summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2018-09-24 15:11:14 +0200
committerYves-Alexis Perez <corsac@debian.org>2018-09-24 15:11:14 +0200
commite0e280b7669435b991b7e457abd8aa450930b3e8 (patch)
tree3e6084f13b14ad2df104e2ce6e589eb96c5f7ac9 /src
parent51a71ee15c1bcf0e82f363a16898f571e211f9c3 (diff)
downloadvyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.tar.gz
vyos-strongswan-e0e280b7669435b991b7e457abd8aa450930b3e8.zip
New upstream version 5.7.0
Diffstat (limited to 'src')
-rw-r--r--src/Makefile.am4
-rw-r--r--src/Makefile.in45
-rw-r--r--src/_copyright/Makefile.in11
-rw-r--r--src/_updown/Makefile.in11
-rw-r--r--src/aikgen/Makefile.in11
-rw-r--r--src/charon-cmd/Makefile.in11
-rw-r--r--src/charon-nm/Makefile.in11
-rw-r--r--src/charon-nm/nm/nm_service.c2
-rw-r--r--src/charon-svc/Makefile.in11
-rw-r--r--src/charon-systemd/Makefile.in11
-rw-r--r--src/charon-systemd/charon-systemd.c103
-rw-r--r--src/charon-tkm/Makefile.in11
-rw-r--r--src/charon-tkm/src/tkm/tkm_keymat.c8
-rw-r--r--src/charon/Makefile.in11
-rw-r--r--src/charon/charon.c15
-rw-r--r--src/checksum/Makefile.in11
-rw-r--r--src/conftest/Makefile.in11
-rw-r--r--src/conftest/README2
-rw-r--r--src/conftest/hooks/pretend_auth.c4
-rw-r--r--src/conftest/hooks/rebuild_auth.c4
-rw-r--r--src/dumm/Makefile.am34
-rw-r--r--src/dumm/Makefile.in914
-rw-r--r--src/dumm/bridge.c181
-rw-r--r--src/dumm/bridge.h76
-rw-r--r--src/dumm/cowfs.c980
-rw-r--r--src/dumm/cowfs.h72
-rw-r--r--src/dumm/dumm.c444
-rw-r--r--src/dumm/dumm.h150
-rw-r--r--src/dumm/ext/README8
-rw-r--r--src/dumm/ext/dumm.c797
-rw-r--r--src/dumm/ext/extconf.rb.in19
-rw-r--r--src/dumm/ext/lib/dumm.rb63
-rw-r--r--src/dumm/ext/lib/dumm/guest.rb59
-rw-r--r--src/dumm/guest.c682
-rw-r--r--src/dumm/guest.h222
-rw-r--r--src/dumm/iface.c299
-rw-r--r--src/dumm/iface.h115
-rw-r--r--src/dumm/irdumm.c68
-rw-r--r--src/dumm/main.c629
-rw-r--r--src/dumm/mconsole.c353
-rw-r--r--src/dumm/mconsole.h75
-rw-r--r--src/include/Makefile.in11
-rw-r--r--src/include/linux/xfrm.h3
-rw-r--r--src/ipsec/Makefile.in11
-rw-r--r--src/ipsec/_ipsec.84
-rw-r--r--src/ipsec/_ipsec.8.in2
-rw-r--r--src/ipsec/_ipsec.in2
-rw-r--r--src/libcharon/Makefile.in11
-rw-r--r--src/libcharon/attributes/mem_pool.h2
-rw-r--r--src/libcharon/bus/listeners/custom_logger.h9
-rw-r--r--src/libcharon/config/backend_manager.c214
-rw-r--r--src/libcharon/config/backend_manager.h15
-rw-r--r--src/libcharon/config/child_cfg.c67
-rw-r--r--src/libcharon/config/child_cfg.h35
-rw-r--r--src/libcharon/config/ike_cfg.c24
-rw-r--r--src/libcharon/config/ike_cfg.h11
-rw-r--r--src/libcharon/config/peer_cfg.c83
-rw-r--r--src/libcharon/config/peer_cfg.h24
-rw-r--r--src/libcharon/daemon.c24
-rw-r--r--src/libcharon/encoding/message.c33
-rw-r--r--src/libcharon/encoding/payloads/encrypted_payload.c34
-rw-r--r--src/libcharon/encoding/payloads/encrypted_payload.h13
-rw-r--r--src/libcharon/encoding/payloads/notify_payload.c14
-rw-r--r--src/libcharon/encoding/payloads/notify_payload.h8
-rw-r--r--src/libcharon/kernel/kernel_ipsec.h10
-rw-r--r--src/libcharon/network/receiver.c8
-rw-r--r--src/libcharon/plugins/addrblock/Makefile.in11
-rw-r--r--src/libcharon/plugins/android_dns/Makefile.in11
-rw-r--r--src/libcharon/plugins/android_log/Makefile.in11
-rw-r--r--src/libcharon/plugins/attr/Makefile.in11
-rw-r--r--src/libcharon/plugins/attr_sql/Makefile.in11
-rw-r--r--src/libcharon/plugins/bypass_lan/Makefile.in11
-rw-r--r--src/libcharon/plugins/certexpire/Makefile.in11
-rw-r--r--src/libcharon/plugins/connmark/Makefile.in11
-rw-r--r--src/libcharon/plugins/counters/Makefile.in11
-rw-r--r--src/libcharon/plugins/coupling/Makefile.in11
-rw-r--r--src/libcharon/plugins/dhcp/Makefile.in11
-rw-r--r--src/libcharon/plugins/dhcp/dhcp_socket.c9
-rw-r--r--src/libcharon/plugins/dnscert/Makefile.in11
-rw-r--r--src/libcharon/plugins/duplicheck/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_aka/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_dynamic/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_gtc/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_identity/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_md5/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_mschapv2/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_peap/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_radius/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_sim/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_sim_file/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_sim_pcsc/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c1
-rw-r--r--src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_simaka_reauth/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_simaka_sql/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_tls/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_tnc/Makefile.in11
-rw-r--r--src/libcharon/plugins/eap_ttls/Makefile.in11
-rw-r--r--src/libcharon/plugins/error_notify/Makefile.in11
-rw-r--r--src/libcharon/plugins/ext_auth/Makefile.in11
-rw-r--r--src/libcharon/plugins/farp/Makefile.in11
-rw-r--r--src/libcharon/plugins/forecast/Makefile.in11
-rw-r--r--src/libcharon/plugins/ha/Makefile.in11
-rw-r--r--src/libcharon/plugins/ha/ha_kernel.c2
-rw-r--r--src/libcharon/plugins/ipseckey/Makefile.in11
-rw-r--r--src/libcharon/plugins/kernel_iph/Makefile.in11
-rw-r--r--src/libcharon/plugins/kernel_libipsec/Makefile.in11
-rw-r--r--src/libcharon/plugins/kernel_netlink/Makefile.in11
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c80
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c12
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c44
-rw-r--r--src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h7
-rw-r--r--src/libcharon/plugins/kernel_pfkey/Makefile.in11
-rw-r--r--src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c71
-rw-r--r--src/libcharon/plugins/kernel_pfroute/Makefile.in11
-rw-r--r--src/libcharon/plugins/kernel_wfp/Makefile.in11
-rw-r--r--src/libcharon/plugins/led/Makefile.in11
-rw-r--r--src/libcharon/plugins/load_tester/Makefile.in11
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_control.c2
-rw-r--r--src/libcharon/plugins/lookip/Makefile.in11
-rw-r--r--src/libcharon/plugins/medcli/Makefile.in11
-rw-r--r--src/libcharon/plugins/medsrv/Makefile.in11
-rw-r--r--src/libcharon/plugins/osx_attr/Makefile.in11
-rw-r--r--src/libcharon/plugins/p_cscf/Makefile.in11
-rw-r--r--src/libcharon/plugins/radattr/Makefile.in11
-rw-r--r--src/libcharon/plugins/resolve/Makefile.in11
-rw-r--r--src/libcharon/plugins/save_keys/Makefile.in11
-rw-r--r--src/libcharon/plugins/smp/Makefile.in11
-rw-r--r--src/libcharon/plugins/smp/smp.c9
-rw-r--r--src/libcharon/plugins/socket_default/Makefile.in11
-rw-r--r--src/libcharon/plugins/socket_default/socket_default_socket.c2
-rw-r--r--src/libcharon/plugins/socket_dynamic/Makefile.in11
-rw-r--r--src/libcharon/plugins/socket_win/Makefile.in11
-rw-r--r--src/libcharon/plugins/sql/Makefile.in11
-rw-r--r--src/libcharon/plugins/stroke/Makefile.in11
-rw-r--r--src/libcharon/plugins/stroke/stroke_list.c14
-rw-r--r--src/libcharon/plugins/systime_fix/Makefile.in11
-rw-r--r--src/libcharon/plugins/tnc_ifmap/Makefile.in11
-rw-r--r--src/libcharon/plugins/tnc_pdp/Makefile.in11
-rw-r--r--src/libcharon/plugins/tnc_pdp/tnc_pdp.c2
-rw-r--r--src/libcharon/plugins/uci/Makefile.in11
-rw-r--r--src/libcharon/plugins/unity/Makefile.in11
-rw-r--r--src/libcharon/plugins/unity/unity_narrow.c5
-rw-r--r--src/libcharon/plugins/unity/unity_provider.c3
-rw-r--r--src/libcharon/plugins/updown/Makefile.in11
-rw-r--r--src/libcharon/plugins/vici/Makefile.in11
-rw-r--r--src/libcharon/plugins/vici/README.md5
-rw-r--r--src/libcharon/plugins/vici/perl/Makefile.in11
-rw-r--r--src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm53
-rw-r--r--src/libcharon/plugins/vici/python/Makefile.in11
-rw-r--r--src/libcharon/plugins/vici/ruby/Makefile.in11
-rw-r--r--src/libcharon/plugins/vici/ruby/lib/vici.rb2
-rw-r--r--src/libcharon/plugins/vici/vici_attribute.c2
-rw-r--r--src/libcharon/plugins/vici/vici_config.c125
-rw-r--r--src/libcharon/plugins/vici/vici_control.c4
-rw-r--r--src/libcharon/plugins/vici/vici_cred.c4
-rw-r--r--src/libcharon/plugins/vici/vici_message.c14
-rw-r--r--src/libcharon/plugins/vici/vici_query.c36
-rw-r--r--src/libcharon/plugins/whitelist/Makefile.in11
-rw-r--r--src/libcharon/plugins/xauth_eap/Makefile.in11
-rw-r--r--src/libcharon/plugins/xauth_generic/Makefile.in11
-rw-r--r--src/libcharon/plugins/xauth_noauth/Makefile.in11
-rw-r--r--src/libcharon/plugins/xauth_pam/Makefile.in11
-rw-r--r--src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c2
-rw-r--r--src/libcharon/sa/authenticator.h13
-rw-r--r--src/libcharon/sa/child_sa.c11
-rw-r--r--src/libcharon/sa/ike_sa.c1
-rw-r--r--src/libcharon/sa/ike_sa.h10
-rw-r--r--src/libcharon/sa/ike_sa_manager.c32
-rw-r--r--src/libcharon/sa/ikev1/keymat_v1.c1
-rw-r--r--src/libcharon/sa/ikev1/phase1.c2
-rw-r--r--src/libcharon/sa/ikev1/task_manager_v1.c8
-rw-r--r--src/libcharon/sa/ikev1/tasks/aggressive_mode.c22
-rw-r--r--src/libcharon/sa/ikev1/tasks/isakmp_vendor.c2
-rw-r--r--src/libcharon/sa/ikev1/tasks/main_mode.c21
-rw-r--r--src/libcharon/sa/ikev1/tasks/mode_config.c1
-rw-r--r--src/libcharon/sa/ikev1/tasks/quick_mode.c2
-rw-r--r--src/libcharon/sa/ikev1/tasks/xauth.c2
-rw-r--r--src/libcharon/sa/ikev2/authenticators/eap_authenticator.c56
-rw-r--r--src/libcharon/sa/ikev2/authenticators/psk_authenticator.c60
-rw-r--r--src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c171
-rw-r--r--src/libcharon/sa/ikev2/keymat_v2.c136
-rw-r--r--src/libcharon/sa/ikev2/keymat_v2.h20
-rw-r--r--src/libcharon/sa/ikev2/task_manager_v2.c5
-rw-r--r--src/libcharon/sa/ikev2/tasks/child_create.c20
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_auth.c352
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_init.c159
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_mobike.c4
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_mobike.h2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_rekey.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_vendor.c2
-rw-r--r--src/libcharon/sa/shunt_manager.c12
-rw-r--r--src/libcharon/sa/task.h6
-rw-r--r--src/libcharon/sa/trap_manager.c6
-rw-r--r--src/libcharon/tests/Makefile.am2
-rw-r--r--src/libcharon/tests/Makefile.in49
-rw-r--r--src/libcharon/tests/libcharon_tests.h1
-rw-r--r--src/libcharon/tests/suites/test_peer_cfg.c229
-rw-r--r--src/libcharon/tests/utils/exchange_test_helper.c4
-rw-r--r--src/libcharon/tests/utils/mock_net.c115
-rw-r--r--src/libcharon/tests/utils/mock_net.h (renamed from src/libimcv/plugins/imv_swid/imv_swid.c)24
-rw-r--r--src/libfast/Makefile.in11
-rw-r--r--src/libfast/fast_dispatcher.c2
-rw-r--r--src/libfast/fast_dispatcher.h2
-rw-r--r--src/libimcv/Android.mk9
-rw-r--r--src/libimcv/Makefile.am17
-rw-r--r--src/libimcv/Makefile.in98
-rw-r--r--src/libimcv/ietf/ietf_attr.c11
-rw-r--r--src/libimcv/ietf/ietf_attr.h24
-rw-r--r--src/libimcv/ietf/ietf_attr_pa_tnc_error.c13
-rw-r--r--src/libimcv/ietf/ietf_attr_pa_tnc_error.h16
-rw-r--r--src/libimcv/ietf/swima/ietf_swima_attr_req.c4
-rw-r--r--src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c130
-rw-r--r--src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c66
-rw-r--r--src/libimcv/imc/imc_agent.c24
-rw-r--r--src/libimcv/imc/imc_agent.h7
-rw-r--r--src/libimcv/imc/imc_state.h9
-rw-r--r--src/libimcv/imv/data.sql44
-rw-r--r--src/libimcv/imv/imv_agent.c12
-rw-r--r--src/libimcv/imv/imv_database.c3
-rw-r--r--src/libimcv/imv/imv_session.c10
-rw-r--r--src/libimcv/imv/imv_session.h12
-rw-r--r--src/libimcv/imv/imv_session_manager.c4
-rw-r--r--src/libimcv/imv/imv_state.h9
-rw-r--r--src/libimcv/plugins/imc_attestation/Makefile.in11
-rw-r--r--src/libimcv/plugins/imc_attestation/imc_attestation.c11
-rw-r--r--src/libimcv/plugins/imc_attestation/imc_attestation_state.c22
-rw-r--r--src/libimcv/plugins/imc_hcd/Makefile.in11
-rw-r--r--src/libimcv/plugins/imc_hcd/imc_hcd.c15
-rw-r--r--src/libimcv/plugins/imc_hcd/imc_hcd_state.c13
-rw-r--r--src/libimcv/plugins/imc_os/Makefile.in11
-rw-r--r--src/libimcv/plugins/imc_os/imc_os.c9
-rw-r--r--src/libimcv/plugins/imc_os/imc_os_state.c13
-rw-r--r--src/libimcv/plugins/imc_scanner/Makefile.in11
-rw-r--r--src/libimcv/plugins/imc_scanner/imc_scanner.c9
-rw-r--r--src/libimcv/plugins/imc_scanner/imc_scanner_state.c13
-rw-r--r--src/libimcv/plugins/imc_swid/Makefile.am36
-rw-r--r--src/libimcv/plugins/imc_swid/Makefile.in831
-rw-r--r--src/libimcv/plugins/imc_swid/imc_swid.c417
-rw-r--r--src/libimcv/plugins/imc_swid/imc_swid_state.c203
-rw-r--r--src/libimcv/plugins/imc_swid/imc_swid_state.h58
-rw-r--r--src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in11
-rw-r--r--src/libimcv/plugins/imc_swima/Makefile.am4
-rw-r--r--src/libimcv/plugins/imc_swima/Makefile.in14
-rw-r--r--src/libimcv/plugins/imc_swima/imc_swima.c309
-rw-r--r--src/libimcv/plugins/imc_swima/imc_swima_state.c84
-rw-r--r--src/libimcv/plugins/imc_swima/imc_swima_state.h60
-rw-r--r--src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag11
-rw-r--r--src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-7-0.swidtag (renamed from src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag)4
-rw-r--r--src/libimcv/plugins/imc_test/Makefile.in11
-rw-r--r--src/libimcv/plugins/imc_test/imc_test_state.c13
-rw-r--r--src/libimcv/plugins/imv_attestation/Makefile.in11
-rw-r--r--src/libimcv/plugins/imv_attestation/attest_db.c2
-rw-r--r--src/libimcv/plugins/imv_attestation/imv_attestation_state.c25
-rw-r--r--src/libimcv/plugins/imv_hcd/Makefile.in11
-rw-r--r--src/libimcv/plugins/imv_hcd/imv_hcd_state.c25
-rw-r--r--src/libimcv/plugins/imv_os/Makefile.in11
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_agent.c22
-rw-r--r--src/libimcv/plugins/imv_os/imv_os_state.c33
-rw-r--r--src/libimcv/plugins/imv_scanner/Makefile.in11
-rw-r--r--src/libimcv/plugins/imv_scanner/imv_scanner_state.c29
-rw-r--r--src/libimcv/plugins/imv_swid/Makefile.am21
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid_agent.c727
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid_agent.h36
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid_state.c417
-rw-r--r--src/libimcv/plugins/imv_swid/imv_swid_state.h145
-rw-r--r--src/libimcv/plugins/imv_swima/Makefile.in11
-rw-r--r--src/libimcv/plugins/imv_swima/imv_swima_agent.c112
-rw-r--r--src/libimcv/plugins/imv_swima/imv_swima_state.c45
-rw-r--r--src/libimcv/plugins/imv_swima/imv_swima_state.h14
-rw-r--r--src/libimcv/plugins/imv_test/Makefile.in11
-rw-r--r--src/libimcv/plugins/imv_test/imv_test_state.c21
-rw-r--r--src/libimcv/pts/pts.c1
-rw-r--r--src/libimcv/suites/test_imcv_swima.c154
-rw-r--r--src/libimcv/swid/swid_error.c55
-rw-r--r--src/libimcv/swid/swid_error.h58
-rw-r--r--src/libimcv/swid/swid_inventory.c342
-rw-r--r--src/libimcv/swid/swid_inventory.h83
-rw-r--r--src/libimcv/swid/swid_tag.c102
-rw-r--r--src/libimcv/swid/swid_tag.h70
-rw-r--r--src/libimcv/swid/swid_tag_id.c114
-rw-r--r--src/libimcv/swid/swid_tag_id.h73
-rw-r--r--src/libimcv/swima/swima_collector.c12
-rw-r--r--src/libimcv/swima/swima_data_model.c6
-rw-r--r--src/libimcv/swima/swima_event.h1
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c3
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c18
-rw-r--r--src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c8
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_req.c351
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_req.h106
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c396
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h109
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c389
-rw-r--r--src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h108
-rw-r--r--src/libimcv/tcg/tcg_attr.c12
-rw-r--r--src/libipsec/Makefile.in11
-rw-r--r--src/libipsec/tests/Makefile.in11
-rw-r--r--src/libpttls/Makefile.in11
-rw-r--r--src/libpttls/pt_tls.h2
-rw-r--r--src/libpttls/pt_tls_client.c2
-rw-r--r--src/libradius/Makefile.in11
-rw-r--r--src/libsimaka/Makefile.in11
-rw-r--r--src/libstrongswan/Makefile.am7
-rw-r--r--src/libstrongswan/Makefile.in94
-rw-r--r--src/libstrongswan/asn1/asn1.c1
-rw-r--r--src/libstrongswan/bio/bio_reader.c5
-rw-r--r--src/libstrongswan/bio/bio_reader.h2
-rw-r--r--src/libstrongswan/collections/linked_list.c69
-rw-r--r--src/libstrongswan/collections/linked_list.h21
-rw-r--r--src/libstrongswan/credentials/auth_cfg.h2
-rw-r--r--src/libstrongswan/credentials/certificates/certificate_printer.h2
-rw-r--r--src/libstrongswan/credentials/keys/public_key.h4
-rw-r--r--src/libstrongswan/credentials/keys/shared_key.c6
-rw-r--r--src/libstrongswan/credentials/keys/shared_key.h2
-rw-r--r--src/libstrongswan/crypto/crypto_factory.h4
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.h2
-rw-r--r--src/libstrongswan/crypto/proposal/proposal.c109
-rw-r--r--src/libstrongswan/crypto/proposal/proposal.h12
-rw-r--r--src/libstrongswan/ipsec/ipsec_types.c32
-rw-r--r--src/libstrongswan/ipsec/ipsec_types.h34
-rw-r--r--src/libstrongswan/library.c21
-rw-r--r--src/libstrongswan/library.h7
-rw-r--r--src/libstrongswan/math/libnttfft/Makefile.in11
-rw-r--r--src/libstrongswan/math/libnttfft/tests/Makefile.in11
-rw-r--r--src/libstrongswan/networking/streams/stream_service_unix.c26
-rw-r--r--src/libstrongswan/plugins/acert/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/aes/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/aesni/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/af_alg/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/agent/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/bliss/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/bliss/tests/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/blowfish/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/botan/Makefile.am32
-rw-r--r--src/libstrongswan/plugins/botan/Makefile.in (renamed from src/libimcv/plugins/imv_swid/Makefile.in)178
-rw-r--r--src/libstrongswan/plugins/botan/botan_crypter.c191
-rw-r--r--src/libstrongswan/plugins/botan/botan_crypter.h58
-rw-r--r--src/libstrongswan/plugins/botan/botan_diffie_hellman.c245
-rw-r--r--src/libstrongswan/plugins/botan/botan_diffie_hellman.h59
-rw-r--r--src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c226
-rw-r--r--src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.h56
-rw-r--r--src/libstrongswan/plugins/botan/botan_ec_private_key.c452
-rw-r--r--src/libstrongswan/plugins/botan/botan_ec_private_key.h87
-rw-r--r--src/libstrongswan/plugins/botan/botan_ec_public_key.c277
-rw-r--r--src/libstrongswan/plugins/botan/botan_ec_public_key.h54
-rw-r--r--src/libstrongswan/plugins/botan/botan_gcm.c333
-rw-r--r--src/libstrongswan/plugins/botan/botan_gcm.h47
-rw-r--r--src/libstrongswan/plugins/botan/botan_hasher.c136
-rw-r--r--src/libstrongswan/plugins/botan/botan_hasher.h55
-rw-r--r--src/libstrongswan/plugins/botan/botan_hmac.c172
-rw-r--r--src/libstrongswan/plugins/botan/botan_hmac.h53
-rw-r--r--src/libstrongswan/plugins/botan/botan_plugin.c313
-rw-r--r--src/libstrongswan/plugins/botan/botan_plugin.h50
-rw-r--r--src/libstrongswan/plugins/botan/botan_rng.c130
-rw-r--r--src/libstrongswan/plugins/botan/botan_rng.h57
-rw-r--r--src/libstrongswan/plugins/botan/botan_rsa_private_key.c694
-rw-r--r--src/libstrongswan/plugins/botan/botan_rsa_private_key.h82
-rw-r--r--src/libstrongswan/plugins/botan/botan_rsa_public_key.c376
-rw-r--r--src/libstrongswan/plugins/botan/botan_rsa_public_key.h72
-rw-r--r--src/libstrongswan/plugins/botan/botan_util.c280
-rw-r--r--src/libstrongswan/plugins/botan/botan_util.h116
-rw-r--r--src/libstrongswan/plugins/botan/botan_util_keys.c211
-rw-r--r--src/libstrongswan/plugins/botan/botan_util_keys.h61
-rw-r--r--src/libstrongswan/plugins/botan/botan_x25519.c176
-rw-r--r--src/libstrongswan/plugins/botan/botan_x25519.h42
-rw-r--r--src/libstrongswan/plugins/ccm/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/chapoly/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/cmac/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/constraints/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/ctr/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/curl/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/curve25519/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/des/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/dnskey/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/files/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/fips_prf/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/gcm/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/gcm/gcm_aead.c2
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_dh.c4
-rw-r--r--src/libstrongswan/plugins/gmp/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c68
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c158
-rw-r--r--src/libstrongswan/plugins/hmac/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/keychain/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/ldap/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/md4/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/md5/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/mgf1/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/mysql/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/newhope/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/newhope/newhope_ke.c4
-rw-r--r--src/libstrongswan/plugins/newhope/tests/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/nonce/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/ntru/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_drbg.h2
-rw-r--r--src/libstrongswan/plugins/ntru/ntru_poly.h2
-rw-r--r--src/libstrongswan/plugins/openssl/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/padlock/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pem/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pgp/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pkcs1/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_builder.c6
-rw-r--r--src/libstrongswan/plugins/pkcs11/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pkcs12/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pkcs7/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pkcs8/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/pubkey/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/random/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/rc2/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/rdrand/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/revocation/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/revocation/revocation_plugin.c8
-rw-r--r--src/libstrongswan/plugins/revocation/revocation_validator.c60
-rw-r--r--src/libstrongswan/plugins/revocation/revocation_validator.h8
-rw-r--r--src/libstrongswan/plugins/sha1/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/sha2/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/sha3/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/soup/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/sqlite/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/sshkey/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors.h3
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c22
-rw-r--r--src/libstrongswan/plugins/unbound/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/winhttp/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/x509/Makefile.in11
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c9
-rw-r--r--src/libstrongswan/plugins/xcbc/Makefile.in11
-rw-r--r--src/libstrongswan/selectors/traffic_selector.h2
-rw-r--r--src/libstrongswan/settings/settings.c452
-rw-r--r--src/libstrongswan/settings/settings.h26
-rw-r--r--src/libstrongswan/settings/settings_lexer.c466
-rw-r--r--src/libstrongswan/settings/settings_lexer.l46
-rw-r--r--src/libstrongswan/settings/settings_parser.c224
-rw-r--r--src/libstrongswan/settings/settings_parser.h19
-rw-r--r--src/libstrongswan/settings/settings_parser.y47
-rw-r--r--src/libstrongswan/settings/settings_types.c90
-rw-r--r--src/libstrongswan/settings/settings_types.h33
-rw-r--r--src/libstrongswan/tests/Makefile.in11
-rw-r--r--src/libstrongswan/tests/suites/test_identification.c6
-rw-r--r--src/libstrongswan/tests/suites/test_linked_list_enumerator.c68
-rw-r--r--src/libstrongswan/tests/suites/test_printf.c2
-rw-r--r--src/libstrongswan/tests/suites/test_proposal.c34
-rw-r--r--src/libstrongswan/tests/suites/test_rsa.c2
-rw-r--r--src/libstrongswan/tests/suites/test_settings.c423
-rw-r--r--src/libstrongswan/tests/suites/test_utils.c94
-rw-r--r--src/libstrongswan/threading/windows/mutex.c2
-rw-r--r--src/libstrongswan/utils/identification.c13
-rw-r--r--src/libstrongswan/utils/leak_detective.c132
-rw-r--r--src/libstrongswan/utils/utils/atomics.h10
-rw-r--r--src/libtls/Makefile.in11
-rw-r--r--src/libtls/tests/Makefile.in11
-rw-r--r--src/libtls/tls_peer.c2
-rw-r--r--src/libtls/tls_server.c4
-rw-r--r--src/libtls/tls_socket.h2
-rw-r--r--src/libtnccs/Makefile.in11
-rw-r--r--src/libtnccs/plugins/tnc_imc/Makefile.in11
-rw-r--r--src/libtnccs/plugins/tnc_imv/Makefile.in11
-rw-r--r--src/libtnccs/plugins/tnc_tnccs/Makefile.in11
-rw-r--r--src/libtnccs/plugins/tnccs_11/Makefile.in11
-rw-r--r--src/libtnccs/plugins/tnccs_20/Makefile.in11
-rw-r--r--src/libtnccs/plugins/tnccs_20/tnccs_20_server.c22
-rw-r--r--src/libtnccs/plugins/tnccs_dynamic/Makefile.in11
-rw-r--r--src/libtncif/Makefile.in11
-rw-r--r--src/libtpmtss/Makefile.am4
-rw-r--r--src/libtpmtss/Makefile.in24
-rw-r--r--src/libtpmtss/plugins/tpm/Makefile.in11
-rw-r--r--src/libtpmtss/plugins/tpm/tpm_plugin.c7
-rw-r--r--src/libtpmtss/plugins/tpm/tpm_private_key.c2
-rw-r--r--src/libtpmtss/tpm_tss.c14
-rw-r--r--src/libtpmtss/tpm_tss.h24
-rw-r--r--src/libtpmtss/tpm_tss_trousers.c3
-rw-r--r--src/libtpmtss/tpm_tss_trousers.h2
-rw-r--r--src/libtpmtss/tpm_tss_tss2.h16
-rw-r--r--src/libtpmtss/tpm_tss_tss2_names_v1.c (renamed from src/libtpmtss/tpm_tss_tss2_names.c)12
-rw-r--r--src/libtpmtss/tpm_tss_tss2_names_v2.c98
-rw-r--r--src/libtpmtss/tpm_tss_tss2_v1.c (renamed from src/libtpmtss/tpm_tss_tss2.c)75
-rw-r--r--src/libtpmtss/tpm_tss_tss2_v2.c1190
-rw-r--r--src/manager/Makefile.in11
-rw-r--r--src/manager/main.c2
-rw-r--r--src/medsrv/Makefile.in11
-rw-r--r--src/pki/Makefile.in11
-rw-r--r--src/pki/commands/signcrl.c4
-rw-r--r--src/pki/man/Makefile.in11
-rw-r--r--src/pool/Makefile.in11
-rw-r--r--src/pt-tls-client/Makefile.in11
-rw-r--r--src/scepclient/Makefile.in11
-rw-r--r--src/sec-updater/Makefile.in11
-rw-r--r--src/starter/Makefile.in11
-rw-r--r--src/starter/confread.c6
-rw-r--r--src/starter/parser/lexer.c2
-rw-r--r--src/starter/parser/lexer.l2
-rw-r--r--src/starter/starter.c6
-rw-r--r--src/starter/tests/Makefile.in11
-rw-r--r--src/stroke/Makefile.in11
-rw-r--r--src/sw-collector/Makefile.in11
-rw-r--r--src/swanctl/Makefile.in11
-rw-r--r--src/swanctl/commands/counters.c4
-rw-r--r--src/swanctl/commands/initiate.c2
-rw-r--r--src/swanctl/commands/list_conns.c16
-rw-r--r--src/swanctl/commands/list_sas.c4
-rw-r--r--src/swanctl/commands/load_all.c10
-rw-r--r--src/swanctl/commands/load_authorities.c10
-rw-r--r--src/swanctl/commands/load_conns.c10
-rw-r--r--src/swanctl/commands/load_creds.c13
-rw-r--r--src/swanctl/commands/load_pools.c10
-rw-r--r--src/swanctl/commands/rekey.c13
-rw-r--r--src/swanctl/swanctl.conf38
-rw-r--r--src/swanctl/swanctl.conf.5.head.in4
-rw-r--r--src/swanctl/swanctl.conf.5.main117
-rw-r--r--src/swanctl/swanctl.opt86
-rw-r--r--src/tpm_extendpcr/Makefile.in11
517 files changed, 13791 insertions, 14650 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index e2747c300..6eacbe293 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -88,10 +88,6 @@ if USE_CONFTEST
SUBDIRS += conftest
endif
-if USE_DUMM
- SUBDIRS += dumm
-endif
-
if USE_FAST
SUBDIRS += libfast
endif
diff --git a/src/Makefile.in b/src/Makefile.in
index 9aa3cb166..24c8414d8 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
@@ -109,21 +109,20 @@ host_triplet = @host@
@USE_PKI_TRUE@am__append_20 = pki
@USE_SWANCTL_TRUE@am__append_21 = swanctl
@USE_CONFTEST_TRUE@am__append_22 = conftest
-@USE_DUMM_TRUE@am__append_23 = dumm
-@USE_FAST_TRUE@am__append_24 = libfast
-@USE_MANAGER_TRUE@am__append_25 = manager
-@USE_MEDSRV_TRUE@am__append_26 = medsrv
-@USE_ATTR_SQL_TRUE@am__append_27 = pool
-@USE_ATTR_SQL_FALSE@@USE_SQL_TRUE@am__append_28 = pool
-@USE_TKM_TRUE@am__append_29 = charon-tkm
-@USE_CMD_TRUE@am__append_30 = charon-cmd
-@USE_SVC_TRUE@am__append_31 = charon-svc
-@USE_LIBPTTLS_TRUE@am__append_32 = pt-tls-client
-@USE_IMC_SWIMA_TRUE@am__append_33 = sw-collector
-@USE_IMV_SWIMA_TRUE@am__append_34 = sec-updater
-@USE_INTEGRITY_TEST_TRUE@am__append_35 = checksum
-@USE_AIKGEN_TRUE@am__append_36 = aikgen
-@USE_TPM_TRUE@am__append_37 = tpm_extendpcr
+@USE_FAST_TRUE@am__append_23 = libfast
+@USE_MANAGER_TRUE@am__append_24 = manager
+@USE_MEDSRV_TRUE@am__append_25 = medsrv
+@USE_ATTR_SQL_TRUE@am__append_26 = pool
+@USE_ATTR_SQL_FALSE@@USE_SQL_TRUE@am__append_27 = pool
+@USE_TKM_TRUE@am__append_28 = charon-tkm
+@USE_CMD_TRUE@am__append_29 = charon-cmd
+@USE_SVC_TRUE@am__append_30 = charon-svc
+@USE_LIBPTTLS_TRUE@am__append_31 = pt-tls-client
+@USE_IMC_SWIMA_TRUE@am__append_32 = sw-collector
+@USE_IMV_SWIMA_TRUE@am__append_33 = sec-updater
+@USE_INTEGRITY_TEST_TRUE@am__append_34 = checksum
+@USE_AIKGEN_TRUE@am__append_35 = aikgen
+@USE_TPM_TRUE@am__append_36 = tpm_extendpcr
subdir = src
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -200,7 +199,7 @@ CTAGS = ctags
DIST_SUBDIRS = . include libstrongswan libipsec libsimaka libtls \
libradius libtncif libtnccs libpttls libtpmtss libimcv \
libcharon starter ipsec _copyright charon charon-systemd \
- charon-nm stroke _updown scepclient pki swanctl conftest dumm \
+ charon-nm stroke _updown scepclient pki swanctl conftest \
libfast manager medsrv pool charon-tkm charon-cmd charon-svc \
pt-tls-client sw-collector sec-updater checksum aikgen \
tpm_extendpcr
@@ -330,7 +329,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -356,6 +354,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -376,8 +376,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -432,8 +430,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -462,8 +458,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -480,8 +480,7 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \
$(am__append_25) $(am__append_26) $(am__append_27) \
$(am__append_28) $(am__append_29) $(am__append_30) \
$(am__append_31) $(am__append_32) $(am__append_33) \
- $(am__append_34) $(am__append_35) $(am__append_36) \
- $(am__append_37)
+ $(am__append_34) $(am__append_35) $(am__append_36)
all: all-recursive
.SUFFIXES:
diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in
index af7a95df3..29a6f756c 100644
--- a/src/_copyright/Makefile.in
+++ b/src/_copyright/Makefile.in
@@ -279,7 +279,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -305,6 +304,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -325,8 +326,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -381,8 +380,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -411,8 +408,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in
index 86aca5ff9..a4979b679 100644
--- a/src/_updown/Makefile.in
+++ b/src/_updown/Makefile.in
@@ -257,7 +257,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -283,6 +282,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -303,8 +304,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -359,8 +358,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -389,8 +386,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in
index 7986a1d09..1ef4d4f94 100644
--- a/src/aikgen/Makefile.in
+++ b/src/aikgen/Makefile.in
@@ -280,7 +280,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -306,6 +305,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -326,8 +327,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -382,8 +381,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -412,8 +409,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in
index b9fe0b7f6..20984c4ad 100644
--- a/src/charon-cmd/Makefile.in
+++ b/src/charon-cmd/Makefile.in
@@ -317,7 +317,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -343,6 +342,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -363,8 +364,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -419,8 +418,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -449,8 +446,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in
index 3cff97e7c..f5258ccf7 100644
--- a/src/charon-nm/Makefile.in
+++ b/src/charon-nm/Makefile.in
@@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -342,6 +341,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -362,8 +363,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -418,8 +417,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -448,8 +445,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c
index a12f008a7..fb9044d29 100644
--- a/src/charon-nm/nm/nm_service.c
+++ b/src/charon-nm/nm/nm_service.c
@@ -698,7 +698,7 @@ static gboolean need_secrets(NMVpnServicePlugin *plugin, NMConnection *connectio
/* try to load/decrypt the private key */
key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
- KEY_RSA, BUILD_FROM_FILE, path, BUILD_END);
+ KEY_ANY, BUILD_FROM_FILE, path, BUILD_END);
if (key)
{
key->destroy(key);
diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in
index 8da578457..27a006b8a 100644
--- a/src/charon-svc/Makefile.in
+++ b/src/charon-svc/Makefile.in
@@ -280,7 +280,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -306,6 +305,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -326,8 +327,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -382,8 +381,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -412,8 +409,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in
index f28204b33..35ae48d3a 100644
--- a/src/charon-systemd/Makefile.in
+++ b/src/charon-systemd/Makefile.in
@@ -284,7 +284,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -310,6 +309,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -330,8 +331,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -386,8 +385,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -416,8 +413,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/charon-systemd/charon-systemd.c b/src/charon-systemd/charon-systemd.c
index 5a1970b92..d06c26974 100644
--- a/src/charon-systemd/charon-systemd.c
+++ b/src/charon-systemd/charon-systemd.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2012 Tobias Brunner
+ * Copyright (C) 2006-2018 Tobias Brunner
* Copyright (C) 2005-2014 Martin Willi
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
@@ -79,9 +79,9 @@ typedef struct journal_logger_t journal_logger_t;
struct journal_logger_t {
/**
- * Implements logger_t
+ * Public interface
*/
- logger_t logger;
+ custom_logger_t public;
/**
* Configured loglevels
@@ -171,66 +171,37 @@ METHOD(logger_t, get_level, level_t,
return level;
}
-/**
- * Reload journal logger configuration
- */
-CALLBACK(journal_reload, bool,
- journal_logger_t **journal)
+METHOD(custom_logger_t, set_level, void,
+ journal_logger_t *this, debug_t group, level_t level)
{
- journal_logger_t *this = *journal;
- debug_t group;
- level_t def;
-
- def = lib->settings->get_int(lib->settings, "%s.journal.default", 1, lib->ns);
-
this->lock->write_lock(this->lock);
- for (group = 0; group < DBG_MAX; group++)
- {
- this->levels[group] =
- lib->settings->get_int(lib->settings,
- "%s.journal.%N", def, lib->ns, debug_lower_names, group);
- }
+ this->levels[group] = level;
this->lock->unlock(this->lock);
+}
- charon->bus->add_logger(charon->bus, &this->logger);
-
- return TRUE;
+METHOD(custom_logger_t, logger_destroy, void,
+ journal_logger_t *this)
+{
+ this->lock->destroy(this->lock);
+ free(this);
}
-/**
- * Initialize/deinitialize journal logger
- */
-static bool journal_register(void *plugin, plugin_feature_t *feature,
- bool reg, journal_logger_t **logger)
+static custom_logger_t *journal_logger_create(const char *name)
{
journal_logger_t *this;
- if (reg)
- {
- INIT(this,
+ INIT(this,
+ .public = {
.logger = {
.vlog = _vlog,
.get_level = _get_level,
},
- .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
- );
-
- journal_reload(&this);
-
- *logger = this;
- return TRUE;
- }
- else
- {
- this = *logger;
-
- charon->bus->remove_logger(charon->bus, &this->logger);
-
- this->lock->destroy(this->lock);
- free(this);
-
- return TRUE;
- }
+ .set_level = _set_level,
+ .destroy = _logger_destroy,
+ },
+ .lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
+ );
+ return &this->public;
}
/**
@@ -328,19 +299,6 @@ static void segv_handler(int signal)
}
/**
- * The journal logger instance
- */
-static journal_logger_t *journal;
-
-/**
- * Journal static features
- */
-static plugin_feature_t features[] = {
- PLUGIN_CALLBACK((plugin_feature_callback_t)journal_register, &journal),
- PLUGIN_PROVIDE(CUSTOM, "systemd-journal"),
-};
-
-/**
* Add namespace alias
*/
static void __attribute__ ((constructor))register_namespace()
@@ -350,6 +308,14 @@ static void __attribute__ ((constructor))register_namespace()
}
/**
+ * Register journal logger
+ */
+static void __attribute__ ((constructor))register_logger()
+{
+ register_custom_logger("journal", journal_logger_create);
+}
+
+/**
* Main function, starts the daemon.
*/
int main(int argc, char *argv[])
@@ -390,10 +356,15 @@ int main(int argc, char *argv[])
sd_notifyf(0, "STATUS=unknown uid/gid");
return SS_RC_INITIALIZATION_FAILED;
}
- charon->load_loggers(charon);
+ /* we registered the journal logger as custom logger, which gets its
+ * settings from <ns>.customlog.journal, let it fallback to <ns>.journal */
+ lib->settings->add_fallback(lib->settings, "%s.customlog.journal",
+ "%s.journal", lib->ns);
+ /* load the journal logger by default */
+ lib->settings->set_default_str(lib->settings, "%s.journal.default", "1",
+ lib->ns);
- lib->plugins->add_static_features(lib->plugins, lib->ns, features,
- countof(features), TRUE, journal_reload, &journal);
+ charon->load_loggers(charon);
if (!charon->initialize(charon,
lib->settings->get_str(lib->settings, "%s.load", PLUGINS, lib->ns)))
diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in
index c2762f031..bb6bde8d9 100644
--- a/src/charon-tkm/Makefile.in
+++ b/src/charon-tkm/Makefile.in
@@ -227,7 +227,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -253,6 +252,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -273,8 +274,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -329,8 +328,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -359,8 +356,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c
index 71ad821dd..1107c2219 100644
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@@ -385,8 +385,8 @@ METHOD(keymat_t, get_aead, aead_t*,
METHOD(keymat_v2_t, get_auth_octets, bool,
private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init,
- chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets,
- array_t *schemes)
+ chunk_t nonce, chunk_t ppk, identification_t *id, char reserved[3],
+ chunk_t *octets, array_t *schemes)
{
sign_info_t *sign;
@@ -428,7 +428,8 @@ METHOD(keymat_v2_t, get_skd, pseudo_random_function_t,
METHOD(keymat_v2_t, get_psk_sig, bool,
private_tkm_keymat_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce,
- chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig)
+ chunk_t secret, chunk_t ppk, identification_t *id, char reserved[3],
+ chunk_t *sig)
{
return FALSE;
}
@@ -522,6 +523,7 @@ tkm_keymat_t *tkm_keymat_create(bool initiator)
.destroy = _destroy,
},
.derive_ike_keys = _derive_ike_keys,
+ .derive_ike_keys_ppk = (void*)return_false,
.derive_child_keys = _derive_child_keys,
.get_skd = _get_skd,
.get_auth_octets = _get_auth_octets,
diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in
index 14bde277c..b631742cc 100644
--- a/src/charon/Makefile.in
+++ b/src/charon/Makefile.in
@@ -283,7 +283,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -309,6 +308,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -329,8 +330,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -385,8 +384,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -415,8 +412,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/charon/charon.c b/src/charon/charon.c
index 180486746..19f6c4cf7 100644
--- a/src/charon/charon.c
+++ b/src/charon/charon.c
@@ -231,15 +231,24 @@ static bool check_pidfile()
DBG1(DBG_LIB, "setting FD_CLOEXEC for '"PID_FILE"' failed: %s",
strerror(errno));
}
- /* Only fchown() the pidfile if we have CAP_CHOWN. Otherwise,
- * directory permissions should allow pidfile to be accessed
- * by the UID/GID under which the charon daemon will run. */
+ /* Only change owner of the pidfile if we have CAP_CHOWN. Otherwise,
+ * attempt to change group of pidfile to group under which charon
+ * runs after dropping caps. This requires the user that charon
+ * starts as to:
+ * a) Have write access to the socket dir.
+ * b) Belong to the group that charon will run under after dropping
+ * caps. */
if (lib->caps->check(lib->caps, CAP_CHOWN))
{
ignore_result(fchown(fd,
lib->caps->get_uid(lib->caps),
lib->caps->get_gid(lib->caps)));
}
+ else
+ {
+ ignore_result(fchown(fd, -1,
+ lib->caps->get_gid(lib->caps)));
+ }
fprintf(pidfile, "%d\n", getpid());
fflush(pidfile);
return FALSE;
diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in
index f46302994..a262ba087 100644
--- a/src/checksum/Makefile.in
+++ b/src/checksum/Makefile.in
@@ -355,7 +355,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -381,6 +380,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -401,8 +402,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -457,8 +456,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -487,8 +484,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in
index 1ea430c63..a831eb6ee 100644
--- a/src/conftest/Makefile.in
+++ b/src/conftest/Makefile.in
@@ -297,7 +297,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -323,6 +322,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -343,8 +344,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -399,8 +398,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -429,8 +426,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/conftest/README b/src/conftest/README
index d37539a16..404b2d1e5 100644
--- a/src/conftest/README
+++ b/src/conftest/README
@@ -100,7 +100,7 @@ The IKE_SA configuration uses the following options (as key/value pairs):
scenario
rsa_strength: Connection requires a trustchain with RSA keys of given bits
ecdsa_strength: Connection requires a trustchain with ECDSA keys of given bits
- cert_policy: Connection requries a certificate with the given OID policy
+ cert_policy: Connection requires a certificate with the given OID policy
named_pool: Name of an IP pool defined e.g. in a database backend
The following CHILD_SA specific configuration options are supported:
diff --git a/src/conftest/hooks/pretend_auth.c b/src/conftest/hooks/pretend_auth.c
index 4be6f45db..5a86c5392 100644
--- a/src/conftest/hooks/pretend_auth.c
+++ b/src/conftest/hooks/pretend_auth.c
@@ -237,8 +237,8 @@ static bool build_auth(private_pretend_auth_t *this,
return FALSE;
}
keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
- if (!keymat->get_auth_octets(keymat, TRUE, this->ike_init,
- this->nonce, this->id, this->reserved,
+ if (!keymat->get_auth_octets(keymat, TRUE, this->ike_init, this->nonce,
+ chunk_empty, this->id, this->reserved,
&octets, NULL))
{
private->destroy(private);
diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c
index bc20292a1..5676e307b 100644
--- a/src/conftest/hooks/rebuild_auth.c
+++ b/src/conftest/hooks/rebuild_auth.c
@@ -136,8 +136,8 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa,
return FALSE;
}
keymat = (keymat_v2_t*)ike_sa->get_keymat(ike_sa);
- if (!keymat->get_auth_octets(keymat, FALSE, this->ike_init,
- this->nonce, id, reserved, &octets, NULL))
+ if (!keymat->get_auth_octets(keymat, FALSE, this->ike_init, this->nonce,
+ chunk_empty, id, reserved, &octets, NULL))
{
private->destroy(private);
id->destroy(id);
diff --git a/src/dumm/Makefile.am b/src/dumm/Makefile.am
deleted file mode 100644
index 0d1cfb704..000000000
--- a/src/dumm/Makefile.am
+++ /dev/null
@@ -1,34 +0,0 @@
-EXTRA_DIST = ext/dumm.c ext/README \
- ext/lib/dumm.rb ext/lib/dumm/guest.rb
-
-ipseclib_LTLIBRARIES = libdumm.la
-ipsec_PROGRAMS = dumm irdumm
-
-libdumm_la_SOURCES = dumm.c dumm.h guest.c guest.h iface.c iface.h \
- bridge.c bridge.h mconsole.c mconsole.h cowfs.h cowfs.c
-dumm_SOURCES = main.c
-irdumm_SOURCES = irdumm.c
-
-libdumm_la_LIBADD = -lbridge -lfuse -lutil $(top_builddir)/src/libstrongswan/libstrongswan.la
-dumm_LDADD = libdumm.la ${gtk_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la
-irdumm_LDADD = libdumm.la ${ruby_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la
-
-AM_CPPFLAGS = \
- -D_FILE_OFFSET_BITS=64 \
- -I$(top_srcdir)/src/libstrongswan
-
-dumm_CFLAGS = ${gtk_CFLAGS}
-irdumm_CFLAGS = ${ruby_CFLAGS}
-
-all-local: ext
-
-clean-local:
- (test -f ext/Makefile && cd ext && $(MAKE) clean && rm Makefile || true)
-
-install-data-local:
- (test -f ext/Makefile && cd ext && $(MAKE) install)
-
-ext: libdumm.la
- (cd ext && $(RUBY) extconf.rb && $(MAKE))
-
-.PHONY: ext
diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in
deleted file mode 100644
index 50b0abb64..000000000
--- a/src/dumm/Makefile.in
+++ /dev/null
@@ -1,914 +0,0 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-ipsec_PROGRAMS = dumm$(EXEEXT) irdumm$(EXEEXT)
-subdir = src/dumm
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
- $(top_srcdir)/m4/config/ltoptions.m4 \
- $(top_srcdir)/m4/config/ltsugar.m4 \
- $(top_srcdir)/m4/config/ltversion.m4 \
- $(top_srcdir)/m4/config/lt~obsolete.m4 \
- $(top_srcdir)/m4/macros/split-package-version.m4 \
- $(top_srcdir)/m4/macros/with.m4 \
- $(top_srcdir)/m4/macros/enable-disable.m4 \
- $(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)"
-LTLIBRARIES = $(ipseclib_LTLIBRARIES)
-libdumm_la_DEPENDENCIES = \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-am_libdumm_la_OBJECTS = dumm.lo guest.lo iface.lo bridge.lo \
- mconsole.lo cowfs.lo
-libdumm_la_OBJECTS = $(am_libdumm_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-PROGRAMS = $(ipsec_PROGRAMS)
-am_dumm_OBJECTS = dumm-main.$(OBJEXT)
-dumm_OBJECTS = $(am_dumm_OBJECTS)
-am__DEPENDENCIES_1 =
-dumm_DEPENDENCIES = libdumm.la $(am__DEPENDENCIES_1) \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-dumm_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(dumm_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-am_irdumm_OBJECTS = irdumm-irdumm.$(OBJEXT)
-irdumm_OBJECTS = $(am_irdumm_OBJECTS)
-irdumm_DEPENDENCIES = libdumm.la $(am__DEPENDENCIES_1) \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-irdumm_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(irdumm_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(libdumm_la_SOURCES) $(dumm_SOURCES) $(irdumm_SOURCES)
-DIST_SOURCES = $(libdumm_la_SOURCES) $(dumm_SOURCES) $(irdumm_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-ATOMICLIB = @ATOMICLIB@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BFDLIB = @BFDLIB@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
-COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-EASY_INSTALL = @EASY_INSTALL@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
-GEM = @GEM@
-GENHTML = @GENHTML@
-GPERF = @GPERF@
-GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
-GPRBUILD = @GPRBUILD@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LCOV = @LCOV@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_LIB = @OPENSSL_LIB@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
-PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
-PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
-PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
-PTHREADLIB = @PTHREADLIB@
-PYTHON = @PYTHON@
-PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-PY_TEST = @PY_TEST@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYGEMDIR = @RUBYGEMDIR@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-UNWINDLIB = @UNWINDLIB@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-aikgen_plugins = @aikgen_plugins@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-attest_plugins = @attest_plugins@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-c_plugins = @c_plugins@
-charon_natt_port = @charon_natt_port@
-charon_plugins = @charon_plugins@
-charon_udp_port = @charon_udp_port@
-clearsilver_LIBS = @clearsilver_LIBS@
-cmd_plugins = @cmd_plugins@
-datadir = @datadir@
-datarootdir = @datarootdir@
-dev_headers = @dev_headers@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fips_mode = @fips_mode@
-fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-imcvdir = @imcvdir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsec_script = @ipsec_script@
-ipsec_script_upper = @ipsec_script_upper@
-ipsecdir = @ipsecdir@
-ipsecgroup = @ipsecgroup@
-ipseclibdir = @ipseclibdir@
-ipsecuser = @ipsecuser@
-json_CFLAGS = @json_CFLAGS@
-json_LIBS = @json_LIBS@
-libdir = @libdir@
-libexecdir = @libexecdir@
-libfuzzer = @libfuzzer@
-libiptc_CFLAGS = @libiptc_CFLAGS@
-libiptc_LIBS = @libiptc_LIBS@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-manager_plugins = @manager_plugins@
-mandir = @mandir@
-medsrv_plugins = @medsrv_plugins@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-nm_plugins = @nm_plugins@
-oldincludedir = @oldincludedir@
-p_plugins = @p_plugins@
-pcsclite_CFLAGS = @pcsclite_CFLAGS@
-pcsclite_LIBS = @pcsclite_LIBS@
-pdfdir = @pdfdir@
-piddir = @piddir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-pki_plugins = @pki_plugins@
-plugindir = @plugindir@
-pool_plugins = @pool_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
-runstatedir = @runstatedir@
-s_plugins = @s_plugins@
-sbindir = @sbindir@
-scepclient_plugins = @scepclient_plugins@
-scripts_plugins = @scripts_plugins@
-sharedstatedir = @sharedstatedir@
-soup_CFLAGS = @soup_CFLAGS@
-soup_LIBS = @soup_LIBS@
-srcdir = @srcdir@
-starter_plugins = @starter_plugins@
-strongswan_conf = @strongswan_conf@
-strongswan_options = @strongswan_options@
-swanctldir = @swanctldir@
-sysconfdir = @sysconfdir@
-systemd_CFLAGS = @systemd_CFLAGS@
-systemd_LIBS = @systemd_LIBS@
-systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
-systemd_daemon_LIBS = @systemd_daemon_LIBS@
-systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
-systemd_journal_LIBS = @systemd_journal_LIBS@
-systemdsystemunitdir = @systemdsystemunitdir@
-t_plugins = @t_plugins@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-tss2_CFLAGS = @tss2_CFLAGS@
-tss2_LIBS = @tss2_LIBS@
-tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
-tss2_socket_LIBS = @tss2_socket_LIBS@
-tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
-tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-EXTRA_DIST = ext/dumm.c ext/README \
- ext/lib/dumm.rb ext/lib/dumm/guest.rb
-
-ipseclib_LTLIBRARIES = libdumm.la
-libdumm_la_SOURCES = dumm.c dumm.h guest.c guest.h iface.c iface.h \
- bridge.c bridge.h mconsole.c mconsole.h cowfs.h cowfs.c
-
-dumm_SOURCES = main.c
-irdumm_SOURCES = irdumm.c
-libdumm_la_LIBADD = -lbridge -lfuse -lutil $(top_builddir)/src/libstrongswan/libstrongswan.la
-dumm_LDADD = libdumm.la ${gtk_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la
-irdumm_LDADD = libdumm.la ${ruby_LIBS} $(top_builddir)/src/libstrongswan/libstrongswan.la
-AM_CPPFLAGS = \
- -D_FILE_OFFSET_BITS=64 \
- -I$(top_srcdir)/src/libstrongswan
-
-dumm_CFLAGS = ${gtk_CFLAGS}
-irdumm_CFLAGS = ${ruby_CFLAGS}
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/dumm/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/dumm/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-install-ipseclibLTLIBRARIES: $(ipseclib_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(ipseclibdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(ipseclibdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(ipseclibdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(ipseclibdir)"; \
- }
-
-uninstall-ipseclibLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(ipseclibdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(ipseclibdir)/$$f"; \
- done
-
-clean-ipseclibLTLIBRARIES:
- -test -z "$(ipseclib_LTLIBRARIES)" || rm -f $(ipseclib_LTLIBRARIES)
- @list='$(ipseclib_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-libdumm.la: $(libdumm_la_OBJECTS) $(libdumm_la_DEPENDENCIES) $(EXTRA_libdumm_la_DEPENDENCIES)
- $(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libdumm_la_OBJECTS) $(libdumm_la_LIBADD) $(LIBS)
-install-ipsecPROGRAMS: $(ipsec_PROGRAMS)
- @$(NORMAL_INSTALL)
- @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(ipsecdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(ipsecdir)" || exit 1; \
- fi; \
- for p in $$list; do echo "$$p $$p"; done | \
- sed 's/$(EXEEXT)$$//' | \
- while read p p1; do if test -f $$p \
- || test -f $$p1 \
- ; then echo "$$p"; echo "$$p"; else :; fi; \
- done | \
- sed -e 'p;s,.*/,,;n;h' \
- -e 's|.*|.|' \
- -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
- sed 'N;N;N;s,\n, ,g' | \
- $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
- { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
- if ($$2 == $$4) files[d] = files[d] " " $$1; \
- else { print "f", $$3 "/" $$4, $$1; } } \
- END { for (d in files) print "f", d, files[d] }' | \
- while read type dir files; do \
- if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
- test -z "$$files" || { \
- echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(ipsecdir)$$dir'"; \
- $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(ipsecdir)$$dir" || exit $$?; \
- } \
- ; done
-
-uninstall-ipsecPROGRAMS:
- @$(NORMAL_UNINSTALL)
- @list='$(ipsec_PROGRAMS)'; test -n "$(ipsecdir)" || list=; \
- files=`for p in $$list; do echo "$$p"; done | \
- sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
- -e 's/$$/$(EXEEXT)/' \
- `; \
- test -n "$$list" || exit 0; \
- echo " ( cd '$(DESTDIR)$(ipsecdir)' && rm -f" $$files ")"; \
- cd "$(DESTDIR)$(ipsecdir)" && rm -f $$files
-
-clean-ipsecPROGRAMS:
- @list='$(ipsec_PROGRAMS)'; test -n "$$list" || exit 0; \
- echo " rm -f" $$list; \
- rm -f $$list || exit $$?; \
- test -n "$(EXEEXT)" || exit 0; \
- list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
- echo " rm -f" $$list; \
- rm -f $$list
-
-dumm$(EXEEXT): $(dumm_OBJECTS) $(dumm_DEPENDENCIES) $(EXTRA_dumm_DEPENDENCIES)
- @rm -f dumm$(EXEEXT)
- $(AM_V_CCLD)$(dumm_LINK) $(dumm_OBJECTS) $(dumm_LDADD) $(LIBS)
-
-irdumm$(EXEEXT): $(irdumm_OBJECTS) $(irdumm_DEPENDENCIES) $(EXTRA_irdumm_DEPENDENCIES)
- @rm -f irdumm$(EXEEXT)
- $(AM_V_CCLD)$(irdumm_LINK) $(irdumm_OBJECTS) $(irdumm_LDADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bridge.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cowfs.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dumm-main.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dumm.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/guest.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iface.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/irdumm-irdumm.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mconsole.Plo@am__quote@
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-dumm-main.o: main.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -MT dumm-main.o -MD -MP -MF $(DEPDIR)/dumm-main.Tpo -c -o dumm-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/dumm-main.Tpo $(DEPDIR)/dumm-main.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='dumm-main.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -c -o dumm-main.o `test -f 'main.c' || echo '$(srcdir)/'`main.c
-
-dumm-main.obj: main.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -MT dumm-main.obj -MD -MP -MF $(DEPDIR)/dumm-main.Tpo -c -o dumm-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/dumm-main.Tpo $(DEPDIR)/dumm-main.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='main.c' object='dumm-main.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dumm_CFLAGS) $(CFLAGS) -c -o dumm-main.obj `if test -f 'main.c'; then $(CYGPATH_W) 'main.c'; else $(CYGPATH_W) '$(srcdir)/main.c'; fi`
-
-irdumm-irdumm.o: irdumm.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -MT irdumm-irdumm.o -MD -MP -MF $(DEPDIR)/irdumm-irdumm.Tpo -c -o irdumm-irdumm.o `test -f 'irdumm.c' || echo '$(srcdir)/'`irdumm.c
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/irdumm-irdumm.Tpo $(DEPDIR)/irdumm-irdumm.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='irdumm.c' object='irdumm-irdumm.o' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -c -o irdumm-irdumm.o `test -f 'irdumm.c' || echo '$(srcdir)/'`irdumm.c
-
-irdumm-irdumm.obj: irdumm.c
-@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -MT irdumm-irdumm.obj -MD -MP -MF $(DEPDIR)/irdumm-irdumm.Tpo -c -o irdumm-irdumm.obj `if test -f 'irdumm.c'; then $(CYGPATH_W) 'irdumm.c'; else $(CYGPATH_W) '$(srcdir)/irdumm.c'; fi`
-@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/irdumm-irdumm.Tpo $(DEPDIR)/irdumm-irdumm.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='irdumm.c' object='irdumm-irdumm.obj' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(irdumm_CFLAGS) $(CFLAGS) -c -o irdumm-irdumm.obj `if test -f 'irdumm.c'; then $(CYGPATH_W) 'irdumm.c'; else $(CYGPATH_W) '$(srcdir)/irdumm.c'; fi`
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) all-local
-installdirs:
- for dir in "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-ipsecPROGRAMS clean-ipseclibLTLIBRARIES \
- clean-libtool clean-local mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-data-local install-ipsecPROGRAMS \
- install-ipseclibLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-ipsecPROGRAMS uninstall-ipseclibLTLIBRARIES
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am all-local check check-am clean \
- clean-generic clean-ipsecPROGRAMS clean-ipseclibLTLIBRARIES \
- clean-libtool clean-local cscopelist-am ctags ctags-am \
- distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-data-local install-dvi install-dvi-am \
- install-exec install-exec-am install-html install-html-am \
- install-info install-info-am install-ipsecPROGRAMS \
- install-ipseclibLTLIBRARIES install-man install-pdf \
- install-pdf-am install-ps install-ps-am install-strip \
- installcheck installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS \
- uninstall-ipseclibLTLIBRARIES
-
-.PRECIOUS: Makefile
-
-
-all-local: ext
-
-clean-local:
- (test -f ext/Makefile && cd ext && $(MAKE) clean && rm Makefile || true)
-
-install-data-local:
- (test -f ext/Makefile && cd ext && $(MAKE) install)
-
-ext: libdumm.la
- (cd ext && $(RUBY) extconf.rb && $(MAKE))
-
-.PHONY: ext
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/dumm/bridge.c b/src/dumm/bridge.c
deleted file mode 100644
index 536e27515..000000000
--- a/src/dumm/bridge.c
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <libbridge.h>
-
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-#include "bridge.h"
-
-typedef struct private_bridge_t private_bridge_t;
-
-struct private_bridge_t {
- /** public interface */
- bridge_t public;
- /** device name */
- char *name;
- /** list of attached interfaces */
- linked_list_t *ifaces;
-};
-
-/**
- * defined in iface.c
- */
-bool iface_control(char *name, bool up);
-
-METHOD(bridge_t, get_name, char*,
- private_bridge_t *this)
-{
- return this->name;
-}
-
-METHOD(bridge_t, create_iface_enumerator, enumerator_t*,
- private_bridge_t *this)
-{
- return this->ifaces->create_enumerator(this->ifaces);
-}
-
-METHOD(bridge_t, disconnect_iface, bool,
- private_bridge_t *this, iface_t *iface)
-{
- enumerator_t *enumerator;
- iface_t *current = NULL;
- bool good = FALSE;
-
- enumerator = this->ifaces->create_enumerator(this->ifaces);
- while (enumerator->enumerate(enumerator, (void**)&current))
- {
- if (current == iface)
- {
- if (br_del_interface(this->name, iface->get_hostif(iface)) != 0)
- {
- DBG1(DBG_LIB, "removing iface '%s' from bridge '%s' in kernel"
- " failed: %m", iface->get_hostif(iface), this->name);
- }
- else
- {
- iface->set_bridge(iface, NULL);
- this->ifaces->remove_at(this->ifaces, enumerator);
- good = TRUE;
- }
- break;
- }
- }
- if (iface != current)
- {
- DBG1(DBG_LIB, "iface '%s' not found on bridge '%s'",
- iface->get_hostif(iface), this->name);
- }
- enumerator->destroy(enumerator);
- return good;
-}
-
-METHOD(bridge_t, connect_iface, bool,
- private_bridge_t *this, iface_t *iface)
-{
- if (br_add_interface(this->name, iface->get_hostif(iface)) != 0)
- {
- DBG1(DBG_LIB, "adding iface '%s' to bridge '%s' failed: %m",
- iface->get_hostif(iface), this->name);
- return FALSE;
- }
- iface->set_bridge(iface, &this->public);
- this->ifaces->insert_last(this->ifaces, iface);
- return TRUE;
-}
-
-/**
- * instance counter to (de-)initialize libbridge
- */
-static int instances = 0;
-
-METHOD(bridge_t, destroy, void,
- private_bridge_t *this)
-{
- enumerator_t *enumerator;
- iface_t *iface;
-
- enumerator = this->ifaces->create_enumerator(this->ifaces);
- while (enumerator->enumerate(enumerator, (void**)&iface))
- {
- if (br_del_interface(this->name, iface->get_hostif(iface)) != 0)
- {
- DBG1(DBG_LIB, "disconnecting iface '%s' failed: %m",
- iface->get_hostif(iface));
- }
- iface->set_bridge(iface, NULL);
- }
- enumerator->destroy(enumerator);
- this->ifaces->destroy(this->ifaces);
- iface_control(this->name, FALSE);
- if (br_del_bridge(this->name) != 0)
- {
- DBG1(DBG_LIB, "deleting bridge '%s' from kernel failed: %m",
- this->name);
- }
- free(this->name);
- free(this);
- if (--instances == 0)
- {
- br_shutdown();
- }
-}
-
-/**
- * create the bridge instance
- */
-bridge_t *bridge_create(char *name)
-{
- private_bridge_t *this;
-
- if (instances == 0)
- {
- if (br_init() != 0)
- {
- DBG1(DBG_LIB, "libbridge initialization failed: %m");
- return NULL;
- }
- }
-
- INIT(this,
- .public = {
- .get_name = _get_name,
- .create_iface_enumerator = _create_iface_enumerator,
- .disconnect_iface = _disconnect_iface,
- .connect_iface = _connect_iface,
- .destroy = _destroy,
- }
- );
-
- if (br_add_bridge(name) != 0)
- {
- DBG1(DBG_LIB, "creating bridge '%s' failed: %m", name);
- free(this);
- return NULL;
- }
- if (!iface_control(name, TRUE))
- {
- DBG1(DBG_LIB, "bringing bridge '%s' up failed: %m", name);
- }
-
- this->name = strdup(name);
- this->ifaces = linked_list_create();
-
- instances++;
- return &this->public;
-}
diff --git a/src/dumm/bridge.h b/src/dumm/bridge.h
deleted file mode 100644
index 5069cfd1b..000000000
--- a/src/dumm/bridge.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef BRIDGE_H
-#define BRIDGE_H
-
-#include <library.h>
-#include <collections/enumerator.h>
-
-typedef struct bridge_t bridge_t;
-
-#include "iface.h"
-
-/**
- * Interface in a guest, connected to a tap device on the host.
- */
-struct bridge_t {
-
- /**
- * Get the name of the bridge.
- *
- * @return name of the bridge
- */
- char* (*get_name)(bridge_t *this);
-
- /**
- * Add an interface to a bridge.
- *
- * @param iface interface to add
- * @return TRUE if interface added
- */
- bool (*connect_iface)(bridge_t *this, iface_t *iface);
-
- /**
- * Remove an interface from a bridge.
- *
- * @param iface interface to remove
- * @return TRUE if interface removed
- */
- bool (*disconnect_iface)(bridge_t *this, iface_t *iface);
-
- /**
- * Create an enumerator over all interfaces.
- *
- * @return enumerator over iface_t's
- */
- enumerator_t* (*create_iface_enumerator)(bridge_t *this);
-
- /**
- * Destroy a bridge
- */
- void (*destroy) (bridge_t *this);
-};
-
-/**
- * Create a new bridge.
- *
- * @param name name of the bridge to create
- * @return bridge, NULL if failed
- */
-bridge_t *bridge_create(char *name);
-
-#endif /* BRIDGE_H */
-
diff --git a/src/dumm/cowfs.c b/src/dumm/cowfs.c
deleted file mode 100644
index ac581fed1..000000000
--- a/src/dumm/cowfs.c
+++ /dev/null
@@ -1,980 +0,0 @@
-/*
- * Copyright (C) 2009 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- * Copyright (C) 2001-2007 Miklos Szeredi
- *
- * Based on example shipped with FUSE.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-
-#define FUSE_USE_VERSION 26
-#define _GNU_SOURCE
-
-#include <fuse.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <dirent.h>
-#include <errno.h>
-#include <sys/time.h>
-
-#include "cowfs.h"
-
-#include <library.h>
-#include <utils/debug.h>
-#include <threading/thread.h>
-#include <threading/rwlock.h>
-#include <collections/linked_list.h>
-
-/** define _XOPEN_SOURCE 500 fails when using libstrongswan, define popen */
-extern ssize_t pread(int fd, void *buf, size_t count, off_t offset);
-extern ssize_t pwrite(int fd, const void *buf, size_t count, off_t offset);
-
-typedef struct private_cowfs_t private_cowfs_t;
-
-struct private_cowfs_t {
- /** public cowfs interface */
- cowfs_t public;
- /** fuse channel to mountpoint */
- struct fuse_chan *chan;
- /** fuse handle */
- struct fuse *fuse;
- /** mountpoint of cowfs FUSE */
- char *mount;
- /** master filesystem path */
- char *master;
- /** host filesystem path */
- char *host;
- /** overlay filesystems */
- linked_list_t *overlays;
- /** lock for overlays */
- rwlock_t *lock;
- /** fd of read only master filesystem */
- int master_fd;
- /** copy on write overlay to master */
- int host_fd;
- /** thread processing FUSE */
- thread_t *thread;
-};
-
-typedef struct overlay_t overlay_t;
-
-/**
- * data for overlay filesystems
- */
-struct overlay_t {
- /** path to overlay */
- char *path;
- /** overlay fd */
- int fd;
-};
-
-/**
- * destroy an overlay
- */
-static void overlay_destroy(overlay_t *this)
-{
- close(this->fd);
- free(this->path);
- free(this);
-}
-
-CALLBACK(overlay_equals, bool,
- overlay_t *this, va_list args)
-{
- overlay_t *other;
-
- VA_ARGS_VGET(args, other);
- return streq(this->path, other->path);
-}
-
-/**
- * remove and destroy the overlay with the given absolute path.
- * returns FALSE, if not found.
- */
-static bool overlay_remove(private_cowfs_t *this, char *path)
-{
- overlay_t over, *current;
- over.path = path;
- if (!this->overlays->find_first(this->overlays, overlay_equals,
- (void**)&current, &over))
- {
- return FALSE;
- }
- this->overlays->remove(this->overlays, current, NULL);
- overlay_destroy(current);
- return TRUE;
-}
-
-/**
- * get this pointer stored in fuse context
- */
-static private_cowfs_t *get_this()
-{
- return (fuse_get_context())->private_data;
-}
-
-/**
- * make a path relative
- */
-static void rel(const char **path)
-{
- if (**path == '/')
- {
- (*path)++;
- }
- if (**path == '\0')
- {
- *path = ".";
- }
-}
-
-/**
- * get the highest overlay in which path exists
- */
-static int get_rd(const char *path)
-{
- overlay_t *over;
- enumerator_t *enumerator;
- private_cowfs_t *this = get_this();
-
- this->lock->read_lock(this->lock);
- enumerator = this->overlays->create_enumerator(this->overlays);
- while (enumerator->enumerate(enumerator, (void**)&over))
- {
- if (faccessat(over->fd, path, F_OK, 0) == 0)
- {
- int fd = over->fd;
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
- return fd;
- }
- }
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
-
- if (faccessat(this->host_fd, path, F_OK, 0) == 0)
- {
- return this->host_fd;
- }
- return this->master_fd;
-}
-
-/**
- * get the highest overlay available, to write something
- */
-static int get_wr(const char *path)
-{
- overlay_t *over;
- private_cowfs_t *this = get_this();
- int fd = this->host_fd;
- this->lock->read_lock(this->lock);
- if (this->overlays->get_first(this->overlays, (void**)&over) == SUCCESS)
- {
- fd = over->fd;
- }
- this->lock->unlock(this->lock);
- return fd;
-}
-
-/**
- * create full "path" at "wr" the same way they exist at "rd"
- */
-static bool clone_path(int rd, int wr, const char *path)
-{
- char *pos, *full;
- struct stat st;
- full = strdupa(path);
- pos = full;
-
- while ((pos = strchr(pos, '/')))
- {
- *pos = '\0';
- if (fstatat(wr, full, &st, 0) < 0)
- {
- /* TODO: handle symlinks!? */
- if (fstatat(rd, full, &st, 0) < 0)
- {
- return FALSE;
- }
- if (mkdirat(wr, full, st.st_mode) < 0)
- {
- return FALSE;
- }
- }
- *pos = '/';
- pos++;
- }
- return TRUE;
-}
-
-/**
- * copy a (special) file from a readonly to a read-write overlay
- */
-static int copy(const char *path)
-{
- char *buf[4096];
- int len;
- int rd, wr;
- int from, to;
- struct stat st;
-
- rd = get_rd(path);
- wr = get_wr(path);
-
- if (rd == wr)
- {
- /* already writeable */
- return wr;
- }
- if (fstatat(rd, path, &st, 0) < 0)
- {
- return -1;
- }
- if (!clone_path(rd, wr, path))
- {
- return -1;
- }
- if (mknodat(wr, path, st.st_mode, st.st_rdev) < 0)
- {
- return -1;
- }
- /* copy if no special file */
- if (st.st_size)
- {
- from = openat(rd, path, O_RDONLY, st.st_mode);
- if (from < 0)
- {
- return -1;
- }
- to = openat(wr, path, O_WRONLY , st.st_mode);
- if (to < 0)
- {
- close(from);
- return -1;
- }
- while ((len = read(from, buf, sizeof(buf))) > 0)
- {
- if (write(to, buf, len) < len)
- {
- /* TODO: only on len < 0 ? */
- close(from);
- close(to);
- return -1;
- }
- }
- close(from);
- close(to);
- if (len < 0)
- {
- return -1;
- }
- }
- return wr;
-}
-
-/**
- * FUSE getattr method
- */
-static int cowfs_getattr(const char *path, struct stat *stbuf)
-{
- rel(&path);
-
- if (fstatat(get_rd(path), path, stbuf, AT_SYMLINK_NOFOLLOW) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE access method
- */
-static int cowfs_access(const char *path, int mask)
-{
- rel(&path);
-
- if (faccessat(get_rd(path), path, mask, 0) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE readlink method
- */
-static int cowfs_readlink(const char *path, char *buf, size_t size)
-{
- int res;
-
- rel(&path);
-
- res = readlinkat(get_rd(path), path, buf, size - 1);
- if (res < 0)
- {
- return -errno;
- }
- buf[res] = '\0';
- return 0;
-}
-
-/**
- * get a directory stream of two concatenated paths
- */
-static DIR* get_dir(char *dir, const char *subdir)
-{
- char *full;
-
- if (dir == NULL)
- {
- return NULL;
- }
-
- full = alloca(strlen(dir) + strlen(subdir) + 1);
- strcpy(full, dir);
- strcat(full, subdir);
-
- return opendir(full);
-}
-
-/**
- * check if a directory stream contains a directory
- */
-static bool contains_dir(DIR *d, char *dirname)
-{
- struct dirent *ent;
-
- rewinddir(d);
- while ((ent = readdir(d)))
- {
- if (streq(ent->d_name, dirname))
- {
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/**
- * check if one of the higher overlays contains a directory
- */
-static bool overlays_contain_dir(DIR **d, char *dirname)
-{
- for (; *d; ++d)
- {
- if (contains_dir(*d, dirname))
- {
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/**
- * FUSE readdir method
- */
-static int cowfs_readdir(const char *path, void *buf, fuse_fill_dir_t filler,
- off_t offset, struct fuse_file_info *fi)
-{
-#define ADD_DIR(overlay, base, path) ({\
- DIR *dir = get_dir(base, path);\
- if (dir) { *(--overlay) = dir; }\
-})
- private_cowfs_t *this = get_this();
- int count;
- DIR **d, **overlays;
- struct stat st;
- struct dirent *ent;
- overlay_t *over;
- enumerator_t *enumerator;
-
- memset(&st, 0, sizeof(st));
-
- this->lock->read_lock(this->lock);
- /* create a null-terminated array of DIR objects for all overlays (including
- * the master and host layer). the order is from bottom to top */
- count = this->overlays->get_count(this->overlays) + 2;
- overlays = calloc(count + 1, sizeof(DIR*));
- d = &overlays[count];
-
- enumerator = this->overlays->create_enumerator(this->overlays);
- while (enumerator->enumerate(enumerator, (void**)&over))
- {
- ADD_DIR(d, over->path, path);
- }
- enumerator->destroy(enumerator);
- this->lock->unlock(this->lock);
-
- ADD_DIR(d, this->host, path);
- ADD_DIR(d, this->master, path);
-
- for (; *d; ++d)
- {
- rewinddir(*d);
- while((ent = readdir(*d)))
- {
- if (!overlays_contain_dir(d + 1, ent->d_name))
- {
- st.st_ino = ent->d_ino;
- st.st_mode = ent->d_type << 12;
- filler(buf, ent->d_name, &st, 0);
- }
- }
- closedir(*d);
- }
-
- free(overlays);
- return 0;
-}
-
-/**
- * FUSE mknod method
- */
-static int cowfs_mknod(const char *path, mode_t mode, dev_t rdev)
-{
- int fd;
- rel(&path);
-
- fd = get_wr(path);
- if (!clone_path(get_rd(path), fd, path))
- {
- return -errno;
- }
-
- if (mknodat(fd, path, mode, rdev) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE mkdir method
- */
-static int cowfs_mkdir(const char *path, mode_t mode)
-{
- int fd;
- rel(&path);
-
- fd = get_wr(path);
- if (!clone_path(get_rd(path), fd, path))
- {
- return -errno;
- }
- if (mkdirat(fd, path, mode) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE unlink method
- */
-static int cowfs_unlink(const char *path)
-{
- rel(&path);
-
- /* TODO: whiteout master */
- if (unlinkat(get_wr(path), path, 0) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE rmdir method
- */
-static int cowfs_rmdir(const char *path)
-{
- rel(&path);
-
- /* TODO: whiteout master */
- if (unlinkat(get_wr(path), path, AT_REMOVEDIR) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE symlink method
- */
-static int cowfs_symlink(const char *from, const char *to)
-{
- int fd;
- const char *fromrel = from;
-
- rel(&to);
- rel(&fromrel);
-
- fd = get_wr(to);
- if (!clone_path(get_rd(fromrel), fd, fromrel))
- {
- return -errno;
- }
- if (symlinkat(from, fd, to) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE rename method
- */
-static int cowfs_rename(const char *from, const char *to)
-{
- int fd;
-
- rel(&from);
- rel(&to);
-
- fd = copy(from);
- if (fd < 0)
- {
- return -errno;
- }
- if (renameat(fd, from, get_wr(to), to) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE link method
- */
-static int cowfs_link(const char *from, const char *to)
-{
- int rd, wr;
-
- rel(&from);
- rel(&to);
-
- rd = get_rd(from);
- wr = get_wr(to);
-
- if (!clone_path(rd, wr, to))
- {
- DBG1(DBG_LIB, "cloning path '%s' failed", to);
- return -errno;
- }
- if (linkat(rd, from, wr, to, 0) < 0)
- {
- DBG1(DBG_LIB, "linking '%s' to '%s' failed", from, to);
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE chmod method
- */
-static int cowfs_chmod(const char *path, mode_t mode)
-{
- int fd;
- struct stat st;
-
- rel(&path);
- fd = get_rd(path);
- if (fstatat(fd, path, &st, 0) < 0)
- {
- return -errno;
- }
- if (st.st_mode == mode)
- {
- return 0;
- }
- fd = copy(path);
- if (fd < 0)
- {
- return -errno;
- }
- if (fchmodat(fd, path, mode, 0) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE chown method
- */
-static int cowfs_chown(const char *path, uid_t uid, gid_t gid)
-{
- int fd;
- struct stat st;
-
- rel(&path);
- fd = get_rd(path);
- if (fstatat(fd, path, &st, 0) < 0)
- {
- return -errno;
- }
- if (st.st_uid == uid && st.st_gid == gid)
- {
- return 0;
- }
- fd = copy(path);
- if (fd < 0)
- {
- return -errno;
- }
- if (fchownat(fd, path, uid, gid, AT_SYMLINK_NOFOLLOW) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE truncate method
- */
-static int cowfs_truncate(const char *path, off_t size)
-{
- int fd;
- struct stat st;
-
- rel(&path);
- fd = get_rd(path);
- if (fstatat(fd, path, &st, 0) < 0)
- {
- return -errno;
- }
- if (st.st_size == size)
- {
- return 0;
- }
- fd = copy(path);
- if (fd < 0)
- {
- return -errno;
- }
- fd = openat(fd, path, O_WRONLY);
- if (fd < 0)
- {
- return -errno;
- }
- if (ftruncate(fd, size) < 0)
- {
- close(fd);
- return -errno;
- }
- close(fd);
- return 0;
-}
-
-/**
- * FUSE utimens method
- */
-static int cowfs_utimens(const char *path, const struct timespec ts[2])
-{
- struct timeval tv[2];
- int fd;
-
- rel(&path);
- fd = copy(path);
- if (fd < 0)
- {
- return -errno;
- }
-
- tv[0].tv_sec = ts[0].tv_sec;
- tv[0].tv_usec = ts[0].tv_nsec / 1000;
- tv[1].tv_sec = ts[1].tv_sec;
- tv[1].tv_usec = ts[1].tv_nsec / 1000;
-
- if (futimesat(fd, path, tv) < 0)
- {
- return -errno;
- }
- return 0;
-}
-
-/**
- * FUSE open method
- */
-static int cowfs_open(const char *path, struct fuse_file_info *fi)
-{
- int fd;
-
- rel(&path);
- fd = get_rd(path);
-
- fd = openat(fd, path, fi->flags);
- if (fd < 0)
- {
- return -errno;
- }
- close(fd);
- return 0;
-}
-
-/**
- * FUSE read method
- */
-static int cowfs_read(const char *path, char *buf, size_t size, off_t offset,
- struct fuse_file_info *fi)
-{
- int file, fd, res;
-
- rel(&path);
-
- fd = get_rd(path);
-
- file = openat(fd, path, O_RDONLY);
- if (file < 0)
- {
- return -errno;
- }
-
- res = pread(file, buf, size, offset);
- if (res < 0)
- {
- res = -errno;
- }
- close(file);
- return res;
-}
-
-/**
- * FUSE write method
- */
-static int cowfs_write(const char *path, const char *buf, size_t size,
- off_t offset, struct fuse_file_info *fi)
-{
- int file, fd, res;
-
- rel(&path);
-
- fd = copy(path);
- if (fd < 0)
- {
- return -errno;
- }
- file = openat(fd, path, O_WRONLY);
- if (file < 0)
- {
- return -errno;
- }
- res = pwrite(file, buf, size, offset);
- if (res < 0)
- {
- res = -errno;
- }
- close(file);
- return res;
-}
-
-/**
- * FUSE statfs method
- */
-static int cowfs_statfs(const char *path, struct statvfs *stbuf)
-{
- int fd;
-
- fd = get_rd(path);
- if (fstatvfs(fd, stbuf) < 0)
- {
- return -errno;
- }
-
- return 0;
-}
-
-/**
- * FUSE init method
- */
-static void *cowfs_init(struct fuse_conn_info *conn)
-{
- struct fuse_context *ctx;
-
- ctx = fuse_get_context();
-
- return ctx->private_data;
-}
-
-/**
- * FUSE method vectors
- */
-static struct fuse_operations cowfs_operations = {
- .getattr = cowfs_getattr,
- .access = cowfs_access,
- .readlink = cowfs_readlink,
- .readdir = cowfs_readdir,
- .mknod = cowfs_mknod,
- .mkdir = cowfs_mkdir,
- .symlink = cowfs_symlink,
- .unlink = cowfs_unlink,
- .rmdir = cowfs_rmdir,
- .rename = cowfs_rename,
- .link = cowfs_link,
- .chmod = cowfs_chmod,
- .chown = cowfs_chown,
- .truncate = cowfs_truncate,
- .utimens = cowfs_utimens,
- .open = cowfs_open,
- .read = cowfs_read,
- .write = cowfs_write,
- .statfs = cowfs_statfs,
- .init = cowfs_init,
-};
-
-METHOD(cowfs_t, add_overlay, bool,
- private_cowfs_t *this, char *path)
-{
- overlay_t *over = malloc_thing(overlay_t);
- over->fd = open(path, O_RDONLY | O_DIRECTORY);
- if (over->fd < 0)
- {
- DBG1(DBG_LIB, "failed to open overlay directory '%s': %m", path);
- free(over);
- return FALSE;
- }
- over->path = realpath(path, NULL);
- this->lock->write_lock(this->lock);
- overlay_remove(this, over->path);
- this->overlays->insert_first(this->overlays, over);
- this->lock->unlock(this->lock);
- return TRUE;
-}
-
-METHOD(cowfs_t, del_overlay, bool,
- private_cowfs_t *this, char *path)
-{
- bool removed;
- char real[PATH_MAX];
- this->lock->write_lock(this->lock);
- removed = overlay_remove(this, realpath(path, real));
- this->lock->unlock(this->lock);
- return removed;
-}
-
-METHOD(cowfs_t, pop_overlay, bool,
- private_cowfs_t *this)
-{
- overlay_t *over;
- this->lock->write_lock(this->lock);
- if (this->overlays->remove_first(this->overlays, (void**)&over) != SUCCESS)
- {
- this->lock->unlock(this->lock);
- return FALSE;
- }
- this->lock->unlock(this->lock);
- overlay_destroy(over);
- return TRUE;
-}
-
-METHOD(cowfs_t, destroy, void,
- private_cowfs_t *this)
-{
- fuse_exit(this->fuse);
- fuse_unmount(this->mount, this->chan);
- this->thread->join(this->thread);
- fuse_destroy(this->fuse);
- this->lock->destroy(this->lock);
- this->overlays->destroy_function(this->overlays, (void*)overlay_destroy);
- free(this->mount);
- free(this->master);
- free(this->host);
- close(this->master_fd);
- close(this->host_fd);
- free(this);
-}
-
-/**
- * creates a new cowfs fuse instance
- */
-cowfs_t *cowfs_create(char *master, char *host, char *mount)
-{
- struct fuse_args args = {0, NULL, 0};
- private_cowfs_t *this;
-
- INIT(this,
- .public = {
- .add_overlay = _add_overlay,
- .del_overlay = _del_overlay,
- .pop_overlay = _pop_overlay,
- .destroy = _destroy,
- }
- );
-
- this->master_fd = open(master, O_RDONLY | O_DIRECTORY);
- if (this->master_fd < 0)
- {
- DBG1(DBG_LIB, "failed to open master filesystem '%s'", master);
- free(this);
- return NULL;
- }
- this->host_fd = open(host, O_RDONLY | O_DIRECTORY);
- if (this->host_fd < 0)
- {
- DBG1(DBG_LIB, "failed to open host filesystem '%s'", host);
- close(this->master_fd);
- free(this);
- return NULL;
- }
-
- this->chan = fuse_mount(mount, &args);
- if (this->chan == NULL)
- {
- DBG1(DBG_LIB, "mounting cowfs FUSE on '%s' failed", mount);
- close(this->master_fd);
- close(this->host_fd);
- free(this);
- return NULL;
- }
-
- this->fuse = fuse_new(this->chan, &args, &cowfs_operations,
- sizeof(cowfs_operations), this);
- if (this->fuse == NULL)
- {
- DBG1(DBG_LIB, "creating cowfs FUSE handle failed");
- close(this->master_fd);
- close(this->host_fd);
- fuse_unmount(mount, this->chan);
- free(this);
- return NULL;
- }
-
- this->mount = strdup(mount);
- this->master = strdup(master);
- this->host = strdup(host);
- this->overlays = linked_list_create();
- this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT);
-
- this->thread = thread_create((thread_main_t)fuse_loop, this->fuse);
- if (!this->thread)
- {
- DBG1(DBG_LIB, "creating thread to handle FUSE failed");
- fuse_unmount(mount, this->chan);
- this->lock->destroy(this->lock);
- this->overlays->destroy(this->overlays);
- free(this->mount);
- free(this->master);
- free(this->host);
- close(this->master_fd);
- close(this->host_fd);
- free(this);
- return NULL;
- }
-
- return &this->public;
-}
-
diff --git a/src/dumm/cowfs.h b/src/dumm/cowfs.h
deleted file mode 100644
index 9a596de2e..000000000
--- a/src/dumm/cowfs.h
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright (C) 2009 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef COWFS_H
-#define COWFS_H
-
-#include <library.h>
-
-typedef struct cowfs_t cowfs_t;
-
-/**
- * cowfs - Copy on write FUSE filesystem.
- *
- */
-struct cowfs_t {
-
- /**
- * Adds an additional copy on write overlay.
- *
- * If the path was already added as overlay, it is moved to the top.
- *
- * @param path path of the overlay
- * @return FALSE, if failed
- */
- bool (*add_overlay)(cowfs_t *this, char *path);
-
- /**
- * Remove the specified copy on write overlay.
- *
- * @param path path of the overlay
- * @return FALSE, if not found
- */
- bool (*del_overlay)(cowfs_t *this, char *path);
-
- /**
- * Remove the most recently added copy on write overlay.
- *
- * @return FALSE, if no overlay was found
- */
- bool (*pop_overlay)(cowfs_t *this);
-
- /**
- * Stop, umount and destroy a cowfs FUSE filesystem.
- */
- void (*destroy) (cowfs_t *this);
-};
-
-/**
- * Mount a cowfs FUSE filesystem.
- *
- * @param master read only master file system directory
- * @param host copy on write host directory
- * @param mount mountpoint where union is mounted
- * @return instance, or NULL if FUSE initialization failed
- */
-cowfs_t *cowfs_create(char *master, char *host, char *mount);
-
-#endif /* COWFS_H */
-
diff --git a/src/dumm/dumm.c b/src/dumm/dumm.c
deleted file mode 100644
index e24671330..000000000
--- a/src/dumm/dumm.c
+++ /dev/null
@@ -1,444 +0,0 @@
-/*
- * Copyright (C) 2008-2009 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <dirent.h>
-#include <errno.h>
-
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-#include "dumm.h"
-
-#define PERME (S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH)
-#define GUEST_DIR "guests"
-#define TEMPLATE_DIR "templates"
-
-typedef struct private_dumm_t private_dumm_t;
-
-struct private_dumm_t {
- /** public dumm interface */
- dumm_t public;
- /** working dir */
- char *dir;
- /** directory of guests */
- char *guest_dir;
- /** directory of loaded template */
- char *template;
- /** list of managed guests */
- linked_list_t *guests;
- /** list of managed bridges */
- linked_list_t *bridges;
-};
-
-METHOD(dumm_t, create_guest, guest_t*,
- private_dumm_t *this, char *name, char *kernel, char *master, char *args)
-{
- guest_t *guest;
-
- guest = guest_create(this->guest_dir, name, kernel, master, args);
- if (guest)
- {
- this->guests->insert_last(this->guests, guest);
- }
- return guest;
-}
-
-METHOD(dumm_t, create_guest_enumerator, enumerator_t*,
- private_dumm_t *this)
-{
- return this->guests->create_enumerator(this->guests);
-}
-
-METHOD(dumm_t, delete_guest, void,
- private_dumm_t *this, guest_t *guest)
-{
- if (this->guests->remove(this->guests, guest, NULL))
- {
- char buf[512];
- int len;
-
- len = snprintf(buf, sizeof(buf), "rm -Rf %s/%s",
- this->guest_dir, guest->get_name(guest));
- guest->destroy(guest);
- if (len > 8 && len < 512)
- {
- ignore_result(system(buf));
- }
- }
-}
-
-METHOD(dumm_t, create_bridge, bridge_t*,
- private_dumm_t *this, char *name)
-{
- bridge_t *bridge;
-
- bridge = bridge_create(name);
- if (bridge)
- {
- this->bridges->insert_last(this->bridges, bridge);
- }
- return bridge;
-}
-
-METHOD(dumm_t, create_bridge_enumerator, enumerator_t*,
- private_dumm_t *this)
-{
- return this->bridges->create_enumerator(this->bridges);
-}
-
-METHOD(dumm_t, delete_bridge, void,
- private_dumm_t *this, bridge_t *bridge)
-{
- if (this->bridges->remove(this->bridges, bridge, NULL))
- {
- bridge->destroy(bridge);
- }
-}
-
-METHOD(dumm_t, add_overlay, bool,
- private_dumm_t *this, char *dir)
-{
- enumerator_t *enumerator;
- guest_t *guest;
-
- if (dir == NULL)
- {
- return TRUE;
- }
- if (strlen(dir) > PATH_MAX)
- {
- DBG1(DBG_LIB, "overlay directory string '%s' is too long", dir);
- return FALSE;
- }
- if (access(dir, F_OK) != 0)
- {
- if (!mkdir_p(dir, PERME))
- {
- DBG1(DBG_LIB, "creating overlay directory '%s' failed: %m", dir);
- return FALSE;
- }
- }
- enumerator = this->guests->create_enumerator(this->guests);
- while (enumerator->enumerate(enumerator, (void**)&guest))
- {
- char guest_dir[PATH_MAX];
- int len = snprintf(guest_dir, sizeof(guest_dir), "%s/%s", dir,
- guest->get_name(guest));
- if (len < 0 || len >= sizeof(guest_dir))
- {
- goto error;
- }
- if (access(guest_dir, F_OK) != 0)
- {
- if (!mkdir_p(guest_dir, PERME))
- {
- DBG1(DBG_LIB, "creating overlay directory for guest '%s' failed: %m",
- guest->get_name(guest));
- goto error;
- }
- }
- if (!guest->add_overlay(guest, guest_dir))
- {
- goto error;
- }
- }
- enumerator->destroy(enumerator);
- return TRUE;
-error:
- enumerator->destroy(enumerator);
- this->public.del_overlay(&this->public, dir);
- return FALSE;
-}
-
-METHOD(dumm_t, del_overlay, bool,
- private_dumm_t *this, char *dir)
-{
- bool ret = FALSE;
- enumerator_t *enumerator;
- guest_t *guest;
-
- enumerator = this->guests->create_enumerator(this->guests);
- while (enumerator->enumerate(enumerator, (void**)&guest))
- {
- char guest_dir[PATH_MAX];
- int len = snprintf(guest_dir, sizeof(guest_dir), "%s/%s", dir,
- guest->get_name(guest));
- if (len < 0 || len >= sizeof(guest_dir))
- {
- continue;
- }
- ret = guest->del_overlay(guest, guest_dir) || ret;
- }
- enumerator->destroy(enumerator);
- return ret;
-}
-
-METHOD(dumm_t, pop_overlay, bool,
- private_dumm_t *this)
-{
- bool ret = FALSE;
- enumerator_t *enumerator;
- guest_t *guest;
-
- enumerator = this->guests->create_enumerator(this->guests);
- while (enumerator->enumerate(enumerator, (void**)&guest))
- {
- ret = guest->pop_overlay(guest) || ret;
- }
- enumerator->destroy(enumerator);
- return ret;
-}
-
-/**
- * disable the currently enabled template
- */
-static void clear_template(private_dumm_t *this)
-{
- if (this->template)
- {
- del_overlay(this, this->template);
- free(this->template);
- this->template = NULL;
- }
-}
-
-METHOD(dumm_t, load_template, bool,
- private_dumm_t *this, char *name)
-{
- clear_template(this);
- if (name == NULL)
- {
- return TRUE;
- }
- if (strlen(name) > PATH_MAX)
- {
- DBG1(DBG_LIB, "template name '%s' is too long", name);
- return FALSE;
- }
- if (strchr(name, '/') != NULL)
- {
- DBG1(DBG_LIB, "template name '%s' must not contain '/' characters", name);
- return FALSE;
- }
- if (asprintf(&this->template, "%s/%s", TEMPLATE_DIR, name) < 0)
- {
- this->template = NULL;
- return FALSE;
- }
- if (access(this->template, F_OK) != 0)
- {
- if (!mkdir_p(this->template, PERME))
- {
- DBG1(DBG_LIB, "creating template directory '%s' failed: %m",
- this->template);
- return FALSE;
- }
- }
- return add_overlay(this, this->template);
-}
-
-/**
- * Template directory enumerator
- */
-typedef struct {
- /** implements enumerator_t */
- enumerator_t public;
- /** directory enumerator */
- enumerator_t *inner;
-} template_enumerator_t;
-
-METHOD(enumerator_t, template_enumerate, bool,
- template_enumerator_t *this, va_list args)
-{
- struct stat st;
- char *rel, **template;
-
- VA_ARGS_VGET(args, template);
-
- while (this->inner->enumerate(this->inner, &rel, NULL, &st))
- {
- if (S_ISDIR(st.st_mode) && *rel != '.')
- {
- *template = rel;
- return TRUE;
- }
- }
- return FALSE;
-}
-
-METHOD(enumerator_t, template_enumerator_destroy, void,
- template_enumerator_t *this)
-{
- this->inner->destroy(this->inner);
- free(this);
-}
-
-METHOD(dumm_t, create_template_enumerator, enumerator_t*,
- private_dumm_t *this)
-{
- template_enumerator_t *enumerator;
- INIT(enumerator,
- .public = {
- .enumerate = enumerator_enumerate_default,
- .venumerate = _template_enumerate,
- .destroy = (void*)_template_enumerator_destroy,
- },
- .inner = enumerator_create_directory(TEMPLATE_DIR),
- );
- if (!enumerator->inner)
- {
- free(enumerator);
- return enumerator_create_empty();
- }
- return &enumerator->public;
-}
-
-METHOD(dumm_t, destroy, void,
- private_dumm_t *this)
-{
- enumerator_t *enumerator;
- guest_t *guest;
-
- this->bridges->destroy_offset(this->bridges, offsetof(bridge_t, destroy));
-
- enumerator = this->guests->create_enumerator(this->guests);
- while (enumerator->enumerate(enumerator, (void**)&guest))
- {
- guest->stop(guest, NULL);
- }
- enumerator->destroy(enumerator);
-
- while (this->guests->remove_last(this->guests, (void**)&guest) == SUCCESS)
- {
- guest->destroy(guest);
- }
- this->guests->destroy(this->guests);
- free(this->guest_dir);
- free(this->template);
- free(this->dir);
- free(this);
-}
-
-/**
- * load all guests in our working dir
- */
-static void load_guests(private_dumm_t *this)
-{
- DIR *dir;
- struct dirent *ent;
- guest_t *guest;
-
- dir = opendir(this->guest_dir);
- if (dir == NULL)
- {
- return;
- }
-
- while ((ent = readdir(dir)))
- {
- if (*ent->d_name == '.')
- { /* skip ".", ".." and hidden files (such as ".svn") */
- continue;
- }
- guest = guest_load(this->guest_dir, ent->d_name);
- if (guest)
- {
- this->guests->insert_last(this->guests, guest);
- }
- else
- {
- DBG1(DBG_LIB, "loading guest in directory '%s' failed, skipped",
- ent->d_name);
- }
- }
- closedir(dir);
-}
-
-/**
- * create a dumm instance
- */
-dumm_t *dumm_create(char *dir)
-{
- char cwd[PATH_MAX];
- private_dumm_t *this;
-
- INIT(this,
- .public = {
- .create_guest = _create_guest,
- .create_guest_enumerator = _create_guest_enumerator,
- .delete_guest = _delete_guest,
- .create_bridge = _create_bridge,
- .create_bridge_enumerator = _create_bridge_enumerator,
- .delete_bridge = _delete_bridge,
- .add_overlay = _add_overlay,
- .del_overlay = _del_overlay,
- .pop_overlay = _pop_overlay,
- .load_template = _load_template,
- .create_template_enumerator = _create_template_enumerator,
- .destroy = _destroy,
- },
- );
-
- if (dir && *dir == '/')
- {
- this->dir = strdup(dir);
- }
- else
- {
- if (getcwd(cwd, sizeof(cwd)) == NULL)
- {
- free(this);
- return NULL;
- }
- if (dir)
- {
- if (asprintf(&this->dir, "%s/%s", cwd, dir) < 0)
- {
- this->dir = NULL;
- }
- }
- else
- {
- this->dir = strdup(cwd);
- }
- }
- if (asprintf(&this->guest_dir, "%s/%s", this->dir, GUEST_DIR) < 0)
- {
- this->guest_dir = NULL;
- }
-
- this->guests = linked_list_create();
- this->bridges = linked_list_create();
-
- if (this->dir == NULL || this->guest_dir == NULL ||
- (mkdir(this->guest_dir, PERME) < 0 && errno != EEXIST))
- {
- DBG1(DBG_LIB, "creating guest directory '%s' failed: %m",
- this->guest_dir);
- destroy(this);
- return NULL;
- }
-
- load_guests(this);
- return &this->public;
-}
-
diff --git a/src/dumm/dumm.h b/src/dumm/dumm.h
deleted file mode 100644
index 921d2157f..000000000
--- a/src/dumm/dumm.h
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- * Copyright (C) 2008-2009 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef DUMM_H
-#define DUMM_H
-
-#include <signal.h>
-
-#include <library.h>
-#include <collections/enumerator.h>
-
-#include "guest.h"
-#include "bridge.h"
-
-typedef struct dumm_t dumm_t;
-
-/**
- * dumm - Dynamic Uml Mesh Modeler
- *
- * Controls a group of UML guests and their networks.
