(!A){A=this.retrieve("highlight:original",this.getStyle("background-color")); -A=(A=="transparent")?"#fff":A;}var B=this.get("tween");B.start("background-color",C||"#ffff88",A).chain(function(){this.setStyle("background-color",this.retrieve("highlight:original")); -B.callChain();}.bind(this));return this;}});Fx.Morph=new Class({Extends:Fx.CSS,initialize:function(B,A){this.element=this.subject=$(B);this.parent(A);},set:function(A){if(typeof A=="string"){A=this.search(A); -}for(var B in A){this.render(this.element,B,A[B],this.options.unit);}return this;},compute:function(E,D,C){var A={};for(var B in E){A[B]=this.parent(E[B],D[B],C); -}return A;},start:function(B){if(!this.check(arguments.callee,B)){return this;}if(typeof B=="string"){B=this.search(B);}var E={},D={};for(var C in B){var A=this.prepare(this.element,C,B[C]); -E[C]=A.from;D[C]=A.to;}return this.parent(E,D);}});Element.Properties.morph={set:function(A){var B=this.retrieve("morph");if(B){B.cancel();}return this.eliminate("morph").store("morph:options",$extend({link:"cancel"},A)); -},get:function(A){if(A||!this.retrieve("morph")){if(A||!this.retrieve("morph:options")){this.set("morph",A);}this.store("morph",new Fx.Morph(this,this.retrieve("morph:options"))); -}return this.retrieve("morph");}};Element.implement({morph:function(A){this.get("morph").start(A);return this;}});(function(){var A=Fx.prototype.initialize; -Fx.prototype.initialize=function(B){A.call(this,B);var C=this.options.transition;if(typeof C=="string"&&(C=C.split(":"))){var D=Fx.Transitions;D=D[C[0]]||D[C[0].capitalize()]; -if(C[1]){D=D["ease"+C[1].capitalize()+(C[2]?C[2].capitalize():"")];}this.options.transition=D;}};})();Fx.Transition=function(B,A){A=$splat(A);return $extend(B,{easeIn:function(C){return B(C,A); -},easeOut:function(C){return 1-B(1-C,A);},easeInOut:function(C){return(C<=0.5)?B(2*C,A)/2:(2-B(2*(1-C),A))/2;}});};Fx.Transitions=new Hash({linear:$arguments(0)}); -Fx.Transitions.extend=function(A){for(var B in A){Fx.Transitions[B]=new Fx.Transition(A[B]);}};Fx.Transitions.extend({Pow:function(B,A){return Math.pow(B,A[0]||6); -},Expo:function(A){return Math.pow(2,8*(A-1));},Circ:function(A){return 1-Math.sin(Math.acos(A));},Sine:function(A){return 1-Math.sin((1-A)*Math.PI/2); -},Back:function(B,A){A=A[0]||1.618;return Math.pow(B,2)*((A+1)*B-A);},Bounce:function(D){var C;for(var B=0,A=1;1;B+=A,A/=2){if(D>=(7-4*B)/11){C=-Math.pow((11-6*B-11*D)/4,2)+A*A; -break;}}return C;},Elastic:function(B,A){return Math.pow(2,10*--B)*Math.cos(20*B*Math.PI*(A[0]||1)/3);}});["Quad","Cubic","Quart","Quint"].each(function(B,A){Fx.Transitions[B]=new Fx.Transition(function(C){return Math.pow(C,[A+2]); -});});var Request=new Class({Implements:[Chain,Events,Options],options:{url:"",data:"",headers:{"X-Requested-With":"XMLHttpRequest",Accept:"text/javascript, text/html, application/xml, text/xml, */*"},async:true,format:false,method:"post",link:"ignore",isSuccess:null,emulation:true,urlEncoded:true,encoding:"utf-8",evalScripts:false,evalResponse:false},initialize:function(A){this.xhr=new Browser.Request(); -this.setOptions(A);this.options.isSuccess=this.options.isSuccess||this.isSuccess;this.headers=new Hash(this.options.headers);},onStateChange:function(){if(this.xhr.readyState!