- */
-struct dumm_t {
-
- /**
- * Starts a new UML guest
- *
- * @param name name of the guest
- * @param kernel UML kernel to use for guest
- * @param master mounted read only master filesystem
- * @param args additional args to pass to kernel
- * @return guest if started, NULL if failed
- */
- guest_t* (*create_guest) (dumm_t *this, char *name, char *kernel,
- char *master, char *args);
-
- /**
- * Create an enumerator over all guests.
- *
- * @return enumerator over guest_t's
- */
- enumerator_t* (*create_guest_enumerator) (dumm_t *this);
-
- /**
- * Delete a guest from disk.
- *
- * @param guest guest to destroy
- */
- void (*delete_guest) (dumm_t *this, guest_t *guest);
-
- /**
- * Create a new bridge.
- *
- * @param name name of the bridge to create
- * @return created bridge
- */
- bridge_t* (*create_bridge)(dumm_t *this, char *name);
-
- /**
- * Create an enumerator over all bridges.
- *
- * @return enumerator over bridge_t's
- */
- enumerator_t* (*create_bridge_enumerator)(dumm_t *this);
-
- /**
- * Delete a bridge.
- *
- * @param bridge bridge to destroy
- */
- void (*delete_bridge) (dumm_t *this, bridge_t *bridge);
-
- /**
- * Add an overlay to all guests.
- *
- * Directories named after the guests are created, if they do not exist
- * in the given overlay directory.
- *
- * If adding the overlay on at lest one guest fails, FALSE is returned and
- * the overlay is again removed from all guests.
- *
- * @param dir dir to the overlay
- * @return FALSE, on failure
- */
- bool (*add_overlay)(dumm_t *this, char *dir);
-
- /**
- * Removes an overlay from all guests.
- *
- * @param dir dir to the overlay
- * @return FALSE, if the overlay was not found on any guest
- */
- bool (*del_overlay)(dumm_t *this, char *dir);
-
- /**
- * Remove the latest overlay from all guests.
- *
- * @return FALSE, if no overlay was found on any guest
- */
- bool (*pop_overlay)(dumm_t *this);
-
- /**
- * Loads a template, create a new one if it does not exist.
- *
- * This is basically a wrapper around add/del_overlay to simplify working
- * with overlays. Templates are located in a predefined directory, so that
- * only a name for the template has to be specified here. Only one template
- * can be loaded at any one time (but other overlays can be added on top or
- * below a template).
- *
- * @param name name of the template to load, NULL to unload
- * @return FALSE if load/create failed
- */
- bool (*load_template)(dumm_t *this, char *name);
-
- /**
- * Create an enumerator over all available templates.
- *
- * @return enumerator over char*
- */
- enumerator_t* (*create_template_enumerator)(dumm_t *this);
-
- /**
- * stop all guests and destroy the modeler
- */
- void (*destroy) (dumm_t *this);
-};
-
-/**
- * Create a group of UML hosts and networks.
- *
- * @param dir directory to create guests/load from, NULL for cwd
- * @return created UML group, or NULL if failed.
- */
-dumm_t *dumm_create(char *dir);
-
-#endif /* DUMM_H */
-
diff --git a/src/dumm/ext/README b/src/dumm/ext/README
deleted file mode 100644
index 270d9d59d..000000000
--- a/src/dumm/ext/README
+++ /dev/null
@@ -1,8 +0,0 @@
-DUMM Ruby Extension
-===================
-
-Build and Install
-
- $ ruby extconf.rb
- $ make
- # make install
diff --git a/src/dumm/ext/dumm.c b/src/dumm/ext/dumm.c
deleted file mode 100644
index 7df72eb30..000000000
--- a/src/dumm/ext/dumm.c
+++ /dev/null
@@ -1,797 +0,0 @@
-/*
- * Copyright (C) 2008-2010 Tobias Brunner
- * Copyright (C) 2008 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <stdio.h>
-#include <signal.h>
-#include <unistd.h>
-#include <fcntl.h>
-
-#include <library.h>
-#include <dumm.h>
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-#undef PACKAGE_NAME
-#undef PACKAGE_TARNAME
-#undef PACKAGE_VERSION
-#undef PACKAGE_STRING
-#undef PACKAGE_BUGREPORT
-#undef PACKAGE_URL
-#undef HAVE_DLADDR
-#undef HAVE_QSORT_R
-/* avoid redefintiion of snprintf etc. */
-#define RUBY_DONT_SUBST
-/* undef our _GNU_SOURCE, as it gets redefined by <ruby.h> */
-#undef _GNU_SOURCE
-#include <ruby.h>
-
-static dumm_t *dumm;
-
-static VALUE rbm_dumm;
-static VALUE rbc_guest;
-static VALUE rbc_bridge;
-static VALUE rbc_iface;
-static VALUE rbc_template;
-
-/**
- * Guest invocation callback
- */
-static pid_t invoke(void *null, guest_t *guest, char *args[], int argc)
-{
- pid_t pid;
-
- pid = fork();
- switch (pid)
- {
- case 0: /* child */
- /* create a new process group in order to prevent signals (e.g.
- * SIGINT) sent to the parent from terminating the child */
- setpgid(0, 0);
- dup2(open("/dev/null", 0), 1);
- dup2(open("/dev/null", 0), 2);
- execvp(args[0], args);
- /* FALL */
- case -1:
- return 0;
- default:
- return pid;
- }
-}
-
-/**
- * SIGCHLD signal handler
- */
-static void sigchld_handler(int signal, siginfo_t *info, void* ptr)
-{
- enumerator_t *enumerator;
- guest_t *guest;
-
- enumerator = dumm->create_guest_enumerator(dumm);
- while (enumerator->enumerate(enumerator, &guest))
- {
- if (guest->get_pid(guest) == info->si_pid)
- {
- guest->sigchild(guest);
- break;
- }
- }
- enumerator->destroy(enumerator);
-}
-
-
-/**
- * Global Dumm bindings
- */
-static VALUE dumm_add_overlay(VALUE class, VALUE dir)
-{
- if (!dumm->add_overlay(dumm, StringValuePtr(dir)))
- {
- rb_raise(rb_eRuntimeError, "loading overlay failed");
- }
- return class;
-}
-
-static VALUE dumm_del_overlay(VALUE class, VALUE dir)
-{
- return dumm->del_overlay(dumm, StringValuePtr(dir)) ? Qtrue : Qfalse;
-}
-
-static VALUE dumm_pop_overlay(VALUE class)
-{
- return dumm->pop_overlay(dumm) ? Qtrue : Qfalse;
-}
-
-static void dumm_init()
-{
- rbm_dumm = rb_define_module("Dumm");
-
- rb_define_module_function(rbm_dumm, "add_overlay", dumm_add_overlay, 1);
- rb_define_module_function(rbm_dumm, "del_overlay", dumm_del_overlay, 1);
- rb_define_module_function(rbm_dumm, "pop_overlay", dumm_pop_overlay, 0);
-}
-
-/**
- * Guest bindings
- */
-static VALUE guest_hash_create(VALUE class)
-{
- enumerator_t *enumerator;
- guest_t *guest;
- VALUE hash = rb_hash_new();
- enumerator = dumm->create_guest_enumerator(dumm);
- while (enumerator->enumerate(enumerator, &guest))
- {
- rb_hash_aset(hash, rb_str_new2(guest->get_name(guest)),
- Data_Wrap_Struct(class, NULL, NULL, guest));
- }
- enumerator->destroy(enumerator);
- return hash;
-}
-
-static VALUE guest_hash(VALUE class)
-{
- ID id = rb_intern("@@guests");
- if (!rb_cvar_defined(class, id))
- {
- VALUE hash = guest_hash_create(class);
-#ifdef RB_CVAR_SET_4_ARGS
- rb_cvar_set(class, id, hash, 0);
-#else
- rb_cvar_set(class, id, hash);
-#endif
- return hash;
- }
- return rb_cvar_get(class, id);
-}
-
-static VALUE guest_find(VALUE class, VALUE key)
-{
- if (TYPE(key) != T_STRING)
- {
- key = rb_convert_type(key, T_STRING, "String", "to_s");
- }
- return rb_hash_aref(guest_hash(class), key);
-}
-
-static VALUE guest_get(VALUE class, VALUE key)
-{
- return guest_find(class, key);
-}
-
-static VALUE guest_each(int argc, VALUE *argv, VALUE class)
-{
- if (!rb_block_given_p())
- {
- rb_raise(rb_eArgError, "must be called with a block");
- }
- rb_block_call(guest_hash(class), rb_intern("each_value"), 0, 0,
- rb_yield, 0);
- return class;
-}
-
-static VALUE guest_new(VALUE class, VALUE name, VALUE kernel,
- VALUE master, VALUE args)
-{
- VALUE self;
- guest_t *guest;
- guest = dumm->create_guest(dumm, StringValuePtr(name),
- StringValuePtr(kernel), StringValuePtr(master),
- StringValuePtr(args));
- if (!guest)
- {
- rb_raise(rb_eRuntimeError, "creating guest failed");
- }
- self = Data_Wrap_Struct(class, NULL, NULL, guest);
- rb_hash_aset(guest_hash(class), name, self);
- return self;
-}
-
-static VALUE guest_to_s(VALUE self)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
- return rb_str_new2(guest->get_name(guest));
-}
-
-static VALUE guest_start(VALUE self)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
-
- if (!guest->start(guest, invoke, NULL, NULL))
- {
- rb_raise(rb_eRuntimeError, "starting guest failed");
- }
- return self;
-}
-
-static VALUE guest_stop(VALUE self)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
- guest->stop(guest, NULL);
- return self;
-}
-
-static VALUE guest_running(VALUE self)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
- return guest->get_pid(guest) ? Qtrue : Qfalse;
-}
-
-static void exec_cb(void *data, char *buf)
-{
- rb_yield(rb_str_new2(buf));
-}
-
-static VALUE guest_exec(VALUE self, VALUE cmd)
-{
- guest_t *guest;
- bool block;
- int ret;
-
- block = rb_block_given_p();
- Data_Get_Struct(self, guest_t, guest);
- ret = guest->exec_str(guest, block ? (void*)exec_cb : NULL, TRUE, NULL,
- "exec %s", StringValuePtr(cmd));
- rb_iv_set(self, "@execstatus", INT2NUM(ret));
- return self;
-}
-
-static VALUE guest_mconsole(VALUE self, VALUE cmd)
-{
- guest_t *guest;
- bool block;
- int ret;
-
- block = rb_block_given_p();
- Data_Get_Struct(self, guest_t, guest);
- if ((ret = guest->exec_str(guest, block ? (void*)exec_cb : NULL, TRUE, NULL,
- "%s", StringValuePtr(cmd))) != 0)
- {
- rb_raise(rb_eRuntimeError, "executing command failed (%d)", ret);
- }
- return self;
-}
-
-static VALUE guest_add_iface(VALUE self, VALUE name)
-{
- guest_t *guest;
- iface_t *iface;
-
- Data_Get_Struct(self, guest_t, guest);
- iface = guest->create_iface(guest, StringValuePtr(name));
- if (!iface)
- {
- rb_raise(rb_eRuntimeError, "adding interface failed");
- }
- return Data_Wrap_Struct(rbc_iface, NULL, NULL, iface);
-}
-
-static VALUE guest_find_iface(VALUE self, VALUE key)
-{
- enumerator_t *enumerator;
- iface_t *iface, *found = NULL;
- guest_t *guest;
-
- if (TYPE(key) == T_SYMBOL)
- {
- key = rb_convert_type(key, T_STRING, "String", "to_s");
- }
- Data_Get_Struct(self, guest_t, guest);
- enumerator = guest->create_iface_enumerator(guest);
- while (enumerator->enumerate(enumerator, &iface))
- {
- if (streq(iface->get_guestif(iface), StringValuePtr(key)))
- {
- found = iface;
- break;
- }
- }
- enumerator->destroy(enumerator);
- if (!found)
- {
- return Qnil;
- }
- return Data_Wrap_Struct(rbc_iface, NULL, NULL, iface);
-}
-
-static VALUE guest_get_iface(VALUE self, VALUE key)
-{
- VALUE iface = guest_find_iface(self, key);
- if (NIL_P(iface))
- {
- rb_raise(rb_eRuntimeError, "interface not found");
- }
- return iface;
-}
-
-static VALUE guest_each_iface(int argc, VALUE *argv, VALUE self)
-{
- enumerator_t *enumerator;
- linked_list_t *list;
- guest_t *guest;
- iface_t *iface;
-
- if (!rb_block_given_p())
- {
- rb_raise(rb_eArgError, "must be called with a block");
- }
- Data_Get_Struct(self, guest_t, guest);
- list = linked_list_create();
- enumerator = guest->create_iface_enumerator(guest);
- while (enumerator->enumerate(enumerator, &iface))
- {
- list->insert_last(list, iface);
- }
- enumerator->destroy(enumerator);
- while (list->remove_first(list, (void**)&iface) == SUCCESS)
- {
- rb_yield(Data_Wrap_Struct(rbc_iface, NULL, NULL, iface));
- }
- list->destroy(list);
- return self;
-}
-
-static VALUE guest_delete(VALUE self)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
- if (guest->get_pid(guest))
- {
- rb_raise(rb_eRuntimeError, "guest is running");
- }
- dumm->delete_guest(dumm, guest);
- return Qnil;
-}
-
-static VALUE guest_add_overlay(VALUE self, VALUE dir)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
- if (!guest->add_overlay(guest, StringValuePtr(dir)))
- {
- rb_raise(rb_eRuntimeError, "loading overlay failed");
- }
- return self;
-}
-
-static VALUE guest_del_overlay(VALUE self, VALUE dir)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
- return guest->del_overlay(guest, StringValuePtr(dir)) ? Qtrue : Qfalse;
-}
-
-static VALUE guest_pop_overlay(VALUE self)
-{
- guest_t *guest;
-
- Data_Get_Struct(self, guest_t, guest);
- return guest->pop_overlay(guest) ? Qtrue : Qfalse;
-}
-
-static void guest_init()
-{
- rbc_guest = rb_define_class_under(rbm_dumm , "Guest", rb_cObject);
- rb_include_module(rb_class_of(rbc_guest), rb_mEnumerable);
- rb_include_module(rbc_guest, rb_mEnumerable);
-
- rb_define_singleton_method(rbc_guest, "[]", guest_get, 1);
- rb_define_singleton_method(rbc_guest, "each", guest_each, -1);
- rb_define_singleton_method(rbc_guest, "new", guest_new, 4);
- rb_define_singleton_method(rbc_guest, "include?", guest_find, 1);
- rb_define_singleton_method(rbc_guest, "guest?", guest_find, 1);
-
- rb_define_method(rbc_guest, "to_s", guest_to_s, 0);
- rb_define_method(rbc_guest, "start", guest_start, 0);
- rb_define_method(rbc_guest, "stop", guest_stop, 0);
- rb_define_method(rbc_guest, "running?", guest_running, 0);
- rb_define_method(rbc_guest, "exec", guest_exec, 1);
- rb_define_method(rbc_guest, "mconsole", guest_mconsole, 1);
- rb_define_method(rbc_guest, "add", guest_add_iface, 1);
- rb_define_method(rbc_guest, "[]", guest_get_iface, 1);
- rb_define_method(rbc_guest, "each", guest_each_iface, -1);
- rb_define_method(rbc_guest, "include?", guest_find_iface, 1);
- rb_define_method(rbc_guest, "iface?", guest_find_iface, 1);
- rb_define_method(rbc_guest, "delete", guest_delete, 0);
- rb_define_method(rbc_guest, "add_overlay", guest_add_overlay, 1);
- rb_define_method(rbc_guest, "del_overlay", guest_del_overlay, 1);
- rb_define_method(rbc_guest, "pop_overlay", guest_pop_overlay, 0);
-
- rb_define_attr(rbc_guest, "execstatus", 1, 0);
-}
-
-/**
- * Bridge binding
- */
-static VALUE bridge_find(VALUE class, VALUE key)
-{
- enumerator_t *enumerator;
- bridge_t *bridge, *found = NULL;
-
- if (TYPE(key) == T_SYMBOL)
- {
- key = rb_convert_type(key, T_STRING, "String", "to_s");
- }
- enumerator = dumm->create_bridge_enumerator(dumm);
- while (enumerator->enumerate(enumerator, &bridge))
- {
- if (streq(bridge->get_name(bridge), StringValuePtr(key)))
- {
- found = bridge;
- break;
- }
- }
- enumerator->destroy(enumerator);
- if (!found)
- {
- return Qnil;
- }
- return Data_Wrap_Struct(class, NULL, NULL, found);
-}
-
-static VALUE bridge_get(VALUE class, VALUE key)
-{
- VALUE bridge = bridge_find(class, key);
- if (NIL_P(bridge))
- {
- rb_raise(rb_eRuntimeError, "bridge not found");
- }
- return bridge;
-}
-
-static VALUE bridge_each(int argc, VALUE *argv, VALUE class)
-{
- enumerator_t *enumerator;
- linked_list_t *list;
- bridge_t *bridge;
-
- if (!rb_block_given_p())
- {
- rb_raise(rb_eArgError, "must be called with a block");
- }
- list = linked_list_create();
- enumerator = dumm->create_bridge_enumerator(dumm);
- while (enumerator->enumerate(enumerator, &bridge))
- {
- list->insert_last(list, bridge);
- }
- enumerator->destroy(enumerator);
- while (list->remove_first(list, (void**)&bridge) == SUCCESS)
- {
- rb_yield(Data_Wrap_Struct(class, NULL, NULL, bridge));
- }
- list->destroy(list);
- return class;
-}
-
-static VALUE bridge_new(VALUE class, VALUE name)
-
-{
- bridge_t *bridge;
-
- bridge = dumm->create_bridge(dumm, StringValuePtr(name));
- if (!bridge)
- {
- rb_raise(rb_eRuntimeError, "creating bridge failed");
- }
- return Data_Wrap_Struct(class, NULL, NULL, bridge);
-}
-
-static VALUE bridge_to_s(VALUE self)
-{
- bridge_t *bridge;
-
- Data_Get_Struct(self, bridge_t, bridge);
- return rb_str_new2(bridge->get_name(bridge));
-}
-
-static VALUE bridge_each_iface(int argc, VALUE *argv, VALUE self)
-{
- enumerator_t *enumerator;
- linked_list_t *list;
- bridge_t *bridge;
- iface_t *iface;
-
- if (!rb_block_given_p())
- {
- rb_raise(rb_eArgError, "must be called with a block");
- }
- Data_Get_Struct(self, bridge_t, bridge);
- list = linked_list_create();
- enumerator = bridge->create_iface_enumerator(bridge);
- while (enumerator->enumerate(enumerator, &iface))
- {
- list->insert_last(list, iface);
- }
- enumerator->destroy(enumerator);
- while (list->remove_first(list, (void**)&iface) == SUCCESS)
- {
- rb_yield(Data_Wrap_Struct(rbc_iface, NULL, NULL, iface));
- }
- list->destroy(list);
- return self;
-}
-
-static VALUE bridge_delete(VALUE self)
-{
- bridge_t *bridge;
-
- Data_Get_Struct(self, bridge_t, bridge);
- dumm->delete_bridge(dumm, bridge);
- return Qnil;
-}
-
-static void bridge_init()
-{
- rbc_bridge = rb_define_class_under(rbm_dumm , "Bridge", rb_cObject);
- rb_include_module(rb_class_of(rbc_bridge), rb_mEnumerable);
- rb_include_module(rbc_bridge, rb_mEnumerable);
-
- rb_define_singleton_method(rbc_bridge, "[]", bridge_get, 1);
- rb_define_singleton_method(rbc_bridge, "each", bridge_each, -1);
- rb_define_singleton_method(rbc_bridge, "new", bridge_new, 1);
- rb_define_singleton_method(rbc_bridge, "include?", bridge_find, 1);
- rb_define_singleton_method(rbc_bridge, "bridge?", bridge_find, 1);
-
- rb_define_method(rbc_bridge, "to_s", bridge_to_s, 0);
- rb_define_method(rbc_bridge, "each", bridge_each_iface, -1);
- rb_define_method(rbc_bridge, "delete", bridge_delete, 0);
-}
-
-/**
- * Iface wrapper
- */
-static VALUE iface_to_s(VALUE self)
-{
- iface_t *iface;
-
- Data_Get_Struct(self, iface_t, iface);
- return rb_str_new2(iface->get_hostif(iface));
-}
-
-static VALUE iface_connect(VALUE self, VALUE vbridge)
-{
- iface_t *iface;
- bridge_t *bridge;
-
- Data_Get_Struct(self, iface_t, iface);
- Data_Get_Struct(vbridge, bridge_t, bridge);
- if (!bridge->connect_iface(bridge, iface))
- {
- rb_raise(rb_eRuntimeError, "connecting iface failed");
- }
- return self;
-}
-
-static VALUE iface_disconnect(VALUE self)
-{
- iface_t *iface;
- bridge_t *bridge;
-
- Data_Get_Struct(self, iface_t, iface);
- bridge = iface->get_bridge(iface);
- if (!bridge || !bridge->disconnect_iface(bridge, iface))
- {
- rb_raise(rb_eRuntimeError, "disconnecting iface failed");
- }
- return self;
-}
-
-static VALUE iface_add_addr(VALUE self, VALUE name)
-{
- iface_t *iface;
- host_t *addr;
- int bits;
-
- addr = host_create_from_subnet(StringValuePtr(name), &bits);
- if (!addr)
- {
- rb_raise(rb_eArgError, "invalid IP address");
- }
- Data_Get_Struct(self, iface_t, iface);
- if (!iface->add_address(iface, addr, bits))
- {
- addr->destroy(addr);
- rb_raise(rb_eRuntimeError, "adding address failed");
- }
- if (rb_block_given_p()) {
- rb_yield(self);
- iface->delete_address(iface, addr, bits);
- }
- addr->destroy(addr);
- return self;
-}
-
-static VALUE iface_each_addr(int argc, VALUE *argv, VALUE self)
-{
- enumerator_t *enumerator;
- linked_list_t *list;
- iface_t *iface;
- host_t *addr;
- char buf[64], *fmt = "%H";
-
- if (!rb_block_given_p())
- {
- rb_raise(rb_eArgError, "must be called with a block");
- }
- list = linked_list_create();
- Data_Get_Struct(self, iface_t, iface);
- enumerator = iface->create_address_enumerator(iface);
- while (enumerator->enumerate(enumerator, &addr))
- {
- list->insert_last(list, addr->clone(addr));
- }
- enumerator->destroy(enumerator);
- while (list->remove_first(list, (void**)&addr) == SUCCESS)
- {
- snprintf(buf, sizeof(buf), fmt, addr);
- addr->destroy(addr);
- rb_yield(rb_str_new2(buf));
- }
- list->destroy(list);
- return self;
-}
-
-static VALUE iface_del_addr(VALUE self, VALUE vaddr)
-{
- iface_t *iface;
- host_t *addr;
- int bits;
-
- addr = host_create_from_subnet(StringValuePtr(vaddr), &bits);
- if (!addr)
- {
- rb_raise(rb_eArgError, "invalid IP address");
- }
- Data_Get_Struct(self, iface_t, iface);
- if (!iface->delete_address(iface, addr, bits))
- {
- addr->destroy(addr);
- rb_raise(rb_eRuntimeError, "address not found");
- }
- if (rb_block_given_p()) {
- rb_yield(self);
- iface->add_address(iface, addr, bits);
- }
- addr->destroy(addr);
- return self;
-}
-
-static VALUE iface_delete(VALUE self)
-{
- guest_t *guest;
- iface_t *iface;
-
- Data_Get_Struct(self, iface_t, iface);
- guest = iface->get_guest(iface);
- guest->destroy_iface(guest, iface);
- return Qnil;
-}
-
-static void iface_init()
-{
- rbc_iface = rb_define_class_under(rbm_dumm , "Iface", rb_cObject);
- rb_include_module(rbc_iface, rb_mEnumerable);
-
- rb_define_method(rbc_iface, "to_s", iface_to_s, 0);
- rb_define_method(rbc_iface, "connect", iface_connect, 1);
- rb_define_method(rbc_iface, "disconnect", iface_disconnect, 0);
- rb_define_method(rbc_iface, "add", iface_add_addr, 1);
- rb_define_method(rbc_iface, "del", iface_del_addr, 1);
- rb_define_method(rbc_iface, "each", iface_each_addr, -1);
- rb_define_method(rbc_iface, "delete", iface_delete, 0);
-}
-
-static VALUE template_load(VALUE class, VALUE dir)
-{
- if (!dumm->load_template(dumm, StringValuePtr(dir)))
- {
- rb_raise(rb_eRuntimeError, "loading template failed");
- }
- return class;
-}
-
-static VALUE template_unload(VALUE class)
-{
- if (!dumm->load_template(dumm, NULL))
- {
- rb_raise(rb_eRuntimeError, "unloading template failed");
- }
- return class;
-}
-
-static VALUE template_each(int argc, VALUE *argv, VALUE class)
-{
- enumerator_t *enumerator;
- char *template;
-
- if (!rb_block_given_p())
- {
- rb_raise(rb_eArgError, "must be called with a block");
- }
- enumerator = dumm->create_template_enumerator(dumm);
- while (enumerator->enumerate(enumerator, &template))
- {
- rb_yield(rb_str_new2(template));
- }
- enumerator->destroy(enumerator);
- return class;
-}
-
-static void template_init()
-{
- rbc_template = rb_define_class_under(rbm_dumm , "Template", rb_cObject);
- rb_include_module(rb_class_of(rbc_template), rb_mEnumerable);
-
- rb_define_singleton_method(rbc_template, "load", template_load, 1);
- rb_define_singleton_method(rbc_template, "unload", template_unload, 0);
- rb_define_singleton_method(rbc_template, "each", template_each, -1);
-}
-
-/**
- * extension finalization
- */
-void Final_dumm()
-{
- struct sigaction action;
-
- dumm->destroy(dumm);
-
- sigemptyset(&action.sa_mask);
- action.sa_handler = SIG_DFL;
- action.sa_flags = 0;
- sigaction(SIGCHLD, &action, NULL);
-
- library_deinit();
-}
-
-/**
- * extension initialization
- */
-void Init_dumm()
-{
- struct sigaction action;
-
- /* there are too many to report, rubyruby... */
- setenv("LEAK_DETECTIVE_DISABLE", "1", 1);
-
- library_init(NULL, "dumm");
-
- dumm = dumm_create(NULL);
-
- dumm_init();
- guest_init();
- bridge_init();
- iface_init();
- template_init();
-
- sigemptyset(&action.sa_mask);
- action.sa_sigaction = sigchld_handler;
- action.sa_flags = SA_SIGINFO;
- sigaction(SIGCHLD, &action, NULL);
-
- rb_set_end_proc(Final_dumm, 0);
-}
diff --git a/src/dumm/ext/extconf.rb.in b/src/dumm/ext/extconf.rb.in
deleted file mode 100644
index 29df65ca7..000000000
--- a/src/dumm/ext/extconf.rb.in
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# DUMM for Ruby
-#
-
-require 'mkmf'
-
-$defs << " @DEFS@"
-$CFLAGS << " -Wno-format -include \"@top_builddir@/config.h\""
-
-dir_config('dumm', '@top_srcdir@/src/dumm', '../.libs')
-dir_config('strongswan', '@top_srcdir@/src/libstrongswan', '../../libstrongswan/.libs')
-
-unless find_library('dumm', 'dumm_create')
- puts "... failed: 'libdumm' not found!"
- exit
-end
-
-create_makefile('dumm', '@top_srcdir@/src/dumm/ext')
-
diff --git a/src/dumm/ext/lib/dumm.rb b/src/dumm/ext/lib/dumm.rb
deleted file mode 100644
index 0dd7ada10..000000000
--- a/src/dumm/ext/lib/dumm.rb
+++ /dev/null
@@ -1,63 +0,0 @@
-=begin
- Copyright (C) 2008-2009 Tobias Brunner
- HSR Hochschule fuer Technik Rapperswil
-
- This program is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by the
- Free Software Foundation; either version 2 of the License, or (at your
- option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-
- This program is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- for more details.
-=end
-
-require 'dumm.so'
-require 'dumm/guest'
-
-module Dumm
-
- # use guest/bridge indentifiers directly
- def method_missing(id, *args)
- if Guest.guest? id
- return Guest[id]
- end
- if Bridge.bridge? id
- return Bridge[id]
- end
- super(id, *args)
- end
-
- # shortcut for Template loading
- def template(name = nil)
- if name
- Template.load name
- else
- Template.sort.each {|t| puts t }
- end
- return Dumm
- end
-
- # unload template/overlays, reset all guests and delete bridges
- def reset
- Template.unload
- Guest.each { |guest|
- guest.reset
- }
- Bridge.each { |bridge|
- bridge.delete
- }
- return Dumm
- end
-
- # wait until all running guests have booted up
- def boot
- Guest.each {|g|
- g.boot if g.running?
- }
- return Dumm
- end
-end
-
-# vim:sw=2 ts=2 et
diff --git a/src/dumm/ext/lib/dumm/guest.rb b/src/dumm/ext/lib/dumm/guest.rb
deleted file mode 100644
index 6978edcb3..000000000
--- a/src/dumm/ext/lib/dumm/guest.rb
+++ /dev/null
@@ -1,59 +0,0 @@
-=begin
- Copyright (C) 2008-2010 Tobias Brunner
- HSR Hochschule fuer Technik Rapperswil
-
- This program is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by the
- Free Software Foundation; either version 2 of the License, or (at your
- option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
-
- This program is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- for more details.
-=end
-
-module Dumm
- class Guest
- # accessor for guests
- # e.g. Guest.sun instead of Guest["sun"]
- def self.method_missing(id, *args)
- unless guest? id
- super(id, *args)
- end
- Guest[id]
- end
-
- # accessor for interfaces
- # e.g. guest.eth0 instead of guest["eth0"]
- def method_missing(id, *args)
- unless iface? id
- super(id, *args)
- end
- self[id]
- end
-
- # remove all overlays, delete all interfaces
- def reset
- while pop_overlay; end
- each {|i|
- i.delete
- }
- end
-
- # has the guest booted up?
- def booted?
- exec("pgrep getty")
- execstatus == 0
- end
-
- # wait until the guest has booted
- def boot
- while not booted?
- sleep(1)
- end
- end
- end
-end
-
-# vim:sw=2 ts=2 et
diff --git a/src/dumm/guest.c b/src/dumm/guest.c
deleted file mode 100644
index 327b86c63..000000000
--- a/src/dumm/guest.c
+++ /dev/null
@@ -1,682 +0,0 @@
-/*
- * Copyright (C) 2008-2009 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/wait.h>
-#include <sys/uio.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <dirent.h>
-#include <termios.h>
-#include <stdarg.h>
-
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-#include "dumm.h"
-#include "guest.h"
-#include "mconsole.h"
-#include "cowfs.h"
-
-#define PERME (S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH)
-#define PERM (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH)
-
-#define MASTER_DIR "master"
-#define DIFF_DIR "diff"
-#define UNION_DIR "union"
-#define ARGS_FILE "args"
-#define PID_FILE "pid"
-#define KERNEL_FILE "linux"
-#define LOG_FILE "boot.log"
-#define NOTIFY_FILE "notify"
-#define PTYS 0
-
-typedef struct private_guest_t private_guest_t;
-
-struct private_guest_t {
- /** implemented public interface */
- guest_t public;
- /** name of the guest */
- char *name;
- /** directory of guest */
- int dir;
- /** directory name of guest */
- char *dirname;
- /** additional args to pass to guest */
- char *args;
- /** pid of guest child process */
- int pid;
- /** state of guest */
- guest_state_t state;
- /** FUSE cowfs instance */
- cowfs_t *cowfs;
- /** mconsole to control running UML */
- mconsole_t *mconsole;
- /** list of interfaces attached to the guest */
- linked_list_t *ifaces;
-};
-
-ENUM(guest_state_names, GUEST_STOPPED, GUEST_STOPPING,
- "STOPPED",
- "STARTING",
- "RUNNING",
- "PAUSED",
- "STOPPING",
-);
-
-METHOD(guest_t, get_name, char*,
- private_guest_t *this)
-{
- return this->name;
-}
-
-METHOD(guest_t, create_iface, iface_t*,
- private_guest_t *this, char *name)
-{
- enumerator_t *enumerator;
- iface_t *iface;
-
- if (this->state != GUEST_RUNNING)
- {
- DBG1(DBG_LIB, "guest '%s' not running, unable to add interface",
- this->name);
- return NULL;
- }
-
- enumerator = this->ifaces->create_enumerator(this->ifaces);
- while (enumerator->enumerate(enumerator, (void**)&iface))
- {
- if (streq(name, iface->get_guestif(iface)))
- {
- DBG1(DBG_LIB, "guest '%s' already has an interface '%s'",
- this->name, name);
- enumerator->destroy(enumerator);
- return NULL;
- }
- }
- enumerator->destroy(enumerator);
-
- iface = iface_create(name, &this->public, this->mconsole);
- if (iface)
- {
- this->ifaces->insert_last(this->ifaces, iface);
- }
- return iface;
-}
-
-METHOD(guest_t, destroy_iface, void,
- private_guest_t *this, iface_t *iface)
-{
- enumerator_t *enumerator;
- iface_t *current;
-
- enumerator = this->ifaces->create_enumerator(this->ifaces);
- while (enumerator->enumerate(enumerator, (void**)&current))
- {
- if (current == iface)
- {
- this->ifaces->remove_at(this->ifaces, enumerator);
- current->destroy(current);
- break;
- }
- }
- enumerator->destroy(enumerator);
-}
-
-METHOD(guest_t, create_iface_enumerator, enumerator_t*,
- private_guest_t *this)
-{
- return this->ifaces->create_enumerator(this->ifaces);
-}
-
-METHOD(guest_t, get_state, guest_state_t,
- private_guest_t *this)
-{
- return this->state;
-}
-
-METHOD(guest_t, get_pid, pid_t,
- private_guest_t *this)
-{
- return this->pid;
-}
-
-/**
- * write format string to a buffer, and advance buffer position
- */
-static char* write_arg(char **pos, size_t *left, char *format, ...)
-{
- size_t len;
- char *res = NULL;
- va_list args;
-
- va_start(args, format);
- len = vsnprintf(*pos, *left, format, args);
- va_end(args);
- if (len < *left)
- {
- res = *pos;
- len++;
- *pos += len + 1;
- *left -= len + 1;
- }
- return res;
-}
-
-METHOD(guest_t, stop, void,
- private_guest_t *this, idle_function_t idle)
-{
- if (this->state != GUEST_STOPPED)
- {
- this->state = GUEST_STOPPING;
- this->ifaces->destroy_offset(this->ifaces, offsetof(iface_t, destroy));
- this->ifaces = linked_list_create();
- kill(this->pid, SIGINT);
- while (this->state != GUEST_STOPPED)
- {
- if (idle)
- {
- idle();
- }
- else
- {
- usleep(50000);
- }
- }
- unlinkat(this->dir, PID_FILE, 0);
- this->pid = 0;
- }
-}
-
-/**
- * save pid in file
- */
-void savepid(private_guest_t *this)
-{
- FILE *file;
-
- file = fdopen(openat(this->dir, PID_FILE, O_RDWR | O_CREAT | O_TRUNC,
- PERM), "w");
- if (file)
- {
- fprintf(file, "%d", this->pid);
- fclose(file);
- }
-}
-
-METHOD(guest_t, start, bool,
- private_guest_t *this, invoke_function_t invoke, void* data,
- idle_function_t idle)
-{
- char buf[2048];
- char *notify;
- char *pos = buf;
- char *args[32];
- int i = 0;
- size_t left = sizeof(buf);
-
- memset(args, 0, sizeof(args));
-
- if (this->state != GUEST_STOPPED)
- {
- DBG1(DBG_LIB, "unable to start guest in state %N", guest_state_names,
- this->state);
- return FALSE;
- }
- this->state = GUEST_STARTING;
-
- notify = write_arg(&pos, &left, "%s/%s", this->dirname, NOTIFY_FILE);
-
- args[i++] = write_arg(&pos, &left, "nice");
- args[i++] = write_arg(&pos, &left, "%s/%s", this->dirname, KERNEL_FILE);
- args[i++] = write_arg(&pos, &left, "root=/dev/root");
- args[i++] = write_arg(&pos, &left, "rootfstype=hostfs");
- args[i++] = write_arg(&pos, &left, "rootflags=%s/%s", this->dirname, UNION_DIR);
- args[i++] = write_arg(&pos, &left, "uml_dir=%s", this->dirname);
- args[i++] = write_arg(&pos, &left, "umid=%s", this->name);
- args[i++] = write_arg(&pos, &left, "mconsole=notify:%s", notify);
- args[i++] = write_arg(&pos, &left, "con=null");
- if (this->args)
- {
- args[i++] = this->args;
- }
-
- this->pid = invoke(data, &this->public, args, i);
- if (!this->pid)
- {
- this->state = GUEST_STOPPED;
- return FALSE;
- }
- savepid(this);
-
- /* open mconsole */
- this->mconsole = mconsole_create(notify, idle);
- if (this->mconsole == NULL)
- {
- DBG1(DBG_LIB, "opening mconsole at '%s' failed, stopping guest", buf);
- stop(this, NULL);
- return FALSE;
- }
-
- this->state = GUEST_RUNNING;
- return TRUE;
-}
-
-METHOD(guest_t, add_overlay, bool,
- private_guest_t *this, char *path)
-{
- if (path == NULL)
- {
- return FALSE;
- }
-
- if (access(path, F_OK) != 0)
- {
- if (!mkdir_p(path, PERME))
- {
- DBG1(DBG_LIB, "creating overlay for guest '%s' failed: %m",
- this->name);
- return FALSE;
- }
- }
-
- return this->cowfs->add_overlay(this->cowfs, path);
-}
-
-METHOD(guest_t, del_overlay, bool,
- private_guest_t *this, char *path)
-{
- return this->cowfs->del_overlay(this->cowfs, path);
-}
-
-METHOD(guest_t, pop_overlay, bool,
- private_guest_t *this)
-{
- return this->cowfs->pop_overlay(this->cowfs);
-}
-
-/**
- * Variadic version of the exec function
- */
-static int vexec(private_guest_t *this, void(*cb)(void*,char*,size_t), void *data,
- char *cmd, va_list args)
-{
- char buf[1024];
- size_t len;
-
- if (this->mconsole)
- {
- len = vsnprintf(buf, sizeof(buf), cmd, args);
-
- if (len > 0 && len < sizeof(buf))
- {
- return this->mconsole->exec(this->mconsole, cb, data, buf);
- }
- }
- return -1;
-}
-
-METHOD(guest_t, exec, int,
- private_guest_t *this, void(*cb)(void*,char*,size_t), void *data,
- char *cmd, ...)
-{
- int res;
- va_list args;
- va_start(args, cmd);
- res = vexec(this, cb, data, cmd, args);
- va_end(args);
- return res;
-}
-
-typedef struct {
- chunk_t buf;
- void (*cb)(void*,char*);
- void *data;
-} exec_str_t;
-
-/**
- * callback that combines chunks to a string. if a callback is given, the string
- * is split at newlines and the callback is called for each line.
- */
-static void exec_str_cb(exec_str_t *data, char *buf, size_t len)
-{
- if (!data->buf.ptr)
- {
- data->buf = chunk_alloc(len + 1);
- memcpy(data->buf.ptr, buf, len);
- data->buf.ptr[len] = '\0';
- }
- else
- {
- size_t newlen = strlen(data->buf.ptr) + len + 1;
- if (newlen > data->buf.len)
- {
- data->buf.ptr = realloc(data->buf.ptr, newlen);
- data->buf.len = newlen;
- }
- strncat(data->buf.ptr, buf, len);
- }
-
- if (data->cb)
- {
- char *nl;
- while ((nl = strchr(data->buf.ptr, '\n')) != NULL)
- {
- *nl++ = '\0';
- data->cb(data->data, data->buf.ptr);
- memmove(data->buf.ptr, nl, strlen(nl) + 1);
- }
- }
-}
-
-METHOD(guest_t, exec_str, int,
- private_guest_t *this, void(*cb)(void*,char*), bool lines, void *data,
- char *cmd, ...)
-{
- int res;
- va_list args;
- va_start(args, cmd);
- if (cb)
- {
- exec_str_t exec = { chunk_empty, NULL, NULL };
- if (lines)
- {
- exec.cb = cb;
- exec.data = data;
- }
- res = vexec(this, (void(*)(void*,char*,size_t))exec_str_cb, &exec, cmd, args);
- if (exec.buf.ptr)
- {
- if (!lines || strlen(exec.buf.ptr) > 0)
- {
- /* return the complete string or the remaining stuff in the
- * buffer (i.e. when there was no newline at the end) */
- cb(data, exec.buf.ptr);
- }
- chunk_free(&exec.buf);
- }
- }
- else
- {
- res = vexec(this, NULL, NULL, cmd, args);
- }
- va_end(args);
- return res;
-}
-
-METHOD(guest_t, sigchild, void,
- private_guest_t *this)
-{
- DESTROY_IF(this->mconsole);
- this->mconsole = NULL;
- this->state = GUEST_STOPPED;
-}
-
-/**
- * umount the union filesystem
- */
-static bool umount_unionfs(private_guest_t *this)
-{
- if (this->cowfs)
- {
- this->cowfs->destroy(this->cowfs);
- this->cowfs = NULL;
- return TRUE;
- }
- return FALSE;
-}
-
-/**
- * mount the union filesystem
- */
-static bool mount_unionfs(private_guest_t *this)
-{
- char master[PATH_MAX];
- char diff[PATH_MAX];
- char mount[PATH_MAX];
-
- if (this->cowfs == NULL)
- {
- snprintf(master, sizeof(master), "%s/%s", this->dirname, MASTER_DIR);
- snprintf(diff, sizeof(diff), "%s/%s", this->dirname, DIFF_DIR);
- snprintf(mount, sizeof(mount), "%s/%s", this->dirname, UNION_DIR);
-
- this->cowfs = cowfs_create(master, diff, mount);
- if (this->cowfs)
- {
- return TRUE;
- }
- }
- return FALSE;
-}
-
-/**
- * load args configuration from file
- */
-char *loadargs(private_guest_t *this)
-{
- FILE *file;
- char buf[512], *args = NULL;
-
- file = fdopen(openat(this->dir, ARGS_FILE, O_RDONLY, PERM), "r");
- if (file)
- {
- if (fgets(buf, sizeof(buf), file))
- {
- args = strdup(buf);
- }
- fclose(file);
- }
- return args;
-}
-
-/**
- * save args configuration to file
- */
-bool saveargs(private_guest_t *this, char *args)
-{
- FILE *file;
- bool retval = FALSE;
-
- file = fdopen(openat(this->dir, ARGS_FILE, O_RDWR | O_CREAT | O_TRUNC,
- PERM), "w");
- if (file)
- {
- if (fprintf(file, "%s", args) > 0)
- {
- retval = TRUE;
- }
- fclose(file);
- }
- return retval;
-}
-
-METHOD(guest_t, destroy, void,
- private_guest_t *this)
-{
- stop(this, NULL);
- umount_unionfs(this);
- if (this->dir > 0)
- {
- close(this->dir);
- }
- this->ifaces->destroy(this->ifaces);
- free(this->dirname);
- free(this->args);
- free(this->name);
- free(this);
-}
-
-/**
- * generic guest constructor
- */
-static private_guest_t *guest_create_generic(char *parent, char *name,
- bool create)
-{
- char cwd[PATH_MAX];
- private_guest_t *this;
-
- INIT(this,
- .public = {
- .get_name = _get_name,
- .get_pid = _get_pid,
- .get_state = _get_state,
- .create_iface = _create_iface,
- .destroy_iface = _destroy_iface,
- .create_iface_enumerator = _create_iface_enumerator,
- .start = _start,
- .stop = _stop,
- .add_overlay = _add_overlay,
- .del_overlay = _del_overlay,
- .pop_overlay = _pop_overlay,
- .exec = _exec,
- .exec_str = _exec_str,
- .sigchild = _sigchild,
- .destroy = _destroy,
- }
- );
-
- if (*parent == '/' || getcwd(cwd, sizeof(cwd)) == NULL)
- {
- if (asprintf(&this->dirname, "%s/%s", parent, name) < 0)
- {
- this->dirname = NULL;
- }
- }
- else
- {
- if (asprintf(&this->dirname, "%s/%s/%s", cwd, parent, name) < 0)
- {
- this->dirname = NULL;
- }
- }
- if (this->dirname == NULL)
- {
- free(this);
- return NULL;
- }
- if (create)
- {
- mkdir(this->dirname, PERME);
- }
- this->dir = open(this->dirname, O_DIRECTORY, PERME);
- if (this->dir < 0)
- {
- DBG1(DBG_LIB, "opening guest directory '%s' failed: %m", this->dirname);
- free(this->dirname);
- free(this);
- return NULL;
- }
- this->state = GUEST_STOPPED;
- this->ifaces = linked_list_create();
- this->name = strdup(name);
-
- return this;
-}
-
-/**
- * create a symlink to old called new in our working dir
- */
-static bool make_symlink(private_guest_t *this, char *old, char *new)
-{
- char cwd[PATH_MAX];
- char buf[PATH_MAX];
-
- if (*old == '/' || getcwd(cwd, sizeof(cwd)) == NULL)
- {
- snprintf(buf, sizeof(buf), "%s", old);
- }
- else
- {
- snprintf(buf, sizeof(buf), "%s/%s", cwd, old);
- }
- return symlinkat(buf, this->dir, new) == 0;
-}
-
-
-/**
- * create the guest instance, including required dirs and mounts
- */
-guest_t *guest_create(char *parent, char *name, char *kernel,
- char *master, char *args)
-{
- private_guest_t *this = guest_create_generic(parent, name, TRUE);
-
- if (this == NULL)
- {
- return NULL;
- }
-
- if (!make_symlink(this, master, MASTER_DIR) ||
- !make_symlink(this, kernel, KERNEL_FILE))
- {
- DBG1(DBG_LIB, "creating master/kernel symlink failed: %m");
- destroy(this);
- return NULL;
- }
-
- if (mkdirat(this->dir, UNION_DIR, PERME) != 0 ||
- mkdirat(this->dir, DIFF_DIR, PERME) != 0)
- {
- DBG1(DBG_LIB, "unable to create directories for '%s': %m", name);
- destroy(this);
- return NULL;
- }
-
- this->args = args;
- if (args && !saveargs(this, args))
- {
- destroy(this);
- return NULL;
- }
-
- if (!mount_unionfs(this))
- {
- destroy(this);
- return NULL;
- }
-
- return &this->public;
-}
-
-/**
- * load an already created guest
- */
-guest_t *guest_load(char *parent, char *name)
-{
- private_guest_t *this = guest_create_generic(parent, name, FALSE);
-
- if (this == NULL)
- {
- return NULL;
- }
-
- this->args = loadargs(this);
-
- if (!mount_unionfs(this))
- {
- destroy(this);
- return NULL;
- }
-
- return &this->public;
-}
-
diff --git a/src/dumm/guest.h b/src/dumm/guest.h
deleted file mode 100644
index 14c7272d0..000000000
--- a/src/dumm/guest.h
+++ /dev/null
@@ -1,222 +0,0 @@
-/*
- * Copyright (C) 2008-2009 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef GUEST_H
-#define GUEST_H
-
-#include <library.h>
-#include <collections/enumerator.h>
-
-typedef enum guest_state_t guest_state_t;
-typedef struct guest_t guest_t;
-
-#include "iface.h"
-
-/**
- * State of a guest (started, stopped, ...)
- */
-enum guest_state_t {
- /** guest kernel not running at all */
- GUEST_STOPPED,
- /** kernel started, but not yet available */
- GUEST_STARTING,
- /** guest is up and running */
- GUEST_RUNNING,
- /** guest has been paused */
- GUEST_PAUSED,
- /** guest is stopping (shutting down) */
- GUEST_STOPPING,
-};
-
-/**
- * string mappings for guest_state_t
- */
-extern enum_name_t *guest_state_names;
-
-/**
- * Invoke function which launches the UML guest.
- *
- * Consoles are all set to NULL, you may change them by adding additional UML
- * options to args before invocation.
- *
- * @param data callback data
- * @param guest guest to start
- * @param args args to use for guest invocation, args[0] is kernel
- * @param argc number of elements in args
- * @param idle
- * @return PID of child, 0 if failed
- */
-typedef pid_t (*invoke_function_t)(void *data, guest_t *guest,
- char *args[], int argc);
-
-/**
- * Idle function to pass to start().
- */
-typedef void (*idle_function_t)(void);
-
-/**
- * A guest is a UML instance running on the host.
- **/
-struct guest_t {
-
- /**
- * Get the name of this guest.
- *
- * @return name of the guest
- */
- char* (*get_name) (guest_t *this);
-
- /**
- * Get the process ID of the guest child process.
- *
- * @return name of the guest
- */
- pid_t (*get_pid) (guest_t *this);
-
- /**
- * Get the state of the guest (stopped, started, etc.).
- *
- * @return guests state
- */
- guest_state_t (*get_state)(guest_t *this);
-
- /**
- * Start the guest.
- *
- * @param invoke UML guest invocation function
- * @param data data to pass back to invoke function
- * @param idle idle function to call while waiting on child
- * @return TRUE if guest successfully started
- */
- bool (*start) (guest_t *this, invoke_function_t invoke, void *data,
- idle_function_t idle);
-
- /**
- * Kill the guest.
- *
- * @param idle idle function to call while waiting to termination
- */
- void (*stop) (guest_t *this, idle_function_t idle);
-
- /**
- * Create a new interface in the current scenario.
- *
- * @param name name of the interface in the guest
- * @return created interface, or NULL if failed
- */
- iface_t* (*create_iface)(guest_t *this, char *name);
-
- /**
- * Destroy an interface on guest.
- *
- * @param iface interface to destroy
- */
- void (*destroy_iface)(guest_t *this, iface_t *iface);
-
- /**
- * Create an enumerator over all guest interfaces.
- *
- * @return enumerator over iface_t's
- */
- enumerator_t* (*create_iface_enumerator)(guest_t *this);
-
- /**
- * Adds a COWFS overlay. The directory is created if it does not exist.
- *
- * @param dir directory where overlay diff should point to
- * @return FALSE, if failed
- */
- bool (*add_overlay)(guest_t *this, char *dir);
-
- /**
- * Removes the specified COWFS overlay.
- *
- * @param dir directory where overlay diff points to
- * @return FALSE, if no found
- */
- bool (*del_overlay)(guest_t *this, char *dir);
-
- /**
- * Removes the latest COWFS overlay.
- *
- * @return FALSE, if no overlay was found
- */
- bool (*pop_overlay)(guest_t *this);
-
- /**
- * Execute a command on the guests mconsole.
- *
- * @param cb callback to call for each read block
- * @param data data to pass to callback
- * @param cmd command to execute
- * @param ... printf style argument list for cmd
- * @return return value
- */
- int (*exec)(guest_t *this, void(*cb)(void*,char*,size_t), void *data,
- char *cmd, ...);
-
- /**
- * Execute a command on the guests mconsole, with output formatter.
- *
- * If lines is TRUE, callback is invoked for each output line. Otherwise
- * the full result is returned in one callback invocation.
- *
- * @note This function does not work with binary output.
- *
- * @param cb callback to call for each line or for the complete output
- * @param lines TRUE if the callback should be called for each line
- * @param data data to pass to callback
- * @param cmd command to execute
- * @param ... printf style argument list for cmd
- * @return return value
- */
- int (*exec_str)(guest_t *this, void(*cb)(void*,char*), bool lines,
- void *data, char *cmd, ...);
-
- /**
- * Called whenever a SIGCHILD for the guests PID is received.
- */
- void (*sigchild)(guest_t *this);
-
- /**
- * Close and destroy a guest with all interfaces
- */
- void (*destroy) (guest_t *this);
-};
-
-/**
- * Create a new, unstarted guest.
- *
- * @param parent parent directory to create the guest in
- * @param name name of the guest to create
- * @param kernel kernel this guest uses
- * @param master read-only master filesystem for guest
- * @param args additional args to pass to kernel
- * @param mem amount of memory to give the guest
- */
-guest_t *guest_create(char *parent, char *name, char *kernel,
- char *master, char *args);
-
-/**
- * Load a guest created with guest_create().
- *
- * @param parent parent directory to look for a guest
- * @param name name of the guest directory
- */
-guest_t *guest_load(char *parent, char *name);
-
-#endif /* GUEST_H */
-
diff --git a/src/dumm/iface.c b/src/dumm/iface.c
deleted file mode 100644
index 3642ed8a2..000000000
--- a/src/dumm/iface.c
+++ /dev/null
@@ -1,299 +0,0 @@
-/*
- * Copyright (C) 2008 Tobias Brunner
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- * Copyright (C) 2002 Jeff Dike
- *
- * Based on the "tunctl" utility from Jeff Dike.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include <sys/types.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <net/if.h>
-#include <sys/ioctl.h>
-#include <linux/if_tun.h>
-
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-#include "iface.h"
-
-typedef struct private_iface_t private_iface_t;
-
-struct private_iface_t {
- /** public interface */
- iface_t public;
- /** device name in guest (eth0) */
- char *guestif;
- /** device name at host (tap0) */
- char *hostif;
- /** bridge this interface is attached to */
- bridge_t *bridge;
- /** guest this interface is attached to */
- guest_t *guest;
- /** mconsole for guest */
- mconsole_t *mconsole;
-};
-
-/**
- * bring an interface up or down (host side)
- */
-bool iface_control(char *name, bool up)
-{
- int s;
- bool good = FALSE;
- struct ifreq ifr;
-
- memset(&ifr, 0, sizeof(struct ifreq));
- strncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name));
-
- s = socket(AF_INET, SOCK_DGRAM, 0);
- if (!s)
- {
- return FALSE;
- }
- if (ioctl(s, SIOCGIFFLAGS, &ifr) == 0)
- {
- if (up)
- {
- ifr.ifr_flags |= IFF_UP;
- }
- else
- {
- ifr.ifr_flags &= ~IFF_UP;
- }
- if (ioctl(s, SIOCSIFFLAGS, &ifr) == 0)
- {
- good = TRUE;
- }
- }
- close(s);
- return good;
-}
-
-METHOD(iface_t, get_guestif, char*,
- private_iface_t *this)
-{
- return this->guestif;
-}
-
-METHOD(iface_t, get_hostif, char*,
- private_iface_t *this)
-{
- return this->hostif;
-}
-
-METHOD(iface_t, add_address, bool,
- private_iface_t *this, host_t *addr, int bits)
-{
- return (this->guest->exec(this->guest, NULL, NULL,
- "exec ip addr add %H/%d dev %s", addr, bits, this->guestif) == 0);
-}
-
-/**
- * compile a list of the addresses of an interface
- */
-static void compile_address_list(linked_list_t *list, char *address)
-{
- host_t *host = host_create_from_string(address, 0);
- if (host)
- {
- list->insert_last(list, host);
- }
-}
-
-/**
- * delete the list of addresses
- */
-static void destroy_address_list(linked_list_t *list)
-{
- list->destroy_offset(list, offsetof(host_t, destroy));
-}
-
-METHOD(iface_t, create_address_enumerator, enumerator_t*,
- private_iface_t *this)
-{
- linked_list_t *addresses = linked_list_create();
- this->guest->exec_str(this->guest, (void(*)(void*,char*))compile_address_list,
- TRUE, addresses,
- "exec ip addr list dev %s scope global | "
- "grep '^ \\+\\(inet6\\? \\)' | "
- "awk -F '( +|/)' '{ print $3 }'", this->guestif);
- return enumerator_create_cleaner(addresses->create_enumerator(addresses),
- (void(*)(void*))destroy_address_list, addresses);
-}
-
-METHOD(iface_t, delete_address, bool,
- private_iface_t *this, host_t *addr, int bits)
-{
- return (this->guest->exec(this->guest, NULL, NULL,
- "exec ip addr del %H/%d dev %s", addr, bits, this->guestif) == 0);
-}
-
-METHOD(iface_t, set_bridge, void,
- private_iface_t *this, bridge_t *bridge)
-{
- if (this->bridge == NULL && bridge)
- {
- this->guest->exec(this->guest, NULL, NULL,
- "exec ip link set %s up", this->guestif);
- }
- else if (this->bridge && bridge == NULL)
- {
- this->guest->exec(this->guest, NULL, NULL,
- "exec ip link set %s down", this->guestif);
- }
- this->bridge = bridge;
-}
-
-METHOD(iface_t, get_bridge, bridge_t*,
- private_iface_t *this)
-{
- return this->bridge;
-}
-
-METHOD(iface_t, get_guest, guest_t*,
- private_iface_t *this)
-{
- return this->guest;
-}
-
-/**
- * destroy the tap device
- */
-static bool destroy_tap(private_iface_t *this)
-{
- struct ifreq ifr;
- int tap;
-
- if (!iface_control(this->hostif, FALSE))
- {
- DBG1(DBG_LIB, "bringing iface down failed: %m");
- }
- memset(&ifr, 0, sizeof(ifr));
- ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
- strncpy(ifr.ifr_name, this->hostif, sizeof(ifr.ifr_name) - 1);
-
- tap = open(TAP_DEVICE, O_RDWR);
- if (tap < 0)
- {
- DBG1(DBG_LIB, "unable to open tap device %s: %m", TAP_DEVICE);
- return FALSE;
- }
- if (ioctl(tap, TUNSETIFF, &ifr) < 0 ||
- ioctl(tap, TUNSETPERSIST, 0) < 0)
- {
- DBG1(DBG_LIB, "removing %s failed: %m", this->hostif);
- close(tap);
- return FALSE;
- }
- close(tap);
- return TRUE;
-}
-
-/**
- * create the tap device
- */
-static char* create_tap(private_iface_t *this)
-{
- struct ifreq ifr;
- int tap;
-
- memset(&ifr, 0, sizeof(ifr));
- ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
- snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s-%s",
- this->guest->get_name(this->guest), this->guestif);
-
- tap = open(TAP_DEVICE, O_RDWR);
- if (tap < 0)
- {
- DBG1(DBG_LIB, "unable to open tap device %s: %m", TAP_DEVICE);
- return NULL;
- }
- if (ioctl(tap, TUNSETIFF, &ifr) < 0 ||
- ioctl(tap, TUNSETPERSIST, 1) < 0 ||
- ioctl(tap, TUNSETOWNER, 0))
- {
- DBG1(DBG_LIB, "creating new tap device failed: %m");
- close(tap);
- return NULL;
- }
- close(tap);
- return strdup(ifr.ifr_name);
-}
-
-METHOD(iface_t, destroy, void,
- private_iface_t *this)
-{
- if (this->bridge)
- {
- this->bridge->disconnect_iface(this->bridge, &this->public);
- }
- /* TODO: iface mgmt is not blocking yet, so wait some ticks */
- usleep(50000);
- this->mconsole->del_iface(this->mconsole, this->guestif);
- destroy_tap(this);
- free(this->guestif);
- free(this->hostif);
- free(this);
-}
-
-/**
- * create the iface instance
- */
-iface_t *iface_create(char *name, guest_t *guest, mconsole_t *mconsole)
-{
- private_iface_t *this;
-
- INIT(this,
- .public = {
- .get_hostif = _get_hostif,
- .get_guestif = _get_guestif,
- .add_address = _add_address,
- .create_address_enumerator = _create_address_enumerator,
- .delete_address = _delete_address,
- .set_bridge = _set_bridge,
- .get_bridge = _get_bridge,
- .get_guest = _get_guest,
- .destroy = _destroy,
- },
- .mconsole = mconsole,
- .guestif = strdup(name),
- .guest = guest,
- );
- this->hostif = create_tap(this);
- if (this->hostif == NULL)
- {
- destroy_tap(this);
- free(this->guestif);
- free(this);
- return NULL;
- }
- if (!this->mconsole->add_iface(this->mconsole, this->guestif, this->hostif))
- {
- DBG1(DBG_LIB, "creating interface '%s' in guest failed", this->guestif);
- destroy_tap(this);
- free(this->guestif);
- free(this->hostif);
- free(this);
- return NULL;
- }
- if (!iface_control(this->hostif, TRUE))
- {
- DBG1(DBG_LIB, "bringing iface '%s' up failed: %m", this->hostif);
- }
- return &this->public;
-}
-
diff --git a/src/dumm/iface.h b/src/dumm/iface.h
deleted file mode 100644
index e6e8775a0..000000000
--- a/src/dumm/iface.h
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef IFACE_H
-#define IFACE_H
-
-#include <library.h>
-#include <collections/enumerator.h>
-#include <networking/host.h>
-
-#define TAP_DEVICE "/dev/net/tun"
-
-typedef struct iface_t iface_t;
-
-#include "mconsole.h"
-#include "bridge.h"
-#include "guest.h"
-
-/**
- * Interface in a guest, connected to a tap device on the host.
- */
-struct iface_t {
-
- /**
- * Get the interface name in the guest (e.g. eth0).
- *
- * @return guest interface name
- */
- char* (*get_guestif)(iface_t *this);
-
- /**
- * Get the interface name at the host (e.g. tap0).
- *
- * @return host interface (tap device) name
- */
- char* (*get_hostif)(iface_t *this);
-
- /**
- * Add an address to the interface.
- *
- * @param addr address to add to the interface
- * @param bits network prefix length in bits
- * @return TRUE if address added
- */
- bool (*add_address)(iface_t *this, host_t *addr, int bits);
-
- /**
- * Create an enumerator over all installed addresses.
- *
- * @return enumerator over host_t*
- */
- enumerator_t* (*create_address_enumerator)(iface_t *this);
-
- /**
- * Remove an address from an interface.
- *
- * @note The network prefix length has to be the same as used in add_address
- *
- * @param addr address to remove
- * @param bits network prefix length in bits
- * @return TRUE if address removed
- */
- bool (*delete_address)(iface_t *this, host_t *addr, int bits);
-
- /**
- * Set the bridge this interface is attached to.
- *
- * @param bridge assigned bridge, or NULL for none
- */
- void (*set_bridge)(iface_t *this, bridge_t *bridge);
-
- /**
- * Get the bridge this iface is connected, or NULL.
- *
- * @return connected bridge, or NULL
- */
- bridge_t* (*get_bridge)(iface_t *this);
-
- /**
- * Get the guest this iface belongs to.
- *
- * @return guest of this iface
- */
- guest_t* (*get_guest)(iface_t *this);
-
- /**
- * Destroy an interface
- */
- void (*destroy) (iface_t *this);
-};
-
-/**
- * Create a new interface for a guest
- *
- * @param name name of the interface in the guest
- * @param guest guest this iface is connecting
- * @param mconsole mconsole of guest
- * @return interface descriptor, or NULL if failed
- */
-iface_t *iface_create(char *name, guest_t *guest, mconsole_t *mconsole);
-
-#endif /* IFACE_H */
-
diff --git a/src/dumm/irdumm.c b/src/dumm/irdumm.c
deleted file mode 100644
index eb61da2c2..000000000
--- a/src/dumm/irdumm.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#undef PACKAGE_NAME
-#undef PACKAGE_TARNAME
-#undef PACKAGE_VERSION
-#undef PACKAGE_STRING
-#undef PACKAGE_BUGREPORT
-#undef PACKAGE_URL
-#undef HAVE_DLADDR
-#undef HAVE_QSORT_R
-#include <ruby.h>
-
-#ifdef HAVE_RB_ERRINFO
-#define ruby_errinfo rb_errinfo()
-#endif
-
-/**
- * main routine, parses args and reads from console
- */
-int main(int argc, char *argv[])
-{
- int state, i;
- char buf[512];
-
- ruby_init();
- ruby_init_loadpath();
-
- rb_eval_string_protect("require 'dumm' and include Dumm", &state);
- if (state)
- {
- rb_p(ruby_errinfo);
- printf("Please install the ruby extension first!\n");
- }
- for (i = 1; i < argc; i++)
- {
- snprintf(buf, sizeof(buf), "load \"%s\"", argv[i]);
- printf("%s\n", buf);
- rb_eval_string_protect(buf, &state);
- if (state)
- {
- rb_p(ruby_errinfo);
- }
- }
- rb_require("irb");
- rb_require("irb/completion");
- rb_eval_string_protect("IRB.start", &state);
- if (state)
- {
- rb_p(ruby_errinfo);
- }
-
- ruby_finalize();
- return 0;
-}
-
diff --git a/src/dumm/main.c b/src/dumm/main.c
deleted file mode 100644
index 1b5bef736..000000000
--- a/src/dumm/main.c
+++ /dev/null
@@ -1,629 +0,0 @@
-/*
- * Copyright (C) 2008 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "dumm.h"
-
-#include <collections/linked_list.h>
-
-#include <sys/types.h>
-#include <unistd.h>
-#include <sched.h>
-
-#include <glib.h>
-#include <gtk/gtk.h>
-#include <vte/vte.h>
-#include <vte/reaper.h>
-
-/**
- * notebook page with vte and guest
- */
-typedef struct {
- gint num;
- GtkWidget *vte;
- guest_t *guest;
-} page_t;
-
-/**
- * Main window
- */
-GtkWidget *window;
-
-/**
- * notebook with guests, vtes
- */
-GtkWidget *notebook;
-
-/**
- * dumm context
- */
-dumm_t *dumm;
-
-/**
- * pages in notebook, page_t
- */
-linked_list_t *pages;
-
-/**
- * handle guest termination, SIGCHILD
- */
-static void child_exited(VteReaper *vtereaper, gint pid, gint status)
-{
- enumerator_t *enumerator;
- page_t *page;
-
- enumerator = pages->create_enumerator(pages);
- while (enumerator->enumerate(enumerator, (void**)&page))
- {
- if (page->guest->get_pid(page->guest) == pid)
- {
- page->guest->sigchild(page->guest);
- vte_terminal_feed(VTE_TERMINAL(page->vte),
- "\n\r--- guest terminated ---\n\r", -1);
- break;
- }
- }
- enumerator->destroy(enumerator);
-}
-
-static page_t* get_page(int num)
-{
- enumerator_t *enumerator;
- page_t *page, *found = NULL;
-
- enumerator = pages->create_enumerator(pages);
- while (enumerator->enumerate(enumerator, (void**)&page))
- {
- if (page->num == num)
- {
- found = page;
- break;
- }
- }
- enumerator->destroy(enumerator);
- return found;
-}
-
-/**
- * Guest invocation callback
- */
-static pid_t invoke(void *vte, guest_t *guest,
- char *args[], int argc)
-{
- GPid pid;
-
- if (vte_terminal_fork_command_full(VTE_TERMINAL(vte),
- VTE_PTY_NO_LASTLOG | VTE_PTY_NO_UTMP | VTE_PTY_NO_WTMP,
- NULL, args, NULL,
- G_SPAWN_CHILD_INHERITS_STDIN | G_SPAWN_SEARCH_PATH,
- NULL, NULL, &pid, NULL))
- {
- return pid;
- }
- return 0;
-}
-
-void idle(void)
-{
- gtk_main_iteration_do(FALSE);
- sched_yield();
-}
-
-static void start_guest()
-{
- page_t *page;
-
- page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook)));
- if (page && page->guest->get_state(page->guest) == GUEST_STOPPED)
- {
- vte_terminal_feed(VTE_TERMINAL(page->vte),
- "--- starting guest ---\n\r", -1);
- page->guest->start(page->guest, invoke, VTE_TERMINAL(page->vte), idle);
- }
-}
-
-static void start_all_guests()
-{
- enumerator_t *enumerator;
- page_t *page;
-
- enumerator = pages->create_enumerator(pages);
- while (enumerator->enumerate(enumerator, (void**)&page))
- {
- if (page->guest->get_state(page->guest) == GUEST_STOPPED)
- {
- vte_terminal_feed(VTE_TERMINAL(page->vte),
- "--- starting all guests ---\n\r", -1);
- page->guest->start(page->guest, invoke,
- VTE_TERMINAL(page->vte), idle);
- }
- }
- enumerator->destroy(enumerator);
-}
-
-static void stop_guest()
-{
- page_t *page;
-
- page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook)));
- if (page && page->guest->get_state(page->guest) == GUEST_RUNNING)
- {
- page->guest->stop(page->guest, idle);
- }
-}
-
-/**
- * quit signal handler
- */
-static void quit()
-{
- enumerator_t *enumerator;
- page_t *page;
-
- dumm->load_template(dumm, NULL);
-
- enumerator = pages->create_enumerator(pages);
- while (enumerator->enumerate(enumerator, &page))
- {
- if (page->guest->get_state(page->guest) != GUEST_STOPPED)
- {
- page->guest->stop(page->guest, idle);
- }
- }
- enumerator->destroy(enumerator);
- gtk_main_quit();
-}
-
-static void error_dialog(char *msg)
-{
- GtkWidget *error;
-
- error = gtk_message_dialog_new(GTK_WINDOW(window),
- GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR,
- GTK_BUTTONS_CLOSE, msg);
- gtk_dialog_run(GTK_DIALOG(error));
- gtk_widget_destroy(error);
-}
-
-static void create_switch()
-{
- GtkWidget *dialog, *table, *label, *name;
- bridge_t *bridge;
-
- dialog = gtk_dialog_new_with_buttons("Create new switch", GTK_WINDOW(window),
- GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_STOCK_CANCEL, GTK_RESPONSE_REJECT,
- GTK_STOCK_NEW, GTK_RESPONSE_ACCEPT, NULL);
-
- table = gtk_table_new(1, 2, TRUE);
- gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table);
-
- label = gtk_label_new("Switch name");
- gtk_table_attach(GTK_TABLE(table), label, 0, 1, 0, 1, 0, 0, 0, 0);
- gtk_widget_show(label);
-
- name = gtk_entry_new();
- gtk_table_attach(GTK_TABLE(table), name, 1, 2, 0, 1,
- GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0);
- gtk_widget_show(name);
-
- gtk_widget_show(table);
-
- while (TRUE)
- {
- switch (gtk_dialog_run(GTK_DIALOG(dialog)))
- {
- case GTK_RESPONSE_ACCEPT:
- {
- if (streq(gtk_entry_get_text(GTK_ENTRY(name)), ""))
- {
- continue;
- }
- bridge = dumm->create_bridge(dumm,
- (char*)gtk_entry_get_text(GTK_ENTRY(name)));
- if (!bridge)
- {
- error_dialog("creating bridge failed!");
- continue;
- }
- break;
- }
- default:
- break;
- }
- break;
- }
- gtk_widget_destroy(dialog);
-}
-
-static void delete_switch()
-{
-
-}
-
-static void connect_guest()
-{
- page_t *page;
- GtkWidget *dialog, *table, *label, *name, *box;
- bridge_t *bridge;
- iface_t *iface;
- enumerator_t *enumerator;
-
- page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook)));
- if (!page || page->guest->get_state(page->guest) != GUEST_RUNNING)
- {
- return;
- }
-
- dialog = gtk_dialog_new_with_buttons("Connect guest", GTK_WINDOW(window),
- GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_STOCK_CANCEL, GTK_RESPONSE_REJECT,
- GTK_STOCK_NEW, GTK_RESPONSE_ACCEPT, NULL);
-
- table = gtk_table_new(2, 2, TRUE);
- gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table);
-
- label = gtk_label_new("Interface name");
- gtk_table_attach(GTK_TABLE(table), label, 0, 1, 0, 1, 0, 0, 0, 0);
- gtk_widget_show(label);
-
- name = gtk_entry_new();
- gtk_table_attach(GTK_TABLE(table), name, 1, 2, 0, 1,
- GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0);
- gtk_widget_show(name);
-
- label = gtk_label_new("Connected switch");
- gtk_table_attach(GTK_TABLE(table), label, 0, 1, 1, 2, 0, 0, 0, 0);
- gtk_widget_show(label);
-
- box = gtk_combo_box_new_text();
- gtk_table_attach(GTK_TABLE(table), box, 1, 2, 1, 2,
- GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0);
- enumerator = dumm->create_bridge_enumerator(dumm);
- while (enumerator->enumerate(enumerator, &bridge))
- {
- gtk_combo_box_append_text(GTK_COMBO_BOX(box), bridge->get_name(bridge));
- }
- enumerator->destroy(enumerator);
- gtk_widget_show(box);
-
- gtk_widget_show(table);
-
- while (TRUE)
- {
- switch (gtk_dialog_run(GTK_DIALOG(dialog)))
- {
- case GTK_RESPONSE_ACCEPT:
- {
- if (streq(gtk_entry_get_text(GTK_ENTRY(name)), ""))
- {
- continue;
- }
-
- iface = page->guest->create_iface(page->guest,
- (char*)gtk_entry_get_text(GTK_ENTRY(name)));
- if (!iface)
- {
- error_dialog("creating interface failed!");
- continue;
- }
- enumerator = dumm->create_bridge_enumerator(dumm);
- while (enumerator->enumerate(enumerator, &bridge))
- {
- if (!bridge->connect_iface(bridge, iface))
- {
- error_dialog("connecting interface failed!");
- }
- break;
- }
- enumerator->destroy(enumerator);
- break;
- }
- default:
- break;
- }
- break;
- }
- gtk_widget_destroy(dialog);
-}
-
-static void disconnect_guest()
-{
-
-}
-
-static void delete_guest()
-{
- page_t *page;
-
- page = get_page(gtk_notebook_get_current_page(GTK_NOTEBOOK(notebook)));
- if (page)
- {
- page->guest->stop(page->guest, idle);
- dumm->delete_guest(dumm, page->guest);
- gtk_notebook_remove_page(GTK_NOTEBOOK(notebook), page->num);
- pages->remove(pages, page, NULL);
- g_free(page);
- }
-}
-
-/**
- * create a new page for a guest
- */
-static page_t* create_page(guest_t *guest)
-{
- GtkWidget *label;
- page_t *page;
-
- page = g_new(page_t, 1);
- page->guest = guest;
- page->vte = vte_terminal_new();
- label = gtk_label_new(guest->get_name(guest));
- page->num = gtk_notebook_append_page(GTK_NOTEBOOK(notebook),
- page->vte, label);
- gtk_widget_show(page->vte);
- pages->insert_last(pages, page);
- return page;
-}
-
-/**
- * create a new guest
- */
-static void create_guest()
-{
- guest_t *guest;
- GtkWidget *dialog, *table, *label, *name, *kernel, *master, *args;
-
- dialog = gtk_dialog_new_with_buttons("Create new guest", GTK_WINDOW(window),
- GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
- GTK_STOCK_CANCEL, GTK_RESPONSE_REJECT,
- GTK_STOCK_NEW, GTK_RESPONSE_ACCEPT, NULL);
-
- table = gtk_table_new(4, 2, TRUE);
- gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), table);
-
- label = gtk_label_new("Guest name");
- gtk_table_attach(GTK_TABLE(table), label, 0, 1, 0, 1, 0, 0, 0, 0);
- gtk_widget_show(label);
-
- label = gtk_label_new("UML kernel");
- gtk_table_attach(GTK_TABLE(table), label, 0, 1, 1, 2, 0, 0, 0, 0);
- gtk_widget_show(label);
-
- label = gtk_label_new("Master filesystem");
- gtk_table_attach(GTK_TABLE(table), label, 0, 1, 2, 3, 0, 0, 0, 0);
- gtk_widget_show(label);
-
- label = gtk_label_new("Kernel arguments");
- gtk_table_attach(GTK_TABLE(table), label, 0, 1, 3, 4, 0, 0, 0, 0);
- gtk_widget_show(label);
-
- name = gtk_entry_new();
- gtk_table_attach(GTK_TABLE(table), name, 1, 2, 0, 1,
- GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0);
- gtk_widget_show(name);
-
- kernel = gtk_file_chooser_button_new("Select UML kernel image",
- GTK_FILE_CHOOSER_ACTION_OPEN);
- gtk_table_attach(GTK_TABLE(table), kernel, 1, 2, 1, 2,
- GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0);
- gtk_widget_show(kernel);
-
- master = gtk_file_chooser_button_new("Select master filesystem",
- GTK_FILE_CHOOSER_ACTION_SELECT_FOLDER);
- gtk_table_attach(GTK_TABLE(table), master, 1, 2, 2, 3,
- GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0);
- gtk_widget_show(master);
-
- args = gtk_entry_new();
- gtk_table_attach(GTK_TABLE(table), args, 1, 2, 3, 4,
- GTK_FILL | GTK_EXPAND | GTK_SHRINK, 0, 0, 0);
- gtk_widget_show(args);
-
- gtk_widget_show(table);
-
- while (TRUE)
- {
- switch (gtk_dialog_run(GTK_DIALOG(dialog)))
- {
- case GTK_RESPONSE_ACCEPT:
- {
- char *sname, *skernel, *smaster, *sargs;
- page_t *page;
-
- sname = (char*)gtk_entry_get_text(GTK_ENTRY(name));
- skernel = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(kernel));
- smaster = gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(master));
- sargs = (char*)gtk_entry_get_text(GTK_ENTRY(args));
-
- if (!sname[0] || !skernel || !smaster)
- {
- continue;
- }
- guest = dumm->create_guest(dumm, sname, skernel, smaster, sargs);
- if (!guest)
- {
- error_dialog("creating guest failed!");
- continue;
- }
- page = create_page(guest);
- gtk_notebook_set_current_page(GTK_NOTEBOOK(notebook), page->num);
- break;
- }
- default:
- break;
- }
- break;
- }
- gtk_widget_destroy(dialog);
-}
-
-/**
- * main routine, parses args and reads from console
- */
-int main(int argc, char *argv[])
-{
- GtkWidget *menubar, *menu, *menuitem, *vbox;
- GtkWidget *dummMenu, *guestMenu, *switchMenu;
- enumerator_t *enumerator;
- guest_t *guest;
-
- library_init(NULL, "dumm");
- gtk_init(&argc, &argv);
-
- pages = linked_list_create();
- dumm = dumm_create(NULL);
-
- /* setup window */
- window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
- g_signal_connect(G_OBJECT(window), "destroy", G_CALLBACK(quit), NULL);
- gtk_window_set_title(GTK_WINDOW (window), "Dumm");
- gtk_window_set_default_size(GTK_WINDOW (window), 1000, 500);
- g_signal_connect(G_OBJECT(vte_reaper_get()), "child-exited",
- G_CALLBACK(child_exited), NULL);
-
- /* add vbox with menubar, notebook */
- vbox = gtk_vbox_new(FALSE, 0);
- gtk_container_add(GTK_CONTAINER(window), vbox);
- menubar = gtk_menu_bar_new();
- gtk_box_pack_start(GTK_BOX(vbox), menubar, FALSE, TRUE, 0);
- notebook = gtk_notebook_new();
- g_object_set(G_OBJECT(notebook), "homogeneous", TRUE, NULL);
- gtk_notebook_set_tab_pos(GTK_NOTEBOOK(notebook), GTK_POS_BOTTOM);
- gtk_container_add(GTK_CONTAINER(vbox), notebook);
-
- /* Dumm menu */
- menu = gtk_menu_new();
- dummMenu = gtk_menu_item_new_with_mnemonic("_Dumm");
- gtk_menu_bar_append(GTK_MENU_BAR(menubar), dummMenu);
- gtk_widget_show(dummMenu);
- gtk_menu_item_set_submenu(GTK_MENU_ITEM(dummMenu), menu);
-
- /* Dumm -> exit */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_QUIT, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(quit), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Guest menu */
- menu = gtk_menu_new();
- guestMenu = gtk_menu_item_new_with_mnemonic("_Guest");
- gtk_menu_bar_append(GTK_MENU_BAR(menubar), guestMenu);
- gtk_widget_show(guestMenu);
- gtk_menu_item_set_submenu(GTK_MENU_ITEM(guestMenu), menu);
-
- /* Guest -> new */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_NEW, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(create_guest), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Guest -> delete */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_DELETE, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(delete_guest), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- menuitem = gtk_separator_menu_item_new();
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Guest -> start */
- menuitem = gtk_menu_item_new_with_mnemonic("_Start");
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(start_guest), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Guest -> startall */
- menuitem = gtk_menu_item_new_with_mnemonic("Start _all");
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(start_all_guests), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Guest -> stop */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_STOP, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(stop_guest), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- menuitem = gtk_separator_menu_item_new();
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Guest -> connect */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_CONNECT, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(connect_guest), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Guest -> disconnect */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_DISCONNECT, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(disconnect_guest), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_set_sensitive(menuitem, FALSE);
- gtk_widget_show(menuitem);
-
- /* Switch menu */
- menu = gtk_menu_new();
- switchMenu = gtk_menu_item_new_with_mnemonic("_Switch");
- gtk_menu_bar_append(GTK_MENU_BAR(menubar), switchMenu);
- gtk_widget_show(switchMenu);
- gtk_menu_item_set_submenu(GTK_MENU_ITEM(switchMenu), menu);
-
- /* Switch -> new */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_NEW, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(create_switch), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_show(menuitem);
-
- /* Switch -> delete */
- menuitem = gtk_image_menu_item_new_from_stock(GTK_STOCK_DELETE, NULL);
- g_signal_connect(G_OBJECT(menuitem), "activate",
- G_CALLBACK(delete_switch), NULL);
- gtk_menu_append(GTK_MENU(menu), menuitem);
- gtk_widget_set_sensitive(menuitem, FALSE);
- gtk_widget_show(menuitem);
-
- /* show widgets */
- gtk_widget_show(menubar);
- gtk_widget_show(notebook);
- gtk_widget_show(vbox);
- gtk_widget_show(window);
-
- /* fill notebook with guests */
- enumerator = dumm->create_guest_enumerator(dumm);
- while (enumerator->enumerate(enumerator, (void**)&guest))
- {
- create_page(guest);
- }
- enumerator->destroy(enumerator);
-
- gtk_main();
-
- dumm->destroy(dumm);
- pages->destroy_function(pages, g_free);
-
- library_deinit();
- return 0;
-}
-
diff --git a/src/dumm/mconsole.c b/src/dumm/mconsole.c
deleted file mode 100644
index 3e31bc694..000000000
--- a/src/dumm/mconsole.c
+++ /dev/null
@@ -1,353 +0,0 @@
-/*
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- * Copyright (C) 2001-2004 Jeff Dike
- *
- * Based on the "uml_mconsole" utility from Jeff Dike.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-
-#include <sys/types.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <sys/socket.h>
-#include <errno.h>
-#include <sys/un.h>
-
-#include <utils/debug.h>
-
-#include "mconsole.h"
-
-#define MCONSOLE_MAGIC 0xcafebabe
-#define MCONSOLE_VERSION 2
-#define MCONSOLE_MAX_DATA 512
-
-typedef struct private_mconsole_t private_mconsole_t;
-
-struct private_mconsole_t {
- /** public interface */
- mconsole_t public;
- /** mconsole socket */
- int console;
- /** notify socket */
- int notify;
- /** address of uml socket */
- struct sockaddr_un uml;
- /** idle function */
- void (*idle)(void);
-};
-
-/**
- * mconsole message format from "arch/um/include/mconsole.h"
- */
-typedef struct mconsole_request mconsole_request;
-/** mconsole request message */
-struct mconsole_request {
- uint32_t magic;
- uint32_t version;
- uint32_t len;
- char data[MCONSOLE_MAX_DATA];
-};
-
-
-typedef struct mconsole_reply mconsole_reply;
-/** mconsole reply message */
-struct mconsole_reply {
- uint32_t err;
- uint32_t more;
- uint32_t len;
- char data[MCONSOLE_MAX_DATA];
-};
-
-typedef struct mconsole_notify mconsole_notify;
-/** mconsole notify message */
-struct mconsole_notify {
- uint32_t magic;
- uint32_t version;
- enum {
- MCONSOLE_SOCKET,
- MCONSOLE_PANIC,
- MCONSOLE_HANG,
- MCONSOLE_USER_NOTIFY,
- } type;
- uint32_t len;
- char data[MCONSOLE_MAX_DATA];
-};
-
-/**
- * send a request to UML using mconsole
- */
-static int request(private_mconsole_t *this, void(*cb)(void*,char*,size_t),
- void *data, char *command, ...)
-{
- mconsole_request request;
- mconsole_reply reply;
- int len, flags = 0;
- va_list args;
-
- memset(&request, 0, sizeof(request));
- request.magic = MCONSOLE_MAGIC;
- request.version = MCONSOLE_VERSION;
- va_start(args, command);
- request.len = vsnprintf(request.data, sizeof(request.data), command, args);
- va_end(args);
-
- if (this->idle)
- {
- flags = MSG_DONTWAIT;
- }
- do
- {
- if (this->idle)
- {
- this->idle();
- }
- len = sendto(this->console, &request, sizeof(request), flags,
- (struct sockaddr*)&this->uml, sizeof(this->uml));
- }
- while (len < 0 && (errno == EINTR || errno == EAGAIN));
-
- if (len < 0)
- {
- DBG1(DBG_LIB, "sending mconsole command to UML failed: %m");
- return -1;
- }
- do
- {
- len = recv(this->console, &reply, sizeof(reply), flags);
- if (len < 0 && (errno == EINTR || errno == EAGAIN))
- {
- if (this->idle)
- {
- this->idle();
- }
- continue;
- }
- if (len < 0)
- {
- DBG1(DBG_LIB, "receiving from mconsole failed: %m");
- return -1;
- }
- if (len > 0)
- {
- if (cb)
- {
- cb(data, reply.data, reply.len);
- }
- else if (reply.err)
- {
- if (reply.len && *reply.data)
- {
- DBG1(DBG_LIB, "received mconsole error %d: %.*s",
- reply.err, (int)reply.len, reply.data);
- }
- break;
- }
- }
- }
- while (reply.more);
-
- return reply.err;
-}
-
-/**
- * ignore error message
- */
-static void ignore(void *data, char *buf, size_t len)
-{
-}
-
-METHOD(mconsole_t, add_iface, bool,
- private_mconsole_t *this, char *guest, char *host)
-{
- int tries = 0;
-
- while (tries++ < 5)
- {
- if (request(this, ignore, NULL, "config %s=tuntap,%s", guest, host) == 0)
- {
- return TRUE;
- }
- usleep(10000 * tries * tries);
- }
- return FALSE;
-}
-
-METHOD(mconsole_t, del_iface, bool,
- private_mconsole_t *this, char *guest)
-{
- if (request(this, NULL, NULL, "remove %s", guest) != 0)
- {
- return FALSE;
- }
- return TRUE;
-}
-
-METHOD(mconsole_t, exec, int,
- private_mconsole_t *this, void(*cb)(void*,char*,size_t), void *data,
- char *cmd)
-{
- return request(this, cb, data, "%s", cmd);
-}
-
-/**
- * Poll until guest is ready
- */
-static void wait_bootup(private_mconsole_t *this)
-{
- /* wait for init process to appear */
- while (request(this, ignore, NULL, "exec ps -p 1 > /dev/null"))
- {
- if (this->idle)
- {
- this->idle();
- }
- usleep(100000);
- }
-}
-
-METHOD(mconsole_t, destroy, void,
- private_mconsole_t *this)
-{
- close(this->console);
- close(this->notify);
- free(this);
-}
-
-/**
- * setup the mconsole notify connection and wait for its readiness
- */
-static bool wait_for_notify(private_mconsole_t *this, char *nsock)
-{
- struct sockaddr_un addr;
- mconsole_notify notify;
- int len, flags = 0;
-
- this->notify = socket(AF_UNIX, SOCK_DGRAM, 0);
- if (this->notify < 0)
- {
- DBG1(DBG_LIB, "opening mconsole notify socket failed: %m");
- return FALSE;
- }
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, nsock, sizeof(addr.sun_path));
- if (bind(this->notify, (struct sockaddr*)&addr, sizeof(addr)) < 0)
- {
- DBG1(DBG_LIB, "binding mconsole notify socket to '%s' failed: %m",
- nsock);
- close(this->notify);
- return FALSE;
- }
- if (this->idle)
- {
- flags = MSG_DONTWAIT;
- }
- do
- {
- if (this->idle)
- {
- this->idle();
- }
- len = recvfrom(this->notify, &notify, sizeof(notify), flags, NULL, 0);
- }
- while (len < 0 && (errno == EINTR || errno == EAGAIN));
-
- if (len < 0 || len >= sizeof(notify))
- {
- DBG1(DBG_LIB, "reading from mconsole notify socket failed: %m");
- close(this->notify);
- unlink(nsock);
- return FALSE;
- }
- if (notify.magic != MCONSOLE_MAGIC ||
- notify.version != MCONSOLE_VERSION ||
- notify.type != MCONSOLE_SOCKET)
- {
- DBG1(DBG_LIB, "received unexpected message from mconsole notify"
- " socket: %b", &notify, sizeof(notify));
- close(this->notify);
- unlink(nsock);
- return FALSE;
- }
- memset(&this->uml, 0, sizeof(this->uml));
- this->uml.sun_family = AF_UNIX;
- strncpy(this->uml.sun_path, (char*)&notify.data, sizeof(this->uml.sun_path));
- return TRUE;
-}
-
-/**
- * setup the mconsole console connection
- */
-static bool setup_console(private_mconsole_t *this)
-{
- struct sockaddr_un addr;
-
- this->console = socket(AF_UNIX, SOCK_DGRAM, 0);
- if (this->console < 0)
- {
- DBG1(DBG_LIB, "opening mconsole socket failed: %m");
- return FALSE;
- }
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- snprintf(&addr.sun_path[1], sizeof(addr.sun_path)-1, "%5d-%d",
- getpid(), this->console);
- if (bind(this->console, (struct sockaddr*)&addr, sizeof(addr)) < 0)
- {
- DBG1(DBG_LIB, "binding mconsole socket to '%s' failed: %m",
- &addr.sun_path[1]);
- close(this->console);
- return FALSE;
- }
- return TRUE;
-}
-
-/**
- * create the mconsole instance
- */
-mconsole_t *mconsole_create(char *notify, void(*idle)(void))
-{
- private_mconsole_t *this;
-
- INIT(this,
- .public = {
- .add_iface = _add_iface,
- .del_iface = _del_iface,
- .exec = _exec,
- .destroy = _destroy,
- },
- .idle = idle,
- );
-
- if (!wait_for_notify(this, notify))
- {
- free(this);
- return NULL;
- }
-
- if (!setup_console(this))
- {
- close(this->notify);
- unlink(notify);
- free(this);
- return NULL;
- }
- unlink(notify);
-
- wait_bootup(this);
-
- return &this->public;
-}
-
diff --git a/src/dumm/mconsole.h b/src/dumm/mconsole.h
deleted file mode 100644
index 2b8a1cdff..000000000
--- a/src/dumm/mconsole.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Copyright (C) 2007 Martin Willi
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#ifndef MCONSOLE_H
-#define MCONSOLE_H
-
-#include <library.h>
-
-typedef struct mconsole_t mconsole_t;
-
-/**
- * UML mconsole, change running UML configuration using mconsole.
- */
-struct mconsole_t {
-
- /**
- * Create a guest interface and connect it to tap host interface.
- *
- * @param guest name of the interface to create in the guest
- * @param host name of the tap device to connect guest to
- * @return TRUE if interface created
- */
- bool (*add_iface)(mconsole_t *this, char *guest, char *host);
-
- /**
- * Delete a guest interface.
- *
- * @param guest name of the interface to delete on the guest
- * @return TRUE if interface deleted
- */
- bool (*del_iface)(mconsole_t *this, char *guest);
-
- /**
- * Execute a command on the mconsole.
- *
- * @param cb callback function to invoke for each line
- * @param data data to pass to callback
- * @param cmd command to invoke
- * @return return value of command
- */
- int (*exec)(mconsole_t *this, void(*cb)(void*,char*,size_t), void *data,
- char *cmd);
-
- /**
- * Destroy the mconsole instance
- */
- void (*destroy) (mconsole_t *this);
-};
-
-/**
- * Create a new mconsole connection to a guest.
- *
- * Waits for a notification from the guest through the notify socket and tries
- * to connect to the mconsole socket supplied in the received notification.
- *
- * @param notify unix notify socket path
- * @param idle idle function to call while waiting for responses
- * @return mconsole instance, or NULL if failed
- */
-mconsole_t *mconsole_create(char *notify, void(*idle)(void));
-
-#endif /* MCONSOLE_H */
-
diff --git a/src/include/Makefile.in b/src/include/Makefile.in
index 4106494db..1bc47d165 100644
--- a/src/include/Makefile.in
+++ b/src/include/Makefile.in
@@ -227,7 +227,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -253,6 +252,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -273,8 +274,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -329,8 +328,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -359,8 +356,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/include/linux/xfrm.h b/src/include/linux/xfrm.h
index dbaa4f128..35261c9a5 100644
--- a/src/include/linux/xfrm.h
+++ b/src/include/linux/xfrm.h
@@ -302,8 +302,11 @@ enum xfrm_attr_type_t {
XFRMA_ADDRESS_FILTER, /* struct xfrm_address_filter */
XFRMA_PAD,
XFRMA_OFFLOAD_DEV, /* struct xfrm_state_offload */
+ XFRMA_SET_MARK, /* __u32 */
+ XFRMA_SET_MARK_MASK, /* __u32 */
__XFRMA_MAX
+#define XFRMA_OUTPUT_MARK XFRMA_SET_MARK /* Compatibility */
#define XFRMA_MAX (__XFRMA_MAX - 1)
};
diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in
index 46715938e..eb3c635e0 100644
--- a/src/ipsec/Makefile.in
+++ b/src/ipsec/Makefile.in
@@ -260,7 +260,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -286,6 +285,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -306,8 +307,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -362,8 +361,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -392,8 +389,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8
index 3f72d52ee..143342ecb 100644
--- a/src/ipsec/_ipsec.8
+++ b/src/ipsec/_ipsec.8
@@ -1,4 +1,4 @@
-.TH IPSEC 8 "2013-10-29" "5.6.3dr1" "strongSwan"
+.TH IPSEC 8 "2013-10-29" "5.7.0rc2" "strongSwan"
.
.SH NAME
.
@@ -323,7 +323,7 @@ IPSEC_CONFDIR directory containing configuration files
IPSEC_PIDDIR directory containing PID/socket files
IPSEC_SCRIPT name of the ipsec script
IPSEC_NAME name of ipsec distribution
-IPSEC_VERSION version numer of ipsec userland and kernel
+IPSEC_VERSION version number of ipsec userland and kernel
IPSEC_STARTER_PID PID file for ipsec starter
IPSEC_CHARON_PID PID file for IKE keying daemon
.ad
diff --git a/src/ipsec/_ipsec.8.in b/src/ipsec/_ipsec.8.in
index 0aef8c031..bfc4d50c2 100644
--- a/src/ipsec/_ipsec.8.in
+++ b/src/ipsec/_ipsec.8.in
@@ -323,7 +323,7 @@ IPSEC_CONFDIR directory containing configuration files
IPSEC_PIDDIR directory containing PID/socket files
IPSEC_SCRIPT name of the ipsec script
IPSEC_NAME name of ipsec distribution
-IPSEC_VERSION version numer of ipsec userland and kernel
+IPSEC_VERSION version number of ipsec userland and kernel
IPSEC_STARTER_PID PID file for ipsec starter
IPSEC_CHARON_PID PID file for IKE keying daemon
.ad
diff --git a/src/ipsec/_ipsec.in b/src/ipsec/_ipsec.in
index 283abdcd5..29b323284 100644
--- a/src/ipsec/_ipsec.in
+++ b/src/ipsec/_ipsec.in
@@ -42,7 +42,7 @@ IPSEC_STARTER="${IPSEC_DIR}/starter"
export IPSEC_DIR IPSEC_BINDIR IPSEC_SBINDIR IPSEC_CONFDIR IPSEC_PIDDIR IPSEC_SCRIPT IPSEC_VERSION IPSEC_NAME IPSEC_STARTER_PID IPSEC_CHARON_PID
-IPSEC_DISTRO="Institute for Internet Technologies and Applications\nUniversity of Applied Sciences Rapperswil, Switzerland"
+IPSEC_DISTRO="University of Applied Sciences Rapperswil, Switzerland"
command_dir="$IPSEC_DIR"
diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in
index 6cd1130f1..8df9c6fcf 100644
--- a/src/libcharon/Makefile.in
+++ b/src/libcharon/Makefile.in
@@ -897,7 +897,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -923,6 +922,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -943,8 +944,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -999,8 +998,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -1029,8 +1026,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/attributes/mem_pool.h b/src/libcharon/attributes/mem_pool.h
index 06acbf8f8..519b1d303 100644
--- a/src/libcharon/attributes/mem_pool.h
+++ b/src/libcharon/attributes/mem_pool.h
@@ -31,7 +31,7 @@ typedef enum mem_pool_op_t mem_pool_op_t;
* In-memory IP pool acquire operation.
*/
enum mem_pool_op_t {
- /** Check for an exsiting lease */
+ /** Check for an existing lease */
MEM_POOL_EXISTING,
/** Get a new lease */
MEM_POOL_NEW,
diff --git a/src/libcharon/bus/listeners/custom_logger.h b/src/libcharon/bus/listeners/custom_logger.h
index a256ad1ec..4856163f4 100644
--- a/src/libcharon/bus/listeners/custom_logger.h
+++ b/src/libcharon/bus/listeners/custom_logger.h
@@ -49,12 +49,17 @@ struct custom_logger_t {
* @param group debug group to set
* @param level max level to log (0..4)
*/
- void (*set_level) (custom_logger_t *this, debug_t group, level_t level);
+ void (*set_level)(custom_logger_t *this, debug_t group, level_t level);
+
+ /**
+ * Reload custom logger configuration.
+ */
+ void (*reload)(custom_logger_t *this);
/**
* Destroy the custom_logger_t object.
*/
- void (*destroy) (custom_logger_t *this);
+ void (*destroy)(custom_logger_t *this);
};
/**
diff --git a/src/libcharon/config/backend_manager.c b/src/libcharon/config/backend_manager.c
index 02a41a5b3..47f62d59a 100644
--- a/src/libcharon/config/backend_manager.c
+++ b/src/libcharon/config/backend_manager.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2018 Tobias Brunner
* Copyright (C) 2007-2009 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -129,15 +130,77 @@ static ike_cfg_match_t get_ike_match(ike_cfg_t *cand, host_t *me, host_t *other,
return match;
}
-METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*,
- private_backend_manager_t *this, host_t *me, host_t *other,
- ike_version_t version)
+/**
+ * list element to help sorting
+ */
+typedef struct {
+ ike_cfg_match_t match;
+ ike_cfg_t *cfg;
+} ike_match_entry_t;
+
+CALLBACK(ike_enum_filter, bool,
+ linked_list_t *configs, enumerator_t *orig, va_list args)
+{
+ ike_match_entry_t *entry;
+ ike_cfg_t **out;
+
+ VA_ARGS_VGET(args, out);
+
+ if (orig->enumerate(orig, &entry))
+ {
+ *out = entry->cfg;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+CALLBACK(ike_match_entry_list_destroy, void,
+ linked_list_t *configs)
+{
+ ike_match_entry_t *entry;
+
+ while (configs->remove_last(configs, (void**)&entry) == SUCCESS)
+ {
+ entry->cfg->destroy(entry->cfg);
+ free(entry);
+ }
+ configs->destroy(configs);
+}
+
+/**
+ * Insert entry into match-sorted list
+ */
+static void insert_sorted_ike(ike_match_entry_t *entry, linked_list_t *list)
+{
+ enumerator_t *enumerator;
+ ike_match_entry_t *current;
+
+ enumerator = list->create_enumerator(list);
+ while (enumerator->enumerate(enumerator, &current))
+ {
+ if (entry->match > current->match)
+ {
+ break;
+ }
+ }
+ list->insert_before(list, enumerator, entry);
+ enumerator->destroy(enumerator);
+}
+
+/**
+ * Create a sorted list of all matching IKE configs
+ */
+static linked_list_t *get_matching_ike_cfgs(private_backend_manager_t *this,
+ host_t *me, host_t *other,
+ ike_version_t version)
{
- ike_cfg_t *current, *found = NULL;
+ ike_cfg_t *current;
char *my_addr, *other_addr;
enumerator_t *enumerator;
- ike_cfg_match_t match, best = MATCH_ANY;
ike_data_t *data;
+ linked_list_t *configs;
+ ike_cfg_match_t match;
+ ike_match_entry_t *entry;
INIT(data,
.this = this,
@@ -145,44 +208,82 @@ METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*,
.other = other,
);
- DBG2(DBG_CFG, "looking for an ike config for %H...%H", me, other);
+ configs = linked_list_create();
this->lock->read_lock(this->lock);
enumerator = enumerator_create_nested(
this->backends->create_enumerator(this->backends),
(void*)ike_enum_create, data, (void*)free);
- while (enumerator->enumerate(enumerator, (void**)&current))
+
+ while (enumerator->enumerate(enumerator, &current))
{
+ my_addr = current->get_my_addr(current);
+ other_addr = current->get_other_addr(current);
match = get_ike_match(current, me, other, version);
- DBG3(DBG_CFG, "ike config match: %d (%H %H %N)",
- match, me, other, ike_version_names, version);
+ DBG3(DBG_CFG, "ike config match: %d (%s...%s %N)", match, my_addr,
+ other_addr, ike_version_names, current->get_version(current));
+
if (match)
{
- my_addr = current->get_my_addr(current);
- other_addr = current->get_other_addr(current);
DBG2(DBG_CFG, " candidate: %s...%s, prio %d",
my_addr, other_addr, match);
- if (match > best)
- {
- DESTROY_IF(found);
- found = current;
- found->get_ref(found);
- best = match;
- }
+
+ INIT(entry,
+ .match = match,
+ .cfg = current->get_ref(current),
+ );
+ insert_sorted_ike(entry, configs);
}
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
- if (found)
+
+ return configs;
+}
+
+METHOD(backend_manager_t, get_ike_cfg, ike_cfg_t*,
+ private_backend_manager_t *this, host_t *me, host_t *other,
+ ike_version_t version)
+{
+ linked_list_t *configs;
+ ike_match_entry_t *entry;
+ ike_cfg_t *found = NULL;
+ char *my_addr, *other_addr;
+
+ DBG2(DBG_CFG, "looking for an %N config for %H...%H", ike_version_names,
+ version, me, other);
+
+ configs = get_matching_ike_cfgs(this, me, other, version);
+ if (configs->get_first(configs, (void**)&entry) == SUCCESS)
{
+ found = entry->cfg->get_ref(entry->cfg);
+
my_addr = found->get_my_addr(found);
other_addr = found->get_other_addr(found);
DBG2(DBG_CFG, "found matching ike config: %s...%s with prio %d",
- my_addr, other_addr, best);
+ my_addr, other_addr, entry->match);
}
+ ike_match_entry_list_destroy(configs);
+
return found;
}
+METHOD(backend_manager_t, create_ike_cfg_enumerator, enumerator_t*,
+ private_backend_manager_t *this, host_t *me, host_t *other,
+ ike_version_t version)
+{
+ linked_list_t *configs;
+
+ DBG2(DBG_CFG, "looking for %N configs for %H...%H", ike_version_names,
+ version, me, other);
+
+ configs = get_matching_ike_cfgs(this, me, other, version);
+
+ return enumerator_create_filter(configs->create_enumerator(configs),
+ ike_enum_filter, configs,
+ ike_match_entry_list_destroy);
+}
+
/**
* Get the best ID match in one of the configs auth_cfg
*/
@@ -198,7 +299,7 @@ static id_match_t get_peer_match(identification_t *id,
if (!id)
{
- DBG3(DBG_CFG, "peer config match %s: %d (%N)",
+ DBG3(DBG_CFG, " %s id match: %d (%N)",
where, ID_MATCH_ANY, id_type_names, ID_ANY);
return ID_MATCH_ANY;
}
@@ -225,7 +326,7 @@ static id_match_t get_peer_match(identification_t *id,
enumerator->destroy(enumerator);
data = id->get_encoding(id);
- DBG3(DBG_CFG, "peer config match %s: %d (%N -> %#B)",
+ DBG3(DBG_CFG, " %s id match: %d (%N: %#B)",
where, match, id_type_names, id->get_type(id), &data);
return match;
}
@@ -295,34 +396,26 @@ CALLBACK(peer_enum_filter_destroy, void,
}
/**
- * Insert entry into match-sorted list, using helper
+ * Insert entry into match-sorted list
*/
-static void insert_sorted(match_entry_t *entry, linked_list_t *list,
- linked_list_t *helper)
+static void insert_sorted(match_entry_t *entry, linked_list_t *list)
{
+ enumerator_t *enumerator;
match_entry_t *current;
- while (list->remove_first(list, (void**)&current) == SUCCESS)
- {
- helper->insert_last(helper, current);
- }
- while (helper->remove_first(helper, (void**)&current) == SUCCESS)
+ enumerator = list->create_enumerator(list);
+ while (enumerator->enumerate(enumerator, &current))
{
- if (entry && (
- (entry->match_ike > current->match_ike &&
- entry->match_peer >= current->match_peer) ||
- (entry->match_ike >= current->match_ike &&
- entry->match_peer > current->match_peer)))
+ if ((entry->match_ike > current->match_ike &&
+ entry->match_peer >= current->match_peer) ||
+ (entry->match_ike >= current->match_ike &&
+ entry->match_peer > current->match_peer))
{
- list->insert_last(list, entry);
- entry = NULL;
+ break;
}
- list->insert_last(list, current);
- }
- if (entry)
- {
- list->insert_last(list, entry);
}
+ list->insert_before(list, enumerator, entry);
+ enumerator->destroy(enumerator);
}
METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*,
@@ -332,7 +425,7 @@ METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*,
enumerator_t *enumerator;
peer_data_t *data;
peer_cfg_t *cfg;
- linked_list_t *configs, *helper;
+ linked_list_t *configs;
INIT(data,
.lock = this->lock,
@@ -352,35 +445,46 @@ METHOD(backend_manager_t, create_peer_cfg_enumerator, enumerator_t*,
}
configs = linked_list_create();
- /* only once allocated helper list for sorting */
- helper = linked_list_create();
while (enumerator->enumerate(enumerator, &cfg))
{
- id_match_t match_peer_me, match_peer_other;
+ ike_cfg_t *ike_cfg = cfg->get_ike_cfg(cfg);
ike_cfg_match_t match_ike;
+ id_match_t match_peer_me, match_peer_other;
match_entry_t *entry;
+ char *my_addr, *other_addr;
+
+ match_ike = get_ike_match(ike_cfg, me, other, version);
+ my_addr = ike_cfg->get_my_addr(ike_cfg);
+ other_addr = ike_cfg->get_other_addr(ike_cfg);
+ DBG3(DBG_CFG, "peer config \"%s\", ike match: %d (%s...%s %N)",
+ cfg->get_name(cfg), match_ike, my_addr, other_addr,
+ ike_version_names, ike_cfg->get_version(ike_cfg));
+
+ if (!match_ike)
+ {
+ continue;
+ }
match_peer_me = get_peer_match(my_id, cfg, TRUE);
+ if (!match_peer_me)
+ {
+ continue;
+ }
match_peer_other = get_peer_match(other_id, cfg, FALSE);
- match_ike = get_ike_match(cfg->get_ike_cfg(cfg), me, other, version);
- DBG3(DBG_CFG, "ike config match: %d (%H %H %N)",
- match_ike, me, other, ike_version_names, version);
- if (match_peer_me && match_peer_other && match_ike)
+ if (match_peer_other)
{
DBG2(DBG_CFG, " candidate \"%s\", match: %d/%d/%d (me/other/ike)",
cfg->get_name(cfg), match_peer_me, match_peer_other, match_ike);
-
INIT(entry,
.match_peer = match_peer_me + match_peer_other,
.match_ike = match_ike,
.cfg = cfg->get_ref(cfg),
);
- insert_sorted(entry, configs, helper);
+ insert_sorted(entry, configs);
}
}
enumerator->destroy(enumerator);
- helper->destroy(helper);
return enumerator_create_filter(configs->create_enumerator(configs),
peer_enum_filter, configs,
@@ -430,8 +534,7 @@ METHOD(backend_manager_t, destroy, void,
}
/*
- * Described in header-file
-
+ * Described in header
*/
backend_manager_t *backend_manager_create()
{
@@ -440,6 +543,7 @@ backend_manager_t *backend_manager_create()
INIT(this,
.public = {
.get_ike_cfg = _get_ike_cfg,
+ .create_ike_cfg_enumerator = _create_ike_cfg_enumerator,
.get_peer_cfg_by_name = _get_peer_cfg_by_name,
.create_peer_cfg_enumerator = _create_peer_cfg_enumerator,
.add_backend = _add_backend,
diff --git a/src/libcharon/config/backend_manager.h b/src/libcharon/config/backend_manager.h
index 8ec79ce28..ada295f0d 100644
--- a/src/libcharon/config/backend_manager.h
+++ b/src/libcharon/config/backend_manager.h
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2018 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -64,6 +65,20 @@ struct backend_manager_t {
ike_version_t version);
/**
+ * Create an enumerator over all matching IKE configs.
+ *
+ * Pass NULL as parameters to match any. The enumerator enumerates over
+ * ike_cfgs, ordered by priority (best match first).
+ *
+ * @param me local address
+ * @param other remote address
+ * @param version IKE version to get a config for
+ * @return enumerator over ike_cfg
+ */
+ enumerator_t* (*create_ike_cfg_enumerator)(backend_manager_t *this,
+ host_t *me, host_t *other, ike_version_t version);
+
+ /**
* Get a peer_config identified by it's name.
*
* @param name name of the peer_config
diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index bc417f936..14148ed03 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
* Copyright (C) 2016 Andreas Steffen
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -124,6 +124,16 @@ struct private_child_cfg_t {
mark_t mark_out;
/**
+ * Optional mark to set to packets after inbound processing
+ */
+ mark_t set_mark_in;
+
+ /**
+ * Optional mark to set to packets after outbound processing
+ */
+ mark_t set_mark_out;
+
+ /**
* Traffic Flow Confidentiality padding, if enabled
*/
uint32_t tfc;
@@ -147,6 +157,11 @@ struct private_child_cfg_t {
* HW offload mode
*/
hw_offload_t hw_offload;
+
+ /**
+ * DS header field copy mode
+ */
+ dscp_copy_t copy_dscp;
};
METHOD(child_cfg_t, get_name, char*,
@@ -254,7 +269,7 @@ METHOD(child_cfg_t, select_proposal, proposal_t*,
{
DBG2(DBG_CFG, "received proposals: %#P", proposals);
DBG2(DBG_CFG, "configured proposals: %#P", this->proposals);
- DBG2(DBG_CFG, "selected proposal: %P", selected);
+ DBG1(DBG_CFG, "selected proposal: %P", selected);
break;
}
}
@@ -289,7 +304,7 @@ METHOD(child_cfg_t, add_traffic_selector, void,
METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*,
private_child_cfg_t *this, bool local, linked_list_t *supplied,
- linked_list_t *hosts)
+ linked_list_t *hosts, bool log)
{
enumerator_t *e1, *e2;
traffic_selector_t *ts1, *ts2, *selected;
@@ -334,13 +349,19 @@ METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*,
}
e1->destroy(e1);
- DBG2(DBG_CFG, "%s traffic selectors for %s:",
- supplied ? "selecting" : "proposing", local ? "us" : "other");
- if (supplied == NULL)
+ if (log)
+ {
+ DBG2(DBG_CFG, "%s traffic selectors for %s:",
+ supplied ? "selecting" : "proposing", local ? "us" : "other");
+ }
+ if (!supplied)
{
while (derived->remove_first(derived, (void**)&ts1) == SUCCESS)
{
- DBG2(DBG_CFG, " %R", ts1);
+ if (log)
+ {
+ DBG2(DBG_CFG, " %R", ts1);
+ }
result->insert_last(result, ts1);
}
derived->destroy(derived);
@@ -358,11 +379,14 @@ METHOD(child_cfg_t, get_traffic_selectors, linked_list_t*,
selected = ts1->get_subset(ts1, ts2);
if (selected)
{
- DBG2(DBG_CFG, " config: %R, received: %R => match: %R",
- ts1, ts2, selected);
+ if (log)
+ {
+ DBG2(DBG_CFG, " config: %R, received: %R => match: %R",
+ ts1, ts2, selected);
+ }
result->insert_last(result, selected);
}
- else
+ else if (log)
{
DBG2(DBG_CFG, " config: %R, received: %R => no match",
ts1, ts2);
@@ -478,6 +502,12 @@ METHOD(child_cfg_t, get_hw_offload, hw_offload_t,
return this->hw_offload;
}
+METHOD(child_cfg_t, get_copy_dscp, dscp_copy_t,
+ private_child_cfg_t *this)
+{
+ return this->copy_dscp;
+}
+
METHOD(child_cfg_t, get_dpd_action, action_t,
private_child_cfg_t *this)
{
@@ -527,6 +557,12 @@ METHOD(child_cfg_t, get_mark, mark_t,
return inbound ? this->mark_in : this->mark_out;
}
+METHOD(child_cfg_t, get_set_mark, mark_t,
+ private_child_cfg_t *this, bool inbound)
+{
+ return inbound ? this->set_mark_in : this->set_mark_out;
+}
+
METHOD(child_cfg_t, get_tfc, uint32_t,
private_child_cfg_t *this)
{
@@ -600,9 +636,15 @@ METHOD(child_cfg_t, equals, bool,
this->mark_in.mask == other->mark_in.mask &&
this->mark_out.value == other->mark_out.value &&
this->mark_out.mask == other->mark_out.mask &&
+ this->set_mark_in.value == other->set_mark_in.value &&
+ this->set_mark_in.mask == other->set_mark_in.mask &&
+ this->set_mark_out.value == other->set_mark_out.value &&
+ this->set_mark_out.mask == other->set_mark_out.mask &&
this->tfc == other->tfc &&
this->manual_prio == other->manual_prio &&
this->replay_window == other->replay_window &&
+ this->hw_offload == other->hw_offload &&
+ this->copy_dscp == other->copy_dscp &&
streq(this->updown, other->updown) &&
streq(this->interface, other->interface);
}
@@ -654,6 +696,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
.get_inactivity = _get_inactivity,
.get_reqid = _get_reqid,
.get_mark = _get_mark,
+ .get_set_mark = _get_set_mark,
.get_tfc = _get_tfc,
.get_manual_prio = _get_manual_prio,
.get_interface = _get_interface,
@@ -664,6 +707,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
.get_ref = _get_ref,
.destroy = _destroy,
.get_hw_offload = _get_hw_offload,
+ .get_copy_dscp = _get_copy_dscp,
},
.name = strdup(name),
.options = data->options,
@@ -675,6 +719,8 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
.close_action = data->close_action,
.mark_in = data->mark_in,
.mark_out = data->mark_out,
+ .set_mark_in = data->set_mark_in,
+ .set_mark_out = data->set_mark_out,
.lifetime = data->lifetime,
.inactivity = data->inactivity,
.tfc = data->tfc,
@@ -687,6 +733,7 @@ child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data)
.replay_window = lib->settings->get_int(lib->settings,
"%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns),
.hw_offload = data->hw_offload,
+ .copy_dscp = data->copy_dscp,
);
return &this->public;
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index d566da3ec..e3b59e656 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
* Copyright (C) 2016 Andreas Steffen
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -135,11 +135,13 @@ struct child_cfg_t {
* @param local TRUE for TS on local side, FALSE for remote
* @param supplied list with TS to select from, or NULL
* @param hosts addresses to use for narrowing "dynamic" TS', host_t
+ * @param log FALSE to avoid logging details about the selection
* @return list containing the traffic selectors
*/
linked_list_t *(*get_traffic_selectors)(child_cfg_t *this, bool local,
linked_list_t *supplied,
- linked_list_t *hosts);
+ linked_list_t *hosts, bool log);
+
/**
* Get the updown script to run for the CHILD_SA.
*
@@ -190,6 +192,13 @@ struct child_cfg_t {
hw_offload_t (*get_hw_offload) (child_cfg_t *this);
/**
+ * Get the copy mode for the DS header field to use for the CHILD_SA.
+ *
+ * @return IP header copy mode
+ */
+ dscp_copy_t (*get_copy_dscp) (child_cfg_t *this);
+
+ /**
* Action to take if CHILD_SA gets closed.
*
* @return close action
@@ -218,7 +227,7 @@ struct child_cfg_t {
uint32_t (*get_reqid)(child_cfg_t *this);
/**
- * Optional mark for CHILD_SA.
+ * Optional mark to set on policies/SAs.
*
* @param inbound TRUE for inbound, FALSE for outbound
* @return mark
@@ -226,6 +235,14 @@ struct child_cfg_t {
mark_t (*get_mark)(child_cfg_t *this, bool inbound);
/**
+ * Optional mark the SAs should apply after processing packets.
+ *
+ * @param inbound TRUE for inbound, FALSE for outbound
+ * @return mark
+ */
+ mark_t (*get_set_mark)(child_cfg_t *this, bool inbound);
+
+ /**
* Get the TFC padding value to use for CHILD_SA.
*
* @return TFC padding, 0 to disable, -1 for MTU
@@ -317,6 +334,12 @@ enum child_cfg_option_t {
/** Set mark on inbound SAs */
OPT_MARK_IN_SA = (1<<6),
+
+ /** Disable copying the DF bit to the outer IPv4 header in tunnel mode */
+ OPT_NO_COPY_DF = (1<<7),
+
+ /** Disable copying the ECN header field in tunnel mode */
+ OPT_NO_COPY_ECN = (1<<8),
};
/**
@@ -331,6 +354,10 @@ struct child_cfg_create_t {
mark_t mark_in;
/** Optional outbound mark */
mark_t mark_out;
+ /** Optional inbound mark the SA should apply to traffic */
+ mark_t set_mark_in;
+ /** Optional outbound mark the SA should apply to traffic */
+ mark_t set_mark_out;
/** Mode to propose for CHILD_SA */
ipsec_mode_t mode;
/** TFC padding size, 0 to disable, -1 to pad to PMTU */
@@ -353,6 +380,8 @@ struct child_cfg_create_t {
char *updown;
/** HW offload mode */
hw_offload_t hw_offload;
+ /** How to handle the DS header field in tunnel mode */
+ dscp_copy_t copy_dscp;
};
/**
diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c
index a73a5b5e2..357c4a73b 100644
--- a/src/libcharon/config/ike_cfg.c
+++ b/src/libcharon/config/ike_cfg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2017 Tobias Brunner
+ * Copyright (C) 2012-2018 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -309,6 +309,25 @@ METHOD(ike_cfg_t, get_proposals, linked_list_t*,
return proposals;
}
+METHOD(ike_cfg_t, has_proposal, bool,
+ private_ike_cfg_t *this, proposal_t *match, bool private)
+{
+ enumerator_t *enumerator;
+ proposal_t *proposal;
+
+ enumerator = this->proposals->create_enumerator(this->proposals);
+ while (enumerator->enumerate(enumerator, &proposal))
+ {
+ if (proposal->matches(proposal, match, private))
+ {
+ enumerator->destroy(enumerator);
+ return TRUE;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return FALSE;
+}
+
METHOD(ike_cfg_t, select_proposal, proposal_t*,
private_ike_cfg_t *this, linked_list_t *proposals, bool private,
bool prefer_self)
@@ -344,7 +363,7 @@ METHOD(ike_cfg_t, select_proposal, proposal_t*,
{
DBG2(DBG_CFG, "received proposals: %#P", proposals);
DBG2(DBG_CFG, "configured proposals: %#P", this->proposals);
- DBG2(DBG_CFG, "selected proposal: %P", selected);
+ DBG1(DBG_CFG, "selected proposal: %P", selected);
break;
}
}
@@ -618,6 +637,7 @@ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap,
.add_proposal = _add_proposal,
.get_proposals = _get_proposals,
.select_proposal = _select_proposal,
+ .has_proposal = _has_proposal,
.get_dh_group = _get_dh_group,
.equals = _equals,
.get_ref = _get_ref,
diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h
index ac2deef70..49690c892 100644
--- a/src/libcharon/config/ike_cfg.h
+++ b/src/libcharon/config/ike_cfg.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2017 Tobias Brunner
+ * Copyright (C) 2012-2018 Tobias Brunner
* Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -180,6 +180,15 @@ struct ike_cfg_t {
bool private, bool prefer_self);
/**
+ * Check if the config has a matching proposal.
+ *
+ * @param match proposal to check
+ * @param private accept algorithms from a private range
+ * @return TRUE if a matching proposal is contained
+ */
+ bool(*has_proposal)(ike_cfg_t *this, proposal_t *match, bool private);
+
+ /**
* Should we send a certificate request in IKE_SA_INIT?
*
* @return certificate request sending policy
diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c
index 29f067858..e7dfb5f62 100644
--- a/src/libcharon/config/peer_cfg.c
+++ b/src/libcharon/config/peer_cfg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2017 Tobias Brunner
+ * Copyright (C) 2007-2018 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -126,12 +126,12 @@ struct private_peer_cfg_t {
uint32_t over_time;
/**
- * DPD check intervall
+ * DPD check interval
*/
uint32_t dpd;
/**
- * DPD timeout intervall (used for IKEv1 only)
+ * DPD timeout interval (used for IKEv1 only)
*/
uint32_t dpd_timeout;
@@ -155,6 +155,16 @@ struct private_peer_cfg_t {
*/
linked_list_t *remote_auth;
+ /**
+ * PPK ID
+ */
+ identification_t *ppk_id;
+
+ /**
+ * Whether a PPK is required
+ */
+ bool ppk_required;
+
#ifdef ME
/**
* Is this a mediation connection?
@@ -258,48 +268,44 @@ METHOD(peer_cfg_t, replace_child_cfgs, enumerator_t*,
private_peer_cfg_t *this, peer_cfg_t *other_pub)
{
private_peer_cfg_t *other = (private_peer_cfg_t*)other_pub;
- linked_list_t *removed, *added;
+ linked_list_t *new_cfgs, *removed, *added;
enumerator_t *mine, *others;
child_cfg_t *my_cfg, *other_cfg;
child_cfgs_replace_enumerator_t *enumerator;
bool found;
- removed = linked_list_create();
+ added = linked_list_create();
other->lock->read_lock(other->lock);
- added = linked_list_create_from_enumerator(
+ new_cfgs = linked_list_create_from_enumerator(
other->child_cfgs->create_enumerator(other->child_cfgs));
- added->invoke_offset(added, offsetof(child_cfg_t, get_ref));
+ new_cfgs->invoke_offset(new_cfgs, offsetof(child_cfg_t, get_ref));
other->lock->unlock(other->lock);
this->lock->write_lock(this->lock);
- others = added->create_enumerator(added);
- mine = this->child_cfgs->create_enumerator(this->child_cfgs);
- while (mine->enumerate(mine, &my_cfg))
+ removed = this->child_cfgs;
+ this->child_cfgs = new_cfgs;
+ others = new_cfgs->create_enumerator(new_cfgs);
+ mine = removed->create_enumerator(removed);
+ while (others->enumerate(others, &other_cfg))
{
found = FALSE;
- while (others->enumerate(others, &other_cfg))
+ while (mine->enumerate(mine, &my_cfg))
{
if (my_cfg->equals(my_cfg, other_cfg))
{
- added->remove_at(added, others);
- other_cfg->destroy(other_cfg);
+ removed->remove_at(removed, mine);
+ my_cfg->destroy(my_cfg);
found = TRUE;
break;
}
}
- added->reset_enumerator(added, others);
+ removed->reset_enumerator(removed, mine);
if (!found)
{
- this->child_cfgs->remove_at(this->child_cfgs, mine);
- removed->insert_last(removed, my_cfg);
+ added->insert_last(added, other_cfg->get_ref(other_cfg));
}
}
- while (others->enumerate(others, &other_cfg))
- {
- this->child_cfgs->insert_last(this->child_cfgs,
- other_cfg->get_ref(other_cfg));
- }
others->destroy(others);
mine->destroy(mine);
this->lock->unlock(this->lock);
@@ -379,7 +385,7 @@ static int get_ts_match(child_cfg_t *cfg, bool local,
int match = 0, round;
/* fetch configured TS list, narrowing dynamic TS */
- cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, hosts);
+ cfg_list = cfg->get_traffic_selectors(cfg, local, NULL, hosts, TRUE);
/* use a round counter to rate leading TS with higher priority */
round = sup_list->get_count(sup_list);
@@ -581,6 +587,18 @@ METHOD(peer_cfg_t, create_auth_cfg_enumerator, enumerator_t*,
return this->remote_auth->create_enumerator(this->remote_auth);
}
+METHOD(peer_cfg_t, get_ppk_id, identification_t*,
+ private_peer_cfg_t *this)
+{
+ return this->ppk_id;
+}
+
+METHOD(peer_cfg_t, ppk_required, bool,
+ private_peer_cfg_t *this)
+{
+ return this->ppk_required;
+}
+
#ifdef ME
METHOD(peer_cfg_t, is_mediation, bool,
private_peer_cfg_t *this)
@@ -655,6 +673,14 @@ static bool auth_cfg_equal(private_peer_cfg_t *this, private_peer_cfg_t *other)
return equal;
}
+/**
+ * Check if two identities are equal, or both are not set
+ */
+static bool id_equal(identification_t *this, identification_t *other)
+{
+ return this == other || (this && other && this->equals(this, other));
+}
+
METHOD(peer_cfg_t, equals, bool,
private_peer_cfg_t *this, private_peer_cfg_t *other)
{
@@ -688,13 +714,13 @@ METHOD(peer_cfg_t, equals, bool,
this->dpd == other->dpd &&
this->aggressive == other->aggressive &&
this->pull_mode == other->pull_mode &&
- auth_cfg_equal(this, other)
+ auth_cfg_equal(this, other) &&
+ this->ppk_required == other->ppk_required &&
+ id_equal(this->ppk_id, other->ppk_id)
#ifdef ME
&& this->mediation == other->mediation &&
streq(this->mediated_by, other->mediated_by) &&
- (this->peer_id == other->peer_id ||
- (this->peer_id && other->peer_id &&
- this->peer_id->equals(this->peer_id, other->peer_id)))
+ id_equal(this->peer_id, other->peer_id)
#endif /* ME */
);
}
@@ -724,6 +750,7 @@ METHOD(peer_cfg_t, destroy, void,
DESTROY_IF(this->peer_id);
free(this->mediated_by);
#endif /* ME */
+ DESTROY_IF(this->ppk_id);
this->lock->destroy(this->lock);
free(this->name);
free(this);
@@ -778,6 +805,8 @@ peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg,
.create_pool_enumerator = _create_pool_enumerator,
.add_auth_cfg = _add_auth_cfg,
.create_auth_cfg_enumerator = _create_auth_cfg_enumerator,
+ .get_ppk_id = _get_ppk_id,
+ .ppk_required = _ppk_required,
.equals = (void*)_equals,
.get_ref = _get_ref,
.destroy = _destroy,
@@ -803,6 +832,8 @@ peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg,
.pull_mode = !data->push_mode,
.dpd = data->dpd,
.dpd_timeout = data->dpd_timeout,
+ .ppk_id = data->ppk_id,
+ .ppk_required = data->ppk_required,
.vips = linked_list_create(),
.pools = linked_list_create(),
.local_auth = linked_list_create(),
diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h
index 6074a7cd4..49c4d1492 100644
--- a/src/libcharon/config/peer_cfg.h
+++ b/src/libcharon/config/peer_cfg.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2017 Tobias Brunner
+ * Copyright (C) 2007-2018 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -157,11 +157,9 @@ struct peer_cfg_t {
/**
* Replace the CHILD configs with those in the given PEER config.
*
- * Configs that are equal are not replaced.
- *
* The enumerator enumerates the removed and added CHILD configs
* (child_cfg_t*, bool), where the flag is FALSE for removed configs and
- * TRUE for added configs.
+ * TRUE for added configs. Configs that are equal are not enumerated.
*
* @param other other config to get CHILD configs from
* @return an enumerator over removed/added CHILD configs
@@ -313,6 +311,20 @@ struct peer_cfg_t {
*/
enumerator_t* (*create_pool_enumerator)(peer_cfg_t *this);
+ /**
+ * Get the PPK ID to use with this peer.
+ *
+ * @return PPK id
+ */
+ identification_t *(*get_ppk_id)(peer_cfg_t *this);
+
+ /**
+ * Whether a PPK is required with this peer.
+ *
+ * @return TRUE, if a PPK is required
+ */
+ bool (*ppk_required)(peer_cfg_t *this);
+
#ifdef ME
/**
* Is this a mediation connection?
@@ -395,6 +407,10 @@ struct peer_cfg_create_t {
uint32_t dpd;
/** DPD timeout interval (IKEv1 only), if 0 default applies */
uint32_t dpd_timeout;
+ /** Postquantum Preshared Key ID (adopted) */
+ identification_t *ppk_id;
+ /** TRUE if a PPK is required, FALSE if it's optional */
+ bool ppk_required;
#ifdef ME
/** TRUE if this is a mediation connection */
bool mediation;
diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c
index e4b819710..d2f3afdd3 100644
--- a/src/libcharon/daemon.c
+++ b/src/libcharon/daemon.c
@@ -480,25 +480,27 @@ static void load_sys_logger(private_daemon_t *this, char *facility,
/**
* Load the given file logger configured in strongswan.conf
*/
-static void load_file_logger(private_daemon_t *this, char *filename,
+static void load_file_logger(private_daemon_t *this, char *section,
linked_list_t *current_loggers)
{
file_logger_t *file_logger;
debug_t group;
level_t def;
bool add_ms, ike_name, flush_line, append;
- char *time_format;
+ char *time_format, *filename;
time_format = lib->settings->get_str(lib->settings,
- "%s.filelog.%s.time_format", NULL, lib->ns, filename);
+ "%s.filelog.%s.time_format", NULL, lib->ns, section);
add_ms = lib->settings->get_bool(lib->settings,
- "%s.filelog.%s.time_add_ms", FALSE, lib->ns, filename);
+ "%s.filelog.%s.time_add_ms", FALSE, lib->ns, section);
ike_name = lib->settings->get_bool(lib->settings,
- "%s.filelog.%s.ike_name", FALSE, lib->ns, filename);
+ "%s.filelog.%s.ike_name", FALSE, lib->ns, section);
flush_line = lib->settings->get_bool(lib->settings,
- "%s.filelog.%s.flush_line", FALSE, lib->ns, filename);
+ "%s.filelog.%s.flush_line", FALSE, lib->ns, section);
append = lib->settings->get_bool(lib->settings,
- "%s.filelog.%s.append", TRUE, lib->ns, filename);
+ "%s.filelog.%s.append", TRUE, lib->ns, section);
+ filename = lib->settings->get_str(lib->settings,
+ "%s.filelog.%s.path", section, lib->ns, section);
file_logger = add_file_logger(this, filename, current_loggers);
if (!file_logger)
@@ -510,12 +512,12 @@ static void load_file_logger(private_daemon_t *this, char *filename,
file_logger->open(file_logger, flush_line, append);
def = lib->settings->get_int(lib->settings, "%s.filelog.%s.default", 1,
- lib->ns, filename);
+ lib->ns, section);
for (group = 0; group < DBG_MAX; group++)
{
file_logger->set_level(file_logger, group,
lib->settings->get_int(lib->settings, "%s.filelog.%s.%N", def,
- lib->ns, filename, debug_lower_names, group));
+ lib->ns, section, debug_lower_names, group));
}
charon->bus->add_logger(charon->bus, &file_logger->logger);
}
@@ -545,6 +547,10 @@ static void load_custom_logger(private_daemon_t *this,
lib->settings->get_int(lib->settings, "%s.customlog.%s.%N", def,
lib->ns, entry->name, debug_lower_names, group));
}
+ if (custom_logger->reload)
+ {
+ custom_logger->reload(custom_logger);
+ }
charon->bus->add_logger(charon->bus, &custom_logger->logger);
}
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 1b8cd76f4..b72a2bf2d 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2014 Tobias Brunner
+ * Copyright (C) 2006-2018 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2010 revosec AG
* Copyright (C) 2006 Daniel Roethlisberger
@@ -2095,8 +2095,8 @@ METHOD(message_t, fragment, status_t,
count = data.len / frag_len + (data.len % frag_len ? 1 : 0);
this->fragments = array_create(0, count);
- DBG1(DBG_ENC, "splitting IKE message with length of %zu bytes into "
- "%hu fragments", len, count);
+ DBG1(DBG_ENC, "splitting IKE message (%zu bytes) into %hu fragments", len,
+ count);
for (num = 1; num <= count; num++)
{
len = min(data.len, frag_len);
@@ -2821,11 +2821,11 @@ METHOD(message_t, add_fragment_v1, status_t,
return NEED_MORE;
}
- DBG1(DBG_ENC, "received fragment #%hhu, reassembling fragmented IKE "
- "message", num);
-
data = merge_fragments(this, message);
this->packet->set_data(this->packet, data);
+ DBG1(DBG_ENC, "received fragment #%hhu, reassembled fragmented IKE "
+ "message (%zu bytes)", num, data.len);
+
this->parser = parser_create(data);
if (parse_header(this) != SUCCESS)
@@ -2842,9 +2842,11 @@ METHOD(message_t, add_fragment_v2, status_t,
encrypted_fragment_payload_t *encrypted_fragment;
encrypted_payload_t *encrypted;
payload_t *payload;
+ aead_t *aead;
enumerator_t *enumerator;
chunk_t data;
uint16_t total, num;
+ size_t len;
status_t status;
if (!this->frag)
@@ -2904,15 +2906,30 @@ METHOD(message_t, add_fragment_v2, status_t,
return NEED_MORE;
}
- DBG1(DBG_ENC, "received fragment #%hu of %hu, reassembling fragmented IKE "
- "message", num, total);
+ encrypted = (encrypted_payload_t*)encrypted_fragment;
+ aead = encrypted->get_transform(encrypted);
data = merge_fragments(this, message);
+
encrypted = encrypted_payload_create_from_plain(this->first_payload, data);
+ encrypted->set_transform(encrypted, aead);
this->payloads->insert_last(this->payloads, encrypted);
/* update next payload type (could be an unencrypted payload) */
this->payloads->get_first(this->payloads, (void**)&payload);
this->first_payload = payload->get_type(payload);
+
+ /* we report the length of the complete IKE message when splitting, do the
+ * same here, so add the IKEv2 header len to the reassembled payload data */
+ len = 28;
+ enumerator = create_payload_enumerator(this);
+ while (enumerator->enumerate(enumerator, &payload))
+ {
+ len += payload->get_length(payload);
+ }
+ enumerator->destroy(enumerator);
+
+ DBG1(DBG_ENC, "received fragment #%hu of %hu, reassembled fragmented IKE "
+ "message (%zu bytes)", num, total, len);
return SUCCESS;
}
diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c
index 4f4b1d1d6..ba56ace55 100644
--- a/src/libcharon/encoding/payloads/encrypted_payload.c
+++ b/src/libcharon/encoding/payloads/encrypted_payload.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2014 Tobias Brunner
+ * Copyright (C) 2011-2018 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2010 revosec AG
* Copyright (C) 2005 Jan Hutter
@@ -326,6 +326,21 @@ METHOD2(payload_t, encrypted_payload_t, get_length, size_t,
return this->payload_length;
}
+METHOD2(payload_t, encrypted_payload_t, get_length_plain, size_t,
+ private_encrypted_payload_t *this)
+{
+ /* contains only the decrypted payload data, no IV, padding or ICV */
+ this->payload_length = this->encrypted.len;
+
+ if (this->aead)
+ {
+ this->payload_length += compute_overhead(this->aead,
+ this->payload_length);
+ }
+ this->payload_length += get_header_length(this);
+ return this->payload_length;
+}
+
METHOD(encrypted_payload_t, add_payload, void,
private_encrypted_payload_t *this, payload_t *payload)
{
@@ -727,6 +742,12 @@ METHOD(encrypted_payload_t, set_transform, void,
this->aead = aead;
}
+METHOD(encrypted_payload_t, get_transform, aead_t*,
+ private_encrypted_payload_t *this)
+{
+ return this->aead;
+}
+
METHOD2(payload_t, encrypted_payload_t, destroy, void,
private_encrypted_payload_t *this)
{
@@ -759,6 +780,7 @@ encrypted_payload_t *encrypted_payload_create(payload_type_t type)
.remove_payload = _remove_payload,
.generate_payloads = _generate_payloads,
.set_transform = _set_transform,
+ .get_transform = _get_transform,
.encrypt = _encrypt,
.decrypt = _decrypt,
.destroy = _destroy,
@@ -787,10 +809,11 @@ encrypted_payload_t *encrypted_payload_create_from_plain(payload_type_t next,
private_encrypted_payload_t *this;
this = (private_encrypted_payload_t*)encrypted_payload_create(PLV2_ENCRYPTED);
+ this->public.payload_interface.get_length = _get_length_plain;
+ this->public.get_length = _get_length_plain;
this->public.decrypt = _decrypt_plain;
this->next_payload = next;
this->encrypted = plain;
- compute_length(this);
return &this->public;
}
@@ -899,6 +922,12 @@ METHOD(encrypted_payload_t, frag_set_transform, void,
this->aead = aead;
}
+METHOD(encrypted_payload_t, frag_get_transform, aead_t*,
+ private_encrypted_fragment_payload_t *this)
+{
+ return this->aead;
+}
+
/**
* Append the encrypted fragment payload header to the associated data
*/
@@ -996,6 +1025,7 @@ encrypted_fragment_payload_t *encrypted_fragment_payload_create()
.remove_payload = (void*)return_null,
.generate_payloads = nop,
.set_transform = _frag_set_transform,
+ .get_transform = _frag_get_transform,
.encrypt = _frag_encrypt,
.decrypt = _frag_decrypt,
.destroy = _frag_destroy,
diff --git a/src/libcharon/encoding/payloads/encrypted_payload.h b/src/libcharon/encoding/payloads/encrypted_payload.h
index 72a256553..be7a24f43 100644
--- a/src/libcharon/encoding/payloads/encrypted_payload.h
+++ b/src/libcharon/encoding/payloads/encrypted_payload.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2018 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2010 revosec AG
* Copyright (C) 2005 Jan Hutter
@@ -74,9 +74,16 @@ struct encrypted_payload_t {
/**
* Set the AEAD transform to use.
*
- * @param aead aead transform to use
+ * @param aead aead transform to use
*/
- void (*set_transform) (encrypted_payload_t *this, aead_t *aead);
+ void (*set_transform)(encrypted_payload_t *this, aead_t *aead);
+
+ /**
+ * Get the AEAD transform that to use (or was used).
+ *
+ * @param aead aead transform to use (or was used)
+ */
+ aead_t *(*get_transform)(encrypted_payload_t *this);
/**
* Generate, encrypt and sign contained payloads.
diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c
index 0c6f010b5..a69db9357 100644
--- a/src/libcharon/encoding/payloads/notify_payload.c
+++ b/src/libcharon/encoding/payloads/notify_payload.c
@@ -1,7 +1,7 @@
/*
+ * Copyright (C) 2006-2018 Tobias Brunner
* Copyright (C) 2005-2010 Martin Willi
* Copyright (C) 2010 revosec AG
- * Copyright (C) 2006-2008 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -114,7 +114,11 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, SIGNATURE_HASH_ALGORITHMS, MS_NOTI
"SENDER_REQUEST_ID",
"FRAGMENTATION_SUPPORTED",
"SIGNATURE_HASH_ALGORITHMS");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, SIGNATURE_HASH_ALGORITHMS,
+ENUM_NEXT(notify_type_names, USE_PPK, NO_PPK_AUTH, SIGNATURE_HASH_ALGORITHMS,
+ "USE_PPK",
+ "PPK_IDENTITY",
+ "NO_PPK_AUTH");
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, NO_PPK_AUTH,
"INITIAL_CONTACT");
ENUM_NEXT(notify_type_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
"DPD_R_U_THERE",
@@ -224,7 +228,11 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, SIGNATURE_HASH_ALGORITHMS, M
"SENDER_REQ_ID",
"FRAG_SUP",
"HASH_ALG");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, SIGNATURE_HASH_ALGORITHMS,
+ENUM_NEXT(notify_type_short_names, USE_PPK, NO_PPK_AUTH, SIGNATURE_HASH_ALGORITHMS,
+ "USE_PPK",
+ "PPK_ID",
+ "NO_PPK");
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, NO_PPK_AUTH,
"INITIAL_CONTACT");
ENUM_NEXT(notify_type_short_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1,
"DPD",
diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h
index 39e4c915b..b0cf69d02 100644
--- a/src/libcharon/encoding/payloads/notify_payload.h
+++ b/src/libcharon/encoding/payloads/notify_payload.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006-2008 Tobias Brunner
+ * Copyright (C) 2006-2018 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -153,6 +153,12 @@ enum notify_type_t {
FRAGMENTATION_SUPPORTED = 16430,
/* Signature Hash Algorithms, RFC 7427 */
SIGNATURE_HASH_ALGORITHMS = 16431,
+ /* Use Postquantum Preshared Key (draft-ietf-ipsecme-qr-ikev2) */
+ USE_PPK = 16435,
+ /* Postquantum Preshared Key Identity (draft-ietf-ipsecme-qr-ikev2) */
+ PPK_IDENTITY = 16436,
+ /* No Postquantum Preshared Key Auth (draft-ietf-ipsecme-qr-ikev2) */
+ NO_PPK_AUTH = 16437,
/* IKEv1 initial contact */
INITIAL_CONTACT_IKEV1 = 24578,
/* IKEv1 DPD */
diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h
index 94b9c284b..4158eb45e 100644
--- a/src/libcharon/kernel/kernel_ipsec.h
+++ b/src/libcharon/kernel/kernel_ipsec.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2016 Andreas Steffen
- * Copyright (C) 2006-2016 Tobias Brunner
+ * Copyright (C) 2006-2018 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -93,8 +93,16 @@ struct kernel_ipsec_add_sa_t {
bool encap;
/** no (disabled), yes (enabled), auto (enabled if supported) */
hw_offload_t hw_offload;
+ /** Mark the SA should apply to packets after processing */
+ mark_t mark;
/** TRUE to use Extended Sequence Numbers */
bool esn;
+ /** TRUE to copy the DF bit to the outer IPv4 header in tunnel mode */
+ bool copy_df;
+ /** TRUE to copy the ECN header field to/from the outer header */
+ bool copy_ecn;
+ /** Whether to copy the DSCP header field to/from the outer header */
+ dscp_copy_t copy_dscp;
/** TRUE if initiator of the exchange creating the SA */
bool initiator;
/** TRUE if this is an inbound SA */
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index 4c72b5609..acdba345c 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -646,13 +646,13 @@ receiver_t *receiver_create()
this->receive_delay = lib->settings->get_int(lib->settings,
"%s.receive_delay", 0, lib->ns);
this->receive_delay_type = lib->settings->get_int(lib->settings,
- "%s.receive_delay_type", 0, lib->ns),
+ "%s.receive_delay_type", 0, lib->ns);
this->receive_delay_request = lib->settings->get_bool(lib->settings,
- "%s.receive_delay_request", TRUE, lib->ns),
+ "%s.receive_delay_request", TRUE, lib->ns);
this->receive_delay_response = lib->settings->get_bool(lib->settings,
- "%s.receive_delay_response", TRUE, lib->ns),
+ "%s.receive_delay_response", TRUE, lib->ns);
this->initiator_only = lib->settings->get_bool(lib->settings,
- "%s.initiator_only", FALSE, lib->ns),
+ "%s.initiator_only", FALSE, lib->ns);
this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!this->hasher)
diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in
index 62ce323d0..c16899048 100644
--- a/src/libcharon/plugins/addrblock/Makefile.in
+++ b/src/libcharon/plugins/addrblock/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in
index bba9591ec..4cecc1431 100644
--- a/src/libcharon/plugins/android_dns/Makefile.in
+++ b/src/libcharon/plugins/android_dns/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in
index 0a5c7ec8d..5d0c826f5 100644
--- a/src/libcharon/plugins/android_log/Makefile.in
+++ b/src/libcharon/plugins/android_log/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/attr/Makefile.in b/src/libcharon/plugins/attr/Makefile.in
index 2e7170472..af810b959 100644
--- a/src/libcharon/plugins/attr/Makefile.in
+++ b/src/libcharon/plugins/attr/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/attr_sql/Makefile.in b/src/libcharon/plugins/attr_sql/Makefile.in
index b8b9885f2..cc2c22ddc 100644
--- a/src/libcharon/plugins/attr_sql/Makefile.in
+++ b/src/libcharon/plugins/attr_sql/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/bypass_lan/Makefile.in b/src/libcharon/plugins/bypass_lan/Makefile.in
index f882f6bc0..84b3bb3b2 100644
--- a/src/libcharon/plugins/bypass_lan/Makefile.in
+++ b/src/libcharon/plugins/bypass_lan/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in
index cbfb07597..f057d25c2 100644
--- a/src/libcharon/plugins/certexpire/Makefile.in
+++ b/src/libcharon/plugins/certexpire/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/connmark/Makefile.in b/src/libcharon/plugins/connmark/Makefile.in
index 6f0a2bddf..b88af5a24 100644
--- a/src/libcharon/plugins/connmark/Makefile.in
+++ b/src/libcharon/plugins/connmark/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/counters/Makefile.in b/src/libcharon/plugins/counters/Makefile.in
index 491ba80b3..e58c467bf 100644
--- a/src/libcharon/plugins/counters/Makefile.in
+++ b/src/libcharon/plugins/counters/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in
index 5859a21ee..1d9a7cbc7 100644
--- a/src/libcharon/plugins/coupling/Makefile.in
+++ b/src/libcharon/plugins/coupling/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in
index f8e2d7398..5975ea98b 100644
--- a/src/libcharon/plugins/dhcp/Makefile.in
+++ b/src/libcharon/plugins/dhcp/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c
index c26fcc920..1e208d094 100644
--- a/src/libcharon/plugins/dhcp/dhcp_socket.c
+++ b/src/libcharon/plugins/dhcp/dhcp_socket.c
@@ -800,7 +800,10 @@ dhcp_socket_t *dhcp_socket_create()
destroy(this);
return NULL;
}
- if (!is_broadcast(this->dst))
+ if (!is_broadcast(this->dst) &&
+ lib->settings->get_bool(lib->settings,
+ "%s.plugins.dhcp.use_server_port", FALSE,
+ lib->ns))
{
/* when setting giaddr (which we do when we don't broadcast), the server
* should respond to the server port on that IP, according to RFC 2131,
@@ -808,7 +811,9 @@ dhcp_socket_t *dhcp_socket_create()
* kernel will respond with an ICMP port unreachable if there is no
* socket bound to that port, which might be problematic with certain
* DHCP servers. instead of opening an additional socket, that we don't
- * actually use, we can also just send our requests from port 67 */
+ * actually use, we can also just send our requests from port 67.
+ * we don't do this by default, as it might cause conflicts with DHCP
+ * servers running on the same host */
src.sin_port = htons(DHCP_SERVER_PORT);
}
if (bind(this->send, (struct sockaddr*)&src, sizeof(src)) == -1)
diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in
index d0a4d7fc3..d9f80a7ba 100644
--- a/src/libcharon/plugins/dnscert/Makefile.in
+++ b/src/libcharon/plugins/dnscert/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in
index 9be0c495b..93ed6609a 100644
--- a/src/libcharon/plugins/duplicheck/Makefile.in
+++ b/src/libcharon/plugins/duplicheck/Makefile.in
@@ -320,7 +320,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -346,6 +345,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -366,8 +367,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -422,8 +421,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -452,8 +449,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in
index dd66b65b7..202051fdd 100644
--- a/src/libcharon/plugins/eap_aka/Makefile.in
+++ b/src/libcharon/plugins/eap_aka/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_aka_3gpp/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in
index d8515c05b..8aef51cef 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp/Makefile.in
@@ -321,7 +321,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -347,6 +346,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -367,8 +368,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -423,8 +422,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -453,8 +450,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in
index 65b86199c..5c45477ad 100644
--- a/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp/tests/Makefile.in
@@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -334,6 +333,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -354,8 +355,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -410,8 +409,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -440,8 +437,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
index f5fc3fb48..b60fbd03b 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
+++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in
index 494f0a8c5..0ebde2034 100644
--- a/src/libcharon/plugins/eap_dynamic/Makefile.in
+++ b/src/libcharon/plugins/eap_dynamic/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in
index 4dc68f94f..f8b9580e8 100644
--- a/src/libcharon/plugins/eap_gtc/Makefile.in
+++ b/src/libcharon/plugins/eap_gtc/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in
index 44f097ef4..405660c8c 100644
--- a/src/libcharon/plugins/eap_identity/Makefile.in
+++ b/src/libcharon/plugins/eap_identity/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in
index 3c634db82..5e6da5e1b 100644
--- a/src/libcharon/plugins/eap_md5/Makefile.in
+++ b/src/libcharon/plugins/eap_md5/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in
index 505d6ea52..9ac83b0eb 100644
--- a/src/libcharon/plugins/eap_mschapv2/Makefile.in
+++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in
index 20f2ecab1..e3d498c5b 100644
--- a/src/libcharon/plugins/eap_peap/Makefile.in
+++ b/src/libcharon/plugins/eap_peap/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in
index f5100fc53..832c7d0dd 100644
--- a/src/libcharon/plugins/eap_radius/Makefile.in
+++ b/src/libcharon/plugins/eap_radius/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in
index ae25d21c2..2996eaa8a 100644
--- a/src/libcharon/plugins/eap_sim/Makefile.in
+++ b/src/libcharon/plugins/eap_sim/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in
index a02cbbd23..3792f24aa 100644
--- a/src/libcharon/plugins/eap_sim_file/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_file/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
index d9cfda351..3992a0f19 100644
--- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
+++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in
@@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -342,6 +341,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -362,8 +363,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -418,8 +417,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -448,8 +445,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c b/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c
index dbf660889..141b123ae 100644
--- a/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c
+++ b/src/libcharon/plugins/eap_sim_pcsc/eap_sim_pcsc_card.c
@@ -124,6 +124,7 @@ METHOD(simaka_card_t, get_triplet, bool,
if (rv != SCARD_S_SUCCESS)
{
DBG1(DBG_IKE, "SCardListReaders: %s", pcsc_stringify_error(rv));
+ free(mszReaders);
return FALSE;
}
diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
index 9f56b01da..8bc917d2a 100644
--- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in
@@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -342,6 +341,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -362,8 +363,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -418,8 +417,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -448,8 +445,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
index 9e41bf270..9a3aeb813 100644
--- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
index 0f6b7e95a..3f4b66735 100644
--- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in
+++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in
index 83726b645..a5c69c5fb 100644
--- a/src/libcharon/plugins/eap_tls/Makefile.in
+++ b/src/libcharon/plugins/eap_tls/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in
index 1047ea0e0..f979c523a 100644
--- a/src/libcharon/plugins/eap_tnc/Makefile.in
+++ b/src/libcharon/plugins/eap_tnc/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in
index 1a779c60b..135d5e1b1 100644
--- a/src/libcharon/plugins/eap_ttls/Makefile.in
+++ b/src/libcharon/plugins/eap_ttls/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in
index 7439befbc..66b7cad89 100644
--- a/src/libcharon/plugins/error_notify/Makefile.in
+++ b/src/libcharon/plugins/error_notify/Makefile.in
@@ -321,7 +321,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -347,6 +346,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -367,8 +368,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -423,8 +422,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -453,8 +450,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in
index d669b5707..f7904fdde 100644
--- a/src/libcharon/plugins/ext_auth/Makefile.in
+++ b/src/libcharon/plugins/ext_auth/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in
index dc07f34c1..752fba7e6 100644
--- a/src/libcharon/plugins/farp/Makefile.in
+++ b/src/libcharon/plugins/farp/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/forecast/Makefile.in b/src/libcharon/plugins/forecast/Makefile.in
index f89ed736d..7e2f2a3c3 100644
--- a/src/libcharon/plugins/forecast/Makefile.in
+++ b/src/libcharon/plugins/forecast/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in
index 455108834..05093df22 100644
--- a/src/libcharon/plugins/ha/Makefile.in
+++ b/src/libcharon/plugins/ha/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/ha/ha_kernel.c b/src/libcharon/plugins/ha/ha_kernel.c
index 7fdcfef28..20cf04844 100644
--- a/src/libcharon/plugins/ha/ha_kernel.c
+++ b/src/libcharon/plugins/ha/ha_kernel.c
@@ -240,7 +240,7 @@ static void enable_disable(private_ha_kernel_t *this, u_int segment,
}
/**
- * Get the currenlty active segments in the kernel for a clusterip file
+ * Get the currently active segments in the kernel for a clusterip file
*/
static segment_mask_t get_active(private_ha_kernel_t *this, char *file)
{
diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in
index b212e2e33..74b3729c7 100644
--- a/src/libcharon/plugins/ipseckey/Makefile.in
+++ b/src/libcharon/plugins/ipseckey/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in
index cc4450a95..fa8b093ca 100644
--- a/src/libcharon/plugins/kernel_iph/Makefile.in
+++ b/src/libcharon/plugins/kernel_iph/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in
index 09c03ed33..478d53dba 100644
--- a/src/libcharon/plugins/kernel_libipsec/Makefile.in
+++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in
index 7ec64084b..b6b3af6d5 100644
--- a/src/libcharon/plugins/kernel_netlink/Makefile.in
+++ b/src/libcharon/plugins/kernel_netlink/Makefile.in
@@ -355,7 +355,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -381,6 +380,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -401,8 +402,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -457,8 +456,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -487,8 +484,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
index 4926c3de8..1292e0895 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -1131,7 +1131,7 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this,
static bool receive_events(private_kernel_netlink_ipsec_t *this, int fd,
watcher_event_t event)
{
- char response[1024];
+ char response[netlink_get_buflen()];
struct nlmsghdr *hdr = (struct nlmsghdr*)response;
struct sockaddr_nl addr;
socklen_t addr_len = sizeof(addr);
@@ -1336,6 +1336,23 @@ static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark)
}
/**
+ * Add a uint32 attribute to message
+ */
+static bool add_uint32(struct nlmsghdr *hdr, int buflen,
+ enum xfrm_attr_type_t type, uint32_t value)
+{
+ uint32_t *xvalue;
+
+ xvalue = netlink_reserve(hdr, buflen, type, sizeof(*xvalue));
+ if (!xvalue)
+ {
+ return FALSE;
+ }
+ *xvalue = value;
+ return TRUE;
+}
+
+/**
* Check if kernel supports HW offload
*/
static void netlink_find_offload_feature(const char *ifname, int query_socket)
@@ -1586,6 +1603,49 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
sa->id.proto = id->proto;
sa->family = id->src->get_family(id->src);
sa->mode = mode2kernel(mode);
+
+ if (!data->copy_df)
+ {
+ sa->flags |= XFRM_STATE_NOPMTUDISC;
+ }
+
+ if (!data->copy_ecn)
+ {
+ sa->flags |= XFRM_STATE_NOECN;
+ }
+
+ if (data->inbound)
+ {
+ switch (data->copy_dscp)
+ {
+ case DSCP_COPY_YES:
+ case DSCP_COPY_IN_ONLY:
+ sa->flags |= XFRM_STATE_DECAP_DSCP;
+ break;
+ default:
+ break;
+ }
+ }
+ else
+ {
+ switch (data->copy_dscp)
+ {
+ case DSCP_COPY_IN_ONLY:
+ case DSCP_COPY_NO:
+ {
+ /* currently the only extra flag */
+ if (!add_uint32(hdr, sizeof(request), XFRMA_SA_EXTRA_FLAGS,
+ XFRM_SA_XFLAG_DONT_ENCAP_DSCP))
+ {
+ goto failed;
+ }
+ break;
+ }
+ default:
+ break;
+ }
+ }
+
switch (mode)
{
case MODE_TUNNEL:
@@ -1829,17 +1889,23 @@ METHOD(kernel_ipsec_t, add_sa, status_t,
goto failed;
}
+ if (ipcomp == IPCOMP_NONE && (data->mark.value | data->mark.mask))
+ {
+ if (!add_uint32(hdr, sizeof(request), XFRMA_SET_MARK,
+ data->mark.value) ||
+ !add_uint32(hdr, sizeof(request), XFRMA_SET_MARK_MASK,
+ data->mark.mask))
+ {
+ goto failed;
+ }
+ }
+
if (data->tfc && id->proto == IPPROTO_ESP && mode == MODE_TUNNEL)
{ /* the kernel supports TFC padding only for tunnel mode ESP SAs */
- uint32_t *tfcpad;
-
- tfcpad = netlink_reserve(hdr, sizeof(request), XFRMA_TFCPAD,
- sizeof(*tfcpad));
- if (!tfcpad)
+ if (!add_uint32(hdr, sizeof(request), XFRMA_TFCPAD, data->tfc))
{
goto failed;
}
- *tfcpad = data->tfc;
}
if (id->proto != IPPROTO_COMP)
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
index b6eb54370..760a875ca 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c
@@ -1504,7 +1504,7 @@ static void process_rule(private_kernel_netlink_net_t *this, struct nlmsghdr *hd
static bool receive_events(private_kernel_netlink_net_t *this, int fd,
watcher_event_t event)
{
- char response[1536];
+ char response[netlink_get_buflen()];
struct nlmsghdr *hdr = (struct nlmsghdr*)response;
struct sockaddr_nl addr;
socklen_t addr_len = sizeof(addr);
@@ -2586,11 +2586,11 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this,
memset(half_net.ptr, 0, half_net.len);
half_prefixlen = 1;
- status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
- gateway, src_ip, if_name);
+ status = manage_srcroute(this, nlmsg_type, flags, half_net,
+ half_prefixlen, gateway, src_ip, if_name);
half_net.ptr[0] |= 0x80;
- status = manage_srcroute(this, nlmsg_type, flags, half_net, half_prefixlen,
- gateway, src_ip, if_name);
+ status |= manage_srcroute(this, nlmsg_type, flags, half_net,
+ half_prefixlen, gateway, src_ip, if_name);
return status;
}
@@ -2925,7 +2925,7 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type,
msg->rtm_flags |= FIB_RULE_INVERT;
fwmark++;
}
- if (mark_from_string(fwmark, &mark))
+ if (mark_from_string(fwmark, MARK_OP_NONE, &mark))
{
chunk = chunk_from_thing(mark.value);
netlink_add_attribute(hdr, FRA_FWMARK, chunk, sizeof(request));
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
index 441c0c482..84d78eca2 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -381,7 +381,7 @@ static status_t send_once(private_netlink_socket_t *this, struct nlmsghdr *in,
for (i = 0, *out_len = 0; i < array_count(entry->hdrs); i++)
{
array_get(entry->hdrs, i, &hdr);
- *out_len += hdr->nlmsg_len;
+ *out_len += NLMSG_ALIGN(hdr->nlmsg_len);
}
ptr = malloc(*out_len);
*out = (struct nlmsghdr*)ptr;
@@ -394,7 +394,7 @@ static status_t send_once(private_netlink_socket_t *this, struct nlmsghdr *in,
hdr->nlmsg_seq, hdr, hdr->nlmsg_len);
}
memcpy(ptr, hdr, hdr->nlmsg_len);
- ptr += hdr->nlmsg_len;
+ ptr += NLMSG_ALIGN(hdr->nlmsg_len);
free(hdr);
}
destroy_entry(entry);
@@ -587,8 +587,31 @@ METHOD(netlink_socket_t, destroy, void,
free(this);
}
-/**
- * Described in header.
+/*
+ * Described in header
+ */
+u_int netlink_get_buflen()
+{
+ u_int buflen;
+
+ buflen = lib->settings->get_int(lib->settings,
+ "%s.plugins.kernel-netlink.buflen", 0, lib->ns);
+ if (!buflen)
+ {
+ long pagesize = sysconf(_SC_PAGESIZE);
+
+ if (pagesize == -1)
+ {
+ pagesize = 4096;
+ }
+ /* base this on NLMSG_GOODSIZE */
+ buflen = min(pagesize, 8192);
+ }
+ return buflen;
+}
+
+/*
+ * Described in header
*/
netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names,
bool parallel)
@@ -612,8 +635,7 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names,
.entries = hashtable_create(hashtable_hash_ptr, hashtable_equals_ptr, 4),
.protocol = protocol,
.names = names,
- .buflen = lib->settings->get_int(lib->settings,
- "%s.plugins.kernel-netlink.buflen", 0, lib->ns),
+ .buflen = netlink_get_buflen(),
.timeout = lib->settings->get_int(lib->settings,
"%s.plugins.kernel-netlink.timeout", 0, lib->ns),
.retries = lib->settings->get_int(lib->settings,
@@ -624,16 +646,6 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names,
.parallel = parallel,
);
- if (!this->buflen)
- {
- long pagesize = sysconf(_SC_PAGESIZE);
- if (pagesize == -1)
- {
- pagesize = 4096;
- }
- /* base this on NLMSG_GOODSIZE */
- this->buflen = min(pagesize, 8192);
- }
if (this->socket == -1)
{
DBG1(DBG_KNL, "unable to create netlink socket: %s (%d)",
diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h
index 7056e6ccc..82dce4c5c 100644
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.h
@@ -101,4 +101,11 @@ void netlink_add_attribute(struct nlmsghdr *hdr, int rta_type, chunk_t data,
*/
void* netlink_reserve(struct nlmsghdr *hdr, int buflen, int type, int len);
+/**
+ * Determine buffer size for received messages (e.g. events).
+ *
+ * @return buffer size
+ */
+u_int netlink_get_buflen();
+
#endif /* KERNEL_NETLINK_SHARED_H_ */
diff --git a/src/libcharon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in
index 0d3d3775b..539d1dc46 100644
--- a/src/libcharon/plugins/kernel_pfkey/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 80c484b47..dbe409a62 100644
--- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -890,10 +890,15 @@ static kernel_algorithm_t encryption_algs[] = {
{ENCR_AES_GCM_ICV8, SADB_X_EALG_AES_GCM_ICV8 },
{ENCR_AES_GCM_ICV12, SADB_X_EALG_AES_GCM_ICV12 },
{ENCR_AES_GCM_ICV16, SADB_X_EALG_AES_GCM_ICV16 },
+#elif defined(SADB_X_EALG_AES_GCM) /* macOS */
+ {ENCR_AES_GCM_ICV16, SADB_X_EALG_AES_GCM },
#endif
#ifdef SADB_X_EALG_CAMELLIACBC
{ENCR_CAMELLIA_CBC, SADB_X_EALG_CAMELLIACBC },
#endif
+#ifdef SADB_X_EALG_CHACHA20POLY1305
+ {ENCR_CHACHA20_POLY1305, SADB_X_EALG_CHACHA20POLY1305},
+#endif
{END_OF_LIST, 0 },
};
@@ -2456,6 +2461,45 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this,
}
/**
+ * Check if any significant data has changed to warrant sending an update to
+ * the kernel.
+ */
+static bool policy_update_required(policy_sa_t *current, policy_sa_t *updated)
+{
+ if (current->type != updated->type
+#ifdef HAVE_STRUCT_SADB_X_POLICY_SADB_X_POLICY_PRIORITY
+ || current->priority != updated->priority
+#endif
+ )
+ {
+ return TRUE;
+ }
+ if (current->type == POLICY_IPSEC)
+ {
+ ipsec_sa_cfg_t *cur = &current->sa->cfg, *upd = &updated->sa->cfg;
+
+ /* we don't use ipsec_sa_cfg_equals() here as e.g. SPIs are not
+ * relevant for this kernel interface, so we don't have to update the
+ * policy during a rekeying */
+ if (cur->mode != upd->mode ||
+ cur->reqid != upd->reqid ||
+ cur->esp.use != upd->esp.use ||
+ cur->ah.use != upd->ah.use ||
+ cur->ipcomp.transform != upd->ipcomp.transform)
+ {
+ return TRUE;
+ }
+ if (cur->mode == MODE_TUNNEL &&
+ (!current->sa->src->ip_equals(current->sa->src, updated->sa->src) ||
+ !current->sa->dst->ip_equals(current->sa->dst, updated->sa->dst)))
+ {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+/**
* Add or update a policy in the kernel.
*
* Note: The mutex has to be locked when entering this function.
@@ -2629,7 +2673,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
kernel_ipsec_manage_policy_t *data)
{
policy_entry_t *policy, *found = NULL;
- policy_sa_t *assigned_sa, *current_sa;
+ policy_sa_t *assigned_sa, *current_sa = NULL;
enumerator_t *enumerator;
bool update = TRUE;
@@ -2692,6 +2736,13 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
policy->used_by->insert_before(policy->used_by, enumerator, assigned_sa);
enumerator->destroy(enumerator);
+ if (update && current_sa)
+ { /* check if there are actually any relevant changes, if not, we don't
+ * send an update to the kernel as e.g. FreeBSD doesn't do that
+ * atomically, causing unnecessary traffic loss during rekeyings */
+ update = policy_update_required(current_sa, assigned_sa);
+ }
+
if (!update)
{ /* we don't update the policy if the priority is lower than that of the
* currently installed one */
@@ -2889,22 +2940,28 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
return SUCCESS;
}
policy->used_by->remove(policy->used_by, to_remove, NULL);
- mapping = to_remove;
if (policy->used_by->get_count(policy->used_by) > 0)
{ /* policy is used by more SAs, keep in kernel */
DBG2(DBG_KNL, "policy still used by another CHILD_SA, not removed");
- policy_sa_destroy(mapping, id->dir, this);
+
+ if (is_installed)
+ { /* check if there are actually any relevant changes, if not, we do
+ * not send an update to the kernel as e.g. FreeBSD doesn't do that
+ * atomically, causing unnecessary traffic loss during rekeyings */
+ policy->used_by->get_first(policy->used_by, (void**)&mapping);
+ is_installed = policy_update_required(mapping, to_remove);
+ }
+ policy_sa_destroy(to_remove, id->dir, this);
if (!is_installed)
- { /* no need to update as the policy was not installed for this SA */
+ { /* no need to update as the policy */
this->mutex->unlock(this->mutex);
return SUCCESS;
}
DBG2(DBG_KNL, "updating policy %R === %R %N", id->src_ts, id->dst_ts,
policy_dir_names, id->dir);
- policy->used_by->get_first(policy->used_by, (void**)&mapping);
if (add_policy_internal(this, policy, mapping, TRUE) != SUCCESS)
{
DBG1(DBG_KNL, "unable to update policy %R === %R %N",
@@ -2926,7 +2983,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY;
pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy));
pol->sadb_x_policy_dir = dir2kernel(id->dir);
- pol->sadb_x_policy_type = type2kernel(mapping->type);
+ pol->sadb_x_policy_type = type2kernel(to_remove->type);
PFKEY_EXT_ADD(msg, pol);
add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto,
@@ -2949,7 +3006,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
}
this->policies->remove(this->policies, found, NULL);
- policy_sa_destroy(mapping, id->dir, this);
+ policy_sa_destroy(to_remove, id->dir, this);
policy_entry_destroy(policy, this);
this->mutex->unlock(this->mutex);
diff --git a/src/libcharon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in
index dc4d1c852..b75e0bcde 100644
--- a/src/libcharon/plugins/kernel_pfroute/Makefile.in
+++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in
index 98e147717..36c3b828c 100644
--- a/src/libcharon/plugins/kernel_wfp/Makefile.in
+++ b/src/libcharon/plugins/kernel_wfp/Makefile.in
@@ -321,7 +321,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -347,6 +346,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -367,8 +368,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -423,8 +422,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -453,8 +450,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in
index 7abb83daa..d500bc704 100644
--- a/src/libcharon/plugins/led/Makefile.in
+++ b/src/libcharon/plugins/led/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in
index 42ad9abf3..deb3620c7 100644
--- a/src/libcharon/plugins/load_tester/Makefile.in
+++ b/src/libcharon/plugins/load_tester/Makefile.in
@@ -323,7 +323,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -349,6 +348,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -369,8 +370,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -425,8 +424,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -455,8 +452,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/load_tester/load_tester_control.c b/src/libcharon/plugins/load_tester/load_tester_control.c
index 24076d443..8e89ab435 100644
--- a/src/libcharon/plugins/load_tester/load_tester_control.c
+++ b/src/libcharon/plugins/load_tester/load_tester_control.c
@@ -69,7 +69,7 @@ struct init_listener_t {
hashtable_t *initiated;
/**
- * IKE_SAs we have completed to initate (success or failure)
+ * IKE_SAs we have completed to initiate (success or failure)
*/
hashtable_t *completed;
diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in
index b8c5d2249..905ff8d35 100644
--- a/src/libcharon/plugins/lookip/Makefile.in
+++ b/src/libcharon/plugins/lookip/Makefile.in
@@ -319,7 +319,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -345,6 +344,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -365,8 +366,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -421,8 +420,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -451,8 +448,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in
index 47175b4b9..84d0b86ce 100644
--- a/src/libcharon/plugins/medcli/Makefile.in
+++ b/src/libcharon/plugins/medcli/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in
index 176e2a5cb..7300a774b 100644
--- a/src/libcharon/plugins/medsrv/Makefile.in
+++ b/src/libcharon/plugins/medsrv/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in
index ec1916aba..7795ac7a6 100644
--- a/src/libcharon/plugins/osx_attr/Makefile.in
+++ b/src/libcharon/plugins/osx_attr/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/p_cscf/Makefile.in b/src/libcharon/plugins/p_cscf/Makefile.in
index 9afed4111..5500bdcba 100644
--- a/src/libcharon/plugins/p_cscf/Makefile.in
+++ b/src/libcharon/plugins/p_cscf/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in
index ee16cceb8..f12e54e72 100644
--- a/src/libcharon/plugins/radattr/Makefile.in
+++ b/src/libcharon/plugins/radattr/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in
index 45e2723cc..ec5c0d420 100644
--- a/src/libcharon/plugins/resolve/Makefile.in
+++ b/src/libcharon/plugins/resolve/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/save_keys/Makefile.in b/src/libcharon/plugins/save_keys/Makefile.in
index a56d8eacd..7b1ad145d 100644
--- a/src/libcharon/plugins/save_keys/Makefile.in
+++ b/src/libcharon/plugins/save_keys/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in
index 33484587b..9b476f807 100644
--- a/src/libcharon/plugins/smp/Makefile.in
+++ b/src/libcharon/plugins/smp/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c
index 86296443d..29d3d2dad 100644
--- a/src/libcharon/plugins/smp/smp.c
+++ b/src/libcharon/plugins/smp/smp.c
@@ -76,7 +76,8 @@ static void write_id(xmlTextWriterPtr writer, char *element, identification_t *i
switch (id->get_type(id))
{
{
- char *type = "";
+ char *type;
+
while (TRUE)
{
case ID_ANY:
@@ -324,10 +325,12 @@ static void request_query_config(xmlTextReaderPtr reader, xmlTextWriterPtr write
xmlTextWriterStartElement(writer, "childconfig");
xmlTextWriterWriteElement(writer, "name",
child_cfg->get_name(child_cfg));
- list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+ list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL,
+ NULL, FALSE);
write_networks(writer, "local", list);
list->destroy_offset(list, offsetof(traffic_selector_t, destroy));
- list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+ list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL,
+ NULL, FALSE);
write_networks(writer, "remote", list);
list->destroy_offset(list, offsetof(traffic_selector_t, destroy));
xmlTextWriterEndElement(writer);
diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in
index 05684706e..50529c480 100644
--- a/src/libcharon/plugins/socket_default/Makefile.in
+++ b/src/libcharon/plugins/socket_default/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
index 57e092968..68e5a7a0e 100644
--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
+++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
@@ -745,7 +745,7 @@ static int open_socket(private_socket_default_socket_t *this,
fwmark = lib->settings->get_str(lib->settings,
"%s.plugins.socket-default.fwmark", NULL, lib->ns);
- if (fwmark && mark_from_string(fwmark, &mark))
+ if (fwmark && mark_from_string(fwmark, MARK_OP_NONE, &mark))
{
if (setsockopt(skt, SOL_SOCKET, SO_MARK, &mark.value,
sizeof(mark.value)) < 0)
diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in
index 39558dc24..6ffcafa98 100644
--- a/src/libcharon/plugins/socket_dynamic/Makefile.in
+++ b/src/libcharon/plugins/socket_dynamic/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in
index bb349c0a3..5c67e15fd 100644
--- a/src/libcharon/plugins/socket_win/Makefile.in
+++ b/src/libcharon/plugins/socket_win/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in
index 96733406e..a0fcd8857 100644
--- a/src/libcharon/plugins/sql/Makefile.in
+++ b/src/libcharon/plugins/sql/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in
index 3cf95f9a9..4124da4a6 100644
--- a/src/libcharon/plugins/stroke/Makefile.in
+++ b/src/libcharon/plugins/stroke/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c
index d1bf139c2..d7671481d 100644
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@@ -580,8 +580,10 @@ METHOD(stroke_list_t, status, void,
children = peer_cfg->create_child_cfg_enumerator(peer_cfg);
while (children->enumerate(children, &child_cfg))
{
- my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
- other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+ my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE,
+ NULL, NULL, FALSE);
+ other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE,
+ NULL, NULL, FALSE);
fprintf(out, "%12s: child: %#R === %#R %N",
child_cfg->get_name(child_cfg), my_ts, other_ts,
ipsec_mode_names, child_cfg->get_mode(child_cfg));
@@ -614,8 +616,10 @@ METHOD(stroke_list_t, status, void,
fprintf(out, "Shunted Connections:\n");
first = FALSE;
}
- my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
- other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+ my_ts = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL,
+ NULL, FALSE);
+ other_ts = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL,
+ NULL, FALSE);
fprintf(out, "%12s: %#R === %#R %N\n",
child_cfg->get_name(child_cfg), my_ts, other_ts,
ipsec_mode_names, child_cfg->get_mode(child_cfg));
@@ -1055,7 +1059,7 @@ static void pool_leases(private_stroke_list_t *this, FILE *out, char *pool,
fprintf(out, "Leases in pool '%s', usage: %u/%u, %u online\n",
pool, online + offline, size, online);
enumerator = this->attribute->create_lease_enumerator(this->attribute, pool);
- while (enumerator && enumerator->enumerate(enumerator, &id, &lease, &on))
+ while (enumerator->enumerate(enumerator, &id, &lease, &on))
{
if (!address || address->ip_equals(address, lease))
{
diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in
index 0667d359c..aef21673b 100644
--- a/src/libcharon/plugins/systime_fix/Makefile.in
+++ b/src/libcharon/plugins/systime_fix/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in
index dcf2c5858..6f1a4a356 100644
--- a/src/libcharon/plugins/tnc_ifmap/Makefile.in
+++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in
@@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -342,6 +341,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -362,8 +363,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -418,8 +417,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -448,8 +445,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in
index 02587d1f0..13cb136ab 100644
--- a/src/libcharon/plugins/tnc_pdp/Makefile.in
+++ b/src/libcharon/plugins/tnc_pdp/Makefile.in
@@ -317,7 +317,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -343,6 +342,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -363,8 +364,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -419,8 +418,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -449,8 +446,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
index 17f0cd464..bdad67ba5 100644
--- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
+++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c
@@ -665,7 +665,7 @@ static bool pt_tls_receive(private_tnc_pdp_t *this, int fd, watcher_event_t even
server_ip = host_create_any(client_ip->get_family(client_ip));
/* At this moment the client identity is not known yet */
- client_id = identification_create_from_encoding(ID_ANY, chunk_empty),
+ client_id = identification_create_from_encoding(ID_ANY, chunk_empty);
tnccs = tnc->tnccs->create_instance(tnc->tnccs, TNCCS_2_0, TRUE,
this->server, client_id, server_ip,
diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in
index a01a5f74e..da8e2a7c2 100644
--- a/src/libcharon/plugins/uci/Makefile.in
+++ b/src/libcharon/plugins/uci/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in
index fd29de336..08924353c 100644
--- a/src/libcharon/plugins/unity/Makefile.in
+++ b/src/libcharon/plugins/unity/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c
index 05ae8d504..afbd6cc7e 100644
--- a/src/libcharon/plugins/unity/unity_narrow.c
+++ b/src/libcharon/plugins/unity/unity_narrow.c
@@ -56,7 +56,7 @@ static void narrow_ts(child_cfg_t *cfg, traffic_selector_t *ts,
received = linked_list_create();
received->insert_last(received, ts);
- selected = cfg->get_traffic_selectors(cfg, FALSE, received, NULL);
+ selected = cfg->get_traffic_selectors(cfg, FALSE, received, NULL, FALSE);
while (selected->remove_first(selected, (void**)&ts) == SUCCESS)
{
list->insert_last(list, ts);
@@ -140,7 +140,8 @@ static void narrow_responder_post(child_cfg_t *child_cfg, linked_list_t *local)
{
ts->destroy(ts);
}
- configured = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+ configured = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL,
+ FALSE);
while (configured->remove_first(configured, (void**)&ts) == SUCCESS)
{
diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c
index b52ffeeb1..76aad47e6 100644
--- a/src/libcharon/plugins/unity/unity_provider.c
+++ b/src/libcharon/plugins/unity/unity_provider.c
@@ -160,7 +160,8 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*,
enumerator = peer_cfg->create_child_cfg_enumerator(peer_cfg);
while (enumerator->enumerate(enumerator, &child_cfg))
{
- current = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+ current = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL,
+ FALSE);
while (current->remove_first(current, (void**)&ts) == SUCCESS)
{
if (use_ts(ts))
diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in
index 0f2a055d2..4927e945a 100644
--- a/src/libcharon/plugins/updown/Makefile.in
+++ b/src/libcharon/plugins/updown/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in
index d28223dca..31054634a 100644
--- a/src/libcharon/plugins/vici/Makefile.in
+++ b/src/libcharon/plugins/vici/Makefile.in
@@ -409,7 +409,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -435,6 +434,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -455,8 +456,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -511,8 +510,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -541,8 +538,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md
index 0038f0844..5bd8c1727 100644
--- a/src/libcharon/plugins/vici/README.md
+++ b/src/libcharon/plugins/vici/README.md
@@ -75,7 +75,7 @@ for example.
The defined packet types optionally wrap a message with additional data.
Messages are currently used in CMD_REQUEST/CMD_RESPONSE, and in EVENT packets.
-A message uses a hierarchial tree of sections. Each section (or the implicit
+A message uses a hierarchical tree of sections. Each section (or the implicit
root section) contains an arbitrary set of key/value pairs, lists and
sub-sections. The length of a message is not part of the message itself, but
the wrapping layer, usually calculated from the transport byte sequence length.
@@ -140,7 +140,7 @@ Consider the following structure using pseudo-markup for this example:
list1 = [ item1, item2 ]
}
-The example above reprensents a valid tree structure, that gets encoded as
+The example above represents a valid tree structure, that gets encoded as
the following C array:
char msg[] = {
@@ -302,6 +302,7 @@ Initiate the rekeying of an SA.
ike = <rekey an IKE_SA by configuration name>
child-id = <rekey a CHILD_SA by its reqid>
ike-id = <rekey an IKE_SA by its unique id>
+ reauth = <reauthenticate instead of rekey an IKEv2 SA>
} => {
success = <yes or no>
matches = <number of matched SAs>
diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in
index 59b0774b8..42e35745e 100644
--- a/src/libcharon/plugins/vici/perl/Makefile.in
+++ b/src/libcharon/plugins/vici/perl/Makefile.in
@@ -227,7 +227,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -253,6 +252,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -273,8 +274,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -329,8 +328,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -359,8 +356,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm
index b0a942c04..d0700fa97 100644
--- a/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm
+++ b/src/libcharon/plugins/vici/perl/Vici-Session/lib/Vici/Message.pm
@@ -29,7 +29,9 @@ sub from_data {
my $data = shift;
my %hash = ();
- parse($data, \%hash);
+ open my $data_fd, '<', \$data;
+ parse($data_fd, \%hash);
+ close $data_fd;
my $self = {
Hash => \%hash
@@ -62,29 +64,30 @@ sub result {
# private functions
sub parse {
- my $data = shift;
+ my $fd = shift;
my $hash = shift;
+ my $data;
- while (length($data) > 0)
+ until ( eof $fd )
{
- (my $type, $data) = unpack('Ca*', $data);
+ my $type = unpack('C', read_data($fd, 1));
- if ($type == SECTION_END)
- {
- return $data;
- }
+ if ( $type == SECTION_END )
+ {
+ return;
+ }
- (my $key, $data) = unpack('C/a*a*', $data);
+ my $key = read_len_data($fd, 1);
if ( $type == KEY_VALUE )
{
- (my $value, $data) = unpack('n/a*a*', $data);
+ my $value = read_len_data($fd, 2);
$hash->{$key} = $value;
}
elsif ( $type == SECTION_START )
{
my %section = ();
- $data = parse($data, \%section);
+ parse($fd, \%section);
$hash->{$key} = \%section;
}
elsif ( $type == LIST_START )
@@ -92,19 +95,20 @@ sub parse {
my @list = ();
my $more = 1;
- while (length($data) > 0 and $more)
+ while ( !eof($fd) and $more )
{
- (my $type, $data) = unpack('Ca*', $data);
+ my $type = unpack('C', read_data($fd, 1));
+
if ( $type == LIST_ITEM )
{
- (my $value, $data) = unpack('n/a*a*', $data);
+ my $value = read_len_data($fd, 2);
push(@list, $value);
}
elsif ( $type == LIST_END )
{
$more = 0;
$hash->{$key} = \@list;
- }
+ }
else
{
die "message parsing error: ", $type, "\n"
@@ -116,9 +120,28 @@ sub parse {
die "message parsing error: ", $type, "\n"
}
}
+}
+
+sub read_data {
+ my $fd = shift;
+ my $len = shift;
+ my $data;
+
+ my $res = read $fd, $data, $len;
+ unless (defined $res and $res == $len)
+ {
+ die "message parsing error: unable to read ", $len, " bytes\n";
+ }
return $data;
}
+sub read_len_data {
+ my $fd = shift;
+ my $len = shift;
+
+ $len = unpack($len == 1 ? 'C' : 'n', read_data($fd, $len));
+ return read_data($fd, $len);
+}
sub encode_hash {
my $hash = shift;
diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in
index 057ea88f4..6592a1ae0 100644
--- a/src/libcharon/plugins/vici/python/Makefile.in
+++ b/src/libcharon/plugins/vici/python/Makefile.in
@@ -249,7 +249,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -275,6 +274,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -295,8 +296,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -351,8 +350,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -381,8 +378,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in
index ff4e07d2d..fb9d348d1 100644
--- a/src/libcharon/plugins/vici/ruby/Makefile.in
+++ b/src/libcharon/plugins/vici/ruby/Makefile.in
@@ -227,7 +227,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -253,6 +252,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -273,8 +274,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -329,8 +328,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -359,8 +356,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/vici/ruby/lib/vici.rb b/src/libcharon/plugins/vici/ruby/lib/vici.rb
index f846a14af..61de99a1f 100644
--- a/src/libcharon/plugins/vici/ruby/lib/vici.rb
+++ b/src/libcharon/plugins/vici/ruby/lib/vici.rb
@@ -450,7 +450,7 @@ module Vici
##
# Flush credential cache.
- def flush_certs((match = nil)
+ def flush_certs(match = nil)
check_success(@transp.request("flush-certs", Message.new(match)))
end
diff --git a/src/libcharon/plugins/vici/vici_attribute.c b/src/libcharon/plugins/vici/vici_attribute.c
index 4d174253d..f7c7ce13a 100644
--- a/src/libcharon/plugins/vici/vici_attribute.c
+++ b/src/libcharon/plugins/vici/vici_attribute.c
@@ -705,7 +705,7 @@ CALLBACK(get_pools, vici_message_t*,
i = 0;
builder->begin_section(builder, "leases");
leases = vips->create_lease_enumerator(vips);
- while (leases && leases->enumerate(leases, &uid, &lease, &on))
+ while (leases->enumerate(leases, &uid, &lease, &on))
{
snprintf(buf, sizeof(buf), "%d", i++);
builder->begin_section(builder, buf);
diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index f4e9e33ee..10c62dc89 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -2,8 +2,8 @@
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
- * Copyright (C) 2015-2017 Tobias Brunner
- * Copyright (C) 2015-2016 Andreas Steffen
+ * Copyright (C) 2015-2018 Tobias Brunner
+ * Copyright (C) 2015-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -304,6 +304,8 @@ typedef struct {
bool mobike;
bool send_certreq;
bool pull;
+ identification_t *ppk_id;
+ bool ppk_required;
cert_policy_t send_cert;
uint64_t dpd_delay;
uint64_t dpd_timeout;
@@ -403,6 +405,8 @@ static void log_peer_data(peer_data_t *data)
DBG2(DBG_CFG, " remote_port = %u", data->remote_port);
DBG2(DBG_CFG, " send_certreq = %u", data->send_certreq);
DBG2(DBG_CFG, " send_cert = %N", cert_policy_names, data->send_cert);
+ DBG2(DBG_CFG, " ppk_id = %Y", data->ppk_id);
+ DBG2(DBG_CFG, " ppk_required = %u", data->ppk_required);
DBG2(DBG_CFG, " mobike = %u", data->mobike);
DBG2(DBG_CFG, " aggressive = %u", data->aggressive);
DBG2(DBG_CFG, " dscp = 0x%.2x", data->dscp);
@@ -469,6 +473,7 @@ static void free_peer_data(peer_data_t *data)
free(data->pools);
free(data->local_addrs);
free(data->remote_addrs);
+ DESTROY_IF(data->ppk_id);
#ifdef ME
free(data->mediated_by);
DESTROY_IF(data->peer_id);
@@ -484,7 +489,6 @@ typedef struct {
linked_list_t *local_ts;
linked_list_t *remote_ts;
uint32_t replay_window;
- bool policies;
child_cfg_create_t cfg;
} child_data_t;
@@ -511,7 +515,7 @@ static void log_child_data(child_data_t *data, char *name)
DBG2(DBG_CFG, " ipcomp = %u", has_opt(OPT_IPCOMP));
DBG2(DBG_CFG, " mode = %N%s", ipsec_mode_names, cfg->mode,
has_opt(OPT_PROXY_MODE) ? "_PROXY" : "");
- DBG2(DBG_CFG, " policies = %u", data->policies);
+ DBG2(DBG_CFG, " policies = %u", !has_opt(OPT_NO_POLICIES));
DBG2(DBG_CFG, " policies_fwd_out = %u", has_opt(OPT_FWD_OUT_POLICIES));
if (data->replay_window != REPLAY_UNDEFINED)
{
@@ -529,12 +533,19 @@ static void log_child_data(child_data_t *data, char *name)
DBG2(DBG_CFG, " mark_in_sa = %u", has_opt(OPT_MARK_IN_SA));
DBG2(DBG_CFG, " mark_out = %u/%u",
cfg->mark_out.value, cfg->mark_out.mask);
+ DBG2(DBG_CFG, " set_mark_in = %u/%u",
+ cfg->set_mark_in.value, cfg->set_mark_in.mask);
+ DBG2(DBG_CFG, " set_mark_out = %u/%u",
+ cfg->set_mark_out.value, cfg->set_mark_out.mask);
DBG2(DBG_CFG, " inactivity = %llu", cfg->inactivity);
DBG2(DBG_CFG, " proposals = %#P", data->proposals);
DBG2(DBG_CFG, " local_ts = %#R", data->local_ts);
DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts);
DBG2(DBG_CFG, " hw_offload = %N", hw_offload_names, cfg->hw_offload);
DBG2(DBG_CFG, " sha256_96 = %u", has_opt(OPT_SHA256_96));
+ DBG2(DBG_CFG, " copy_df = %u", !has_opt(OPT_NO_COPY_DF));
+ DBG2(DBG_CFG, " copy_ecn = %u", !has_opt(OPT_NO_COPY_ECN));
+ DBG2(DBG_CFG, " copy_dscp = %N", dscp_copy_names, cfg->copy_dscp);
}
/**
@@ -847,16 +858,17 @@ CALLBACK(parse_mode, bool,
}
/**
- * Enable a child_cfg_option_t
+ * Enable a child_cfg_option_t, the flag controls whether the option is enabled
+ * if the parsed value is TRUE or FALSE.
*/
static bool parse_option(child_cfg_option_t *out, child_cfg_option_t opt,
- chunk_t v)
+ chunk_t v, bool add_if_true)
{
bool val;
if (parse_bool(&val, v))
{
- if (val)
+ if (val == add_if_true)
{
*out |= opt;
}
@@ -871,7 +883,16 @@ static bool parse_option(child_cfg_option_t *out, child_cfg_option_t opt,
CALLBACK(parse_opt_haccess, bool,
child_cfg_option_t *out, chunk_t v)
{
- return parse_option(out, OPT_HOSTACCESS, v);
+ return parse_option(out, OPT_HOSTACCESS, v, TRUE);
+}
+
+/**
+ * Parse OPT_NO_POLICIES option
+ */
+CALLBACK(parse_opt_policies, bool,
+ child_cfg_option_t *out, chunk_t v)
+{
+ return parse_option(out, OPT_NO_POLICIES, v, FALSE);
}
/**
@@ -880,7 +901,7 @@ CALLBACK(parse_opt_haccess, bool,
CALLBACK(parse_opt_fwd_out, bool,
child_cfg_option_t *out, chunk_t v)
{
- return parse_option(out, OPT_FWD_OUT_POLICIES, v);
+ return parse_option(out, OPT_FWD_OUT_POLICIES, v, TRUE);
}
/**
@@ -889,17 +910,16 @@ CALLBACK(parse_opt_fwd_out, bool,
CALLBACK(parse_opt_ipcomp, bool,
child_cfg_option_t *out, chunk_t v)
{
- return parse_option(out, OPT_IPCOMP, v);
+ return parse_option(out, OPT_IPCOMP, v, TRUE);
}
-
/**
* Parse OPT_SHA256_96 option
*/
CALLBACK(parse_opt_sha256_96, bool,
child_cfg_option_t *out, chunk_t v)
{
- return parse_option(out, OPT_SHA256_96, v);
+ return parse_option(out, OPT_SHA256_96, v, TRUE);
}
/**
@@ -908,7 +928,47 @@ CALLBACK(parse_opt_sha256_96, bool,
CALLBACK(parse_opt_mark_in, bool,
child_cfg_option_t *out, chunk_t v)
{
- return parse_option(out, OPT_MARK_IN_SA, v);
+ return parse_option(out, OPT_MARK_IN_SA, v, TRUE);
+}
+
+/**
+ * Parse OPT_NO_COPY_DF option
+ */
+CALLBACK(parse_opt_copy_df, bool,
+ child_cfg_option_t *out, chunk_t v)
+{
+ return parse_option(out, OPT_NO_COPY_DF, v, FALSE);
+}
+
+/**
+ * Parse OPT_NO_COPY_ECN option
+ */
+CALLBACK(parse_opt_copy_ecn, bool,
+ child_cfg_option_t *out, chunk_t v)
+{
+ return parse_option(out, OPT_NO_COPY_ECN, v, FALSE);
+}
+
+/**
+ * Parse a dscp_copy_t
+ */
+CALLBACK(parse_copy_dscp, bool,
+ dscp_copy_t *out, chunk_t v)
+{
+ enum_map_t map[] = {
+ { "no", DSCP_COPY_NO },
+ { "in", DSCP_COPY_IN_ONLY },
+ { "out", DSCP_COPY_OUT_ONLY },
+ { "yes", DSCP_COPY_YES },
+ };
+ int d;
+
+ if (parse_map(map, countof(map), &d, v))
+ {
+ *out = d;
+ return TRUE;
+ }
+ return FALSE;
}
/**
@@ -1126,7 +1186,22 @@ CALLBACK(parse_mark, bool,
{
return FALSE;
}
- return mark_from_string(buf, out);
+ return mark_from_string(buf, MARK_OP_UNIQUE, out);
+}
+
+/**
+ * Parse a mark_t when using it as set_mark.
+ */
+CALLBACK(parse_set_mark, bool,
+ mark_t *out, chunk_t v)
+{
+ char buf[32];
+
+ if (!vici_stringify(v, buf, sizeof(buf)))
+ {
+ return FALSE;
+ }
+ return mark_from_string(buf, MARK_OP_SAME, out);
}
/**
@@ -1514,9 +1589,8 @@ CALLBACK(parse_hosts, bool,
return TRUE;
}
-#ifdef ME
/**
- * Parse peer ID
+ * Parse peer/ppk ID
*/
CALLBACK(parse_peer_id, bool,
identification_t **out, chunk_t v)
@@ -1530,7 +1604,7 @@ CALLBACK(parse_peer_id, bool,
*out = identification_create_from_string(buf);
return TRUE;
}
-#endif /* ME */
+
CALLBACK(cert_kv, bool,
cert_data_t *cert, vici_message_t *message, char *name, chunk_t value)
@@ -1567,7 +1641,7 @@ CALLBACK(child_kv, bool,
{ "updown", parse_string, &child->cfg.updown },
{ "hostaccess", parse_opt_haccess, &child->cfg.options },
{ "mode", parse_mode, &child->cfg },
- { "policies", parse_bool, &child->policies },
+ { "policies", parse_opt_policies, &child->cfg.options },
{ "policies_fwd_out", parse_opt_fwd_out, &child->cfg.options },
{ "replay_window", parse_uint32, &child->replay_window },
{ "rekey_time", parse_time, &child->cfg.lifetime.time.rekey },
@@ -1588,11 +1662,16 @@ CALLBACK(child_kv, bool,
{ "mark_in", parse_mark, &child->cfg.mark_in },
{ "mark_in_sa", parse_opt_mark_in, &child->cfg.options },
{ "mark_out", parse_mark, &child->cfg.mark_out },
+ { "set_mark_in", parse_set_mark, &child->cfg.set_mark_in },
+ { "set_mark_out", parse_set_mark, &child->cfg.set_mark_out },
{ "tfc_padding", parse_tfc, &child->cfg.tfc },
{ "priority", parse_uint32, &child->cfg.priority },
{ "interface", parse_string, &child->cfg.interface },
{ "hw_offload", parse_hw_offload, &child->cfg.hw_offload },
{ "sha256_96", parse_opt_sha256_96,&child->cfg.options },
+ { "copy_df", parse_opt_copy_df, &child->cfg.options },
+ { "copy_ecn", parse_opt_copy_ecn, &child->cfg.options },
+ { "copy_dscp", parse_copy_dscp, &child->cfg.copy_dscp },
};
return parse_rules(rules, countof(rules), name, value,
@@ -1604,7 +1683,7 @@ CALLBACK(auth_li, bool,
{
parse_rule_t rules[] = {
{ "groups", parse_group, auth->cfg },
- { "cert_policy", parse_cert_policy, auth },
+ { "cert_policy", parse_cert_policy, auth->cfg },
{ "certs", parse_certs, auth },
{ "cacerts", parse_cacerts, auth },
{ "pubkeys", parse_pubkeys, auth },
@@ -1669,6 +1748,8 @@ CALLBACK(peer_kv, bool,
{ "rekey_time", parse_time, &peer->rekey_time },
{ "over_time", parse_time, &peer->over_time },
{ "rand_time", parse_time, &peer->rand_time },
+ { "ppk_id", parse_peer_id, &peer->ppk_id },
+ { "ppk_required", parse_bool, &peer->ppk_required },
#ifdef ME
{ "mediation", parse_bool, &peer->mediation },
{ "mediated_by", parse_string, &peer->mediated_by },
@@ -1802,7 +1883,6 @@ CALLBACK(children_sn, bool,
.proposals = linked_list_create(),
.local_ts = linked_list_create(),
.remote_ts = linked_list_create(),
- .policies = TRUE,
.replay_window = REPLAY_UNDEFINED,
.cfg = {
.mode = MODE_TUNNEL,
@@ -1858,7 +1938,6 @@ CALLBACK(children_sn, bool,
child.proposals->insert_last(child.proposals, proposal);
}
}
- child.cfg.options |= child.policies ? 0 : OPT_NO_POLICIES;
check_lifetimes(&child.cfg.lifetime);
@@ -2212,8 +2291,8 @@ static void merge_config(private_vici_config_t *this, peer_cfg_t *peer_cfg)
{
DBG1(DBG_CFG, "replaced vici connection: %s",
peer_cfg->get_name(peer_cfg));
+ this->conns->insert_before(this->conns, enumerator, peer_cfg);
this->conns->remove_at(this->conns, enumerator);
- this->conns->insert_last(this->conns, peer_cfg);
handle_start_actions(this, current, TRUE);
handle_start_actions(this, peer_cfg, FALSE);
current->destroy(current);
@@ -2407,6 +2486,8 @@ CALLBACK(config_sn, bool,
.push_mode = !peer.pull,
.dpd = peer.dpd_delay,
.dpd_timeout = peer.dpd_timeout,
+ .ppk_id = peer.ppk_id ? peer.ppk_id->clone(peer.ppk_id) : NULL,
+ .ppk_required = peer.ppk_required,
};
#ifdef ME
cfg.mediation = peer.mediation;
diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c
index ce19608dc..16e49fdbc 100644
--- a/src/libcharon/plugins/vici/vici_control.c
+++ b/src/libcharon/plugins/vici/vici_control.c
@@ -373,11 +373,13 @@ CALLBACK(rekey, vici_message_t*,
ike_sa_t *ike_sa;
child_sa_t *child_sa;
vici_builder_t *builder;
+ bool reauth;
child = request->get_str(request, NULL, "child");
ike = request->get_str(request, NULL, "ike");
child_id = request->get_int(request, 0, "child-id");
ike_id = request->get_int(request, 0, "ike-id");
+ reauth = request->get_bool(request, FALSE, "reauth");
if (!child && !ike && !ike_id && !child_id)
{
@@ -438,7 +440,7 @@ CALLBACK(rekey, vici_message_t*,
(ike_id && ike_id == ike_sa->get_unique_id(ike_sa)))
{
lib->processor->queue_job(lib->processor,
- (job_t*)rekey_ike_sa_job_create(ike_sa->get_id(ike_sa), FALSE));
+ (job_t*)rekey_ike_sa_job_create(ike_sa->get_id(ike_sa), reauth));
found++;
}
}
diff --git a/src/libcharon/plugins/vici/vici_cred.c b/src/libcharon/plugins/vici/vici_cred.c
index ec6c80a5b..038338805 100644
--- a/src/libcharon/plugins/vici/vici_cred.c
+++ b/src/libcharon/plugins/vici/vici_cred.c
@@ -442,6 +442,10 @@ CALLBACK(load_shared, vici_message_t*,
{
type = SHARED_NT_HASH;
}
+ else if (strcaseeq(str, "ppk"))
+ {
+ type = SHARED_PPK;
+ }
else
{
return create_reply("invalid shared key type: %s", str);
diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c
index 13761f59d..df5b85c64 100644
--- a/src/libcharon/plugins/vici/vici_message.c
+++ b/src/libcharon/plugins/vici/vici_message.c
@@ -102,18 +102,10 @@ bool vici_verify_type(vici_type_t type, u_int section, bool list)
DBG1(DBG_ENC, "'%N' outside of section", vici_type_names, type);
return FALSE;
}
- if (type == VICI_END)
+ if (type == VICI_END && section)
{
- if (section)
- {
- DBG1(DBG_ENC, "'%N' within section", vici_type_names, type);
- return FALSE;
- }
- if (list)
- {
- DBG1(DBG_ENC, "'%N' within list", vici_type_names, type);
- return FALSE;
- }
+ DBG1(DBG_ENC, "'%N' within section", vici_type_names, type);
+ return FALSE;
}
return TRUE;
}
diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c
index 82c3d7855..d7b61ca72 100644
--- a/src/libcharon/plugins/vici/vici_query.c
+++ b/src/libcharon/plugins/vici/vici_query.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2015-2017 Tobias Brunner
- * Copyright (C) 2015 Andreas Steffen
+ * Copyright (C) 2015-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* Copyright (C) 2014 Martin Willi
@@ -417,6 +417,7 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b,
b->add_kv(b, "dh-group", "%N", diffie_hellman_group_names, alg);
}
}
+ add_condition(b, ike_sa, "ppk", COND_PPK);
if (ike_sa->get_state(ike_sa) == IKE_ESTABLISHED)
{
@@ -570,7 +571,7 @@ static void raise_policy_cfg(private_vici_query_t *this, u_int id, char *ike,
list_mode(b, NULL, cfg);
b->begin_list(b, "local-ts");
- list = cfg->get_traffic_selectors(cfg, TRUE, NULL, NULL);
+ list = cfg->get_traffic_selectors(cfg, TRUE, NULL, NULL, FALSE);
enumerator = list->create_enumerator(list);
while (enumerator->enumerate(enumerator, &ts))
{
@@ -581,7 +582,7 @@ static void raise_policy_cfg(private_vici_query_t *this, u_int id, char *ike,
b->end_list(b /* local-ts */);
b->begin_list(b, "remote-ts");
- list = cfg->get_traffic_selectors(cfg, FALSE, NULL, NULL);
+ list = cfg->get_traffic_selectors(cfg, FALSE, NULL, NULL, FALSE);
enumerator = list->create_enumerator(list);
while (enumerator->enumerate(enumerator, &ts))
{
@@ -737,6 +738,18 @@ static void build_auth_cfgs(peer_cfg_t *peer_cfg, bool local, vici_builder_t *b)
rules->destroy(rules);
b->end_list(b);
+ b->begin_list(b, "cert_policy");
+ rules = auth->create_enumerator(auth);
+ while (rules->enumerate(rules, &rule, &v))
+ {
+ if (rule == AUTH_RULE_CERT_POLICY)
+ {
+ b->add_li(b, "%s", v.str);
+ }
+ }
+ rules->destroy(rules);
+ b->end_list(b);
+
b->begin_list(b, "certs");
rules = auth->create_enumerator(auth);
while (rules->enumerate(rules, &rule, &v))
@@ -775,6 +788,7 @@ CALLBACK(list_conns, vici_message_t*,
child_cfg_t *child_cfg;
char *ike, *str, *interface;
uint32_t manual_prio, dpd_delay, dpd_timeout;
+ identification_t *ppk_id;
linked_list_t *list;
traffic_selector_t *ts;
lifetime_cfg_t *lft;
@@ -837,6 +851,16 @@ CALLBACK(list_conns, vici_message_t*,
b->add_kv(b, "dpd_timeout", "%u", dpd_timeout);
}
+ ppk_id = peer_cfg->get_ppk_id(peer_cfg);
+ if (ppk_id)
+ {
+ b->add_kv(b, "ppk_id", "%Y", ppk_id);
+ }
+ if (peer_cfg->ppk_required(peer_cfg))
+ {
+ b->add_kv(b, "ppk_required", "yes");
+ }
+
build_auth_cfgs(peer_cfg, TRUE, b);
build_auth_cfgs(peer_cfg, FALSE, b);
@@ -861,7 +885,8 @@ CALLBACK(list_conns, vici_message_t*,
child_cfg->get_close_action(child_cfg));
b->begin_list(b, "local-ts");
- list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL);
+ list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL,
+ NULL, FALSE);
selectors = list->create_enumerator(list);
while (selectors->enumerate(selectors, &ts))
{
@@ -872,7 +897,8 @@ CALLBACK(list_conns, vici_message_t*,
b->end_list(b /* local-ts */);
b->begin_list(b, "remote-ts");
- list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL, NULL);
+ list = child_cfg->get_traffic_selectors(child_cfg, FALSE, NULL,
+ NULL, FALSE);
selectors = list->create_enumerator(list);
while (selectors->enumerate(selectors, &ts))
{
diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in
index ad9a092cc..9a661077e 100644
--- a/src/libcharon/plugins/whitelist/Makefile.in
+++ b/src/libcharon/plugins/whitelist/Makefile.in
@@ -320,7 +320,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -346,6 +345,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -366,8 +367,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -422,8 +421,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -452,8 +449,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in
index d702a01a6..f9b387d45 100644
--- a/src/libcharon/plugins/xauth_eap/Makefile.in
+++ b/src/libcharon/plugins/xauth_eap/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in
index eeeb4190a..b26065c8c 100644
--- a/src/libcharon/plugins/xauth_generic/Makefile.in
+++ b/src/libcharon/plugins/xauth_generic/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in
index 87a6c872a..cd5848cf3 100644
--- a/src/libcharon/plugins/xauth_noauth/Makefile.in
+++ b/src/libcharon/plugins/xauth_noauth/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in
index a224ffba4..26ab290c3 100644
--- a/src/libcharon/plugins/xauth_pam/Makefile.in
+++ b/src/libcharon/plugins/xauth_pam/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
index 497ad3dd9..f979d1103 100644
--- a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
+++ b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
@@ -89,7 +89,7 @@ METHOD(plugin_t, get_features, int,
METHOD(plugin_t, destroy, void,
private_xauth_pam_plugin_t *this)
{
- this->listener->destroy(this->listener),
+ this->listener->destroy(this->listener);
free(this);
}
diff --git a/src/libcharon/sa/authenticator.h b/src/libcharon/sa/authenticator.h
index 42d9ce32e..58a8ca04f 100644
--- a/src/libcharon/sa/authenticator.h
+++ b/src/libcharon/sa/authenticator.h
@@ -1,6 +1,6 @@
/*
+ * Copyright (C) 2008-2018 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
- * Copyright (C) 2008 Tobias Brunner
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
*
@@ -157,6 +157,17 @@ struct authenticator_t {
status_t (*build)(authenticator_t *this, message_t *message);
/**
+ * Optional method to set a Postquantum Preshared Key (PPK) to be used
+ * during authentication.