=4||!this.running){return ; -}this.running=false;this.status=0;$try(function(){this.status=this.xhr.status;}.bind(this));if(this.options.isSuccess.call(this,this.status)){this.response={text:this.xhr.responseText,xml:this.xhr.responseXML}; -this.success(this.response.text,this.response.xml);}else{this.response={text:null,xml:null};this.failure();}this.xhr.onreadystatechange=$empty;},isSuccess:function(){return((this.status>=200)&&(this.status<300)); -},processScripts:function(A){if(this.options.evalResponse||(/(ecma|java)script/).test(this.getHeader("Content-type"))){return $exec(A);}return A.stripScripts(this.options.evalScripts); -},success:function(B,A){this.onSuccess(this.processScripts(B),A);},onSuccess:function(){this.fireEvent("complete",arguments).fireEvent("success",arguments).callChain(); -},failure:function(){this.onFailure();},onFailure:function(){this.fireEvent("complete").fireEvent("failure",this.xhr);},setHeader:function(A,B){this.headers.set(A,B); -return this;},getHeader:function(A){return $try(function(){return this.xhr.getResponseHeader(A);}.bind(this));},check:function(A){if(!this.running){return true; -}switch(this.options.link){case"cancel":this.cancel();return true;case"chain":this.chain(A.bind(this,Array.slice(arguments,1)));return false;}return false; -},send:function(I){if(!this.check(arguments.callee,I)){return this;}this.running=true;var G=$type(I);if(G=="string"||G=="element"){I={data:I};}var D=this.options; -I=$extend({data:D.data,url:D.url,method:D.method},I);var E=I.data,B=I.url,A=I.method;switch($type(E)){case"element":E=$(E).toQueryString();break;case"object":case"hash":E=Hash.toQueryString(E); -}if(this.options.format){var H="format="+this.options.format;E=(E)?H+"&"+E:H;}if(this.options.emulation&&["put","delete"].contains(A)){var F="_method="+A; -E=(E)?F+"&"+E:F;A="post";}if(this.options.urlEncoded&&A=="post"){var C=(this.options.encoding)?"; charset="+this.options.encoding:"";this.headers.set("Content-type","application/x-www-form-urlencoded"+C); -}if(E&&A=="get"){B=B+(B.contains("?")?"&":"?")+E;E=null;}this.xhr.open(A.toUpperCase(),B,this.options.async);this.xhr.onreadystatechange=this.onStateChange.bind(this); -this.headers.each(function(K,J){if(!$try(function(){this.xhr.setRequestHeader(J,K);return true;}.bind(this))){this.fireEvent("exception",[J,K]);}},this); -this.fireEvent("request");this.xhr.send(E);if(!this.options.async){this.onStateChange();}return this;},cancel:function(){if(!this.running){return this; -}this.running=false;this.xhr.abort();this.xhr.onreadystatechange=$empty;this.xhr=new Browser.Request();this.fireEvent("cancel");return this;}});(function(){var A={}; -["get","post","put","delete","GET","POST","PUT","DELETE"].each(function(B){A[B]=function(){var C=Array.link(arguments,{url:String.type,data:$defined}); -return this.send($extend(C,{method:B.toLowerCase()}));};});Request.implement(A);})();Element.Properties.send={set:function(A){var B=this.retrieve("send"); -if(B){B.cancel();}return this.eliminate("send").store("send:options",$extend({data:this,link:"cancel",method:this.get("method")||"post",url:this.get("action")},A)); -},get:function(A){if(A||!this.retrieve("send")){if(A||!this.retrieve("send:options")){this.set("send",A);}this.store("send",new Request(this.retrieve("send:options"))); -}return this.retrieve("send");}};Element.implement({send:function(A){var B=this.get("send");B.send({data:this,url:A||B.options.url});return this;}});Request.HTML=new Class({Extends:Request,options:{update:false,evalScripts:true,filter:false},processHTML:function(C){var B=C.match(/<body[^>]*>([\s\S]*?)