+ *
+ * Has to be called before the final call to process()/build().
+ *
+ * @param ppk PPK to use
+ * @param no_ppk_auth whether to add a NO_PPK_AUTH notify in build()
+ */
+ void (*use_ppk)(authenticator_t *this, chunk_t ppk, bool no_ppk_auth);
+
+ /**
* Check if the authenticator is capable of mutual authentication.
*
* Some authenticator authenticate both peers, e.g. EAP. To support
diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c
index 7eeb578f3..c33398bee 100644
--- a/src/libcharon/sa/child_sa.c
+++ b/src/libcharon/sa/child_sa.c
@@ -890,12 +890,21 @@ static status_t install_internal(private_child_sa_t *this, chunk_t encr,
.cpi = cpi,
.encap = this->encap,
.hw_offload = this->config->get_hw_offload(this->config),
+ .mark = this->config->get_set_mark(this->config, inbound),
.esn = esn,
+ .copy_df = !this->config->has_option(this->config, OPT_NO_COPY_DF),
+ .copy_ecn = !this->config->has_option(this->config, OPT_NO_COPY_ECN),
+ .copy_dscp = this->config->get_copy_dscp(this->config),
.initiator = initiator,
.inbound = inbound,
.update = update,
};
+ if (sa.mark.value == MARK_SAME)
+ {
+ sa.mark.value = inbound ? this->mark_in.value : this->mark_out.value;
+ }
+
status = charon->kernel->add_sa(charon->kernel, &id, &sa);
my_ts->destroy(my_ts);
@@ -1723,7 +1732,7 @@ static host_t* get_proxy_addr(child_cfg_t *config, host_t *ike, bool local)
traffic_selector_t *ts;
list = linked_list_create_with_items(ike, NULL);
- ts_list = config->get_traffic_selectors(config, local, NULL, list);
+ ts_list = config->get_traffic_selectors(config, local, NULL, list, FALSE);
list->destroy(list);
enumerator = ts_list->create_enumerator(ts_list);
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index f39fed6f0..a4ad866d3 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -674,6 +674,7 @@ METHOD(ike_sa_t, get_ike_cfg, ike_cfg_t*,
METHOD(ike_sa_t, set_ike_cfg, void,
private_ike_sa_t *this, ike_cfg_t *ike_cfg)
{
+ DESTROY_IF(this->ike_cfg);
ike_cfg->get_ref(ike_cfg);
this->ike_cfg = ike_cfg;
}
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index 316b713ee..c1d3e1d7a 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -156,6 +156,11 @@ enum ike_extension_t {
* IKEv2 Message ID sync, RFC 6311
*/
EXT_IKE_MESSAGE_ID_SYNC = (1<<14),
+
+ /**
+ * Postquantum Preshared Keys, draft-ietf-ipsecme-qr-ikev2
+ */
+ EXT_PPK = (1<<15),
};
/**
@@ -227,6 +232,11 @@ enum ike_condition_t {
* Online certificate revocation checking is suspended for this IKE_SA
*/
COND_ONLINE_VALIDATION_SUSPENDED = (1<<12),
+
+ /**
+ * A Postquantum Preshared Key was used when this IKE_SA was created
+ */
+ COND_PPK = (1<<13),
};
/**
diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c
index 2a499db40..c50c70860 100644
--- a/src/libcharon/sa/ike_sa_manager.c
+++ b/src/libcharon/sa/ike_sa_manager.c
@@ -2,7 +2,7 @@
* Copyright (C) 2005-2011 Martin Willi
* Copyright (C) 2011 revosec AG
*
- * Copyright (C) 2008-2017 Tobias Brunner
+ * Copyright (C) 2008-2018 Tobias Brunner
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
*
@@ -1620,17 +1620,6 @@ METHOD(ike_sa_manager_t, new_initiator_spi, bool,
unlock_single_segment(this, segment);
return FALSE;
}
- /* threads waiting for this entry do so using the (soon) wrong IKE_SA
- * ID and, therefore, likely on the wrong segment, so drive them out */
- entry->driveout_waiting_threads = TRUE;
- entry->driveout_new_threads = TRUE;
- while (entry->waiting_threads)
- {
- entry->condvar->broadcast(entry->condvar);
- entry->condvar->wait(entry->condvar, this->segments[segment].mutex);
- }
- remove_entry(this, entry);
- unlock_single_segment(this, segment);
}
else
{
@@ -1638,7 +1627,19 @@ METHOD(ike_sa_manager_t, new_initiator_spi, bool,
return FALSE;
}
+ /* the hashtable row and segment are determined by the local SPI as
+ * initiator, so if we change it the row and segment derived from it might
+ * change as well. This could be a problem for threads waiting for the
+ * entry (in particular those enumerating entries to check them out by
+ * unique ID or name). In order to avoid having to drive them out and thus
+ * preventing them from checking out the entry (even though the ID or name
+ * will not change and enumerating it is also fine), we mask the new SPI and
+ * merge it with the old SPI so the entry ends up in the same row/segment.
+ * Since SPIs are 64-bit and the number of rows/segments is usually
+ * relatively low this should not be a problem. */
spi = ike_sa_id->get_initiator_spi(ike_sa_id);
+ new_spi = (spi & (uint64_t)this->table_mask) |
+ (new_spi & ~(uint64_t)this->table_mask);
DBG2(DBG_MGR, "change initiator SPI of IKE_SA %s[%u] from %.16"PRIx64" to "
"%.16"PRIx64, ike_sa->get_name(ike_sa), ike_sa->get_unique_id(ike_sa),
@@ -1647,10 +1648,7 @@ METHOD(ike_sa_manager_t, new_initiator_spi, bool,
ike_sa_id->set_initiator_spi(ike_sa_id, new_spi);
entry->ike_sa_id->replace_values(entry->ike_sa_id, ike_sa_id);
- entry->driveout_waiting_threads = FALSE;
- entry->driveout_new_threads = FALSE;
-
- segment = put_entry(this, entry);
+ entry->condvar->signal(entry->condvar);
unlock_single_segment(this, segment);
return TRUE;
}
@@ -2017,6 +2015,8 @@ static status_t enforce_replace(private_ike_sa_manager_t *this,
* CHILD_SAs to keep connectivity up. */
lib->scheduler->schedule_job(lib->scheduler, (job_t*)
delete_ike_sa_job_create(duplicate->get_id(duplicate), TRUE), 10);
+ DBG1(DBG_IKE, "schedule delete of duplicate IKE_SA for peer '%Y' due "
+ "to uniqueness policy and suspected reauthentication", other);
return SUCCESS;
}
DBG1(DBG_IKE, "deleting duplicate IKE_SA for peer '%Y' due to "
diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c
index 1de05b4ec..bcea1f388 100644
--- a/src/libcharon/sa/ikev1/keymat_v1.c
+++ b/src/libcharon/sa/ikev1/keymat_v1.c
@@ -219,7 +219,6 @@ static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e,
encryption_algorithm_names, alg, key_size);
return NULL;
}
- key_size = crypter->get_key_size(crypter);
if (!expand_skeyid_e(skeyid_e, crypter->get_key_size(crypter), prf, ka))
{
return NULL;
diff --git a/src/libcharon/sa/ikev1/phase1.c b/src/libcharon/sa/ikev1/phase1.c
index 5856f829e..b99d75142 100644
--- a/src/libcharon/sa/ikev1/phase1.c
+++ b/src/libcharon/sa/ikev1/phase1.c
@@ -311,7 +311,7 @@ static void save_auth_cfg(private_phase1_t *this,
return;
}
auth = auth_cfg_create();
- /* for local config, we _copy_ entires from the config, as it contains
+ /* for local config, we _copy_ entries from the config, as it contains
* certificates we must send later. */
auth->merge(auth, this->ike_sa->get_auth_cfg(this->ike_sa, local), local);
this->ike_sa->add_auth_cfg(this->ike_sa, local, auth);
diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c
index 3472d2c35..5f6c3bbe8 100644
--- a/src/libcharon/sa/ikev1/task_manager_v1.c
+++ b/src/libcharon/sa/ikev1/task_manager_v1.c
@@ -721,6 +721,7 @@ METHOD(task_manager_t, initiate, status_t,
{
case IKE_CONNECTING:
/* close after sending an INFORMATIONAL when unestablished */
+ charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE);
return FAILED;
case IKE_DELETING:
/* close after sending a DELETE */
@@ -920,15 +921,16 @@ static bool process_dpd(private_task_manager_t *this, message_t *message)
}
else /* DPD_R_U_THERE_ACK */
{
- if (seq == this->dpd_send - 1)
+ if (seq == this->dpd_send)
{
+ this->dpd_send++;
this->ike_sa->set_statistic(this->ike_sa, STAT_INBOUND,
time_monotonic(NULL));
}
else
{
DBG1(DBG_IKE, "received invalid DPD sequence number %u "
- "(expected %u), ignored", seq, this->dpd_send - 1);
+ "(expected %u), ignored", seq, this->dpd_send);
}
}
return TRUE;
@@ -1843,7 +1845,7 @@ METHOD(task_manager_t, queue_dpd, void,
uint32_t t, retransmit;
queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE,
- this->dpd_send++));
+ this->dpd_send));
peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
/* compute timeout in milliseconds */
diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
index 82d647a6c..023119dd4 100644
--- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c
@@ -270,11 +270,6 @@ METHOD(task_t, build_i, status_t,
return FAILED;
}
id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
- if (!id)
- {
- DBG1(DBG_CFG, "own identity not known");
- return FAILED;
- }
this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
id_payload = id_payload_create_from_identification(PLV1_ID, id);
this->id_data = id_payload->get_encoded(id_payload);
@@ -302,6 +297,7 @@ METHOD(task_t, build_i, status_t,
this->id_data))
{
this->id_data = chunk_empty;
+ charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
this->id_data = chunk_empty;
@@ -330,6 +326,7 @@ METHOD(task_t, build_i, status_t,
}
if (!establish(this))
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
break;
@@ -428,6 +425,7 @@ METHOD(task_t, process_r, status_t,
{
DBG1(DBG_IKE, "Aggressive Mode PSK disabled for "
"security reasons");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
break;
@@ -455,6 +453,7 @@ METHOD(task_t, process_r, status_t,
if (!id_payload)
{
DBG1(DBG_IKE, "IDii payload missing");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, INVALID_PAYLOAD_TYPE);
}
@@ -465,6 +464,7 @@ METHOD(task_t, process_r, status_t,
this->method, TRUE, id);
if (!this->peer_cfg)
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
@@ -493,6 +493,7 @@ METHOD(task_t, process_r, status_t,
this->method, TRUE, NULL);
if (!this->peer_cfg)
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
@@ -502,6 +503,7 @@ METHOD(task_t, process_r, status_t,
{
DBG1(DBG_IKE, "Aggressive Mode authorization hook forbids "
"IKE_SA, cancelling");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
@@ -528,6 +530,7 @@ METHOD(task_t, process_r, status_t,
}
if (!establish(this))
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
job = adopt_children_job_create(
@@ -602,11 +605,6 @@ METHOD(task_t, build_r, status_t,
}
id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
- if (!id)
- {
- DBG1(DBG_CFG, "own identity not known");
- return send_notify(this, INVALID_ID_INFORMATION);
- }
this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
id_payload = id_payload_create_from_identification(PLV1_ID, id);
@@ -615,6 +613,7 @@ METHOD(task_t, build_r, status_t,
if (!this->ph1->build_auth(this->ph1, this->method, message,
id_payload->get_encoded(id_payload)))
{
+ charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
return NEED_MORE;
@@ -679,6 +678,7 @@ METHOD(task_t, process_i, status_t,
if (!id_payload)
{
DBG1(DBG_IKE, "IDir payload missing");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
id = id_payload->get_identification(id_payload);
@@ -687,6 +687,7 @@ METHOD(task_t, process_i, status_t,
{
DBG1(DBG_IKE, "IDir '%Y' does not match to '%Y'", id, cid);
id->destroy(id);
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, INVALID_ID_INFORMATION);
}
this->ike_sa->set_other_id(this->ike_sa, id);
@@ -698,6 +699,7 @@ METHOD(task_t, process_i, status_t,
if (!this->ph1->verify_auth(this->ph1, this->method, message,
id_payload->get_encoded(id_payload)))
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
if (!charon->bus->authorize(charon->bus, FALSE))
diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
index 6a296f221..b26a11bb4 100644
--- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
+++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c
@@ -59,7 +59,7 @@ struct private_isakmp_vendor_t {
ike_sa_t *ike_sa;
/**
- * Are we the inititator of this task
+ * Are we the initiator of this task
*/
bool initiator;
diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c
index 1f764e547..b60c84992 100644
--- a/src/libcharon/sa/ikev1/tasks/main_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/main_mode.c
@@ -332,11 +332,6 @@ METHOD(task_t, build_i, status_t,
identification_t *id;
id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
- if (!id)
- {
- DBG1(DBG_CFG, "own identity not known");
- return send_notify(this, INVALID_ID_INFORMATION);
- }
this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
id_payload = id_payload_create_from_identification(PLV1_ID, id);
message->add_payload(message, &id_payload->payload_interface);
@@ -344,6 +339,7 @@ METHOD(task_t, build_i, status_t,
if (!this->ph1->build_auth(this->ph1, this->method, message,
id_payload->get_encoded(id_payload)))
{
+ charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
@@ -445,6 +441,7 @@ METHOD(task_t, process_r, status_t,
if (!id_payload)
{
DBG1(DBG_IKE, "IDii payload missing");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, INVALID_PAYLOAD_TYPE);
}
id = id_payload->get_identification(id_payload);
@@ -457,6 +454,7 @@ METHOD(task_t, process_r, status_t,
this->method, FALSE, id);
if (!this->peer_cfg)
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
@@ -472,6 +470,7 @@ METHOD(task_t, process_r, status_t,
{
DBG1(DBG_IKE, "Main Mode authorization hook forbids IKE_SA, "
"cancelling");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
@@ -523,11 +522,6 @@ METHOD(task_t, build_r, status_t,
xauth_t *xauth = NULL;
id = this->ph1->get_id(this->ph1, this->peer_cfg, TRUE);
- if (!id)
- {
- DBG1(DBG_CFG, "own identity not known");
- return send_notify(this, INVALID_ID_INFORMATION);
- }
this->ike_sa->set_my_id(this->ike_sa, id->clone(id));
id_payload = id_payload_create_from_identification(PLV1_ID, id);
@@ -536,6 +530,7 @@ METHOD(task_t, build_r, status_t,
if (!this->ph1->build_auth(this->ph1, this->method, message,
id_payload->get_encoded(id_payload)))
{
+ charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
@@ -562,6 +557,7 @@ METHOD(task_t, build_r, status_t,
}
if (!establish(this))
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_notify(this, AUTHENTICATION_FAILED);
}
job = adopt_children_job_create(
@@ -688,6 +684,7 @@ METHOD(task_t, process_i, status_t,
if (!id_payload)
{
DBG1(DBG_IKE, "IDir payload missing");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
id = id_payload->get_identification(id_payload);
@@ -696,6 +693,7 @@ METHOD(task_t, process_i, status_t,
{
DBG1(DBG_IKE, "IDir '%Y' does not match to '%Y'", id, cid);
id->destroy(id);
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
this->ike_sa->set_other_id(this->ike_sa, id);
@@ -703,12 +701,14 @@ METHOD(task_t, process_i, status_t,
if (!this->ph1->verify_auth(this->ph1, this->method, message,
id_payload->get_encoded(id_payload)))
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
if (!charon->bus->authorize(charon->bus, FALSE))
{
DBG1(DBG_IKE, "Main Mode authorization hook forbids IKE_SA, "
"cancelling");
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
@@ -736,6 +736,7 @@ METHOD(task_t, process_i, status_t,
}
if (!establish(this))
{
+ charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
return send_delete(this);
}
break;
diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c
index 43897c304..9b692588d 100644
--- a/src/libcharon/sa/ikev1/tasks/mode_config.c
+++ b/src/libcharon/sa/ikev1/tasks/mode_config.c
@@ -583,7 +583,6 @@ static status_t build_ack(private_mode_config_t *this, message_t *message)
enumerator = this->vips->create_enumerator(this->vips);
while (enumerator->enumerate(enumerator, &host))
{
- type = INTERNAL_IP6_ADDRESS;
if (host->get_family(host) == AF_INET6)
{
type = INTERNAL_IP6_ADDRESS;
diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
index 5e5b61e7f..007e94d96 100644
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@@ -544,7 +544,7 @@ static traffic_selector_t* select_ts(private_quick_mode_t *this, bool local,
hosts = get_dynamic_hosts(this->ike_sa, local);
list = this->config->get_traffic_selectors(this->config,
- local, supplied, hosts);
+ local, supplied, hosts, TRUE);
hosts->destroy(hosts);
if (list->get_first(list, (void**)&ts) == SUCCESS)
{
diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c
index 968b4386c..bec2cfe7d 100644
--- a/src/libcharon/sa/ikev1/tasks/xauth.c
+++ b/src/libcharon/sa/ikev1/tasks/xauth.c
@@ -226,7 +226,7 @@ static bool select_compliant_config(private_xauth_t *this)
{ /* current config is fine */
return TRUE;
}
- DBG1(DBG_CFG, "selected peer config '%s' inacceptable",
+ DBG1(DBG_CFG, "selected peer config '%s' unacceptable",
old->get_name(old));
aggressive = old->use_aggressive(old);
diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
index bcf262725..e1e6cd7ee 100644
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012 Tobias Brunner
+ * Copyright (C) 2012-2018 Tobias Brunner
* Copyright (C) 2006-2009 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -65,6 +65,16 @@ struct private_eap_authenticator_t {
char reserved[3];
/**
+ * PPK to use
+ */
+ chunk_t ppk;
+
+ /**
+ * Add a NO_PPK_AUTH notify
+ */
+ bool no_ppk_auth;
+
+ /**
* Current EAP method processing
*/
eap_method_t *method;
@@ -444,6 +454,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message,
chunk_t nonce, chunk_t init)
{
auth_payload_t *auth_payload;
+ notify_payload_t *notify;
chunk_t auth_data, recv_auth_data;
identification_t *other_id;
auth_cfg_t *auth;
@@ -458,14 +469,26 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message,
DBG1(DBG_IKE, "AUTH payload missing");
return FALSE;
}
+ recv_auth_data = auth_payload->get_data(auth_payload);
+
+ if (this->ike_sa->supports_extension(this->ike_sa, EXT_PPK) &&
+ !this->ppk.ptr)
+ { /* look for a NO_PPK_AUTH notify if we have no PPK */
+ notify = message->get_notify(message, NO_PPK_AUTH);
+ if (notify)
+ {
+ DBG1(DBG_IKE, "no PPK available, using NO_PPK_AUTH notify");
+ recv_auth_data = notify->get_notification_data(notify);
+ }
+ }
+
other_id = this->ike_sa->get_other_id(this->ike_sa);
keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
- if (!keymat->get_psk_sig(keymat, TRUE, init, nonce,
- this->msk, other_id, this->reserved, &auth_data))
+ if (!keymat->get_psk_sig(keymat, TRUE, init, nonce, this->msk, this->ppk,
+ other_id, this->reserved, &auth_data))
{
return FALSE;
}
- recv_auth_data = auth_payload->get_data(auth_payload);
if (!auth_data.len || !chunk_equals_const(auth_data, recv_auth_data))
{
DBG1(DBG_IKE, "verification of AUTH payload with%s EAP MSK failed",
@@ -507,8 +530,8 @@ static bool build_auth(private_eap_authenticator_t *this, message_t *message,
DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N",
my_id, auth_class_names, AUTH_CLASS_EAP);
- if (!keymat->get_psk_sig(keymat, FALSE, init, nonce,
- this->msk, my_id, this->reserved, &auth_data))
+ if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, this->msk, this->ppk,
+ my_id, this->reserved, &auth_data))
{
return FALSE;
}
@@ -517,6 +540,18 @@ static bool build_auth(private_eap_authenticator_t *this, message_t *message,
auth_payload->set_data(auth_payload, auth_data);
message->add_payload(message, (payload_t*)auth_payload);
chunk_free(&auth_data);
+
+ if (this->no_ppk_auth)
+ {
+ if (!keymat->get_psk_sig(keymat, FALSE, init, nonce, this->msk,
+ chunk_empty, my_id, this->reserved, &auth_data))
+ {
+ DBG1(DBG_IKE, "failed adding NO_PPK_AUTH notify");
+ return FALSE;
+ }
+ message->add_notify(message, FALSE, NO_PPK_AUTH, auth_data);
+ chunk_free(&auth_data);
+ }
return TRUE;
}
@@ -698,6 +733,13 @@ METHOD(authenticator_t, is_mutual, bool,
return TRUE;
}
+METHOD(authenticator_t, use_ppk, void,
+ private_eap_authenticator_t *this, chunk_t ppk, bool no_ppk_auth)
+{
+ this->ppk = ppk;
+ this->no_ppk_auth = no_ppk_auth;
+}
+
METHOD(authenticator_t, destroy, void,
private_eap_authenticator_t *this)
{
@@ -723,6 +765,7 @@ eap_authenticator_t *eap_authenticator_create_builder(ike_sa_t *ike_sa,
.authenticator = {
.build = _build_client,
.process = _process_client,
+ .use_ppk = _use_ppk,
.is_mutual = _is_mutual,
.destroy = _destroy,
},
@@ -753,6 +796,7 @@ eap_authenticator_t *eap_authenticator_create_verifier(ike_sa_t *ike_sa,
.authenticator = {
.build = _build_server,
.process = _process_server,
+ .use_ppk = _use_ppk,
.is_mutual = _is_mutual,
.destroy = _destroy,
},
diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
index c1decb130..76571e702 100644
--- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2018 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -51,6 +52,16 @@ struct private_psk_authenticator_t {
* Reserved bytes of ID payload
*/
char reserved[3];
+
+ /**
+ * PPK to use
+ */
+ chunk_t ppk;
+
+ /**
+ * Add a NO_PPK_AUTH notify
+ */
+ bool no_ppk_auth;
};
METHOD(authenticator_t, build, status_t,
@@ -68,18 +79,19 @@ METHOD(authenticator_t, build, status_t,
DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N",
my_id, auth_method_names, AUTH_PSK);
key = lib->credmgr->get_shared(lib->credmgr, SHARED_IKE, my_id, other_id);
- if (key == NULL)
+ if (!key)
{
DBG1(DBG_IKE, "no shared key found for '%Y' - '%Y'", my_id, other_id);
return NOT_FOUND;
}
if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
- key->get_key(key), my_id, this->reserved, &auth_data))
+ key->get_key(key), this->ppk, my_id,
+ this->reserved, &auth_data))
{
key->destroy(key);
return FAILED;
}
- key->destroy(key);
+
DBG2(DBG_IKE, "successfully created shared key MAC");
auth_payload = auth_payload_create();
auth_payload->set_auth_method(auth_payload, AUTH_PSK);
@@ -87,6 +99,21 @@ METHOD(authenticator_t, build, status_t,
chunk_free(&auth_data);
message->add_payload(message, (payload_t*)auth_payload);
+ if (this->no_ppk_auth)
+ {
+ if (!keymat->get_psk_sig(keymat, FALSE, this->ike_sa_init, this->nonce,
+ key->get_key(key), chunk_empty, my_id,
+ this->reserved, &auth_data))
+ {
+ DBG1(DBG_IKE, "failed adding NO_PPK_AUTH notify");
+ key->destroy(key);
+ return SUCCESS;
+ }
+ DBG2(DBG_IKE, "successfully created shared key MAC without PPK");
+ message->add_notify(message, FALSE, NO_PPK_AUTH, auth_data);
+ chunk_free(&auth_data);
+ }
+ key->destroy(key);
return SUCCESS;
}
@@ -96,6 +123,7 @@ METHOD(authenticator_t, process, status_t,
chunk_t auth_data, recv_auth_data;
identification_t *my_id, *other_id;
auth_payload_t *auth_payload;
+ notify_payload_t *notify;
auth_cfg_t *auth;
shared_key_t *key;
enumerator_t *enumerator;
@@ -108,8 +136,20 @@ METHOD(authenticator_t, process, status_t,
{
return FAILED;
}
- keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
recv_auth_data = auth_payload->get_data(auth_payload);
+
+ if (this->ike_sa->supports_extension(this->ike_sa, EXT_PPK) &&
+ !this->ppk.ptr)
+ { /* look for a NO_PPK_AUTH notify if we have no PPK */
+ notify = message->get_notify(message, NO_PPK_AUTH);
+ if (notify)
+ {
+ DBG1(DBG_IKE, "no PPK available, using NO_PPK_AUTH notify");
+ recv_auth_data = notify->get_notification_data(notify);
+ }
+ }
+
+ keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
my_id = this->ike_sa->get_my_id(this->ike_sa);
other_id = this->ike_sa->get_other_id(this->ike_sa);
enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
@@ -119,7 +159,8 @@ METHOD(authenticator_t, process, status_t,
keys_found++;
if (!keymat->get_psk_sig(keymat, TRUE, this->ike_sa_init, this->nonce,
- key->get_key(key), other_id, this->reserved, &auth_data))
+ key->get_key(key), this->ppk, other_id,
+ this->reserved, &auth_data))
{
continue;
}
@@ -150,6 +191,13 @@ METHOD(authenticator_t, process, status_t,
return SUCCESS;
}
+METHOD(authenticator_t, use_ppk, void,
+ private_psk_authenticator_t *this, chunk_t ppk, bool no_ppk_auth)
+{
+ this->ppk = ppk;
+ this->no_ppk_auth = no_ppk_auth;
+}
+
METHOD(authenticator_t, destroy, void,
private_psk_authenticator_t *this)
{
@@ -170,6 +218,7 @@ psk_authenticator_t *psk_authenticator_create_builder(ike_sa_t *ike_sa,
.authenticator = {
.build = _build,
.process = (void*)return_failed,
+ .use_ppk = _use_ppk,
.is_mutual = (void*)return_false,
.destroy = _destroy,
},
@@ -197,6 +246,7 @@ psk_authenticator_t *psk_authenticator_create_verifier(ike_sa_t *ike_sa,
.authenticator = {
.build = (void*)return_failed,
.process = _process,
+ .use_ppk = _use_ppk,
.is_mutual = (void*)return_false,
.destroy = _destroy,
},
diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
index 652b837fe..1fcef03cc 100644
--- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c
@@ -56,6 +56,16 @@ struct private_pubkey_authenticator_t {
* Reserved bytes of ID payload
*/
char reserved[3];
+
+ /**
+ * PPK to use
+ */
+ chunk_t ppk;
+
+ /**
+ * Add a NO_PPK_AUTH notify
+ */
+ bool no_ppk_auth;
};
/**
@@ -204,17 +214,42 @@ CALLBACK(destroy_scheme, void,
}
/**
+ * Adds the given auth data to the message, either in an AUTH payload or
+ * a NO_PPK_AUTH notify.
+ *
+ * The data is freed.
+ */
+static void add_auth_to_message(message_t *message, auth_method_t method,
+ chunk_t data, bool notify)
+{
+ auth_payload_t *auth_payload;
+
+ if (notify)
+ {
+ message->add_notify(message, FALSE, NO_PPK_AUTH, data);
+ }
+ else
+ {
+ auth_payload = auth_payload_create();
+ auth_payload->set_auth_method(auth_payload, method);
+ auth_payload->set_data(auth_payload, data);
+ message->add_payload(message, (payload_t*)auth_payload);
+ }
+ chunk_free(&data);
+}
+
+/**
* Create a signature using RFC 7427 signature authentication
*/
static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
- auth_cfg_t *auth, private_key_t *private,
- identification_t *id, chunk_t *auth_data)
+ auth_cfg_t *auth, private_key_t *private,
+ identification_t *id, message_t *message)
{
enumerator_t *enumerator;
keymat_v2_t *keymat;
signature_params_t *params = NULL;
array_t *schemes;
- chunk_t octets = chunk_empty;
+ chunk_t octets = chunk_empty, auth_data;
status_t status = FAILED;
keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
@@ -227,26 +262,46 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
return FAILED;
}
- if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init,
- this->nonce, id, this->reserved, &octets,
- schemes))
+ if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init, this->nonce,
+ this->ppk, id, this->reserved, &octets, schemes))
{
enumerator = array_create_enumerator(schemes);
while (enumerator->enumerate(enumerator, &params))
{
- if (private->sign(private, params->scheme, params->params, octets,
- auth_data) &&
- build_signature_auth_data(auth_data, params))
- {
- status = SUCCESS;
- break;
- }
- else
+ if (!private->sign(private, params->scheme, params->params, octets,
+ &auth_data) ||
+ !build_signature_auth_data(&auth_data, params))
{
DBG2(DBG_IKE, "unable to create %N signature for %N key",
signature_scheme_names, params->scheme, key_type_names,
private->get_type(private));
+ continue;
}
+ add_auth_to_message(message, AUTH_DS, auth_data, FALSE);
+ status = SUCCESS;
+
+ if (this->no_ppk_auth)
+ {
+ chunk_free(&octets);
+
+ if (keymat->get_auth_octets(keymat, FALSE, this->ike_sa_init,
+ this->nonce, chunk_empty, id,
+ this->reserved, &octets, schemes) &&
+ private->sign(private, params->scheme, params->params,
+ octets, &auth_data) &&
+ build_signature_auth_data(&auth_data, params))
+ {
+ add_auth_to_message(message, AUTH_DS, auth_data, TRUE);
+ }
+ else
+ {
+ DBG2(DBG_IKE, "unable to create %N signature for %N key "
+ "without PPK", signature_scheme_names, params->scheme,
+ key_type_names, private->get_type(private));
+ status = FAILED;
+ }
+ }
+ break;
}
enumerator->destroy(enumerator);
}
@@ -281,8 +336,8 @@ static status_t sign_signature_auth(private_pubkey_authenticator_t *this,
* keymat).
*/
static bool get_auth_octets_scheme(private_pubkey_authenticator_t *this,
- bool verify, identification_t *id,
- chunk_t *octets, signature_params_t **scheme)
+ bool verify, identification_t *id, chunk_t ppk,
+ chunk_t *octets, signature_params_t **scheme)
{
keymat_v2_t *keymat;
array_t *schemes;
@@ -293,7 +348,8 @@ static bool get_auth_octets_scheme(private_pubkey_authenticator_t *this,
keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
if (keymat->get_auth_octets(keymat, verify, this->ike_sa_init, this->nonce,
- id, this->reserved, octets, schemes) &&
+ ppk, id, this->reserved, octets,
+ schemes) &&
array_remove(schemes, 0, scheme))
{
success = TRUE;
@@ -311,19 +367,19 @@ static bool get_auth_octets_scheme(private_pubkey_authenticator_t *this,
*/
static status_t sign_classic(private_pubkey_authenticator_t *this,
auth_cfg_t *auth, private_key_t *private,
- identification_t *id, auth_method_t *auth_method,
- chunk_t *auth_data)
+ identification_t *id, message_t *message)
{
signature_scheme_t scheme;
signature_params_t *params;
- chunk_t octets = chunk_empty;
+ auth_method_t auth_method = AUTH_NONE;
+ chunk_t octets = chunk_empty, auth_data;
status_t status = FAILED;
switch (private->get_type(private))
{
case KEY_RSA:
scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
- *auth_method = AUTH_RSA;
+ auth_method = AUTH_RSA;
break;
case KEY_ECDSA:
/* deduct the signature scheme from the keysize */
@@ -331,15 +387,15 @@ static status_t sign_classic(private_pubkey_authenticator_t *this,
{
case 256:
scheme = SIGN_ECDSA_256;
- *auth_method = AUTH_ECDSA_256;
+ auth_method = AUTH_ECDSA_256;
break;
case 384:
scheme = SIGN_ECDSA_384;
- *auth_method = AUTH_ECDSA_384;
+ auth_method = AUTH_ECDSA_384;
break;
case 521:
scheme = SIGN_ECDSA_521;
- *auth_method = AUTH_ECDSA_521;
+ auth_method = AUTH_ECDSA_521;
break;
default:
DBG1(DBG_IKE, "%d bit ECDSA private key size not supported",
@@ -356,17 +412,34 @@ static status_t sign_classic(private_pubkey_authenticator_t *this,
INIT(params,
.scheme = scheme,
);
- if (get_auth_octets_scheme(this, FALSE, id, &octets, &params) &&
- private->sign(private, params->scheme, NULL, octets, auth_data))
+ if (get_auth_octets_scheme(this, FALSE, id, this->ppk, &octets, &params) &&
+ private->sign(private, params->scheme, NULL, octets, &auth_data))
{
+ add_auth_to_message(message, auth_method, auth_data, FALSE);
status = SUCCESS;
+
+ if (this->no_ppk_auth)
+ {
+ chunk_free(&octets);
+ if (get_auth_octets_scheme(this, FALSE, id, chunk_empty, &octets,
+ &params) &&
+ private->sign(private, params->scheme, NULL, octets,
+ &auth_data))
+ {
+ add_auth_to_message(message, auth_method, auth_data, TRUE);
+ }
+ else
+ {
+ status = FAILED;
+ }
+ }
}
if (params)
{
signature_params_destroy(params);
}
DBG1(DBG_IKE, "authentication of '%Y' (myself) with %N %s", id,
- auth_method_names, *auth_method,
+ auth_method_names, auth_method,
status == SUCCESS ? "successful" : "failed");
chunk_free(&octets);
return status;
@@ -378,10 +451,7 @@ METHOD(authenticator_t, build, status_t,
private_key_t *private;
identification_t *id;
auth_cfg_t *auth;
- chunk_t auth_data;
status_t status;
- auth_payload_t *auth_payload;
- auth_method_t auth_method = AUTH_NONE;
id = this->ike_sa->get_my_id(this->ike_sa);
auth = this->ike_sa->get_auth_cfg(this->ike_sa, TRUE);
@@ -394,24 +464,13 @@ METHOD(authenticator_t, build, status_t,
if (this->ike_sa->supports_extension(this->ike_sa, EXT_SIGNATURE_AUTH))
{
- auth_method = AUTH_DS;
- status = sign_signature_auth(this, auth, private, id, &auth_data);
+ status = sign_signature_auth(this, auth, private, id, message);
}
else
{
- status = sign_classic(this, auth, private, id, &auth_method,
- &auth_data);
+ status = sign_classic(this, auth, private, id, message);
}
private->destroy(private);
-
- if (status == SUCCESS)
- {
- auth_payload = auth_payload_create();
- auth_payload->set_auth_method(auth_payload, auth_method);
- auth_payload->set_data(auth_payload, auth_data);
- chunk_free(&auth_data);
- message->add_payload(message, (payload_t*)auth_payload);
- }
return status;
}
@@ -444,6 +503,7 @@ METHOD(authenticator_t, process, status_t,
public_key_t *public;
auth_method_t auth_method;
auth_payload_t *auth_payload;
+ notify_payload_t *notify;
chunk_t auth_data, octets;
identification_t *id;
auth_cfg_t *auth, *current_auth;
@@ -459,9 +519,21 @@ METHOD(authenticator_t, process, status_t,
{
return FAILED;
}
- INIT(params);
auth_method = auth_payload->get_auth_method(auth_payload);
auth_data = auth_payload->get_data(auth_payload);
+
+ if (this->ike_sa->supports_extension(this->ike_sa, EXT_PPK) &&
+ !this->ppk.ptr)
+ { /* look for a NO_PPK_AUTH notify if we have no PPK */
+ notify = message->get_notify(message, NO_PPK_AUTH);
+ if (notify)
+ {
+ DBG1(DBG_IKE, "no PPK available, using NO_PPK_AUTH notify");
+ auth_data = notify->get_notification_data(notify);
+ }
+ }
+
+ INIT(params);
switch (auth_method)
{
case AUTH_RSA:
@@ -491,7 +563,7 @@ METHOD(authenticator_t, process, status_t,
return INVALID_ARG;
}
id = this->ike_sa->get_other_id(this->ike_sa);
- if (!get_auth_octets_scheme(this, TRUE, id, &octets, &params))
+ if (!get_auth_octets_scheme(this, TRUE, id, this->ppk, &octets, &params))
{
return FAILED;
}
@@ -551,6 +623,13 @@ METHOD(authenticator_t, process, status_t,
return status;
}
+METHOD(authenticator_t, use_ppk, void,
+ private_pubkey_authenticator_t *this, chunk_t ppk, bool no_ppk_auth)
+{
+ this->ppk = ppk;
+ this->no_ppk_auth = no_ppk_auth;
+}
+
METHOD(authenticator_t, destroy, void,
private_pubkey_authenticator_t *this)
{
@@ -571,6 +650,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_builder(ike_sa_t *ike_sa,
.authenticator = {
.build = _build,
.process = (void*)return_failed,
+ .use_ppk = _use_ppk,
.is_mutual = (void*)return_false,
.destroy = _destroy,
},
@@ -598,6 +678,7 @@ pubkey_authenticator_t *pubkey_authenticator_create_verifier(ike_sa_t *ike_sa,
.authenticator = {
.build = (void*)return_failed,
.process = _process,
+ .use_ppk = _use_ppk,
.is_mutual = (void*)return_false,
.destroy = _destroy,
},
diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c
index f8b23b66e..db46b816b 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.c
+++ b/src/libcharon/sa/ikev2/keymat_v2.c
@@ -491,6 +491,93 @@ failure:
return this->skp_build.len && this->skp_verify.len;
}
+/**
+ * Derives a key from the given key and a PRF that was initialized with a PPK
+ */
+static bool derive_ppk_key(prf_t *prf, char *name, chunk_t key,
+ chunk_t *new_key)
+{
+ prf_plus_t *prf_plus;
+
+ prf_plus = prf_plus_create(prf, TRUE, key);
+ if (!prf_plus ||
+ !prf_plus->allocate_bytes(prf_plus, key.len, new_key))
+ {
+ DBG1(DBG_IKE, "unable to derive %s with PPK", name);
+ DESTROY_IF(prf_plus);
+ return FALSE;
+ }
+ prf_plus->destroy(prf_plus);
+ return TRUE;
+}
+
+/**
+ * Use the given PPK to derive a new SK_pi/r
+ */
+static bool derive_skp_ppk(private_keymat_v2_t *this, chunk_t ppk, chunk_t skp,
+ chunk_t *new_skp)
+{
+ if (!this->prf->set_key(this->prf, ppk))
+ {
+ DBG1(DBG_IKE, "unable to set PPK in PRF");
+ return FALSE;
+ }
+ return derive_ppk_key(this->prf, "SK_p", skp, new_skp);
+}
+
+METHOD(keymat_v2_t, derive_ike_keys_ppk, bool,
+ private_keymat_v2_t *this, chunk_t ppk)
+{
+ chunk_t skd = chunk_empty, new_skpi = chunk_empty, new_skpr = chunk_empty;
+ chunk_t *skpi, *skpr;
+
+ if (!this->skd.ptr)
+ {
+ return FALSE;
+ }
+
+ if (this->initiator)
+ {
+ skpi = &this->skp_build;
+ skpr = &this->skp_verify;
+ }
+ else
+ {
+ skpi = &this->skp_verify;
+ skpr = &this->skp_build;
+ }
+
+ DBG4(DBG_IKE, "derive keys using PPK %B", &ppk);
+
+ if (!this->prf->set_key(this->prf, ppk))
+ {
+ DBG1(DBG_IKE, "unable to set PPK in PRF");
+ return FALSE;
+ }
+ if (!derive_ppk_key(this->prf, "Sk_d", this->skd, &skd) ||
+ !derive_ppk_key(this->prf, "Sk_pi", *skpi, &new_skpi) ||
+ !derive_ppk_key(this->prf, "Sk_pr", *skpr, &new_skpr))
+ {
+ chunk_clear(&skd);
+ chunk_clear(&new_skpi);
+ chunk_clear(&new_skpr);
+ return FALSE;
+ }
+
+ DBG4(DBG_IKE, "Sk_d secret %B", &skd);
+ chunk_clear(&this->skd);
+ this->skd = skd;
+
+ DBG4(DBG_IKE, "Sk_pi secret %B", &new_skpi);
+ chunk_clear(skpi);
+ *skpi = new_skpi;
+
+ DBG4(DBG_IKE, "Sk_pr secret %B", &new_skpr);
+ chunk_clear(skpr);
+ *skpr = new_skpr;
+ return TRUE;
+}
+
METHOD(keymat_v2_t, derive_child_keys, bool,
private_keymat_v2_t *this, proposal_t *proposal, diffie_hellman_t *dh,
chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i,
@@ -632,13 +719,23 @@ METHOD(keymat_t, get_aead, aead_t*,
METHOD(keymat_v2_t, get_auth_octets, bool,
private_keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
- chunk_t nonce, identification_t *id, char reserved[3], chunk_t *octets,
- array_t *schemes)
+ chunk_t nonce, chunk_t ppk, identification_t *id, char reserved[3],
+ chunk_t *octets, array_t *schemes)
{
chunk_t chunk, idx;
+ chunk_t skp_ppk = chunk_empty;
chunk_t skp;
skp = verify ? this->skp_verify : this->skp_build;
+ if (ppk.ptr)
+ {
+ DBG4(DBG_IKE, "PPK %B", &ppk);
+ if (!derive_skp_ppk(this, ppk, skp, &skp_ppk))
+ {
+ return FALSE;
+ }
+ skp = skp_ppk;
+ }
chunk = chunk_alloca(4);
chunk.ptr[0] = id->get_type(id);
@@ -650,8 +747,10 @@ METHOD(keymat_v2_t, get_auth_octets, bool,
if (!this->prf->set_key(this->prf, skp) ||
!this->prf->allocate_bytes(this->prf, idx, &chunk))
{
+ chunk_clear(&skp_ppk);
return FALSE;
}
+ chunk_clear(&skp_ppk);
*octets = chunk_cat("ccm", ike_sa_init, nonce, chunk);
DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", octets);
return TRUE;
@@ -665,41 +764,53 @@ METHOD(keymat_v2_t, get_auth_octets, bool,
METHOD(keymat_v2_t, get_psk_sig, bool,
private_keymat_v2_t *this, bool verify, chunk_t ike_sa_init, chunk_t nonce,
- chunk_t secret, identification_t *id, char reserved[3], chunk_t *sig)
+ chunk_t secret, chunk_t ppk, identification_t *id, char reserved[3],
+ chunk_t *sig)
{
- chunk_t key_pad, key, octets;
+ chunk_t skp_ppk = chunk_empty, key = chunk_empty, octets = chunk_empty;
+ chunk_t key_pad;
+ bool success = FALSE;
if (!secret.len)
{ /* EAP uses SK_p if no MSK has been established */
secret = verify ? this->skp_verify : this->skp_build;
+ if (ppk.ptr)
+ {
+ if (!derive_skp_ppk(this, ppk, secret, &skp_ppk))
+ {
+ return FALSE;
+ }
+ secret = skp_ppk;
+ }
}
- if (!get_auth_octets(this, verify, ike_sa_init, nonce, id, reserved,
+ if (!get_auth_octets(this, verify, ike_sa_init, nonce, ppk, id, reserved,
&octets, NULL))
{
- return FALSE;
+ goto failure;
}
/* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */
key_pad = chunk_create(IKEV2_KEY_PAD, IKEV2_KEY_PAD_LENGTH);
if (!this->prf->set_key(this->prf, secret) ||
!this->prf->allocate_bytes(this->prf, key_pad, &key))
{
- chunk_free(&octets);
- return FALSE;
+ goto failure;
}
if (!this->prf->set_key(this->prf, key) ||
!this->prf->allocate_bytes(this->prf, octets, sig))
{
- chunk_free(&key);
- chunk_free(&octets);
- return FALSE;
+ goto failure;
}
DBG4(DBG_IKE, "secret %B", &secret);
DBG4(DBG_IKE, "prf(secret, keypad) %B", &key);
DBG3(DBG_IKE, "AUTH = prf(prf(secret, keypad), octets) %B", sig);
+ success = TRUE;
+
+failure:
+ chunk_clear(&skp_ppk);
chunk_free(&octets);
chunk_free(&key);
+ return success;
- return TRUE;
}
METHOD(keymat_v2_t, hash_algorithm_supported, bool,
@@ -752,6 +863,7 @@ keymat_v2_t *keymat_v2_create(bool initiator)
.destroy = _destroy,
},
.derive_ike_keys = _derive_ike_keys,
+ .derive_ike_keys_ppk = _derive_ike_keys_ppk,
.derive_child_keys = _derive_child_keys,
.get_skd = _get_skd,
.get_auth_octets = _get_auth_octets,
diff --git a/src/libcharon/sa/ikev2/keymat_v2.h b/src/libcharon/sa/ikev2/keymat_v2.h
index 5dc9cda38..3cc071aeb 100644
--- a/src/libcharon/sa/ikev2/keymat_v2.h
+++ b/src/libcharon/sa/ikev2/keymat_v2.h
@@ -58,6 +58,16 @@ struct keymat_v2_t {
chunk_t rekey_skd);
/**
+ * Derive SK_d, SK_pi and SK_pr after authentication using the given
+ * Postquantum Preshared Key and the previous values of these keys that
+ * were derived by derive_ike_keys().
+ *
+ * @param ppk the postquantum preshared key
+ * @return TRUE on success
+ */
+ bool (*derive_ike_keys_ppk)(keymat_v2_t *this, chunk_t ppk);
+
+ /**
* Derive keys for a CHILD_SA.
*
* The keys for the CHILD_SA are allocated in the integ and encr chunks.
@@ -95,9 +105,10 @@ struct keymat_v2_t {
* key. PSK and EAP authentication include a secret into the data, use
* the get_psk_sig() method instead.
*
- * @param verify TRUE to create for verfification, FALSE to sign
+ * @param verify TRUE to create for verification, FALSE to sign
* @param ike_sa_init encoded ike_sa_init message
* @param nonce nonce value
+ * @param ppk optional postquantum preshared key
* @param id identity
* @param reserved reserved bytes of id_payload
* @param octests chunk receiving allocated auth octets
@@ -107,7 +118,7 @@ struct keymat_v2_t {
* @return TRUE if octets created successfully
*/
bool (*get_auth_octets)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
- chunk_t nonce, identification_t *id,
+ chunk_t nonce, chunk_t ppk, identification_t *id,
char reserved[3], chunk_t *octets,
array_t *schemes);
/**
@@ -117,17 +128,18 @@ struct keymat_v2_t {
* includes the secret into the signature. If no secret is given, SK_p is
* used as secret (used for EAP methods without MSK).
*
- * @param verify TRUE to create for verfification, FALSE to sign
+ * @param verify TRUE to create for verification, FALSE to sign
* @param ike_sa_init encoded ike_sa_init message
* @param nonce nonce value
* @param secret optional secret to include into signature
+ * @param ppk optional postquantum preshared key
* @param id identity
* @param reserved reserved bytes of id_payload
* @param sign chunk receiving allocated signature octets
* @return TRUE if signature created successfully
*/
bool (*get_psk_sig)(keymat_v2_t *this, bool verify, chunk_t ike_sa_init,
- chunk_t nonce, chunk_t secret,
+ chunk_t nonce, chunk_t secret, chunk_t ppk,
identification_t *id, char reserved[3], chunk_t *sig);
/**
diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c
index fff567233..910c77a2d 100644
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@@ -109,7 +109,7 @@ struct private_task_manager_t {
array_t *packets;
/**
- * type of the initated exchange
+ * type of the initiated exchange
*/
exchange_type_t type;
@@ -1946,8 +1946,7 @@ METHOD(task_manager_t, queue_dpd, void,
{
ike_mobike_t *mobike;
- if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE) &&
- this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
+ if (this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE))
{
#ifdef ME
peer_cfg_t *cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c
index c90af23b9..c7eb0c854 100644
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@@ -481,12 +481,14 @@ static linked_list_t* narrow_ts(private_child_create_t *this, bool local,
this->ike_sa->has_condition(this->ike_sa, cond))
{
nat = get_transport_nat_ts(this, local, in);
- ts = this->config->get_traffic_selectors(this->config, local, nat, hosts);
+ ts = this->config->get_traffic_selectors(this->config, local, nat,
+ hosts, TRUE);
nat->destroy_offset(nat, offsetof(traffic_selector_t, destroy));
}
else
{
- ts = this->config->get_traffic_selectors(this->config, local, in, hosts);
+ ts = this->config->get_traffic_selectors(this->config, local, in,
+ hosts, TRUE);
}
hosts->destroy(hosts);
@@ -497,8 +499,8 @@ static linked_list_t* narrow_ts(private_child_create_t *this, bool local,
/**
* Install a CHILD_SA for usage, return value:
* - FAILED: no acceptable proposal
- * - INVALID_ARG: diffie hellman group inacceptable
- * - NOT_FOUND: TS inacceptable
+ * - INVALID_ARG: diffie hellman group unacceptable
+ * - NOT_FOUND: TS unacceptable
*/
static status_t select_and_install(private_child_create_t *this,
bool no_dh, bool ike_auth)
@@ -559,7 +561,7 @@ static status_t select_and_install(private_child_create_t *this,
if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
&group, NULL))
{
- DBG1(DBG_IKE, "DH group %N inacceptable, requesting %N",
+ DBG1(DBG_IKE, "DH group %N unacceptable, requesting %N",
diffie_hellman_group_names, this->dh_group,
diffie_hellman_group_names, group);
this->dh_group = group;
@@ -1075,7 +1077,7 @@ METHOD(task_t, build_i, status_t,
if (list->get_count(list))
{
this->tsi = this->config->get_traffic_selectors(this->config,
- TRUE, NULL, list);
+ TRUE, NULL, list, TRUE);
list->destroy_offset(list, offsetof(host_t, destroy));
}
else
@@ -1083,12 +1085,12 @@ METHOD(task_t, build_i, status_t,
list->destroy(list);
list = get_dynamic_hosts(this->ike_sa, TRUE);
this->tsi = this->config->get_traffic_selectors(this->config,
- TRUE, NULL, list);
+ TRUE, NULL, list, TRUE);
list->destroy(list);
}
list = get_dynamic_hosts(this->ike_sa, FALSE);
this->tsr = this->config->get_traffic_selectors(this->config,
- FALSE, NULL, list);
+ FALSE, NULL, list, TRUE);
list->destroy(list);
if (this->packet_tsi)
@@ -1356,7 +1358,7 @@ METHOD(task_t, build_r, status_t,
}
if (this->config == NULL)
{
- DBG1(DBG_IKE, "traffic selectors %#R === %#R inacceptable",
+ DBG1(DBG_IKE, "traffic selectors %#R === %#R unacceptable",
this->tsr, this->tsi);
charon->bus->alert(charon->bus, ALERT_TS_MISMATCH, this->tsi, this->tsr);
message->add_notify(message, FALSE, TS_UNACCEPTABLE, chunk_empty);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c
index 6b63197d5..b055ff064 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2015 Tobias Brunner
+ * Copyright (C) 2012-2018 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -24,6 +24,7 @@
#include <encoding/payloads/auth_payload.h>
#include <encoding/payloads/eap_payload.h>
#include <encoding/payloads/nonce_payload.h>
+#include <sa/ikev2/keymat_v2.h>
#include <sa/ikev2/authenticators/eap_authenticator.h>
#include <processing/jobs/delete_ike_sa_job.h>
@@ -60,6 +61,16 @@ struct private_ike_auth_t {
chunk_t other_nonce;
/**
+ * PPK_ID sent or received
+ */
+ identification_t *ppk_id;
+
+ /**
+ * Optional PPK to use
+ */
+ chunk_t ppk;
+
+ /**
* IKE_SA_INIT message sent by us
*/
packet_t *my_packet;
@@ -144,7 +155,7 @@ static status_t collect_my_init_data(private_ike_auth_t *this,
/* get the nonce that was generated in ike_init */
nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE);
- if (nonce == NULL)
+ if (!nonce)
{
return FAILED;
}
@@ -170,7 +181,7 @@ static status_t collect_other_init_data(private_ike_auth_t *this,
/* get the nonce that was generated in ike_init */
nonce = (nonce_payload_t*)message->get_payload(message, PLV2_NONCE);
- if (nonce == NULL)
+ if (!nonce)
{
return FAILED;
}
@@ -279,19 +290,47 @@ static bool do_another_auth(private_ike_auth_t *this)
}
/**
+ * Check if this is the first authentication round
+ */
+static bool is_first_round(private_ike_auth_t *this, bool local)
+{
+ enumerator_t *done;
+ auth_cfg_t *cfg;
+
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MULTIPLE_AUTH))
+ {
+ return TRUE;
+ }
+
+ done = this->ike_sa->create_auth_cfg_enumerator(this->ike_sa, local);
+ if (done->enumerate(done, &cfg))
+ {
+ done->destroy(done);
+ return FALSE;
+ }
+ done->destroy(done);
+ return TRUE;
+}
+
+/**
* Get peer configuration candidates from backends
*/
static bool load_cfg_candidates(private_ike_auth_t *this)
{
enumerator_t *enumerator;
peer_cfg_t *peer_cfg;
+ ike_cfg_t *ike_cfg;
host_t *me, *other;
identification_t *my_id, *other_id;
+ proposal_t *ike_proposal;
+ bool private;
me = this->ike_sa->get_my_host(this->ike_sa);
other = this->ike_sa->get_other_host(this->ike_sa);
my_id = this->ike_sa->get_my_id(this->ike_sa);
other_id = this->ike_sa->get_other_id(this->ike_sa);
+ ike_proposal = this->ike_sa->get_proposal(this->ike_sa);
+ private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN);
DBG1(DBG_CFG, "looking for peer configs matching %H[%Y]...%H[%Y]",
me, my_id, other, other_id);
@@ -299,11 +338,18 @@ static bool load_cfg_candidates(private_ike_auth_t *this)
me, other, my_id, other_id, IKEV2);
while (enumerator->enumerate(enumerator, &peer_cfg))
{
+ /* ignore all configs that have no matching IKE proposal */
+ ike_cfg = peer_cfg->get_ike_cfg(peer_cfg);
+ if (!ike_cfg->has_proposal(ike_cfg, ike_proposal, private))
+ {
+ DBG2(DBG_CFG, "ignore candidate '%s' without matching IKE proposal",
+ peer_cfg->get_name(peer_cfg));
+ continue;
+ }
peer_cfg->get_ref(peer_cfg);
- if (this->peer_cfg == NULL)
+ if (!this->peer_cfg)
{ /* best match */
this->peer_cfg = peer_cfg;
- this->ike_sa->set_peer_cfg(this->ike_sa, peer_cfg);
}
else
{
@@ -313,6 +359,7 @@ static bool load_cfg_candidates(private_ike_auth_t *this)
enumerator->destroy(enumerator);
if (this->peer_cfg)
{
+ this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg);
DBG1(DBG_CFG, "selected peer config '%s'",
this->peer_cfg->get_name(this->peer_cfg));
return TRUE;
@@ -369,7 +416,7 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict)
{
break;
}
- DBG1(DBG_CFG, "selected peer config '%s' inacceptable: %s",
+ DBG1(DBG_CFG, "selected peer config '%s' unacceptable: %s",
this->peer_cfg->get_name(this->peer_cfg), comply_error);
this->peer_cfg->destroy(this->peer_cfg);
}
@@ -391,6 +438,149 @@ static bool update_cfg_candidates(private_ike_auth_t *this, bool strict)
return this->peer_cfg != NULL;
}
+/**
+ * Currently defined PPK_ID types
+ */
+#define PPK_ID_OPAQUE 1
+#define PPK_ID_FIXED 2
+
+/**
+ * Parse the payload data of the given PPK_IDENTITY notify
+ */
+static bool parse_ppk_identity(notify_payload_t *notify, identification_t **id)
+{
+ chunk_t data;
+
+ data = notify->get_notification_data(notify);
+ if (data.len < 2)
+ {
+ return FALSE;
+ }
+ switch (data.ptr[0])
+ {
+ case PPK_ID_FIXED:
+ data = chunk_skip(data, 1);
+ break;
+ default:
+ return FALSE;
+ }
+ *id = identification_create_from_data(data);
+ return TRUE;
+}
+
+/**
+ * Add a PPK_IDENTITY with the given PPK_ID to the given message
+ */
+static void add_ppk_identity(identification_t *id, message_t *msg)
+{
+ chunk_t data;
+ uint8_t type = PPK_ID_FIXED;
+
+ /* we currently only support one type */
+ data = chunk_cata("cc", chunk_from_thing(type), id->get_encoding(id));
+ msg->add_notify(msg, FALSE, PPK_IDENTITY, data);
+}
+
+/**
+ * Use the given PPK_ID to find a PPK and store it and the ID in the task
+ */
+static bool get_ppk(private_ike_auth_t *this, identification_t *ppk_id)
+{
+ shared_key_t *key;
+
+ key = lib->credmgr->get_shared(lib->credmgr, SHARED_PPK, ppk_id, NULL);
+ if (!key)
+ {
+ if (this->peer_cfg->ppk_required(this->peer_cfg))
+ {
+ DBG1(DBG_CFG, "PPK required but no PPK found for '%Y'", ppk_id);
+ return FALSE;
+ }
+ DBG1(DBG_CFG, "no PPK for '%Y' found, ignored because PPK is not "
+ "required", ppk_id);
+ return TRUE;
+ }
+ this->ppk = chunk_clone(key->get_key(key));
+ this->ppk_id = ppk_id->clone(ppk_id);
+ key->destroy(key);
+ return TRUE;
+}
+
+/**
+ * Check if we have a PPK available and, if not, whether we require one as
+ * initiator
+ */
+static bool get_ppk_i(private_ike_auth_t *this)
+{
+ identification_t *ppk_id;
+
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_PPK))
+ {
+ if (this->peer_cfg->ppk_required(this->peer_cfg))
+ {
+ DBG1(DBG_CFG, "PPK required but peer does not support PPK");
+ return FALSE;
+ }
+ return TRUE;
+ }
+
+ ppk_id = this->peer_cfg->get_ppk_id(this->peer_cfg);
+ if (!ppk_id)
+ {
+ if (this->peer_cfg->ppk_required(this->peer_cfg))
+ {
+ DBG1(DBG_CFG, "PPK required but no PPK_ID configured");
+ return FALSE;
+ }
+ return TRUE;
+ }
+ return get_ppk(this, ppk_id);
+}
+
+/**
+ * Check if we have a PPK available and if not whether we require one as
+ * responder
+ */
+static bool get_ppk_r(private_ike_auth_t *this, message_t *msg)
+{
+ notify_payload_t *notify;
+ identification_t *ppk_id, *ppk_id_cfg;
+ bool result;
+
+ if (!this->ike_sa->supports_extension(this->ike_sa, EXT_PPK))
+ {
+ if (this->peer_cfg->ppk_required(this->peer_cfg))
+ {
+ DBG1(DBG_CFG, "PPK required but peer does not support PPK");
+ return FALSE;
+ }
+ return TRUE;
+ }
+
+ notify = msg->get_notify(msg, PPK_IDENTITY);
+ if (!notify || !parse_ppk_identity(notify, &ppk_id))
+ {
+ if (this->peer_cfg->ppk_required(this->peer_cfg))
+ {
+ DBG1(DBG_CFG, "PPK required but no PPK_IDENTITY received");
+ return FALSE;
+ }
+ return TRUE;
+ }
+
+ ppk_id_cfg = this->peer_cfg->get_ppk_id(this->peer_cfg);
+ if (ppk_id_cfg && !ppk_id->matches(ppk_id, ppk_id_cfg))
+ {
+ DBG1(DBG_CFG, "received PPK_ID '%Y', but require '%Y'", ppk_id,
+ ppk_id_cfg);
+ ppk_id->destroy(ppk_id);
+ return FALSE;
+ }
+ result = get_ppk(this, ppk_id);
+ ppk_id->destroy(ppk_id);
+ return result;
+}
+
METHOD(task_t, build_i, status_t,
private_ike_auth_t *this, message_t *message)
{
@@ -401,7 +591,7 @@ METHOD(task_t, build_i, status_t,
return collect_my_init_data(this, message);
}
- if (this->peer_cfg == NULL)
+ if (!this->peer_cfg)
{
this->peer_cfg = this->ike_sa->get_peer_cfg(this->ike_sa);
this->peer_cfg->get_ref(this->peer_cfg);
@@ -420,6 +610,12 @@ METHOD(task_t, build_i, status_t,
/* indicate support for RFC 6311 Message ID synchronization */
message->add_notify(message, FALSE, IKEV2_MESSAGE_ID_SYNC_SUPPORTED,
chunk_empty);
+ /* only use a PPK in the first round */
+ if (!get_ppk_i(this))
+ {
+ charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
+ return FAILED;
+ }
}
if (!this->do_another_auth && !this->my_auth)
@@ -428,7 +624,7 @@ METHOD(task_t, build_i, status_t,
}
/* check if an authenticator is in progress */
- if (this->my_auth == NULL)
+ if (!this->my_auth)
{
identification_t *idi, *idr = NULL;
id_payload_t *id_payload;
@@ -495,6 +691,14 @@ METHOD(task_t, build_i, status_t,
return FAILED;
}
}
+ /* for authentication methods that return NEED_MORE, the PPK will be reset
+ * in process_i() for messages without PPK_ID notify, so we always set it
+ * during the first round (afterwards the PPK won't be available) */
+ if (this->ppk.ptr && this->my_auth->use_ppk)
+ {
+ this->my_auth->use_ppk(this->my_auth, this->ppk,
+ !this->peer_cfg->ppk_required(this->peer_cfg));
+ }
switch (this->my_auth->build(this->my_auth, message))
{
case SUCCESS:
@@ -509,6 +713,12 @@ METHOD(task_t, build_i, status_t,
return FAILED;
}
+ /* add a PPK_IDENTITY notify to the message that contains AUTH */
+ if (this->ppk_id && message->get_payload(message, PLV2_AUTH))
+ {
+ add_ppk_identity(this->ppk_id, message);
+ }
+
/* check for additional authentication rounds */
if (do_another_auth(this))
{
@@ -536,7 +746,7 @@ METHOD(task_t, process_r, status_t,
return collect_other_init_data(this, message);
}
- if (this->my_auth == NULL && this->do_another_auth)
+ if (!this->my_auth && this->do_another_auth)
{
/* handle (optional) IDr payload, apply proposed identity */
id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_RESPONDER);
@@ -573,7 +783,7 @@ METHOD(task_t, process_r, status_t,
}
}
- if (this->other_auth == NULL)
+ if (!this->other_auth)
{
/* handle IDi payload */
id_payload = (id_payload_t*)message->get_payload(message, PLV2_ID_INITIATOR);
@@ -588,7 +798,7 @@ METHOD(task_t, process_r, status_t,
cfg = this->ike_sa->get_auth_cfg(this->ike_sa, FALSE);
cfg->add(cfg, AUTH_RULE_IDENTITY, id->clone(id));
- if (this->peer_cfg == NULL)
+ if (!this->peer_cfg)
{
if (!load_cfg_candidates(this))
{
@@ -596,14 +806,14 @@ METHOD(task_t, process_r, status_t,
return NEED_MORE;
}
}
- if (message->get_payload(message, PLV2_AUTH) == NULL)
+ if (!message->get_payload(message, PLV2_AUTH))
{ /* before authenticating with EAP, we need a EAP config */
cand = get_auth_cfg(this, FALSE);
while (!cand || (
(uintptr_t)cand->get(cand, AUTH_RULE_EAP_TYPE) == EAP_NAK &&
(uintptr_t)cand->get(cand, AUTH_RULE_EAP_VENDOR) == 0))
{ /* peer requested EAP, but current config does not match */
- DBG1(DBG_IKE, "peer requested EAP, config inacceptable");
+ DBG1(DBG_IKE, "peer requested EAP, config unacceptable");
this->peer_cfg->destroy(this->peer_cfg);
this->peer_cfg = NULL;
if (!update_cfg_candidates(this, FALSE))
@@ -642,6 +852,19 @@ METHOD(task_t, process_r, status_t,
return NEED_MORE;
}
}
+ if (message->get_payload(message, PLV2_AUTH) &&
+ is_first_round(this, FALSE))
+ {
+ if (!get_ppk_r(this, message))
+ {
+ this->authentication_failed = TRUE;
+ return NEED_MORE;
+ }
+ else if (this->ppk.ptr && this->other_auth->use_ppk)
+ {
+ this->other_auth->use_ppk(this->other_auth, this->ppk, FALSE);
+ }
+ }
switch (this->other_auth->process(this->other_auth, message))
{
case SUCCESS:
@@ -675,7 +898,7 @@ METHOD(task_t, process_r, status_t,
return NEED_MORE;
}
- if (message->get_notify(message, ANOTHER_AUTH_FOLLOWS) == NULL)
+ if (!message->get_notify(message, ANOTHER_AUTH_FOLLOWS))
{
this->expect_another_auth = FALSE;
if (!update_cfg_candidates(this, TRUE))
@@ -687,6 +910,37 @@ METHOD(task_t, process_r, status_t,
return NEED_MORE;
}
+/**
+ * Clear the PPK and PPK_ID
+ */
+static void clear_ppk(private_ike_auth_t *this)
+{
+ DESTROY_IF(this->ppk_id);
+ this->ppk_id = NULL;
+ chunk_clear(&this->ppk);
+}
+
+/**
+ * Derive new keys and clear the PPK
+ */
+static bool apply_ppk(private_ike_auth_t *this)
+{
+ keymat_v2_t *keymat;
+
+ if (this->ppk.ptr)
+ {
+ keymat = (keymat_v2_t*)this->ike_sa->get_keymat(this->ike_sa);
+ if (!keymat->derive_ike_keys_ppk(keymat, this->ppk))
+ {
+ return FALSE;
+ }
+ DBG1(DBG_CFG, "using PPK for PPK_ID '%Y'", this->ppk_id);
+ this->ike_sa->set_condition(this->ike_sa, COND_PPK, TRUE);
+ }
+ clear_ppk(this);
+ return TRUE;
+}
+
METHOD(task_t, build_r, status_t,
private_ike_auth_t *this, message_t *message)
{
@@ -703,12 +957,12 @@ METHOD(task_t, build_r, status_t,
return collect_my_init_data(this, message);
}
- if (this->authentication_failed || this->peer_cfg == NULL)
+ if (this->authentication_failed || !this->peer_cfg)
{
goto peer_auth_failed;
}
- if (this->my_auth == NULL && this->do_another_auth)
+ if (!this->my_auth && this->do_another_auth)
{
identification_t *id, *id_cfg;
id_payload_t *id_payload;
@@ -793,6 +1047,10 @@ METHOD(task_t, build_r, status_t,
}
if (this->my_auth)
{
+ if (this->ppk.ptr && this->my_auth->use_ppk)
+ {
+ this->my_auth->use_ppk(this->my_auth, this->ppk, FALSE);
+ }
switch (this->my_auth->build(this->my_auth, message))
{
case SUCCESS:
@@ -807,6 +1065,16 @@ METHOD(task_t, build_r, status_t,
}
}
+ /* add a PPK_IDENTITY notify and derive new keys and clear the PPK */
+ if (this->ppk.ptr)
+ {
+ message->add_notify(message, FALSE, PPK_IDENTITY, chunk_empty);
+ if (!apply_ppk(this))
+ {
+ goto local_auth_failed;
+ }
+ }
+
/* check for additional authentication rounds */
if (do_another_auth(this))
{
@@ -942,7 +1210,7 @@ METHOD(task_t, process_i, status_t,
enumerator_t *enumerator;
payload_t *payload;
auth_cfg_t *cfg;
- bool mutual_eap = FALSE;
+ bool mutual_eap = FALSE, ppk_id_received = FALSE;
if (message->get_exchange_type(message) == IKE_SA_INIT)
{
@@ -998,6 +1266,9 @@ METHOD(task_t, process_i, status_t,
this->ike_sa->enable_extension(this->ike_sa,
EXT_IKE_MESSAGE_ID_SYNC);
break;
+ case PPK_IDENTITY:
+ ppk_id_received = TRUE;
+ break;
default:
{
if (type <= 16383)
@@ -1019,7 +1290,7 @@ METHOD(task_t, process_i, status_t,
if (this->expect_another_auth)
{
- if (this->other_auth == NULL)
+ if (!this->other_auth)
{
id_payload_t *id_payload;
identification_t *id;
@@ -1059,6 +1330,11 @@ METHOD(task_t, process_i, status_t,
}
if (this->other_auth)
{
+ if (ppk_id_received && is_first_round(this, FALSE) &&
+ this->other_auth->use_ppk)
+ {
+ this->other_auth->use_ppk(this->other_auth, this->ppk, FALSE);
+ }
switch (this->other_auth->process(this->other_auth, message))
{
case SUCCESS:
@@ -1094,6 +1370,14 @@ METHOD(task_t, process_i, status_t,
if (this->my_auth)
{
+ /* while we already set the PPK in build_i(), we MUST not use it if
+ * the peer did not reply with a PPK_ID notify */
+ if (this->ppk.ptr && this->my_auth->use_ppk)
+ {
+ this->my_auth->use_ppk(this->my_auth,
+ ppk_id_received ? this->ppk : chunk_empty,
+ FALSE);
+ }
switch (this->my_auth->process(this->my_auth, message))
{
case SUCCESS:
@@ -1109,11 +1393,29 @@ METHOD(task_t, process_i, status_t,
case NEED_MORE:
break;
default:
- charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
- send_auth_failed_informational(this, message);
- return FAILED;
+ goto local_auth_failed;
+ }
+ }
+
+ /* change keys and clear PPK after we are done with our authentication, so
+ * we only explicitly use it for the first round, afterwards we just use the
+ * changed SK_p keys implicitly */
+ if (!this->my_auth && this->ppk_id)
+ {
+ if (ppk_id_received)
+ {
+ if (!apply_ppk(this))
+ {
+ goto local_auth_failed;
+ }
+ }
+ else
+ {
+ DBG1(DBG_CFG, "peer didn't use PPK for PPK_ID '%Y'", this->ppk_id);
}
+ clear_ppk(this);
}
+
if (mutual_eap)
{
if (!this->my_auth || !this->my_auth->is_mutual(this->my_auth))
@@ -1124,7 +1426,7 @@ METHOD(task_t, process_i, status_t,
DBG1(DBG_IKE, "allow mutual EAP-only authentication");
}
- if (message->get_notify(message, ANOTHER_AUTH_FOLLOWS) == NULL)
+ if (!message->get_notify(message, ANOTHER_AUTH_FOLLOWS))
{
this->expect_another_auth = FALSE;
}
@@ -1162,6 +1464,10 @@ peer_auth_failed:
charon->bus->alert(charon->bus, ALERT_PEER_AUTH_FAILED);
send_auth_failed_informational(this, message);
return FAILED;
+local_auth_failed:
+ charon->bus->alert(charon->bus, ALERT_LOCAL_AUTH_FAILED);
+ send_auth_failed_informational(this, message);
+ return FAILED;
}
METHOD(task_t, get_type, task_type_t,
@@ -1173,6 +1479,7 @@ METHOD(task_t, get_type, task_type_t,
METHOD(task_t, migrate, void,
private_ike_auth_t *this, ike_sa_t *ike_sa)
{
+ clear_ppk(this);
chunk_free(&this->my_nonce);
chunk_free(&this->other_nonce);
DESTROY_IF(this->my_packet);
@@ -1199,6 +1506,7 @@ METHOD(task_t, migrate, void,
METHOD(task_t, destroy, void,
private_ike_auth_t *this)
{
+ clear_ppk(this);
chunk_free(&this->my_nonce);
chunk_free(&this->other_nonce);
DESTROY_IF(this->my_packet);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h
index f6862ca27..fd14e9faf 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h
@@ -45,7 +45,7 @@ struct ike_auth_lifetime_t {
* Create a new TASK_IKE_AUTH_LIFETIME task.
*
* @param ike_sa IKE_SA this task works for
- * @param initiator TRUE if taks is initiated by us
+ * @param initiator TRUE if task is initiated by us
* @return ike_auth_lifetime task to handle by the task_manager
*/
ike_auth_lifetime_t *ike_auth_lifetime_create(ike_sa_t *ike_sa, bool initiator);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c
index 3d73d728b..307d99264 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@@ -55,11 +55,6 @@ struct private_ike_init_t {
bool initiator;
/**
- * IKE config to establish
- */
- ike_cfg_t *config;
-
- /**
* diffie hellman group to use
*/
diffie_hellman_group_t dh_group;
@@ -275,6 +270,38 @@ static void handle_supported_hash_algorithms(private_ike_init_t *this,
}
/**
+ * Check whether to send a USE_PPK notify
+ */
+static bool send_use_ppk(private_ike_init_t *this)
+{
+ peer_cfg_t *peer;
+ enumerator_t *keys;
+ shared_key_t *key;
+ bool use_ppk = FALSE;
+
+ if (this->initiator)
+ {
+ peer = this->ike_sa->get_peer_cfg(this->ike_sa);
+ if (peer->get_ppk_id(peer))
+ {
+ use_ppk = TRUE;
+ }
+ }
+ else if (this->ike_sa->supports_extension(this->ike_sa, EXT_PPK))
+ {
+ /* check if we have at least one PPK available */
+ keys = lib->credmgr->create_shared_enumerator(lib->credmgr, SHARED_PPK,
+ NULL, NULL);
+ if (keys->enumerate(keys, &key, NULL, NULL))
+ {
+ use_ppk = TRUE;
+ }
+ keys->destroy(keys);
+ }
+ return use_ppk;
+}
+
+/**
* build the payloads for the message
*/
static bool build_payloads(private_ike_init_t *this, message_t *message)
@@ -286,14 +313,15 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
ike_sa_id_t *id;
proposal_t *proposal;
enumerator_t *enumerator;
+ ike_cfg_t *ike_cfg;
id = this->ike_sa->get_id(this->ike_sa);
- this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
if (this->initiator)
{
- proposal_list = this->config->get_proposals(this->config);
+ proposal_list = ike_cfg->get_proposals(ike_cfg);
other_dh_groups = linked_list_create();
enumerator = proposal_list->create_enumerator(proposal_list);
while (enumerator->enumerate(enumerator, (void**)&proposal))
@@ -334,8 +362,6 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
}
message->add_payload(message, (payload_t*)sa_payload);
- nonce_payload = nonce_payload_create(PLV2_NONCE);
- nonce_payload->set_nonce(nonce_payload, this->my_nonce);
ke_payload = ke_payload_create_from_diffie_hellman(PLV2_KEY_EXCHANGE,
this->dh);
if (!ke_payload)
@@ -343,6 +369,8 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
DBG1(DBG_IKE, "creating KE payload failed");
return FALSE;
}
+ nonce_payload = nonce_payload_create(PLV2_NONCE);
+ nonce_payload->set_nonce(nonce_payload, this->my_nonce);
if (this->old_sa)
{ /* payload order differs if we are rekeying */
@@ -357,7 +385,7 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
/* negotiate fragmentation if we are not rekeying */
if (!this->old_sa &&
- this->config->fragmentation(this->config) != FRAGMENTATION_NO)
+ ike_cfg->fragmentation(ike_cfg) != FRAGMENTATION_NO)
{
if (this->initiator ||
this->ike_sa->supports_extension(this->ike_sa,
@@ -400,10 +428,77 @@ static bool build_payloads(private_ike_init_t *this, message_t *message)
chunk_empty);
}
}
+ /* notify the peer if we want to use/support PPK */
+ if (!this->old_sa && send_use_ppk(this))
+ {
+ message->add_notify(message, FALSE, USE_PPK, chunk_empty);
+ }
return TRUE;
}
/**
+ * Process the SA payload and select a proposal
+ */
+static void process_sa_payload(private_ike_init_t *this, message_t *message,
+ sa_payload_t *sa_payload)
+{
+ ike_cfg_t *ike_cfg, *cfg, *alt_cfg = NULL;
+ enumerator_t *enumerator;
+ linked_list_t *proposal_list;
+ host_t *me, *other;
+ bool private, prefer_configured;
+
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
+
+ proposal_list = sa_payload->get_proposals(sa_payload);
+ private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN);
+ prefer_configured = lib->settings->get_bool(lib->settings,
+ "%s.prefer_configured_proposals", TRUE, lib->ns);
+
+ this->proposal = ike_cfg->select_proposal(ike_cfg, proposal_list, private,
+ prefer_configured);
+ if (!this->proposal)
+ {
+ if (!this->initiator && !this->old_sa)
+ {
+ me = message->get_destination(message);
+ other = message->get_source(message);
+ enumerator = charon->backends->create_ike_cfg_enumerator(
+ charon->backends, me, other, IKEV2);
+ while (enumerator->enumerate(enumerator, &cfg))
+ {
+ if (ike_cfg == cfg)
+ { /* already tried and failed */
+ continue;
+ }
+ DBG1(DBG_IKE, "no matching proposal found, trying alternative "
+ "config");
+ this->proposal = cfg->select_proposal(cfg, proposal_list,
+ private, prefer_configured);
+ if (this->proposal)
+ {
+ alt_cfg = cfg->get_ref(cfg);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+ if (alt_cfg)
+ {
+ this->ike_sa->set_ike_cfg(this->ike_sa, alt_cfg);
+ alt_cfg->destroy(alt_cfg);
+ }
+ else
+ {
+ charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE,
+ proposal_list);
+ }
+ }
+ proposal_list->destroy_offset(proposal_list,
+ offsetof(proposal_t, destroy));
+}
+
+/**
* Read payloads from message
*/
static void process_payloads(private_ike_init_t *this, message_t *message)
@@ -419,24 +514,7 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
{
case PLV2_SECURITY_ASSOCIATION:
{
- sa_payload_t *sa_payload = (sa_payload_t*)payload;
- linked_list_t *proposal_list;
- bool private, prefer_configured;
-
- proposal_list = sa_payload->get_proposals(sa_payload);
- private = this->ike_sa->supports_extension(this->ike_sa,
- EXT_STRONGSWAN);
- prefer_configured = lib->settings->get_bool(lib->settings,
- "%s.prefer_configured_proposals", TRUE, lib->ns);
- this->proposal = this->config->select_proposal(this->config,
- proposal_list, private, prefer_configured);
- if (!this->proposal)
- {
- charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE,
- proposal_list);
- }
- proposal_list->destroy_offset(proposal_list,
- offsetof(proposal_t, destroy));
+ process_sa_payload(this, message, (sa_payload_t*)payload);
break;
}
case PLV2_KEY_EXCHANGE:
@@ -469,6 +547,13 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
handle_supported_hash_algorithms(this, notify);
}
break;
+ case USE_PPK:
+ if (!this->old_sa)
+ {
+ this->ike_sa->enable_extension(this->ike_sa,
+ EXT_PPK);
+ }
+ break;
case REDIRECTED_FROM:
{
identification_t *gateway;
@@ -533,7 +618,10 @@ static void process_payloads(private_ike_init_t *this, message_t *message)
METHOD(task_t, build_i, status_t,
private_ike_init_t *this, message_t *message)
{
- this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
+ ike_cfg_t *ike_cfg;
+
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
+
DBG0(DBG_IKE, "initiating IKE_SA %s[%d] to %H",
this->ike_sa->get_name(this->ike_sa),
this->ike_sa->get_unique_id(this->ike_sa),
@@ -563,12 +651,12 @@ METHOD(task_t, build_i, status_t,
}
else
{ /* this shouldn't happen, but let's be safe */
- this->dh_group = this->config->get_dh_group(this->config);
+ this->dh_group = ike_cfg->get_dh_group(ike_cfg);
}
}
else
{
- this->dh_group = this->config->get_dh_group(this->config);
+ this->dh_group = ike_cfg->get_dh_group(ike_cfg);
}
this->dh = this->keymat->keymat.create_dh(&this->keymat->keymat,
this->dh_group);
@@ -627,7 +715,6 @@ METHOD(task_t, build_i, status_t,
METHOD(task_t, process_r, status_t,
private_ike_init_t *this, message_t *message)
{
- this->config = this->ike_sa->get_ike_cfg(this->ike_sa);
DBG0(DBG_IKE, "%H is initiating an IKE_SA", message->get_source(message));
this->ike_sa->set_state(this->ike_sa, IKE_CONNECTING);
@@ -699,7 +786,7 @@ METHOD(task_t, build_r, status_t,
if (this->proposal == NULL ||
this->other_nonce.len == 0 || this->my_nonce.len == 0)
{
- DBG1(DBG_IKE, "received proposals inacceptable");
+ DBG1(DBG_IKE, "received proposals unacceptable");
message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
return FAILED;
}
@@ -728,7 +815,7 @@ METHOD(task_t, build_r, status_t,
if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP,
&group, NULL))
{
- DBG1(DBG_IKE, "DH group %N inacceptable, requesting %N",
+ DBG1(DBG_IKE, "DH group %N unacceptable, requesting %N",
diffie_hellman_group_names, this->dh_group,
diffie_hellman_group_names, group);
this->dh_group = group;
@@ -770,12 +857,14 @@ METHOD(task_t, build_r, status_t,
*/
static void raise_alerts(private_ike_init_t *this, notify_type_t type)
{
+ ike_cfg_t *ike_cfg;
linked_list_t *list;
switch (type)
{
case NO_PROPOSAL_CHOSEN:
- list = this->config->get_proposals(this->config);
+ ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa);
+ list = ike_cfg->get_proposals(ike_cfg);
charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE, list);
list->destroy_offset(list, offsetof(proposal_t, destroy));
break;
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
index fe41a1cac..b2ad0a02a 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
@@ -193,7 +193,7 @@ static void process_payloads(private_ike_mobike_t *this, message_t *message)
case NAT_DETECTION_DESTINATION_IP:
{
/* NAT check in this MOBIKE exchange, create subtask for it */
- if (this->natd == NULL)
+ if (!this->natd)
{
this->natd = ike_natd_create(this->ike_sa, this->initiator);
}
@@ -648,7 +648,7 @@ METHOD(ike_mobike_t, roam, void,
METHOD(ike_mobike_t, dpd, void,
private_ike_mobike_t *this)
{
- if (!this->natd)
+ if (!this->natd && this->ike_sa->has_condition(this->ike_sa, COND_NAT_HERE))
{
this->natd = ike_natd_create(this->ike_sa, this->initiator);
}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.h b/src/libcharon/sa/ikev2/tasks/ike_mobike.h
index 288b87178..8789ac0af 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.h
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.h
@@ -91,7 +91,7 @@ struct ike_mobike_t {
* Create a new ike_mobike task.
*
* @param ike_sa IKE_SA this task works for
- * @param initiator TRUE if taks is initiated by us
+ * @param initiator TRUE if task is initiated by us
* @return ike_mobike task to handle by the task_manager
*/
ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c
index 11123b415..57f9a797e 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c
@@ -259,7 +259,7 @@ METHOD(task_t, build_r, status_t,
}
if (this->new_sa == NULL)
{
- /* IKE_SA/a CHILD_SA is in an inacceptable state, deny rekeying */
+ /* IKE_SA/a CHILD_SA is in an unacceptable state, deny rekeying */
message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty);
return SUCCESS;
}
diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
index 8d8969ea0..e81a18a14 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c
@@ -59,7 +59,7 @@ struct private_ike_vendor_t {
ike_sa_t *ike_sa;
/**
- * Are we the inititator of this task
+ * Are we the initiator of this task
*/
bool initiator;
};
diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c
index a83da0480..d66e70937 100644
--- a/src/libcharon/sa/shunt_manager.c
+++ b/src/libcharon/sa/shunt_manager.c
@@ -117,8 +117,10 @@ static bool install_shunt_policy(child_cfg_t *child)
host_any6 = host_create_any(AF_INET6);
hosts = linked_list_create_with_items(host_any, host_any6, NULL);
- my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts);
- other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts);
+ my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts,
+ FALSE);
+ other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts,
+ FALSE);
hosts->destroy(hosts);
manual_prio = child->get_manual_prio(child);
@@ -287,8 +289,10 @@ static void uninstall_shunt_policy(child_cfg_t *child)
host_any6 = host_create_any(AF_INET6);
hosts = linked_list_create_with_items(host_any, host_any6, NULL);
- my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts);
- other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts);
+ my_ts_list = child->get_traffic_selectors(child, TRUE, NULL, hosts,
+ FALSE);
+ other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts,
+ FALSE);
hosts->destroy(hosts);
manual_prio = child->get_manual_prio(child);
diff --git a/src/libcharon/sa/task.h b/src/libcharon/sa/task.h
index 1a0a1acfa..987ac489d 100644
--- a/src/libcharon/sa/task.h
+++ b/src/libcharon/sa/task.h
@@ -115,7 +115,7 @@ extern enum_name_t *task_type_names;
/**
* Interface for a task, an operation handled within exchanges.
*
- * A task is an elemantary operation. It may be handled by a single or by
+ * A task is an elementary operation. It may be handled by a single or by
* multiple exchanges. An exchange may even complete multiple tasks.
* A task has a build() and an process() operation. The build() operation
* creates payloads and adds it to the message. The process() operation
@@ -128,7 +128,7 @@ extern enum_name_t *task_type_names;
* that the task completed, even when the task completed unsuccessfully. The
* manager then removes the task from the list. A NEED_MORE is returned when
* the task needs further build()/process() calls to complete, the manager
- * leaves the taks in the queue. A returned FAILED indicates a critical failure.
+ * leaves the task in the queue. A returned FAILED indicates a critical failure.
* The manager closes the IKE_SA whenever a task returns FAILED.
*/
struct task_t {
@@ -180,7 +180,7 @@ struct task_t {
* Migrate a task to a new IKE_SA.
*
* After migrating a task, it goes back to a state where it can be
- * used again to initate an exchange. This is useful when a task
+ * used again to initiate an exchange. This is useful when a task
* has to get migrated to a new IKE_SA.
* A special usage is when a INVALID_KE_PAYLOAD is received. A call
* to reset resets the task, but uses another DH group for the next
diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c
index 979f9290a..148df3923 100644
--- a/src/libcharon/sa/trap_manager.c
+++ b/src/libcharon/sa/trap_manager.c
@@ -168,7 +168,7 @@ static bool dynamic_remote_ts(child_cfg_t *child)
traffic_selector_t *ts;
bool found = FALSE;
- other_ts = child->get_traffic_selectors(child, FALSE, NULL, NULL);
+ other_ts = child->get_traffic_selectors(child, FALSE, NULL, NULL, FALSE);
enumerator = other_ts->create_enumerator(other_ts);
while (enumerator->enumerate(enumerator, &ts))
{
@@ -296,11 +296,11 @@ METHOD(trap_manager_t, install, bool,
child_sa = child_sa_create(me, other, child, 0, FALSE, 0, 0);
list = linked_list_create_with_items(me, NULL);
- my_ts = child->get_traffic_selectors(child, TRUE, NULL, list);
+ my_ts = child->get_traffic_selectors(child, TRUE, NULL, list, FALSE);
list->destroy_offset(list, offsetof(host_t, destroy));
list = linked_list_create_with_items(other, NULL);
- other_ts = child->get_traffic_selectors(child, FALSE, NULL, list);
+ other_ts = child->get_traffic_selectors(child, FALSE, NULL, list, FALSE);
list->destroy_offset(list, offsetof(host_t, destroy));
/* We don't know the finally negotiated protocol (ESP|AH), we install
diff --git a/src/libcharon/tests/Makefile.am b/src/libcharon/tests/Makefile.am
index 5ebd0456c..101b534f0 100644
--- a/src/libcharon/tests/Makefile.am
+++ b/src/libcharon/tests/Makefile.am
@@ -4,6 +4,7 @@ check_PROGRAMS = $(TESTS)
libcharon_tests_SOURCES = \
suites/test_ike_cfg.c \
+ suites/test_peer_cfg.c \
suites/test_mem_pool.c \
suites/test_message_chapoly.c \
libcharon_tests.h libcharon_tests.c
@@ -35,6 +36,7 @@ exchange_tests_SOURCES = \
utils/job_asserts.h \
utils/mock_dh.h utils/mock_dh.c \
utils/mock_ipsec.h utils/mock_ipsec.c \
+ utils/mock_net.h utils/mock_net.c \
utils/mock_nonce_gen.h utils/mock_nonce_gen.c \
utils/mock_sender.h utils/mock_sender.c \
utils/sa_asserts.h \
diff --git a/src/libcharon/tests/Makefile.in b/src/libcharon/tests/Makefile.in
index 24552d201..c545c6334 100644
--- a/src/libcharon/tests/Makefile.in
+++ b/src/libcharon/tests/Makefile.in
@@ -121,6 +121,7 @@ am_exchange_tests_OBJECTS = \
utils/exchange_tests-exchange_test_helper.$(OBJEXT) \
utils/exchange_tests-mock_dh.$(OBJEXT) \
utils/exchange_tests-mock_ipsec.$(OBJEXT) \
+ utils/exchange_tests-mock_net.$(OBJEXT) \
utils/exchange_tests-mock_nonce_gen.$(OBJEXT) \
utils/exchange_tests-mock_sender.$(OBJEXT) \
exchange_tests-exchange_tests.$(OBJEXT)
@@ -139,6 +140,7 @@ exchange_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(LDFLAGS) -o $@
am_libcharon_tests_OBJECTS = \
suites/libcharon_tests-test_ike_cfg.$(OBJEXT) \
+ suites/libcharon_tests-test_peer_cfg.$(OBJEXT) \
suites/libcharon_tests-test_mem_pool.$(OBJEXT) \
suites/libcharon_tests-test_message_chapoly.$(OBJEXT) \
libcharon_tests-libcharon_tests.$(OBJEXT)
@@ -334,7 +336,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -360,6 +361,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -380,8 +383,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -436,8 +437,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -466,8 +465,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -475,6 +478,7 @@ xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
libcharon_tests_SOURCES = \
suites/test_ike_cfg.c \
+ suites/test_peer_cfg.c \
suites/test_mem_pool.c \
suites/test_message_chapoly.c \
libcharon_tests.h libcharon_tests.c
@@ -505,6 +509,7 @@ exchange_tests_SOURCES = \
utils/job_asserts.h \
utils/mock_dh.h utils/mock_dh.c \
utils/mock_ipsec.h utils/mock_ipsec.c \
+ utils/mock_net.h utils/mock_net.c \
utils/mock_nonce_gen.h utils/mock_nonce_gen.c \
utils/mock_sender.h utils/mock_sender.c \
utils/sa_asserts.h \
@@ -598,6 +603,8 @@ utils/exchange_tests-mock_dh.$(OBJEXT): utils/$(am__dirstamp) \
utils/$(DEPDIR)/$(am__dirstamp)
utils/exchange_tests-mock_ipsec.$(OBJEXT): utils/$(am__dirstamp) \
utils/$(DEPDIR)/$(am__dirstamp)
+utils/exchange_tests-mock_net.$(OBJEXT): utils/$(am__dirstamp) \
+ utils/$(DEPDIR)/$(am__dirstamp)
utils/exchange_tests-mock_nonce_gen.$(OBJEXT): utils/$(am__dirstamp) \
utils/$(DEPDIR)/$(am__dirstamp)
utils/exchange_tests-mock_sender.$(OBJEXT): utils/$(am__dirstamp) \
@@ -608,6 +615,8 @@ exchange_tests$(EXEEXT): $(exchange_tests_OBJECTS) $(exchange_tests_DEPENDENCIES
$(AM_V_CCLD)$(exchange_tests_LINK) $(exchange_tests_OBJECTS) $(exchange_tests_LDADD) $(LIBS)
suites/libcharon_tests-test_ike_cfg.$(OBJEXT): suites/$(am__dirstamp) \
suites/$(DEPDIR)/$(am__dirstamp)
+suites/libcharon_tests-test_peer_cfg.$(OBJEXT): \
+ suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
suites/libcharon_tests-test_mem_pool.$(OBJEXT): \
suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp)
suites/libcharon_tests-test_message_chapoly.$(OBJEXT): \
@@ -636,10 +645,12 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_message_chapoly.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_dh.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_ipsec.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_net.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_sender.Po@am__quote@
@@ -807,6 +818,20 @@ utils/exchange_tests-mock_ipsec.obj: utils/mock_ipsec.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_ipsec.obj `if test -f 'utils/mock_ipsec.c'; then $(CYGPATH_W) 'utils/mock_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_ipsec.c'; fi`
+utils/exchange_tests-mock_net.o: utils/mock_net.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_net.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_net.Tpo -c -o utils/exchange_tests-mock_net.o `test -f 'utils/mock_net.c' || echo '$(srcdir)/'`utils/mock_net.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_net.Tpo utils/$(DEPDIR)/exchange_tests-mock_net.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_net.c' object='utils/exchange_tests-mock_net.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_net.o `test -f 'utils/mock_net.c' || echo '$(srcdir)/'`utils/mock_net.c
+
+utils/exchange_tests-mock_net.obj: utils/mock_net.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_net.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_net.Tpo -c -o utils/exchange_tests-mock_net.obj `if test -f 'utils/mock_net.c'; then $(CYGPATH_W) 'utils/mock_net.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_net.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_net.Tpo utils/$(DEPDIR)/exchange_tests-mock_net.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_net.c' object='utils/exchange_tests-mock_net.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_net.obj `if test -f 'utils/mock_net.c'; then $(CYGPATH_W) 'utils/mock_net.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_net.c'; fi`
+
utils/exchange_tests-mock_nonce_gen.o: utils/mock_nonce_gen.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_nonce_gen.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo -c -o utils/exchange_tests-mock_nonce_gen.o `test -f 'utils/mock_nonce_gen.c' || echo '$(srcdir)/'`utils/mock_nonce_gen.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po
@@ -863,6 +888,20 @@ suites/libcharon_tests-test_ike_cfg.obj: suites/test_ike_cfg.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_ike_cfg.obj `if test -f 'suites/test_ike_cfg.c'; then $(CYGPATH_W) 'suites/test_ike_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_cfg.c'; fi`
+suites/libcharon_tests-test_peer_cfg.o: suites/test_peer_cfg.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_peer_cfg.o -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Tpo -c -o suites/libcharon_tests-test_peer_cfg.o `test -f 'suites/test_peer_cfg.c' || echo '$(srcdir)/'`suites/test_peer_cfg.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Tpo suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_peer_cfg.c' object='suites/libcharon_tests-test_peer_cfg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_peer_cfg.o `test -f 'suites/test_peer_cfg.c' || echo '$(srcdir)/'`suites/test_peer_cfg.c
+
+suites/libcharon_tests-test_peer_cfg.obj: suites/test_peer_cfg.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_peer_cfg.obj -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Tpo -c -o suites/libcharon_tests-test_peer_cfg.obj `if test -f 'suites/test_peer_cfg.c'; then $(CYGPATH_W) 'suites/test_peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_peer_cfg.c'; fi`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Tpo suites/$(DEPDIR)/libcharon_tests-test_peer_cfg.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_peer_cfg.c' object='suites/libcharon_tests-test_peer_cfg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_peer_cfg.obj `if test -f 'suites/test_peer_cfg.c'; then $(CYGPATH_W) 'suites/test_peer_cfg.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_peer_cfg.c'; fi`
+
suites/libcharon_tests-test_mem_pool.o: suites/test_mem_pool.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_mem_pool.o -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Tpo -c -o suites/libcharon_tests-test_mem_pool.o `test -f 'suites/test_mem_pool.c' || echo '$(srcdir)/'`suites/test_mem_pool.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Tpo suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Po
diff --git a/src/libcharon/tests/libcharon_tests.h b/src/libcharon/tests/libcharon_tests.h
index d17ea041d..bc0521a75 100644
--- a/src/libcharon/tests/libcharon_tests.h
+++ b/src/libcharon/tests/libcharon_tests.h
@@ -25,5 +25,6 @@
*/
TEST_SUITE(ike_cfg_suite_create)
+TEST_SUITE(peer_cfg_suite_create)
TEST_SUITE(mem_pool_suite_create)
TEST_SUITE_DEPEND(message_chapoly_suite_create, AEAD, ENCR_CHACHA20_POLY1305, 32)
diff --git a/src/libcharon/tests/suites/test_peer_cfg.c b/src/libcharon/tests/suites/test_peer_cfg.c
new file mode 100644
index 000000000..02e38a314
--- /dev/null
+++ b/src/libcharon/tests/suites/test_peer_cfg.c
@@ -0,0 +1,229 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_suite.h"
+
+#include <config/peer_cfg.h>
+#include <config/child_cfg.h>
+
+/**
+ * Create a simple IKE config
+ */
+static ike_cfg_t *create_ike_cfg()
+{
+ return ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", 500,
+ "127.0.0.1", 500, FRAGMENTATION_NO, 0);
+}
+
+/**
+ * Create a simple peer config
+ */
+static peer_cfg_t *create_peer_cfg()
+{
+ peer_cfg_create_t peer = {};
+
+ return peer_cfg_create("peer", create_ike_cfg(), &peer);
+}
+
+static peer_cfg_t *peer_a, *peer_b;
+
+START_SETUP(setup_replace)
+{
+ peer_a = create_peer_cfg();
+ peer_b = create_peer_cfg();
+}
+END_SETUP
+
+START_TEARDOWN(teardown_replace)
+{
+ peer_a->destroy(peer_a);
+ peer_b->destroy(peer_b);
+}
+END_TEARDOWN
+
+/**
+ * Check if the changes are correctly reported
+ * All given objects are destroyed
+ */
+static void test_replace(enumerator_t *changes, linked_list_t *rem,
+ linked_list_t *add)
+{
+ child_cfg_t *child;
+ bool added;
+
+ while (changes->enumerate(changes, &child, &added))
+ {
+ if (added)
+ {
+ ck_assert_msg(add->remove(add, child, NULL) == 1, "child config "
+ "was unexpectedly added");
+ }
+ else
+ {
+ ck_assert_msg(rem->remove(rem, child, NULL) == 1, "child config "
+ "was unexpectedly removed");
+ }
+ }
+ changes->destroy(changes);
+ ck_assert_msg(!rem->get_count(rem), "expected child config was not removed");
+ ck_assert_msg(!add->get_count(add), "expected child config was not added");
+ rem->destroy(rem);
+ add->destroy(add);
+}
+
+/**
+ * Check if the given child configs are contained in the peer config
+ * The list is destroyed
+ */
+static void test_child_cfgs(peer_cfg_t *peer, linked_list_t *children)
+{
+ enumerator_t *enumerator;
+ child_cfg_t *child;
+
+ enumerator = peer->create_child_cfg_enumerator(peer);
+ while (enumerator->enumerate(enumerator, &child))
+ {
+ ck_assert_msg(children->remove(children, child, NULL) == 1, "child "
+ "config was unexpectedly contained in peer config");
+ }
+ enumerator->destroy(enumerator);
+ ck_assert_msg(!children->get_count(children), "expected child config was "
+ "not contained in peer config");
+ children->destroy(children);
+}
+
+START_TEST(replace_child_cfgs_empty)
+{
+ child_cfg_create_t cfg = {};
+ child_cfg_t *child;
+
+ child = child_cfg_create("c", &cfg);
+ peer_b->add_child_cfg(peer_b, child->get_ref(child));
+
+ test_replace(peer_a->replace_child_cfgs(peer_a, peer_b),
+ linked_list_create(),
+ linked_list_create_with_items(child, NULL));
+ test_child_cfgs(peer_a,
+ linked_list_create_with_items(child, NULL));
+
+ child->destroy(child);
+}
+END_TEST
+
+START_TEST(replace_child_cfgs_same)
+{
+ child_cfg_create_t cfg = {};
+ child_cfg_t *child;
+
+ child = child_cfg_create("c", &cfg);
+ peer_a->add_child_cfg(peer_a, child->get_ref(child));
+ peer_b->add_child_cfg(peer_b, child->get_ref(child));
+
+ test_replace(peer_a->replace_child_cfgs(peer_a, peer_b),
+ linked_list_create(),
+ linked_list_create());
+ test_child_cfgs(peer_a,
+ linked_list_create_with_items(child, NULL));
+
+ child->destroy(child);
+}
+END_TEST
+
+START_TEST(replace_child_cfgs_same_replace)
+{
+ child_cfg_create_t cfg = {};
+ child_cfg_t *c1, *c2;
+
+ c1 = child_cfg_create("c1", &cfg);
+ peer_a->add_child_cfg(peer_a, c1->get_ref(c1));
+ c2 = child_cfg_create("c2", &cfg);
+ peer_b->add_child_cfg(peer_b, c2->get_ref(c2));
+
+ test_replace(peer_a->replace_child_cfgs(peer_a, peer_b),
+ linked_list_create(),
+ linked_list_create());
+ test_child_cfgs(peer_a,
+ linked_list_create_with_items(c2, NULL));
+
+ c1->destroy(c1);
+ c2->destroy(c2);
+}
+END_TEST
+
+START_TEST(replace_child_cfgs_clear)
+{
+ child_cfg_create_t cfg = {};
+ child_cfg_t *child;
+
+ child = child_cfg_create("c", &cfg);
+ peer_a->add_child_cfg(peer_a, child->get_ref(child));
+
+ test_replace(peer_a->replace_child_cfgs(peer_a, peer_b),
+ linked_list_create_with_items(child, NULL),
+ linked_list_create());
+ test_child_cfgs(peer_a,
+ linked_list_create());
+
+ child->destroy(child);
+}
+END_TEST
+
+START_TEST(replace_child_cfgs_mixed)
+{
+ child_cfg_create_t cfg1 = {}, cfg2 = { .mode = MODE_TUNNEL, };
+ child_cfg_create_t cfg3 = { .mode = MODE_TRANSPORT};
+ child_cfg_t *c1, *c2, *c3, *c4;
+
+ c1 = child_cfg_create("c1", &cfg1);
+ peer_a->add_child_cfg(peer_a, c1->get_ref(c1));
+ c2 = child_cfg_create("c2", &cfg2);
+ peer_a->add_child_cfg(peer_a, c2->get_ref(c2));
+
+ c3 = child_cfg_create("c3", &cfg3);
+ peer_b->add_child_cfg(peer_b, c3->get_ref(c3));
+ c4 = child_cfg_create("c4", &cfg2);
+ peer_b->add_child_cfg(peer_b, c4->get_ref(c4));
+
+ test_replace(peer_a->replace_child_cfgs(peer_a, peer_b),
+ linked_list_create_with_items(c1, NULL),
+ linked_list_create_with_items(c3, NULL));
+ test_child_cfgs(peer_a,
+ linked_list_create_with_items(c3, c4, NULL));
+
+ c1->destroy(c1);
+ c2->destroy(c2);
+ c3->destroy(c3);
+ c4->destroy(c4);
+}
+END_TEST
+
+Suite *peer_cfg_suite_create()
+{
+ Suite *s;
+ TCase *tc;
+
+ s = suite_create("peer_cfg");
+
+ tc = tcase_create("replace_child_cfgs");
+ tcase_add_checked_fixture(tc, setup_replace, teardown_replace);
+ tcase_add_test(tc, replace_child_cfgs_empty);
+ tcase_add_test(tc, replace_child_cfgs_same);
+ tcase_add_test(tc, replace_child_cfgs_same_replace);
+ tcase_add_test(tc, replace_child_cfgs_clear);
+ tcase_add_test(tc, replace_child_cfgs_mixed);
+ suite_add_tcase(s, tc);
+
+ return s;
+}
diff --git a/src/libcharon/tests/utils/exchange_test_helper.c b/src/libcharon/tests/utils/exchange_test_helper.c
index fce0ccedf..bebf33463 100644
--- a/src/libcharon/tests/utils/exchange_test_helper.c
+++ b/src/libcharon/tests/utils/exchange_test_helper.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2016 Tobias Brunner
+ * Copyright (C) 2016-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -16,6 +16,7 @@
#include "exchange_test_helper.h"
#include "mock_dh.h"
#include "mock_ipsec.h"
+#include "mock_net.h"
#include "mock_nonce_gen.h"
#include <collections/array.h>
@@ -333,6 +334,7 @@ void exchange_test_helper_init(char *plugins)
/* and there is no kernel plugin loaded
* TODO: we'd have more control if we'd implement kernel_interface_t */
charon->kernel->add_ipsec_interface(charon->kernel, mock_ipsec_create);
+ charon->kernel->add_net_interface(charon->kernel, mock_net_create);
/* like SPIs for IPsec SAs, make IKE SPIs predictable */
charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager, get_ike_spi,
this);
diff --git a/src/libcharon/tests/utils/mock_net.c b/src/libcharon/tests/utils/mock_net.c
new file mode 100644
index 000000000..5b560871e
--- /dev/null
+++ b/src/libcharon/tests/utils/mock_net.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "mock_net.h"
+
+#include <daemon.h>
+
+#include <assert.h>
+
+typedef struct private_kernel_net_t private_kernel_net_t;
+
+/**
+ * Private data
+ */
+struct private_kernel_net_t {
+
+ /**
+ * Public interface
+ */
+ kernel_net_t public;
+
+ /**
+ * Local IP address
+ */
+ host_t *host;
+};
+
+/**
+ * Global instance
+ */
+static private_kernel_net_t *instance;
+
+METHOD(kernel_net_t, get_source_addr, host_t*,
+ private_kernel_net_t *this, host_t *dest, host_t *src)
+{
+ return this->host->clone(this->host);
+}
+
+METHOD(kernel_net_t, get_nexthop, host_t*,
+ private_kernel_net_t *this, host_t *dest, int prefix, host_t *src,
+ char **iface)
+{
+ if (iface)
+ {
+ *iface = strdup("lo");
+ }
+ return this->host->clone(this->host);
+}
+
+METHOD(kernel_net_t, get_interface, bool,
+ private_kernel_net_t *this, host_t *host, char **name)
+{
+ if (host->ip_equals(host, this->host))
+ {
+ if (name)
+ {
+ *name = strdup("lo");
+ }
+ return TRUE;
+ }
+ return FALSE;
+}
+
+METHOD(kernel_net_t, create_address_enumerator, enumerator_t*,
+ private_kernel_net_t *this, kernel_address_type_t which)
+{
+ return enumerator_create_single(this->host, NULL);
+}
+
+METHOD(kernel_net_t, destroy, void,
+ private_kernel_net_t *this)
+{
+ this->host->destroy(this->host);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+kernel_net_t *mock_net_create()
+{
+ private_kernel_net_t *this;
+
+ INIT(this,
+ .public = {
+ .get_source_addr = _get_source_addr,
+ .get_nexthop = _get_nexthop,
+ .get_interface = _get_interface,
+ .create_address_enumerator = _create_address_enumerator,
+ .create_local_subnet_enumerator = (void*)enumerator_create_empty,
+ .add_ip = (void*)return_failed,
+ .del_ip = (void*)return_failed,
+ .add_route = (void*)return_failed,
+ .del_route = (void*)return_failed,
+ .destroy = _destroy,
+ },
+ .host = host_create_from_string("127.0.0.1", 500),
+ );
+
+ instance = this;
+
+ return &this->public;
+}
diff --git a/src/libimcv/plugins/imv_swid/imv_swid.c b/src/libcharon/tests/utils/mock_net.h
index cab011580..15ad1ac0c 100644
--- a/src/libimcv/plugins/imv_swid/imv_swid.c
+++ b/src/libcharon/tests/utils/mock_net.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Andreas Steffen
+ * Copyright (C) 2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -13,12 +13,24 @@
* for more details.
*/
-#include "imv_swid_agent.h"
+/**
+ * kernel_net_t implementation used for exchange unit tests. Simply returns
+ * an IP address so it seems we're connected.
+ *
+ * @defgroup mock_net mock_net
+ * @{ @ingroup test_utils_c
+ */
-static const char imv_name[] = "SWID";
-static const imv_agent_create_t imv_agent_create = imv_swid_agent_create;
+#ifndef MOCK_NET_H_
+#define MOCK_NET_H_
-/* include generic TGC TNC IF-IMV API code below */
+#include <kernel/kernel_net.h>
-#include <imv/imv_if.h>
+/**
+ * Create an instance of kernel_net_t
+ *
+ * @return created object
+ */
+kernel_net_t *mock_net_create();
+#endif /** MOCK_NET_H_ @}*/
diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in
index 604899b5a..397ae9b3a 100644
--- a/src/libfast/Makefile.in
+++ b/src/libfast/Makefile.in
@@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -342,6 +341,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -362,8 +363,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -418,8 +417,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -448,8 +445,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libfast/fast_dispatcher.c b/src/libfast/fast_dispatcher.c
index 70ff40466..d5ce77193 100644
--- a/src/libfast/fast_dispatcher.c
+++ b/src/libfast/fast_dispatcher.c
@@ -30,7 +30,7 @@
#include <collections/linked_list.h>
#include <collections/hashtable.h>
-/** Intervall to check for expired sessions, in seconds */
+/** Interval to check for expired sessions, in seconds */
#define CLEANUP_INTERVAL 30
typedef struct private_fast_dispatcher_t private_fast_dispatcher_t;
diff --git a/src/libfast/fast_dispatcher.h b/src/libfast/fast_dispatcher.h
index ffa49d9db..3deb0b7dd 100644
--- a/src/libfast/fast_dispatcher.h
+++ b/src/libfast/fast_dispatcher.h
@@ -83,7 +83,7 @@ struct fast_dispatcher_t {
* The first controller added serves as default controller. Client's
* get redirected to it if no other controller matches.
*
- * @param constructor constructor function to the conntroller
+ * @param constructor constructor function to the controller
* @param param param to pass to constructor
*/
void (*add_controller)(fast_dispatcher_t *this,
diff --git a/src/libimcv/Android.mk b/src/libimcv/Android.mk
index 9f3172074..cde6ce23f 100644
--- a/src/libimcv/Android.mk
+++ b/src/libimcv/Android.mk
@@ -75,10 +75,6 @@ libimcv_la_SOURCES := \
seg/seg_contract.h seg/seg_contract.c \
seg/seg_contract_manager.h seg/seg_contract_manager.c \
seg/seg_env.h seg/seg_env.c \
- swid/swid_error.h swid/swid_error.c \
- swid/swid_inventory.h swid/swid_inventory.c \
- swid/swid_tag.h swid/swid_tag.c \
- swid/swid_tag_id.h swid/swid_tag_id.c \
swid_gen/swid_gen.h swid_gen/swid_gen.c \
swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \
swima/swima_data_model.h swima/swima_data_model.c \
@@ -108,10 +104,7 @@ libimcv_la_SOURCES := \
tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \
tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \
- tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \
- tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
- tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
- tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
+ tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c
LOCAL_SRC_FILES := $(filter %.c,$(libimcv_la_SOURCES))
diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am
index a6397c5ff..444de3f42 100644
--- a/src/libimcv/Makefile.am
+++ b/src/libimcv/Makefile.am
@@ -96,10 +96,6 @@ libimcv_la_SOURCES = \
seg/seg_contract.h seg/seg_contract.c \
seg/seg_contract_manager.h seg/seg_contract_manager.c \
seg/seg_env.h seg/seg_env.c \
- swid/swid_error.h swid/swid_error.c \
- swid/swid_inventory.h swid/swid_inventory.c \
- swid/swid_tag.h swid/swid_tag.c \
- swid/swid_tag_id.h swid/swid_tag_id.c \
swid_gen/swid_gen.h swid_gen/swid_gen.c \
swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \
swima/swima_data_model.h swima/swima_data_model.c \
@@ -129,10 +125,7 @@ libimcv_la_SOURCES = \
tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \
tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \
- tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \
- tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
- tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
- tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
+ tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c
ipsec_SCRIPTS = imv/_imv_policy
EXTRA_DIST = imv/_imv_policy Android.mk
@@ -183,14 +176,6 @@ if USE_IMV_ATTESTATION
SUBDIRS += plugins/imv_attestation
endif
-if USE_IMC_SWID
- SUBDIRS += plugins/imc_swid
-endif
-
-if USE_IMV_SWID
- SUBDIRS += plugins/imv_swid
-endif
-
if USE_IMC_SWIMA
SUBDIRS += plugins/imc_swima
endif
diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in
index ef2c9c35b..105442d20 100644
--- a/src/libimcv/Makefile.in
+++ b/src/libimcv/Makefile.in
@@ -101,12 +101,10 @@ ipsec_PROGRAMS = imv_policy_manager$(EXEEXT)
@USE_IMV_OS_TRUE@am__append_7 = plugins/imv_os
@USE_IMC_ATTESTATION_TRUE@am__append_8 = plugins/imc_attestation
@USE_IMV_ATTESTATION_TRUE@am__append_9 = plugins/imv_attestation
-@USE_IMC_SWID_TRUE@am__append_10 = plugins/imc_swid
-@USE_IMV_SWID_TRUE@am__append_11 = plugins/imv_swid
-@USE_IMC_SWIMA_TRUE@am__append_12 = plugins/imc_swima
-@USE_IMV_SWIMA_TRUE@am__append_13 = plugins/imv_swima
-@USE_IMC_HCD_TRUE@am__append_14 = plugins/imc_hcd
-@USE_IMV_HCD_TRUE@am__append_15 = plugins/imv_hcd
+@USE_IMC_SWIMA_TRUE@am__append_10 = plugins/imc_swima
+@USE_IMV_SWIMA_TRUE@am__append_11 = plugins/imv_swima
+@USE_IMC_HCD_TRUE@am__append_12 = plugins/imc_hcd
+@USE_IMV_HCD_TRUE@am__append_13 = plugins/imv_hcd
TESTS = imcv_tests$(EXEEXT)
check_PROGRAMS = $(am__EXEEXT_1)
subdir = src/libimcv
@@ -202,12 +200,11 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \
pts/components/tcg/tcg_comp_func_name.lo pwg/pwg_attr.lo \
pwg/pwg_attr_vendor_smi_code.lo rest/rest.lo \
seg/seg_contract.lo seg/seg_contract_manager.lo seg/seg_env.lo \
- swid/swid_error.lo swid/swid_inventory.lo swid/swid_tag.lo \
- swid/swid_tag_id.lo swid_gen/swid_gen.lo \
- swid_gen/swid_gen_info.lo swima/swima_data_model.lo \
- swima/swima_record.lo swima/swima_event.lo \
- swima/swima_events.lo swima/swima_inventory.lo \
- swima/swima_collector.lo swima/swima_error.lo tcg/tcg_attr.lo \
+ swid_gen/swid_gen.lo swid_gen/swid_gen_info.lo \
+ swima/swima_data_model.lo swima/swima_record.lo \
+ swima/swima_event.lo swima/swima_events.lo \
+ swima/swima_inventory.lo swima/swima_collector.lo \
+ swima/swima_error.lo tcg/tcg_attr.lo \
tcg/pts/tcg_pts_attr_proto_caps.lo \
tcg/pts/tcg_pts_attr_dh_nonce_params_req.lo \
tcg/pts/tcg_pts_attr_dh_nonce_params_resp.lo \
@@ -226,9 +223,7 @@ am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \
tcg/pts/tcg_pts_attr_unix_file_meta.lo \
tcg/seg/tcg_seg_attr_max_size.lo \
tcg/seg/tcg_seg_attr_seg_env.lo \
- tcg/seg/tcg_seg_attr_next_seg.lo tcg/swid/tcg_swid_attr_req.lo \
- tcg/swid/tcg_swid_attr_tag_id_inv.lo \
- tcg/swid/tcg_swid_attr_tag_inv.lo
+ tcg/seg/tcg_seg_attr_next_seg.lo
libimcv_la_OBJECTS = $(am_libimcv_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -378,8 +373,8 @@ am__tty_colors = { \
DIST_SUBDIRS = . plugins/imc_test plugins/imv_test plugins/imc_scanner \
plugins/imv_scanner plugins/imc_os plugins/imv_os \
plugins/imc_attestation plugins/imv_attestation \
- plugins/imc_swid plugins/imv_swid plugins/imc_swima \
- plugins/imv_swima plugins/imc_hcd plugins/imv_hcd
+ plugins/imc_swima plugins/imv_swima plugins/imc_hcd \
+ plugins/imv_hcd
am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
@@ -506,7 +501,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -532,6 +526,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -552,8 +548,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -608,8 +602,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -638,8 +630,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -737,10 +733,6 @@ libimcv_la_SOURCES = \
seg/seg_contract.h seg/seg_contract.c \
seg/seg_contract_manager.h seg/seg_contract_manager.c \
seg/seg_env.h seg/seg_env.c \
- swid/swid_error.h swid/swid_error.c \
- swid/swid_inventory.h swid/swid_inventory.c \
- swid/swid_tag.h swid/swid_tag.c \
- swid/swid_tag_id.h swid/swid_tag_id.c \
swid_gen/swid_gen.h swid_gen/swid_gen.c \
swid_gen/swid_gen_info.h swid_gen/swid_gen_info.c \
swima/swima_data_model.h swima/swima_data_model.c \
@@ -770,10 +762,7 @@ libimcv_la_SOURCES = \
tcg/pts/tcg_pts_attr_unix_file_meta.h tcg/pts/tcg_pts_attr_unix_file_meta.c \
tcg/seg/tcg_seg_attr_max_size.h tcg/seg/tcg_seg_attr_max_size.c \
tcg/seg/tcg_seg_attr_seg_env.h tcg/seg/tcg_seg_attr_seg_env.c \
- tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c \
- tcg/swid/tcg_swid_attr_req.h tcg/swid/tcg_swid_attr_req.c \
- tcg/swid/tcg_swid_attr_tag_id_inv.h tcg/swid/tcg_swid_attr_tag_id_inv.c \
- tcg/swid/tcg_swid_attr_tag_inv.h tcg/swid/tcg_swid_attr_tag_inv.c
+ tcg/seg/tcg_seg_attr_next_seg.h tcg/seg/tcg_seg_attr_next_seg.c
ipsec_SCRIPTS = imv/_imv_policy
EXTRA_DIST = imv/_imv_policy Android.mk
@@ -791,8 +780,7 @@ imv_policy_manager_LDADD = \
SUBDIRS = . $(am__append_2) $(am__append_3) $(am__append_4) \
$(am__append_5) $(am__append_6) $(am__append_7) \
$(am__append_8) $(am__append_9) $(am__append_10) \
- $(am__append_11) $(am__append_12) $(am__append_13) \
- $(am__append_14) $(am__append_15)
+ $(am__append_11) $(am__append_12) $(am__append_13)
imcv_tests_SOURCES = \
ita/ita_attr_command.c \
pa_tnc/pa_tnc_attr_manager.c \
@@ -1102,19 +1090,6 @@ seg/seg_contract.lo: seg/$(am__dirstamp) seg/$(DEPDIR)/$(am__dirstamp)
seg/seg_contract_manager.lo: seg/$(am__dirstamp) \
seg/$(DEPDIR)/$(am__dirstamp)
seg/seg_env.lo: seg/$(am__dirstamp) seg/$(DEPDIR)/$(am__dirstamp)
-swid/$(am__dirstamp):
- @$(MKDIR_P) swid
- @: > swid/$(am__dirstamp)
-swid/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) swid/$(DEPDIR)
- @: > swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_error.lo: swid/$(am__dirstamp) \
- swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_inventory.lo: swid/$(am__dirstamp) \
- swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_tag.lo: swid/$(am__dirstamp) swid/$(DEPDIR)/$(am__dirstamp)
-swid/swid_tag_id.lo: swid/$(am__dirstamp) \
- swid/$(DEPDIR)/$(am__dirstamp)
swid_gen/$(am__dirstamp):
@$(MKDIR_P) swid_gen
@: > swid_gen/$(am__dirstamp)
@@ -1204,18 +1179,6 @@ tcg/seg/tcg_seg_attr_seg_env.lo: tcg/seg/$(am__dirstamp) \
tcg/seg/$(DEPDIR)/$(am__dirstamp)
tcg/seg/tcg_seg_attr_next_seg.lo: tcg/seg/$(am__dirstamp) \
tcg/seg/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/$(am__dirstamp):
- @$(MKDIR_P) tcg/swid
- @: > tcg/swid/$(am__dirstamp)
-tcg/swid/$(DEPDIR)/$(am__dirstamp):
- @$(MKDIR_P) tcg/swid/$(DEPDIR)
- @: > tcg/swid/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/tcg_swid_attr_req.lo: tcg/swid/$(am__dirstamp) \
- tcg/swid/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/tcg_swid_attr_tag_id_inv.lo: tcg/swid/$(am__dirstamp) \
- tcg/swid/$(DEPDIR)/$(am__dirstamp)
-tcg/swid/tcg_swid_attr_tag_inv.lo: tcg/swid/$(am__dirstamp) \
- tcg/swid/$(DEPDIR)/$(am__dirstamp)
libimcv.la: $(libimcv_la_OBJECTS) $(libimcv_la_DEPENDENCIES) $(EXTRA_libimcv_la_DEPENDENCIES)
$(AM_V_CCLD)$(libimcv_la_LINK) -rpath $(ipseclibdir) $(libimcv_la_OBJECTS) $(libimcv_la_LIBADD) $(LIBS)
@@ -1405,8 +1368,6 @@ mostlyclean-compile:
-rm -f seg/*.$(OBJEXT)
-rm -f seg/*.lo
-rm -f suites/*.$(OBJEXT)
- -rm -f swid/*.$(OBJEXT)
- -rm -f swid/*.lo
-rm -f swid_gen/*.$(OBJEXT)
-rm -f swid_gen/*.lo
-rm -f swima/*.$(OBJEXT)
@@ -1417,8 +1378,6 @@ mostlyclean-compile:
-rm -f tcg/pts/*.lo
-rm -f tcg/seg/*.$(OBJEXT)
-rm -f tcg/seg/*.lo
- -rm -f tcg/swid/*.$(OBJEXT)
- -rm -f tcg/swid/*.lo
distclean-compile:
-rm -f *.tab.c
@@ -1505,10 +1464,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@seg/$(DEPDIR)/seg_env.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/imcv_tests-test_imcv_seg.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/imcv_tests-test_imcv_swima.Po@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_error.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_inventory.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@swid/$(DEPDIR)/swid_tag_id.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/imcv_tests-swid_gen.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/swid_gen.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@swid_gen/$(DEPDIR)/swid_gen_info.Plo@am__quote@
@@ -1547,9 +1502,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_max_size.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_next_seg.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@tcg/seg/$(DEPDIR)/tcg_seg_attr_seg_env.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_req.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_id_inv.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@tcg/swid/$(DEPDIR)/tcg_swid_attr_tag_inv.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -1889,13 +1841,11 @@ clean-libtool:
-rm -rf pwg/.libs pwg/_libs
-rm -rf rest/.libs rest/_libs
-rm -rf seg/.libs seg/_libs
- -rm -rf swid/.libs swid/_libs
-rm -rf swid_gen/.libs swid_gen/_libs
-rm -rf swima/.libs swima/_libs
-rm -rf tcg/.libs tcg/_libs
-rm -rf tcg/pts/.libs tcg/pts/_libs
-rm -rf tcg/seg/.libs tcg/seg/_libs
- -rm -rf tcg/swid/.libs tcg/swid/_libs
install-dist_templatesDATA: $(dist_templates_DATA)
@$(NORMAL_INSTALL)
@list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \
@@ -2233,8 +2183,6 @@ distclean-generic:
-rm -f seg/$(am__dirstamp)
-rm -f suites/$(DEPDIR)/$(am__dirstamp)
-rm -f suites/$(am__dirstamp)
- -rm -f swid/$(DEPDIR)/$(am__dirstamp)
- -rm -f swid/$(am__dirstamp)
-rm -f swid_gen/$(DEPDIR)/$(am__dirstamp)
-rm -f swid_gen/$(am__dirstamp)
-rm -f swima/$(DEPDIR)/$(am__dirstamp)
@@ -2245,8 +2193,6 @@ distclean-generic:
-rm -f tcg/pts/$(am__dirstamp)
-rm -f tcg/seg/$(DEPDIR)/$(am__dirstamp)
-rm -f tcg/seg/$(am__dirstamp)
- -rm -f tcg/swid/$(DEPDIR)/$(am__dirstamp)
- -rm -f tcg/swid/$(am__dirstamp)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@@ -2257,7 +2203,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-ipsecPROGRAMS \
clean-ipseclibLTLIBRARIES clean-libtool mostlyclean-am
distclean: distclean-recursive
- -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -2304,7 +2250,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
- -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR) tcg/swid/$(DEPDIR)
+ -rm -rf ./$(DEPDIR) generic/$(DEPDIR) ietf/$(DEPDIR) ietf/swima/$(DEPDIR) imc/$(DEPDIR) imv/$(DEPDIR) ita/$(DEPDIR) os_info/$(DEPDIR) pa_tnc/$(DEPDIR) pts/$(DEPDIR) pts/components/$(DEPDIR) pts/components/ita/$(DEPDIR) pts/components/tcg/$(DEPDIR) pwg/$(DEPDIR) rest/$(DEPDIR) seg/$(DEPDIR) suites/$(DEPDIR) swid_gen/$(DEPDIR) swima/$(DEPDIR) tcg/$(DEPDIR) tcg/pts/$(DEPDIR) tcg/seg/$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c
index 44e0ef24f..b1bcd9214 100644
--- a/src/libimcv/ietf/ietf_attr.c
+++ b/src/libimcv/ietf/ietf_attr.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2017 Andreas Steffen
+ * Copyright (C) 2011-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -30,9 +30,7 @@
#include "ietf/swima/ietf_swima_attr_sw_ev.h"
#include "generic/generic_attr_bool.h"
-
-ENUM_BEGIN(ietf_attr_names, IETF_ATTR_TESTING,
- IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED,
+ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_SRC_METADATA_RESP,
"Testing",
"Attribute Request",
"Product Information",
@@ -46,10 +44,6 @@ ENUM_BEGIN(ietf_attr_names, IETF_ATTR_TESTING,
"Remediation Instructions",
"Forwarding Enabled",
"Factory Default Password Enabled",
-);
-ENUM_NEXT(ietf_attr_names, IETF_ATTR_SWIMA_REQUEST,
- IETF_ATTR_SRC_METADATA_RESP,
- IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED,
"SWIMA Request",
"SW Identifier Inventory",
"SW Identifier Events",
@@ -60,7 +54,6 @@ ENUM_NEXT(ietf_attr_names, IETF_ATTR_SWIMA_REQUEST,
"SW Source Metadata Request",
"SW Source Metadata Response",
);
-ENUM_END(ietf_attr_names, IETF_ATTR_SRC_METADATA_RESP);
/**
* See header
diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h
index cbf4a49a2..0f802fd45 100644
--- a/src/libimcv/ietf/ietf_attr.h
+++ b/src/libimcv/ietf/ietf_attr.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2017 Andreas Steffen
+ * Copyright (C) 2011-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -32,7 +32,7 @@ typedef enum ietf_attr_t ietf_attr_t;
*/
enum ietf_attr_t {
- /* RFC 5792 */
+ /* RFC 5792 PA-TNC */
IETF_ATTR_TESTING = 0,
IETF_ATTR_ATTRIBUTE_REQUEST = 1,
IETF_ATTR_PRODUCT_INFORMATION = 2,
@@ -47,16 +47,16 @@ enum ietf_attr_t {
IETF_ATTR_FORWARDING_ENABLED = 11,
IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED = 12,
- /* draft-ietf-sacm-nea-swid-patnc */
- IETF_ATTR_SWIMA_REQUEST = 17,
- IETF_ATTR_SW_ID_INVENTORY = 18,
- IETF_ATTR_SW_ID_EVENTS = 19,
- IETF_ATTR_SW_INVENTORY = 20,
- IETF_ATTR_SW_EVENTS = 21,
- IETF_ATTR_SUBSCRIPTION_STATUS_REQ = 22,
- IETF_ATTR_SUBSCRIPTION_STATUS_RESP = 23,
- IETF_ATTR_SRC_METADATA_REQ = 24,
- IETF_ATTR_SRC_METADATA_RESP = 25,
+ /* RFC 8412 SWIMA */
+ IETF_ATTR_SWIMA_REQUEST = 13,
+ IETF_ATTR_SW_ID_INVENTORY = 14,
+ IETF_ATTR_SW_ID_EVENTS = 15,
+ IETF_ATTR_SW_INVENTORY = 16,
+ IETF_ATTR_SW_EVENTS = 17,
+ IETF_ATTR_SUBSCRIPTION_STATUS_REQ = 18,
+ IETF_ATTR_SUBSCRIPTION_STATUS_RESP = 19,
+ IETF_ATTR_SRC_METADATA_REQ = 20,
+ IETF_ATTR_SRC_METADATA_RESP = 21,
IETF_ATTR_RESERVED = 0xffffffff,
};
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
index 75f279298..e543c63ea 100644
--- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2017 Andreas Steffen
+ * Copyright (C) 2011-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -20,23 +20,18 @@
#include <bio/bio_reader.h>
#include <utils/debug.h>
-ENUM_BEGIN(pa_tnc_error_code_names, PA_ERROR_RESERVED,
- PA_ERROR_ATTR_TYPE_NOT_SUPPORTED,
+ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED,
+ PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE,
"Reserved",
"Invalid Parameter",
"Version Not Supported",
- "Attribute Type Not Supported"
-);
-ENUM_NEXT(pa_tnc_error_code_names, PA_ERROR_SWIMA,
- PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE,
- PA_ERROR_ATTR_TYPE_NOT_SUPPORTED,
+ "Attribute Type Not Supported",
"SWIMA Error",
"SWIMA Subscription Denied",
"SWIMA Response Too Large",
"SWIMA Subscription Fulfillment Error",
"SWIMA Subscription ID Reuse"
);
-ENUM_END(pa_tnc_error_code_names, PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE);
typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t;
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
index dd0be72ff..d5cba97b6 100644
--- a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2017 Andreas Steffen
+ * Copyright (C) 2011-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -28,7 +28,7 @@ typedef enum pa_tnc_error_code_t pa_tnc_error_code_t;
#include "pa_tnc/pa_tnc_attr.h"
/**
- * IETF Standard PA-TNC Error Codes as defined in section 4.2.8 of RFC 5792
+ * IETF Standard PA-TNC Error Codes
*/
enum pa_tnc_error_code_t {
@@ -39,12 +39,12 @@ enum pa_tnc_error_code_t {
PA_ERROR_ATTR_TYPE_NOT_SUPPORTED = 3,
PA_ERROR_PA_TNC_MSG_ROOF = 3,
- /* draft-ietf-sacm-nea-swid-patnc (SWIMA) */
- PA_ERROR_SWIMA = 32,
- PA_ERROR_SWIMA_SUBSCRIPTION_DENIED = 33,
- PA_ERROR_SWIMA_RESPONSE_TOO_LARGE = 34,
- PA_ERROR_SWIMA_SUBSCRIPTION_FULFILLMENT = 35,
- PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE = 36
+ /* RFC 8412 SWIMA */
+ PA_ERROR_SWIMA = 4,
+ PA_ERROR_SWIMA_SUBSCRIPTION_DENIED = 5,
+ PA_ERROR_SWIMA_RESPONSE_TOO_LARGE = 6,
+ PA_ERROR_SWIMA_SUBSCRIPTION_FULFILLMENT = 7,
+ PA_ERROR_SWIMA_SUBSCRIPTION_ID_REUSE = 8
};
/**
diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_req.c b/src/libimcv/ietf/swima/ietf_swima_attr_req.c
index d67497373..12212ec18 100644
--- a/src/libimcv/ietf/swima/ietf_swima_attr_req.c
+++ b/src/libimcv/ietf/swima/ietf_swima_attr_req.c
@@ -26,7 +26,7 @@ typedef struct private_ietf_swima_attr_req_t private_ietf_swima_attr_req_t;
/**
* SW Request
- * see section 5.7 of IETF SW Inventory Message and Attributes for PA-TNC
+ * see section 5.7 of RFC 8412 SWIMA
*
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
@@ -191,7 +191,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
return FAILED;
}
*offset += 2 + sw_id.len;
-
+
sw_record = swima_record_create(0, sw_id, chunk_empty);
this->targets->add(this->targets, sw_record);
}
diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c
index e315c3dbb..47f499518 100644
--- a/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c
+++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_ev.c
@@ -27,7 +27,7 @@ typedef struct private_ietf_swima_attr_sw_ev_t private_ietf_swima_attr_sw_ev_t;
/**
* Software [Identifier] Events
- * see sections 5.9/5.11 of IETF SW Inventory Message and Attributes for PA-TNC
+ * see sections 5.9/5.11 of RFC 8412 SWIMA
*
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
@@ -165,16 +165,40 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void,
this->noskip_flag = noskip;
}
+/**
+ * This function is shared with ietf_swima_attr_sw_inv.c
+ **/
+void ietf_swima_attr_sw_ev_build_sw_record(bio_writer_t *writer,
+ uint8_t action, swima_record_t *sw_record, bool has_record)
+{
+ pen_type_t data_model;
+ chunk_t sw_locator;
+
+ data_model = sw_record->get_data_model(sw_record);
+
+ writer->write_uint32(writer, sw_record->get_record_id(sw_record));
+ writer->write_uint24(writer, data_model.vendor_id);
+ writer->write_uint8 (writer, data_model.type);
+ writer->write_uint8 (writer, sw_record->get_source_id(sw_record));
+ writer->write_uint8 (writer, action);
+ writer->write_data16(writer, sw_record->get_sw_id(sw_record, &sw_locator));
+ writer->write_data16(writer, sw_locator);
+
+ if (has_record)
+ {
+ writer->write_data32(writer, sw_record->get_record(sw_record));
+ }
+}
+
METHOD(pa_tnc_attr_t, build, void,
private_ietf_swima_attr_sw_ev_t *this)
{
bio_writer_t *writer;
swima_event_t *sw_event;
swima_record_t *sw_record;
- chunk_t timestamp, sw_id, sw_locator, record;
- pen_type_t data_model;
- uint32_t eid, record_id, last_eid, last_consulted_eid, eid_epoch;
- uint8_t action, source_id;
+ chunk_t timestamp;
+ uint32_t last_eid, last_consulted_eid, eid_epoch;
+ uint8_t action;
enumerator_t *enumerator;
if (this->value.ptr)
@@ -195,29 +219,14 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator = this->events->create_enumerator(this->events);
while (enumerator->enumerate(enumerator, &sw_event))
{
- eid = sw_event->get_eid(sw_event, &timestamp);
action = sw_event->get_action(sw_event);
sw_record = sw_event->get_sw_record(sw_event);
- record_id = sw_record->get_record_id(sw_record);
- data_model = sw_record->get_data_model(sw_record);
- source_id = sw_record->get_source_id(sw_record);
- sw_id = sw_record->get_sw_id(sw_record, &sw_locator);
- writer->write_uint32(writer, eid);
+ writer->write_uint32(writer, sw_event->get_eid(sw_event, &timestamp));
writer->write_data (writer, timestamp);
- writer->write_uint32(writer, record_id);
- writer->write_uint24(writer, data_model.vendor_id);
- writer->write_uint8 (writer, data_model.type);
- writer->write_uint8 (writer, source_id);
- writer->write_uint8 (writer, action);
- writer->write_data16(writer, sw_id);
- writer->write_data16(writer, sw_locator);
-
- if (this->type.type == IETF_ATTR_SW_EVENTS)
- {
- record = sw_record->get_record(sw_record);
- writer->write_data32(writer, record);
- }
+
+ ietf_swima_attr_sw_ev_build_sw_record(writer, action, sw_record,
+ this->type.type == IETF_ATTR_SW_EVENTS);
}
enumerator->destroy(enumerator);
@@ -227,15 +236,56 @@ METHOD(pa_tnc_attr_t, build, void,
writer->destroy(writer);
}
+/**
+ * This function is shared with ietf_swima_attr_sw_inv.c
+ **/
+bool ietf_swima_attr_sw_ev_process_sw_record(bio_reader_t *reader,
+ uint8_t *action, swima_record_t **sw_record, bool has_record)
+{
+ pen_type_t data_model;
+ swima_record_t *sw_rec;
+ uint32_t data_model_pen, record_id;
+ uint8_t data_model_type, source_id, reserved;
+ chunk_t sw_id, sw_locator, record = chunk_empty;
+
+ if (!reader->read_uint32(reader, &record_id) ||
+ !reader->read_uint24(reader, &data_model_pen) ||
+ !reader->read_uint8 (reader, &data_model_type) ||
+ !reader->read_uint8 (reader, &source_id) ||
+ !reader->read_uint8 (reader, &reserved) ||
+ !reader->read_data16(reader, &sw_id) ||
+ !reader->read_data16(reader, &sw_locator))
+ {
+ return FALSE;
+ }
+
+ if (action)
+ {
+ *action = reserved;
+ }
+
+ if (has_record && !reader->read_data32(reader, &record))
+ {
+ return FALSE;
+ }
+
+ data_model = pen_type_create(data_model_pen, data_model_type);
+ sw_rec = swima_record_create(record_id, sw_id, sw_locator);
+ sw_rec->set_data_model(sw_rec, data_model);
+ sw_rec->set_source_id(sw_rec, source_id);
+ sw_rec->set_record(sw_rec, record);
+ *sw_record = sw_rec;
+
+ return TRUE;
+}
+
METHOD(pa_tnc_attr_t, process, status_t,
private_ietf_swima_attr_sw_ev_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- uint32_t data_model_pen, record_id;
uint32_t eid, eid_epoch, last_eid, last_consulted_eid;
- uint8_t data_model_type, source_id, action;
- pen_type_t data_model;
- chunk_t sw_id, sw_locator, record, timestamp;
+ uint8_t action;
+ chunk_t timestamp;
swima_event_t *sw_event;
swima_record_t *sw_record;
status_t status = NEED_MORE;
@@ -273,38 +323,24 @@ METHOD(pa_tnc_attr_t, process, status_t,
{
if (!reader->read_uint32(reader, &eid) ||
!reader->read_data (reader, SW_EV_TIMESTAMP_SIZE, &timestamp) ||
- !reader->read_uint32(reader, &record_id) ||
- !reader->read_uint24(reader, &data_model_pen) ||
- !reader->read_uint8 (reader, &data_model_type) ||
- !reader->read_uint8 (reader, &source_id) ||
- !reader->read_uint8 (reader, &action) ||
- !reader->read_data16(reader, &sw_id) ||
- !reader->read_data16(reader, &sw_locator))
+ !ietf_swima_attr_sw_ev_process_sw_record(reader, &action, &sw_record,
+ this->type.type == IETF_ATTR_SW_EVENTS))
{
goto end;
}
- record = chunk_empty;
- if (action == 0 || action > SWIMA_EVENT_ACTION_LAST)
+ if (action == SWIMA_EVENT_ACTION_NONE ||
+ action > SWIMA_EVENT_ACTION_LAST)
{
DBG1(DBG_TNC, "invalid event action value for %N/%N", pen_names,
PEN_IETF, ietf_attr_names, this->type.type);
*offset = this->offset;
+ sw_record->destroy(sw_record);
reader->destroy(reader);
return FAILED;
}
- if (this->type.type == IETF_ATTR_SW_EVENTS &&
- !reader->read_data32(reader, &record))
- {
- goto end;
- }
- data_model = pen_type_create(data_model_pen, data_model_type);
- sw_record = swima_record_create(record_id, sw_id, sw_locator);
- sw_record->set_data_model(sw_record, data_model);
- sw_record->set_source_id(sw_record, source_id);
- sw_record->set_record(sw_record, record);
sw_event = swima_event_create(eid, timestamp, action, sw_record);
this->events->add(this->events, sw_event);
this->offset += this->value.len - reader->remaining(reader);
diff --git a/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c
index ee5b16b92..8035dbb07 100644
--- a/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c
+++ b/src/libimcv/ietf/swima/ietf_swima_attr_sw_inv.c
@@ -26,7 +26,7 @@ typedef struct private_ietf_swima_attr_sw_inv_t private_ietf_swima_attr_sw_inv_t
/**
* Software [Identifier] Inventory
- * see sections 5.8/5.10 of IETF SW Inventory Message and Attributes for PA-TNC
+ * see sections 5.8/5.10 of RFC 8412 SWIMA
*
* 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
@@ -43,7 +43,9 @@ typedef struct private_ietf_swima_attr_sw_inv_t private_ietf_swima_attr_sw_inv_t
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Data Model Type PEN |Data Model Type|
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Source ID Num | Software Identifier Length |Software Id (v)|
+ * | Source ID Num | Reserved | Software Identifier Length |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Software Identifier (Variable Length) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Software Locator Length | Software Locator (Var. Len) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
@@ -148,15 +150,18 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void,
this->noskip_flag = noskip;
}
+/**
+ * This function is shared with ietf_swima_attr_sw_ev.c
+ **/
+extern void ietf_swima_attr_sw_ev_build_sw_record(bio_writer_t *writer,
+ uint8_t action, swima_record_t *sw_record, bool has_record);
+
METHOD(pa_tnc_attr_t, build, void,
private_ietf_swima_attr_sw_inv_t *this)
{
bio_writer_t *writer;
swima_record_t *sw_record;
- chunk_t sw_id, sw_locator, record;
- pen_type_t data_model;
- uint32_t record_id, last_eid, eid_epoch;
- uint8_t source_id;
+ uint32_t last_eid, eid_epoch;
enumerator_t *enumerator;
if (this->value.ptr)
@@ -175,23 +180,8 @@ METHOD(pa_tnc_attr_t, build, void,
enumerator = this->inventory->create_enumerator(this->inventory);
while (enumerator->enumerate(enumerator, &sw_record))
{
- record_id = sw_record->get_record_id(sw_record);
- data_model = sw_record->get_data_model(sw_record);
- source_id = sw_record->get_source_id(sw_record);
- sw_id = sw_record->get_sw_id(sw_record, &sw_locator);
-
- writer->write_uint32(writer, record_id);
- writer->write_uint24(writer, data_model.vendor_id);
- writer->write_uint8 (writer, data_model.type);
- writer->write_uint8 (writer, source_id);
- writer->write_data16(writer, sw_id);
- writer->write_data16(writer, sw_locator);
-
- if (this->type.type == IETF_ATTR_SW_INVENTORY)
- {
- record = sw_record->get_record(sw_record);
- writer->write_data32(writer, record);
- }
+ ietf_swima_attr_sw_ev_build_sw_record(writer, 0x00, sw_record,
+ this->type.type == IETF_ATTR_SW_INVENTORY);
}
enumerator->destroy(enumerator);
@@ -201,14 +191,17 @@ METHOD(pa_tnc_attr_t, build, void,
writer->destroy(writer);
}
+/**
+ * This function is shared with ietf_swima_attr_sw_ev.c
+ **/
+extern bool ietf_swima_attr_sw_ev_process_sw_record(bio_reader_t *reader,
+ uint8_t *action, swima_record_t **sw_record, bool has_record);
+
METHOD(pa_tnc_attr_t, process, status_t,
private_ietf_swima_attr_sw_inv_t *this, uint32_t *offset)
{
bio_reader_t *reader;
- uint32_t data_model_pen, record_id, last_eid, eid_epoch;
- uint8_t data_model_type, source_id;
- pen_type_t data_model;
- chunk_t sw_id, sw_locator, record;
+ uint32_t last_eid, eid_epoch;
swima_record_t *sw_record;
status_t status = NEED_MORE;
@@ -241,27 +234,12 @@ METHOD(pa_tnc_attr_t, process, status_t,
while (this->record_count)
{
- if (!reader->read_uint32(reader, &record_id) ||
- !reader->read_uint24(reader, &data_model_pen) ||
- !reader->read_uint8 (reader, &data_model_type) ||
- !reader->read_uint8 (reader, &source_id) ||
- !reader->read_data16(reader, &sw_id) ||
- !reader->read_data16(reader, &sw_locator))
+ if (!ietf_swima_attr_sw_ev_process_sw_record(reader, NULL, &sw_record,
+ this->type.type == IETF_ATTR_SW_INVENTORY))
{
goto end;
}
- record = chunk_empty;
- if (this->type.type == IETF_ATTR_SW_INVENTORY &&
- !reader->read_data32(reader, &record))
- {
- goto end;
- }
- data_model = pen_type_create(data_model_pen, data_model_type);
- sw_record = swima_record_create(record_id, sw_id, sw_locator);
- sw_record->set_data_model(sw_record, data_model);
- sw_record->set_source_id(sw_record, source_id);
- sw_record->set_record(sw_record, record);
this->inventory->add(this->inventory, sw_record);
this->offset += this->value.len - reader->remaining(reader);
this->value = reader->peek(reader);
diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c
index 3a7a16bc2..ec44d587f 100644
--- a/src/libimcv/imc/imc_agent.c
+++ b/src/libimcv/imc/imc_agent.c
@@ -74,6 +74,11 @@ struct private_imc_agent_t {
rwlock_t *connection_lock;
/**
+ * Is the transport protocol PT-TLS?
+ */
+ bool has_pt_tls;
+
+ /**
* Inform a TNCC about the set of message types the IMC is able to receive
*
* @param imc_id IMC ID assigned by TNCC
@@ -372,6 +377,8 @@ METHOD(imc_agent_t, create_state, TNC_Result,
DBG2(DBG_IMC, " over %s %s with maximum PA-TNC message size of %u bytes",
t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
+ this->has_pt_tls = streq(t_p, "IF-T for TLS");
+
free(tnccs_p);
free(tnccs_v);
free(t_p);
@@ -403,6 +410,7 @@ METHOD(imc_agent_t, change_state, TNC_Result,
imc_state_t **state_p)
{
imc_state_t *state;
+ TNC_ConnectionState old_state;
switch (new_state)
{
@@ -418,7 +426,7 @@ METHOD(imc_agent_t, change_state, TNC_Result,
this->id, this->name, connection_id);
return TNC_RESULT_FATAL;
}
- state->change_state(state, new_state);
+ old_state = state->change_state(state, new_state);
DBG2(DBG_IMC, "IMC %u \"%s\" changed state of Connection ID %u to '%N'",
this->id, this->name, connection_id,
TNC_Connection_State_names, new_state);
@@ -426,6 +434,13 @@ METHOD(imc_agent_t, change_state, TNC_Result,
{
*state_p = state;
}
+ if (new_state == TNC_CONNECTION_STATE_HANDSHAKE &&
+ old_state != TNC_CONNECTION_STATE_CREATE)
+ {
+ state->reset(state);
+ DBG2(DBG_IMC, "IMC %u \"%s\" reset state of Connection ID %u",
+ this->id, this->name, connection_id);
+ }
break;
case TNC_CONNECTION_STATE_CREATE:
DBG1(DBG_IMC, "state '%N' should be handled by create_state()",
@@ -531,6 +546,12 @@ METHOD(imc_agent_t, get_non_fatal_attr_types, linked_list_t*,
return this->non_fatal_attr_types;
}
+METHOD(imc_agent_t, has_pt_tls, bool,
+ private_imc_agent_t *this)
+{
+ return this->has_pt_tls;
+}
+
METHOD(imc_agent_t, destroy, void,
private_imc_agent_t *this)
{
@@ -575,6 +596,7 @@ imc_agent_t *imc_agent_create(const char *name,
.create_id_enumerator = _create_id_enumerator,
.add_non_fatal_attr_type = _add_non_fatal_attr_type,
.get_non_fatal_attr_types = _get_non_fatal_attr_types,
+ .has_pt_tls = _has_pt_tls,
.destroy = _destroy,
},
.name = name,
diff --git a/src/libimcv/imc/imc_agent.h b/src/libimcv/imc/imc_agent.h
index bac1b4832..27c749954 100644
--- a/src/libimcv/imc/imc_agent.h
+++ b/src/libimcv/imc/imc_agent.h
@@ -182,6 +182,13 @@ struct imc_agent_t {
linked_list_t* (*get_non_fatal_attr_types)(imc_agent_t *this);
/**
+ * Is the transport protocol PT-TLS?
+ *
+ * return TRUE if PT-TLS
+ */
+ bool (*has_pt_tls)(imc_agent_t *this);
+
+ /**
* Destroys an imc_agent_t object
*/
void (*destroy)(imc_agent_t *this);
diff --git a/src/libimcv/imc/imc_state.h b/src/libimcv/imc/imc_state.h
index d8aeab996..bd55f7356 100644
--- a/src/libimcv/imc/imc_state.h
+++ b/src/libimcv/imc/imc_state.h
@@ -92,8 +92,10 @@ struct imc_state_t {
* Change the connection state
*
* @param new_state new connection state
+ * @return old connection state
*/
- void (*change_state)(imc_state_t *this, TNC_ConnectionState new_state);
+ TNC_ConnectionState (*change_state)(imc_state_t *this,
+ TNC_ConnectionState new_state);
/**
* Set the Assessment/Evaluation Result
@@ -115,6 +117,11 @@ struct imc_state_t {
TNC_IMV_Evaluation_Result *result);
/**
+ * Resets the state for a new measurement cycle triggered by a SRETRY batch
+ */
+ void (*reset)(imc_state_t *this);
+
+ /**
* Destroys an imc_state_t object
*/
void (*destroy)(imc_state_t *this);
diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql
index 860573c31..5d5283620 100644
--- a/src/libimcv/imv/data.sql
+++ b/src/libimcv/imv/data.sql
@@ -556,6 +556,24 @@ INSERT INTO products ( /* 93 */
'Debian 8.10 x86_64'
);
+INSERT INTO products ( /* 94 */
+ name
+) VALUES (
+ 'Debian 8.11 i686'
+);
+
+INSERT INTO products ( /* 95 */
+ name
+) VALUES (
+ 'Debian 8.11 x86_64'
+);
+
+INSERT INTO products ( /* 96 */
+ name
+) VALUES (
+ 'Ubuntu 18.04 x86_64'
+);
+
/* Directories */
INSERT INTO directories ( /* 1 */
@@ -968,19 +986,19 @@ INSERT INTO groups ( /* 10 */
'Ref. Linux', 8
);
-INSERT INTO groups ( /* 11 */
+INSERT INTO groups ( /* 11 */
name
) VALUES (
'TPM BIOS'
);
-INSERT INTO groups ( /* 12 */
+INSERT INTO groups ( /* 12 */
name
) VALUES (
'TPM IMA'
);
-INSERT INTO groups ( /* 13 */
+INSERT INTO groups ( /* 13 */
name
) VALUES (
'TPM BIOS/IMA'
@@ -998,7 +1016,7 @@ INSERT INTO groups ( /* 15 */
'Debian armv7l', 2
);
-INSERT INTO groups ( /* 16 */
+INSERT INTO groups ( /* 16 */
name
) VALUES (
'TPM TBOOT'
@@ -1123,6 +1141,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 4, 94
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
5, 2
);
@@ -1237,6 +1261,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 5, 95
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
6, 9
);
@@ -1387,6 +1417,12 @@ INSERT INTO groups_product_defaults (
INSERT INTO groups_product_defaults (
group_id, product_id
) VALUES (
+ 7, 96
+);
+
+INSERT INTO groups_product_defaults (
+ group_id, product_id
+) VALUES (
3, 21
);
diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c
index bb0b3b75b..14623ad8d 100644
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@@ -492,6 +492,7 @@ METHOD(imv_agent_t, change_state, TNC_Result,
imv_state_t **state_p)
{
imv_state_t *state;
+ TNC_ConnectionState old_state;
switch (new_state)
{
@@ -506,7 +507,7 @@ METHOD(imv_agent_t, change_state, TNC_Result,
this->id, this->name, connection_id);
return TNC_RESULT_FATAL;
}
- state->change_state(state, new_state);
+ old_state = state->change_state(state, new_state);
DBG2(DBG_IMV, "IMV %u \"%s\" changed state of Connection ID %u to '%N'",
this->id, this->name, connection_id,
TNC_Connection_State_names, new_state);
@@ -514,6 +515,13 @@ METHOD(imv_agent_t, change_state, TNC_Result,
{
*state_p = state;
}
+ if (new_state == TNC_CONNECTION_STATE_HANDSHAKE &&
+ old_state != TNC_CONNECTION_STATE_CREATE)
+ {
+ state->reset(state);
+ DBG2(DBG_IMV, "IMV %u \"%s\" reset state of Connection ID %u",
+ this->id, this->name, connection_id);
+ }
break;
case TNC_CONNECTION_STATE_CREATE:
DBG1(DBG_IMV, "state '%N' should be handled by create_state()",
@@ -643,7 +651,7 @@ METHOD(enumerator_t, language_enumerator_enumerate, bool,
if (pos)
{
len = pos - this->lang_pos;
- this->lang_pos += len + 1,
+ this->lang_pos += len + 1;
this->lang_len -= len + 1;
}
else
diff --git a/src/libimcv/imv/imv_database.c b/src/libimcv/imv/imv_database.c
index b444abdbb..03f583204 100644
--- a/src/libimcv/imv/imv_database.c
+++ b/src/libimcv/imv/imv_database.c
@@ -143,7 +143,7 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session)
}
/* create a new session entry */
- created = session->get_creation_time(session);
+ created = time(NULL);
conn_id = session->get_connection_id(session);
this->db->execute(this->db, &session_id,
"INSERT INTO sessions (time, connection, product, device) "
@@ -161,6 +161,7 @@ static bool create_session(private_imv_database_t *this, imv_session_t *session)
return FALSE;
}
session->set_session_id(session, session_id, pid, did);
+ session->set_creation_time(session, created);
enumerator = session->create_ar_identities_enumerator(session);
while (enumerator->enumerate(enumerator, &tnc_id))
diff --git a/src/libimcv/imv/imv_session.c b/src/libimcv/imv/imv_session.c
index bc6b5a8d1..830dd48d4 100644
--- a/src/libimcv/imv/imv_session.c
+++ b/src/libimcv/imv/imv_session.c
@@ -121,6 +121,12 @@ METHOD(imv_session_t, get_connection_id, TNC_ConnectionID,
return this->conn_id;
}
+METHOD(imv_session_t, set_creation_time, void,
+ private_imv_session_t *this, time_t created)
+{
+ this->created = created;
+}
+
METHOD(imv_session_t, get_creation_time, time_t,
private_imv_session_t *this)
{
@@ -259,7 +265,7 @@ METHOD(imv_session_t, destroy, void,
/**
* See header
*/
-imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
+imv_session_t *imv_session_create(TNC_ConnectionID conn_id,
linked_list_t *ar_identities)
{
private_imv_session_t *this;
@@ -269,6 +275,7 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
.set_session_id = _set_session_id,
.get_session_id = _get_session_id,
.get_connection_id = _get_connection_id,
+ .set_creation_time = _set_creation_time,
.get_creation_time = _get_creation_time,
.create_ar_identities_enumerator = _create_ar_identities_enumerator,
.get_os_info = _get_os_info,
@@ -286,7 +293,6 @@ imv_session_t *imv_session_create(TNC_ConnectionID conn_id, time_t created,
.destroy = _destroy,
},
.conn_id = conn_id,
- .created = created,
.ar_identities = ar_identities,
.os_info = imv_os_info_create(),
.workitems = linked_list_create(),
diff --git a/src/libimcv/imv/imv_session.h b/src/libimcv/imv/imv_session.h
index 107716f30..a2f6fc2a8 100644
--- a/src/libimcv/imv/imv_session.h
+++ b/src/libimcv/imv/imv_session.h
@@ -63,6 +63,13 @@ struct imv_session_t {
TNC_ConnectionID (*get_connection_id)(imv_session_t *this);
/**
+ * Set session creation time
+ *
+ * @param created Session creation time
+ */
+ void (*set_creation_time)(imv_session_t *this, time_t created);
+
+ /**
* Get session creation time
*
* @return Session creation time
@@ -170,10 +177,9 @@ struct imv_session_t {
* Create an imv_session_t instance
*
* @param id Associated Connection ID
- * @param created Session creation time
* @param ar_identities List of Access Requestor identities
*/
-imv_session_t* imv_session_create(TNC_ConnectionID id, time_t created,
- linked_list_t *ar_identities);
+imv_session_t* imv_session_create(TNC_ConnectionID id,
+ linked_list_t *ar_identities);
#endif /** IMV_SESSION_H_ @}*/
diff --git a/src/libimcv/imv/imv_session_manager.c b/src/libimcv/imv/imv_session_manager.c
index c97602998..2e3cfa466 100644
--- a/src/libimcv/imv/imv_session_manager.c
+++ b/src/libimcv/imv/imv_session_manager.c
@@ -51,7 +51,6 @@ METHOD(imv_session_manager_t, add_session, imv_session_t*,
enumerator_t *enumerator;
tncif_identity_t *tnc_id;
imv_session_t *current, *session = NULL;
- time_t created;
this->mutex->lock(this->mutex);
@@ -105,8 +104,7 @@ METHOD(imv_session_manager_t, add_session, imv_session_t*,
enumerator->destroy(enumerator);
/* create a new session entry */
- created = time(NULL);
- session = imv_session_create(conn_id, created, ar_identities);
+ session = imv_session_create(conn_id, ar_identities);
this->sessions->insert_last(this->sessions, session);
this->mutex->unlock(this->mutex);
diff --git a/src/libimcv/imv/imv_state.h b/src/libimcv/imv/imv_state.h
index 30ed612b3..4571da2fa 100644
--- a/src/libimcv/imv/imv_state.h
+++ b/src/libimcv/imv/imv_state.h
@@ -119,8 +119,10 @@ struct imv_state_t {
* Change the connection state
*
* @param new_state new connection state
+ * @return old connection state
*/
- void (*change_state)(imv_state_t *this, TNC_ConnectionState new_state);
+ TNC_ConnectionState (*change_state)(imv_state_t *this,
+ TNC_ConnectionState new_state);
/**
* Get IMV action recommendation and evaluation result
@@ -182,6 +184,11 @@ struct imv_state_t {
char **uri);
/**
+ * Resets the state for a new measurement cycle triggered by a SRETRY batch
+ */
+ void (*reset)(imv_state_t *this);
+
+ /**
* Destroys an imv_state_t object
*/
void (*destroy)(imv_state_t *this);
diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in
index bc079ff12..4817d3fc5 100644
--- a/src/libimcv/plugins/imc_attestation/Makefile.in
+++ b/src/libimcv/plugins/imc_attestation/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation.c b/src/libimcv/plugins/imc_attestation/imc_attestation.c
index 0dd88b6a7..f592a5134 100644
--- a/src/libimcv/plugins/imc_attestation/imc_attestation.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation.c
@@ -115,19 +115,8 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
case TNC_CONNECTION_STATE_CREATE:
state = imc_attestation_state_create(connection_id);
return imc_attestation->create_state(imc_attestation, state);
- case TNC_CONNECTION_STATE_HANDSHAKE:
- if (imc_attestation->change_state(imc_attestation, connection_id,
- new_state, &state) != TNC_RESULT_SUCCESS)
- {
- return TNC_RESULT_FATAL;
- }
- state->set_result(state, imc_id,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- return TNC_RESULT_SUCCESS;
case TNC_CONNECTION_STATE_DELETE:
return imc_attestation->delete_state(imc_attestation, connection_id);
- case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
- case TNC_CONNECTION_STATE_ACCESS_NONE:
default:
return imc_attestation->change_state(imc_attestation, connection_id,
new_state, NULL);
diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
index b789a2104..f8e0b8d2c 100644
--- a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
+++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c
@@ -131,10 +131,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
private_imc_attestation_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imc_state_t, set_result, void,
@@ -155,6 +159,21 @@ METHOD(imc_state_t, get_result, bool,
return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
}
+METHOD(imc_state_t, reset, void,
+ private_imc_attestation_state_t *this)
+{
+ this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ this->components->destroy_offset(this->components,
+ offsetof(pts_component_t, destroy));
+ this->components = linked_list_create();
+ this->list->destroy_offset(this->list,
+ offsetof(pts_comp_evidence_t, destroy));
+ this->list = linked_list_create();
+ this->pts->destroy(this->pts);
+ this->pts = pts_create(TRUE);
+}
+
METHOD(imc_state_t, destroy, void,
private_imc_attestation_state_t *this)
{
@@ -238,6 +257,7 @@ imc_state_t *imc_attestation_state_create(TNC_ConnectionID connection_id)
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
+ .reset = _reset,
.destroy = _destroy,
},
.get_pts = _get_pts,
diff --git a/src/libimcv/plugins/imc_hcd/Makefile.in b/src/libimcv/plugins/imc_hcd/Makefile.in
index 1b71b26d0..e6074a35c 100644
--- a/src/libimcv/plugins/imc_hcd/Makefile.in
+++ b/src/libimcv/plugins/imc_hcd/Makefile.in
@@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -334,6 +333,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -354,8 +355,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -410,8 +409,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -440,8 +437,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imc_hcd/imc_hcd.c b/src/libimcv/plugins/imc_hcd/imc_hcd.c
index b631683ce..09ba8bc0b 100644
--- a/src/libimcv/plugins/imc_hcd/imc_hcd.c
+++ b/src/libimcv/plugins/imc_hcd/imc_hcd.c
@@ -141,15 +141,6 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
case TNC_CONNECTION_STATE_CREATE:
state = imc_hcd_state_create(connection_id);
return imc_hcd->create_state(imc_hcd, state);
- case TNC_CONNECTION_STATE_HANDSHAKE:
- if (imc_hcd->change_state(imc_hcd, connection_id, new_state,
- &state) != TNC_RESULT_SUCCESS)
- {
- return TNC_RESULT_FATAL;
- }
- state->set_result(state, imc_id,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- return TNC_RESULT_SUCCESS;
case TNC_CONNECTION_STATE_DELETE:
return imc_hcd->delete_state(imc_hcd, connection_id);
default:
@@ -348,7 +339,7 @@ static void add_certification_state(imc_msg_t *msg)
if (hex_string)
{
blob = chunk_from_hex(chunk_from_str(hex_string), NULL);
-
+
DBG2(DBG_IMC, " %N: %B", pwg_attr_names, PWG_HCD_CERTIFICATION_STATE,
&blob);
attr = generic_attr_chunk_create(blob,
@@ -373,7 +364,7 @@ static void add_configuration_state(imc_msg_t *msg)
if (hex_string)
{
blob = chunk_from_hex(chunk_from_str(hex_string), NULL);
-
+
DBG2(DBG_IMC, " %N: %B", pwg_attr_names, PWG_HCD_CONFIGURATION_STATE,
&blob);
attr = generic_attr_chunk_create(blob,
@@ -412,7 +403,7 @@ static void add_quadruple(imc_msg_t *msg, char *section, quadruple_t *quad)
"%s.plugins.imc-hcd.subtypes.%s.%s.%s.string_version",
"", lib->ns, section, quad->section, app);
hex_version = lib->settings->get_str(lib->settings,
- "%s.plugins.imc-hcd.subtypes.%s.%s.%s.version",
+ "%s.plugins.imc-hcd.subtypes.%s.%s.%s.version",
hex_version_default, lib->ns, section, quad->section, app);
/* convert hex string into binary chunk */
diff --git a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c
index 60ccdce81..b2207f28a 100644
--- a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c
+++ b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c
@@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
private_imc_hcd_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imc_state_t, set_result, void,
@@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool,
return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
}
+METHOD(imc_state_t, reset, void,
+ private_imc_hcd_state_t *this)
+{
+ this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
+
METHOD(imc_state_t, destroy, void,
private_imc_hcd_state_t *this)
{
@@ -161,6 +171,7 @@ imc_state_t *imc_hcd_state_create(TNC_ConnectionID connection_id)
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
+ .reset = _reset,
.destroy = _destroy,
},
},
diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in
index e62c04bea..4821d43f7 100644
--- a/src/libimcv/plugins/imc_os/Makefile.in
+++ b/src/libimcv/plugins/imc_os/Makefile.in
@@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -334,6 +333,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -354,8 +355,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -410,8 +409,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -440,8 +437,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c
index d7b508ab9..a10492e04 100644
--- a/src/libimcv/plugins/imc_os/imc_os.c
+++ b/src/libimcv/plugins/imc_os/imc_os.c
@@ -103,15 +103,6 @@ TNC_Result TNC_IMC_API TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
case TNC_CONNECTION_STATE_CREATE:
state = imc_os_state_create(connection_id);
return imc_os->create_state(imc_os, state);
- case TNC_CONNECTION_STATE_HANDSHAKE:
- if (imc_os->change_state(imc_os, connection_id, new_state,
- &state) != TNC_RESULT_SUCCESS)
- {
- return TNC_RESULT_FATAL;
- }
- state->set_result(state, imc_id,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- return TNC_RESULT_SUCCESS;
case TNC_CONNECTION_STATE_DELETE:
return imc_os->delete_state(imc_os, connection_id);
default:
diff --git a/src/libimcv/plugins/imc_os/imc_os_state.c b/src/libimcv/plugins/imc_os/imc_os_state.c
index a38696a81..d26454719 100644
--- a/src/libimcv/plugins/imc_os/imc_os_state.c
+++ b/src/libimcv/plugins/imc_os/imc_os_state.c
@@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
private_imc_os_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imc_state_t, set_result, void,
@@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool,
return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
}
+METHOD(imc_state_t, reset, void,
+ private_imc_os_state_t *this)
+{
+ this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
+
METHOD(imc_state_t, destroy, void,
private_imc_os_state_t *this)
{
@@ -161,6 +171,7 @@ imc_state_t *imc_os_state_create(TNC_ConnectionID connection_id)
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
+ .reset = _reset,
.destroy = _destroy,
},
},
diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in
index a054a475b..c55ac867c 100644
--- a/src/libimcv/plugins/imc_scanner/Makefile.in
+++ b/src/libimcv/plugins/imc_scanner/Makefile.in
@@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -335,6 +334,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -355,8 +356,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -411,8 +410,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -441,8 +438,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c
index 93ed4271b..c4fc254cf 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c
@@ -85,15 +85,6 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
case TNC_CONNECTION_STATE_CREATE:
state = imc_scanner_state_create(connection_id);
return imc_scanner->create_state(imc_scanner, state);
- case TNC_CONNECTION_STATE_HANDSHAKE:
- if (imc_scanner->change_state(imc_scanner, connection_id, new_state,
- &state) != TNC_RESULT_SUCCESS)
- {
- return TNC_RESULT_FATAL;
- }
- state->set_result(state, imc_id,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- return TNC_RESULT_SUCCESS;
case TNC_CONNECTION_STATE_DELETE:
return imc_scanner->delete_state(imc_scanner, connection_id);
default:
diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
index c1b7a50e4..2a2214841 100644
--- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
+++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c
@@ -110,10 +110,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
private_imc_scanner_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imc_state_t, set_result, void,
@@ -134,6 +138,12 @@ METHOD(imc_state_t, get_result, bool,
return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
}
+METHOD(imc_state_t, reset, void,
+ private_imc_scanner_state_t *this)
+{
+ this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
+
METHOD(imc_state_t, destroy, void,
private_imc_scanner_state_t *this)
{
@@ -161,6 +171,7 @@ imc_state_t *imc_scanner_state_create(TNC_ConnectionID connection_id)
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
+ .reset = _reset,
.destroy = _destroy,
},
},
diff --git a/src/libimcv/plugins/imc_swid/Makefile.am b/src/libimcv/plugins/imc_swid/Makefile.am
deleted file mode 100644
index 22f2e3762..000000000
--- a/src/libimcv/plugins/imc_swid/Makefile.am
+++ /dev/null
@@ -1,36 +0,0 @@
-regid = strongswan.org
-unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW)
-swid_tag = $(regid)__$(unique_sw_id).swidtag
-
-swiddir = $(pkgdatadir)/swidtag
-dist_swid_DATA = $(swid_tag)
-EXTRA_DIST = $(regid)__strongSwan.swidtag.in
-CLEANFILES = $(regid)__strongSwan*.swidtag
-
-$(swid_tag) : $(regid)__strongSwan.swidtag.in
- $(AM_V_GEN) \
- sed \
- -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \
- -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \
- -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \
- -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \
- $(srcdir)/$(regid)__strongSwan.swidtag.in > $@
-
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -DSWID_DIRECTORY=\"${prefix}/share\"
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-imcv_LTLIBRARIES = imc-swid.la
-
-imc_swid_la_LIBADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-
-imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c
-
-imc_swid_la_LDFLAGS = -module -avoid-version -no-undefined
diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in
deleted file mode 100644
index f58935f2e..000000000
--- a/src/libimcv/plugins/imc_swid/Makefile.in
+++ /dev/null
@@ -1,831 +0,0 @@
-# Makefile.in generated by automake 1.15 from Makefile.am.
-# @configure_input@
-
-# Copyright (C) 1994-2014 Free Software Foundation, Inc.
-
-# This Makefile.in is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
-
-@SET_MAKE@
-
-
-VPATH = @srcdir@
-am__is_gnu_make = { \
- if test -z '$(MAKELEVEL)'; then \
- false; \
- elif test -n '$(MAKE_HOST)'; then \
- true; \
- elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
- true; \
- else \
- false; \
- fi; \
-}
-am__make_running_with_option = \
- case $${target_option-} in \
- ?) ;; \
- *) echo "am__make_running_with_option: internal error: invalid" \
- "target option '$${target_option-}' specified" >&2; \
- exit 1;; \
- esac; \
- has_opt=no; \
- sane_makeflags=$$MAKEFLAGS; \
- if $(am__is_gnu_make); then \
- sane_makeflags=$$MFLAGS; \
- else \
- case $$MAKEFLAGS in \
- *\\[\ \ ]*) \
- bs=\\; \
- sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
- | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
- esac; \
- fi; \
- skip_next=no; \
- strip_trailopt () \
- { \
- flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
- }; \
- for flg in $$sane_makeflags; do \
- test $$skip_next = yes && { skip_next=no; continue; }; \
- case $$flg in \
- *=*|--*) continue;; \
- -*I) strip_trailopt 'I'; skip_next=yes;; \
- -*I?*) strip_trailopt 'I';; \
- -*O) strip_trailopt 'O'; skip_next=yes;; \
- -*O?*) strip_trailopt 'O';; \
- -*l) strip_trailopt 'l'; skip_next=yes;; \
- -*l?*) strip_trailopt 'l';; \
- -[dEDm]) skip_next=yes;; \
- -[JT]) skip_next=yes;; \
- esac; \
- case $$flg in \
- *$$target_option*) has_opt=yes; break;; \
- esac; \
- done; \
- test $$has_opt = yes
-am__make_dryrun = (target_option=n; $(am__make_running_with_option))
-am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
-pkgdatadir = $(datadir)/@PACKAGE@
-pkgincludedir = $(includedir)/@PACKAGE@
-pkglibdir = $(libdir)/@PACKAGE@
-pkglibexecdir = $(libexecdir)/@PACKAGE@
-am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-install_sh_DATA = $(install_sh) -c -m 644
-install_sh_PROGRAM = $(install_sh) -c
-install_sh_SCRIPT = $(install_sh) -c
-INSTALL_HEADER = $(INSTALL_DATA)
-transform = $(program_transform_name)
-NORMAL_INSTALL = :
-PRE_INSTALL = :
-POST_INSTALL = :
-NORMAL_UNINSTALL = :
-PRE_UNINSTALL = :
-POST_UNINSTALL = :
-build_triplet = @build@
-host_triplet = @host@
-subdir = src/libimcv/plugins/imc_swid
-ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
- $(top_srcdir)/m4/config/ltoptions.m4 \
- $(top_srcdir)/m4/config/ltsugar.m4 \
- $(top_srcdir)/m4/config/ltversion.m4 \
- $(top_srcdir)/m4/config/lt~obsolete.m4 \
- $(top_srcdir)/m4/macros/split-package-version.m4 \
- $(top_srcdir)/m4/macros/with.m4 \
- $(top_srcdir)/m4/macros/enable-disable.m4 \
- $(top_srcdir)/m4/macros/add-plugin.m4 \
- $(top_srcdir)/configure.ac
-am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
- $(ACLOCAL_M4)
-DIST_COMMON = $(srcdir)/Makefile.am $(dist_swid_DATA) \
- $(am__DIST_COMMON)
-mkinstalldirs = $(install_sh) -d
-CONFIG_HEADER = $(top_builddir)/config.h
-CONFIG_CLEAN_FILES =
-CONFIG_CLEAN_VPATH_FILES =
-am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
-am__vpath_adj = case $$p in \
- $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
- *) f=$$p;; \
- esac;
-am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
-am__install_max = 40
-am__nobase_strip_setup = \
- srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
-am__nobase_strip = \
- for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
-am__nobase_list = $(am__nobase_strip_setup); \
- for p in $$list; do echo "$$p $$p"; done | \
- sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
- $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
- if (++n[$$2] == $(am__install_max)) \
- { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
- END { for (dir in files) print dir, files[dir] }'
-am__base_list = \
- sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
- sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
-am__uninstall_files_from_dir = { \
- test -z "$$files" \
- || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
- || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
- $(am__cd) "$$dir" && rm -f $$files; }; \
- }
-am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)"
-LTLIBRARIES = $(imcv_LTLIBRARIES)
-imc_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-am_imc_swid_la_OBJECTS = imc_swid.lo imc_swid_state.lo
-imc_swid_la_OBJECTS = $(am_imc_swid_la_OBJECTS)
-AM_V_lt = $(am__v_lt_@AM_V@)
-am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
-am__v_lt_0 = --silent
-am__v_lt_1 =
-imc_swid_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(imc_swid_la_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_P = $(am__v_P_@AM_V@)
-am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
-am__v_P_0 = false
-am__v_P_1 = :
-AM_V_GEN = $(am__v_GEN_@AM_V@)
-am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
-am__v_GEN_0 = @echo " GEN " $@;
-am__v_GEN_1 =
-AM_V_at = $(am__v_at_@AM_V@)
-am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
-am__v_at_0 = @
-am__v_at_1 =
-DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
-depcomp = $(SHELL) $(top_srcdir)/depcomp
-am__depfiles_maybe = depfiles
-am__mv = mv -f
-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
- $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
-AM_V_CC = $(am__v_CC_@AM_V@)
-am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
-am__v_CC_0 = @echo " CC " $@;
-am__v_CC_1 =
-CCLD = $(CC)
-LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-AM_V_CCLD = $(am__v_CCLD_@AM_V@)
-am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
-am__v_CCLD_0 = @echo " CCLD " $@;
-am__v_CCLD_1 =
-SOURCES = $(imc_swid_la_SOURCES)
-DIST_SOURCES = $(imc_swid_la_SOURCES)
-am__can_run_installinfo = \
- case $$AM_UPDATE_INFO_DIR in \
- n|no|NO) false;; \
- *) (install-info --version) >/dev/null 2>&1;; \
- esac
-DATA = $(dist_swid_DATA)
-am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
-# Read a list of newline-separated strings from the standard input,
-# and print each of them once, without duplicates. Input order is
-# *not* preserved.
-am__uniquify_input = $(AWK) '\
- BEGIN { nonempty = 0; } \
- { items[$$0] = 1; nonempty = 1; } \
- END { if (nonempty) { for (i in items) print i; }; } \
-'
-# Make sure the list of sources is unique. This is necessary because,
-# e.g., the same source file might be shared among _SOURCES variables
-# for different programs/libraries.
-am__define_uniq_tagged_files = \
- list='$(am__tagged_files)'; \
- unique=`for i in $$list; do \
- if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
- done | $(am__uniquify_input)`
-ETAGS = etags
-CTAGS = ctags
-am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
-DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
-ACLOCAL = @ACLOCAL@
-ALLOCA = @ALLOCA@
-AMTAR = @AMTAR@
-AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
-AR = @AR@
-ATOMICLIB = @ATOMICLIB@
-AUTOCONF = @AUTOCONF@
-AUTOHEADER = @AUTOHEADER@
-AUTOMAKE = @AUTOMAKE@
-AWK = @AWK@
-BFDLIB = @BFDLIB@
-BTLIB = @BTLIB@
-CC = @CC@
-CCDEPMODE = @CCDEPMODE@
-CFLAGS = @CFLAGS@
-COVERAGE_CFLAGS = @COVERAGE_CFLAGS@
-COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@
-CPP = @CPP@
-CPPFLAGS = @CPPFLAGS@
-CYGPATH_W = @CYGPATH_W@
-DEFS = @DEFS@
-DEPDIR = @DEPDIR@
-DLLIB = @DLLIB@
-DLLTOOL = @DLLTOOL@
-DSYMUTIL = @DSYMUTIL@
-DUMPBIN = @DUMPBIN@
-EASY_INSTALL = @EASY_INSTALL@
-ECHO_C = @ECHO_C@
-ECHO_N = @ECHO_N@
-ECHO_T = @ECHO_T@
-EGREP = @EGREP@
-EXEEXT = @EXEEXT@
-FGREP = @FGREP@
-FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
-GEM = @GEM@
-GENHTML = @GENHTML@
-GPERF = @GPERF@
-GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
-GPRBUILD = @GPRBUILD@
-GREP = @GREP@
-INSTALL = @INSTALL@
-INSTALL_DATA = @INSTALL_DATA@
-INSTALL_PROGRAM = @INSTALL_PROGRAM@
-INSTALL_SCRIPT = @INSTALL_SCRIPT@
-INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
-LCOV = @LCOV@
-LD = @LD@
-LDFLAGS = @LDFLAGS@
-LEX = @LEX@
-LEXLIB = @LEXLIB@
-LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
-LIBOBJS = @LIBOBJS@
-LIBS = @LIBS@
-LIBTOOL = @LIBTOOL@
-LIPO = @LIPO@
-LN_S = @LN_S@
-LTLIBOBJS = @LTLIBOBJS@
-LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
-MAKEINFO = @MAKEINFO@
-MANIFEST_TOOL = @MANIFEST_TOOL@
-MKDIR_P = @MKDIR_P@
-MYSQLCFLAG = @MYSQLCFLAG@
-MYSQLCONFIG = @MYSQLCONFIG@
-MYSQLLIB = @MYSQLLIB@
-NM = @NM@
-NMEDIT = @NMEDIT@
-OBJDUMP = @OBJDUMP@
-OBJEXT = @OBJEXT@
-OPENSSL_LIB = @OPENSSL_LIB@
-OTOOL = @OTOOL@
-OTOOL64 = @OTOOL64@
-PACKAGE = @PACKAGE@
-PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
-PACKAGE_NAME = @PACKAGE_NAME@
-PACKAGE_STRING = @PACKAGE_STRING@
-PACKAGE_TARNAME = @PACKAGE_TARNAME@
-PACKAGE_URL = @PACKAGE_URL@
-PACKAGE_VERSION = @PACKAGE_VERSION@
-PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@
-PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@
-PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@
-PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@
-PATH_SEPARATOR = @PATH_SEPARATOR@
-PERL = @PERL@
-PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
-PLUGIN_CFLAGS = @PLUGIN_CFLAGS@
-PTHREADLIB = @PTHREADLIB@
-PYTHON = @PYTHON@
-PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@
-PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
-PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@
-PYTHON_PLATFORM = @PYTHON_PLATFORM@
-PYTHON_PREFIX = @PYTHON_PREFIX@
-PYTHON_VERSION = @PYTHON_VERSION@
-PY_TEST = @PY_TEST@
-RANLIB = @RANLIB@
-RTLIB = @RTLIB@
-RUBY = @RUBY@
-RUBYGEMDIR = @RUBYGEMDIR@
-SED = @SED@
-SET_MAKE = @SET_MAKE@
-SHELL = @SHELL@
-SOCKLIB = @SOCKLIB@
-STRIP = @STRIP@
-UNWINDLIB = @UNWINDLIB@
-VERSION = @VERSION@
-YACC = @YACC@
-YFLAGS = @YFLAGS@
-abs_builddir = @abs_builddir@
-abs_srcdir = @abs_srcdir@
-abs_top_builddir = @abs_top_builddir@
-abs_top_srcdir = @abs_top_srcdir@
-ac_ct_AR = @ac_ct_AR@
-ac_ct_CC = @ac_ct_CC@
-ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
-aikgen_plugins = @aikgen_plugins@
-am__include = @am__include@
-am__leading_dot = @am__leading_dot@
-am__quote = @am__quote@
-am__tar = @am__tar@
-am__untar = @am__untar@
-attest_plugins = @attest_plugins@
-bindir = @bindir@
-build = @build@
-build_alias = @build_alias@
-build_cpu = @build_cpu@
-build_os = @build_os@
-build_vendor = @build_vendor@
-builddir = @builddir@
-c_plugins = @c_plugins@
-charon_natt_port = @charon_natt_port@
-charon_plugins = @charon_plugins@
-charon_udp_port = @charon_udp_port@
-clearsilver_LIBS = @clearsilver_LIBS@
-cmd_plugins = @cmd_plugins@
-datadir = @datadir@
-datarootdir = @datarootdir@
-dev_headers = @dev_headers@
-docdir = @docdir@
-dvidir = @dvidir@
-exec_prefix = @exec_prefix@
-fips_mode = @fips_mode@
-fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
-host = @host@
-host_alias = @host_alias@
-host_cpu = @host_cpu@
-host_os = @host_os@
-host_vendor = @host_vendor@
-htmldir = @htmldir@
-imcvdir = @imcvdir@
-includedir = @includedir@
-infodir = @infodir@
-install_sh = @install_sh@
-ipsec_script = @ipsec_script@
-ipsec_script_upper = @ipsec_script_upper@
-ipsecdir = @ipsecdir@
-ipsecgroup = @ipsecgroup@
-ipseclibdir = @ipseclibdir@
-ipsecuser = @ipsecuser@
-json_CFLAGS = @json_CFLAGS@
-json_LIBS = @json_LIBS@
-libdir = @libdir@
-libexecdir = @libexecdir@
-libfuzzer = @libfuzzer@
-libiptc_CFLAGS = @libiptc_CFLAGS@
-libiptc_LIBS = @libiptc_LIBS@
-linux_headers = @linux_headers@
-localedir = @localedir@
-localstatedir = @localstatedir@
-manager_plugins = @manager_plugins@
-mandir = @mandir@
-medsrv_plugins = @medsrv_plugins@
-mkdir_p = @mkdir_p@
-nm_CFLAGS = @nm_CFLAGS@
-nm_LIBS = @nm_LIBS@
-nm_ca_dir = @nm_ca_dir@
-nm_plugins = @nm_plugins@
-oldincludedir = @oldincludedir@
-p_plugins = @p_plugins@
-pcsclite_CFLAGS = @pcsclite_CFLAGS@
-pcsclite_LIBS = @pcsclite_LIBS@
-pdfdir = @pdfdir@
-piddir = @piddir@
-pkgpyexecdir = @pkgpyexecdir@
-pkgpythondir = @pkgpythondir@
-pki_plugins = @pki_plugins@
-plugindir = @plugindir@
-pool_plugins = @pool_plugins@
-prefix = @prefix@
-program_transform_name = @program_transform_name@
-psdir = @psdir@
-pyexecdir = @pyexecdir@
-pythondir = @pythondir@
-random_device = @random_device@
-resolv_conf = @resolv_conf@
-routing_table = @routing_table@
-routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
-runstatedir = @runstatedir@
-s_plugins = @s_plugins@
-sbindir = @sbindir@
-scepclient_plugins = @scepclient_plugins@
-scripts_plugins = @scripts_plugins@
-sharedstatedir = @sharedstatedir@
-soup_CFLAGS = @soup_CFLAGS@
-soup_LIBS = @soup_LIBS@
-srcdir = @srcdir@
-starter_plugins = @starter_plugins@
-strongswan_conf = @strongswan_conf@
-strongswan_options = @strongswan_options@
-swanctldir = @swanctldir@
-sysconfdir = @sysconfdir@
-systemd_CFLAGS = @systemd_CFLAGS@
-systemd_LIBS = @systemd_LIBS@
-systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@
-systemd_daemon_LIBS = @systemd_daemon_LIBS@
-systemd_journal_CFLAGS = @systemd_journal_CFLAGS@
-systemd_journal_LIBS = @systemd_journal_LIBS@
-systemdsystemunitdir = @systemdsystemunitdir@
-t_plugins = @t_plugins@
-target_alias = @target_alias@
-top_build_prefix = @top_build_prefix@
-top_builddir = @top_builddir@
-top_srcdir = @top_srcdir@
-tss2_CFLAGS = @tss2_CFLAGS@
-tss2_LIBS = @tss2_LIBS@
-tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
-tss2_socket_LIBS = @tss2_socket_LIBS@
-tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
-tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
-urandom_device = @urandom_device@
-xml_CFLAGS = @xml_CFLAGS@
-xml_LIBS = @xml_LIBS@
-regid = strongswan.org
-unique_sw_id = strongSwan-$(PACKAGE_VERSION_MAJOR)-$(PACKAGE_VERSION_MINOR)-$(PACKAGE_VERSION_BUILD)$(PACKAGE_VERSION_REVIEW)
-swid_tag = $(regid)__$(unique_sw_id).swidtag
-swiddir = $(pkgdatadir)/swidtag
-dist_swid_DATA = $(swid_tag)
-EXTRA_DIST = $(regid)__strongSwan.swidtag.in
-CLEANFILES = $(regid)__strongSwan*.swidtag
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv \
- -DSWID_DIRECTORY=\"${prefix}/share\"
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS)
-
-imcv_LTLIBRARIES = imc-swid.la
-imc_swid_la_LIBADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la
-
-imc_swid_la_SOURCES = imc_swid.c imc_swid_state.h imc_swid_state.c
-imc_swid_la_LDFLAGS = -module -avoid-version -no-undefined
-all: all-am
-
-.SUFFIXES:
-.SUFFIXES: .c .lo .o .obj
-$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
- @for dep in $?; do \
- case '$(am__configure_deps)' in \
- *$$dep*) \
- ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
- && { if test -f $@; then exit 0; else break; fi; }; \
- exit 1;; \
- esac; \
- done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile'; \
- $(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile
-Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
- @case '$?' in \
- *config.status*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
- *) \
- echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
- cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
- esac;
-
-$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-
-$(top_srcdir)/configure: $(am__configure_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(ACLOCAL_M4): $(am__aclocal_m4_deps)
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
-$(am__aclocal_m4_deps):
-
-install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES)
- @$(NORMAL_INSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
- list2=; for p in $$list; do \
- if test -f $$p; then \
- list2="$$list2 $$p"; \
- else :; fi; \
- done; \
- test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \
- }
-
-uninstall-imcvLTLIBRARIES:
- @$(NORMAL_UNINSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
- for p in $$list; do \
- $(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \
- done
-
-clean-imcvLTLIBRARIES:
- -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES)
- @list='$(imcv_LTLIBRARIES)'; \
- locs=`for p in $$list; do echo $$p; done | \
- sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
- sort -u`; \
- test -z "$$locs" || { \
- echo rm -f $${locs}; \
- rm -f $${locs}; \
- }
-
-imc-swid.la: $(imc_swid_la_OBJECTS) $(imc_swid_la_DEPENDENCIES) $(EXTRA_imc_swid_la_DEPENDENCIES)
- $(AM_V_CCLD)$(imc_swid_la_LINK) -rpath $(imcvdir) $(imc_swid_la_OBJECTS) $(imc_swid_la_LIBADD) $(LIBS)
-
-mostlyclean-compile:
- -rm -f *.$(OBJEXT)
-
-distclean-compile:
- -rm -f *.tab.c
-
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_swid.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imc_swid_state.Plo@am__quote@
-
-.c.o:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
-
-.c.obj:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
-@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
-
-.c.lo:
-@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
-@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
-@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
-
-mostlyclean-libtool:
- -rm -f *.lo
-
-clean-libtool:
- -rm -rf .libs _libs
-install-dist_swidDATA: $(dist_swid_DATA)
- @$(NORMAL_INSTALL)
- @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \
- if test -n "$$list"; then \
- echo " $(MKDIR_P) '$(DESTDIR)$(swiddir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(swiddir)" || exit 1; \
- fi; \
- for p in $$list; do \
- if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
- echo "$$d$$p"; \
- done | $(am__base_list) | \
- while read files; do \
- echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(swiddir)'"; \
- $(INSTALL_DATA) $$files "$(DESTDIR)$(swiddir)" || exit $$?; \
- done
-
-uninstall-dist_swidDATA:
- @$(NORMAL_UNINSTALL)
- @list='$(dist_swid_DATA)'; test -n "$(swiddir)" || list=; \
- files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
- dir='$(DESTDIR)$(swiddir)'; $(am__uninstall_files_from_dir)
-
-ID: $(am__tagged_files)
- $(am__define_uniq_tagged_files); mkid -fID $$unique
-tags: tags-am
-TAGS: tags
-
-tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- set x; \
- here=`pwd`; \
- $(am__define_uniq_tagged_files); \
- shift; \
- if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
- test -n "$$unique" || unique=$$empty_fix; \
- if test $$# -gt 0; then \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- "$$@" $$unique; \
- else \
- $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
- $$unique; \
- fi; \
- fi
-ctags: ctags-am
-
-CTAGS: ctags
-ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
- $(am__define_uniq_tagged_files); \
- test -z "$(CTAGS_ARGS)$$unique" \
- || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
- $$unique
-
-GTAGS:
- here=`$(am__cd) $(top_builddir) && pwd` \
- && $(am__cd) $(top_srcdir) \
- && gtags -i $(GTAGS_ARGS) "$$here"
-cscopelist: cscopelist-am
-
-cscopelist-am: $(am__tagged_files)
- list='$(am__tagged_files)'; \
- case "$(srcdir)" in \
- [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
- *) sdir=$(subdir)/$(srcdir) ;; \
- esac; \
- for i in $$list; do \
- if test -f "$$i"; then \
- echo "$(subdir)/$$i"; \
- else \
- echo "$$sdir/$$i"; \
- fi; \
- done >> $(top_builddir)/cscope.files
-
-distclean-tags:
- -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
-
-distdir: $(DISTFILES)
- @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
- list='$(DISTFILES)'; \
- dist_files=`for file in $$list; do echo $$file; done | \
- sed -e "s|^$$srcdirstrip/||;t" \
- -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
- case $$dist_files in \
- */*) $(MKDIR_P) `echo "$$dist_files" | \
- sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
- sort -u` ;; \
- esac; \
- for file in $$dist_files; do \
- if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- if test -d $$d/$$file; then \
- dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test -d "$(distdir)/$$file"; then \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
- cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
- find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
- fi; \
- cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
- else \
- test -f "$(distdir)/$$file" \
- || cp -p $$d/$$file "$(distdir)/$$file" \
- || exit 1; \
- fi; \
- done
-check-am: all-am
-check: check-am
-all-am: Makefile $(LTLIBRARIES) $(DATA)
-installdirs:
- for dir in "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(swiddir)"; do \
- test -z "$$dir" || $(MKDIR_P) "$$dir"; \
- done
-install: install-am
-install-exec: install-exec-am
-install-data: install-data-am
-uninstall: uninstall-am
-
-install-am: all-am
- @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
-
-installcheck: installcheck-am
-install-strip:
- if test -z '$(STRIP)'; then \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- install; \
- else \
- $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
- install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
- "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
- fi
-mostlyclean-generic:
-
-clean-generic:
- -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
-
-distclean-generic:
- -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
- -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-
-maintainer-clean-generic:
- @echo "This command is intended for maintainers to use"
- @echo "it deletes files that may require special tools to rebuild."
-clean: clean-am
-
-clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \
- mostlyclean-am
-
-distclean: distclean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-distclean-am: clean-am distclean-compile distclean-generic \
- distclean-tags
-
-dvi: dvi-am
-
-dvi-am:
-
-html: html-am
-
-html-am:
-
-info: info-am
-
-info-am:
-
-install-data-am: install-dist_swidDATA install-imcvLTLIBRARIES
-
-install-dvi: install-dvi-am
-
-install-dvi-am:
-
-install-exec-am:
-
-install-html: install-html-am
-
-install-html-am:
-
-install-info: install-info-am
-
-install-info-am:
-
-install-man:
-
-install-pdf: install-pdf-am
-
-install-pdf-am:
-
-install-ps: install-ps-am
-
-install-ps-am:
-
-installcheck-am:
-
-maintainer-clean: maintainer-clean-am
- -rm -rf ./$(DEPDIR)
- -rm -f Makefile
-maintainer-clean-am: distclean-am maintainer-clean-generic
-
-mostlyclean: mostlyclean-am
-
-mostlyclean-am: mostlyclean-compile mostlyclean-generic \
- mostlyclean-libtool
-
-pdf: pdf-am
-
-pdf-am:
-
-ps: ps-am
-
-ps-am:
-
-uninstall-am: uninstall-dist_swidDATA uninstall-imcvLTLIBRARIES
-
-.MAKE: install-am install-strip
-
-.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \
- ctags-am distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dist_swidDATA install-dvi \
- install-dvi-am install-exec install-exec-am install-html \
- install-html-am install-imcvLTLIBRARIES install-info \
- install-info-am install-man install-pdf install-pdf-am \
- install-ps install-ps-am install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
- maintainer-clean-generic mostlyclean mostlyclean-compile \
- mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags tags-am uninstall uninstall-am uninstall-dist_swidDATA \
- uninstall-imcvLTLIBRARIES
-
-.PRECIOUS: Makefile
-
-
-$(swid_tag) : $(regid)__strongSwan.swidtag.in
- $(AM_V_GEN) \
- sed \
- -e "s:@VERSION_MAJOR@:$(PACKAGE_VERSION_MAJOR):" \
- -e "s:@VERSION_MINOR@:$(PACKAGE_VERSION_MINOR):" \
- -e "s:@VERSION_BUILD@:$(PACKAGE_VERSION_BUILD):" \
- -e "s:@VERSION_REVIEW@:$(PACKAGE_VERSION_REVIEW):" \
- $(srcdir)/$(regid)__strongSwan.swidtag.in > $@
-
-# Tell versions [3.59,3.63) of GNU make to not export all variables.
-# Otherwise a system limit (for SysV at least) may be exceeded.