<\/body>/i); -C=(B)?B[1]:C;var A=new Element("div");return $try(function(){var D="<root>"+C+"</root>",G;if(Browser.Engine.trident){G=new ActiveXObject("Microsoft.XMLDOM"); -G.async=false;G.loadXML(D);}else{G=new DOMParser().parseFromString(D,"text/xml");}D=G.getElementsByTagName("root")[0];for(var F=0,E=D.childNodes.length; -F<E;F++){var H=Element.clone(D.childNodes[F],true,true);if(H){A.grab(H);}}return A;})||A.set("html",C);},success:function(D){var C=this.options,B=this.response; -B.html=D.stripScripts(function(E){B.javascript=E;});var A=this.processHTML(B.html);B.tree=A.childNodes;B.elements=A.getElements("*");if(C.filter){B.tree=B.elements.filter(C.filter); -}if(C.update){$(C.update).empty().adopt(B.tree);}if(C.evalScripts){$exec(B.javascript);}this.onSuccess(B.tree,B.elements,B.html,B.javascript);}});Element.Properties.load={set:function(A){var B=this.retrieve("load"); -if(B){send.cancel();}return this.eliminate("load").store("load:options",$extend({data:this,link:"cancel",update:this,method:"get"},A));},get:function(A){if(A||!this.retrieve("load")){if(A||!this.retrieve("load:options")){this.set("load",A); -}this.store("load",new Request.HTML(this.retrieve("load:options")));}return this.retrieve("load");}};Element.implement({load:function(){this.get("load").send(Array.link(arguments,{data:Object.type,url:String.type})); -return this;}});Request.JSON=new Class({Extends:Request,options:{secure:true},initialize:function(A){this.parent(A);this.headers.extend({Accept:"application/json","X-Request":"JSON"}); -},success:function(A){this.response.json=JSON.decode(A,this.options.secure);this.onSuccess(this.response.json,A);}}); diff --git a/src/medsrv/templates/static/script.js b/src/medsrv/templates/static/script.js deleted file mode 100644 index f2ab1e009..000000000 --- a/src/medsrv/templates/static/script.js +++ /dev/null @@ -1,13 +0,0 @@ -window.addEvent('domready', function() { - $$('.focus').each(function(e){e.focus();}); - $$('table.list tr:nth-child(2n) td').each(function(e){e.set('class', 'even');}); - $$('table.list tr:nth-child(2n+1) td').each(function(e){e.set('class', 'odd');}); - $$('table.list tr th').each(function(e){e.set('class', 'head');}); - $$('table.list tr td').each(function(e){e.addEvents({ - 'click': function(){ - location.href = this.getChildren('a')[0].get('href'); - } - })}); -}); - - diff --git a/src/medsrv/templates/static/style.css b/src/medsrv/templates/static/style.css index e109ce278..cb7f30398 100644 --- a/src/medsrv/templates/static/style.css +++ b/src/medsrv/templates/static/style.css @@ -104,29 +104,25 @@ a img { color: #dd0000; } -.even { - cursor : pointer; -} - -.even a, .odd a { - text-decoration: none; +table.list * { + padding: 0px 1em 0px 0.2em; } -.odd { - background-color: #f2cd6f; - cursor : pointer; +table.list tr td, table.list tr th { + border: solid 1px; + border-color: black; } -.head { +table.list tr th { background-color: #ffec9e; } -table.list * { - padding: 0px 1em 0px 0.2em; +table.list tr:nth-child(odd) td { + background-color: #f2cd6f; } -table.list tr td, table.list tr th { - border: solid 1px; - border-color: black; +table.list tr td a { + text-decoration: none; + display: inline-block; + width: 100%; } - diff --git a/src/medsrv/templates/user/add.cs b/src/medsrv/templates/user/add.cs index 8ba4e5c96..82442c543 100644 --- a/src/medsrv/templates/user/add.cs +++ b/src/medsrv/templates/user/add.cs @@ -6,7 +6,7 @@ <table class="user"> <tr> <td><label for="new_login">Username</label></td> - <td><input type="text" id="new_login" name="new_login" class="focus" maxlength="30" value="<?cs var:new_login ?>"/></td> + <td><input type="text" id="new_login" name="new_login" autofocus maxlength="30" value="<?cs var:new_login ?