-.NOEXPORT:
diff --git a/src/libimcv/plugins/imc_swid/imc_swid.c b/src/libimcv/plugins/imc_swid/imc_swid.c
deleted file mode 100644
index 1468a59cc..000000000
--- a/src/libimcv/plugins/imc_swid/imc_swid.c
+++ /dev/null
@@ -1,417 +0,0 @@
-/*
- * Copyright (C) 2013-2017 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imc_swid_state.h"
-
-#include <imc/imc_agent.h>
-#include <imc/imc_msg.h>
-#include "tcg/seg/tcg_seg_attr_max_size.h"
-#include "tcg/seg/tcg_seg_attr_seg_env.h"
-#include "tcg/swid/tcg_swid_attr_req.h"
-#include "tcg/swid/tcg_swid_attr_tag_inv.h"
-#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
-#include "swid/swid_inventory.h"
-#include "swid/swid_error.h"
-
-#include <tncif_pa_subtypes.h>
-
-#include <pen/pen.h>
-#include <utils/debug.h>
-
-/* IMC definitions */
-
-static const char imc_name[] = "SWID";
-
-static pen_type_t msg_types[] = {
- { PEN_TCG, PA_SUBTYPE_TCG_SWID }
-};
-
-static imc_agent_t *imc_swid;
-
-/**
- * see section 3.8.1 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
- TNC_Version min_version,
- TNC_Version max_version,
- TNC_Version *actual_version)
-{
- if (imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
- return TNC_RESULT_ALREADY_INITIALIZED;
- }
- imc_swid = imc_agent_create(imc_name, msg_types, countof(msg_types),
- imc_id, actual_version);
- if (!imc_swid)
- {
- return TNC_RESULT_FATAL;
- }
- if (min_version > TNC_IFIMC_VERSION_1 || max_version < TNC_IFIMC_VERSION_1)
- {
- DBG1(DBG_IMC, "no common IF-IMC version");
- return TNC_RESULT_NO_COMMON_VERSION;
- }
- return TNC_RESULT_SUCCESS;
-}
-
-/**
- * see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id,
- TNC_ConnectionState new_state)
-{
- imc_state_t *state;
-
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- switch (new_state)
- {
- case TNC_CONNECTION_STATE_CREATE:
- state = imc_swid_state_create(connection_id);
- return imc_swid->create_state(imc_swid, state);
- case TNC_CONNECTION_STATE_HANDSHAKE:
- if (imc_swid->change_state(imc_swid, connection_id, new_state,
- &state) != TNC_RESULT_SUCCESS)
- {
- return TNC_RESULT_FATAL;
- }
- state->set_result(state, imc_id,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- return TNC_RESULT_SUCCESS;
- case TNC_CONNECTION_STATE_DELETE:
- return imc_swid->delete_state(imc_swid, connection_id);
- default:
- return imc_swid->change_state(imc_swid, connection_id,
- new_state, NULL);
- }
-}
-
-/**
- * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id)
-{
- imc_state_t *state;
- imc_msg_t *out_msg;
- pa_tnc_attr_t *attr;
- seg_contract_t *contract;
- seg_contract_manager_t *contracts;
- size_t max_attr_size = SWID_MAX_ATTR_SIZE;
- size_t max_seg_size;
- char buf[BUF_LEN];
- TNC_Result result = TNC_RESULT_SUCCESS;
-
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- if (!imc_swid->get_state(imc_swid, connection_id, &state))
- {
- return TNC_RESULT_FATAL;
- }
-
- /* Determine maximum PA-TNC attribute segment size */
- max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE
- - PA_TNC_ATTR_HEADER_SIZE
- - TCG_SEG_ATTR_SEG_ENV_HEADER;
-
- /* Announce support of PA-TNC segmentation to IMV */
- contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size,
- TRUE, imc_id, TRUE);
- contract->get_info_string(contract, buf, BUF_LEN, TRUE);
- DBG2(DBG_IMC, "%s", buf);
- contracts = state->get_contracts(state);
- contracts->add_contract(contracts, contract);
- attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
-
- /* send PA-TNC message with the excl flag not set */
- out_msg = imc_msg_create(imc_swid, state, connection_id, imc_id,
- TNC_IMVID_ANY, msg_types[0]);
- out_msg->add_attribute(out_msg, attr);
- result = out_msg->send(out_msg, FALSE);
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-/**
- * Add one or multiple SWID Inventory attributes to the send queue
- */
-static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
- uint32_t request_id, bool full_tags,
- swid_inventory_t *targets)
-{
- pa_tnc_attr_t *attr, *attr_error;
- imc_swid_state_t *swid_state;
- swid_inventory_t *swid_inventory;
- char *swid_directory;
- uint32_t eid_epoch;
- bool swid_pretty, swid_full;
- enumerator_t *enumerator;
-
- swid_directory = lib->settings->get_str(lib->settings,
- "%s.plugins.imc-swid.swid_directory",
- SWID_DIRECTORY, lib->ns);
- swid_pretty = lib->settings->get_bool(lib->settings,
- "%s.plugins.imc-swid.swid_pretty",
- FALSE, lib->ns);
- swid_full = lib->settings->get_bool(lib->settings,
- "%s.plugins.imc-swid.swid_full",
- FALSE, lib->ns);
-
- swid_inventory = swid_inventory_create(full_tags);
- if (!swid_inventory->collect(swid_inventory, swid_directory, targets,
- swid_pretty, swid_full))
- {
- swid_inventory->destroy(swid_inventory);
- attr_error = swid_error_create(TCG_SWID_ERROR, request_id,
- 0, "error in SWID tag collection");
- msg->add_attribute(msg, attr_error);
- return FALSE;
- }
- DBG1(DBG_IMC, "collected %d SWID tag%s%s",
- swid_inventory->get_count(swid_inventory), full_tags ? "" : " ID",
- swid_inventory->get_count(swid_inventory) == 1 ? "" : "s");
-
- swid_state = (imc_swid_state_t*)state;
- eid_epoch = swid_state->get_eid_epoch(swid_state);
-
- if (full_tags)
- {
- tcg_swid_attr_tag_inv_t *swid_attr;
- swid_tag_t *tag;
-
- /* Send a TCG SWID Tag Inventory attribute */
- attr = tcg_swid_attr_tag_inv_create(request_id, eid_epoch, 1);
- swid_attr = (tcg_swid_attr_tag_inv_t*)attr;
-
- enumerator = swid_inventory->create_enumerator(swid_inventory);
- while (enumerator->enumerate(enumerator, &tag))
- {
- swid_attr->add(swid_attr, tag->get_ref(tag));
- }
- enumerator->destroy(enumerator);
- }
- else
- {
- tcg_swid_attr_tag_id_inv_t *swid_id_attr;
- swid_tag_id_t *tag_id;
-
- /* Send a TCG SWID Tag ID Inventory attribute */
- attr = tcg_swid_attr_tag_id_inv_create(request_id, eid_epoch, 1);
- swid_id_attr = (tcg_swid_attr_tag_id_inv_t*)attr;
-
- enumerator = swid_inventory->create_enumerator(swid_inventory);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- swid_id_attr->add(swid_id_attr, tag_id->get_ref(tag_id));
- }
- enumerator->destroy(enumerator);
- }
-
- msg->add_attribute(msg, attr);
- swid_inventory->destroy(swid_inventory);
-
- return TRUE;
-}
-
-static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
-{
- imc_msg_t *out_msg;
- pa_tnc_attr_t *attr;
- enumerator_t *enumerator;
- pen_type_t type;
- TNC_Result result;
- bool fatal_error = FALSE;
-
- /* generate an outgoing PA-TNC message - we might need it */
- out_msg = imc_msg_create_as_reply(in_msg);
-
- /* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, out_msg, &fatal_error);
- if (result != TNC_RESULT_SUCCESS)
- {
- out_msg->destroy(out_msg);
- return result;
- }
-
- /* analyze PA-TNC attributes */
- enumerator = in_msg->create_attribute_enumerator(in_msg);
- while (enumerator->enumerate(enumerator, &attr))
- {
- tcg_swid_attr_req_t *attr_req;
- uint8_t flags;
- uint32_t request_id;
- bool full_tags;
- swid_inventory_t *targets;
-
- type = attr->get_type(attr);
-
- if (type.vendor_id != PEN_TCG || type.type != TCG_SWID_REQUEST)
- {
- continue;
- }
-
- attr_req = (tcg_swid_attr_req_t*)attr;
- flags = attr_req->get_flags(attr_req);
- request_id = attr_req->get_request_id(attr_req);
- targets = attr_req->get_targets(attr_req);
-
- if (flags & (TCG_SWID_ATTR_REQ_FLAG_S | TCG_SWID_ATTR_REQ_FLAG_C))
- {
- attr = swid_error_create(TCG_SWID_SUBSCRIPTION_DENIED, request_id,
- 0, "no subscription available yet");
- out_msg->add_attribute(out_msg, attr);
- break;
- }
- full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0;
-
- if (!add_swid_inventory(state, out_msg, request_id, full_tags, targets))
- {
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- if (fatal_error)
- {
- result = TNC_RESULT_FATAL;
- }
- else
- {
- /* send PA-TNC message with the EXCL flag set */
- result = out_msg->send(out_msg, TRUE);
- }
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-/**
- * see section 3.8.4 of TCG TNC IF-IMC Specification 1.3
-
- */
-TNC_Result TNC_IMC_ReceiveMessage(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id,
- TNC_BufferReference msg,
- TNC_UInt32 msg_len,
- TNC_MessageType msg_type)
-{
- imc_state_t *state;
- imc_msg_t *in_msg;
- TNC_Result result;
-
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- if (!imc_swid->get_state(imc_swid, connection_id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imc_msg_create_from_data(imc_swid, state, connection_id, msg_type,
- chunk_create(msg, msg_len));
- result = receive_message(state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-}
-
-/**
- * see section 3.8.6 of TCG TNC IF-IMV Specification 1.3
- */
-TNC_Result TNC_IMC_ReceiveMessageLong(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id,
- TNC_UInt32 msg_flags,
- TNC_BufferReference msg,
- TNC_UInt32 msg_len,
- TNC_VendorID msg_vid,
- TNC_MessageSubtype msg_subtype,
- TNC_UInt32 src_imv_id,
- TNC_UInt32 dst_imc_id)
-{
- imc_state_t *state;
- imc_msg_t *in_msg;
- TNC_Result result;
-
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- if (!imc_swid->get_state(imc_swid, connection_id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imc_msg_create_from_long_data(imc_swid, state, connection_id,
- src_imv_id, dst_imc_id,msg_vid, msg_subtype,
- chunk_create(msg, msg_len));
- result =receive_message(state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-}
-
-/**
- * see section 3.8.7 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_BatchEnding(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id)
-{
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- return TNC_RESULT_SUCCESS;
-}
-
-/**
- * see section 3.8.8 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_Terminate(TNC_IMCID imc_id)
-{
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- imc_swid->destroy(imc_swid);
- imc_swid = NULL;
-
- return TNC_RESULT_SUCCESS;
-}
-
-/**
- * see section 4.2.8.1 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_ProvideBindFunction(TNC_IMCID imc_id,
- TNC_TNCC_BindFunctionPointer bind_function)
-{
- if (!imc_swid)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- return imc_swid->bind_functions(imc_swid, bind_function);
-}
diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.c b/src/libimcv/plugins/imc_swid/imc_swid_state.c
deleted file mode 100644
index 8d5e8e089..000000000
--- a/src/libimcv/plugins/imc_swid/imc_swid_state.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imc_swid_state.h"
-
-#include <tncif_names.h>
-
-#include <utils/debug.h>
-
-typedef struct private_imc_swid_state_t private_imc_swid_state_t;
-
-/**
- * Private data of an imc_swid_state_t object.
- */
-struct private_imc_swid_state_t {
-
- /**
- * Public members of imc_swid_state_t
- */
- imc_swid_state_t public;
-
- /**
- * TNCCS connection ID
- */
- TNC_ConnectionID connection_id;
-
- /**
- * TNCCS connection state
- */
- TNC_ConnectionState state;
-
- /**
- * Assessment/Evaluation Result
- */
- TNC_IMV_Evaluation_Result result;
-
- /**
- * Does the TNCCS connection support long message types?
- */
- bool has_long;
-
- /**
- * Does the TNCCS connection support exclusive delivery?
- */
- bool has_excl;
-
- /**
- * Maximum PA-TNC message size for this TNCCS connection
- */
- uint32_t max_msg_len;
-
- /**
- * PA-TNC attribute segmentation contracts associated with TNCCS connection
- */
- seg_contract_manager_t *contracts;
-
- /**
- * Event ID Epoch
- */
- uint32_t eid_epoch;
-};
-
-METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
- private_imc_swid_state_t *this)
-{
- return this->connection_id;
-}
-
-METHOD(imc_state_t, has_long, bool,
- private_imc_swid_state_t *this)
-{
- return this->has_long;
-}
-
-METHOD(imc_state_t, has_excl, bool,
- private_imc_swid_state_t *this)
-{
- return this->has_excl;
-}
-
-METHOD(imc_state_t, set_flags, void,
- private_imc_swid_state_t *this, bool has_long, bool has_excl)
-{
- this->has_long = has_long;
- this->has_excl = has_excl;
-}
-
-METHOD(imc_state_t, set_max_msg_len, void,
- private_imc_swid_state_t *this, uint32_t max_msg_len)
-{
- this->max_msg_len = max_msg_len;
-}
-
-METHOD(imc_state_t, get_max_msg_len, uint32_t,
- private_imc_swid_state_t *this)
-{
- return this->max_msg_len;
-}
-
-METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
- private_imc_swid_state_t *this)
-{
- return this->contracts;
-}
-
-METHOD(imc_state_t, change_state, void,
- private_imc_swid_state_t *this, TNC_ConnectionState new_state)
-{
- this->state = new_state;
-}
-
-METHOD(imc_state_t, set_result, void,
- private_imc_swid_state_t *this, TNC_IMCID id,
- TNC_IMV_Evaluation_Result result)
-{
- this->result = result;
-}
-
-METHOD(imc_state_t, get_result, bool,
- private_imc_swid_state_t *this, TNC_IMCID id,
- TNC_IMV_Evaluation_Result *result)
-{
- if (result)
- {
- *result = this->result;
- }
- return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
-}
-
-METHOD(imc_state_t, destroy, void,
- private_imc_swid_state_t *this)
-{
- this->contracts->destroy(this->contracts);
- free(this);
-}
-
-METHOD(imc_swid_state_t, get_eid_epoch, uint32_t,
- private_imc_swid_state_t *this)
-{
- return this->eid_epoch;
-}
-
-/**
- * Described in header.
- */
-imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id)
-{
- private_imc_swid_state_t *this;
- uint32_t eid_epoch;
- nonce_gen_t *ng;
-
- ng = lib->crypto->create_nonce_gen(lib->crypto);
- if (!ng || !ng->get_nonce(ng, 4, (uint8_t*)&eid_epoch))
- {
- DBG1(DBG_TNC, "failed to generate random EID epoch value");
- DESTROY_IF(ng);
- return NULL;
- }
- ng->destroy(ng);
-
- DBG1(DBG_IMC, "creating random EID epoch 0x%08x", eid_epoch);
-
- INIT(this,
- .public = {
- .interface = {
- .get_connection_id = _get_connection_id,
- .has_long = _has_long,
- .has_excl = _has_excl,
- .set_flags = _set_flags,
- .set_max_msg_len = _set_max_msg_len,
- .get_max_msg_len = _get_max_msg_len,
- .get_contracts = _get_contracts,
- .change_state = _change_state,
- .set_result = _set_result,
- .get_result = _get_result,
- .destroy = _destroy,
- },
- .get_eid_epoch = _get_eid_epoch,
- },
- .state = TNC_CONNECTION_STATE_CREATE,
- .result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
- .connection_id = connection_id,
- .contracts = seg_contract_manager_create(),
- .eid_epoch = eid_epoch,
- );
-
-
- return &this->public.interface;
-}
-
-
diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.h b/src/libimcv/plugins/imc_swid/imc_swid_state.h
deleted file mode 100644
index c658549c8..000000000
--- a/src/libimcv/plugins/imc_swid/imc_swid_state.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imc_swid imc_swid
- * @ingroup libimcv_plugins
- *
- * @defgroup imc_swid_state_t imc_swid_state
- * @{ @ingroup imc_swid
- */
-
-#ifndef IMC_SWID_STATE_H_
-#define IMC_SWID_STATE_H_
-
-#include <imc/imc_state.h>
-#include <library.h>
-
-typedef struct imc_swid_state_t imc_swid_state_t;
-
-/**
- * Internal state of an imc_swid_t connection instance
- */
-struct imc_swid_state_t {
-
- /**
- * imc_state_t interface
- */
- imc_state_t interface;
-
- /**
- * Get Event ID Epoch
- *
- * @return Event ID Epoch
- */
- uint32_t (*get_eid_epoch)(imc_swid_state_t *this);
-
-};
-
-/**
- * Create an imc_swid_state_t instance
- *
- * @param id connection ID
- */
-imc_state_t* imc_swid_state_create(TNC_ConnectionID id);
-
-#endif /** IMC_SWID_STATE_H_ @}*/
diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in b/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in
deleted file mode 100644
index 0e5aa8d4d..000000000
--- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan.swidtag.in
+++ /dev/null
@@ -1,11 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<SoftwareIdentity
- name="strongSwan"
- tagId="strongSwan-@VERSION_MAJOR@-@VERSION_MINOR@-@VERSION_BUILD@@VERSION_REVIEW@"
- version="@VERSION_MAJOR@.@VERSION_MINOR@.@VERSION_BUILD@@VERSION_REVIEW@" versionScheme="alphanumeric"
- xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
- <Entity
- name="strongSwan Project"
- regid="strongswan.org"
- role="softwareCreator licensor tagCreator"/>
-</SoftwareIdentity>
diff --git a/src/libimcv/plugins/imc_swima/Makefile.am b/src/libimcv/plugins/imc_swima/Makefile.am
index 4a29e7949..e31f98d33 100644
--- a/src/libimcv/plugins/imc_swima/Makefile.am
+++ b/src/libimcv/plugins/imc_swima/Makefile.am
@@ -19,11 +19,13 @@ $(swid_tag) : $(regid)__strongSwan.swidtag.in
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv
+ -I$(top_srcdir)/src/libimcv \
+ -DSW_COLLECTOR=\"${prefix}/sbin/sw-collector\"
AM_CFLAGS = \
$(PLUGIN_CFLAGS) $(json_CFLAGS)
+
imcv_LTLIBRARIES = imc-swima.la
imc_swima_la_LIBADD = \
diff --git a/src/libimcv/plugins/imc_swima/Makefile.in b/src/libimcv/plugins/imc_swima/Makefile.in
index ed2191921..62805151e 100644
--- a/src/libimcv/plugins/imc_swima/Makefile.in
+++ b/src/libimcv/plugins/imc_swima/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -460,7 +461,8 @@ CLEANFILES = $(regid)__strongSwan*.swidtag
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libimcv
+ -I$(top_srcdir)/src/libimcv \
+ -DSW_COLLECTOR=\"${prefix}/sbin/sw-collector\"
AM_CFLAGS = \
$(PLUGIN_CFLAGS) $(json_CFLAGS)
diff --git a/src/libimcv/plugins/imc_swima/imc_swima.c b/src/libimcv/plugins/imc_swima/imc_swima.c
index 67080e050..be258d335 100644
--- a/src/libimcv/plugins/imc_swima/imc_swima.c
+++ b/src/libimcv/plugins/imc_swima/imc_swima.c
@@ -30,6 +30,17 @@
#include <pen/pen.h>
#include <utils/debug.h>
+#include <errno.h>
+#include <poll.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/inotify.h>
+#include <unistd.h>
+
+#ifndef SW_COLLECTOR
+#define SW_COLLECTOR NULL
+#endif
+
/* IMC definitions */
static const char imc_name[] = "SWIMA";
@@ -68,6 +79,75 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
}
/**
+ * Poll for IN_CLOSE_WRITE event on the apt history.log
+ */
+static bool poll_history_log(void)
+{
+ int fd, wd, res;
+ nfds_t nfds;
+ struct pollfd fds[1];
+ char *history_path;
+ bool success = FALSE;
+
+ history_path = lib->settings->get_str(lib->settings, "sw-collector.history",
+ NULL);
+ if (!history_path)
+ {
+ DBG1(DBG_IMC, "sw-collector.history path not set");
+ return FALSE;
+ }
+
+ /* Create the file descriptor for accessing the inotify API */
+ fd = inotify_init1(IN_NONBLOCK);
+ if (fd == -1)
+ {
+ DBG1(DBG_IMC, "inotify file descriptor could not be created");
+ return FALSE;
+ }
+
+ /* Watch for CLOSE_WRITE events on history log */
+ wd = inotify_add_watch(fd, history_path, IN_CLOSE_WRITE);
+ if (wd == -1)
+ {
+ DBG1(DBG_IMC, "cannot watch '%s'", history_path);
+ goto end;
+ }
+
+ /* Prepare for polling */
+ nfds = 1;
+
+ /* Inotify input */
+ fds[0].fd = fd;
+ fds[0].events = POLLIN;
+
+ while (1)
+ {
+ DBG1(DBG_IMC, " waiting for write event on history.log ...");
+
+ res = poll(fds, nfds, -1);
+ if (res == -1)
+ {
+ DBG1(DBG_IMC, " poll failed: %s", strerror(errno));
+ if (errno == EINTR)
+ {
+ continue;
+ }
+ goto end;
+ }
+ if (res > 0 && fds[0].revents & POLLIN)
+ {
+ DBG1(DBG_IMC, " poll successful");
+ success = TRUE;
+ break;
+ }
+ }
+
+end:
+ close(fd);
+ return success;
+}
+
+/**
* see section 3.8.2 of TCG TNC IF-IMC Specification 1.3
*/
TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
@@ -75,6 +155,11 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
TNC_ConnectionState new_state)
{
imc_state_t *state;
+ imc_swima_state_t *swima_state;
+ imc_swima_subscription_t *subscription;
+ TNC_IMV_Evaluation_Result res;
+ TNC_Result result;
+ uint32_t eid, eid_epoch;
if (!imc_swima)
{
@@ -86,14 +171,42 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
case TNC_CONNECTION_STATE_CREATE:
state = imc_swima_state_create(connection_id);
return imc_swima->create_state(imc_swima, state);
- case TNC_CONNECTION_STATE_HANDSHAKE:
- if (imc_swima->change_state(imc_swima, connection_id, new_state,
- &state) != TNC_RESULT_SUCCESS)
+ case TNC_CONNECTION_STATE_ACCESS_ALLOWED:
+ case TNC_CONNECTION_STATE_ACCESS_ISOLATED:
+ case TNC_CONNECTION_STATE_ACCESS_NONE:
+ /* get updated IMC state */
+ result = imc_swima->change_state(imc_swima, connection_id,
+ new_state, &state);
+ if (result != TNC_RESULT_SUCCESS)
{
return TNC_RESULT_FATAL;
}
- state->set_result(state, imc_id,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
+ swima_state = (imc_swima_state_t*)state;
+
+ /* do a handshake retry? */
+ if (swima_state->get_subscription(swima_state, &subscription))
+ {
+ /* update earliest EID in subscription target */
+ if (state->get_result(state, imc_id, &res) &&
+ res == TNC_IMV_EVALUATION_RESULT_COMPLIANT)
+ {
+ eid = subscription->targets->get_eid(subscription->targets,
+ &eid_epoch);
+ if (eid > 0)
+ {
+ eid = swima_state->get_earliest_eid(swima_state);
+ subscription->targets->set_eid(subscription->targets, eid,
+ eid_epoch);
+ }
+ }
+ DBG1(DBG_IMC, "SWIMA subscription %u:", subscription->request_id);
+ if (!poll_history_log())
+ {
+ return TNC_RESULT_FATAL;
+ }
+ return imc_swima->request_handshake_retry(imc_id, connection_id,
+ TNC_RETRY_REASON_IMC_PERIODIC);
+ }
return TNC_RESULT_SUCCESS;
case TNC_CONNECTION_STATE_DELETE:
return imc_swima->delete_state(imc_swima, connection_id);
@@ -104,61 +217,11 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id,
}
/**
- * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
- */
-TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
- TNC_ConnectionID connection_id)
-{
- imc_state_t *state;
- imc_msg_t *out_msg;
- pa_tnc_attr_t *attr;
- seg_contract_t *contract;
- seg_contract_manager_t *contracts;
- size_t max_attr_size = SWIMA_MAX_ATTR_SIZE;
- size_t max_seg_size;
- char buf[BUF_LEN];
- TNC_Result result = TNC_RESULT_SUCCESS;
-
- if (!imc_swima)
- {
- DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
- return TNC_RESULT_NOT_INITIALIZED;
- }
- if (!imc_swima->get_state(imc_swima, connection_id, &state))
- {
- return TNC_RESULT_FATAL;
- }
-
- /* Determine maximum PA-TNC attribute segment size */
- max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE
- - PA_TNC_ATTR_HEADER_SIZE
- - TCG_SEG_ATTR_SEG_ENV_HEADER;
-
- /* Announce support of PA-TNC segmentation to IMV */
- contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size,
- TRUE, imc_id, TRUE);
- contract->get_info_string(contract, buf, BUF_LEN, TRUE);
- DBG2(DBG_IMC, "%s", buf);
- contracts = state->get_contracts(state);
- contracts->add_contract(contracts, contract);
- attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
-
- /* send PA-TNC message with the excl flag not set */
- out_msg = imc_msg_create(imc_swima, state, connection_id, imc_id,
- TNC_IMVID_ANY, msg_types[0]);
- out_msg->add_attribute(out_msg, attr);
- result = out_msg->send(out_msg, FALSE);
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-/**
* Add SWID Inventory or Event attribute to the send queue
*/
static void fulfill_request(imc_state_t *state, imc_msg_t *msg,
- uint32_t request_id, bool sw_id_only,
- swima_inventory_t *targets)
+ uint32_t request_id, bool sw_id_only,
+ swima_inventory_t *targets)
{
pa_tnc_attr_t *attr;
swima_collector_t *collector;
@@ -174,6 +237,8 @@ static void fulfill_request(imc_state_t *state, imc_msg_t *msg,
{
swima_events_t *sw_ev;
ietf_swima_attr_sw_ev_t *sw_ev_attr;
+ imc_swima_state_t *swima_state;
+ uint32_t eid_epoch, last_eid = 0;
sw_ev = collector->collect_events(collector, sw_id_only, targets);
if (!sw_ev)
@@ -185,8 +250,14 @@ static void fulfill_request(imc_state_t *state, imc_msg_t *msg,
}
else {
items = sw_ev->get_count(sw_ev);
- DBG1(DBG_IMC, "collected %d SW%s event%s", items, id_str,
- items == 1 ? "" : "s");
+ last_eid = sw_ev->get_eid(sw_ev, &eid_epoch, NULL);
+
+ DBG1(DBG_IMC, "collected %d SW%s event%s at last eid %d of epoch 0x%08x",
+ items, id_str, items == 1 ? "" : "s", last_eid, eid_epoch);
+
+ /* Store the earliest EID for the next subscription round */
+ swima_state = (imc_swima_state_t*)state;
+ swima_state->set_earliest_eid(swima_state, last_eid + 1);
/* Send an IETF SW [Identity] Events attribute */
attr = ietf_swima_attr_sw_ev_create(IETF_SWIMA_ATTR_SW_INV_FLAG_NONE,
@@ -226,9 +297,78 @@ static void fulfill_request(imc_state_t *state, imc_msg_t *msg,
collector->destroy(collector);
}
+/**
+ * see section 3.8.3 of TCG TNC IF-IMC Specification 1.3
+ */
+TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id,
+ TNC_ConnectionID connection_id)
+{
+ imc_state_t *state;
+ imc_swima_state_t *swima_state;
+ imc_msg_t *out_msg;
+ pa_tnc_attr_t *attr;
+ seg_contract_t *contract;
+ seg_contract_manager_t *contracts;
+ imc_swima_subscription_t *subscription;
+ size_t max_attr_size = SWIMA_MAX_ATTR_SIZE;
+ size_t max_seg_size;
+ char buf[BUF_LEN];
+ TNC_Result result = TNC_RESULT_SUCCESS;
+
+ if (!imc_swima)
+ {
+ DBG1(DBG_IMC, "IMC \"%s\" has not been initialized", imc_name);
+ return TNC_RESULT_NOT_INITIALIZED;
+ }
+ if (!imc_swima->get_state(imc_swima, connection_id, &state))
+ {
+ return TNC_RESULT_FATAL;
+ }
+ swima_state = (imc_swima_state_t*)state;
+
+ if (swima_state->get_subscription(swima_state, &subscription))
+ {
+ if (system(SW_COLLECTOR) != 0)
+ {
+ DBG1(DBG_IMC, "calling %s failed", SW_COLLECTOR);
+ return TNC_RESULT_FATAL;
+ }
+ out_msg = imc_msg_create(imc_swima, state, connection_id, imc_id,
+ subscription->imv_id, msg_types[0]);
+ fulfill_request(state, out_msg, subscription->request_id,
+ subscription->sw_id_only, subscription->targets);
+ }
+ else
+ {
+ /* Determine maximum PA-TNC attribute segment size */
+ max_seg_size = state->get_max_msg_len(state) - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER;
+
+ /* Announce support of PA-TNC segmentation to IMV */
+ contract = seg_contract_create(msg_types[0], max_attr_size, max_seg_size,
+ TRUE, imc_id, TRUE);
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMC, "%s", buf);
+ contracts = state->get_contracts(state);
+ contracts->add_contract(contracts, contract);
+ attr = tcg_seg_attr_max_size_create(max_attr_size, max_seg_size, TRUE);
+
+ /* send PA-TNC message with the excl flag not set */
+ out_msg = imc_msg_create(imc_swima, state, connection_id, imc_id,
+ TNC_IMVID_ANY, msg_types[0]);
+ out_msg->add_attribute(out_msg, attr);
+ }
+ result = out_msg->send(out_msg, FALSE);
+ out_msg->destroy(out_msg);
+
+ return result;
+}
+
static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
{
imc_msg_t *out_msg;
+ imc_swima_state_t *swima_state;
pa_tnc_attr_t *attr;
enumerator_t *enumerator;
pen_type_t type;
@@ -255,7 +395,6 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
uint32_t request_id;
bool sw_id_only;
swima_inventory_t *targets;
-
type = attr->get_type(attr);
if (type.vendor_id != PEN_IETF || type.type != IETF_ATTR_SWIMA_REQUEST)
@@ -267,15 +406,55 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg)
flags = attr_req->get_flags(attr_req);
request_id = attr_req->get_request_id(attr_req);
targets = attr_req->get_targets(attr_req);
+ sw_id_only = (flags & IETF_SWIMA_ATTR_REQ_FLAG_R);
if (flags & (IETF_SWIMA_ATTR_REQ_FLAG_S | IETF_SWIMA_ATTR_REQ_FLAG_C))
{
- attr = swima_error_create(PA_ERROR_SWIMA_SUBSCRIPTION_DENIED,
- request_id, 0, "no subscription available yet");
- out_msg->add_attribute(out_msg, attr);
- break;
+ if (imc_swima->has_pt_tls(imc_swima) &&
+ lib->settings->get_bool(lib->settings,
+ "%s.plugins.imc-swima.subscriptions", FALSE, lib->ns))
+ {
+ imc_swima_subscription_t *subscription;
+
+ swima_state = (imc_swima_state_t*)state;
+
+ if (flags & IETF_SWIMA_ATTR_REQ_FLAG_C)
+ {
+ if (swima_state->get_subscription(swima_state, &subscription))
+ {
+ DBG1(DBG_IMC, "SWIMA subscription %u cleared",
+ subscription->request_id);
+ swima_state->set_subscription(swima_state, NULL, FALSE);
+ }
+ }
+ else
+ {
+ INIT(subscription,
+ .imv_id = in_msg->get_src_id(in_msg),
+ .request_id = request_id,
+ .targets = targets->get_ref(targets),
+ .sw_id_only = sw_id_only,
+ );
+
+ swima_state->set_subscription(swima_state, subscription,
+ TRUE);
+ DBG1(DBG_IMC, "SWIMA subscription %u established",
+ subscription->request_id);
+ if (system(SW_COLLECTOR) != 0)
+ {
+ DBG1(DBG_IMC, "calling %s failed", SW_COLLECTOR);
+ out_msg->destroy(out_msg);
+ return TNC_RESULT_FATAL;
+ }
+ }
+ }
+ else
+ {
+ attr = swima_error_create(PA_ERROR_SWIMA_SUBSCRIPTION_DENIED,
+ request_id, 0, "subscriptions not enabled");
+ out_msg->add_attribute(out_msg, attr);
+ }
}
- sw_id_only = (flags & IETF_SWIMA_ATTR_REQ_FLAG_R);
fulfill_request(state, out_msg, request_id, sw_id_only, targets);
break;
diff --git a/src/libimcv/plugins/imc_swima/imc_swima_state.c b/src/libimcv/plugins/imc_swima/imc_swima_state.c
index 70b2434a4..55d887055 100644
--- a/src/libimcv/plugins/imc_swima/imc_swima_state.c
+++ b/src/libimcv/plugins/imc_swima/imc_swima_state.c
@@ -65,8 +65,33 @@ struct private_imc_swima_state_t {
* PA-TNC attribute segmentation contracts associated with TNCCS connection
*/
seg_contract_manager_t *contracts;
+
+ /**
+ * Has a subscription been established?
+ */
+ bool has_subscription;
+
+ /**
+ * State information on subscriptions
+ */
+ imc_swima_subscription_t *subscription;
+
+ /**
+ * Earliest EID for the next subscription round
+ */
+ uint32_t earliest_eid;
+
};
+static void free_subscription(imc_swima_subscription_t *this)
+{
+ if (this)
+ {
+ this->targets->destroy(this->targets);
+ free(this);
+ }
+}
+
METHOD(imc_state_t, get_connection_id, TNC_ConnectionID,
private_imc_swima_state_t *this)
{
@@ -110,10 +135,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
private_imc_swima_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imc_state_t, set_result, void,
@@ -134,13 +163,59 @@ METHOD(imc_state_t, get_result, bool,
return this->result != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
}
+METHOD(imc_state_t, reset, void,
+ private_imc_swima_state_t *this)
+{
+ this->result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+}
+
METHOD(imc_state_t, destroy, void,
private_imc_swima_state_t *this)
{
+ free(this->subscription);
this->contracts->destroy(this->contracts);
free(this);
}
+METHOD(imc_swima_state_t, set_subscription, void,
+ private_imc_swima_state_t *this, imc_swima_subscription_t *subscription,
+ bool set)
+{
+ free_subscription(this->subscription);
+ this->has_subscription = set;
+
+ if (set)
+ {
+ this->subscription = subscription;
+ }
+ else
+ {
+ this->subscription = NULL;
+ }
+}
+
+METHOD(imc_swima_state_t, get_subscription, bool,
+ private_imc_swima_state_t *this, imc_swima_subscription_t **subscription)
+{
+ if (subscription)
+ {
+ *subscription = this->subscription;
+ }
+ return this->has_subscription;
+}
+
+METHOD(imc_swima_state_t, set_earliest_eid, void,
+ private_imc_swima_state_t *this, uint32_t eid)
+{
+ this->earliest_eid = eid;
+}
+
+METHOD(imc_swima_state_t, get_earliest_eid, uint32_t,
+ private_imc_swima_state_t *this)
+{
+ return this->earliest_eid;
+}
+
/**
* Described in header.
*/
@@ -161,15 +236,20 @@ imc_state_t *imc_swima_state_create(TNC_ConnectionID connection_id)
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
+ .reset = _reset,
.destroy = _destroy,
},
+ .set_subscription = _set_subscription,
+ .get_subscription = _get_subscription,
+ .set_earliest_eid = _set_earliest_eid,
+ .get_earliest_eid = _get_earliest_eid,
},
.state = TNC_CONNECTION_STATE_CREATE,
.result = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
.connection_id = connection_id,
.contracts = seg_contract_manager_create(),
);
-
+
return &this->public.interface;
}
diff --git a/src/libimcv/plugins/imc_swima/imc_swima_state.h b/src/libimcv/plugins/imc_swima/imc_swima_state.h
index 4e4e3b1bf..92a674ff8 100644
--- a/src/libimcv/plugins/imc_swima/imc_swima_state.h
+++ b/src/libimcv/plugins/imc_swima/imc_swima_state.h
@@ -25,9 +25,38 @@
#define IMC_SWIMA_STATE_H_
#include <imc/imc_state.h>
+#include <swima/swima_inventory.h>
#include <library.h>
typedef struct imc_swima_state_t imc_swima_state_t;
+typedef struct imc_swima_subscription_t imc_swima_subscription_t;
+
+/**
+ * State information on subscriptions
+ */
+struct imc_swima_subscription_t {
+
+ /**
+ * IMV which sent the subscription request
+ */
+ TNC_IMVID imv_id;
+
+ /**
+ * SWIMA Request ID
+ */
+ uint32_t request_id;
+
+ /**
+ * SWIMA Request targets
+ */
+ swima_inventory_t *targets;
+
+ /**
+ * Retrieve SW Identifieres only
+ */
+ bool sw_id_only;
+
+};
/**
* Internal state of an imc_swima_t connection instance
@@ -39,6 +68,37 @@ struct imc_swima_state_t {
*/
imc_state_t interface;
+ /**
+ * Set or clear a subscription
+ *
+ * @param subscription state information on subscription
+ * @param set TRUE sets and FALSE clears a subscripton
+ */
+ void (*set_subscription)(imc_swima_state_t *this,
+ imc_swima_subscription_t *subscription, bool set);
+
+ /**
+ * Get the subscription status
+ *
+ * @param subscription state information on subscription
+ * @return TRUE if subscription is set
+ */
+ bool (*get_subscription)(imc_swima_state_t *this,
+ imc_swima_subscription_t**subscription);
+
+ /**
+ * Set the earliest EID for the next subscription round
+ *
+ * @param eid Earliest EID for events or 0 for inventories
+ */
+ void (*set_earliest_eid)(imc_swima_state_t *this, uint32_t eid);
+
+ /**
+ * Get earliest EID for the next subscription round
+ *
+ * @return Earliest EID for events or 0 for inventories
+ */
+ uint32_t (*get_earliest_eid)(imc_swima_state_t *this);
};
/**
diff --git a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag
deleted file mode 100644
index 4ce168623..000000000
--- a/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-6-3.swidtag
+++ /dev/null
@@ -1,11 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<SoftwareIdentity
- name="strongSwan"
- tagId="strongSwan-5-6-3"
- version="5.6.3" versionScheme="alphanumeric"
- xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
- <Entity
- name="strongSwan Project"
- regid="strongswan.org"
- role="softwareCreator licensor tagCreator"/>
-</SoftwareIdentity>
diff --git a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-7-0.swidtag
index 4ce168623..fa6e121b5 100644
--- a/src/libimcv/plugins/imc_swid/strongswan.org__strongSwan-5-6-3.swidtag
+++ b/src/libimcv/plugins/imc_swima/strongswan.org__strongSwan-5-7-0.swidtag
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="utf-8"?>
<SoftwareIdentity
name="strongSwan"
- tagId="strongSwan-5-6-3"
- version="5.6.3" versionScheme="alphanumeric"
+ tagId="strongSwan-5-7-0"
+ version="5.7.0" versionScheme="alphanumeric"
xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd">
<Entity
name="strongSwan Project"
diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in
index fc6d2f6fb..2231f93bc 100644
--- a/src/libimcv/plugins/imc_test/Makefile.in
+++ b/src/libimcv/plugins/imc_test/Makefile.in
@@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -334,6 +333,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -354,8 +355,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -410,8 +409,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -440,8 +437,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imc_test/imc_test_state.c b/src/libimcv/plugins/imc_test/imc_test_state.c
index 047c82502..86d59a76a 100644
--- a/src/libimcv/plugins/imc_test/imc_test_state.c
+++ b/src/libimcv/plugins/imc_test/imc_test_state.c
@@ -141,10 +141,14 @@ METHOD(imc_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imc_state_t, change_state, void,
+METHOD(imc_state_t, change_state, TNC_ConnectionState,
private_imc_test_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imc_state_t, set_result, void,
@@ -202,6 +206,12 @@ METHOD(imc_state_t, get_result, bool,
return eval != TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
}
+METHOD(imc_state_t, reset, void,
+ private_imc_test_state_t *this)
+{
+ /* nothing to reset */
+}
+
METHOD(imc_state_t, destroy, void,
private_imc_test_state_t *this)
{
@@ -277,6 +287,7 @@ imc_state_t *imc_test_state_create(TNC_ConnectionID connection_id,
.change_state = _change_state,
.set_result = _set_result,
.get_result = _get_result,
+ .reset = _reset,
.destroy = _destroy,
},
.get_command = _get_command,
diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in
index f9eb9d6ed..98930d3f3 100644
--- a/src/libimcv/plugins/imv_attestation/Makefile.in
+++ b/src/libimcv/plugins/imv_attestation/Makefile.in
@@ -322,7 +322,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -348,6 +347,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -368,8 +369,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -424,8 +423,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -454,8 +451,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imv_attestation/attest_db.c b/src/libimcv/plugins/imv_attestation/attest_db.c
index fb894f393..bc435df7f 100644
--- a/src/libimcv/plugins/imv_attestation/attest_db.c
+++ b/src/libimcv/plugins/imv_attestation/attest_db.c
@@ -187,7 +187,7 @@ char* print_cfn(pts_comp_func_name_t *cfn)
int type, vid, name, qualifier, n;
enum_name_t *names, *types;
- vid = cfn->get_vendor_id(cfn),
+ vid = cfn->get_vendor_id(cfn);
name = cfn->get_name(cfn);
qualifier = cfn->get_qualifier(cfn);
n = snprintf(buf, BUF_LEN, "0x%06x/0x%08x-0x%02x", vid, name, qualifier);
diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
index d63940797..3d9e0ab1f 100644
--- a/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
+++ b/src/libimcv/plugins/imv_attestation/imv_attestation_state.c
@@ -250,10 +250,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
private_imv_attestation_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imv_state_t, get_recommendation, void,
@@ -338,6 +342,24 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
return FALSE;
}
+METHOD(imv_state_t, reset, void,
+ private_imv_attestation_state_t *this)
+{
+ DESTROY_IF(this->reason_string);
+ this->reason_string = NULL;
+ this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ this->action_flags = 0;
+
+ this->handshake_state = IMV_ATTESTATION_STATE_INIT;
+ this->measurement_error = 0;
+ this->components->destroy_function(this->components, (void *)free_func_comp);
+ this->components = linked_list_create();
+ this->pts->destroy(this->pts);
+ this->pts = pts_create(FALSE);
+}
+
METHOD(imv_state_t, destroy, void,
private_imv_attestation_state_t *this)
{
@@ -532,6 +554,7 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id)
.update_recommendation = _update_recommendation,
.get_reason_string = _get_reason_string,
.get_remediation_instructions = _get_remediation_instructions,
+ .reset = _reset,
.destroy = _destroy,
},
.get_handshake_state = _get_handshake_state,
diff --git a/src/libimcv/plugins/imv_hcd/Makefile.in b/src/libimcv/plugins/imv_hcd/Makefile.in
index 99bf6d916..7bf503e0c 100644
--- a/src/libimcv/plugins/imv_hcd/Makefile.in
+++ b/src/libimcv/plugins/imv_hcd/Makefile.in
@@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -334,6 +333,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -354,8 +355,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -410,8 +409,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -440,8 +437,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imv_hcd/imv_hcd_state.c b/src/libimcv/plugins/imv_hcd/imv_hcd_state.c
index bfe6dd619..e2b6eaed9 100644
--- a/src/libimcv/plugins/imv_hcd/imv_hcd_state.c
+++ b/src/libimcv/plugins/imv_hcd/imv_hcd_state.c
@@ -213,10 +213,14 @@ METHOD(imv_state_t, update_recommendation, void,
this->eval = tncif_policy_update_evaluation(this->eval, eval);
}
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
private_imv_hcd_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imv_state_t, get_reason_string, bool,
@@ -246,6 +250,24 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
return FALSE;
}
+METHOD(imv_state_t, reset, void,
+ private_imv_hcd_state_t *this)
+{
+ DESTROY_IF(this->reason_string);
+ this->reason_string = NULL;
+ this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ this->handshake_state = IMV_HCD_STATE_INIT;
+ this->subtype_action_flags[0].action_flags = IMV_HCD_ATTR_NONE;
+ this->subtype_action_flags[1].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+ this->subtype_action_flags[2].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+ this->subtype_action_flags[3].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+ this->subtype_action_flags[4].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+ this->subtype_action_flags[5].action_flags = IMV_HCD_ATTR_SYSTEM_ONLY;
+ this->action_flags = &this->subtype_action_flags[0].action_flags;
+}
+
METHOD(imv_state_t, destroy, void,
private_imv_hcd_state_t *this)
{
@@ -320,6 +342,7 @@ imv_state_t *imv_hcd_state_create(TNC_ConnectionID connection_id)
.update_recommendation = _update_recommendation,
.get_reason_string = _get_reason_string,
.get_remediation_instructions = _get_remediation_instructions,
+ .reset = _reset,
.destroy = _destroy,
},
.set_handshake_state = _set_handshake_state,
diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in
index d5a6f07f1..4e8f8ea19 100644
--- a/src/libimcv/plugins/imv_os/Makefile.in
+++ b/src/libimcv/plugins/imv_os/Makefile.in
@@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -335,6 +334,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -355,8 +356,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -411,8 +410,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -441,8 +438,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imv_os/imv_os_agent.c b/src/libimcv/plugins/imv_os/imv_os_agent.c
index 3fa3d0965..bb1e8a806 100644
--- a/src/libimcv/plugins/imv_os/imv_os_agent.c
+++ b/src/libimcv/plugins/imv_os/imv_os_agent.c
@@ -539,7 +539,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
/* Determine maximum PA-TNC attribute segment size */
max_seg_size = state->get_max_msg_len(state)
- - PA_TNC_HEADER_SIZE
+ - PA_TNC_HEADER_SIZE
- PA_TNC_ATTR_HEADER_SIZE
- TCG_SEG_ATTR_SEG_ENV_HEADER;
@@ -614,7 +614,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
if (result != TNC_RESULT_SUCCESS)
{
return result;
- }
+ }
return this->agent->provide_recommendation(this->agent, state);
}
else
@@ -686,7 +686,6 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
{
continue;
}
- eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
switch (workitem->get_type(workitem))
{
@@ -721,7 +720,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
TNC_IMV_EVALUATION_RESULT_COMPLIANT;
snprintf(result_str, BUF_LEN, "unknown sources%s enabled",
fail ? "" : " not");
- break;
+ break;
case IMV_WORKITEM_FORWARDING:
if (!(received & IMV_OS_ATTR_FORWARDING_ENABLED))
{
@@ -749,14 +748,11 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
default:
continue;
}
- if (eval != TNC_IMV_EVALUATION_RESULT_DONT_KNOW)
- {
- session->remove_workitem(session, enumerator);
- rec = workitem->set_result(workitem, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
- }
+ session->remove_workitem(session, enumerator);
+ rec = workitem->set_result(workitem, result_str, eval);
+ state->update_recommendation(state, rec, eval);
+ imcv_db->finalize_workitem(imcv_db, workitem);
+ workitem->destroy(workitem);
}
enumerator->destroy(enumerator);
@@ -772,7 +768,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
return result;
}
return this->agent->provide_recommendation(this->agent, state);
- }
+ }
}
/* send non-empty PA-TNC message with excl flag not set */
diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c
index af5daf0fc..dd8fcf594 100644
--- a/src/libimcv/plugins/imv_os/imv_os_state.c
+++ b/src/libimcv/plugins/imv_os/imv_os_state.c
@@ -362,10 +362,14 @@ METHOD(imv_state_t, update_recommendation, void,
this->eval = tncif_policy_update_evaluation(this->eval, eval);
}
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
private_imv_os_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imv_state_t, get_reason_string, bool,
@@ -466,6 +470,32 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
return TRUE;
}
+METHOD(imv_state_t, reset, void,
+ private_imv_os_state_t *this)
+{
+ DESTROY_IF(this->reason_string);
+ DESTROY_IF(this->remediation_string);
+ this->reason_string = NULL;
+ this->remediation_string = NULL;
+ this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ this->action_flags = 0;
+
+ this->handshake_state = IMV_OS_STATE_INIT;
+ this->count = 0;
+ this->count_security = 0;
+ this->count_blacklist = 0;
+ this->count_ok = 0;
+ this->os_settings = 0;
+ this->missing = 0;
+
+ this->update_packages->destroy_function(this->update_packages, free);
+ this->remove_packages->destroy_function(this->remove_packages, free);
+ this->update_packages = linked_list_create();
+ this->remove_packages = linked_list_create();
+}
+
METHOD(imv_state_t, destroy, void,
private_imv_os_state_t *this)
{
@@ -590,6 +620,7 @@ imv_state_t *imv_os_state_create(TNC_ConnectionID connection_id)
.update_recommendation = _update_recommendation,
.get_reason_string = _get_reason_string,
.get_remediation_instructions = _get_remediation_instructions,
+ .reset = _reset,
.destroy = _destroy,
},
.set_handshake_state = _set_handshake_state,
diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in
index 2649f499d..7c31a23fa 100644
--- a/src/libimcv/plugins/imv_scanner/Makefile.in
+++ b/src/libimcv/plugins/imv_scanner/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
index 8f9593f17..64ab5c4eb 100644
--- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
+++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c
@@ -222,10 +222,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
private_imv_scanner_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imv_state_t, get_recommendation, void,
@@ -303,6 +307,26 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
return TRUE;
}
+METHOD(imv_state_t, reset, void,
+ private_imv_scanner_state_t *this)
+{
+ DESTROY_IF(this->reason_string);
+ DESTROY_IF(this->remediation_string);
+ this->reason_string = NULL;
+ this->remediation_string = NULL;
+ this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ this->action_flags = 0;
+
+ this->handshake_state = IMV_SCANNER_STATE_INIT;
+
+ DESTROY_IF(&this->port_filter_attr->pa_tnc_attribute);
+ this->port_filter_attr = NULL;
+ this->violating_ports->destroy_function(this->violating_ports, free);
+ this->violating_ports = linked_list_create();
+}
+
METHOD(imv_state_t, destroy, void,
private_imv_scanner_state_t *this)
{
@@ -373,6 +397,7 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
.update_recommendation = _update_recommendation,
.get_reason_string = _get_reason_string,
.get_remediation_instructions = _get_remediation_instructions,
+ .reset = _reset,
.destroy = _destroy,
},
.set_handshake_state = _set_handshake_state,
@@ -391,5 +416,3 @@ imv_state_t *imv_scanner_state_create(TNC_ConnectionID connection_id)
return &this->public.interface;
}
-
-
diff --git a/src/libimcv/plugins/imv_swid/Makefile.am b/src/libimcv/plugins/imv_swid/Makefile.am
deleted file mode 100644
index e573ea0d8..000000000
--- a/src/libimcv/plugins/imv_swid/Makefile.am
+++ /dev/null
@@ -1,21 +0,0 @@
-AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libtpmtss \
- -I$(top_srcdir)/src/libimcv
-
-AM_CFLAGS = \
- $(PLUGIN_CFLAGS) $(json_CFLAGS)
-
-imcv_LTLIBRARIES = imv-swid.la
-
-imv_swid_la_LIBADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(json_LIBS)
-
-imv_swid_la_SOURCES = \
- imv_swid.c imv_swid_state.h imv_swid_state.c \
- imv_swid_agent.h imv_swid_agent.c
-
-imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined
diff --git a/src/libimcv/plugins/imv_swid/imv_swid_agent.c b/src/libimcv/plugins/imv_swid/imv_swid_agent.c
deleted file mode 100644
index 2884a169c..000000000
--- a/src/libimcv/plugins/imv_swid/imv_swid_agent.c
+++ /dev/null
@@ -1,727 +0,0 @@
-/*
- * Copyright (C) 2013-2017 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#define _GNU_SOURCE
-#include <stdio.h>
-
-#include "imv_swid_agent.h"
-#include "imv_swid_state.h"
-
-#include <imcv.h>
-#include <imv/imv_agent.h>
-#include <imv/imv_msg.h>
-#include <ietf/ietf_attr_pa_tnc_error.h>
-#include "rest/rest.h"
-#include "tcg/seg/tcg_seg_attr_max_size.h"
-#include "tcg/seg/tcg_seg_attr_seg_env.h"
-#include "tcg/swid/tcg_swid_attr_req.h"
-#include "tcg/swid/tcg_swid_attr_tag_inv.h"
-#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
-#include "swid/swid_error.h"
-#include "swid/swid_inventory.h"
-
-#include <tncif_names.h>
-#include <tncif_pa_subtypes.h>
-
-#include <pen/pen.h>
-#include <utils/debug.h>
-#include <bio/bio_reader.h>
-
-typedef struct private_imv_swid_agent_t private_imv_swid_agent_t;
-
-/* Subscribed PA-TNC message subtypes */
-static pen_type_t msg_types[] = {
- { PEN_TCG, PA_SUBTYPE_TCG_SWID }
-};
-
-/**
- * Flag set when corresponding attribute has been received
- */
-enum imv_swid_attr_t {
- IMV_SWID_ATTR_TAG_INV = (1<<0),
- IMV_SWID_ATTR_TAG_ID_INV = (1<<1)
-};
-
-/**
- * Private data of an imv_swid_agent_t object.
- */
-struct private_imv_swid_agent_t {
-
- /**
- * Public members of imv_swid_agent_t
- */
- imv_agent_if_t public;
-
- /**
- * IMV agent responsible for generic functions
- */
- imv_agent_t *agent;
-
- /**
- * REST API to strongTNC manager
- */
- rest_t *rest_api;
-
-};
-
-METHOD(imv_agent_if_t, bind_functions, TNC_Result,
- private_imv_swid_agent_t *this, TNC_TNCS_BindFunctionPointer bind_function)
-{
- return this->agent->bind_functions(this->agent, bind_function);
-}
-
-METHOD(imv_agent_if_t, notify_connection_change, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id,
- TNC_ConnectionState new_state)
-{
- imv_state_t *state;
-
- switch (new_state)
- {
- case TNC_CONNECTION_STATE_CREATE:
- state = imv_swid_state_create(id);
- return this->agent->create_state(this->agent, state);
- case TNC_CONNECTION_STATE_DELETE:
- return this->agent->delete_state(this->agent, id);
- default:
- return this->agent->change_state(this->agent, id, new_state, NULL);
- }
-}
-
-/**
- * Process a received message
- */
-static TNC_Result receive_msg(private_imv_swid_agent_t *this,
- imv_state_t *state, imv_msg_t *in_msg)
-{
- imv_swid_state_t *swid_state;
- imv_msg_t *out_msg;
- enumerator_t *enumerator;
- pa_tnc_attr_t *attr;
- TNC_Result result;
- bool fatal_error = FALSE;
-
- /* generate an outgoing PA-TNC message - we might need it */
- out_msg = imv_msg_create_as_reply(in_msg);
-
- /* parse received PA-TNC message and handle local and remote errors */
- result = in_msg->receive(in_msg, out_msg, &fatal_error);
- if (result != TNC_RESULT_SUCCESS)
- {
- out_msg->destroy(out_msg);
- return result;
- }
-
- swid_state = (imv_swid_state_t*)state;
-
- /* analyze PA-TNC attributes */
- enumerator = in_msg->create_attribute_enumerator(in_msg);
- while (enumerator->enumerate(enumerator, &attr))
- {
- uint32_t request_id = 0, last_eid, eid_epoch;
- swid_inventory_t *inventory;
- pen_type_t type;
-
- type = attr->get_type(attr);
-
- if (type.vendor_id == PEN_IETF && type.type == IETF_ATTR_PA_TNC_ERROR)
- {
- ietf_attr_pa_tnc_error_t *error_attr;
- pen_type_t error_code;
- chunk_t msg_info, description;
- bio_reader_t *reader;
- uint32_t max_attr_size;
- bool success;
-
- error_attr = (ietf_attr_pa_tnc_error_t*)attr;
- error_code = error_attr->get_error_code(error_attr);
-
- if (error_code.vendor_id == PEN_TCG)
- {
- fatal_error = TRUE;
- msg_info = error_attr->get_msg_info(error_attr);
- reader = bio_reader_create(msg_info);
- success = reader->read_uint32(reader, &request_id);
-
- DBG1(DBG_IMV, "received TCG error '%N' for request %d",
- swid_error_code_names, error_code.type, request_id);
- if (!success)
- {
- reader->destroy(reader);
- continue;
- }
- if (error_code.type == TCG_SWID_RESPONSE_TOO_LARGE)
- {
- if (!reader->read_uint32(reader, &max_attr_size))
- {
- reader->destroy(reader);
- continue;
- }
- DBG1(DBG_IMV, " maximum PA-TNC attribute size is %u bytes",
- max_attr_size);
- }
- description = reader->peek(reader);
- if (description.len)
- {
- DBG1(DBG_IMV, " description: %.*s", description.len,
- description.ptr);
- }
- reader->destroy(reader);
- }
- }
- else if (type.vendor_id != PEN_TCG)
- {
- continue;
- }
-
- switch (type.type)
- {
- case TCG_SWID_TAG_ID_INVENTORY:
- {
- tcg_swid_attr_tag_id_inv_t *attr_cast;
- uint32_t missing;
- int tag_id_count;
-
- state->set_action_flags(state, IMV_SWID_ATTR_TAG_ID_INV);
-
- attr_cast = (tcg_swid_attr_tag_id_inv_t*)attr;
- request_id = attr_cast->get_request_id(attr_cast);
- last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
- inventory = attr_cast->get_inventory(attr_cast);
- tag_id_count = inventory->get_count(inventory);
- missing = attr_cast->get_tag_id_count(attr_cast);
- swid_state->set_missing(swid_state, missing);
-
- DBG2(DBG_IMV, "received SWID tag ID inventory with %d item%s "
- "for request %d at eid %d of epoch 0x%08x, %d item%s to "
- "follow", tag_id_count, (tag_id_count == 1) ? "" : "s",
- request_id, last_eid, eid_epoch, missing,
- (missing == 1) ? "" : "s");
-
- if (request_id == swid_state->get_request_id(swid_state))
- {
- swid_state->set_swid_inventory(swid_state, inventory);
- swid_state->set_count(swid_state, tag_id_count, 0,
- in_msg->get_src_id(in_msg));
- }
- else
- {
- DBG1(DBG_IMV, "no workitem found for SWID tag ID inventory "
- "with request ID %d", request_id);
- }
- attr_cast->clear_inventory(attr_cast);
- break;
- }
- case TCG_SWID_TAG_INVENTORY:
- {
- tcg_swid_attr_tag_inv_t *attr_cast;
- swid_tag_t *tag;
- chunk_t tag_encoding;
- json_object *jobj, *jarray, *jstring;
- char *tag_str;
- uint32_t missing;
- int tag_count;
- enumerator_t *e;
-
- state->set_action_flags(state, IMV_SWID_ATTR_TAG_INV);
-
- attr_cast = (tcg_swid_attr_tag_inv_t*)attr;
- request_id = attr_cast->get_request_id(attr_cast);
- last_eid = attr_cast->get_last_eid(attr_cast, &eid_epoch);
- inventory = attr_cast->get_inventory(attr_cast);
- tag_count = inventory->get_count(inventory);
- missing = attr_cast->get_tag_count(attr_cast);
- swid_state->set_missing(swid_state, missing);
-
- DBG2(DBG_IMV, "received SWID tag inventory with %d item%s for "
- "request %d at eid %d of epoch 0x%08x, %d item%s to follow",
- tag_count, (tag_count == 1) ? "" : "s", request_id,
- last_eid, eid_epoch, missing, (missing == 1) ? "" : "s");
-
- if (request_id == swid_state->get_request_id(swid_state))
- {
- swid_state->set_count(swid_state, 0, tag_count,
- in_msg->get_src_id(in_msg));
-
- if (this->rest_api)
- {
- jobj = json_object_new_object();
- jarray = json_object_new_array();
- json_object_object_add(jobj, "data", jarray);
-
- e = inventory->create_enumerator(inventory);
- while (e->enumerate(e, &tag))
- {
- tag_encoding = tag->get_encoding(tag);
- tag_str = strndup(tag_encoding.ptr, tag_encoding.len);
- DBG3(DBG_IMV, "%s", tag_str);
- jstring = json_object_new_string(tag_str);
- json_object_array_add(jarray, jstring);
- free(tag_str);
- }
- e->destroy(e);
-
- if (this->rest_api->post(this->rest_api,
- "swid/add-tags/", jobj, NULL) != SUCCESS)
- {
- DBG1(DBG_IMV, "error in REST API add-tags request");
- }
- json_object_put(jobj);
- }
- }
- else
- {
- DBG1(DBG_IMV, "no workitem found for SWID tag inventory "
- "with request ID %d", request_id);
- }
- attr_cast->clear_inventory(attr_cast);
- break;
- }
- default:
- break;
- }
- }
- enumerator->destroy(enumerator);
-
- if (fatal_error)
- {
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
- TNC_IMV_EVALUATION_RESULT_ERROR);
- result = out_msg->send_assessment(out_msg);
- if (result == TNC_RESULT_SUCCESS)
- {
- result = this->agent->provide_recommendation(this->agent, state);
- }
- }
- else
- {
- /* send PA-TNC message with the EXCL flag set */
- result = out_msg->send(out_msg, TRUE);
- }
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-METHOD(imv_agent_if_t, receive_message, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id,
- TNC_MessageType msg_type, chunk_t msg)
-{
- imv_state_t *state;
- imv_msg_t *in_msg;
- TNC_Result result;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imv_msg_create_from_data(this->agent, state, id, msg_type, msg);
- result = receive_msg(this, state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-}
-
-METHOD(imv_agent_if_t, receive_message_long, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id,
- TNC_UInt32 src_imc_id, TNC_UInt32 dst_imv_id,
- TNC_VendorID msg_vid, TNC_MessageSubtype msg_subtype, chunk_t msg)
-{
- imv_state_t *state;
- imv_msg_t *in_msg;
- TNC_Result result;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- in_msg = imv_msg_create_from_long_data(this->agent, state, id,
- src_imc_id, dst_imv_id, msg_vid, msg_subtype, msg);
- result = receive_msg(this, state, in_msg);
- in_msg->destroy(in_msg);
-
- return result;
-
-}
-
-METHOD(imv_agent_if_t, batch_ending, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id)
-{
- imv_msg_t *out_msg;
- imv_state_t *state;
- imv_session_t *session;
- imv_workitem_t *workitem;
- imv_swid_state_t *swid_state;
- imv_swid_handshake_state_t handshake_state;
- pa_tnc_attr_t *attr;
- TNC_IMVID imv_id;
- TNC_Result result = TNC_RESULT_SUCCESS;
- bool no_workitems = TRUE;
- uint32_t request_id, received;
- uint8_t flags;
- enumerator_t *enumerator;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- swid_state = (imv_swid_state_t*)state;
- handshake_state = swid_state->get_handshake_state(swid_state);
- session = state->get_session(state);
- imv_id = this->agent->get_id(this->agent);
-
- if (handshake_state == IMV_SWID_STATE_END)
- {
- return TNC_RESULT_SUCCESS;
- }
-
- /* Create an empty out message - we might need it */
- out_msg = imv_msg_create(this->agent, state, id, imv_id,
- swid_state->get_imc_id(swid_state),
- msg_types[0]);
-
- if (!imcv_db)
- {
- DBG2(DBG_IMV, "no workitems available - no evaluation possible");
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END);
-
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
- return this->agent->provide_recommendation(this->agent, state);
- }
-
- /* Look for SWID tag workitem and create SWID tag request */
- if (handshake_state == IMV_SWID_STATE_INIT &&
- session->get_policy_started(session))
- {
- size_t max_attr_size = SWID_MAX_ATTR_SIZE;
- size_t max_seg_size;
- seg_contract_t *contract;
- seg_contract_manager_t *contracts;
- char buf[BUF_LEN];
-
- enumerator = session->create_workitem_enumerator(session);
- if (enumerator)
- {
- while (enumerator->enumerate(enumerator, &workitem))
- {
- if (workitem->get_imv_id(workitem) != TNC_IMVID_ANY ||
- workitem->get_type(workitem) != IMV_WORKITEM_SWID_TAGS)
- {
- continue;
- }
-
- flags = TCG_SWID_ATTR_REQ_FLAG_NONE;
- if (strchr(workitem->get_arg_str(workitem), 'R'))
- {
- flags |= TCG_SWID_ATTR_REQ_FLAG_R;
- }
- if (strchr(workitem->get_arg_str(workitem), 'S'))
- {
- flags |= TCG_SWID_ATTR_REQ_FLAG_S;
- }
- if (strchr(workitem->get_arg_str(workitem), 'C'))
- {
- flags |= TCG_SWID_ATTR_REQ_FLAG_C;
- }
-
- /* Determine maximum PA-TNC attribute segment size */
- max_seg_size = state->get_max_msg_len(state)
- - PA_TNC_HEADER_SIZE
- - PA_TNC_ATTR_HEADER_SIZE
- - TCG_SEG_ATTR_SEG_ENV_HEADER;
-
- /* Announce support of PA-TNC segmentation to IMC */
- contract = seg_contract_create(msg_types[0], max_attr_size,
- max_seg_size, TRUE, imv_id, FALSE);
- contract->get_info_string(contract, buf, BUF_LEN, TRUE);
- DBG2(DBG_IMV, "%s", buf);
- contracts = state->get_contracts(state);
- contracts->add_contract(contracts, contract);
- attr = tcg_seg_attr_max_size_create(max_attr_size,
- max_seg_size, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- /* Issue a SWID request */
- request_id = workitem->get_id(workitem);
- swid_state->set_request_id(swid_state, request_id);
- attr = tcg_swid_attr_req_create(flags, request_id, 0);
- out_msg->add_attribute(out_msg, attr);
- workitem->set_imv_id(workitem, imv_id);
- no_workitems = FALSE;
- DBG2(DBG_IMV, "IMV %d issues SWID request %d",
- imv_id, request_id);
- break;
- }
- enumerator->destroy(enumerator);
-
- if (no_workitems)
- {
- DBG2(DBG_IMV, "IMV %d has no workitems - "
- "no evaluation requested", imv_id);
- state->set_recommendation(state,
- TNC_IMV_ACTION_RECOMMENDATION_ALLOW,
- TNC_IMV_EVALUATION_RESULT_DONT_KNOW);
- }
- handshake_state = IMV_SWID_STATE_WORKITEMS;
- swid_state->set_handshake_state(swid_state, handshake_state);
- }
- }
-
- received = state->get_action_flags(state);
-
- if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
- (received & (IMV_SWID_ATTR_TAG_INV|IMV_SWID_ATTR_TAG_ID_INV)) &&
- swid_state->get_missing(swid_state) == 0)
- {
- TNC_IMV_Evaluation_Result eval;
- TNC_IMV_Action_Recommendation rec;
- char result_str[BUF_LEN], *error_str = "", *command;
- char *target, *separator;
- int tag_id_count, tag_count, i;
- chunk_t tag_creator, unique_sw_id;
- json_object *jrequest, *jresponse, *jvalue;
- tcg_swid_attr_req_t *cast_attr;
- swid_tag_id_t *tag_id;
- status_t status = SUCCESS;
-
- if (this->rest_api && (received & IMV_SWID_ATTR_TAG_ID_INV))
- {
- if (asprintf(&command, "sessions/%d/swid-measurement/",
- session->get_session_id(session, NULL, NULL)) < 0)
- {
- error_str = "allocation of command string failed";
- status = FAILED;
- }
- else
- {
- jrequest = swid_state->get_swid_inventory(swid_state);
- status = this->rest_api->post(this->rest_api, command,
- jrequest, &jresponse);
- if (status == FAILED)
- {
- error_str = "error in REST API swid-measurement request";
- }
- free(command);
- }
- }
-
- switch (status)
- {
- case SUCCESS:
- enumerator = session->create_workitem_enumerator(session);
- while (enumerator->enumerate(enumerator, &workitem))
- {
- if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS)
- {
- swid_state->get_count(swid_state, &tag_id_count,
- &tag_count);
- snprintf(result_str, BUF_LEN, "received inventory of "
- "%d SWID tag ID%s and %d SWID tag%s",
- tag_id_count, (tag_id_count == 1) ? "" : "s",
- tag_count, (tag_count == 1) ? "" : "s");
- session->remove_workitem(session, enumerator);
-
- eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
- rec = workitem->set_result(workitem, result_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
- break;
- }
- }
- enumerator->destroy(enumerator);
- break;
- case NEED_MORE:
- if (received & IMV_SWID_ATTR_TAG_INV)
- {
- error_str = "not all requested SWID tags were received";
- status = FAILED;
- json_object_put(jresponse);
- break;
- }
- if (json_object_get_type(jresponse) != json_type_array)
- {
- error_str = "response was not a json_array";
- status = FAILED;
- json_object_put(jresponse);
- break;
- }
-
- /* Create a TCG SWID Request attribute */
- attr = tcg_swid_attr_req_create(TCG_SWID_ATTR_REQ_FLAG_NONE,
- swid_state->get_request_id(swid_state), 0);
- tag_id_count = json_object_array_length(jresponse);
- DBG1(DBG_IMV, "%d SWID tag target%s", tag_id_count,
- (tag_id_count == 1) ? "" : "s");
- swid_state->set_missing(swid_state, tag_id_count);
-
- for (i = 0; i < tag_id_count; i++)
- {
- jvalue = json_object_array_get_idx(jresponse, i);
- if (json_object_get_type(jvalue) != json_type_string)
- {
- error_str = "json_string element expected in json_array";
- status = FAILED;
- json_object_put(jresponse);
- break;
- }
- target = (char*)json_object_get_string(jvalue);
- DBG1(DBG_IMV, " %s", target);
-
- /* Separate target into tag_creator and unique_sw_id */
- separator = strstr(target, "__");
- if (!separator)
- {
- error_str = "separation of regid from "
- "unique software ID failed";
- break;
- }
- tag_creator = chunk_create(target, separator - target);
- separator += 2;
- unique_sw_id = chunk_create(separator, strlen(target) -
- tag_creator.len - 2);
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id,
- chunk_empty);
- cast_attr = (tcg_swid_attr_req_t*)attr;
- cast_attr->add_target(cast_attr, tag_id);
- }
- json_object_put(jresponse);
-
- out_msg->add_attribute(out_msg, attr);
- break;
- case FAILED:
- default:
- break;
- }
-
- if (status == FAILED)
- {
- enumerator = session->create_workitem_enumerator(session);
- while (enumerator->enumerate(enumerator, &workitem))
- {
- if (workitem->get_type(workitem) == IMV_WORKITEM_SWID_TAGS)
- {
- session->remove_workitem(session, enumerator);
- eval = TNC_IMV_EVALUATION_RESULT_ERROR;
- rec = workitem->set_result(workitem, error_str, eval);
- state->update_recommendation(state, rec, eval);
- imcv_db->finalize_workitem(imcv_db, workitem);
- workitem->destroy(workitem);
- break;
- }
- }
- enumerator->destroy(enumerator);
- }
- }
-
- /* finalized all workitems ? */
- if (handshake_state == IMV_SWID_STATE_WORKITEMS &&
- session->get_workitem_count(session, imv_id) == 0)
- {
- result = out_msg->send_assessment(out_msg);
- out_msg->destroy(out_msg);
- swid_state->set_handshake_state(swid_state, IMV_SWID_STATE_END);
-
- if (result != TNC_RESULT_SUCCESS)
- {
- return result;
- }
- return this->agent->provide_recommendation(this->agent, state);
- }
-
- /* send non-empty PA-TNC message with excl flag not set */
- if (out_msg->get_attribute_count(out_msg))
- {
- result = out_msg->send(out_msg, FALSE);
- }
- out_msg->destroy(out_msg);
-
- return result;
-}
-
-METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result,
- private_imv_swid_agent_t *this, TNC_ConnectionID id)
-{
- imv_state_t *state;
-
- if (!this->agent->get_state(this->agent, id, &state))
- {
- return TNC_RESULT_FATAL;
- }
- return this->agent->provide_recommendation(this->agent, state);
-}
-
-METHOD(imv_agent_if_t, destroy, void,
- private_imv_swid_agent_t *this)
-{
- DESTROY_IF(this->rest_api);
- this->agent->destroy(this->agent);
- free(this);
-}
-
-/**
- * Described in header.
- */
-imv_agent_if_t *imv_swid_agent_create(const char *name, TNC_IMVID id,
- TNC_Version *actual_version)
-{
- private_imv_swid_agent_t *this;
- imv_agent_t *agent;
- char *rest_api_uri;
- u_int rest_api_timeout;
-
- agent = imv_agent_create(name, msg_types, countof(msg_types), id,
- actual_version);
- if (!agent)
- {
- return NULL;
- }
- agent->add_non_fatal_attr_type(agent,
- pen_type_create(PEN_TCG, TCG_SEG_MAX_ATTR_SIZE_REQ));
-
- INIT(this,
- .public = {
- .bind_functions = _bind_functions,
- .notify_connection_change = _notify_connection_change,
- .receive_message = _receive_message,
- .receive_message_long = _receive_message_long,
- .batch_ending = _batch_ending,
- .solicit_recommendation = _solicit_recommendation,
- .destroy = _destroy,
- },
- .agent = agent,
- );
-
- rest_api_uri = lib->settings->get_str(lib->settings,
- "%s.plugins.imv-swid.rest_api_uri", NULL, lib->ns);
- rest_api_timeout = lib->settings->get_int(lib->settings,
- "%s.plugins.imv-swid.rest_api_timeout", 120, lib->ns);
- if (rest_api_uri)
- {
- this->rest_api = rest_create(rest_api_uri, rest_api_timeout);
- }
-
- return &this->public;
-}
-
diff --git a/src/libimcv/plugins/imv_swid/imv_swid_agent.h b/src/libimcv/plugins/imv_swid/imv_swid_agent.h
deleted file mode 100644
index 4218040bc..000000000
--- a/src/libimcv/plugins/imv_swid/imv_swid_agent.h
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv_swid_agent_t imv_swid_agent
- * @{ @ingroup imv_swid
- */
-
-#ifndef IMV_SWID_AGENT_H_
-#define IMV_SWID_AGENT_H_
-
-#include <imv/imv_agent_if.h>
-
-/**
- * Creates an SWID IMV agent
- *
- * @param name Name of the IMV
- * @param id ID of the IMV
- * @param actual_version TNC IF-IMV version
- */
-imv_agent_if_t* imv_swid_agent_create(const char* name, TNC_IMVID id,
- TNC_Version *actual_version);
-
-#endif /** IMV_SWID_AGENT_H_ @}*/
diff --git a/src/libimcv/plugins/imv_swid/imv_swid_state.c b/src/libimcv/plugins/imv_swid/imv_swid_state.c
deleted file mode 100644
index 50e9f489a..000000000
--- a/src/libimcv/plugins/imv_swid/imv_swid_state.c
+++ /dev/null
@@ -1,417 +0,0 @@
-/*
- * Copyright (C) 2013-2017 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "imv_swid_state.h"
-
-#include <imv/imv_lang_string.h>
-#include <imv/imv_reason_string.h>
-#include <imv/imv_remediation_string.h>
-#include <swid/swid_tag_id.h>
-
-#include <tncif_policy.h>
-
-#include <utils/lexparser.h>
-#include <utils/debug.h>
-
-typedef struct private_imv_swid_state_t private_imv_swid_state_t;
-
-/**
- * Private data of an imv_swid_state_t object.
- */
-struct private_imv_swid_state_t {
-
- /**
- * Public members of imv_swid_state_t
- */
- imv_swid_state_t public;
-
- /**
- * TNCCS connection ID
- */
- TNC_ConnectionID connection_id;
-
- /**
- * TNCCS connection state
- */
- TNC_ConnectionState state;
-
- /**
- * Does the TNCCS connection support long message types?
- */
- bool has_long;
-
- /**
- * Does the TNCCS connection support exclusive delivery?
- */
- bool has_excl;
-
- /**
- * Maximum PA-TNC message size for this TNCCS connection
- */
- uint32_t max_msg_len;
-
- /**
- * Flags set for completed actions
- */
- uint32_t action_flags;
-
- /**
- * IMV database session associated with TNCCS connection
- */
- imv_session_t *session;
-
- /**
- * PA-TNC attribute segmentation contracts associated with TNCCS connection
- */
- seg_contract_manager_t *contracts;
-
- /**
- * IMV action recommendation
- */
- TNC_IMV_Action_Recommendation rec;
-
- /**
- * IMV evaluation result
- */
- TNC_IMV_Evaluation_Result eval;
-
- /**
- * IMV Scanner handshake state
- */
- imv_swid_handshake_state_t handshake_state;
-
- /**
- * TNC Reason String
- */
- imv_reason_string_t *reason_string;
-
- /**
- * IETF Remediation Instructions String
- */
- imv_remediation_string_t *remediation_string;
-
- /**
- * SWID Tag Request ID
- */
- uint32_t request_id;
-
- /**
- * Number of processed SWID Tag IDs
- */
- int tag_id_count;
-
- /**
- * Number of processed SWID Tags
- */
- int tag_count;
-
- /**
- * Number of missing SWID Tags or Tag IDs
- */
- uint32_t missing;
-
- /**
- * SWID IMC ID
- */
- TNC_UInt32 imc_id;
-
- /**
- * Top level JSON object
- */
- json_object *jobj;
-
- /**
- * JSON array containing an inventory of SWID Tag IDs
- */
- json_object *jarray;
-
-};
-
-METHOD(imv_state_t, get_connection_id, TNC_ConnectionID,
- private_imv_swid_state_t *this)
-{
- return this->connection_id;
-}
-
-METHOD(imv_state_t, has_long, bool,
- private_imv_swid_state_t *this)
-{
- return this->has_long;
-}
-
-METHOD(imv_state_t, has_excl, bool,
- private_imv_swid_state_t *this)
-{
- return this->has_excl;
-}
-
-METHOD(imv_state_t, set_flags, void,
- private_imv_swid_state_t *this, bool has_long, bool has_excl)
-{
- this->has_long = has_long;
- this->has_excl = has_excl;
-}
-
-METHOD(imv_state_t, set_max_msg_len, void,
- private_imv_swid_state_t *this, uint32_t max_msg_len)
-{
- this->max_msg_len = max_msg_len;
-}
-
-METHOD(imv_state_t, get_max_msg_len, uint32_t,
- private_imv_swid_state_t *this)
-{
- return this->max_msg_len;
-}
-
-METHOD(imv_state_t, set_action_flags, void,
- private_imv_swid_state_t *this, uint32_t flags)
-{
- this->action_flags |= flags;
-}
-
-METHOD(imv_state_t, get_action_flags, uint32_t,
- private_imv_swid_state_t *this)
-{
- return this->action_flags;
-}
-
-METHOD(imv_state_t, set_session, void,
- private_imv_swid_state_t *this, imv_session_t *session)
-{
- this->session = session;
-}
-
-METHOD(imv_state_t, get_session, imv_session_t*,
- private_imv_swid_state_t *this)
-{
- return this->session;
-}
-
-METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
- private_imv_swid_state_t *this)
-{
- return this->contracts;
-}
-
-METHOD(imv_state_t, change_state, void,
- private_imv_swid_state_t *this, TNC_ConnectionState new_state)
-{
- this->state = new_state;
-}
-
-METHOD(imv_state_t, get_recommendation, void,
- private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation *rec,
- TNC_IMV_Evaluation_Result *eval)
-{
- *rec = this->rec;
- *eval = this->eval;
-}
-
-METHOD(imv_state_t, set_recommendation, void,
- private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval)
-{
- this->rec = rec;
- this->eval = eval;
-}
-
-METHOD(imv_state_t, update_recommendation, void,
- private_imv_swid_state_t *this, TNC_IMV_Action_Recommendation rec,
- TNC_IMV_Evaluation_Result eval)
-{
- this->rec = tncif_policy_update_recommendation(this->rec, rec);
- this->eval = tncif_policy_update_evaluation(this->eval, eval);
-}
-
-METHOD(imv_state_t, get_reason_string, bool,
- private_imv_swid_state_t *this, enumerator_t *language_enumerator,
- chunk_t *reason_string, char **reason_language)
-{
- return FALSE;
-}
-
-METHOD(imv_state_t, get_remediation_instructions, bool,
- private_imv_swid_state_t *this, enumerator_t *language_enumerator,
- chunk_t *string, char **lang_code, char **uri)
-{
- return FALSE;
-}
-
-METHOD(imv_state_t, destroy, void,
- private_imv_swid_state_t *this)
-{
- json_object_put(this->jobj);
- DESTROY_IF(this->session);
- DESTROY_IF(this->reason_string);
- DESTROY_IF(this->remediation_string);
- this->contracts->destroy(this->contracts);
- free(this);
-}
-
-METHOD(imv_swid_state_t, set_handshake_state, void,
- private_imv_swid_state_t *this, imv_swid_handshake_state_t new_state)
-{
- this->handshake_state = new_state;
-}
-
-METHOD(imv_swid_state_t, get_handshake_state, imv_swid_handshake_state_t,
- private_imv_swid_state_t *this)
-{
- return this->handshake_state;
-}
-
-METHOD(imv_swid_state_t, set_request_id, void,
- private_imv_swid_state_t *this, uint32_t request_id)
-{
- this->request_id = request_id;
-}
-
-METHOD(imv_swid_state_t, get_request_id, uint32_t,
- private_imv_swid_state_t *this)
-{
- return this->request_id;
-}
-
-METHOD(imv_swid_state_t, set_swid_inventory, void,
- private_imv_swid_state_t *this, swid_inventory_t *inventory)
-{
- chunk_t tag_creator, sw_id;
- char software_id[BUF_LEN];
- json_object *jstring;
- swid_tag_id_t *tag_id;
- enumerator_t *enumerator;
-
- enumerator = inventory->create_enumerator(inventory);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- /* Construct software ID from tag creator and unique software ID */
- tag_creator = tag_id->get_tag_creator(tag_id);
- sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
- snprintf(software_id, BUF_LEN, "%.*s__%.*s",
- (int)tag_creator.len, tag_creator.ptr,
- (int)sw_id.len, sw_id.ptr);
- DBG3(DBG_IMV, " %s", software_id);
-
- /* Add software ID to JSON array */
- jstring = json_object_new_string(software_id);
- json_object_array_add(this->jarray, jstring);
- }
- enumerator->destroy(enumerator);
-}
-
-METHOD(imv_swid_state_t, get_swid_inventory, json_object*,
- private_imv_swid_state_t *this)
-{
- return this->jobj;
-}
-
-METHOD(imv_swid_state_t, set_missing, void,
- private_imv_swid_state_t *this, uint32_t count)
-{
- this->missing = count;
-}
-
-METHOD(imv_swid_state_t, get_missing, uint32_t,
- private_imv_swid_state_t *this)
-{
- return this->missing;
-}
-
-METHOD(imv_swid_state_t, set_count, void,
- private_imv_swid_state_t *this, int tag_id_count, int tag_count,
- TNC_UInt32 imc_id)
-{
- this->tag_id_count += tag_id_count;
- this->tag_count += tag_count;
- this->imc_id = imc_id;
-}
-
-METHOD(imv_swid_state_t, get_count, void,
- private_imv_swid_state_t *this, int *tag_id_count, int *tag_count)
-{
- if (tag_id_count)
- {
- *tag_id_count = this->tag_id_count;
- }
- if (tag_count)
- {
- *tag_count = this->tag_count;
- }
-}
-
-METHOD(imv_swid_state_t, get_imc_id, TNC_UInt32,
- private_imv_swid_state_t *this)
-{
- return this->imc_id;
-}
-
-/**
- * Described in header.
- */
-imv_state_t *imv_swid_state_create(TNC_ConnectionID connection_id)
-{
- private_imv_swid_state_t *this;
-
- INIT(this,
- .public = {
- .interface = {
- .get_connection_id = _get_connection_id,
- .has_long = _has_long,
- .has_excl = _has_excl,
- .set_flags = _set_flags,
- .set_max_msg_len = _set_max_msg_len,
- .get_max_msg_len = _get_max_msg_len,
- .set_action_flags = _set_action_flags,
- .get_action_flags = _get_action_flags,
- .set_session = _set_session,
- .get_session= _get_session,
- .get_contracts = _get_contracts,
- .change_state = _change_state,
- .get_recommendation = _get_recommendation,
- .set_recommendation = _set_recommendation,
- .update_recommendation = _update_recommendation,
- .get_reason_string = _get_reason_string,
- .get_remediation_instructions = _get_remediation_instructions,
- .destroy = _destroy,
- },
- .set_handshake_state = _set_handshake_state,
- .get_handshake_state = _get_handshake_state,
- .set_request_id = _set_request_id,
- .get_request_id = _get_request_id,
- .set_swid_inventory = _set_swid_inventory,
- .get_swid_inventory = _get_swid_inventory,
- .set_missing = _set_missing,
- .get_missing = _get_missing,
- .set_count = _set_count,
- .get_count = _get_count,
- .get_imc_id = _get_imc_id,
- },
- .state = TNC_CONNECTION_STATE_CREATE,
- .rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
- .eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW,
- .connection_id = connection_id,
- .contracts = seg_contract_manager_create(),
- .imc_id = TNC_IMCID_ANY,
- .jobj = json_object_new_object(),
- .jarray = json_object_new_array(),
- );
-
- json_object_object_add(this->jobj, "data", this->jarray);
-
- return &this->public.interface;
-}
-
-
diff --git a/src/libimcv/plugins/imv_swid/imv_swid_state.h b/src/libimcv/plugins/imv_swid/imv_swid_state.h
deleted file mode 100644
index 5fe99ecdc..000000000
--- a/src/libimcv/plugins/imv_swid/imv_swid_state.h
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Copyright (C) 2013-2016 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup imv_swid imv_swid
- * @ingroup libimcv_plugins
- *
- * @defgroup imv_swid_state_t imv_swid_state
- * @{ @ingroup imv_swid
- */
-
-#ifndef IMV_SWID_STATE_H_
-#define IMV_SWID_STATE_H_
-
-#include <imv/imv_state.h>
-#include <swid/swid_inventory.h>
-#include <library.h>
-
-#include <json.h>
-
-typedef struct imv_swid_state_t imv_swid_state_t;
-typedef enum imv_swid_handshake_state_t imv_swid_handshake_state_t;
-
-/**
- * IMV OS Handshake States (state machine)
- */
-enum imv_swid_handshake_state_t {
- IMV_SWID_STATE_INIT,
- IMV_SWID_STATE_WORKITEMS,
- IMV_SWID_STATE_END
-};
-
-/**
- * Internal state of an imv_swid_t connection instance
- */
-struct imv_swid_state_t {
-
- /**
- * imv_state_t interface
- */
- imv_state_t interface;
-
- /**
- * Set state of the handshake
- *
- * @param new_state the handshake state of IMV
- */
- void (*set_handshake_state)(imv_swid_state_t *this,
- imv_swid_handshake_state_t new_state);
-
- /**
- * Get state of the handshake
- *
- * @return the handshake state of IMV
- */
- imv_swid_handshake_state_t (*get_handshake_state)(imv_swid_state_t *this);
-
- /**
- * Set the SWID request ID
- *
- * @param request_id SWID request ID to be set
- */
- void (*set_request_id)(imv_swid_state_t *this, uint32_t request_id);
-
- /**
- * Get the SWID request ID
- *
- * @return SWID request ID
- */
- uint32_t (*get_request_id)(imv_swid_state_t *this);
-
- /**
- * Set or extend the SWID Tag ID inventory in the state
- *
- * @param inventory SWID Tags ID inventory to be added
- */
- void (*set_swid_inventory)(imv_swid_state_t *this, swid_inventory_t *inventory);
-
- /**
- * Get the encoding of the complete SWID Tag ID inventory
- *
- * @return SWID Tags ID inventory as a JSON array
- */
- json_object* (*get_swid_inventory)(imv_swid_state_t *this);
-
- /**
- * Set the number of still missing SWID Tags or Tag IDs
- *
- * @param count Number of missing SWID Tags or Tag IDs
- */
- void (*set_missing)(imv_swid_state_t *this, uint32_t count);
-
- /**
- * Get the number of still missing SWID Tags or Tag IDs
- *
- * @result Number of missing SWID Tags or Tag IDs
- */
- uint32_t (*get_missing)(imv_swid_state_t *this);
-
- /**
- * Set [or with multiple attributes increment] SWID Tag [ID] counters
- *
- * @param tag_id_count Number of received SWID Tag IDs
- * @param tag_count Number of received SWID Tags
- * @param imc_id SWID IMC ID
- */
- void (*set_count)(imv_swid_state_t *this, int tag_id_count, int tag_count,
- TNC_UInt32 imc_id);
-
- /**
- * Set [or with multiple attributes increment] SWID Tag [ID] counters
- *
- * @param tag_id_count Number of received SWID Tag IDs
- * @param tag_count Number of received SWID Tags
- */
- void (*get_count)(imv_swid_state_t *this, int *tag_id_count, int *tag_count);
-
- /**
- * Get SWID IMC ID
- *
- * @return SWID IMC ID
- */
- TNC_UInt32 (*get_imc_id)(imv_swid_state_t *this);
-};
-
-/**
- * Create an imv_swid_state_t instance
- *
- * @param id connection ID
- */
-imv_state_t* imv_swid_state_create(TNC_ConnectionID id);
-
-#endif /** IMV_SWID_STATE_H_ @}*/
diff --git a/src/libimcv/plugins/imv_swima/Makefile.in b/src/libimcv/plugins/imv_swima/Makefile.in
index e2132b576..a9c7715ec 100644
--- a/src/libimcv/plugins/imv_swima/Makefile.in
+++ b/src/libimcv/plugins/imv_swima/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imv_swima/imv_swima_agent.c b/src/libimcv/plugins/imv_swima/imv_swima_agent.c
index 1d9944200..52f1baf03 100644
--- a/src/libimcv/plugins/imv_swima/imv_swima_agent.c
+++ b/src/libimcv/plugins/imv_swima/imv_swima_agent.c
@@ -187,11 +187,17 @@ static TNC_Result receive_msg(private_imv_swima_agent_t *this,
}
description = reader->peek(reader);
if (description.len)
- {
+ {
DBG1(DBG_IMV, " description: %.*s", description.len,
description.ptr);
}
reader->destroy(reader);
+ if (error_code.type == PA_ERROR_SWIMA_SUBSCRIPTION_DENIED)
+ {
+ swima_state->set_subscription(swima_state, FALSE);
+ DBG1(DBG_IMV, "SWIMA subscription %u cleared",
+ swima_state->get_request_id(swima_state));
+ }
break;
}
case IETF_ATTR_SW_ID_INVENTORY:
@@ -474,7 +480,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
seg_contract_t *contract;
seg_contract_manager_t *contracts;
swima_inventory_t *targets;
- uint32_t earliest_eid = 0;
+ uint32_t old_request_id = 0, earliest_eid = 0;
char buf[BUF_LEN];
enumerator = session->create_workitem_enumerator(session);
@@ -487,7 +493,13 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
{
continue;
}
-
+
+ earliest_eid = workitem->get_arg_int(workitem);
+ request_id = workitem->get_id(workitem);
+ workitem->set_imv_id(workitem, imv_id);
+ no_workitems = FALSE;
+ old_request_id = swima_state->get_request_id(swima_state);
+
flags = IETF_SWIMA_ATTR_REQ_FLAG_NONE;
if (strchr(workitem->get_arg_str(workitem), 'R'))
{
@@ -496,47 +508,57 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
if (strchr(workitem->get_arg_str(workitem), 'S'))
{
flags |= IETF_SWIMA_ATTR_REQ_FLAG_S;
+ swima_state->set_subscription(swima_state, TRUE);
+ if (!old_request_id)
+ {
+ DBG1(DBG_IMV, "SWIMA subscription %u requested",
+ request_id);
+ }
}
if (strchr(workitem->get_arg_str(workitem), 'C'))
{
flags |= IETF_SWIMA_ATTR_REQ_FLAG_C;
+ swima_state->set_subscription(swima_state, FALSE);
}
- earliest_eid = workitem->get_arg_int(workitem);
-
- /* Determine maximum PA-TNC attribute segment size */
- max_seg_size = state->get_max_msg_len(state)
- - PA_TNC_HEADER_SIZE
- - PA_TNC_ATTR_HEADER_SIZE
- - TCG_SEG_ATTR_SEG_ENV_HEADER;
-
- /* Announce support of PA-TNC segmentation to IMC */
- contract = seg_contract_create(msg_types[0], max_attr_size,
- max_seg_size, TRUE, imv_id, FALSE);
- contract->get_info_string(contract, buf, BUF_LEN, TRUE);
- DBG2(DBG_IMV, "%s", buf);
- contracts = state->get_contracts(state);
- contracts->add_contract(contracts, contract);
- attr = tcg_seg_attr_max_size_create(max_attr_size,
- max_seg_size, TRUE);
- out_msg->add_attribute(out_msg, attr);
-
- /* Issue a SWID request */
- request_id = workitem->get_id(workitem);
- swima_state->set_request_id(swima_state, request_id);
- attr = ietf_swima_attr_req_create(flags, request_id);
- /* Request software identifier events */
- targets = swima_inventory_create();
- targets->set_eid(targets, earliest_eid, 0);
- cast_attr = (ietf_swima_attr_req_t*)attr;
- cast_attr->set_targets(cast_attr, targets);
- targets->destroy(targets);
+ if (!old_request_id)
+ {
+ /* Determine maximum PA-TNC attribute segment size */
+ max_seg_size = state->get_max_msg_len(state)
+ - PA_TNC_HEADER_SIZE
+ - PA_TNC_ATTR_HEADER_SIZE
+ - TCG_SEG_ATTR_SEG_ENV_HEADER;
+
+ /* Announce support of PA-TNC segmentation to IMC */
+ contract = seg_contract_create(msg_types[0], max_attr_size,
+ max_seg_size, TRUE, imv_id, FALSE);
+ contract->get_info_string(contract, buf, BUF_LEN, TRUE);
+ DBG2(DBG_IMV, "%s", buf);
+ contracts = state->get_contracts(state);
+ contracts->add_contract(contracts, contract);
+ attr = tcg_seg_attr_max_size_create(max_attr_size,
+ max_seg_size, TRUE);
+ out_msg->add_attribute(out_msg, attr);
+ }
- out_msg->add_attribute(out_msg, attr);
- workitem->set_imv_id(workitem, imv_id);
- no_workitems = FALSE;
- DBG2(DBG_IMV, "IMV %d issues sw request %d with earliest eid %d",
- imv_id, request_id, earliest_eid);
+ if (!old_request_id ||
+ !swima_state->get_subscription(swima_state))
+ {
+ /* Issue a SWID request */
+ swima_state->set_request_id(swima_state, request_id);
+ attr = ietf_swima_attr_req_create(flags, request_id);
+
+ /* Request software identifier events */
+ targets = swima_inventory_create();
+ targets->set_eid(targets, earliest_eid, 0);
+ cast_attr = (ietf_swima_attr_req_t*)attr;
+ cast_attr->set_targets(cast_attr, targets);
+ targets->destroy(targets);
+
+ out_msg->add_attribute(out_msg, attr);
+ DBG2(DBG_IMV, "IMV %d issues sw request %d with earliest "
+ "eid %d", imv_id, request_id, earliest_eid);
+ }
break;
}
enumerator->destroy(enumerator);
@@ -565,7 +587,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
TNC_IMV_Action_Recommendation rec;
char result_str[BUF_LEN], *format = NULL, *cmd = NULL, *command;
char *target_str, *error_str = "";
- int sw_id_count, tag_count, i, res;
+ int sw_id_count, tag_count, i, res, written;
json_object *jrequest, *jresponse, *jvalue;
ietf_swima_attr_req_t *cast_attr;
swima_inventory_t *targets;
@@ -617,16 +639,24 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
&tag_count);
if (format)
{
- snprintf(result_str, BUF_LEN, format,
+ written = snprintf(result_str, BUF_LEN, format,
sw_id_count, (sw_id_count == 1) ? "" : "s",
tag_count, (tag_count == 1) ? "" : "s");
}
else
{
- snprintf(result_str, BUF_LEN, "received %d SWID tag"
- "%s", tag_count, (tag_count == 1) ? "" : "s");
+ written = snprintf(result_str, BUF_LEN,
+ "received %d SWID tag%s",
+ tag_count, (tag_count == 1) ? "" : "s");
}
+ if (swima_state->get_subscription(swima_state) &&
+ written > 0 && written < BUF_LEN)
+ {
+ snprintf(result_str + written, BUF_LEN - written,
+ " from subscription %u",
+ swima_state->get_request_id(swima_state));
+ }
session->remove_workitem(session, enumerator);
eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT;
diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.c b/src/libimcv/plugins/imv_swima/imv_swima_state.c
index 03500bc2d..7d9631d3f 100644
--- a/src/libimcv/plugins/imv_swima/imv_swima_state.c
+++ b/src/libimcv/plugins/imv_swima/imv_swima_state.c
@@ -101,6 +101,11 @@ struct private_imv_swima_state_t {
imv_remediation_string_t *remediation_string;
/**
+ * Has a subscription been established?
+ */
+ bool has_subscription;
+
+ /**
* SWID Tag Request ID
*/
uint32_t request_id;
@@ -204,10 +209,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
private_imv_swima_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imv_state_t, get_recommendation, void,
@@ -248,13 +257,28 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
return FALSE;
}
+METHOD(imv_state_t, reset, void,
+ private_imv_swima_state_t *this)
+{
+ this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ this->action_flags = 0;
+
+ this->handshake_state = IMV_SWIMA_STATE_INIT;
+ this->sw_id_count = 0;
+ this->tag_count = 0;
+ this->missing = 0;
+
+ json_object_put(this->jobj);
+ this->jobj = json_object_new_object();
+}
+
METHOD(imv_state_t, destroy, void,
private_imv_swima_state_t *this)
{
json_object_put(this->jobj);
DESTROY_IF(this->session);
- DESTROY_IF(this->reason_string);
- DESTROY_IF(this->remediation_string);
this->contracts->destroy(this->contracts);
free(this);
}
@@ -426,6 +450,18 @@ METHOD(imv_swima_state_t, get_imc_id, TNC_UInt32,
return this->imc_id;
}
+METHOD(imv_swima_state_t, set_subscription, void,
+ private_imv_swima_state_t *this, bool set)
+{
+ this->has_subscription = set;
+}
+
+METHOD(imv_swima_state_t, get_subscription, bool,
+ private_imv_swima_state_t *this)
+{
+ return this->has_subscription;
+}
+
/**
* Described in header.
*/
@@ -453,6 +489,7 @@ imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id)
.update_recommendation = _update_recommendation,
.get_reason_string = _get_reason_string,
.get_remediation_instructions = _get_remediation_instructions,
+ .reset = _reset,
.destroy = _destroy,
},
.set_handshake_state = _set_handshake_state,
@@ -467,6 +504,8 @@ imv_state_t *imv_swima_state_create(TNC_ConnectionID connection_id)
.set_count = _set_count,
.get_count = _get_count,
.get_imc_id = _get_imc_id,
+ .set_subscription = _set_subscription,
+ .get_subscription = _get_subscription,
},
.state = TNC_CONNECTION_STATE_CREATE,
.rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION,
diff --git a/src/libimcv/plugins/imv_swima/imv_swima_state.h b/src/libimcv/plugins/imv_swima/imv_swima_state.h
index 4fa32daf4..e2f805189 100644
--- a/src/libimcv/plugins/imv_swima/imv_swima_state.h
+++ b/src/libimcv/plugins/imv_swima/imv_swima_state.h
@@ -141,6 +141,20 @@ struct imv_swima_state_t {
* @return SWID IMC ID
*/
TNC_UInt32 (*get_imc_id)(imv_swima_state_t *this);
+
+ /**
+ * Set or clear a subscription
+ *
+ * @param set TRUE sets and FALSE clears a subscripton
+ */
+ void (*set_subscription)(imv_swima_state_t *this, bool set);
+
+ /**
+ * Get the subscription status
+ *
+ * @return TRUE if subscription is set
+ */
+ bool (*get_subscription)(imv_swima_state_t *this);
};
/**
diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in
index b583a32c2..d9b1725d2 100644
--- a/src/libimcv/plugins/imv_test/Makefile.in
+++ b/src/libimcv/plugins/imv_test/Makefile.in
@@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -335,6 +334,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -355,8 +356,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -411,8 +410,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -441,8 +438,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c
index c20d00bd1..fe6bf18b2 100644
--- a/src/libimcv/plugins/imv_test/imv_test_state.c
+++ b/src/libimcv/plugins/imv_test/imv_test_state.c
@@ -173,10 +173,14 @@ METHOD(imv_state_t, get_contracts, seg_contract_manager_t*,
return this->contracts;
}
-METHOD(imv_state_t, change_state, void,
+METHOD(imv_state_t, change_state, TNC_ConnectionState,
private_imv_test_state_t *this, TNC_ConnectionState new_state)
{
+ TNC_ConnectionState old_state;
+
+ old_state = this->state;
this->state = new_state;
+ return old_state;
}
METHOD(imv_state_t, get_recommendation, void,
@@ -226,6 +230,20 @@ METHOD(imv_state_t, get_remediation_instructions, bool,
return FALSE;
}
+METHOD(imv_state_t, reset, void,
+ private_imv_test_state_t *this)
+{
+ DESTROY_IF(this->reason_string);
+ this->reason_string = NULL;
+ this->rec = TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION;
+ this->eval = TNC_IMV_EVALUATION_RESULT_DONT_KNOW;
+
+ this->imcs->destroy_function(this->imcs, free);
+ this->imcs = linked_list_create();
+
+}
+
+
METHOD(imv_state_t, destroy, void,
private_imv_test_state_t *this)
{
@@ -326,6 +344,7 @@ imv_state_t *imv_test_state_create(TNC_ConnectionID connection_id)
.update_recommendation = _update_recommendation,
.get_reason_string = _get_reason_string,
.get_remediation_instructions = _get_remediation_instructions,
+ .reset = _reset,
.destroy = _destroy,
},
.add_imc = _add_imc,
diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c
index 3cf439f35..56bb821cd 100644
--- a/src/libimcv/pts/pts.c
+++ b/src/libimcv/pts/pts.c
@@ -323,7 +323,6 @@ METHOD(pts_t, set_tpm_version_info, void,
private_pts_t *this, chunk_t info)
{
this->tpm_version_info = chunk_clone(info);
- /* print_tpm_version_info(this); */
}
/**
diff --git a/src/libimcv/suites/test_imcv_swima.c b/src/libimcv/suites/test_imcv_swima.c
index a579f7378..b3207fb93 100644
--- a/src/libimcv/suites/test_imcv_swima.c
+++ b/src/libimcv/suites/test_imcv_swima.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 Andreas Steffen
+ * Copyright (C) 2017-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -182,7 +182,7 @@ START_TEST(test_imcv_swima_sw_req)
targets = c_attr->get_targets(c_attr);
ck_assert(targets->get_eid(targets, NULL) == req_data[_i].earliest_eid);
-
+
enumerator = targets->create_enumerator(targets);
ck_assert(enumerator);
n = 0;
@@ -268,67 +268,69 @@ static sw_inv_data_t sw_inv_data[] = {
chunk_from_chars(
0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD2, 0x12, 0x34,
0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72,
- 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72,
- 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77,
- 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77,
- 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74,
- 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61,
- 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74,
+ 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F,
+ 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53,
+ 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74,
0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69,
- 0x74, 0x79, 0x3E)
+ 0x74, 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22,
+ 0x61, 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66,
+ 0x74, 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74,
+ 0x69, 0x74, 0x79, 0x3E)
},
{ IETF_SWIMA_ATTR_SW_INV_FLAG_NONE, 0xaabbccd3, 0x12345678, 0x00000030,
chunk_from_chars(
0x00, 0x00, 0x00, 0x01, 0xAA, 0xBB, 0xCC, 0xD3, 0x12, 0x34,
0x56, 0x78, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72,
- 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72,
- 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77,
- 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00)
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74,
+ 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F,
+ 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53,
+ 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00,
+ 0x00)
},
{ IETF_SWIMA_ATTR_SW_INV_FLAG_S_F, 0xaabbccd4, 0x12345678, 0x00000034,
chunk_from_chars(
0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD4, 0x12, 0x34,
0x56, 0x78, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72,
- 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72,
- 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77,
- 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77,
- 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74,
- 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x61,
- 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74,
+ 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F,
+ 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53,
+ 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74,
0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69,
- 0x74, 0x79, 0x3E, 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A,
- 0x19, 0x11, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67,
- 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36,
- 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61,
- 0x30, 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65,
- 0x61, 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61,
- 0x62, 0x31, 0x66, 0x31, 0x61, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65,
- 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, 0x20, 0x74,
- 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x64, 0x65, 0x66, 0x22,
- 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61, 0x72,
- 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79, 0x3E)
+ 0x74, 0x79, 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22,
+ 0x61, 0x62, 0x63, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66,
+ 0x74, 0x77, 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74,
+ 0x69, 0x74, 0x79, 0x3E, 0x00, 0x00, 0x00, 0x01, 0x00, 0x90,
+ 0x2A, 0x19, 0x11, 0x00, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F,
+ 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67,
+ 0x5F, 0x36, 0x32, 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D,
+ 0x31, 0x61, 0x30, 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D,
+ 0x61, 0x65, 0x61, 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66,
+ 0x30, 0x61, 0x62, 0x31, 0x66, 0x31, 0x61, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x31, 0x3C, 0x53, 0x6F, 0x66, 0x74, 0x77, 0x61,
+ 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74, 0x79,
+ 0x20, 0x74, 0x61, 0x67, 0x49, 0x64, 0x3D, 0x22, 0x64, 0x65,
+ 0x66, 0x22, 0x3E, 0x3C, 0x2F, 0x53, 0x6F, 0x66, 0x74, 0x77,
+ 0x61, 0x72, 0x65, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x74,
+ 0x79, 0x3E)
},
{ IETF_SWIMA_ATTR_SW_INV_FLAG_S_F, 0xaabbccd5, 0x12345678, 0x00000034,
chunk_from_chars(
0x80, 0x00, 0x00, 0x02, 0xAA, 0xBB, 0xCC, 0xD5, 0x12, 0x34,
0x56, 0x78, 0x00, 0x00, 0x00, 0x34, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x1F, 0x73, 0x74, 0x72,
- 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72,
- 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77,
- 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, 0x19, 0x11, 0x00,
- 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61,
- 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36, 0x32, 0x32, 0x35,
- 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61, 0x30, 0x31, 0x2D,
- 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65, 0x61, 0x36, 0x2D,
- 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61, 0x62, 0x31, 0x66,
- 0x31, 0x61, 0x00, 0x00)
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1F, 0x73, 0x74,
+ 0x72, 0x6F, 0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F,
+ 0x72, 0x67, 0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53,
+ 0x77, 0x61, 0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x90, 0x2A, 0x19, 0x11,
+ 0x00, 0x00, 0x33, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x73,
+ 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67, 0x5F, 0x36, 0x32,
+ 0x32, 0x35, 0x31, 0x61, 0x61, 0x36, 0x2D, 0x31, 0x61, 0x30,
+ 0x31, 0x2D, 0x34, 0x37, 0x39, 0x62, 0x2D, 0x61, 0x65, 0x61,
+ 0x36, 0x2D, 0x66, 0x33, 0x64, 0x63, 0x66, 0x30, 0x61, 0x62,
+ 0x31, 0x66, 0x31, 0x61, 0x00, 0x00)
}
};
@@ -351,7 +353,7 @@ START_TEST(test_imcv_swima_inv)
sw_id_only);
sw_inv = swima_inventory_create();
- sw_inv->set_eid(sw_inv, sw_inv_data[_i].last_eid, sw_inv_data[_i].eid_epoch);
+ sw_inv->set_eid(sw_inv, sw_inv_data[_i].last_eid, sw_inv_data[_i].eid_epoch);
for (n = 0; n < _i/2; n++)
{
sw_id = chunk_from_str(sw_id_str[n]);
@@ -445,15 +447,17 @@ END_TEST
* 23 data_model_type
* 24 segment 5 - 1 octet
* 24 source_id
- * 25 sw_id
- * 26 segment 6 - 2 octets
- * 58 sw_locator
- * 59 segment 7 - 33 octets
- * 60 record
- * 62 segment 8 - 3 octets
- * 113 sw record 2
- * 114 segment 9 - 52 octets
- * 230 segment 10 - 116 octets
+ * 25 segment 6 - 1 octet
+ * 25 reserved
+ * 26 sw_id
+ * 27 segment 7 - 2 octets
+ * 59 sw_locator
+ * 60 segment 8 - 33 octets
+ * 61 record
+ * 63 segment 9 - 3 octets
+ * 114 sw record 2
+ * 115 segment 10 - 52 octets
+ * 231 segment 11 - 117 octets
*/
START_TEST(test_imcv_swima_sw_inv_trunc)
@@ -509,26 +513,32 @@ START_TEST(test_imcv_swima_sw_inv_trunc)
attr->add_segment(attr, data);
ck_assert(attr->process(attr, &offset) == NEED_MORE);
- /* Segment 6 truncates sw_id */
+ /* Segment 6 truncates reserved */
data = chunk_skip(sw_inv_data[4].value, 24);
+ data.len = 1;
+ attr->add_segment(attr, data);
+ ck_assert(attr->process(attr, &offset) == NEED_MORE);
+
+ /* Segment 7 truncates sw_id */
+ data = chunk_skip(sw_inv_data[4].value, 25);
data.len = 2;
attr->add_segment(attr, data);
ck_assert(attr->process(attr, &offset) == NEED_MORE);
- /* Segment 7 truncates sw_locator */
- data = chunk_skip(sw_inv_data[4].value, 26);
+ /* Segment 8 truncates sw_locator */
+ data = chunk_skip(sw_inv_data[4].value, 27);
data.len = 33;
attr->add_segment(attr, data);
ck_assert(attr->process(attr, &offset) == NEED_MORE);
- /* Segment 8 truncates record */
- data = chunk_skip(sw_inv_data[4].value, 59);
+ /* Segment 9 truncates record */
+ data = chunk_skip(sw_inv_data[4].value, 60);
data.len = 3;
attr->add_segment(attr, data);
ck_assert(attr->process(attr, &offset) == NEED_MORE);
- /* Segment 9 truncates second sw_record */
- data = chunk_skip(sw_inv_data[4].value, 62);
+ /* Segment 10 truncates second sw_record */
+ data = chunk_skip(sw_inv_data[4].value, 63);
data.len = 52;
attr->add_segment(attr, data);
ck_assert(attr->process(attr, &offset) == SUCCESS);
@@ -539,9 +549,9 @@ START_TEST(test_imcv_swima_sw_inv_trunc)
ck_assert(sw_inv->get_count(sw_inv) == 1);
c_attr->clear_inventory(c_attr);
- /* Segment 10 truncates second sw_record */
- data = chunk_skip(sw_inv_data[4].value, 114);
- data.len = 116;
+ /* Segment 11 truncates second sw_record */
+ data = chunk_skip(sw_inv_data[4].value, 115);
+ data.len = 117;
attr->add_segment(attr, data);
ck_assert(attr->process(attr, &offset) == SUCCESS);
@@ -626,7 +636,7 @@ static sw_ev_data_t sw_ev_data[] = {
0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0',
'5', '-', '3', '0', 'T', '1', '8', ':', '0', '9',
':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
+ 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67,
0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61,
0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00,
@@ -644,7 +654,7 @@ static sw_ev_data_t sw_ev_data[] = {
0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0',
'5', '-', '3', '0', 'T', '1', '8', ':', '0', '9',
':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
+ 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67,
0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61,
0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00)
@@ -656,7 +666,7 @@ static sw_ev_data_t sw_ev_data[] = {
0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0',
'5', '-', '3', '0', 'T', '1', '8', ':', '0', '9',
':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
+ 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67,
0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61,
0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00,
@@ -688,7 +698,7 @@ static sw_ev_data_t sw_ev_data[] = {
0x00, 0x00, 0x00, 0x30, '2', '0', '1', '7', '-', '0',
'5', '-', '3', '0', 'T', '1', '8', ':', '0', '9',
':', '2', '5', 'Z', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x01, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
+ 0x00, 0x00, 0x00, 0x01, 0x00, 0x1F, 0x73, 0x74, 0x72, 0x6F,
0x6E, 0x67, 0x73, 0x77, 0x61, 0x6E, 0x2E, 0x6F, 0x72, 0x67,
0x5F, 0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x53, 0x77, 0x61,
0x6E, 0x5F, 0x35, 0x2E, 0x33, 0x2E, 0x33, 0x00, 0x00, 0x00,
@@ -827,8 +837,8 @@ END_TEST
*
* 0 constant header
* 16 segment 1 - 16 octets
- * 20 eid
- * 22 segment 2 - 6 octets
+ * 20 eid
+ * 22 segment 2 - 6 octets
* 24 timestamp
* 26 segment 3 - 4 octets
* 44 record_id
diff --git a/src/libimcv/swid/swid_error.c b/src/libimcv/swid/swid_error.c
deleted file mode 100644
index 7c7427fb1..000000000
--- a/src/libimcv/swid/swid_error.c
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Copyright (C) 2011 Sansar Choinyambuu
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "swid_error.h"
-
-#include <bio/bio_writer.h>
-#include <ietf/ietf_attr_pa_tnc_error.h>
-
-ENUM(swid_error_code_names, TCG_SWID_ERROR, TCG_SWID_RESPONSE_TOO_LARGE,
- "SWID Error",
- "SWID Subscription Denied",
- "SWID Response Too Large"
-);
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t* swid_error_create(swid_error_code_t code, uint32_t request_id,
- uint32_t max_attr_size, char *description)
-{
- bio_writer_t *writer;
- chunk_t msg_info;
- pa_tnc_attr_t *attr;
- pen_type_t error_code;
-
- error_code = pen_type_create( PEN_TCG, code);
- writer = bio_writer_create(4);
- writer->write_uint32(writer, request_id);
- if (code == TCG_SWID_RESPONSE_TOO_LARGE)
- {
- writer->write_uint32(writer, max_attr_size);
- }
- if (description)
- {
- writer->write_data(writer, chunk_from_str(description));
- }
- msg_info = writer->get_buf(writer);
- attr = ietf_attr_pa_tnc_error_create(error_code, msg_info);
- writer->destroy(writer);
-
- return attr;
-}
-
diff --git a/src/libimcv/swid/swid_error.h b/src/libimcv/swid/swid_error.h
deleted file mode 100644
index 2ed099186..000000000
--- a/src/libimcv/swid/swid_error.h
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (C) 2013 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup swid_error swid_error
- * @{ @ingroup libimcv_swid
- */
-
-#ifndef SWID_ERROR_H_
-#define SWID_ERROR_H_
-
-typedef enum swid_error_code_t swid_error_code_t;
-
-#include "pa_tnc/pa_tnc_attr.h"
-
-#include <library.h>
-
-
-/**
- * SWID Error Codes
- * see section 3.14.2 of PTS Protocol: Binding to TNC IF-M Specification
- */
-enum swid_error_code_t {
- TCG_SWID_ERROR = 0x20,
- TCG_SWID_SUBSCRIPTION_DENIED = 0x21,
- TCG_SWID_RESPONSE_TOO_LARGE = 0x22
-};
-
-/**
- * enum name for swid_error_code_t.
- */
-extern enum_name_t *swid_error_code_names;
-
-/**
- * Creates a SWID Error Attribute
- * see section 4.12 of TNC SWID Message and Attributes for IF-M
- *
- * @param code SWID error code
- * @param request SWID request ID
- * @param max_attr_size Maximum IF-M attribute size (if applicable)
- * @param description Optional description string or NULL
- */
-pa_tnc_attr_t* swid_error_create(swid_error_code_t code, uint32_t request,
- uint32_t max_attr_size, char *description);
-
-#endif /** SWID_ERROR_H_ @}*/
diff --git a/src/libimcv/swid/swid_inventory.c b/src/libimcv/swid/swid_inventory.c
deleted file mode 100644
index 5f6e50cb7..000000000
--- a/src/libimcv/swid/swid_inventory.c
+++ /dev/null
@@ -1,342 +0,0 @@
-/*
- * Copyright (C) 2013-2017 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "swid_inventory.h"
-#include "swid_tag.h"
-#include "swid_tag_id.h"
-#include "swid_gen/swid_gen.h"
-
-#include <collections/linked_list.h>
-#include <utils/lexparser.h>
-#include <utils/debug.h>
-
-#include <stdio.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/stat.h>
-#include <libgen.h>
-#include <errno.h>
-
-typedef struct private_swid_inventory_t private_swid_inventory_t;
-
-/**
- * Private data of a swid_inventory_t object.
- *
- */
-struct private_swid_inventory_t {
-
- /**
- * Public swid_inventory_t interface.
- */
- swid_inventory_t public;
-
- /**
- * Full SWID tags or just SWID tag IDs
- */
- bool full_tags;
-
- /**
- * List of SWID tags or tag IDs
- */
- linked_list_t *list;
-};
-
-static status_t generate_tags(private_swid_inventory_t *this,
- swid_inventory_t *targets, bool pretty, bool full)
-{
- swid_gen_t *swid_gen;
- swid_tag_t *tag;
- swid_tag_id_t *tag_id;
- enumerator_t *enumerator;
- status_t status = SUCCESS;
- chunk_t out;
-
- swid_gen = swid_gen_create();
-
- if (targets->get_count(targets) == 0)
- {
- DBG2(DBG_IMC, "SWID tag%s generation by package manager",
- this->full_tags ? "" : " ID");
-
- enumerator = swid_gen->create_tag_enumerator(swid_gen, !this->full_tags,
- full, pretty);
- if (enumerator)
- {
- while (enumerator->enumerate(enumerator, &out))
- {
- if (this->full_tags)
- {
- chunk_t swid_tag = out;
-
- tag = swid_tag_create(swid_tag, chunk_empty);
- this->list->insert_last(this->list, tag);
- }
- else
- {
- chunk_t tag_creator, sw_id = out;
-
- if (extract_token_str(&tag_creator, "__", &sw_id))
- {
- tag_id = swid_tag_id_create(tag_creator, sw_id,
- chunk_empty);
- this->list->insert_last(this->list, tag_id);
- }
- else
- {
- DBG1(DBG_IMC, "separation of regid from unique "
- "software ID failed");
- status = FAILED;
- chunk_free(&out);
- break;
- }
- }
- chunk_free(&out);
- }
- enumerator->destroy(enumerator);
- }
- else
- {
- status = NOT_SUPPORTED;
- }
- }
- else if (this->full_tags)
- {
- DBG2(DBG_IMC, "targeted SWID tag generation");
-
- enumerator = targets->create_enumerator(targets);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- char software_id[BUF_LEN], *swid_tag;
- chunk_t tag_creator, sw_id;
-
- /* Construct software ID from tag creator and unique software ID */
- tag_creator = tag_id->get_tag_creator(tag_id);
- sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
- snprintf(software_id, BUF_LEN, "%.*s__%.*s",
- (int)tag_creator.len, tag_creator.ptr,
- (int)sw_id.len, sw_id.ptr);
-
- swid_tag = swid_gen->generate_tag(swid_gen, software_id, NULL, NULL,
- full, pretty);
- if (swid_tag)
- {
- tag = swid_tag_create(chunk_from_str(swid_tag), chunk_empty);
- this->list->insert_last(this->list, tag);
- free(swid_tag);
- }
- }
- enumerator->destroy(enumerator);
- }
- swid_gen->destroy(swid_gen);
-
- return status;
-}
-
-static bool collect_tags(private_swid_inventory_t *this, char *pathname,
- swid_inventory_t *targets, bool is_swidtag_dir)
-{
- char *rel_name, *abs_name;
- struct stat st;
- bool success = FALSE;
- enumerator_t *enumerator;
-
- enumerator = enumerator_create_directory(pathname);
- if (!enumerator)
- {
- DBG1(DBG_IMC, "directory '%s' can not be opened, %s",
- pathname, strerror(errno));
- return FALSE;
- }
- if (is_swidtag_dir)
- {
- DBG2(DBG_IMC, "entering %s", pathname);
- }
-
- while (enumerator->enumerate(enumerator, &rel_name, &abs_name, &st))
- {
- char *separator, *suffix;
- chunk_t tag_creator;
- chunk_t unique_sw_id = chunk_empty, tag_file_path = chunk_empty;
-
- if (S_ISDIR(st.st_mode))
- {
- if (!collect_tags(this, abs_name, targets, is_swidtag_dir ||
- streq(rel_name, "swidtag")))
- {
- goto end;
- }
- continue;
- }
- if (!is_swidtag_dir)
- {
- continue;
- }
-
- /* found a swidtag file? */
- suffix = strstr(rel_name, ".swidtag");
- if (!suffix)
- {
- continue;
- }
-
- /* parse the swidtag filename into its components */
- separator = strstr(rel_name, "__");
- if (!separator)
- {
- DBG1(DBG_IMC, " %s", rel_name);
- DBG1(DBG_IMC, " '__' separator not found");
- goto end;
- }
- tag_creator = chunk_create(rel_name, separator-rel_name);
-
- unique_sw_id = chunk_create(separator+2, suffix-separator-2);
- tag_file_path = chunk_from_str(abs_name);
-
- /* In case of a targeted request */
- if (targets->get_count(targets))
- {
- chunk_t target_unique_sw_id, target_tag_creator;
- enumerator_t *target_enumerator;
- swid_tag_id_t *tag_id;
- bool match = FALSE;
-
- target_enumerator = targets->create_enumerator(targets);
- while (target_enumerator->enumerate(target_enumerator, &tag_id))
- {
- target_unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
- target_tag_creator = tag_id->get_tag_creator(tag_id);
-
- if (chunk_equals(target_unique_sw_id, unique_sw_id) &&
- chunk_equals(target_tag_creator, tag_creator))
- {
- match = TRUE;
- break;
- }
- }
- target_enumerator->destroy(target_enumerator);
-
- if (!match)
- {
- continue;
- }
- }
- DBG2(DBG_IMC, " %s", rel_name);
-
- if (this->full_tags)
- {
- swid_tag_t *tag;
- chunk_t *xml_tag;
-
- xml_tag = chunk_map(abs_name, FALSE);
- if (!xml_tag)
- {
- DBG1(DBG_IMC, " opening '%s' failed: %s", abs_name,
- strerror(errno));
- goto end;
- }
-
- tag = swid_tag_create(*xml_tag, tag_file_path);
- this->list->insert_last(this->list, tag);
- chunk_unmap(xml_tag);
- }
- else
- {
- swid_tag_id_t *tag_id;
-
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id, tag_file_path);
- this->list->insert_last(this->list, tag_id);
- }
- }
- success = TRUE;
-
-end:
- enumerator->destroy(enumerator);
- if (is_swidtag_dir)
- {
- DBG2(DBG_IMC, "leaving %s", pathname);
- }
-
- return success;
-}
-
-METHOD(swid_inventory_t, collect, bool,
- private_swid_inventory_t *this, char *directory, swid_inventory_t *targets,
- bool pretty, bool full)
-{
- /**
- * Tags are generated by a package manager
- */
- generate_tags(this, targets, pretty, full);
-
- /**
- * Collect swidtag files by iteratively entering all directories in
- * the tree under the "directory" path.
- */
- return collect_tags(this, directory, targets, FALSE);
-}
-
-METHOD(swid_inventory_t, add, void,
- private_swid_inventory_t *this, void *item)
-{
- this->list->insert_last(this->list, item);
-}
-
-METHOD(swid_inventory_t, get_count, int,
- private_swid_inventory_t *this)
-{
- return this->list->get_count(this->list);
-}
-
-METHOD(swid_inventory_t, create_enumerator, enumerator_t*,
- private_swid_inventory_t *this)
-{
- return this->list->create_enumerator(this->list);
-}
-
-METHOD(swid_inventory_t, destroy, void,
- private_swid_inventory_t *this)
-{
- if (this->full_tags)
- {
- this->list->destroy_offset(this->list, offsetof(swid_tag_t, destroy));
- }
- else
- {
- this->list->destroy_offset(this->list, offsetof(swid_tag_id_t, destroy));
- }
- free(this);
-}
-
-/**
- * See header
- */
-swid_inventory_t *swid_inventory_create(bool full_tags)
-{
- private_swid_inventory_t *this;
-
- INIT(this,
- .public = {
- .collect = _collect,
- .add = _add,
- .get_count = _get_count,
- .create_enumerator = _create_enumerator,
- .destroy = _destroy,
- },
- .full_tags = full_tags,
- .list = linked_list_create(),
- );
-
- return &this->public;
-}
diff --git a/src/libimcv/swid/swid_inventory.h b/src/libimcv/swid/swid_inventory.h
deleted file mode 100644
index ba2518e26..000000000
--- a/src/libimcv/swid/swid_inventory.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (C) 2013-2017 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup swid_inventory swid_inventory
- * @{ @ingroup libimcv_swid
- */
-
-#ifndef SWID_INVENTORY_H_
-#define SWID_INVENTORY_H_
-
-#include <library.h>
-
-/* Maximum size of a SWID Tag Inventory: 100 MB */
-#define SWID_MAX_ATTR_SIZE 100000000
-
-typedef struct swid_inventory_t swid_inventory_t;
-
-/**
- * Class managing SWID tag inventory
- */
-struct swid_inventory_t {
-
- /**
- * Collect the SWID tags stored on the endpoint
- *
- * @param directory SWID directory path
- * @param targets List of target tag IDs
- * @param pretty Generate indented XML SWID tags
- * @param full Include file information in SWID tags
- * @return TRUE if successful
- */
- bool (*collect)(swid_inventory_t *this, char *directory,
- swid_inventory_t *targets, bool pretty, bool full);
-
- /**
- * Collect the SWID tags stored on the endpoint
- *
- * @param item SWID tag or tag ID to be added
- */
- void (*add)(swid_inventory_t *this, void *item);
-
- /**
- * Get the number of collected SWID tags
- *
- * @return Number of collected SWID tags
- */
- int (*get_count)(swid_inventory_t *this);
-
- /**
- * Create a SWID tag inventory enumerator
- *
- * @return Enumerator returning either tag ID or full tag
- */
- enumerator_t* (*create_enumerator)(swid_inventory_t *this);
-
- /**
- * Destroys a swid_inventory_t object.
- */
- void (*destroy)(swid_inventory_t *this);
-
-};
-
-/**
- * Creates a swid_inventory_t object
- *
- * @param full_tags TRUE if full tags, FALSE if tag IDs only
- */
-swid_inventory_t* swid_inventory_create(bool full_tags);
-
-#endif /** SWID_INVENTORY_H_ @}*/
diff --git a/src/libimcv/swid/swid_tag.c b/src/libimcv/swid/swid_tag.c
deleted file mode 100644
index c77c75700..000000000
--- a/src/libimcv/swid/swid_tag.c
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "swid_tag.h"
-
-typedef struct private_swid_tag_t private_swid_tag_t;
-
-/**
- * Private data of a swid_tag_t object.
- *
- */
-struct private_swid_tag_t {
-
- /**
- * Public swid_tag_t interface.
- */
- swid_tag_t public;
-
- /**
- * UTF-8 XML encoding of SWID tag
- */
- chunk_t encoding;
-
- /**
- * Optional Tag Identifier Instance ID
- */
- chunk_t instance_id;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(swid_tag_t, get_encoding, chunk_t,
- private_swid_tag_t *this)
-{
- return this->encoding;
-}
-
-METHOD(swid_tag_t, get_instance_id, chunk_t,
- private_swid_tag_t *this)
-{
- return this->instance_id;
-}
-
-METHOD(swid_tag_t, get_ref, swid_tag_t*,
- private_swid_tag_t *this)
-{
- ref_get(&this->ref);
- return &this->public;
-}
-
-METHOD(swid_tag_t, destroy, void,
- private_swid_tag_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->encoding.ptr);
- free(this->instance_id.ptr);
- free(this);
- }
-}
-
-/**
- * See header
- */
-swid_tag_t *swid_tag_create(chunk_t encoding, chunk_t instance_id)
-{
- private_swid_tag_t *this;
-
- INIT(this,
- .public = {
- .get_encoding = _get_encoding,
- .get_instance_id = _get_instance_id,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .encoding = chunk_clone(encoding),
- .ref = 1,
- );
-
- if (instance_id.len > 0)
- {
- this->instance_id = chunk_clone(instance_id);
- }
-
- return &this->public;
-}
-
diff --git a/src/libimcv/swid/swid_tag.h b/src/libimcv/swid/swid_tag.h
deleted file mode 100644
index 22c14b1aa..000000000
--- a/src/libimcv/swid/swid_tag.h
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup swid_tag swid_tag
- * @{ @ingroup libimcv_swid
- */
-
-#ifndef SWID_TAG_H_
-#define SWID_TAG_H_
-
-#include <library.h>
-
-typedef struct swid_tag_t swid_tag_t;
-
-
-/**
- * Class storing a SWID Tag
- */
-struct swid_tag_t {
-
- /**
- * Get UTF-8 XML encoding of SWID tag
- *
- * @return XML encoding of SWID tag
- */
- chunk_t (*get_encoding)(swid_tag_t *this);
-
- /**
- * Get the optional Tag Identifier Instance ID
- *
- * @return Optional Tag Identifier Instance ID
- */
- chunk_t (*get_instance_id)(swid_tag_t *this);
-
- /**
- * Get a new reference to the swid_tag object
- *
- * @return this, with an increased refcount
- */
- swid_tag_t* (*get_ref)(swid_tag_t *this);
-
- /**
- * Destroys a swid_tag_t object.
- */
- void (*destroy)(swid_tag_t *this);
-
-};
-
-/**
- * Creates a swid_tag_t object
- *
- * @param encoding XML encoding of SWID tag
- * @param instance_id Tag Identifier Instance ID or empty chunk
- */
-swid_tag_t* swid_tag_create(chunk_t encoding, chunk_t instance_id);
-
-#endif /** SWID_TAG_H_ @}*/
diff --git a/src/libimcv/swid/swid_tag_id.c b/src/libimcv/swid/swid_tag_id.c
deleted file mode 100644
index 2dc6e3141..000000000
--- a/src/libimcv/swid/swid_tag_id.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "swid_tag_id.h"
-
-typedef struct private_swid_tag_id_t private_swid_tag_id_t;
-
-/**
- * Private data of a swid_tag_id_t object.
- *
- */
-struct private_swid_tag_id_t {
-
- /**
- * Public swid_tag_id_t interface.
- */
- swid_tag_id_t public;
-
- /**
- * Tag Creator
- */
- chunk_t tag_creator;
-
- /**
- * Unique Software ID
- */
- chunk_t unique_sw_id;
-
- /**
- * Optional Tag Identifier Instance ID
- */
- chunk_t instance_id;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(swid_tag_id_t, get_tag_creator, chunk_t,
- private_swid_tag_id_t *this)
-{
- return this->tag_creator;
-}
-
-METHOD(swid_tag_id_t, get_unique_sw_id, chunk_t,
- private_swid_tag_id_t *this, chunk_t *instance_id)
-{
- if (instance_id)
- {
- *instance_id = this->instance_id;
- }
- return this->unique_sw_id;
-}
-
-METHOD(swid_tag_id_t, get_ref, swid_tag_id_t*,
- private_swid_tag_id_t *this)
-{
- ref_get(&this->ref);
- return &this->public;
-}
-
-METHOD(swid_tag_id_t, destroy, void,
- private_swid_tag_id_t *this)
-{
- if (ref_put(&this->ref))
- {
- free(this->tag_creator.ptr);
- free(this->unique_sw_id.ptr);
- free(this->instance_id.ptr);
- free(this);
- }
-}
-
-/**
- * See header
- */
-swid_tag_id_t *swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
- chunk_t instance_id)
-{
- private_swid_tag_id_t *this;
-
- INIT(this,
- .public = {
- .get_tag_creator = _get_tag_creator,
- .get_unique_sw_id = _get_unique_sw_id,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .tag_creator = chunk_clone(tag_creator),
- .unique_sw_id = chunk_clone(unique_sw_id),
- .ref = 1,
- );
-
- if (instance_id.len > 0)
- {
- this->instance_id = chunk_clone(instance_id);
- }
-
- return &this->public;
-}
-
diff --git a/src/libimcv/swid/swid_tag_id.h b/src/libimcv/swid/swid_tag_id.h
deleted file mode 100644
index a2be290ae..000000000
--- a/src/libimcv/swid/swid_tag_id.h
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup swid_tag_id swid_tag_id
- * @{ @ingroup libimcv_swid
- */
-
-#ifndef SWID_TAG_ID_H_
-#define SWID_TAG_ID_H_
-
-#include <library.h>
-
-typedef struct swid_tag_id_t swid_tag_id_t;
-
-
-/**
- * Class storing a SWID Tag ID
- */
-struct swid_tag_id_t {
-
- /**
- * Get the Tag Creator
- *
- * @return Tag Creator
- */
- chunk_t (*get_tag_creator)(swid_tag_id_t *this);
-
- /**
- * Get the Unique Software ID and optional Tag File Path
- *
- * @param instance_id Optional Tag Identifier Instance ID
- * @return Unique Software ID
- */
- chunk_t (*get_unique_sw_id)(swid_tag_id_t *this, chunk_t *instance_id);
-
- /**
- * Get a new reference to the swid_tag_id object
- *
- * @return this, with an increased refcount
- */
- swid_tag_id_t* (*get_ref)(swid_tag_id_t *this);
-
- /**
- * Destroys a swid_tag_id_t object.
- */
- void (*destroy)(swid_tag_id_t *this);
-
-};
-
-/**
- * Creates a swid_tag_id_t object
- *
- * @param tag_creator Tag Creator
- * @param unique_sw_id Unique Software ID
- * @param instance_id Tag Identifier Instance ID or empty chunk
- */
-swid_tag_id_t* swid_tag_id_create(chunk_t tag_creator, chunk_t unique_sw_id,
- chunk_t instance_id);
-
-#endif /** SWID_TAG_ID_H_ @}*/
diff --git a/src/libimcv/swima/swima_collector.c b/src/libimcv/swima/swima_collector.c
index 096093b01..d2b50616f 100644
--- a/src/libimcv/swima/swima_collector.c
+++ b/src/libimcv/swima/swima_collector.c
@@ -13,6 +13,8 @@
* for more details.
*/
+#define _GNU_SOURCE /* for asprintf() */
+
#include "swima_collector.h"
#include <swid_gen/swid_gen.h>
@@ -319,7 +321,7 @@ static status_t generate_tags(private_swima_collector_t *this,
static bool collect_tags(private_swima_collector_t *this, char *pathname,
swima_inventory_t *targets, bool is_swidtag_dir)
{
- char *rel_name, *abs_name, *suffix, *pos;
+ char *rel_name, *abs_name, *suffix, *pos, *uri;
chunk_t *swid_tag, sw_id, sw_locator;
swima_record_t *sw_record;
struct stat st;
@@ -433,8 +435,12 @@ static bool collect_tags(private_swima_collector_t *this, char *pathname,
}
DBG2(DBG_IMC, " %s", rel_name);
+ sw_locator = chunk_empty;
pos = strstr(pathname, "/swidtag");
- sw_locator = pos ? chunk_create(pathname, pos - pathname) : chunk_empty;
+ if (pos && asprintf(&uri, "file://%.*s", pos - pathname, pathname) > 0)
+ {
+ sw_locator = chunk_from_str(uri);
+ }
sw_record = swima_record_create(0, sw_id, sw_locator);
sw_record->set_source_id(sw_record, SOURCE_ID_COLLECTOR);
if (!this->sw_id_only)
@@ -442,8 +448,10 @@ static bool collect_tags(private_swima_collector_t *this, char *pathname,
sw_record->set_record(sw_record, *swid_tag);
}
this->inventory->add(this->inventory, sw_record);
+
chunk_unmap(swid_tag);
chunk_free(&sw_id);
+ chunk_free(&sw_locator);
}
success = TRUE;
diff --git a/src/libimcv/swima/swima_data_model.c b/src/libimcv/swima/swima_data_model.c
index f444724c1..f38d92145 100644
--- a/src/libimcv/swima/swima_data_model.c
+++ b/src/libimcv/swima/swima_data_model.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 Andreas Steffen
+ * Copyright (C) 2017-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -19,10 +19,10 @@
* ISO/IEC 19770-2-2015: Information Technology - Software Asset Management -
* Part 2: Software Identification Tag
*/
-pen_type_t swima_data_model_iso_2015_swid_xml = { PEN_IETF, 1 };
+pen_type_t swima_data_model_iso_2015_swid_xml = { PEN_IETF, 0 };
/**
* ISO/IEC 19770-2-2009: Information Technology - Software Asset Management -
* Part 2: Software Identification Tag
*/
-pen_type_t swima_data_model_iso_2009_swid_xml = { PEN_IETF, 2 };
+pen_type_t swima_data_model_iso_2009_swid_xml = { PEN_IETF, 1 };
diff --git a/src/libimcv/swima/swima_event.h b/src/libimcv/swima/swima_event.h
index fe69d6aad..7391f3e9f 100644
--- a/src/libimcv/swima/swima_event.h
+++ b/src/libimcv/swima/swima_event.h
@@ -25,6 +25,7 @@
#include <library.h>
+#define SWIMA_EVENT_ACTION_NONE 0
#define SWIMA_EVENT_ACTION_CREATION 1
#define SWIMA_EVENT_ACTION_DELETION 2
#define SWIMA_EVENT_ACTION_ALTERATION 3
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c
index d8acf0625..60e969a1c 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2011-2012 Sansar Choinyambuu
- * Copyright (C) 2011-2014 Andreas Steffen
+ * Copyright (C) 2011-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -165,6 +165,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
if (this->value.len < PTS_REQ_FILE_META_SIZE)
{
DBG1(DBG_TNC, "insufficient data for Request File Metadata");
+ return FAILED;
}
reader = bio_reader_create(this->value);
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c
index 9438fa062..c704e7d38 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2011-2012 Sansar Choinyambuu
- * Copyright (C) 2011-2014 Andreas Steffen
+ * Copyright (C) 2011-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -261,8 +261,9 @@ static const int tm_leap_1970 = 477;
*/
bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time)
{
- int tm_year, tm_mon, tm_day, tm_days, tm_hour, tm_min, tm_sec, tm_secs;
+ int tm_year, tm_mon, tm_day, tm_hour, tm_min, tm_sec;
int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap;
+ time_t tm_days, tm_secs;
char buf[BUF_LEN];
if (memeq(utc_undefined_time_str, utc_time.ptr, utc_time.len))
@@ -278,12 +279,24 @@ bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time)
}
/* representation of months as 0..11 */
+ if (tm_mon < 1 || tm_mon > 12)
+ {
+ return FALSE;
+ }
tm_mon--;
/* representation of days as 0..30 */
+ if (tm_day < 1 || tm_day > 31)
+ {
+ return FALSE;
+ }
tm_day--;
/* number of leap years between last year and 1970? */
+ if (tm_year < 1970)
+ {
+ return FALSE;
+ }
tm_leap_4 = (tm_year - 1) / 4;
tm_leap_100 = tm_leap_4 / 25;
tm_leap_400 = tm_leap_100 / 4;
@@ -325,6 +338,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
if (this->value.len < PTS_SIMPLE_COMP_EVID_SIZE)
{
DBG1(DBG_TNC, "insufficient data for Simple Component Evidence");
+ return FAILED;
}
reader = bio_reader_create(this->value);
diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c
index 267c85776..ea175bdfe 100644
--- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c
+++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c
@@ -71,7 +71,7 @@ enum pts_simple_evid_final_flag_t {
/** TPM PCR Composite and TPM Quote Signature not included */
PTS_SIMPLE_EVID_FINAL_NO = 0x00,
/** TPM Quote Info and TPM Quite Signature included
- * using TPM 2.0 Quote Info format */
+ * using TPM 2.0 Quote Info format */
PTS_SIMPLE_EVID_FINAL_EVID_QUOTE_INFO_TPM2 = 0x10,
/** Evidence Signature included */
PTS_SIMPLE_EVID_FINAL_EVID_SIG = 0x20,
@@ -208,7 +208,7 @@ METHOD(pa_tnc_attr_t, build, void,
return;
}
- quote_mode = this->quote_info->get_quote_mode(this->quote_info);
+ quote_mode = this->quote_info->get_quote_mode(this->quote_info);
switch (quote_mode)
{
case TPM_QUOTE:
@@ -258,7 +258,7 @@ METHOD(pa_tnc_attr_t, build, void,
writer->write_data16(writer, version_info);
writer->write_data16(writer, pcr_select);
}
-
+
if (quote_mode != TPM_QUOTE_NONE)
{
writer->write_data32(writer, this->quote_sig);
@@ -377,7 +377,7 @@ METHOD(pa_tnc_attr_t, process, status_t,
this->quote_info->set_version_info(this->quote_info, version_info);
}
-
+
if (quote_mode != TPM_QUOTE_NONE)
{
if (!reader->read_data32(reader, &quote_sig))
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.c b/src/libimcv/tcg/swid/tcg_swid_attr_req.c
deleted file mode 100644
index be35ee49d..000000000
--- a/src/libimcv/tcg/swid/tcg_swid_attr_req.c
+++ /dev/null
@@ -1,351 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_swid_attr_req.h"
-
-#include "swid/swid_tag_id.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-#include <collections/linked_list.h>
-
-typedef struct private_tcg_swid_attr_req_t private_tcg_swid_attr_req_t;
-
-/**
- * SWID Request
- * see section 4.7 of TCG TNC SWID Message and Attributes for IF-M
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * |C|S|R| Reserved| Tag ID Count |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Request ID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Earliest EID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag Creator Length | Tag Creator (variable length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Unique Software ID Length |Unique Software ID (var length)|
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define SWID_REQ_RESERVED_MASK 0xE0
-
-/**
- * Private data of an tcg_swid_attr_req_t object.
- */
-struct private_tcg_swid_attr_req_t {
-
- /**
- * Public members of tcg_swid_attr_req_t
- */
- tcg_swid_attr_req_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Length of attribute value
- */
- size_t length;
-
-
- /**
- * Attribute value or segment
- */
- chunk_t value;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * SWID request flags
- */
- uint8_t flags;
-
- /**
- * Request ID
- */
- uint32_t request_id;
-
- /**
- * Earliest EID
- */
- uint32_t earliest_eid;
-
- /**
- * List of Target Tag Identifiers
- */
- swid_inventory_t *targets;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_swid_attr_req_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_swid_attr_req_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_swid_attr_req_t *this)
-{
- bio_writer_t *writer;
- chunk_t tag_creator, unique_sw_id;
- swid_tag_id_t *tag_id;
- enumerator_t *enumerator;
-
- if (this->value.ptr)
- {
- return;
- }
-
- writer = bio_writer_create(TCG_SWID_REQ_MIN_SIZE);
- writer->write_uint8 (writer, this->flags);
- writer->write_uint24(writer, this->targets->get_count(this->targets));
- writer->write_uint32(writer, this->request_id);
- writer->write_uint32(writer, this->earliest_eid);
-
- enumerator = this->targets->create_enumerator(this->targets);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- tag_creator = tag_id->get_tag_creator(tag_id);
- unique_sw_id = tag_id->get_unique_sw_id(tag_id, NULL);
- writer->write_data16(writer, tag_creator);
- writer->write_data16(writer, unique_sw_id);
- }
- enumerator->destroy(enumerator);
-
- this->value = writer->extract_buf(writer);
- this->length = this->value.len;
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_swid_attr_req_t *this, uint32_t *offset)
-{
- bio_reader_t *reader;
- uint32_t tag_id_count;
- chunk_t tag_creator, unique_sw_id;
- swid_tag_id_t *tag_id;
-
- *offset = 0;
-
- if (this->value.len < this->length)
- {
- return NEED_MORE;
- }
- if (this->value.len < TCG_SWID_REQ_MIN_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for SWID Request");
- return FAILED;
- }
-
- reader = bio_reader_create(this->value);
- reader->read_uint8 (reader, &this->flags);
- reader->read_uint24(reader, &tag_id_count);
- reader->read_uint32(reader, &this->request_id);
- reader->read_uint32(reader, &this->earliest_eid);
-
- if (this->request_id == 0)
- {
- *offset = 4;
- return FAILED;
- }
- *offset = TCG_SWID_REQ_MIN_SIZE;
-
- this->flags &= SWID_REQ_RESERVED_MASK;
-
- while (tag_id_count--)
- {
- if (!reader->read_data16(reader, &tag_creator))
- {
- DBG1(DBG_TNC, "insufficient data for Tag Creator field");
- reader->destroy(reader);
- return FAILED;
- }
- *offset += 2 + tag_creator.len;
-
- if (!reader->read_data16(reader, &unique_sw_id))
- {
- DBG1(DBG_TNC, "insufficient data for Unique Software ID");
- reader->destroy(reader);
- return FAILED;
- }
- *offset += 2 + unique_sw_id.len;
-
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id, chunk_empty);
- this->targets->add(this->targets, tag_id);
- }
- reader->destroy(reader);
-
- return SUCCESS;
-}
-
-METHOD(pa_tnc_attr_t, add_segment, void,
- private_tcg_swid_attr_req_t *this, chunk_t segment)
-{
- this->value = chunk_cat("mc", this->value, segment);
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_swid_attr_req_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_swid_attr_req_t *this)
-{
- if (ref_put(&this->ref))
- {
- this->targets->destroy(this->targets);
- free(this->value.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_swid_attr_req_t, get_flags, uint8_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->flags;
-}
-
-METHOD(tcg_swid_attr_req_t, get_request_id, uint32_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->request_id;
-}
-
-METHOD(tcg_swid_attr_req_t, get_earliest_eid, uint32_t,
- private_tcg_swid_attr_req_t *this)
-{
- return this->earliest_eid;
-}
-
-METHOD(tcg_swid_attr_req_t, add_target, void,
- private_tcg_swid_attr_req_t *this, swid_tag_id_t *tag_id)
-{
- this->targets->add(this->targets, tag_id);
-}
-
-METHOD(tcg_swid_attr_req_t, get_targets, swid_inventory_t*,
- private_tcg_swid_attr_req_t *this)
-{
- return this->targets;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_req_create(uint8_t flags, uint32_t request_id,
- uint32_t eid)
-{
- private_tcg_swid_attr_req_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .add_segment = _add_segment,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_flags = _get_flags,
- .get_request_id = _get_request_id,
- .get_earliest_eid = _get_earliest_eid,
- .add_target = _add_target,
- .get_targets = _get_targets,
- },
- .type = { PEN_TCG, TCG_SWID_REQUEST },
- .flags = flags & SWID_REQ_RESERVED_MASK,
- .request_id = request_id,
- .earliest_eid = eid,
- .targets = swid_inventory_create(FALSE),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_req_create_from_data(size_t length, chunk_t data)
-{
- private_tcg_swid_attr_req_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .add_segment = _add_segment,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .get_flags = _get_flags,
- .get_request_id = _get_request_id,
- .get_earliest_eid = _get_earliest_eid,
- .add_target = _add_target,
- .get_targets = _get_targets,
- },
- .type = { PEN_TCG, TCG_SWID_REQUEST },
- .length = length,
- .value = chunk_clone(data),
- .targets = swid_inventory_create(FALSE),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.h b/src/libimcv/tcg/swid/tcg_swid_attr_req.h
deleted file mode 100644
index 2c85aaf6d..000000000
--- a/src/libimcv/tcg/swid/tcg_swid_attr_req.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/*
- * Copyright (C) 2013-2017 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_swid_attr_req tcg_swid_attr_req
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_SWID_ATTR_REQ_H_
-#define TCG_SWID_ATTR_REQ_H_
-
-#define TCG_SWID_REQ_MIN_SIZE 12
-
-typedef struct tcg_swid_attr_req_t tcg_swid_attr_req_t;
-typedef enum tcg_swid_attr_req_flag_t tcg_swid_attr_req_flag_t;
-
-enum tcg_swid_attr_req_flag_t {
- TCG_SWID_ATTR_REQ_FLAG_NONE = 0,
- TCG_SWID_ATTR_REQ_FLAG_C = (1 << 7),
- TCG_SWID_ATTR_REQ_FLAG_S = (1 << 6),
- TCG_SWID_ATTR_REQ_FLAG_R = (1 << 5)
-};
-
-#include "tcg/tcg_attr.h"
-#include "swid/swid_tag_id.h"
-#include "swid/swid_inventory.h"
-#include "pa_tnc/pa_tnc_attr.h"
-
-/**
- * Class implementing the TCG SWID Request attribute
- */
-struct tcg_swid_attr_req_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Get SWID request flags
- *
- * @return Flags
- */
- uint8_t (*get_flags)(tcg_swid_attr_req_t *this);
-
- /**
- * Get Request ID
- *
- * @return Request ID
- */
- uint32_t (*get_request_id)(tcg_swid_attr_req_t *this);
-
- /**
- * Get Earliest EID
- *
- * @return Event ID
- */
- uint32_t (*get_earliest_eid)(tcg_swid_attr_req_t *this);
-
- /**
- * Add Tag ID
- *
- * @param tag_id SWID Tag ID (is not cloned by constructor!)
- */
- void (*add_target)(tcg_swid_attr_req_t *this, swid_tag_id_t *tag_id);
-
- /**
- * Create Tag ID enumerator
- *
- * @return Get a list of target tag IDs
- */
- swid_inventory_t* (*get_targets)(tcg_swid_attr_req_t *this);
-
-};
-
-/**
- * Creates an tcg_swid_attr_req_t object
- *
- * @param flags Sets the C|S|R flags
- * @param request_id Request ID
- * @param eid Earliest Event ID
- */
-pa_tnc_attr_t* tcg_swid_attr_req_create(uint8_t flags, uint32_t request_id,
- uint32_t eid);
-
-/**
- * Creates an tcg_swid_attr_req_t object from received data
- *
- * @param length Total length of attribute value
- * @param value Unparsed attribute value (might be a segment)
- */
-pa_tnc_attr_t* tcg_swid_attr_req_create_from_data(size_t length, chunk_t value);
-
-#endif /** TCG_SWID_ATTR_REQ_H_ @}*/
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c
deleted file mode 100644
index 560d5878f..000000000
--- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.c
+++ /dev/null
@@ -1,396 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_swid_attr_tag_id_inv.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-
-typedef struct private_tcg_swid_attr_tag_id_inv_t private_tcg_swid_attr_tag_id_inv_t;
-
-/**
- * SWID Tag Identifier Inventory
- * see section 4.8 of TCG TNC SWID Message and Attributes for IF-M
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Reserved | Tag ID Count |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Request ID Copy |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | EID Epoch |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Last EID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag Creator Length | Tag Creator (variable length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Unique Software ID Length |Unique Software ID (var length)|
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Instance ID Length | Instance ID (variable length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define TCG_SWID_TAG_ID_INV_RESERVED 0x00
-
-/**
- * Private data of an tcg_swid_attr_tag_id_inv_t object.
- */
-struct private_tcg_swid_attr_tag_id_inv_t {
-
- /**
- * Public members of tcg_swid_attr_tag_id_inv_t
- */
- tcg_swid_attr_tag_id_inv_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Length of attribute value
- */
- size_t length;
-
- /**
- * Offset up to which attribute value has been processed
- */
- size_t offset;
-
- /**
- * Current position of attribute value pointer
- */
- chunk_t value;
-
- /**
- * Contains complete attribute or current segment
- */
- chunk_t segment;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Request ID
- */
- uint32_t request_id;
-
- /**
- * Event ID Epoch
- */
- uint32_t eid_epoch;
-
- /**
- * Last Event ID
- */
- uint32_t last_eid;
-
- /**
- * Number of SWID Tag IDs in attribute
- */
- uint32_t tag_id_count;
-
- /**
- * SWID Tag ID Inventory
- */
- swid_inventory_t *inventory;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_swid_attr_tag_id_inv_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- bio_writer_t *writer;
- swid_tag_id_t *tag_id;
- chunk_t tag_creator, unique_sw_id, instance_id;
- enumerator_t *enumerator;
-
- if (this->value.ptr)
- {
- return;
- }
-
- writer = bio_writer_create(TCG_SWID_TAG_ID_INV_MIN_SIZE);
- writer->write_uint8 (writer, TCG_SWID_TAG_ID_INV_RESERVED);
- writer->write_uint24(writer, this->inventory->get_count(this->inventory));
- writer->write_uint32(writer, this->request_id);
- writer->write_uint32(writer, this->eid_epoch);
- writer->write_uint32(writer, this->last_eid);
-
- enumerator = this->inventory->create_enumerator(this->inventory);
- while (enumerator->enumerate(enumerator, &tag_id))
- {
- tag_creator = tag_id->get_tag_creator(tag_id);
- unique_sw_id = tag_id->get_unique_sw_id(tag_id, &instance_id);
- writer->write_data16(writer, tag_creator);
- writer->write_data16(writer, unique_sw_id);
- writer->write_data16(writer, instance_id);
- }
- enumerator->destroy(enumerator);
-
- this->value = writer->extract_buf(writer);
- this->segment = this->value;
- this->length = this->value.len;
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *offset)
-{
- bio_reader_t *reader;
- uint8_t reserved;
- chunk_t tag_creator, unique_sw_id, instance_id;
- swid_tag_id_t *tag_id;
- status_t status = NEED_MORE;
-
- if (this->offset == 0)
- {
- if (this->length < TCG_SWID_TAG_ID_INV_MIN_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG,
- tcg_attr_names, this->type.type);
- *offset = this->offset;
- return FAILED;
- }
- if (this->value.len < TCG_SWID_TAG_ID_INV_MIN_SIZE)
- {
- return NEED_MORE;
- }
- reader = bio_reader_create(this->value);
- reader->read_uint8 (reader, &reserved);
- reader->read_uint24(reader, &this->tag_id_count);
- reader->read_uint32(reader, &this->request_id);
- reader->read_uint32(reader, &this->eid_epoch);
- reader->read_uint32(reader, &this->last_eid);
- this->offset = TCG_SWID_TAG_ID_INV_MIN_SIZE;
- this->value = reader->peek(reader);
- reader->destroy(reader);
- }
-
- reader = bio_reader_create(this->value);
-
- while (this->tag_id_count)
- {
- if (!reader->read_data16(reader, &tag_creator) ||
- !reader->read_data16(reader, &unique_sw_id) ||
- !reader->read_data16(reader, &instance_id))
- {
- goto end;
- }
- tag_id = swid_tag_id_create(tag_creator, unique_sw_id, instance_id);
- this->inventory->add(this->inventory, tag_id);
- this->offset += this->value.len - reader->remaining(reader);
- this->value = reader->peek(reader);
-
- /* at least one tag ID was processed */
- status = SUCCESS;
- this->tag_id_count--;
- }
-
- if (this->length != this->offset)
- {
- DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG,
- tcg_attr_names, this->type.type);
- *offset = this->offset;
- status = FAILED;
- }
-
-end:
- reader->destroy(reader);
- return status;
-}
-
-METHOD(pa_tnc_attr_t, add_segment, void,
- private_tcg_swid_attr_tag_id_inv_t *this, chunk_t segment)
-{
- this->value = chunk_cat("cc", this->value, segment);
- chunk_free(&this->segment);
- this->segment = this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- if (ref_put(&this->ref))
- {
- this->inventory->destroy(this->inventory);
- free(this->segment.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, add, void,
- private_tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id)
-{
- this->inventory->add(this->inventory, tag_id);
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, get_request_id, uint32_t,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->request_id;
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, get_last_eid, uint32_t,
- private_tcg_swid_attr_tag_id_inv_t *this, uint32_t *eid_epoch)
-{
- if (eid_epoch)
- {
- *eid_epoch = this->eid_epoch;
- }
- return this->last_eid;
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, get_tag_id_count, uint32_t,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->tag_id_count;
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, get_inventory, swid_inventory_t*,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- return this->inventory;
-}
-
-METHOD(tcg_swid_attr_tag_id_inv_t, clear_inventory, void,
- private_tcg_swid_attr_tag_id_inv_t *this)
-{
- this->inventory->destroy(this->inventory);
- this->inventory = swid_inventory_create(FALSE);
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
- uint32_t eid_epoch,
- uint32_t eid)
-{
- private_tcg_swid_attr_tag_id_inv_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .add_segment = _add_segment,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .add = _add,
- .get_request_id = _get_request_id,
- .get_last_eid = _get_last_eid,
- .get_tag_id_count = _get_tag_id_count,
- .get_inventory = _get_inventory,
- .clear_inventory = _clear_inventory,
- },
- .type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY },
- .request_id = request_id,
- .eid_epoch = eid_epoch,
- .last_eid = eid,
- .inventory = swid_inventory_create(FALSE),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_tag_id_inv_create_from_data(size_t length,
- chunk_t data)
-{
- private_tcg_swid_attr_tag_id_inv_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .add_segment = _add_segment,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .add = _add,
- .get_request_id = _get_request_id,
- .get_last_eid = _get_last_eid,
- .get_tag_id_count = _get_tag_id_count,
- .get_inventory = _get_inventory,
- .clear_inventory = _clear_inventory,
- },
- .type = { PEN_TCG, TCG_SWID_TAG_ID_INVENTORY },
- .length = length,
- .segment = chunk_clone(data),
- .inventory = swid_inventory_create(FALSE),
- .ref = 1,
- );
-
- /* received either complete attribute value or first segment */
- this->value = this->segment;
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h b/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h
deleted file mode 100644
index e9db9b3c6..000000000
--- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_id_inv.h
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_swid_attr_tag_id_inv tcg_swid_attr_tag_id_inv
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_SWID_ATTR_TAG_ID_INV_H_
-#define TCG_SWID_ATTR_TAG_ID_INV_H_
-
-typedef struct tcg_swid_attr_tag_id_inv_t tcg_swid_attr_tag_id_inv_t;
-
-#include "tcg/tcg_attr.h"
-#include "swid/swid_tag_id.h"
-#include "swid/swid_inventory.h"
-
-#include <pa_tnc/pa_tnc_attr.h>
-
-#define TCG_SWID_TAG_ID_INV_MIN_SIZE 16
-
-/**
- * Class implementing the TCG SWID Tag Identifier Inventory attribute
- *
- */
-struct tcg_swid_attr_tag_id_inv_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Add a Tag ID to the attribute
- *
- * @param tag_id SWID Tag ID to be added
- */
- void (*add)(tcg_swid_attr_tag_id_inv_t *this, swid_tag_id_t *tag_id);
-
- /**
- * Get Request ID
- *
- * @return Request ID
- */
- uint32_t (*get_request_id)(tcg_swid_attr_tag_id_inv_t *this);
-
- /**
- * Get Last Event ID
- *
- * @param eid_epoch Event ID Epoch
- * @return Last Event ID
- */
- uint32_t (*get_last_eid)(tcg_swid_attr_tag_id_inv_t *this,
- uint32_t *eid_epoch);
-
- /**
- * Get count of remaining SWID tag IDs
- *
- * @return SWID Tag ID count
- */
- uint32_t (*get_tag_id_count)(tcg_swid_attr_tag_id_inv_t *this);
-
- /**
- * Get Inventory of SWID tag IDs
- *
- * @result SWID Tag ID Inventory
- */
- swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_id_inv_t *this);
-
- /**
- * Remove all SWID Tag IDs from the Inventory
- */
- void (*clear_inventory)(tcg_swid_attr_tag_id_inv_t *this);
-
-};
-
-/**
- * Creates an tcg_swid_attr_tag_id_inv_t object
- *
- * @param request_id Copy of the Request ID
- * @param eid_epoch Event ID Epoch
- * @param eid Last Event ID
- */
-pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create(uint32_t request_id,
- uint32_t eid_epoch,
- uint32_t eid);
-
-/**
- * Creates an tcg_swid_attr_tag_id_inv_t object from received data
- *
- * @param length Total length of attribute value
- * @param value Unparsed attribute value (might be a segment)
- */
-pa_tnc_attr_t* tcg_swid_attr_tag_id_inv_create_from_data(size_t length,
- chunk_t value);
-
-#endif /** TCG_SWID_ATTR_TAG_ID_INV_H_ @}*/
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c
deleted file mode 100644
index 013482441..000000000
--- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.c
+++ /dev/null
@@ -1,389 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-#include "tcg_swid_attr_tag_inv.h"
-
-#include <pa_tnc/pa_tnc_msg.h>
-#include <bio/bio_writer.h>
-#include <bio/bio_reader.h>
-#include <utils/debug.h>
-
-
-typedef struct private_tcg_swid_attr_tag_inv_t private_tcg_swid_attr_tag_inv_t;
-
-/**
- * SWID Tag Inventory
- * see section 4.10 of TCG TNC SWID Message and Attributes for IF-M
- *
- * 1 2 3
- * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Reserved | Tag ID Count |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Request ID Copy |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | EID Epoch |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Last EID |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Instance ID Length | Instance ID (var. length) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag Length |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Tag (Variable) |
- * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- */
-
-#define TCG_SWID_TAG_INV_RESERVED 0x00
-
-/**
- * Private data of an tcg_swid_attr_tag_inv_t object.
- */
-struct private_tcg_swid_attr_tag_inv_t {
-
- /**
- * Public members of tcg_swid_attr_tag_inv_t
- */
- tcg_swid_attr_tag_inv_t public;
-
- /**
- * Vendor-specific attribute type
- */
- pen_type_t type;
-
- /**
- * Length of attribute value
- */
- size_t length;
-
- /**
- * Offset up to which attribute value has been processed
- */
- size_t offset;
-
- /**
- * Current position of attribute value pointer
- */
- chunk_t value;
-
- /**
- * Contains complete attribute or current segment
- */
- chunk_t segment;
-
- /**
- * Noskip flag
- */
- bool noskip_flag;
-
- /**
- * Request ID
- */
- uint32_t request_id;
-
- /**
- * Event ID Epoch
- */
- uint32_t eid_epoch;
-
- /**
- * Last Event ID
- */
- uint32_t last_eid;
-
- /**
- * Number of SWID Tags in attribute
- */
- uint32_t tag_count;
-
- /**
- * SWID Tag Inventory
- */
- swid_inventory_t *inventory;
-
- /**
- * Reference count
- */
- refcount_t ref;
-};
-
-METHOD(pa_tnc_attr_t, get_type, pen_type_t,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->type;
-}
-
-METHOD(pa_tnc_attr_t, get_value, chunk_t,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->noskip_flag;
-}
-
-METHOD(pa_tnc_attr_t, set_noskip_flag,void,
- private_tcg_swid_attr_tag_inv_t *this, bool noskip)
-{
- this->noskip_flag = noskip;
-}
-
-METHOD(pa_tnc_attr_t, build, void,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- bio_writer_t *writer;
- swid_tag_t *tag;
- enumerator_t *enumerator;
-
- if (this->value.ptr)
- {
- return;
- }
-
- writer = bio_writer_create(TCG_SWID_TAG_INV_MIN_SIZE);
- writer->write_uint8 (writer, TCG_SWID_TAG_INV_RESERVED);
- writer->write_uint24(writer, this->inventory->get_count(this->inventory));
- writer->write_uint32(writer, this->request_id);
- writer->write_uint32(writer, this->eid_epoch);
- writer->write_uint32(writer, this->last_eid);
-
- enumerator = this->inventory->create_enumerator(this->inventory);
- while (enumerator->enumerate(enumerator, &tag))
- {
- writer->write_data16(writer, tag->get_instance_id(tag));
- writer->write_data32(writer, tag->get_encoding(tag));
- }
- enumerator->destroy(enumerator);
-
- this->value = writer->extract_buf(writer);
- this->segment = this->value;
- this->length = this->value.len;
- writer->destroy(writer);
-}
-
-METHOD(pa_tnc_attr_t, process, status_t,
- private_tcg_swid_attr_tag_inv_t *this, uint32_t *offset)
-{
- bio_reader_t *reader;
- uint8_t reserved;
- chunk_t tag_encoding, instance_id;
- swid_tag_t *tag;
- status_t status = NEED_MORE;
-
- if (this->offset == 0)
- {
- if (this->length < TCG_SWID_TAG_INV_MIN_SIZE)
- {
- DBG1(DBG_TNC, "insufficient data for %N/%N", pen_names, PEN_TCG,
- tcg_attr_names, this->type.type);
- *offset = this->offset;
- return FAILED;
- }
- if (this->value.len < TCG_SWID_TAG_INV_MIN_SIZE)
- {
- return NEED_MORE;
- }
- reader = bio_reader_create(this->value);
- reader->read_uint8 (reader, &reserved);
- reader->read_uint24(reader, &this->tag_count);
- reader->read_uint32(reader, &this->request_id);
- reader->read_uint32(reader, &this->eid_epoch);
- reader->read_uint32(reader, &this->last_eid);
- this->offset = TCG_SWID_TAG_INV_MIN_SIZE;
- this->value = reader->peek(reader);
- reader->destroy(reader);
- }
-
- reader = bio_reader_create(this->value);
-
- while (this->tag_count)
- {
- if (!reader->read_data16(reader, &instance_id) ||
- !reader->read_data32(reader, &tag_encoding))
- {
- goto end;
- }
- tag = swid_tag_create(tag_encoding, instance_id);
- this->inventory->add(this->inventory, tag);
- this->offset += this->value.len - reader->remaining(reader);
- this->value = reader->peek(reader);
-
- /* at least one tag was processed */
- status = SUCCESS;
- this->tag_count--;
- }
-
- if (this->length != this->offset)
- {
- DBG1(DBG_TNC, "inconsistent length for %N/%N", pen_names, PEN_TCG,
- tcg_attr_names, this->type.type);
- *offset = this->offset;
- status = FAILED;
- }
-
-end:
- reader->destroy(reader);
- return status;
-}
-
-METHOD(pa_tnc_attr_t, add_segment, void,
- private_tcg_swid_attr_tag_inv_t *this, chunk_t segment)
-{
- this->value = chunk_cat("cc", this->value, segment);
- chunk_free(&this->segment);
- this->segment = this->value;
-}
-
-METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- ref_get(&this->ref);
- return &this->public.pa_tnc_attribute;
-}
-
-METHOD(pa_tnc_attr_t, destroy, void,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- if (ref_put(&this->ref))
- {
- this->inventory->destroy(this->inventory);
- free(this->segment.ptr);
- free(this);
- }
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, add, void,
- private_tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag)
-{
- this->inventory->add(this->inventory, tag);
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, get_request_id, uint32_t,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->request_id;
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, get_last_eid, uint32_t,
- private_tcg_swid_attr_tag_inv_t *this, uint32_t *eid_epoch)
-{
- if (eid_epoch)
- {
- *eid_epoch = this->eid_epoch;
- }
- return this->last_eid;
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, get_tag_count, uint32_t,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->tag_count;
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, get_inventory, swid_inventory_t*,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- return this->inventory;
-}
-
-METHOD(tcg_swid_attr_tag_inv_t, clear_inventory, void,
- private_tcg_swid_attr_tag_inv_t *this)
-{
- this->inventory->destroy(this->inventory);
- this->inventory = swid_inventory_create(TRUE);
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_tag_inv_create(uint32_t request_id,
- uint32_t eid_epoch, uint32_t eid)
-{
- private_tcg_swid_attr_tag_inv_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .add_segment = _add_segment,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .add = _add,
- .get_request_id = _get_request_id,
- .get_last_eid = _get_last_eid,
- .get_tag_count = _get_tag_count,
- .get_inventory = _get_inventory,
- .clear_inventory = _clear_inventory,
- },
- .type = { PEN_TCG, TCG_SWID_TAG_INVENTORY },
- .request_id = request_id,
- .eid_epoch = eid_epoch,
- .last_eid = eid,
- .inventory = swid_inventory_create(TRUE),
- .ref = 1,
- );
-
- return &this->public.pa_tnc_attribute;
-}
-
-/**
- * Described in header.
- */
-pa_tnc_attr_t *tcg_swid_attr_tag_inv_create_from_data(size_t length,
- chunk_t data)
-{
- private_tcg_swid_attr_tag_inv_t *this;
-
- INIT(this,
- .public = {
- .pa_tnc_attribute = {
- .get_type = _get_type,
- .get_value = _get_value,
- .get_noskip_flag = _get_noskip_flag,
- .set_noskip_flag = _set_noskip_flag,
- .build = _build,
- .process = _process,
- .add_segment = _add_segment,
- .get_ref = _get_ref,
- .destroy = _destroy,
- },
- .add = _add,
- .get_request_id = _get_request_id,
- .get_last_eid = _get_last_eid,
- .get_tag_count = _get_tag_count,
- .get_inventory = _get_inventory,
- .clear_inventory = _clear_inventory,
- },
- .type = { PEN_TCG, TCG_SWID_TAG_INVENTORY },
- .length = length,
- .segment = chunk_clone(data),
- .inventory = swid_inventory_create(TRUE),
- .ref = 1,
- );
-
- /* received either complete attribute value or first segment */
- this->value = this->segment;
-
- return &this->public.pa_tnc_attribute;
-}
diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h b/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h
deleted file mode 100644
index 43ebd9e2a..000000000
--- a/src/libimcv/tcg/swid/tcg_swid_attr_tag_inv.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright (C) 2013-2014 Andreas Steffen
- * HSR Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * for more details.
- */
-
-/**
- * @defgroup tcg_swid_attr_tag_inv tcg_swid_attr_tag_inv
- * @{ @ingroup tcg_attr
- */
-
-#ifndef TCG_SWID_ATTR_TAG_INV_H_
-#define TCG_SWID_ATTR_TAG_INV_H_
-
-typedef struct tcg_swid_attr_tag_inv_t tcg_swid_attr_tag_inv_t;
-
-#include "tcg/tcg_attr.h"
-#include "swid/swid_tag.h"
-#include "swid/swid_inventory.h"
-
-#include <pa_tnc/pa_tnc_attr.h>
-
-#define TCG_SWID_TAG_INV_MIN_SIZE 16
-
-/**
- * Class implementing the TCG SWID Tag Inventory attribute
- *
- */
-struct tcg_swid_attr_tag_inv_t {
-
- /**
- * Public PA-TNC attribute interface
- */
- pa_tnc_attr_t pa_tnc_attribute;
-
- /**
- * Add a Tag ID to the attribute
- *
- * @param tag SWID Tag to be added
- */
- void (*add)(tcg_swid_attr_tag_inv_t *this, swid_tag_t *tag);
- /**
- * Get Request ID
- *
- * @return Request ID
- */
- uint32_t (*get_request_id)(tcg_swid_attr_tag_inv_t *this);
-
- /**
- * Get Last Event ID
- *
- * @param eid_epoch Event ID Epoch
- * @return Last Event ID
- */
- uint32_t (*get_last_eid)(tcg_swid_attr_tag_inv_t *this,
- uint32_t *eid_epoch);
-
- /**
- * Get count of remaining SWID tags
- *
- * @return SWID Tag count
- */
- uint32_t (*get_tag_count)(tcg_swid_attr_tag_inv_t *this);
-
- /**
- * Get Inventory of SWID tags
- *
- * @result SWID Tag Inventory
- */
- swid_inventory_t* (*get_inventory)(tcg_swid_attr_tag_inv_t *this);
-
- /**
- * Remove all SWID Tags from the Inventory
- */
- void (*clear_inventory)(tcg_swid_attr_tag_inv_t *this);
-
-};
-
-/**
- * Creates an tcg_swid_attr_tag_inv_t object
- *
- * @param request_id Copy of the Request ID
- * @param eid_epoch Event ID Epoch
- * @param eid Last Event ID
- */
-pa_tnc_attr_t* tcg_swid_attr_tag_inv_create(uint32_t request_id,
- uint32_t eid_epoch,
- uint32_t eid);
-
-/**
- * Creates an tcg_swid_attr_tag_inv_t object from received data
- *
- * @param length Total length of attribute value
- * @param value Unparsed attribute value (might be a segment)
- */
-pa_tnc_attr_t* tcg_swid_attr_tag_inv_create_from_data(size_t length,
- chunk_t value);
-
-#endif /** TCG_SWID_ATTR_TAG_INV_H_ @}*/
diff --git a/src/libimcv/tcg/tcg_attr.c b/src/libimcv/tcg/tcg_attr.c
index ab1fa43a5..f6b1df7ec 100644
--- a/src/libimcv/tcg/tcg_attr.c
+++ b/src/libimcv/tcg/tcg_attr.c
@@ -31,9 +31,6 @@
#include "tcg/pts/tcg_pts_attr_file_meas.h"
#include "tcg/pts/tcg_pts_attr_req_file_meta.h"
#include "tcg/pts/tcg_pts_attr_unix_file_meta.h"
-#include "tcg/swid/tcg_swid_attr_req.h"
-#include "tcg/swid/tcg_swid_attr_tag_id_inv.h"
-#include "tcg/swid/tcg_swid_attr_tag_inv.h"
#include "tcg/seg/tcg_seg_attr_max_size.h"
#include "tcg/seg/tcg_seg_attr_seg_env.h"
#include "tcg/seg/tcg_seg_attr_next_seg.h"
@@ -189,12 +186,6 @@ pa_tnc_attr_t* tcg_attr_create_from_data(uint32_t type, size_t length, chunk_t v
{
switch (type)
{
- case TCG_SWID_REQUEST:
- return tcg_swid_attr_req_create_from_data(length, value);
- case TCG_SWID_TAG_ID_INVENTORY:
- return tcg_swid_attr_tag_id_inv_create_from_data(length, value);
- case TCG_SWID_TAG_INVENTORY:
- return tcg_swid_attr_tag_inv_create_from_data(length, value);
case TCG_SEG_MAX_ATTR_SIZE_REQ:
return tcg_seg_attr_max_size_create_from_data(length, value, TRUE);
case TCG_SEG_MAX_ATTR_SIZE_RESP:
@@ -253,6 +244,9 @@ pa_tnc_attr_t* tcg_attr_create_from_data(uint32_t type, size_t length, chunk_t v
case TCG_PTS_UNIX_FILE_META:
return tcg_pts_attr_unix_file_meta_create_from_data(length, value);
/* unsupported TCG/SWID attributes */
+ case TCG_SWID_REQUEST:
+ case TCG_SWID_TAG_ID_INVENTORY:
+ case TCG_SWID_TAG_INVENTORY:
case TCG_SWID_TAG_ID_EVENTS:
case TCG_SWID_TAG_EVENTS:
case TCG_SWID_SUBSCRIPTION_STATUS_REQ:
diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in
index 834be0eeb..63074a965 100644
--- a/src/libipsec/Makefile.in
+++ b/src/libipsec/Makefile.in
@@ -353,7 +353,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -379,6 +378,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -399,8 +400,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -455,8 +454,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -485,8 +482,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libipsec/tests/Makefile.in b/src/libipsec/tests/Makefile.in
index ab5af4634..4f0b129f0 100644
--- a/src/libipsec/tests/Makefile.in
+++ b/src/libipsec/tests/Makefile.in
@@ -306,7 +306,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -332,6 +331,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -352,8 +353,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -408,8 +407,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -438,8 +435,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in
index c0119f12b..344cddce1 100644
--- a/src/libpttls/Makefile.in
+++ b/src/libpttls/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libpttls/pt_tls.h b/src/libpttls/pt_tls.h
index 3a1feae53..6f5bd160f 100644
--- a/src/libpttls/pt_tls.h
+++ b/src/libpttls/pt_tls.h
@@ -69,7 +69,7 @@ enum pt_tls_message_type_t {
extern enum_name_t *pt_tls_message_type_names;
/**
- * Result code for a single SASL mechansim, as sent in PT_TLS_SASL_RESULT
+ * Result code for a single SASL mechanism, as sent in PT_TLS_SASL_RESULT
*/
enum pt_tls_sasl_result_t {
PT_TLS_SASL_RESULT_SUCCESS = 0,
diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c
index 167918811..265a4a09a 100644
--- a/src/libpttls/pt_tls_client.c
+++ b/src/libpttls/pt_tls_client.c
@@ -225,7 +225,7 @@ static status_t do_sasl(private_pt_tls_client_t *this, sasl_mechanism_t *sasl)
reader->destroy(reader);
return SUCCESS;
case NEED_MORE:
- /* inacceptable, it won't get more. FALL */
+ /* unacceptable, it won't get more. FALL */
case FAILED:
default:
reader->destroy(reader);
diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in
index 4e5936ffc..73d1805a9 100644
--- a/src/libradius/Makefile.in
+++ b/src/libradius/Makefile.in
@@ -306,7 +306,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -332,6 +331,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -352,8 +353,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -408,8 +407,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -438,8 +435,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in
index edd978d78..331e8e920 100644
--- a/src/libsimaka/Makefile.in
+++ b/src/libsimaka/Makefile.in
@@ -309,7 +309,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -335,6 +334,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -355,8 +356,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -411,8 +410,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -441,8 +438,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 66539a879..e6d7ce74b 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -565,6 +565,13 @@ if MONOLITHIC
endif
endif
+if USE_BOTAN
+ SUBDIRS += plugins/botan
+if MONOLITHIC
+ libstrongswan_la_LIBADD += plugins/botan/libstrongswan-botan.la
+endif
+endif
+
if USE_FIPS_PRF
SUBDIRS += plugins/fips_prf
if MONOLITHIC
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index a0eb8b6b5..b6bb52740 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -220,35 +220,37 @@ host_triplet = @host@
@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_106 = plugins/openssl/libstrongswan-openssl.la
@USE_GCRYPT_TRUE@am__append_107 = plugins/gcrypt
@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_108 = plugins/gcrypt/libstrongswan-gcrypt.la
-@USE_FIPS_PRF_TRUE@am__append_109 = plugins/fips_prf
-@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_110 = plugins/fips_prf/libstrongswan-fips-prf.la
-@USE_AGENT_TRUE@am__append_111 = plugins/agent
-@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_112 = plugins/agent/libstrongswan-agent.la
-@USE_KEYCHAIN_TRUE@am__append_113 = plugins/keychain
-@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_114 = plugins/keychain/libstrongswan-keychain.la
-@USE_PKCS11_TRUE@am__append_115 = plugins/pkcs11
-@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_116 = plugins/pkcs11/libstrongswan-pkcs11.la
-@USE_CHAPOLY_TRUE@am__append_117 = plugins/chapoly
-@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_118 = plugins/chapoly/libstrongswan-chapoly.la
-@USE_CTR_TRUE@am__append_119 = plugins/ctr
-@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_120 = plugins/ctr/libstrongswan-ctr.la
-@USE_CCM_TRUE@am__append_121 = plugins/ccm
-@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_122 = plugins/ccm/libstrongswan-ccm.la
-@USE_GCM_TRUE@am__append_123 = plugins/gcm
-@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_124 = plugins/gcm/libstrongswan-gcm.la
-@USE_MGF1_TRUE@am__append_125 = plugins/mgf1
-@MONOLITHIC_TRUE@@USE_MGF1_TRUE@am__append_126 = plugins/mgf1/libstrongswan-mgf1.la
-@USE_NTRU_TRUE@am__append_127 = plugins/ntru
-@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_128 = plugins/ntru/libstrongswan-ntru.la
-@USE_BLISS_TRUE@am__append_129 = plugins/bliss
-@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_130 = plugins/bliss/libstrongswan-bliss.la
-@USE_NEWHOPE_TRUE@am__append_131 = plugins/newhope
-@MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE@am__append_132 = plugins/newhope/libstrongswan-newhope.la
-@USE_TEST_VECTORS_TRUE@am__append_133 = plugins/test_vectors
-@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_134 = plugins/test_vectors/libstrongswan-test-vectors.la
-@USE_LIBNTTFFT_TRUE@am__append_135 = math/libnttfft/tests
-@USE_BLISS_TRUE@am__append_136 = plugins/bliss/tests
-@USE_NEWHOPE_TRUE@am__append_137 = plugins/newhope/tests
+@USE_BOTAN_TRUE@am__append_109 = plugins/botan
+@MONOLITHIC_TRUE@@USE_BOTAN_TRUE@am__append_110 = plugins/botan/libstrongswan-botan.la
+@USE_FIPS_PRF_TRUE@am__append_111 = plugins/fips_prf
+@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_112 = plugins/fips_prf/libstrongswan-fips-prf.la
+@USE_AGENT_TRUE@am__append_113 = plugins/agent
+@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_114 = plugins/agent/libstrongswan-agent.la
+@USE_KEYCHAIN_TRUE@am__append_115 = plugins/keychain
+@MONOLITHIC_TRUE@@USE_KEYCHAIN_TRUE@am__append_116 = plugins/keychain/libstrongswan-keychain.la
+@USE_PKCS11_TRUE@am__append_117 = plugins/pkcs11
+@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_118 = plugins/pkcs11/libstrongswan-pkcs11.la
+@USE_CHAPOLY_TRUE@am__append_119 = plugins/chapoly
+@MONOLITHIC_TRUE@@USE_CHAPOLY_TRUE@am__append_120 = plugins/chapoly/libstrongswan-chapoly.la
+@USE_CTR_TRUE@am__append_121 = plugins/ctr
+@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_122 = plugins/ctr/libstrongswan-ctr.la
+@USE_CCM_TRUE@am__append_123 = plugins/ccm
+@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_124 = plugins/ccm/libstrongswan-ccm.la
+@USE_GCM_TRUE@am__append_125 = plugins/gcm
+@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_126 = plugins/gcm/libstrongswan-gcm.la
+@USE_MGF1_TRUE@am__append_127 = plugins/mgf1
+@MONOLITHIC_TRUE@@USE_MGF1_TRUE@am__append_128 = plugins/mgf1/libstrongswan-mgf1.la
+@USE_NTRU_TRUE@am__append_129 = plugins/ntru
+@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_130 = plugins/ntru/libstrongswan-ntru.la
+@USE_BLISS_TRUE@am__append_131 = plugins/bliss
+@MONOLITHIC_TRUE@@USE_BLISS_TRUE@am__append_132 = plugins/bliss/libstrongswan-bliss.la
+@USE_NEWHOPE_TRUE@am__append_133 = plugins/newhope
+@MONOLITHIC_TRUE@@USE_NEWHOPE_TRUE@am__append_134 = plugins/newhope/libstrongswan-newhope.la
+@USE_TEST_VECTORS_TRUE@am__append_135 = plugins/test_vectors
+@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_136 = plugins/test_vectors/libstrongswan-test-vectors.la
+@USE_LIBNTTFFT_TRUE@am__append_137 = math/libnttfft/tests
+@USE_BLISS_TRUE@am__append_138 = plugins/bliss/tests
+@USE_NEWHOPE_TRUE@am__append_139 = plugins/newhope/tests
subdir = src/libstrongswan
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
@@ -328,7 +330,8 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__append_112) $(am__append_114) $(am__append_116) \
$(am__append_118) $(am__append_120) $(am__append_122) \
$(am__append_124) $(am__append_126) $(am__append_128) \
- $(am__append_130) $(am__append_132) $(am__append_134)
+ $(am__append_130) $(am__append_132) $(am__append_134) \
+ $(am__append_136)
am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \
asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \
bio/bio_writer.c collections/blocking_queue.c \
@@ -665,10 +668,10 @@ DIST_SUBDIRS = . math/libnttfft plugins/af_alg plugins/aes plugins/des \
plugins/sshkey plugins/pem plugins/curl plugins/files \
plugins/winhttp plugins/unbound plugins/soup plugins/ldap \
plugins/mysql plugins/sqlite plugins/padlock plugins/openssl \
- plugins/gcrypt plugins/fips_prf plugins/agent plugins/keychain \
- plugins/pkcs11 plugins/chapoly plugins/ctr plugins/ccm \
- plugins/gcm plugins/mgf1 plugins/ntru plugins/bliss \
- plugins/newhope plugins/test_vectors tests \
+ plugins/gcrypt plugins/botan plugins/fips_prf plugins/agent \
+ plugins/keychain plugins/pkcs11 plugins/chapoly plugins/ctr \
+ plugins/ccm plugins/gcm plugins/mgf1 plugins/ntru \
+ plugins/bliss plugins/newhope plugins/test_vectors tests \
math/libnttfft/tests plugins/bliss/tests plugins/newhope/tests
am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \
$(top_srcdir)/ylwrap settings/settings_lexer.c \
@@ -798,7 +801,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -824,6 +826,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -844,8 +848,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -900,8 +902,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -930,8 +930,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -1080,7 +1084,7 @@ libstrongswan_la_LIBADD = $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \
$(am__append_114) $(am__append_116) $(am__append_118) \
$(am__append_120) $(am__append_122) $(am__append_124) \
$(am__append_126) $(am__append_128) $(am__append_130) \
- $(am__append_132) $(am__append_134)
+ $(am__append_132) $(am__append_134) $(am__append_136)
AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \
-DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \
-DPLUGINDIR=\"${plugindir}\" \
@@ -1142,8 +1146,9 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c
@MONOLITHIC_FALSE@ $(am__append_121) $(am__append_123) \
@MONOLITHIC_FALSE@ $(am__append_125) $(am__append_127) \
@MONOLITHIC_FALSE@ $(am__append_129) $(am__append_131) \
-@MONOLITHIC_FALSE@ $(am__append_133) tests $(am__append_135) \
-@MONOLITHIC_FALSE@ $(am__append_136) $(am__append_137)
+@MONOLITHIC_FALSE@ $(am__append_133) $(am__append_135) tests \
+@MONOLITHIC_FALSE@ $(am__append_137) $(am__append_138) \
+@MONOLITHIC_FALSE@ $(am__append_139)
# build unit tests
##################
@@ -1175,8 +1180,9 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c
@MONOLITHIC_TRUE@ $(am__append_121) $(am__append_123) \
@MONOLITHIC_TRUE@ $(am__append_125) $(am__append_127) \
@MONOLITHIC_TRUE@ $(am__append_129) $(am__append_131) \
-@MONOLITHIC_TRUE@ $(am__append_133) . tests $(am__append_135) \
-@MONOLITHIC_TRUE@ $(am__append_136) $(am__append_137)
+@MONOLITHIC_TRUE@ $(am__append_133) $(am__append_135) . tests \
+@MONOLITHIC_TRUE@ $(am__append_137) $(am__append_138) \
+@MONOLITHIC_TRUE@ $(am__append_139)
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-recursive
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 79cb17ed1..aa649e969 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -825,7 +825,6 @@ chunk_t asn1_simple_object(asn1_t tag, chunk_t content)
u_char *pos = asn1_build_object(&object, tag, content.len);
memcpy(pos, content.ptr, content.len);
- pos += content.len;
return object;
}
diff --git a/src/libstrongswan/bio/bio_reader.c b/src/libstrongswan/bio/bio_reader.c
index 82e405002..e6b459bbf 100644
--- a/src/libstrongswan/bio/bio_reader.c
+++ b/src/libstrongswan/bio/bio_reader.c
@@ -122,13 +122,16 @@ static bool read_uint16_internal(private_bio_reader_t *this, uint16_t *res,
static bool read_uint24_internal(private_bio_reader_t *this, uint32_t *res,
bool from_end)
{
+ uint32_t tmp;
+
if (this->buf.len < 3)
{
DBG1(DBG_LIB, "%d bytes insufficient to parse u_int24 data",
this->buf.len);
return FALSE;
}
- *res = untoh32(get_ptr_end(this, 3, from_end)) >> 8;
+ memcpy(&tmp, get_ptr_end(this, 3, from_end), 3);
+ *res = ntohl(tmp) >> 8;
this->buf = chunk_skip_end(this->buf, 3, from_end);
return TRUE;
}
diff --git a/src/libstrongswan/bio/bio_reader.h b/src/libstrongswan/bio/bio_reader.h
index fbca8bdf5..859fa8a73 100644
--- a/src/libstrongswan/bio/bio_reader.h
+++ b/src/libstrongswan/bio/bio_reader.h
@@ -142,7 +142,7 @@ struct bio_reader_t {
* Read a chunk of len bytes from the end of the buffer, reduce remaining.
*
* @param len number of bytes to read
- * @param res ponter to result, not cloned
+ * @param res pointer to result, not cloned
* @return TRUE if data read successfully
*/
bool (*read_data_end)(bio_reader_t *this, uint32_t len, chunk_t *res);
diff --git a/src/libstrongswan/collections/linked_list.c b/src/libstrongswan/collections/linked_list.c
index 5ad7360d6..c7342c6d6 100644
--- a/src/libstrongswan/collections/linked_list.c
+++ b/src/libstrongswan/collections/linked_list.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2015 Tobias Brunner
+ * Copyright (C) 2007-2018 Tobias Brunner
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -111,7 +111,7 @@ struct private_enumerator_t {
/**
* implements enumerator interface
*/
- enumerator_t enumerator;
+ enumerator_t public;
/**
* associated linked list
@@ -122,35 +122,19 @@ struct private_enumerator_t {
* current item
*/
element_t *current;
-
- /**
- * enumerator has enumerated all items
- */
- bool finished;
};
-METHOD(enumerator_t, enumerate, bool,
- private_enumerator_t *this, va_list args)
+/**
+ * Enumerate the current item
+ */
+static bool do_enumerate(private_enumerator_t *this, va_list args)
{
void **item;
VA_ARGS_VGET(args, item);
- if (this->finished)
- {
- return FALSE;
- }
if (!this->current)
{
- this->current = this->list->first;
- }
- else
- {
- this->current = this->current->next;
- }
- if (!this->current)
- {
- this->finished = TRUE;
return FALSE;
}
if (item)
@@ -160,28 +144,46 @@ METHOD(enumerator_t, enumerate, bool,
return TRUE;
}
+METHOD(enumerator_t, enumerate_next, bool,
+ private_enumerator_t *this, va_list args)
+{
+ if (this->current)
+ {
+ this->current = this->current->next;
+ }
+ return do_enumerate(this, args);
+}
+
+METHOD(enumerator_t, enumerate_current, bool,
+ private_enumerator_t *this, va_list args)
+{
+ this->public.venumerate = _enumerate_next;
+ return do_enumerate(this, args);
+}
+
METHOD(linked_list_t, create_enumerator, enumerator_t*,
private_linked_list_t *this)
{
private_enumerator_t *enumerator;
INIT(enumerator,
- .enumerator = {
+ .public = {
.enumerate = enumerator_enumerate_default,
- .venumerate = _enumerate,
+ .venumerate = _enumerate_current,
.destroy = (void*)free,
},
.list = this,
+ .current = this->first,
);
- return &enumerator->enumerator;
+ return &enumerator->public;
}
METHOD(linked_list_t, reset_enumerator, void,
private_linked_list_t *this, private_enumerator_t *enumerator)
{
- enumerator->current = NULL;
- enumerator->finished = FALSE;
+ enumerator->current = this->first;
+ enumerator->public.venumerate = _enumerate_current;
}
METHOD(linked_list_t, get_count, int,
@@ -298,14 +300,7 @@ METHOD(linked_list_t, insert_before, void,
current = enumerator->current;
if (!current)
{
- if (enumerator->finished)
- {
- this->public.insert_last(&this->public, item);
- }
- else
- {
- this->public.insert_first(&this->public, item);
- }
+ insert_last(this, item);
return;
}
element = element_create(item);
@@ -377,7 +372,9 @@ METHOD(linked_list_t, remove_at, void,
if (enumerator->current)
{
current = enumerator->current;
- enumerator->current = current->previous;
+ enumerator->current = current->next;
+ /* the enumerator already points to the next item */
+ enumerator->public.venumerate = _enumerate_current;
remove_element(this, current);
}
}
diff --git a/src/libstrongswan/collections/linked_list.h b/src/libstrongswan/collections/linked_list.h
index a9cb7f0d4..315fb0520 100644
--- a/src/libstrongswan/collections/linked_list.h
+++ b/src/libstrongswan/collections/linked_list.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2007-2017 Tobias Brunner
+ * Copyright (C) 2007-2018 Tobias Brunner
* Copyright (C) 2005-2008 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -102,12 +102,17 @@ struct linked_list_t {
/**
* Inserts a new item before the item the enumerator currently points to.
*
- * If this method is called before starting the enumeration the item is
- * inserted first. If it is called after all items have been enumerated
- * the item is inserted last. This is helpful when inserting items into
- * a sorted list.
+ * If this method is called after all items have been enumerated, the item
+ * is inserted last. This is helpful when inserting items into a sorted
+ * list.
*
- * @note The position of the enumerator is not changed.
+ * @note The position of the enumerator is not changed. So it is safe to
+ * call this before or after remove_at() to replace the item at the current
+ * position (the enumerator will continue with the next item in the list).
+ * And in particular, when inserting an item before calling enumerate(),
+ * the enumeration will continue (or start) at the item that was first in
+ * the list before any items were inserted (enumerate() will return FALSE
+ * if the list was empty before).
*
* @param enumerator enumerator with position
* @param item item value to insert in list
@@ -118,6 +123,10 @@ struct linked_list_t {
/**
* Remove an item from the list where the enumerator points to.
*
+ * If this method is called before calling enumerate() of the enumerator,
+ * the first item in the list, if any, will be removed. No item is removed,
+ * if the method is called after enumerating all items.
+ *
* @param enumerator enumerator with position
*/
void (*remove_at)(linked_list_t *this, enumerator_t *enumerator);
diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h
index b473223e4..38c40c87d 100644
--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@@ -141,7 +141,7 @@ extern enum_name_t *auth_rule_names;
* RFC4739 defines multiple authentication rounds. This class defines such
* a round from a configuration perspective, either for the local or the remote
* peer. Local configs are called "rulesets". They define how we authenticate.
- * Remote peer configs are called "constraits". They define what is needed to
+ * Remote peer configs are called "constraints". They define what is needed to
* complete the authentication round successfully.
*
* @verbatim
diff --git a/src/libstrongswan/credentials/certificates/certificate_printer.h b/src/libstrongswan/credentials/certificates/certificate_printer.h
index 7953eb060..747cc21ae 100644
--- a/src/libstrongswan/credentials/certificates/certificate_printer.h
+++ b/src/libstrongswan/credentials/certificates/certificate_printer.h
@@ -62,7 +62,7 @@ struct certificate_printer_t {
*
* @param f file where print output is directed to (usually stdout)
* @param detailed print more detailed certificate information
- * @param utc print time inforamtion in UTC
+ * @param utc print time information in UTC
*/
certificate_printer_t* certificate_printer_create(FILE *f, bool detailed,
bool utc);
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 877ed20a2..a98a33d20 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -106,9 +106,9 @@ enum signature_scheme_t {
SIGN_ECDSA_384,
/** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
SIGN_ECDSA_521,
- /** PureEdDSA on Curve25519 as in draft-ietf-curdle-pkix (RFC TBA) */
+ /** PureEdDSA on Curve25519 as in RFC 8410 */
SIGN_ED25519,
- /** PureEdDSA on Curve448 as in draft-ietf-curdle-pkix (RFC TBA) */
+ /** PureEdDSA on Curve448 as in RFC 8410 */
SIGN_ED448,
/** BLISS with SHA-2_256 */
SIGN_BLISS_WITH_SHA2_256,
diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c
index 2294eaff7..97209953a 100644
--- a/src/libstrongswan/credentials/keys/shared_key.c
+++ b/src/libstrongswan/credentials/keys/shared_key.c
@@ -15,12 +15,14 @@
#include "shared_key.h"
-ENUM(shared_key_type_names, SHARED_ANY, SHARED_PIN,
+ENUM(shared_key_type_names, SHARED_ANY, SHARED_PPK,
"ANY",
"IKE",
"EAP",
"PRIVATE_KEY_PASS",
"PIN",
+ "NTLM",
+ "PPK",
);
typedef struct private_shared_key_t private_shared_key_t;
@@ -93,7 +95,7 @@ shared_key_t *shared_key_create(shared_key_type_t type, chunk_t key)
.get_key = _get_key,
.get_ref = _get_ref,
.destroy = _destroy,
- },
+ },
.type = type,
.key = key,
.ref = 1,
diff --git a/src/libstrongswan/credentials/keys/shared_key.h b/src/libstrongswan/credentials/keys/shared_key.h
index d97139de2..44e6f0460 100644
--- a/src/libstrongswan/credentials/keys/shared_key.h
+++ b/src/libstrongswan/credentials/keys/shared_key.h
@@ -43,6 +43,8 @@ enum shared_key_type_t {
SHARED_PIN,
/** Calculated NT Hash = MD4(UTF-16LE(password)) */
SHARED_NT_HASH,
+ /** Postquantum Preshared Key */
+ SHARED_PPK,
};
/**
diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h
index 4f61ba1fc..7f048c620 100644
--- a/src/libstrongswan/crypto/crypto_factory.h
+++ b/src/libstrongswan/crypto/crypto_factory.h
@@ -177,7 +177,7 @@ struct crypto_factory_t {
* Register a crypter constructor.
*
* @param algo algorithm to constructor
- * @param key size key size to peform benchmarking for
+ * @param key size key size to perform benchmarking for
* @param plugin_name plugin that registered this algorithm
* @param create constructor function for that algorithm
* @return TRUE if registered, FALSE if test vector failed
@@ -204,7 +204,7 @@ struct crypto_factory_t {
* Register a aead constructor.
*
* @param algo algorithm to constructor
- * @param key size key size to peform benchmarking for
+ * @param key size key size to perform benchmarking for
* @param plugin_name plugin that registered this algorithm
* @param create constructor function for that algorithm
* @return TRUE if registered, FALSE if test vector failed
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index 41654553d..f4f57d917 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -40,7 +40,7 @@ enum hash_algorithm_t {
HASH_SHA256 = 2,
HASH_SHA384 = 3,
HASH_SHA512 = 4,
- /* draft-ietf-ipsecme-eddsa (RFC TBA) */
+ /* RFC 8420 */
HASH_IDENTITY = 5,
/* use private use range for algorithms not defined/permitted by RFC 7427 */
HASH_UNKNOWN = 1024,
diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c
index d671879c0..952608997 100644
--- a/src/libstrongswan/crypto/proposal/proposal.c
+++ b/src/libstrongswan/crypto/proposal/proposal.c
@@ -335,22 +335,16 @@ METHOD(proposal_t, strip_dh, void,
}
/**
- * Select a matching proposal from this and other, insert into selected.
+ * Select a matching proposal from this and other.
*/
static bool select_algo(private_proposal_t *this, proposal_t *other,
- proposal_t *selected, transform_type_t type, bool priv)
+ transform_type_t type, bool priv, bool log,
+ uint16_t *alg, uint16_t *ks)
{
enumerator_t *e1, *e2;
uint16_t alg1, alg2, ks1, ks2;
bool found = FALSE, optional = FALSE;
- if (type == INTEGRITY_ALGORITHM &&
- selected->get_algorithm(selected, ENCRYPTION_ALGORITHM, &alg1, NULL) &&
- encryption_algorithm_is_aead(alg1))
- {
- /* no integrity algorithm required, we have an AEAD */
- return TRUE;
- }
if (type == DIFFIE_HELLMAN_GROUP)
{
optional = this->protocol == PROTO_ESP || this->protocol == PROTO_AH;
@@ -398,26 +392,79 @@ static bool select_algo(private_proposal_t *this, proposal_t *other,
{
if (!priv && alg1 >= 1024)
{
- /* accept private use algorithms only if requested */
- DBG1(DBG_CFG, "an algorithm from private space would match, "
- "but peer implementation is unknown, skipped");
+ if (log)
+ {
+ DBG1(DBG_CFG, "an algorithm from private space would "
+ "match, but peer implementation is unknown, "
+ "skipped");
+ }
continue;
}
- selected->add_algorithm(selected, type, alg1, ks1);
+ *alg = alg1;
+ *ks = ks1;
found = TRUE;
break;
}
}
}
- /* no match in all comparisons */
e1->destroy(e1);
e2->destroy(e2);
+ return found;
+}
- if (!found)
+/**
+ * Select algorithms from the given proposals, if selected is given, the result
+ * is stored there and errors are logged.
+ */
+static bool select_algos(private_proposal_t *this, proposal_t *other,
+ proposal_t *selected, bool private)
+{
+ transform_type_t type;
+ array_t *types;
+ bool skip_integrity = FALSE;
+ int i;
+
+ types = merge_types(this, (private_proposal_t*)other);
+ for (i = 0; i < array_count(types); i++)
{
- DBG2(DBG_CFG, " no acceptable %N found", transform_type_names, type);
+ uint16_t alg = 0, ks = 0;
+
+ array_get(types, i, &type);
+ if (type == INTEGRITY_ALGORITHM && skip_integrity)
+ {
+ continue;
+ }
+ if (select_algo(this, other, type, private, selected != NULL, &alg, &ks))
+ {
+ if (alg == 0 && type != EXTENDED_SEQUENCE_NUMBERS)
+ { /* 0 is "valid" for extended sequence numbers, for other
+ * transforms it either means NONE or is reserved */
+ continue;
+ }
+ if (selected)
+ {
+ selected->add_algorithm(selected, type, alg, ks);
+ }
+ if (type == ENCRYPTION_ALGORITHM &&
+ encryption_algorithm_is_aead(alg))
+ {
+ /* no integrity algorithm required, we have an AEAD */
+ skip_integrity = TRUE;
+ }
+ }
+ else
+ {
+ if (selected)
+ {
+ DBG2(DBG_CFG, " no acceptable %N found", transform_type_names,
+ type);
+ }
+ array_destroy(types);
+ return FALSE;
+ }
}
- return found;
+ array_destroy(types);
+ return TRUE;
}
METHOD(proposal_t, select_proposal, proposal_t*,
@@ -425,9 +472,6 @@ METHOD(proposal_t, select_proposal, proposal_t*,
bool private)
{
proposal_t *selected;
- transform_type_t type;
- array_t *types;
- int i;
DBG2(DBG_CFG, "selecting proposal:");
@@ -448,23 +492,25 @@ METHOD(proposal_t, select_proposal, proposal_t*,
selected->set_spi(selected, this->spi);
}
- types = merge_types(this, (private_proposal_t*)other);
- for (i = 0; i < array_count(types); i++)
+ if (!select_algos(this, other, selected, private))
{
- array_get(types, i, &type);
- if (!select_algo(this, other, selected, type, private))
- {
- selected->destroy(selected);
- array_destroy(types);
- return NULL;
- }
+ selected->destroy(selected);
+ return NULL;
}
- array_destroy(types);
-
DBG2(DBG_CFG, " proposal matches");
return selected;
}
+METHOD(proposal_t, matches, bool,
+ private_proposal_t *this, proposal_t *other, bool private)
+{
+ if (this->protocol != other->get_protocol(other))
+ {
+ return FALSE;
+ }
+ return select_algos(this, other, NULL, private);
+}
+
METHOD(proposal_t, get_protocol, protocol_id_t,
private_proposal_t *this)
{
@@ -910,6 +956,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number)
.promote_dh_group = _promote_dh_group,
.strip_dh = _strip_dh,
.select = _select_proposal,
+ .matches = _matches,
.get_protocol = _get_protocol,
.set_spi = _set_spi,
.get_spi = _get_spi,
diff --git a/src/libstrongswan/crypto/proposal/proposal.h b/src/libstrongswan/crypto/proposal/proposal.h
index 0052674b9..338324326 100644
--- a/src/libstrongswan/crypto/proposal/proposal.h
+++ b/src/libstrongswan/crypto/proposal/proposal.h
@@ -34,7 +34,6 @@ typedef struct proposal_t proposal_t;
#include <crypto/crypters/crypter.h>
#include <crypto/signers/signer.h>
#include <crypto/diffie_hellman.h>
-#include <selectors/traffic_selector.h>
/**
* Protocol ID of a proposal.
@@ -144,6 +143,17 @@ struct proposal_t {
bool other_remote, bool private);
/**
+ * Check if the given proposal matches this proposal.
+ *
+ * This is similar to select, but no resulting proposal is selected.
+ *
+ * @param other proposal to compare against
+ * @param private accepts algorithms allocated in a private range
+ * @return TRUE if the proposals match
+ */
+ bool (*matches)(proposal_t *this, proposal_t *other, bool private);
+
+ /**
* Get the protocol ID of the proposal.
*
* @return protocol of the proposal
diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c
index 16dbf8d41..6f19cc751 100644
--- a/src/libstrongswan/ipsec/ipsec_types.c
+++ b/src/libstrongswan/ipsec/ipsec_types.c
@@ -43,6 +43,13 @@ ENUM(hw_offload_names, HW_OFFLOAD_NO, HW_OFFLOAD_AUTO,
"auto",
);
+ENUM(dscp_copy_names, DSCP_COPY_OUT_ONLY, DSCP_COPY_NO,
+ "out",
+ "in",
+ "yes",
+ "no",
+);
+
/*
* See header
*/
@@ -62,7 +69,7 @@ bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b)
/*
* See header
*/
-bool mark_from_string(const char *value, mark_t *mark)
+bool mark_from_string(const char *value, mark_op_t ops, mark_t *mark)
{
char *endptr;
@@ -72,6 +79,11 @@ bool mark_from_string(const char *value, mark_t *mark)
}
if (strcasepfx(value, "%unique"))
{
+ if (!(ops & MARK_OP_UNIQUE))
+ {
+ DBG1(DBG_APP, "unexpected use of %%unique mark", value);
+ return FALSE;
+ }
endptr = (char*)value + strlen("%unique");
if (strcasepfx(endptr, "-dir"))
{
@@ -88,6 +100,24 @@ bool mark_from_string(const char *value, mark_t *mark)
return FALSE;
}
}
+ else if (strcasepfx(value, "%same"))
+ {
+ if (!(ops & MARK_OP_SAME))
+ {
+ DBG1(DBG_APP, "unexpected use of %%same mark", value);
+ return FALSE;
+ }
+ endptr = (char*)value + strlen("%same");
+ if (!*endptr || *endptr == '/')
+ {
+ mark->value = MARK_SAME;
+ }
+ else
+ {
+ DBG1(DBG_APP, "invalid mark value: %s", value);
+ return FALSE;
+ }
+ }
else
{
mark->value = strtoul(value, &endptr, 0);
diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h
index 4e6e2d9dc..7b7bd3743 100644
--- a/src/libstrongswan/ipsec/ipsec_types.h
+++ b/src/libstrongswan/ipsec/ipsec_types.h
@@ -27,6 +27,8 @@ typedef enum policy_type_t policy_type_t;
typedef enum policy_priority_t policy_priority_t;
typedef enum ipcomp_transform_t ipcomp_transform_t;
typedef enum hw_offload_t hw_offload_t;
+typedef enum dscp_copy_t dscp_copy_t;
+typedef enum mark_op_t mark_op_t;
typedef struct ipsec_sa_cfg_t ipsec_sa_cfg_t;
typedef struct lifetime_cfg_t lifetime_cfg_t;
typedef struct mark_t mark_t;
@@ -132,6 +134,22 @@ enum hw_offload_t {
extern enum_name_t *hw_offload_names;
/**
+ * DSCP header field copy behavior (the default is not to copy from outer
+ * to inner header)
+ */
+enum dscp_copy_t {
+ DSCP_COPY_OUT_ONLY,
+ DSCP_COPY_IN_ONLY,
+ DSCP_COPY_YES,
+ DSCP_COPY_NO,
+};
+
+/**
+ * enum strings for dscp_copy_t.
+ */
+extern enum_name_t *dscp_copy_names;
+
+/**
* This struct contains details about IPsec SA(s) tied to a policy.
*/
struct ipsec_sa_cfg_t {
@@ -197,15 +215,29 @@ struct mark_t {
*/
#define MARK_UNIQUE (0xFFFFFFFF)
#define MARK_UNIQUE_DIR (0xFFFFFFFE)
+#define MARK_SAME (0xFFFFFFFF)
#define MARK_IS_UNIQUE(m) ((m) == MARK_UNIQUE || (m) == MARK_UNIQUE_DIR)
/**
+ * Special mark operations to accept when parsing marks.