>"/></td> </tr> <tr> <td><label for="new_password">Password</label></td> diff --git a/src/medsrv/templates/user/login.cs b/src/medsrv/templates/user/login.cs index 1d6eadbbc..fbf5b8bd7 100644 --- a/src/medsrv/templates/user/login.cs +++ b/src/medsrv/templates/user/login.cs @@ -6,7 +6,7 @@ <table class="user"> <tr> <td><label for="login">Username</label></td> - <td><input type="text" id="login" name="login" size="30" maxlength="30" class="focus"/></td> + <td><input type="text" id="login" name="login" size="30" maxlength="30" autofocus /></td> </tr> <tr> <td><label for="password">Password</label></td> diff --git a/src/pki/commands/acert.c b/src/pki/commands/acert.c index 7099977f2..4f850d6d1 100644 --- a/src/pki/commands/acert.c +++ b/src/pki/commands/acert.c @@ -278,7 +278,8 @@ static void __attribute__ ((constructor))reg() {"[--in file] [--group name]* --issuerkey file|--issuerkeyid hex", " --issuercert file [--serial hex] [--lifetime hours]", " [--not-before datetime] [--not-after datetime] [--dateform form]", - "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, + "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]", + "[--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "holder certificate, default: stdin"}, diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 2dc9fcce3..fdc43d705 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -588,7 +588,8 @@ static void __attribute__ ((constructor))reg() "[--nc-excluded name] [--policy-mapping issuer-oid:subject-oid]", "[--policy-explicit len] [--policy-inhibit len] [--policy-any len]", "[--cert-policy oid [--cps-uri uri] [--user-notice text]]+", - "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, + "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]", + "[--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "key/request file to issue, default: stdin"}, diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c index da991b505..68d611250 100644 --- a/src/pki/commands/req.c +++ b/src/pki/commands/req.c @@ -196,7 +196,8 @@ static void __attribute__ ((constructor))reg() "create a PKCS#10 certificate request", {" [--in file] [--type rsa|ecdsa|bliss] --dn distinguished-name", "[--san subjectAltName]+ [--password challengePassword]", - "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, + "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]", + "[--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "private key input file, default: stdin"}, diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index a785c2a0c..f4e83c76c 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -425,7 +425,8 @@ static void __attribute__ ((constructor))reg() "[--policy-map issuer-oid:subject-oid]", "[--policy-explicit len] [--policy-inhibit len] [--policy-any len]", "[--cert-policy oid [--cps-uri uri] [--user-notice text]]+", - "[--digest md5|sha1|sha224|sha256|sha384|sha512] [--outform der|pem]"}, + "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]", + "[--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, {"in", 'i', 1, "private key input file, default: stdin"}, diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c index 720dfd8a9..6c27289f9 100644 --- a/src/pki/commands/signcrl.c +++ b/src/pki/commands/signcrl.c @@ -451,7 +451,7 @@ static void __attribute__ ((constructor))reg() " [[--reason key-compromise|ca-compromise|affiliation-changed|", " superseded|cessation-of-operation|certificate-hold]", " [--date timestamp] --cert file|--serial hex]*", - " [--digest md5|sha1|sha224|sha256|sha384|sha512]", + " [--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]", " [--outform der|pem]"}, { {"help", 'h', 0, "show usage information"}, diff --git a/src/scepclient/scepclient.8 b/src/scepclient/scepclient.8 index bf71bf85c..78ce5c628 100644 --- a/src/scepclient/scepclient.8 +++ b/src/scepclient/scepclient.8 @@ -289,14 +289,5 @@ The challenge password is '5xH2pnT7wq'. The encryption and signature check has t caCert.der. .RE - .SH "BUGS" \fB\-\-optionsfrom\fP seems to have parsing problems reading option files containing strings in quotation marks. -.SH "COPYRIGHT" -Copyright (C) 2005 Jan Hutter, Martin Willi -.br -Hochschule fuer Technik Rapperswil -.PP -This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. -.PP -This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. diff --git a/src/swanctl/commands/list_pools.c b/src/swanctl/commands/list_pools.c index 155771657..429107e17 100644 --- a/src/swanctl/commands/list_pools.c +++ b/src/swanctl/commands/list_pools.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2015 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * @@ -19,8 +22,22 @@ #include "command.h" +CALLBACK(list_leases, int, + char *pool, vici_res_t *res, char *name) +{ + if (streq(name, "leases")) + { + return vici_parse_cb(res, list_leases, NULL, NULL, pool); + } + printf(" %-30s %-8s '%s'\n", + vici_find_str(res, "", "%s.leases.%s.address", pool, name), + vici_find_str(res, "", "%s.leases.%s.status", pool, name), + vici_find_str(res, "", "%s.leases.%s.identity", pool, name)); + return 0; +} + CALLBACK(list_pool, int, - linked_list_t *list, vici_res_t *res, char *name) + void *not_used, vici_res_t *res, char *name) { char pool[64], leases[32]; @@ -33,7 +50,7 @@ CALLBACK(list_pool, int, printf("%-20s %-30s %16s\n", name, vici_find_str(res, "", "%s.base", name), leases); - return 0; + return vici_parse_cb(res, list_leases, NULL, NULL, name); } static int list_pools(vici_conn_t *conn) @@ -43,6 +60,7 @@ static int list_pools(vici_conn_t *conn) command_format_options_t format = COMMAND_FORMAT_NONE; char *arg; int ret = 0; + bool leases = FALSE; while (TRUE) { @@ -56,6 +74,9 @@ static int list_pools(vici_conn_t *conn) case 'r': format |= COMMAND_FORMAT_RAW; continue; + case 'l': + leases = TRUE; + continue; case EOF: break; default: @@ -65,6 +86,10 @@ static int list_pools(vici_conn_t *conn) } req = vici_begin("get-pools"); + if (leases) + { + vici_add_key_valuef(req, "leases", "yes"); + } res = vici_submit(req, conn); if (!res) { @@ -92,11 +117,12 @@ static void __attribute__ ((constructor))reg() { command_register((command_t) { list_pools, 'A', "list-pools", "list loaded pool configurations", - {"[--raw|--pretty]"}, + {"[--leases] [--raw|--pretty]"}, { {"help", 'h', 0, "show usage information"}, {"raw", 'r', 0, "dump raw response message"}, {"pretty", 'P', 0, "dump raw response message in pretty print"}, + {"leases", 'l', 0, "list leases of each pool"}, } }); } diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c index 1aca6d212..93dd7ed85 100644 --- a/src/swanctl/commands/list_sas.c +++ b/src/swanctl/commands/list_sas.c @@ -198,8 +198,14 @@ CALLBACK(ike_sa, int, ike->get(ike, "state"), ike->get(ike, "version"), ike->get(ike, "initiator-spi"), ike->get(ike, "responder-spi")); - printf(" local '%s' @ %s\n", + printf(" local '%s' @ %s", ike->get(ike, "local-id"), ike->get(ike, "local-host")); + if (ike->get(ike, "local-vips")) + { + printf(" [%s]", ike->get(ike, "local-vips")); + } + printf("\n"); + printf(" remote '%s' @ %s", ike->get(ike, "remote-id"), ike->get(ike, "remote-host")); if (ike->get(ike, "remote-eap-id")) @@ -210,6 +216,10 @@ CALLBACK(ike_sa, int, { printf(" XAuth: '%s'", ike->get(ike, "remote-xauth-id")); } + if (ike->get(ike, "remote-vips")) + { + printf(" [%s]", ike->get(ike, "remote-vips")); + } printf("\n"); if (ike->get(ike, "encr-alg")) |