+ */
+enum mark_op_t {
+ /** none of the following */
+ MARK_OP_NONE = 0,
+ /** %unique and %unique-dir */
+ MARK_OP_UNIQUE = (1<<0),
+ /** %same */
+ MARK_OP_SAME = (1<<1),
+};
+
+/**
* Try to parse a mark_t from the given string of the form mark[/mask].
*
* @param value string to parse
+ * @param ops operations to accept
* @param mark mark to fill
* @return TRUE if parsing was successful
*/
-bool mark_from_string(const char *value, mark_t *mark);
+bool mark_from_string(const char *value, mark_op_t ops, mark_t *mark);
#endif /** IPSEC_TYPES_H_ @}*/
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index 86b275dad..ad5d9ab36 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2009-2016 Tobias Brunner
+ * Copyright (C) 2009-2018 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -54,7 +54,7 @@ struct private_library_t {
/**
* Integrity check failed?
*/
- bool integrity_failed;
+ bool init_failed;
#ifdef LEAK_DETECTIVE
/**
@@ -306,7 +306,7 @@ bool library_init(char *settings, const char *namespace)
{ /* already initialized, increase refcount */
this = (private_library_t*)lib;
ref_get(&this->ref);
- return !this->integrity_failed;
+ return !this->init_failed;
}
chunk_hash_seed();
@@ -376,7 +376,14 @@ bool library_init(char *settings, const char *namespace)
this->objects = hashtable_create((hashtable_hash_t)hash,
(hashtable_equals_t)equals, 4);
- this->public.settings = settings_create(this->public.conf);
+ this->public.settings = settings_create(NULL);
+ if (!this->public.settings->load_files(this->public.settings,
+ this->public.conf, FALSE))
+ {
+ DBG1(DBG_LIB, "abort initialization due to invalid configuration");
+ this->init_failed = TRUE;
+ }
+
/* add registered aliases */
for (i = 0; i < ns_count; ++i)
{
@@ -416,15 +423,15 @@ bool library_init(char *settings, const char *namespace)
if (!lib->integrity->check(lib->integrity, "libstrongswan", library_init))
{
DBG1(DBG_LIB, "integrity check of libstrongswan failed");
- this->integrity_failed = TRUE;
+ this->init_failed = TRUE;
}
#else /* !INTEGRITY_TEST */
DBG1(DBG_LIB, "integrity test enabled, but not supported");
- this->integrity_failed = TRUE;
+ this->init_failed = TRUE;
#endif /* INTEGRITY_TEST */
}
diffie_hellman_init();
- return !this->integrity_failed;
+ return !this->init_failed;
}
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index 53f371c51..6409d3cae 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2016 Tobias Brunner
+ * Copyright (C) 2010-2018 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -258,11 +258,12 @@ struct library_t {
*
* The settings and namespace arguments are only used on the first call.
*
- * @param settings file to read settings from, may be NULL for default
+ * @param settings file to read settings from, may be NULL for default or
+ * "" to not load any settings
* @param namespace name of the binary that uses the library, determines
* the first section name when reading config options.
* Defaults to libstrongswan if NULL.
- * @return FALSE if integrity check failed
+ * @return FALSE if integrity check failed or settings are invalid
*/
bool library_init(char *settings, const char *namespace);
diff --git a/src/libstrongswan/math/libnttfft/Makefile.in b/src/libstrongswan/math/libnttfft/Makefile.in
index 02175a926..da58b25ae 100644
--- a/src/libstrongswan/math/libnttfft/Makefile.in
+++ b/src/libstrongswan/math/libnttfft/Makefile.in
@@ -304,7 +304,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -330,6 +329,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -350,8 +351,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -406,8 +405,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -436,8 +433,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/math/libnttfft/tests/Makefile.in b/src/libstrongswan/math/libnttfft/tests/Makefile.in
index 8d0e02bb6..9888a8c89 100644
--- a/src/libstrongswan/math/libnttfft/tests/Makefile.in
+++ b/src/libstrongswan/math/libnttfft/tests/Makefile.in
@@ -308,7 +308,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -334,6 +333,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -354,8 +355,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -410,8 +409,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -440,8 +437,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/networking/streams/stream_service_unix.c b/src/libstrongswan/networking/streams/stream_service_unix.c
index a9b71d6fd..ef967e817 100644
--- a/src/libstrongswan/networking/streams/stream_service_unix.c
+++ b/src/libstrongswan/networking/streams/stream_service_unix.c
@@ -59,13 +59,27 @@ stream_service_t *stream_service_create_unix(char *uri, int backlog)
return NULL;
}
umask(old);
- /* only attempt to chown() socket if we have CAP_CHOWN */
- if (lib->caps->check(lib->caps, CAP_CHOWN) &&
- chown(addr.sun_path, lib->caps->get_uid(lib->caps),
- lib->caps->get_gid(lib->caps)) != 0)
+ /* Only attempt to change owner of socket if we have CAP_CHOWN. Otherwise,
+ * attempt to change group of socket to group under which charon runs after
+ * dropping caps. This requires the user that charon starts as to:
+ * a) Have write access to the socket dir.
+ * b) Belong to the group that charon will run under after dropping caps. */
+ if (lib->caps->check(lib->caps, CAP_CHOWN))
{
- DBG1(DBG_NET, "changing socket permissions for '%s' failed: %s",
- uri, strerror(errno));
+ if (chown(addr.sun_path, lib->caps->get_uid(lib->caps),
+ lib->caps->get_gid(lib->caps)) != 0)
+ {
+ DBG1(DBG_NET, "changing socket owner/group for '%s' failed: %s",
+ uri, strerror(errno));
+ }
+ }
+ else
+ {
+ if (chown(addr.sun_path, -1, lib->caps->get_gid(lib->caps)) != 0)
+ {
+ DBG1(DBG_NET, "changing socket group for '%s' failed: %s",
+ uri, strerror(errno));
+ }
}
if (listen(fd, backlog) < 0)
{
diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in
index 36067a3ff..40282553f 100644
--- a/src/libstrongswan/plugins/acert/Makefile.in
+++ b/src/libstrongswan/plugins/acert/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index d3817e12a..495b4598e 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in
index fdcfc099e..db0ed83b2 100644
--- a/src/libstrongswan/plugins/aesni/Makefile.in
+++ b/src/libstrongswan/plugins/aesni/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in
index 6b4a7fe5f..eb8a4132e 100644
--- a/src/libstrongswan/plugins/af_alg/Makefile.in
+++ b/src/libstrongswan/plugins/af_alg/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index 12a44870c..8f4122a0e 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in
index b98d367f1..ab7117a9b 100644
--- a/src/libstrongswan/plugins/bliss/Makefile.in
+++ b/src/libstrongswan/plugins/bliss/Makefile.in
@@ -335,7 +335,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -361,6 +360,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -381,8 +382,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -437,8 +436,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -467,8 +464,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in
index 015f40a00..bda5fd160 100644
--- a/src/libstrongswan/plugins/bliss/tests/Makefile.in
+++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index 2f122b5a8..31b1fd38d 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/botan/Makefile.am b/src/libstrongswan/plugins/botan/Makefile.am
new file mode 100644
index 000000000..c1160145a
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/Makefile.am
@@ -0,0 +1,32 @@
+AM_CPPFLAGS = \
+ -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = \
+ $(PLUGIN_CFLAGS) \
+ $(botan_CFLAGS)
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-botan.la
+else
+plugin_LTLIBRARIES = libstrongswan-botan.la
+endif
+
+libstrongswan_botan_la_SOURCES = \
+ botan_plugin.h botan_plugin.c \
+ botan_rng.h botan_rng.c \
+ botan_hasher.h botan_hasher.c \
+ botan_hmac.h botan_hmac.c \
+ botan_crypter.h botan_crypter.c \
+ botan_rsa_public_key.h botan_rsa_public_key.c \
+ botan_rsa_private_key.h botan_rsa_private_key.c \
+ botan_diffie_hellman.h botan_diffie_hellman.c \
+ botan_ec_diffie_hellman.h botan_ec_diffie_hellman.c \
+ botan_ec_public_key.h botan_ec_public_key.c \
+ botan_ec_private_key.h botan_ec_private_key.c \
+ botan_util.h botan_util.c \
+ botan_util_keys.h botan_util_keys.c \
+ botan_gcm.h botan_gcm.c \
+ botan_x25519.h botan_x25519.c
+
+libstrongswan_botan_la_LDFLAGS = -module -avoid-version
+libstrongswan_botan_la_LIBADD = $(botan_LIBS)
diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libstrongswan/plugins/botan/Makefile.in
index faccb683e..533ba8340 100644
--- a/src/libimcv/plugins/imv_swid/Makefile.in
+++ b/src/libstrongswan/plugins/botan/Makefile.in
@@ -88,7 +88,7 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
-subdir = src/libimcv/plugins/imv_swid
+subdir = src/libstrongswan/plugins/botan
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/ltoptions.m4 \
@@ -134,22 +134,28 @@ am__uninstall_files_from_dir = { \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
-am__installdirs = "$(DESTDIR)$(imcvdir)"
-LTLIBRARIES = $(imcv_LTLIBRARIES)
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
am__DEPENDENCIES_1 =
-imv_swid_la_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(am__DEPENDENCIES_1)
-am_imv_swid_la_OBJECTS = imv_swid.lo imv_swid_state.lo \
- imv_swid_agent.lo
-imv_swid_la_OBJECTS = $(am_imv_swid_la_OBJECTS)
+libstrongswan_botan_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
+am_libstrongswan_botan_la_OBJECTS = botan_plugin.lo botan_rng.lo \
+ botan_hasher.lo botan_hmac.lo botan_crypter.lo \
+ botan_rsa_public_key.lo botan_rsa_private_key.lo \
+ botan_diffie_hellman.lo botan_ec_diffie_hellman.lo \
+ botan_ec_public_key.lo botan_ec_private_key.lo botan_util.lo \
+ botan_util_keys.lo botan_gcm.lo botan_x25519.lo
+libstrongswan_botan_la_OBJECTS = $(am_libstrongswan_botan_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
-imv_swid_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(imv_swid_la_LDFLAGS) $(LDFLAGS) -o $@
+libstrongswan_botan_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_botan_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_botan_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_botan_la_rpath =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -184,8 +190,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
-SOURCES = $(imv_swid_la_SOURCES)
-DIST_SOURCES = $(imv_swid_la_SOURCES)
+SOURCES = $(libstrongswan_botan_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_botan_la_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
@@ -311,7 +317,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +342,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +364,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +418,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,33 +446,45 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
AM_CPPFLAGS = \
- -I$(top_srcdir)/src/libstrongswan \
- -I$(top_srcdir)/src/libtncif \
- -I$(top_srcdir)/src/libtpmtss \
- -I$(top_srcdir)/src/libimcv
+ -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = \
- $(PLUGIN_CFLAGS) $(json_CFLAGS)
-
-imcv_LTLIBRARIES = imv-swid.la
-imv_swid_la_LIBADD = \
- $(top_builddir)/src/libimcv/libimcv.la \
- $(top_builddir)/src/libstrongswan/libstrongswan.la \
- $(json_LIBS)
-
-imv_swid_la_SOURCES = \
- imv_swid.c imv_swid_state.h imv_swid_state.c \
- imv_swid_agent.h imv_swid_agent.c
-
-imv_swid_la_LDFLAGS = -module -avoid-version -no-undefined
+ $(PLUGIN_CFLAGS) \
+ $(botan_CFLAGS)
+
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-botan.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-botan.la
+libstrongswan_botan_la_SOURCES = \
+ botan_plugin.h botan_plugin.c \
+ botan_rng.h botan_rng.c \
+ botan_hasher.h botan_hasher.c \
+ botan_hmac.h botan_hmac.c \
+ botan_crypter.h botan_crypter.c \
+ botan_rsa_public_key.h botan_rsa_public_key.c \
+ botan_rsa_private_key.h botan_rsa_private_key.c \
+ botan_diffie_hellman.h botan_diffie_hellman.c \
+ botan_ec_diffie_hellman.h botan_ec_diffie_hellman.c \
+ botan_ec_public_key.h botan_ec_public_key.c \
+ botan_ec_private_key.h botan_ec_private_key.c \
+ botan_util.h botan_util.c \
+ botan_util_keys.h botan_util_keys.c \
+ botan_gcm.h botan_gcm.c \
+ botan_x25519.h botan_x25519.c
+
+libstrongswan_botan_la_LDFLAGS = -module -avoid-version
+libstrongswan_botan_la_LIBADD = $(botan_LIBS)
all: all-am
.SUFFIXES:
@@ -483,9 +498,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
- echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile'; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/botan/Makefile'; \
$(am__cd) $(top_srcdir) && \
- $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/botan/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
@@ -504,33 +519,44 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
-install-imcvLTLIBRARIES: $(imcv_LTLIBRARIES)
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; \
+ locs=`for p in $$list; do echo $$p; done | \
+ sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
+ sort -u`; \
+ test -z "$$locs" || { \
+ echo rm -f $${locs}; \
+ rm -f $${locs}; \
+ }
+
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
@$(NORMAL_INSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
list2=; for p in $$list; do \
if test -f $$p; then \
list2="$$list2 $$p"; \
else :; fi; \
done; \
test -z "$$list2" || { \
- echo " $(MKDIR_P) '$(DESTDIR)$(imcvdir)'"; \
- $(MKDIR_P) "$(DESTDIR)$(imcvdir)" || exit 1; \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(imcvdir)'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(imcvdir)"; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
}
-uninstall-imcvLTLIBRARIES:
+uninstall-pluginLTLIBRARIES:
@$(NORMAL_UNINSTALL)
- @list='$(imcv_LTLIBRARIES)'; test -n "$(imcvdir)" || list=; \
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
for p in $$list; do \
$(am__strip_dir) \
- echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(imcvdir)/$$f'"; \
- $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(imcvdir)/$$f"; \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
done
-clean-imcvLTLIBRARIES:
- -test -z "$(imcv_LTLIBRARIES)" || rm -f $(imcv_LTLIBRARIES)
- @list='$(imcv_LTLIBRARIES)'; \
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; \
locs=`for p in $$list; do echo $$p; done | \
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
sort -u`; \
@@ -539,8 +565,8 @@ clean-imcvLTLIBRARIES:
rm -f $${locs}; \
}
-imv-swid.la: $(imv_swid_la_OBJECTS) $(imv_swid_la_DEPENDENCIES) $(EXTRA_imv_swid_la_DEPENDENCIES)
- $(AM_V_CCLD)$(imv_swid_la_LINK) -rpath $(imcvdir) $(imv_swid_la_OBJECTS) $(imv_swid_la_LIBADD) $(LIBS)
+libstrongswan-botan.la: $(libstrongswan_botan_la_OBJECTS) $(libstrongswan_botan_la_DEPENDENCIES) $(EXTRA_libstrongswan_botan_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libstrongswan_botan_la_LINK) $(am_libstrongswan_botan_la_rpath) $(libstrongswan_botan_la_OBJECTS) $(libstrongswan_botan_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -548,9 +574,21 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid_agent.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/imv_swid_state.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_crypter.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_diffie_hellman.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_ec_diffie_hellman.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_ec_private_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_ec_public_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_gcm.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_hasher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_rng.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_rsa_private_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_rsa_public_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_util.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_util_keys.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/botan_x25519.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@@ -668,7 +706,7 @@ check-am: all-am
check: check-am
all-am: Makefile $(LTLIBRARIES)
installdirs:
- for dir in "$(DESTDIR)$(imcvdir)"; do \
+ for dir in "$(DESTDIR)$(plugindir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
@@ -703,8 +741,8 @@ maintainer-clean-generic:
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
-clean-am: clean-generic clean-imcvLTLIBRARIES clean-libtool \
- mostlyclean-am
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
@@ -724,7 +762,7 @@ info: info-am
info-am:
-install-data-am: install-imcvLTLIBRARIES
+install-data-am: install-pluginLTLIBRARIES
install-dvi: install-dvi-am
@@ -770,24 +808,24 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-imcvLTLIBRARIES
+uninstall-am: uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
- clean-imcvLTLIBRARIES clean-libtool cscopelist-am ctags \
- ctags-am distclean distclean-compile distclean-generic \
- distclean-libtool distclean-tags distdir dvi dvi-am html \
- html-am info info-am install install-am install-data \
- install-data-am install-dvi install-dvi-am install-exec \
- install-exec-am install-html install-html-am \
- install-imcvLTLIBRARIES install-info install-info-am \
- install-man install-pdf install-pdf-am install-ps \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ cscopelist-am ctags ctags-am distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-pluginLTLIBRARIES install-ps \
install-ps-am install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
- uninstall-am uninstall-imcvLTLIBRARIES
+ uninstall-am uninstall-pluginLTLIBRARIES
.PRECIOUS: Makefile
diff --git a/src/libstrongswan/plugins/botan/botan_crypter.c b/src/libstrongswan/plugins/botan/botan_crypter.c
new file mode 100644
index 000000000..002be6ea8
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_crypter.c
@@ -0,0 +1,191 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Copyright (C) 2018 Tobias Hommel
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_crypter.h"
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_crypter_t private_botan_crypter_t;
+
+/**
+ * Private data of botan_crypter_t
+ */
+struct private_botan_crypter_t {
+
+ /**
+ * Public part of this class
+ */
+ botan_crypter_t public;
+
+ /**
+ * The key
+ */
+ chunk_t key;
+
+ /**
+ * The cipher name
+ */
+ const char* cipher_name;
+};
+
+/**
+ * Do the actual en/decryption
+ */
+static bool crypt(private_botan_crypter_t *this, chunk_t data, chunk_t iv,
+ chunk_t *dst, uint32_t init_flag)
+{
+ botan_cipher_t cipher;
+ size_t output_written = 0;
+ size_t input_consumed = 0;
+ uint8_t *in, *out;
+ bool success = FALSE;
+
+ in = data.ptr;
+ if (dst)
+ {
+ *dst = chunk_alloc(data.len);
+ out = dst->ptr;
+ }
+ else
+ {
+ out = data.ptr;
+ }
+
+ if (botan_cipher_init(&cipher, this->cipher_name, init_flag))
+ {
+ return FALSE;
+ }
+
+ if (!botan_cipher_set_key(cipher, this->key.ptr, this->key.len) &&
+ !botan_cipher_start(cipher, iv.ptr, iv.len) &&
+ !botan_cipher_update(cipher, BOTAN_CIPHER_UPDATE_FLAG_FINAL, out,
+ data.len, &output_written, in, data.len,
+ &input_consumed) &&
+ (output_written == input_consumed))
+ {
+ success = TRUE;
+ }
+
+ botan_cipher_destroy(cipher);
+ return success;
+}
+
+METHOD(crypter_t, decrypt, bool,
+ private_botan_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
+{
+ return crypt(this, data, iv, dst, BOTAN_CIPHER_INIT_FLAG_DECRYPT);
+}
+
+
+METHOD(crypter_t, encrypt, bool,
+ private_botan_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
+{
+ return crypt(this, data, iv, dst, BOTAN_CIPHER_INIT_FLAG_ENCRYPT);
+}
+
+METHOD(crypter_t, get_block_size, size_t,
+ private_botan_crypter_t *this)
+{
+ return AES_BLOCK_SIZE;
+}
+
+METHOD(crypter_t, get_iv_size, size_t,
+ private_botan_crypter_t *this)
+{
+ return AES_BLOCK_SIZE;
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_botan_crypter_t *this)
+{
+ return this->key.len;
+}
+
+METHOD(crypter_t, set_key, bool,
+ private_botan_crypter_t *this, chunk_t key)
+{
+ memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len));
+ return TRUE;
+}
+
+METHOD(crypter_t, destroy, void,
+ private_botan_crypter_t *this)
+{
+ chunk_clear(&this->key);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+botan_crypter_t *botan_crypter_create(encryption_algorithm_t algo,
+ size_t key_size)
+{
+ private_botan_crypter_t *this;
+
+ INIT(this,
+ .public = {
+ .crypter = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ switch (algo)
+ {
+ case ENCR_AES_CBC:
+ switch (key_size)
+ {
+ case 16:
+ /* AES 128 */
+ this->cipher_name = "AES-128/CBC/NoPadding";
+ break;
+ case 24:
+ /* AES-192 */
+ this->cipher_name = "AES-192/CBC/NoPadding";
+ break;
+ case 32:
+ /* AES-256 */
+ this->cipher_name = "AES-256/CBC/NoPadding";
+ break;
+ default:
+ free(this);
+ return NULL;
+ }
+ break;
+ default:
+ free(this);
+ return NULL;
+ }
+
+ this->key = chunk_alloc(key_size);
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/botan/botan_crypter.h b/src/libstrongswan/plugins/botan/botan_crypter.h
new file mode 100644
index 000000000..246904a5f
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_crypter.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_crypter botan_crypter
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_CRYPTER_H_
+#define BOTAN_CRYPTER_H_
+
+typedef struct botan_crypter_t botan_crypter_t;
+
+#include <crypto/crypters/crypter.h>
+
+/**
+ * Implementation of crypters using Botan.
+ */
+struct botan_crypter_t {
+
+ /**
+ * Implements crypter_t interface.
+ */
+ crypter_t crypter;
+};
+
+/**
+ * Constructor to create botan_crypter_t.
+ *
+ * @param algo algorithm to implement
+ * @param key_size key size in bytes
+ * @return botan_crypter_t, NULL if not supported
+ */
+botan_crypter_t *botan_crypter_create(encryption_algorithm_t algo,
+ size_t key_size);
+
+#endif /** BOTAN_CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_diffie_hellman.c b/src/libstrongswan/plugins/botan/botan_diffie_hellman.c
new file mode 100644
index 000000000..a55711d1b
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_diffie_hellman.c
@@ -0,0 +1,245 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_diffie_hellman.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_DIFFIE_HELLMAN
+
+#include "botan_util.h"
+
+#include <botan/ffi.h>
+
+#include <utils/debug.h>
+
+typedef struct private_botan_diffie_hellman_t private_botan_diffie_hellman_t;
+
+/**
+ * Private data of an botan_diffie_hellman_t object.
+ */
+struct private_botan_diffie_hellman_t {
+
+ /**
+ * Public botan_diffie_hellman_t interface
+ */
+ botan_diffie_hellman_t public;
+
+ /**
+ * Diffie Hellman group number
+ */
+ diffie_hellman_group_t group;
+
+ /**
+ * Private key
+ */
+ botan_privkey_t dh_key;
+
+ /**
+ * Diffie hellman shared secret
+ */
+ chunk_t shared_secret;
+
+ /**
+ * Generator value
+ */
+ botan_mp_t g;
+
+ /**
+ * Modulus
+ */
+ botan_mp_t p;
+};
+
+/**
+ * Load a DH private key
+ */
+bool load_private_key(private_botan_diffie_hellman_t *this, chunk_t value)
+{
+ botan_mp_t xa;
+
+ if (!chunk_to_botan_mp(value, &xa))
+ {
+ return FALSE;
+ }
+
+ if (botan_privkey_destroy(this->dh_key) ||
+ botan_privkey_load_dh(&this->dh_key, this->p, this->g, xa))
+ {
+ botan_mp_destroy(xa);
+ return FALSE;
+ }
+ botan_mp_destroy(xa);
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, set_other_public_value, bool,
+ private_botan_diffie_hellman_t *this, chunk_t value)
+{
+ if (!diffie_hellman_verify_value(this->group, value))
+ {
+ return FALSE;
+ }
+
+ chunk_clear(&this->shared_secret);
+
+ return botan_dh_key_derivation(this->dh_key, value, &this->shared_secret);
+}
+
+METHOD(diffie_hellman_t, get_my_public_value, bool,
+ private_botan_diffie_hellman_t *this, chunk_t *value)
+{
+ *value = chunk_empty;
+
+ /* get key size of public key first */
+ if (botan_pk_op_key_agreement_export_public(this->dh_key, NULL, &value->len)
+ != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE)
+ {
+ return FALSE;
+ }
+
+ *value = chunk_alloc(value->len);
+ if (botan_pk_op_key_agreement_export_public(this->dh_key, value->ptr,
+ &value->len))
+ {
+ chunk_clear(value);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, set_private_value, bool,
+ private_botan_diffie_hellman_t *this, chunk_t value)
+{
+ chunk_clear(&this->shared_secret);
+ return load_private_key(this, value);
+}
+
+METHOD(diffie_hellman_t, get_shared_secret, bool,
+ private_botan_diffie_hellman_t *this, chunk_t *secret)
+{
+ if (!this->shared_secret.len)
+ {
+ return FALSE;
+ }
+ *secret = chunk_clone(this->shared_secret);
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_botan_diffie_hellman_t *this)
+{
+ return this->group;
+}
+
+METHOD(diffie_hellman_t, destroy, void,
+ private_botan_diffie_hellman_t *this)
+{
+ botan_mp_destroy(this->p);
+ botan_mp_destroy(this->g);
+ botan_privkey_destroy(this->dh_key);
+ chunk_clear(&this->shared_secret);
+ free(this);
+}
+
+/*
+ * Generic internal constructor
+ */
+static botan_diffie_hellman_t *create_generic(diffie_hellman_group_t group,
+ chunk_t g, chunk_t p, size_t exp_len)
+{
+ private_botan_diffie_hellman_t *this;
+ chunk_t random;
+ rng_t *rng;
+
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .set_private_value = _set_private_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ .group = group,
+ );
+
+ if (!chunk_to_botan_mp(p, &this->p))
+ {
+ destroy(this);
+ return NULL;
+ }
+
+ if (!chunk_to_botan_mp(g, &this->g))
+ {
+ destroy(this);
+ return NULL;
+ }
+
+ rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+ if (!rng || !rng->allocate_bytes(rng, exp_len, &random))
+ {
+ DESTROY_IF(rng);
+ destroy(this);
+ return NULL;
+ }
+ rng->destroy(rng);
+
+ if (!load_private_key(this, random))
+ {
+ chunk_clear(&random);
+ destroy(this);
+ return NULL;
+ }
+ chunk_clear(&random);
+ return &this->public;
+}
+
+/*
+ * Described in header.
+ */
+botan_diffie_hellman_t *botan_diffie_hellman_create(
+ diffie_hellman_group_t group, ...)
+{
+ diffie_hellman_params_t *params;
+ chunk_t g, p;
+
+ if (group == MODP_CUSTOM)
+ {
+ VA_ARGS_GET(group, g, p);
+ return create_generic(group, g, p, p.len);
+ }
+
+ params = diffie_hellman_get_params(group);
+ if (!params)
+ {
+ return NULL;
+ }
+ return create_generic(group, params->generator, params->prime,
+ params->exp_len);
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_diffie_hellman.h b/src/libstrongswan/plugins/botan/botan_diffie_hellman.h
new file mode 100644
index 000000000..84408229f
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_diffie_hellman.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_diffie_hellman botan_diffie_hellman
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_DIFFIE_HELLMAN_H_
+#define BOTAN_DIFFIE_HELLMAN_H_
+
+typedef struct botan_diffie_hellman_t botan_diffie_hellman_t;
+
+#include <crypto/diffie_hellman.h>
+
+/**
+ * Implementation of the Diffie-Hellman algorithm using Botan.
+ */
+struct botan_diffie_hellman_t {
+
+ /**
+ * Implements diffie_hellman_t interface.
+ */
+ diffie_hellman_t dh;
+};
+
+/**
+ * Creates a new botan_diffie_hellman_t object.
+ *
+ * @param group Diffie Hellman group number to use
+ * @param ... expects generator and prime as chunk_t if MODP_CUSTOM
+ * @return botan_diffie_hellman_t object,
+ * NULL if not supported
+ */
+botan_diffie_hellman_t *botan_diffie_hellman_create(
+ diffie_hellman_group_t group, ...);
+
+#endif /** BOTAN_DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c
new file mode 100644
index 000000000..ed28b4639
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.c
@@ -0,0 +1,226 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_ec_diffie_hellman.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_ECDH
+
+#include "botan_util.h"
+
+#include <utils/debug.h>
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_ec_diffie_hellman_t private_botan_ec_diffie_hellman_t;
+
+/**
+ * Private data of a botan_ec_diffie_hellman_t object.
+ */
+struct private_botan_ec_diffie_hellman_t {
+
+ /**
+ * Public interface
+ */
+ botan_ec_diffie_hellman_t public;
+
+ /**
+ * Diffie Hellman group
+ */
+ diffie_hellman_group_t group;
+
+ /**
+ * EC curve name
+ */
+ const char* curve_name;
+
+ /**
+ * EC private key
+ */
+ botan_privkey_t key;
+
+ /**
+ * Shared secret
+ */
+ chunk_t shared_secret;
+};
+
+METHOD(diffie_hellman_t, set_other_public_value, bool,
+ private_botan_ec_diffie_hellman_t *this, chunk_t value)
+{
+ if (!diffie_hellman_verify_value(this->group, value))
+ {
+ return FALSE;
+ }
+
+ chunk_clear(&this->shared_secret);
+
+ /* prepend 0x04 to indicate uncompressed point format */
+ value = chunk_cata("cc", chunk_from_chars(0x04), value);
+
+ return botan_dh_key_derivation(this->key, value, &this->shared_secret);
+}
+
+METHOD(diffie_hellman_t, get_my_public_value, bool,
+ private_botan_ec_diffie_hellman_t *this, chunk_t *value)
+{
+ chunk_t pkey = chunk_empty;
+
+ if (botan_pk_op_key_agreement_export_public(this->key, NULL, &pkey.len)
+ != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE)
+ {
+ return FALSE;
+ }
+
+ pkey = chunk_alloca(pkey.len);
+ if (botan_pk_op_key_agreement_export_public(this->key, pkey.ptr, &pkey.len))
+ {
+ return FALSE;
+ }
+
+ /* skip 0x04 byte prepended by botan */
+ *value = chunk_clone(chunk_skip(pkey, 1));
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, set_private_value, bool,
+ private_botan_ec_diffie_hellman_t *this, chunk_t value)
+{
+ botan_mp_t scalar;
+
+ chunk_clear(&this->shared_secret);
+
+ if (!chunk_to_botan_mp(value, &scalar))
+ {
+ return FALSE;
+ }
+
+ if (botan_privkey_destroy(this->key))
+ {
+ botan_mp_destroy(scalar);
+ return FALSE;
+ }
+
+ if (botan_privkey_load_ecdh(&this->key, scalar, this->curve_name))
+ {
+ botan_mp_destroy(scalar);
+ return FALSE;
+ }
+
+ botan_mp_destroy(scalar);
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, get_shared_secret, bool,
+ private_botan_ec_diffie_hellman_t *this, chunk_t *secret)
+{
+ if (!this->shared_secret.len)
+ {
+ return FALSE;
+ }
+ *secret = chunk_clone(this->shared_secret);
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_botan_ec_diffie_hellman_t *this)
+{
+ return this->group;
+}
+
+METHOD(diffie_hellman_t, destroy, void,
+ private_botan_ec_diffie_hellman_t *this)
+{
+ botan_privkey_destroy(this->key);
+ chunk_clear(&this->shared_secret);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+botan_ec_diffie_hellman_t *botan_ec_diffie_hellman_create(
+ diffie_hellman_group_t group)
+{
+ private_botan_ec_diffie_hellman_t *this;
+ botan_rng_t rng;
+
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .set_private_value = _set_private_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ .group = group,
+ );
+
+ switch (group)
+ {
+ case ECP_256_BIT:
+ this->curve_name = "secp256r1";
+ break;
+ case ECP_384_BIT:
+ this->curve_name = "secp384r1";
+ break;
+ case ECP_521_BIT:
+ this->curve_name = "secp521r1";
+ break;
+ case ECP_256_BP:
+ this->curve_name = "brainpool256r1";
+ break;
+ case ECP_384_BP:
+ this->curve_name = "brainpool384r1";
+ break;
+ case ECP_512_BP:
+ this->curve_name = "brainpool512r1";
+ break;
+ default:
+ free(this);
+ return NULL;
+ }
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ free(this);
+ return NULL;
+ }
+
+ if (botan_privkey_create_ecdh(&this->key, rng, this->curve_name))
+ {
+ DBG1(DBG_LIB, "ECDH private key generation failed");
+ botan_rng_destroy(rng);
+ free(this);
+ return NULL;
+ }
+
+ botan_rng_destroy(rng);
+ return &this->public;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.h b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.h
new file mode 100644
index 000000000..0ba832ed3
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_ec_diffie_hellman.h
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_ec_diffie_hellman botan_ec_diffie_hellman
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_EC_DIFFIE_HELLMAN_H_
+#define BOTAN_EC_DIFFIE_HELLMAN_H_
+
+typedef struct botan_ec_diffie_hellman_t botan_ec_diffie_hellman_t;
+
+#include <library.h>
+
+/**
+ * Implementation of the EC Diffie-Hellman algorithm using Botan.
+ */
+struct botan_ec_diffie_hellman_t {
+
+ /**
+ * Implements diffie_hellman_t interface.
+ */
+ diffie_hellman_t dh;
+};
+
+/**
+ * Creates a new botan_ec_diffie_hellman_t object.
+ *
+ * @param group EC Diffie Hellman group number to use
+ * @return botan_ec_diffie_hellman_t object, NULL if not supported
+ */
+botan_ec_diffie_hellman_t *botan_ec_diffie_hellman_create(
+ diffie_hellman_group_t group);
+
+#endif /** BOTAN_EC_DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_ec_private_key.c b/src/libstrongswan/plugins/botan/botan_ec_private_key.c
new file mode 100644
index 000000000..f8dbb66d7
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_ec_private_key.c
@@ -0,0 +1,452 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+
+#include "botan_ec_private_key.h"
+#include "botan_ec_public_key.h"
+#include "botan_util.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_ECDSA
+
+#include <asn1/asn1.h>
+#include <asn1/oid.h>
+
+#include <utils/debug.h>
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_ec_private_key_t private_botan_ec_private_key_t;
+
+/**
+ * Private data of a botan_ec_private_key_t object.
+ */
+struct private_botan_ec_private_key_t {
+
+ /**
+ * Public interface
+ */
+ botan_ec_private_key_t public;
+
+ /**
+ * Botan ec private key
+ */
+ botan_privkey_t key;
+
+ /**
+ * OID of the curve
+ */
+ int oid;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+#define SIG_FORMAT_IEEE_1363 0
+#define SIG_FORMAT_DER_SEQUENCE 1
+
+/**
+ * Build a DER encoded signature as in RFC 3279 or as in RFC 4754
+ */
+static bool build_signature(botan_privkey_t key, const char *hash_and_padding,
+ int signature_format, chunk_t data,
+ chunk_t *signature)
+{
+ if (!botan_get_signature(key, hash_and_padding, data, signature))
+ {
+ return FALSE;
+ }
+
+ if (signature_format == SIG_FORMAT_DER_SEQUENCE)
+ {
+ /* format as ASN.1 sequence of two integers r,s */
+ chunk_t r = chunk_empty, s = chunk_empty;
+
+ chunk_split(*signature, "aa", signature->len / 2, &r,
+ signature->len / 2, &s);
+
+ chunk_free(signature);
+ *signature = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_integer("m", r),
+ asn1_integer("m", s));
+ }
+ return TRUE;
+}
+
+METHOD(private_key_t, sign, bool,
+ private_botan_ec_private_key_t *this, signature_scheme_t scheme,
+ void *params, chunk_t data, chunk_t *signature)
+{
+ switch (scheme)
+ {
+ /* r||s -> Botan::IEEE_1363, data is the hash already */
+ case SIGN_ECDSA_WITH_NULL:
+ return build_signature(this->key, "Raw",
+ SIG_FORMAT_IEEE_1363, data, signature);
+ /* DER SEQUENCE of two INTEGERS r,s -> Botan::DER_SEQUENCE */
+ case SIGN_ECDSA_WITH_SHA1_DER:
+ return build_signature(this->key, "EMSA1(SHA-1)",
+ SIG_FORMAT_DER_SEQUENCE, data, signature);
+ case SIGN_ECDSA_WITH_SHA256_DER:
+ return build_signature(this->key, "EMSA1(SHA-256)",
+ SIG_FORMAT_DER_SEQUENCE, data, signature);
+ case SIGN_ECDSA_WITH_SHA384_DER:
+ return build_signature(this->key, "EMSA1(SHA-384)",
+ SIG_FORMAT_DER_SEQUENCE, data, signature);
+ case SIGN_ECDSA_WITH_SHA512_DER:
+ return build_signature(this->key, "EMSA1(SHA-512)",
+ SIG_FORMAT_DER_SEQUENCE, data, signature);
+ /* r||s -> Botan::IEEE_1363 */
+ case SIGN_ECDSA_256:
+ return build_signature(this->key, "EMSA1(SHA-256)",
+ SIG_FORMAT_IEEE_1363, data, signature);
+ case SIGN_ECDSA_384:
+ return build_signature(this->key, "EMSA1(SHA-384)",
+ SIG_FORMAT_IEEE_1363, data, signature);
+ case SIGN_ECDSA_521:
+ return build_signature(this->key, "EMSA1(SHA-512)",
+ SIG_FORMAT_IEEE_1363, data, signature);
+ default:
+ DBG1(DBG_LIB, "signature scheme %N not supported via botan",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+}
+
+METHOD(private_key_t, decrypt, bool,
+ private_botan_ec_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
+{
+ DBG1(DBG_LIB, "EC private key decryption not implemented");
+ return FALSE;
+}
+
+METHOD(private_key_t, get_keysize, int,
+ private_botan_ec_private_key_t *this)
+{
+ botan_mp_t p;
+ size_t bits = 0;
+
+ if (botan_mp_init(&p))
+ {
+ return 0;
+ }
+
+ if (botan_privkey_get_field(p, this->key, "p") ||
+ botan_mp_num_bits(p, &bits))
+ {
+ botan_mp_destroy(p);
+ return 0;
+ }
+
+ botan_mp_destroy(p);
+ return bits;
+}
+
+METHOD(private_key_t, get_type, key_type_t,
+ private_botan_ec_private_key_t *this)
+{
+ return KEY_ECDSA;
+}
+
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_botan_ec_private_key_t *this)
+{
+ botan_pubkey_t pubkey;
+
+ if (botan_privkey_export_pubkey(&pubkey, this->key))
+ {
+ return NULL;
+ }
+ return (public_key_t*)botan_ec_public_key_adopt(pubkey);
+}
+
+METHOD(private_key_t, get_fingerprint, bool,
+ private_botan_ec_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
+{
+ botan_pubkey_t pubkey;
+ bool success = FALSE;
+
+ /* check the cache before doing the export */
+ if (lib->encoding->get_cache(lib->encoding, type, this, fingerprint))
+ {
+ return TRUE;
+ }
+
+ if (botan_privkey_export_pubkey(&pubkey, this->key))
+ {
+ return FALSE;
+ }
+ success = botan_get_fingerprint(pubkey, this, type, fingerprint);
+ botan_pubkey_destroy(pubkey);
+ return success;
+}
+
+METHOD(private_key_t, get_encoding, bool,
+ private_botan_ec_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ return botan_get_privkey_encoding(this->key, type, encoding);
+}
+
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_botan_ec_private_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.key;
+}
+
+METHOD(private_key_t, destroy, void,
+ private_botan_ec_private_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ lib->encoding->clear_cache(lib->encoding, this);
+ botan_privkey_destroy(this->key);
+ free(this);
+ }
+}
+
+/**
+ * Internal generic constructor
+ */
+static private_botan_ec_private_key_t *create_empty(int oid)
+{
+ private_botan_ec_private_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .oid = oid,
+ .ref = 1,
+ );
+
+ return this;
+}
+
+/*
+ * Described in header
+ */
+botan_ec_private_key_t *botan_ec_private_key_adopt(botan_privkey_t key, int oid)
+{
+ private_botan_ec_private_key_t *this;
+
+ this = create_empty(oid);
+ this->key = key;
+
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+botan_ec_private_key_t *botan_ec_private_key_gen(key_type_t type, va_list args)
+{
+ private_botan_ec_private_key_t *this;
+ botan_rng_t rng;
+ u_int key_size = 0;
+ int oid;
+ const char *curve;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_KEY_SIZE:
+ key_size = va_arg(args, u_int);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ if (!key_size)
+ {
+ return NULL;
+ }
+
+ switch (key_size)
+ {
+ case 256:
+ curve = "secp256r1";
+ oid = OID_PRIME256V1;
+ break;
+ case 384:
+ curve = "secp384r1";
+ oid = OID_SECT384R1;
+ break;
+ case 521:
+ curve = "secp521r1";
+ oid = OID_SECT521R1;
+ break;
+ default:
+ DBG1(DBG_LIB, "EC private key size %d not supported via botan",
+ key_size);
+ return NULL;
+ }
+
+ if (botan_rng_init(&rng, "system"))
+ {
+ return NULL;
+ }
+
+ this = create_empty(oid);
+
+ if (botan_privkey_create_ecdsa(&this->key, rng, curve))
+ {
+ DBG1(DBG_LIB, "EC private key generation failed");
+ botan_rng_destroy(rng);
+ free(this);
+ return NULL;
+ }
+
+ botan_rng_destroy(rng);
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+botan_ec_private_key_t *botan_ec_private_key_load(key_type_t type, va_list args)
+{
+ private_botan_ec_private_key_t *this;
+ chunk_t params = chunk_empty, key = chunk_empty;
+ chunk_t alg_id = chunk_empty, pkcs8 = chunk_empty;
+ botan_rng_t rng;
+ int oid = OID_UNKNOWN;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_BLOB_ALGID_PARAMS:
+ params = va_arg(args, chunk_t);
+ continue;
+ case BUILD_BLOB_ASN1_DER:
+ key = va_arg(args, chunk_t);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ /*
+ * Botan expects a PKCS#8 private key, so we build one, if necessary.
+ * RFC 5480 mandates ECParameters as part of the algorithmIdentifier, which
+ * we should get from e.g. the pkcs8 plugin.
+ */
+ if (params.len != 0 && type == KEY_ECDSA)
+ {
+ /* if ECParameters is passed, just use it */
+ alg_id = asn1_algorithmIdentifier_params(OID_EC_PUBLICKEY,
+ chunk_clone(params));
+ if (asn1_unwrap(&params, &params) == ASN1_OID)
+ {
+ oid = asn1_known_oid(params);
+ }
+ }
+ else
+ {
+ /*
+ * no explicit ECParameters passed, try to extract them from the
+ * ECPrivateKey structure and create an algorithmIdentifier
+ */
+ chunk_t unwrap = key, inner;
+
+ if (asn1_unwrap(&unwrap, &unwrap) == ASN1_SEQUENCE &&
+ asn1_unwrap(&unwrap, &inner) == ASN1_INTEGER &&
+ asn1_parse_integer_uint64(inner) == 1 &&
+ asn1_unwrap(&unwrap, &inner) == ASN1_OCTET_STRING &&
+ asn1_unwrap(&unwrap, &inner) == ASN1_CONTEXT_C_0 &&
+ asn1_unwrap(&inner, &inner) == ASN1_OID)
+ {
+ oid = asn1_known_oid(inner);
+ if (oid != OID_UNKNOWN)
+ {
+ alg_id = asn1_algorithmIdentifier_params(OID_EC_PUBLICKEY,
+ asn1_simple_object(ASN1_OID, inner));
+ }
+ }
+ }
+
+ if (oid == OID_UNKNOWN)
+ {
+ chunk_free(&alg_id);
+ return NULL;
+ }
+
+ pkcs8 = asn1_wrap(ASN1_SEQUENCE, "mms",
+ asn1_integer("c", chunk_from_chars(0x00)),
+ alg_id,
+ asn1_wrap(ASN1_OCTET_STRING, "c", key));
+
+ this = create_empty(oid);
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ chunk_clear(&pkcs8);
+ free(this);
+ return NULL;
+ }
+
+ if (botan_privkey_load(&this->key, rng, pkcs8.ptr, pkcs8.len, NULL))
+ {
+ chunk_clear(&pkcs8);
+ botan_rng_destroy(rng);
+ free(this);
+ return NULL;
+ }
+
+ chunk_clear(&pkcs8);
+ botan_rng_destroy(rng);
+ return &this->public;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_ec_private_key.h b/src/libstrongswan/plugins/botan/botan_ec_private_key.h
new file mode 100644
index 000000000..2b9686ceb
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_ec_private_key.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_ec_private_key botan_ec_private_key
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_EC_PRIVATE_KEY_H_
+#define BOTAN_EC_PRIVATE_KEY_H_
+
+#include <botan/ffi.h>
+
+#include <credentials/builder.h>
+#include <credentials/keys/private_key.h>
+
+typedef struct botan_ec_private_key_t botan_ec_private_key_t;
+
+/**
+ * private_key_t implementation of ECDSA using Botan.
+ */
+struct botan_ec_private_key_t {
+
+ /**
+ * Implements private_key_t interface
+ */
+ private_key_t key;
+};
+
+/**
+ * Generate a ECDSA private key using Botan.
+ *
+ * Accepts the BUILD_KEY_SIZE argument.
+ *
+ * @param type type of the key, must be KEY_ECDSA
+ * @param args builder_part_t argument list
+ * @return generated key, NULL on failure
+ */
+botan_ec_private_key_t *botan_ec_private_key_gen(key_type_t type, va_list args);
+
+/**
+ * Load a ECDSA private key using Botan.
+ *
+ * Accepts a BUILD_BLOB_ASN1_DER argument.
+ *
+ * @param type type of the key, must be KEY_ECDSA
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+botan_ec_private_key_t *botan_ec_private_key_load(key_type_t type,
+ va_list args);
+
+/**
+ * Load a ECDSA private key by adopting a botan_privkey_t object.
+ *
+ * @param key private key object (adopted)
+ * @param oid EC curve OID
+ * @return loaded key, NULL on failure
+ */
+botan_ec_private_key_t *botan_ec_private_key_adopt(botan_privkey_t key,
+ int oid);
+
+#endif /** BOTAN_EC_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_ec_public_key.c b/src/libstrongswan/plugins/botan/botan_ec_public_key.c
new file mode 100644
index 000000000..4c85dbcec
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_ec_public_key.c
@@ -0,0 +1,277 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_ec_public_key.h"
+#include "botan_util.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_ECDSA
+
+#include <asn1/asn1.h>
+#include <asn1/asn1_parser.h>
+
+#include <utils/debug.h>
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_ec_public_key_t private_botan_ec_public_key_t;
+
+/**
+ * Private data structure with signing context.
+ */
+struct private_botan_ec_public_key_t {
+
+ /**
+ * Public interface for this signer
+ */
+ botan_ec_public_key_t public;
+
+ /**
+ * Botan ec public key
+ */
+ botan_pubkey_t key;
+
+ /**
+ * Reference counter
+ */
+ refcount_t ref;
+};
+
+#define SIG_FORMAT_IEEE_1363 0
+#define SIG_FORMAT_DER_SEQUENCE 1
+
+/**
+ * Verification of a DER encoded signature as in RFC 3279 or as in RFC 4754
+ */
+static bool verify_signature(private_botan_ec_public_key_t *this,
+ const char* hash_and_padding, int signature_format, size_t keylen,
+ chunk_t data, chunk_t signature)
+{
+ botan_pk_op_verify_t verify_op;
+ chunk_t sig = signature;
+ bool valid = FALSE;
+
+ if (signature_format == SIG_FORMAT_DER_SEQUENCE)
+ {
+ /*
+ * botan requires a signature in IEEE 1363 format (r||s)
+ * re-encode from ASN.1 sequence of two integers r,s
+ */
+ chunk_t parse = signature, r, s;
+
+ if (asn1_unwrap(&parse, &parse) != ASN1_SEQUENCE ||
+ asn1_unwrap(&parse, &r) != ASN1_INTEGER ||
+ asn1_unwrap(&parse, &s) != ASN1_INTEGER)
+ {
+ return FALSE;
+ }
+
+ r = chunk_skip_zero(r);
+ s = chunk_skip_zero(s);
+
+ /*
+ * r and s must be of size m_order.bytes()/2 each
+ */
+ if (r.len > keylen || s.len > keylen)
+ {
+ return FALSE;
+ }
+
+ sig = chunk_alloca(2 * keylen);
+ memset(sig.ptr, 0, sig.len);
+ memcpy(sig.ptr + (keylen - r.len), r.ptr, r.len);
+ memcpy(sig.ptr + keylen + (keylen - s.len), s.ptr, s.len);
+ }
+
+ if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0))
+ {
+ return FALSE;
+ }
+
+ if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
+ {
+ botan_pk_op_verify_destroy(verify_op);
+ return FALSE;
+ }
+
+ valid = !(botan_pk_op_verify_finish(verify_op, sig.ptr, sig.len));
+
+ botan_pk_op_verify_destroy(verify_op);
+ return valid;
+}
+
+METHOD(public_key_t, get_type, key_type_t,
+ private_botan_ec_public_key_t *this)
+{
+ return KEY_ECDSA;
+}
+
+METHOD(public_key_t, get_keysize, int,
+ private_botan_ec_public_key_t *this)
+{
+ botan_mp_t p;
+ size_t bits = 0;
+
+ if (botan_mp_init(&p))
+ {
+ return 0;
+ }
+
+ if (botan_pubkey_get_field(p, this->key, "p") ||
+ botan_mp_num_bits(p, &bits))
+ {
+ botan_mp_destroy(p);
+ return 0;
+ }
+
+ botan_mp_destroy(p);
+ return bits;
+}
+
+METHOD(public_key_t, verify, bool,
+ private_botan_ec_public_key_t *this, signature_scheme_t scheme,
+ void *params, chunk_t data, chunk_t signature)
+{
+ size_t keylen = (get_keysize(this) + 7) / 8;
+ const char *hash_and_padding;
+ int sig_format;
+
+ switch (scheme)
+ {
+ /* r||s -> Botan::IEEE_1363, data is the hash already */
+ case SIGN_ECDSA_WITH_NULL:
+ hash_and_padding = "Raw";
+ sig_format = SIG_FORMAT_IEEE_1363;
+ break;
+ /* DER SEQUENCE of two INTEGERS r,s -> Botan::DER_SEQUENCE */
+ case SIGN_ECDSA_WITH_SHA1_DER:
+ hash_and_padding = "EMSA1(SHA-1)";
+ sig_format = SIG_FORMAT_DER_SEQUENCE;
+ break;
+ case SIGN_ECDSA_WITH_SHA256_DER:
+ hash_and_padding = "EMSA1(SHA-256)";
+ sig_format = SIG_FORMAT_DER_SEQUENCE;
+ break;
+ case SIGN_ECDSA_WITH_SHA384_DER:
+ hash_and_padding = "EMSA1(SHA-384)";
+ sig_format = SIG_FORMAT_DER_SEQUENCE;
+ break;
+ case SIGN_ECDSA_WITH_SHA512_DER:
+ hash_and_padding = "EMSA1(SHA-512)";
+ sig_format = SIG_FORMAT_DER_SEQUENCE;
+ break;
+ /* r||s -> Botan::IEEE_1363 */
+ case SIGN_ECDSA_256:
+ hash_and_padding = "EMSA1(SHA-256)";
+ sig_format = SIG_FORMAT_IEEE_1363;
+ break;
+ case SIGN_ECDSA_384:
+ hash_and_padding = "EMSA1(SHA-384)";
+ sig_format = SIG_FORMAT_IEEE_1363;
+ break;
+ case SIGN_ECDSA_521:
+ hash_and_padding = "EMSA1(SHA-512)";
+ sig_format = SIG_FORMAT_IEEE_1363;
+ break;
+ default:
+ DBG1(DBG_LIB, "signature scheme %N not supported via botan",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+
+ return verify_signature(this, hash_and_padding,
+ sig_format, keylen, data, signature);
+}
+
+METHOD(public_key_t, encrypt, bool,
+ private_botan_ec_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
+{
+ DBG1(DBG_LIB, "EC public key encryption not implemented");
+ return FALSE;
+}
+
+METHOD(public_key_t, get_fingerprint, bool,
+ private_botan_ec_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
+{
+ return botan_get_fingerprint(this->key, this, type, fingerprint);
+}
+
+METHOD(public_key_t, get_encoding, bool,
+ private_botan_ec_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ return botan_get_encoding(this->key, type, encoding);
+}
+
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_botan_ec_public_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.key;
+}
+
+METHOD(public_key_t, destroy, void,
+ private_botan_ec_public_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ lib->encoding->clear_cache(lib->encoding, this);
+ botan_pubkey_destroy(this->key);
+ free(this);
+ }
+}
+
+/*
+ * Described in header
+ */
+botan_ec_public_key_t *botan_ec_public_key_adopt(botan_pubkey_t key)
+{
+ private_botan_ec_public_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt,
+ .get_keysize = _get_keysize,
+ .equals = public_key_equals,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .key = key,
+ .ref = 1,
+ );
+
+ return &this->public;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_ec_public_key.h b/src/libstrongswan/plugins/botan/botan_ec_public_key.h
new file mode 100644
index 000000000..ddb3d5b04
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_ec_public_key.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#ifndef BOTAN_EC_PUBLIC_KEY_H_
+#define BOTAN_EC_PUBLIC_KEY_H_
+
+#include <botan/ffi.h>
+
+#include <credentials/builder.h>
+#include <credentials/keys/public_key.h>
+
+typedef struct botan_ec_public_key_t botan_ec_public_key_t;
+
+/**
+ * public_key_t implementation of ECDSA using botan.
+ */
+struct botan_ec_public_key_t {
+
+ /**
+ * Implements the public_key_t interface
+ */
+ public_key_t key;
+};
+
+/**
+ * Load a ECDSA public key by adopting a botan_pubkey_t object.
+ *
+ * @param key public key object (adopted)
+ * @return loaded key, NULL on failure
+ */
+botan_ec_public_key_t *botan_ec_public_key_adopt(botan_pubkey_t key);
+
+#endif /** BOTAN_EC_PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_gcm.c b/src/libstrongswan/plugins/botan/botan_gcm.c
new file mode 100644
index 000000000..7e0fc1468
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_gcm.c
@@ -0,0 +1,333 @@
+/*
+ * Copyright (C) 2018 Atanas Filyanov
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_gcm.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_AES
+#ifdef BOTAN_HAS_AEAD_GCM
+
+#include <crypto/iv/iv_gen_seq.h>
+
+#include <botan/ffi.h>
+
+/**
+ * as defined in RFC 4106
+ */
+#define IV_LEN 8
+#define SALT_LEN 4
+#define NONCE_LEN (IV_LEN + SALT_LEN)
+
+typedef struct private_aead_t private_aead_t;
+
+struct private_aead_t {
+
+ /**
+ * Public interface
+ */
+ aead_t public;
+
+ /**
+ * The encryption key
+ */
+ chunk_t key;
+
+ /**
+ * Salt value
+ */
+ char salt[SALT_LEN];
+
+ /**
+ * Size of the integrity check value
+ */
+ size_t icv_size;
+
+ /**
+ * IV generator
+ */
+ iv_gen_t *iv_gen;
+
+ /**
+ * The cipher to use
+ */
+ const char* cipher_name;
+};
+
+/**
+ * Do the actual en/decryption
+ */
+static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv,
+ u_char *out, uint32_t init_flag)
+{
+ botan_cipher_t cipher;
+ uint8_t nonce[NONCE_LEN];
+ size_t output_written = 0, input_consumed = 0;
+
+ memcpy(nonce, this->salt, SALT_LEN);
+ memcpy(nonce + SALT_LEN, iv.ptr, IV_LEN);
+
+ if (botan_cipher_init(&cipher, this->cipher_name, init_flag))
+ {
+ return FALSE;
+ }
+
+ if (botan_cipher_set_key(cipher, this->key.ptr, this->key.len))
+ {
+ botan_cipher_destroy(cipher);
+ return FALSE;
+ }
+
+ if (assoc.len &&
+ botan_cipher_set_associated_data(cipher, assoc.ptr, assoc.len))
+ {
+ botan_cipher_destroy(cipher);
+ return FALSE;
+ }
+
+ if (botan_cipher_start(cipher, nonce, NONCE_LEN))
+ {
+ botan_cipher_destroy(cipher);
+ return FALSE;
+ }
+
+ if (init_flag == BOTAN_CIPHER_INIT_FLAG_ENCRYPT)
+ {
+ if (botan_cipher_update(cipher, BOTAN_CIPHER_UPDATE_FLAG_FINAL,
+ out, data.len + this->icv_size, &output_written,
+ data.ptr, data.len, &input_consumed))
+ {
+ botan_cipher_destroy(cipher);
+ return FALSE;
+ }
+ }
+ else if (init_flag == BOTAN_CIPHER_INIT_FLAG_DECRYPT)
+ {
+ if (botan_cipher_update(cipher, BOTAN_CIPHER_UPDATE_FLAG_FINAL,
+ out, data.len, &output_written, data.ptr,
+ data.len + this->icv_size, &input_consumed))
+ {
+ botan_cipher_destroy(cipher);
+ return FALSE;
+ }
+ }
+
+ botan_cipher_destroy(cipher);
+
+ return TRUE;
+}
+
+METHOD(aead_t, encrypt, bool,
+ private_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv,
+ chunk_t *encrypted)
+{
+ u_char *out;
+
+ out = plain.ptr;
+ if (encrypted)
+ {
+ *encrypted = chunk_alloc(plain.len + this->icv_size);
+ out = encrypted->ptr;
+ }
+ return crypt(this, plain, assoc, iv, out, BOTAN_CIPHER_INIT_FLAG_ENCRYPT);
+}
+
+METHOD(aead_t, decrypt, bool,
+ private_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv,
+ chunk_t *plain)
+{
+ u_char *out;
+
+ if (encrypted.len < this->icv_size)
+ {
+ return FALSE;
+ }
+ encrypted.len -= this->icv_size;
+
+ out = encrypted.ptr;
+ if (plain)
+ {
+ *plain = chunk_alloc(encrypted.len);
+ out = plain->ptr;
+ }
+ return crypt(this, encrypted, assoc, iv, out,
+ BOTAN_CIPHER_INIT_FLAG_DECRYPT);
+}
+
+METHOD(aead_t, get_block_size, size_t,
+ private_aead_t *this)
+{
+ return 1;
+}
+
+METHOD(aead_t, get_icv_size, size_t,
+ private_aead_t *this)
+{
+ return this->icv_size;
+}
+
+METHOD(aead_t, get_iv_size, size_t,
+ private_aead_t *this)
+{
+ return IV_LEN;
+}
+
+METHOD(aead_t, get_iv_gen, iv_gen_t*,
+ private_aead_t *this)
+{
+ return this->iv_gen;
+}
+
+METHOD(aead_t, get_key_size, size_t,
+ private_aead_t *this)
+{
+ return this->key.len + SALT_LEN;
+}
+
+METHOD(aead_t, set_key, bool,
+ private_aead_t *this, chunk_t key)
+{
+ if (key.len != get_key_size(this))
+ {
+ return FALSE;
+ }
+ memcpy(this->salt, key.ptr + key.len - SALT_LEN, SALT_LEN);
+ memcpy(this->key.ptr, key.ptr, this->key.len);
+ return TRUE;
+}
+
+METHOD(aead_t, destroy, void,
+ private_aead_t *this)
+{
+ chunk_clear(&this->key);
+ this->iv_gen->destroy(this->iv_gen);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+aead_t *botan_gcm_create(encryption_algorithm_t algo, size_t key_size,
+ size_t salt_size)
+{
+ private_aead_t *this;
+
+ INIT(this,
+ .public = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_icv_size = _get_icv_size,
+ .get_iv_size = _get_iv_size,
+ .get_iv_gen = _get_iv_gen,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ );
+
+ if (salt_size && salt_size != SALT_LEN)
+ {
+ /* currently not supported */
+ free(this);
+ return NULL;
+ }
+
+ switch (algo)
+ {
+ case ENCR_AES_GCM_ICV8:
+ switch (key_size)
+ {
+ case 0:
+ key_size = 16;
+ /* FALL */
+ case 16:
+ this->cipher_name = "AES-128/GCM(8)";
+ break;
+ case 24:
+ this->cipher_name = "AES-192/GCM(8)";
+ break;
+ case 32:
+ this->cipher_name = "AES-256/GCM(8)";
+ break;
+ default:
+ free(this);
+ return NULL;
+ }
+ this->icv_size = 8;
+ break;
+ case ENCR_AES_GCM_ICV12:
+ switch (key_size)
+ {
+ case 0:
+ key_size = 16;
+ /* FALL */
+ case 16:
+ this->cipher_name = "AES-128/GCM(12)";
+ break;
+ case 24:
+ this->cipher_name = "AES-192/GCM(12)";
+ break;
+ case 32:
+ this->cipher_name = "AES-256/GCM(12)";
+ break;
+ default:
+ free(this);
+ return NULL;
+ }
+ this->icv_size = 12;
+ break;
+ case ENCR_AES_GCM_ICV16:
+ switch (key_size)
+ {
+ case 0:
+ key_size = 16;
+ /* FALL */
+ case 16:
+ this->cipher_name = "AES-128/GCM";
+ break;
+ case 24:
+ this->cipher_name = "AES-192/GCM";
+ break;
+ case 32:
+ this->cipher_name = "AES-256/GCM";
+ break;
+ default:
+ free(this);
+ return NULL;
+ }
+ this->icv_size = 16;
+ break;
+ default:
+ free(this);
+ return NULL;
+ }
+
+ this->key = chunk_alloc(key_size);
+ this->iv_gen = iv_gen_seq_create();
+
+ return &this->public;
+}
+
+#endif
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_gcm.h b/src/libstrongswan/plugins/botan/botan_gcm.h
new file mode 100644
index 000000000..b2053cb4d
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_gcm.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2018 Atanas Filyanov
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Implements the aead_t interface using Botan in GCM mode.
+ *
+ * @defgroup botan_gcm botan_gcm
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_GCM_H_
+#define BOTAN_GCM_H_
+
+#include <crypto/aead.h>
+
+/**
+ * Constructor to create aead_t implementation.
+ *
+ * @param algo algorithm to implement
+ * @param key_size key size in bytes
+ * @param salt_size size of implicit salt length
+ * @return aead_t object, NULL if not supported
+ */
+aead_t *botan_gcm_create(encryption_algorithm_t algo, size_t key_size,
+ size_t salt_size);
+
+#endif /** BOTAN_GCM_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_hasher.c b/src/libstrongswan/plugins/botan/botan_hasher.c
new file mode 100644
index 000000000..d574db0dc
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_hasher.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_hasher.h"
+#include "botan_util.h"
+
+#include <utils/debug.h>
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_hasher_t private_botan_hasher_t;
+
+/**
+ * Private data of botan_hasher_t
+ */
+struct private_botan_hasher_t {
+
+ /**
+ * Public part of this class.
+ */
+ botan_hasher_t public;
+
+ /**
+ * botan hash instance
+ */
+ botan_hash_t hash;
+};
+
+METHOD(hasher_t, get_hash_size, size_t,
+ private_botan_hasher_t *this)
+{
+ size_t len = 0;
+
+ if (botan_hash_output_length(this->hash, &len))
+ {
+ return 0;
+ }
+ return len;
+}
+
+METHOD(hasher_t, reset, bool,
+ private_botan_hasher_t *this)
+{
+ if (botan_hash_clear(this->hash))
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(hasher_t, get_hash, bool,
+ private_botan_hasher_t *this, chunk_t chunk, uint8_t *hash)
+{
+ if (botan_hash_update(this->hash, chunk.ptr, chunk.len))
+ {
+ return FALSE;
+ }
+
+ if (hash && botan_hash_final(this->hash, hash))
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(hasher_t, allocate_hash, bool,
+ private_botan_hasher_t *this, chunk_t chunk, chunk_t *hash)
+{
+ if (hash)
+ {
+ *hash = chunk_alloc(get_hash_size(this));
+ return get_hash(this, chunk, hash->ptr);
+ }
+ return get_hash(this, chunk, NULL);
+}
+
+METHOD(hasher_t, destroy, void,
+ private_botan_hasher_t *this)
+{
+ botan_hash_destroy(this->hash);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+botan_hasher_t *botan_hasher_create(hash_algorithm_t algo)
+{
+ private_botan_hasher_t *this;
+ const char* hash_name;
+
+ hash_name = botan_get_hash(algo);
+ if (!hash_name)
+ {
+ return FALSE;
+ }
+
+ INIT(this,
+ .public = {
+ .hasher = {
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .get_hash_size = _get_hash_size,
+ .reset = _reset,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ if (botan_hash_init(&this->hash, hash_name, 0))
+ {
+ free(this);
+ return NULL;
+ }
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/botan/botan_hasher.h b/src/libstrongswan/plugins/botan/botan_hasher.h
new file mode 100644
index 000000000..164f63711
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_hasher.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_hasher botan_hasher
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_HASHER_H_
+#define BOTAN_HASHER_H_
+
+typedef struct botan_hasher_t botan_hasher_t;
+
+#include <crypto/hashers/hasher.h>
+
+/**
+ * Implementation of hashers using botan.
+ */
+struct botan_hasher_t {
+
+ /**
+ * The hasher_t interface.
+ */
+ hasher_t hasher;
+};
+
+/**
+ * Constructor to create botan_hasher_t.
+ *
+ * @param algo algorithm
+ * @return botan_hasher_t, NULL if not supported
+ */
+botan_hasher_t *botan_hasher_create(hash_algorithm_t algo);
+
+#endif /** BOTAN_HASHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_hmac.c b/src/libstrongswan/plugins/botan/botan_hmac.c
new file mode 100644
index 000000000..367d27f24
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_hmac.c
@@ -0,0 +1,172 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_hmac.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_HMAC
+
+#include <crypto/mac.h>
+#include <crypto/prfs/mac_prf.h>
+#include <crypto/signers/mac_signer.h>
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_mac_t private_botan_mac_t;
+
+/**
+ * Private data of a mac_t object.
+ */
+struct private_botan_mac_t {
+
+ /**
+ * Public interface
+ */
+ mac_t public;
+
+ /**
+ * HMAC
+ */
+ botan_mac_t hmac;
+};
+
+METHOD(mac_t, set_key, bool,
+ private_botan_mac_t *this, chunk_t key)
+{
+ if (botan_mac_set_key(this->hmac, key.ptr, key.len))
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(mac_t, get_mac, bool,
+ private_botan_mac_t *this, chunk_t data, uint8_t *out)
+{
+ if (botan_mac_update(this->hmac, data.ptr, data.len))
+ {
+ return FALSE;
+ }
+
+ if (out && botan_mac_final(this->hmac, out))
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(mac_t, get_mac_size, size_t,
+ private_botan_mac_t *this)
+{
+ size_t len = 0;
+
+ if (botan_mac_output_length(this->hmac, &len))
+ {
+ return 0;
+ }
+ return len;
+}
+
+METHOD(mac_t, destroy, void,
+ private_botan_mac_t *this)
+{
+ botan_mac_destroy(this->hmac);
+ free(this);
+}
+
+/*
+ * Create a Botan-backed implementation of the mac_t interface
+ */
+static mac_t *hmac_create(hash_algorithm_t algo)
+{
+ private_botan_mac_t *this;
+ const char* hmac_name;
+
+ switch (algo)
+ {
+ case HASH_SHA1:
+ hmac_name = "HMAC(SHA-1)";
+ break;
+ case HASH_SHA256:
+ hmac_name = "HMAC(SHA-256)";
+ break;
+ case HASH_SHA384:
+ hmac_name = "HMAC(SHA-384)";
+ break;
+ case HASH_SHA512:
+ hmac_name = "HMAC(SHA-512)";
+ break;
+ default:
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .get_mac = _get_mac,
+ .get_mac_size = _get_mac_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ }
+ );
+
+ if (botan_mac_init(&this->hmac, hmac_name, 0))
+ {
+ free(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+prf_t *botan_hmac_prf_create(pseudo_random_function_t algo)
+{
+ mac_t *hmac;
+
+ hmac = hmac_create(hasher_algorithm_from_prf(algo));
+ if (hmac)
+ {
+ return mac_prf_create(hmac);
+ }
+ return NULL;
+}
+
+/*
+ * Described in header
+ */
+signer_t *botan_hmac_signer_create(integrity_algorithm_t algo)
+{
+ mac_t *hmac;
+ size_t trunc;
+
+ hmac = hmac_create(hasher_algorithm_from_integrity(algo, &trunc));
+ if (hmac)
+ {
+ return mac_signer_create(hmac, trunc);
+ }
+ return NULL;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_hmac.h b/src/libstrongswan/plugins/botan/botan_hmac.h
new file mode 100644
index 000000000..1deeea961
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_hmac.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Implements HMAC based PRF and signer using Botan's HMAC functions.
+ *
+ * @defgroup botan_hmac botan_hmac
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_HMAC_H_
+#define BOTAN_HMAC_H_
+
+#include <crypto/prfs/prf.h>
+#include <crypto/signers/signer.h>
+
+/**
+ * Creates a new prf_t object based on an HMAC.
+ *
+ * @param algo algorithm to implement
+ * @return prf_t object, NULL if not supported
+ */
+prf_t *botan_hmac_prf_create(pseudo_random_function_t algo);
+
+/**
+ * Creates a new signer_t object based on an HMAC.
+ *
+ * @param algo algorithm to implement
+ * @return signer_t, NULL if not supported
+ */
+signer_t *botan_hmac_signer_create(integrity_algorithm_t algo);
+
+#endif /** BOTAN_HMAC_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_plugin.c b/src/libstrongswan/plugins/botan/botan_plugin.c
new file mode 100644
index 000000000..fd8e5f5a6
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_plugin.c
@@ -0,0 +1,313 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Copyright (C) 2018 Konstantinos Kolelis
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_plugin.h"
+#include "botan_rng.h"
+#include "botan_hasher.h"
+#include "botan_crypter.h"
+#include "botan_diffie_hellman.h"
+#include "botan_hmac.h"
+#include "botan_rsa_public_key.h"
+#include "botan_rsa_private_key.h"
+#include "botan_ec_diffie_hellman.h"
+#include "botan_ec_public_key.h"
+#include "botan_ec_private_key.h"
+#include "botan_gcm.h"
+#include "botan_util_keys.h"
+#include "botan_x25519.h"
+
+#include <library.h>
+
+#include <botan/build.h>
+#include <botan/ffi.h>
+
+typedef struct private_botan_plugin_t private_botan_plugin_t;
+
+/**
+ * private data of botan_plugin
+ */
+struct private_botan_plugin_t {
+
+ /**
+ * public functions
+ */
+ botan_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_botan_plugin_t *this)
+{
+ return "botan";
+}
+
+METHOD(plugin_t, get_features, int,
+ private_botan_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+
+#ifdef BOTAN_HAS_DIFFIE_HELLMAN
+ /* MODP DH groups */
+ PLUGIN_REGISTER(DH, botan_diffie_hellman_create),
+ PLUGIN_PROVIDE(DH, MODP_3072_BIT),
+ PLUGIN_PROVIDE(DH, MODP_4096_BIT),
+ PLUGIN_PROVIDE(DH, MODP_6144_BIT),
+ PLUGIN_PROVIDE(DH, MODP_8192_BIT),
+ PLUGIN_PROVIDE(DH, MODP_2048_BIT),
+ PLUGIN_PROVIDE(DH, MODP_2048_224),
+ PLUGIN_PROVIDE(DH, MODP_2048_256),
+ PLUGIN_PROVIDE(DH, MODP_1536_BIT),
+ PLUGIN_PROVIDE(DH, MODP_1024_BIT),
+ PLUGIN_PROVIDE(DH, MODP_1024_160),
+ PLUGIN_PROVIDE(DH, MODP_768_BIT),
+ PLUGIN_PROVIDE(DH, MODP_CUSTOM),
+#endif
+#ifdef BOTAN_HAS_ECDH
+ /* EC DH groups */
+ PLUGIN_REGISTER(DH, botan_ec_diffie_hellman_create),
+ PLUGIN_PROVIDE(DH, ECP_256_BIT),
+ PLUGIN_PROVIDE(DH, ECP_384_BIT),
+ PLUGIN_PROVIDE(DH, ECP_521_BIT),
+ PLUGIN_PROVIDE(DH, ECP_256_BP),
+ PLUGIN_PROVIDE(DH, ECP_384_BP),
+ PLUGIN_PROVIDE(DH, ECP_512_BP),
+#endif
+#ifdef BOTAN_HAS_X25519
+ PLUGIN_REGISTER(DH, botan_x25519_create),
+ PLUGIN_PROVIDE(DH, CURVE_25519),
+#endif
+
+ /* crypters */
+ PLUGIN_REGISTER(CRYPTER, botan_crypter_create),
+#ifdef BOTAN_HAS_AES
+ #ifdef BOTAN_HAS_MODE_CBC
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
+ #endif
+ #ifdef BOTAN_HAS_AEAD_GCM
+ /* AES GCM */
+ PLUGIN_REGISTER(AEAD, botan_gcm_create),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32),
+ #endif
+#endif
+ /* hashers */
+ PLUGIN_REGISTER(HASHER, botan_hasher_create),
+#ifdef BOTAN_HAS_MD5
+ PLUGIN_PROVIDE(HASHER, HASH_MD5),
+#endif
+#ifdef BOTAN_HAS_SHA1
+ PLUGIN_PROVIDE(HASHER, HASH_SHA1),
+#endif
+#ifdef BOTAN_HAS_SHA2_32
+ PLUGIN_PROVIDE(HASHER, HASH_SHA224),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA256),
+#endif
+#ifdef BOTAN_HAS_SHA2_64
+ PLUGIN_PROVIDE(HASHER, HASH_SHA384),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA512),
+#endif
+ /* prfs */
+#ifdef BOTAN_HAS_HMAC
+ PLUGIN_REGISTER(PRF, botan_hmac_prf_create),
+#ifdef BOTAN_HAS_SHA1
+ PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1),
+#endif
+#ifdef BOTAN_HAS_SHA2_32
+ PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_256),
+#endif
+#ifdef BOTAN_HAS_SHA2_64
+ PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_384),
+ PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512),
+#endif
+ /* signer */
+ PLUGIN_REGISTER(SIGNER, botan_hmac_signer_create),
+#ifdef BOTAN_HAS_SHA1
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_160),
+#endif
+#ifdef BOTAN_HAS_SHA2_32
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_128),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_256),
+#endif
+#ifdef BOTAN_HAS_SHA2_64
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_512),
+#endif
+#endif /* BOTAN_HAS_HMAC */
+
+ /* generic key loaders */
+#if defined (BOTAN_HAS_RSA) || defined(BOTAN_HAS_ECDSA)
+ PLUGIN_REGISTER(PUBKEY, botan_public_key_load, TRUE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
+#ifdef BOTAN_HAS_RSA
+ PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+#endif
+#ifdef BOTAN_HAS_ECDSA
+ PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA),
+#endif
+ PLUGIN_REGISTER(PRIVKEY, botan_private_key_load, TRUE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+#ifdef BOTAN_HAS_RSA
+ PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
+#endif
+#ifdef BOTAN_HAS_ECDSA
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
+#endif
+#endif
+ /* RSA */
+#ifdef BOTAN_HAS_RSA
+ /* public/private key loading/generation */
+ PLUGIN_REGISTER(PUBKEY, botan_rsa_public_key_load, TRUE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+ PLUGIN_REGISTER(PRIVKEY, botan_rsa_private_key_load, TRUE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+ PLUGIN_REGISTER(PRIVKEY_GEN, botan_rsa_private_key_gen, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
+ /* encryption/signature schemes */
+#ifdef BOTAN_HAS_EMSA_PKCS1
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
+#ifdef BOTAN_HAS_SHA1
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
+#endif
+#ifdef BOTAN_HAS_SHA2_32
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256),
+#endif
+#ifdef BOTAN_HAS_SHA2_64
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512),
+#endif
+#endif
+#ifdef BOTAN_HAS_EMSA_PSSR
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PSS),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PSS),
+#endif
+ PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1),
+ PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1),
+#ifdef BOTAN_HAS_EME_OAEP
+#ifdef BOTAN_HAS_SHA2_32
+ PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA224),
+ PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA256),
+#endif
+#ifdef BOTAN_HAS_SHA2_64
+ PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA384),
+ PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_OAEP_SHA512),
+#endif
+#endif
+#endif /* BOTAN_HAS_RSA */
+
+#ifdef BOTAN_HAS_ECDSA
+ /* EC private/public key loading */
+ PLUGIN_REGISTER(PRIVKEY, botan_ec_private_key_load, TRUE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+ PLUGIN_REGISTER(PRIVKEY_GEN, botan_ec_private_key_gen, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA),
+#ifdef BOTAN_HAS_EMSA_RAW
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL),
+#endif
+#ifdef BOTAN_HAS_EMSA1
+#ifdef BOTAN_HAS_SHA1
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER),
+#endif
+#ifdef BOTAN_HAS_SHA2_32
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256),
+#endif
+#ifndef BOTAN_HAS_SHA2_64
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521),
+#endif
+#endif /* BOTAN_HAS_EMSA1 */
+#endif /* BOTAN_HAS_ECDSA */
+
+ /* random numbers */
+#if BOTAN_HAS_SYSTEM_RNG
+#if BOTAN_HAS_HMAC_DRBG
+ PLUGIN_REGISTER(RNG, botan_rng_create),
+ PLUGIN_PROVIDE(RNG, RNG_WEAK),
+ PLUGIN_PROVIDE(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(RNG, RNG_TRUE)
+#endif
+#endif
+ };
+ *features = f;
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ private_botan_plugin_t *this)
+{
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+plugin_t *botan_plugin_create()
+{
+ private_botan_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/botan/botan_plugin.h b/src/libstrongswan/plugins/botan/botan_plugin.h
new file mode 100644
index 000000000..fdb08a90e
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_plugin.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_p botan
+ * @ingroup plugins
+ *
+ * @defgroup botan_plugin botan_plugin
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_PLUGIN_H_
+#define BOTAN_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct botan_plugin_t botan_plugin_t;
+
+/**
+ * Plugin implementing crypto functions using Botan.
+ */
+struct botan_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** BOTAN_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_rng.c b/src/libstrongswan/plugins/botan/botan_rng.c
new file mode 100644
index 000000000..c49225c3c
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_rng.c
@@ -0,0 +1,130 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_rng.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_HMAC_DRBG
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_random_t private_botan_random_t;
+
+/**
+ * Private data of an botan_rng_t object.
+ */
+struct private_botan_random_t {
+
+ /**
+ * Public botan_rnd_t interface.
+ */
+ botan_random_t public;
+
+ /**
+ * RNG quality of this instance
+ */
+ rng_quality_t quality;
+
+ /**
+ * RNG instance
+ */
+ botan_rng_t rng;
+};
+
+METHOD(rng_t, get_bytes, bool,
+ private_botan_random_t *this, size_t bytes, uint8_t *buffer)
+{
+ return botan_rng_get(this->rng, buffer, bytes) == 0;
+}
+
+METHOD(rng_t, allocate_bytes, bool,
+ private_botan_random_t *this, size_t bytes, chunk_t *chunk)
+{
+ *chunk = chunk_alloc(bytes);
+ if (!get_bytes(this, chunk->len, chunk->ptr))
+ {
+ chunk_free(chunk);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(rng_t, destroy, void,
+ private_botan_random_t *this)
+{
+ botan_rng_destroy(this->rng);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+botan_random_t *botan_rng_create(rng_quality_t quality)
+{
+ private_botan_random_t *this;
+ const char* rng_name;
+
+ switch (quality)
+ {
+ case RNG_WEAK:
+ case RNG_STRONG:
+ /* some rng_t instances of this class (e.g. in the ike-sa-manager)
+ * may be called concurrently by different threads. the Botan RNGs
+ * are not reentrant, by default, so use the threadsafe version.
+ * because we build without threading support when running tests
+ * with leak-detective (lots of reports of frees of unknown memory)
+ * there is a fallback to the default */
+#ifdef BOTAN_TARGET_OS_HAS_THREADS
+ rng_name = "user-threadsafe";
+#else
+ rng_name = "user";
+#endif
+ break;
+ case RNG_TRUE:
+ rng_name = "system";
+ break;
+ default:
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .rng = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .destroy = _destroy,
+ },
+ },
+ .quality = quality,
+ );
+
+ if (botan_rng_init(&this->rng, rng_name))
+ {
+ free(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_rng.h b/src/libstrongswan/plugins/botan/botan_rng.h
new file mode 100644
index 000000000..087288863
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_rng.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_rng botan_rng
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_RNG_H_
+#define BOTAN_RNG_H_
+
+typedef struct botan_random_t botan_random_t;
+
+#include <library.h>
+
+/**
+ * rng_t implementation using botan.
+ *
+ * @note botan_rng_t is a botan reserved type.
+ */
+struct botan_random_t {
+
+ /**
+ * Implements rng_t.
+ */
+ rng_t rng;
+};
+
+/**
+ * Creates a botan_random_t instance.
+ *
+ * @param quality required quality of randomness
+ * @return botan_random_t instance
+ */
+botan_random_t *botan_rng_create(rng_quality_t quality);
+
+#endif /** BOTAN_RNG_H_ @} */
diff --git a/src/libstrongswan/plugins/botan/botan_rsa_private_key.c b/src/libstrongswan/plugins/botan/botan_rsa_private_key.c
new file mode 100644
index 000000000..bb723ff95
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_rsa_private_key.c
@@ -0,0 +1,694 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_rsa_private_key.h"
+#include "botan_rsa_public_key.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_RSA
+
+#include "botan_util.h"
+
+#include <botan/ffi.h>
+
+#include <utils/debug.h>
+
+typedef struct private_botan_rsa_private_key_t private_botan_rsa_private_key_t;
+
+/**
+ * Private data of a botan_rsa_private_key_t object.
+ */
+struct private_botan_rsa_private_key_t {
+
+ /**
+ * Public interface for this signer.
+ */
+ botan_rsa_private_key_t public;
+
+ /**
+ * Botan private key
+ */
+ botan_privkey_t key;
+
+ /**
+ * reference count
+ */
+ refcount_t ref;
+};
+
+/**
+ * Get the Botan string identifier for an EMSA PSS signature
+ */
+bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len)
+{
+ const char *hash;
+
+ if (!params)
+ {
+ return FALSE;
+ }
+
+ /* botan currently does not support passing the mgf1 hash */
+ if (params->hash != params->mgf1_hash)
+ {
+ DBG1(DBG_LIB, "passing mgf1 hash not supported via botan");
+ return FALSE;
+ }
+
+ hash = botan_get_hash(params->hash);
+ if (!hash)
+ {
+ return FALSE;
+ }
+
+ if (params->salt_len > RSA_PSS_SALT_LEN_DEFAULT)
+ {
+ return snprintf(id, len, "EMSA-PSS(%s,MGF1,%zd)", hash,
+ params->salt_len) < len;
+ }
+ return snprintf(id, len, "EMSA-PSS(%s,MGF1)", hash) < len;
+}
+
+/**
+ * Build an EMSA PSS signature described in PKCS#1
+ */
+static bool build_emsa_pss_signature(private_botan_rsa_private_key_t *this,
+ rsa_pss_params_t *params, chunk_t data,
+ chunk_t *sig)
+{
+ char hash_and_padding[BUF_LEN];
+
+ if (!botan_emsa_pss_identifier(params, hash_and_padding,
+ sizeof(hash_and_padding)))
+ {
+ return FALSE;
+ }
+ return botan_get_signature(this->key, hash_and_padding, data, sig);
+}
+
+METHOD(private_key_t, get_type, key_type_t,
+ private_botan_rsa_private_key_t *this)
+{
+ return KEY_RSA;
+}
+
+METHOD(private_key_t, sign, bool,
+ private_botan_rsa_private_key_t *this, signature_scheme_t scheme,
+ void *params, chunk_t data, chunk_t *signature)
+{
+ switch (scheme)
+ {
+ case SIGN_RSA_EMSA_PKCS1_NULL:
+ return botan_get_signature(this->key, "EMSA_PKCS1(Raw)", data,
+ signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return botan_get_signature(this->key, "EMSA_PKCS1(SHA-1)", data,
+ signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
+ return botan_get_signature(this->key, "EMSA_PKCS1(SHA-224)", data,
+ signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
+ return botan_get_signature(this->key, "EMSA_PKCS1(SHA-256)", data,
+ signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
+ return botan_get_signature(this->key, "EMSA_PKCS1(SHA-384)", data,
+ signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
+ return botan_get_signature(this->key, "EMSA_PKCS1(SHA-512)", data,
+ signature);
+ case SIGN_RSA_EMSA_PSS:
+ return build_emsa_pss_signature(this, params, data, signature);
+ default:
+ DBG1(DBG_LIB, "signature scheme %N not supported via botan",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+}
+
+METHOD(private_key_t, decrypt, bool,
+ private_botan_rsa_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
+{
+ botan_pk_op_decrypt_t decrypt_op;
+ const char *padding;
+
+ switch (scheme)
+ {
+ case ENCRYPT_RSA_PKCS1:
+ padding = "PKCS1v15";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA1:
+ padding = "OAEP(SHA-1)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA224:
+ padding = "OAEP(SHA-224)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA256:
+ padding = "OAEP(SHA-256)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA384:
+ padding = "OAEP(SHA-384)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA512:
+ padding = "OAEP(SHA-512)";
+ break;
+ default:
+ DBG1(DBG_LIB, "encryption scheme %N not supported via botan",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
+
+ if (botan_pk_op_decrypt_create(&decrypt_op, this->key, padding, 0))
+ {
+ return FALSE;
+ }
+
+ plain->len = 0;
+ if (botan_pk_op_decrypt_output_length(decrypt_op, crypto.len, &plain->len))
+ {
+ botan_pk_op_decrypt_destroy(decrypt_op);
+ return FALSE;
+ }
+
+ *plain = chunk_alloc(plain->len);
+ if (botan_pk_op_decrypt(decrypt_op, plain->ptr, &plain->len, crypto.ptr,
+ crypto.len))
+ {
+ chunk_free(plain);
+ botan_pk_op_decrypt_destroy(decrypt_op);
+ return FALSE;
+ }
+ botan_pk_op_decrypt_destroy(decrypt_op);
+ return TRUE;
+}
+
+METHOD(private_key_t, get_keysize, int,
+ private_botan_rsa_private_key_t *this)
+{
+ botan_mp_t n;
+ size_t bits = 0;
+
+ if (botan_mp_init(&n))
+ {
+ return 0;
+ }
+
+ if (botan_privkey_rsa_get_n(n, this->key) ||
+ botan_mp_num_bits(n, &bits))
+ {
+ botan_mp_destroy(n);
+ return 0;
+ }
+
+ botan_mp_destroy(n);
+ return bits;
+}
+
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_botan_rsa_private_key_t *this)
+{
+ botan_pubkey_t pubkey;
+
+ if (botan_privkey_export_pubkey(&pubkey, this->key))
+ {
+ return NULL;
+ }
+ return (public_key_t*)botan_rsa_public_key_adopt(pubkey);
+}
+
+METHOD(private_key_t, get_fingerprint, bool,
+ private_botan_rsa_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
+{
+ botan_pubkey_t pubkey;
+ bool success = FALSE;
+
+ /* check the cache before doing the export */
+ if (lib->encoding->get_cache(lib->encoding, type, this, fingerprint))
+ {
+ return TRUE;
+ }
+
+ if (botan_privkey_export_pubkey(&pubkey, this->key))
+ {
+ return FALSE;
+ }
+ success = botan_get_fingerprint(pubkey, this, type, fingerprint);
+ botan_pubkey_destroy(pubkey);
+ return success;
+}
+
+METHOD(private_key_t, get_encoding, bool,
+ private_botan_rsa_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ return botan_get_privkey_encoding(this->key, type, encoding);
+}
+
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_botan_rsa_private_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.key;
+}
+
+METHOD(private_key_t, destroy, void,
+ private_botan_rsa_private_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ lib->encoding->clear_cache(lib->encoding, this);
+ botan_privkey_destroy(this->key);
+ free(this);
+ }
+}
+
+/**
+ * Internal generic constructor
+ */
+static private_botan_rsa_private_key_t *create_empty()
+{
+ private_botan_rsa_private_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
+
+ return this;
+}
+
+/*
+ * Described in header
+ */
+botan_rsa_private_key_t *botan_rsa_private_key_adopt(botan_privkey_t key)
+{
+ private_botan_rsa_private_key_t *this;
+
+ this = create_empty();
+ this->key = key;
+
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+botan_rsa_private_key_t *botan_rsa_private_key_gen(key_type_t type,
+ va_list args)
+{
+ private_botan_rsa_private_key_t *this;
+ botan_rng_t rng;
+ u_int key_size = 0;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_KEY_SIZE:
+ key_size = va_arg(args, u_int);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ if (!key_size)
+ {
+ return NULL;
+ }
+
+ if (botan_rng_init(&rng, "system"))
+ {
+ return NULL;
+ }
+
+ this = create_empty();
+
+ if (botan_privkey_create_rsa(&this->key, rng, key_size))
+ {
+ botan_rng_destroy(rng);
+ free(this);
+ return NULL;
+ }
+ botan_rng_destroy(rng);
+ return &this->public;
+}
+
+/**
+ * Recover the primes from n, e and d using the algorithm described in
+ * Appendix C of NIST SP 800-56B.
+ */
+static bool calculate_pq(botan_mp_t *n, botan_mp_t *e, botan_mp_t *d,
+ botan_mp_t *p, botan_mp_t *q)
+{
+ botan_mp_t k = NULL, one = NULL, r = NULL, zero = NULL, two = NULL;
+ botan_mp_t n1 = NULL, x = NULL, y = NULL, g = NULL, rem = NULL;
+ botan_rng_t rng = NULL;
+ int i, t, j;
+ bool success = FALSE;
+
+ if (botan_mp_init(&k) ||
+ botan_mp_init(&one) ||
+ botan_mp_set_from_int(one, 1))
+ {
+ goto error;
+ }
+
+ /* 1. k = d * e - 1 */
+ if (botan_mp_mul(k, *d, *e) || botan_mp_sub(k, k, one))
+ {
+ goto error;
+ }
+
+ /* k must be even */
+ if (!botan_mp_is_even(k))
+ {
+ goto error;
+ }
+
+ /* 2. k = 2^t * r, where r is the largest odd integer dividing k, and t >= 1 */
+ if (botan_mp_init(&r) ||
+ botan_mp_set_from_mp(r, k))
+ {
+ goto error;
+ }
+
+ for (t = 0; !botan_mp_is_odd(r); t++)
+ {
+ if (botan_mp_rshift(r, r, 1))
+ {
+ goto error;
+ }
+ }
+
+ /* need 0 and n-1 below */
+ if (botan_mp_init(&zero) ||
+ botan_mp_init(&n1) ||
+ botan_mp_sub(n1, *n, one))
+ {
+ goto error;
+ }
+
+ if (botan_mp_init(&g))
+ {
+ goto error;
+ }
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ goto error;
+ }
+
+ if (botan_mp_init(&two))
+ {
+ goto error;
+ }
+
+ if (botan_mp_set_from_int(two, 2))
+ {
+ goto error;
+ }
+
+ if (botan_mp_init(&y) ||
+ botan_mp_init(&x))
+ {
+ goto error;
+ }
+
+ for (i = 0; i < 100; i++)
+ {
+ /* 3a. generate a random integer g in the range [0, n-1] */
+ if (botan_mp_rand_range(g, rng, zero, n1))
+ {
+ goto error;
+ }
+ /* 3b. y = g^r mod n */
+ if (botan_mp_powmod(y, g, r, *n))
+ {
+ goto error;
+ }
+
+ /* 3c. If y = 1 or y = n – 1, try again */
+ if (botan_mp_equal(y, one) || botan_mp_equal(y, n1))
+ {
+ continue;
+ }
+
+ for (j = 0; j < t; j++)
+ {
+ /* x = y^2 mod n */
+ if (botan_mp_powmod(x, y, two, *n))
+ {
+ goto error;
+ }
+
+ /* stop if x == 1 */
+ if (botan_mp_equal(x, one))
+ {
+ goto done;
+ }
+
+ /* retry with new g if x = n-1 */
+ if (botan_mp_equal(x, n1))
+ {
+ break;
+ }
+
+ /* let y = x */
+ if (botan_mp_set_from_mp(y, x))
+ {
+ goto error;
+ }
+ }
+ }
+
+done:
+ /* 5. p = GCD(y – 1, n) and q = n/p */
+ if (botan_mp_sub(y, y, one))
+ {
+ goto error;
+ }
+
+ if (botan_mp_init(p) ||
+ botan_mp_gcd(*p, y, *n))
+ {
+ goto error;
+ }
+
+ if (botan_mp_init(q) ||
+ botan_mp_init(&rem) ||
+ botan_mp_div(*q, rem, *n, *p))
+ {
+ goto error;
+ }
+
+ if (!botan_mp_is_zero(rem))
+ {
+ goto error;
+ }
+
+ success = TRUE;
+
+error:
+ if (!success)
+ {
+ botan_mp_destroy(*p);
+ botan_mp_destroy(*q);
+ }
+ botan_rng_destroy(rng);
+ botan_mp_destroy(k);
+ botan_mp_destroy(one);
+ botan_mp_destroy(r);
+ botan_mp_destroy(zero);
+ botan_mp_destroy(two);
+ botan_mp_destroy(n1);
+ botan_mp_destroy(x);
+ botan_mp_destroy(y);
+ botan_mp_destroy(g);
+ botan_mp_destroy(rem);
+ return success;
+}
+
+/*
+ * Described in header
+ */
+botan_rsa_private_key_t *botan_rsa_private_key_load(key_type_t type,
+ va_list args)
+{
+ private_botan_rsa_private_key_t *this;
+ chunk_t n, e, d, p, q, blob;
+
+ n = e = d = p = q = blob = chunk_empty;
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_BLOB_ASN1_DER:
+ blob = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_MODULUS:
+ n = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_PUB_EXP:
+ e = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_PRIV_EXP:
+ d = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_PRIME1:
+ p = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_PRIME2:
+ q = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_EXP1:
+ case BUILD_RSA_EXP2:
+ case BUILD_RSA_COEFF:
+ /* not required for botan */
+ va_arg(args, chunk_t);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ if (type == KEY_ANY && !blob.ptr)
+ {
+ return NULL;
+ }
+
+ if (blob.ptr)
+ {
+ this = create_empty();
+
+ if (botan_privkey_load_rsa_pkcs1(&this->key, blob.ptr, blob.len))
+ {
+ free(this);
+ return NULL;
+ }
+ return &this->public;
+ }
+
+ if (n.ptr && e.ptr && d.ptr)
+ {
+ botan_mp_t n_mp, e_mp, d_mp, p_mp, q_mp;
+
+ if (!chunk_to_botan_mp(n, &n_mp))
+ {
+ return NULL;
+ }
+
+ if (!chunk_to_botan_mp(e, &e_mp))
+ {
+ botan_mp_destroy(n_mp);
+ return NULL;
+ }
+
+ if (!chunk_to_botan_mp(d, &d_mp))
+ {
+ botan_mp_destroy(n_mp);
+ botan_mp_destroy(e_mp);
+ return NULL;
+ }
+
+ if (p.ptr && q.ptr)
+ {
+ if (!chunk_to_botan_mp(p, &p_mp))
+ {
+ botan_mp_destroy(n_mp);
+ botan_mp_destroy(e_mp);
+ botan_mp_destroy(d_mp);
+ return NULL;
+ }
+
+ if (!chunk_to_botan_mp(q, &q_mp))
+ {
+ botan_mp_destroy(n_mp);
+ botan_mp_destroy(e_mp);
+ botan_mp_destroy(d_mp);
+ botan_mp_destroy(p_mp);
+ return NULL;
+ }
+ }
+ else
+ {
+ /* calculate p,q from n, e, d */
+ if (!calculate_pq(&n_mp, &e_mp, &d_mp, &p_mp, &q_mp))
+ {
+ botan_mp_destroy(n_mp);
+ botan_mp_destroy(e_mp);
+ botan_mp_destroy(d_mp);
+ return NULL;
+ }
+ }
+ botan_mp_destroy(n_mp);
+ botan_mp_destroy(d_mp);
+
+ this = create_empty();
+
+ if (botan_privkey_load_rsa(&this->key, p_mp, q_mp, e_mp))
+ {
+ botan_mp_destroy(e_mp);
+ botan_mp_destroy(p_mp);
+ botan_mp_destroy(q_mp);
+ free(this);
+ return NULL;
+ }
+
+ botan_mp_destroy(e_mp);
+ botan_mp_destroy(p_mp);
+ botan_mp_destroy(q_mp);
+
+ return &this->public;
+ }
+
+ return NULL;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_rsa_private_key.h b/src/libstrongswan/plugins/botan/botan_rsa_private_key.h
new file mode 100644
index 000000000..f0f419c7f
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_rsa_private_key.h
@@ -0,0 +1,82 @@
+/*
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_rsa_private_key botan_rsa_private_key
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_RSA_PRIVATE_KEY_H_
+#define BOTAN_RSA_PRIVATE_KEY_H_
+
+#include <botan/ffi.h>
+
+#include <credentials/builder.h>
+#include <credentials/keys/private_key.h>
+
+typedef struct botan_rsa_private_key_t botan_rsa_private_key_t;
+
+/**
+ * private_key_t implementation of RSA algorithm using Botan.
+ */
+struct botan_rsa_private_key_t {
+
+ /**
+ * Implements private_key_t interface
+ */
+ private_key_t key;
+};
+
+/**
+ * Generate a RSA private key using Botan.
+ *
+ * Accepts the BUILD_KEY_SIZE argument.
+ *
+ * @param type type of the key, must be KEY_RSA
+ * @param args builder_part_t argument list
+ * @return generated key, NULL on failure
+ */
+botan_rsa_private_key_t *botan_rsa_private_key_gen(key_type_t type,
+ va_list args);
+
+/**
+ * Load a RSA private key using Botan.
+ *
+ * Accepts a BUILD_BLOB_ASN1_DER argument.
+ *
+ * @param type type of the key, must be KEY_RSA
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+botan_rsa_private_key_t *botan_rsa_private_key_load(key_type_t type,
+ va_list args);
+
+/**
+ * Load a RSA private key by adopting a botan_privkey_t object.
+ *
+ * @param key private key object (adopted)
+ * @return loaded key, NULL on failure
+ */
+botan_rsa_private_key_t *botan_rsa_private_key_adopt(botan_privkey_t key);
+
+#endif /** BOTAN_RSA_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_rsa_public_key.c b/src/libstrongswan/plugins/botan/botan_rsa_public_key.c
new file mode 100644
index 000000000..c6e2e8861
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_rsa_public_key.c
@@ -0,0 +1,376 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_rsa_public_key.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_RSA
+
+#include "botan_util.h"
+
+#include <asn1/oid.h>
+#include <asn1/asn1.h>
+#include <asn1/asn1_parser.h>
+
+#include <utils/debug.h>
+
+#include <botan/ffi.h>
+
+typedef struct private_botan_rsa_public_key_t private_botan_rsa_public_key_t;
+
+/**
+ * Private data structure with signing context.
+ */
+struct private_botan_rsa_public_key_t {
+
+ /**
+ * Public interface for this signer
+ */
+ botan_rsa_public_key_t public;
+
+ /**
+ * Botan public key
+ */
+ botan_pubkey_t key;
+
+ /**
+ * Reference counter
+ */
+ refcount_t ref;
+};
+
+/**
+ * Defined in botan_rsa_private_key.c
+ */
+bool botan_emsa_pss_identifier(rsa_pss_params_t *params, char *id, size_t len);
+
+/**
+ * Verify RSA signature
+ */
+static bool verify_rsa_signature(private_botan_rsa_public_key_t *this,
+ const char* hash_and_padding, chunk_t data,
+ chunk_t signature)
+{
+ botan_pk_op_verify_t verify_op;
+ bool valid = FALSE;
+
+ if (botan_pk_op_verify_create(&verify_op, this->key, hash_and_padding, 0))
+ {
+ return FALSE;
+ }
+
+ if (botan_pk_op_verify_update(verify_op, data.ptr, data.len))
+ {
+ botan_pk_op_verify_destroy(verify_op);
+ return FALSE;
+ }
+
+ valid = !botan_pk_op_verify_finish(verify_op, signature.ptr, signature.len);
+
+ botan_pk_op_verify_destroy(verify_op);
+ return valid;
+}
+
+/**
+ * Verification of an EMSA PSS signature described in PKCS#1
+ */
+static bool verify_emsa_pss_signature(private_botan_rsa_public_key_t *this,
+ rsa_pss_params_t *params, chunk_t data,
+ chunk_t signature)
+{
+ char hash_and_padding[BUF_LEN];
+
+ if (!botan_emsa_pss_identifier(params, hash_and_padding,
+ sizeof(hash_and_padding)))
+ {
+ return FALSE;
+ }
+ return verify_rsa_signature(this, hash_and_padding, data, signature);
+}
+
+METHOD(public_key_t, get_type, key_type_t,
+ private_botan_rsa_public_key_t *this)
+{
+ return KEY_RSA;
+}
+
+METHOD(public_key_t, verify, bool,
+ private_botan_rsa_public_key_t *this, signature_scheme_t scheme,
+ void *params, chunk_t data, chunk_t signature)
+{
+ switch (scheme)
+ {
+ case SIGN_RSA_EMSA_PKCS1_NULL:
+ return verify_rsa_signature(this, "EMSA_PKCS1(Raw)", data,
+ signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return verify_rsa_signature(this, "EMSA_PKCS1(SHA-1)", data,
+ signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_224:
+ return verify_rsa_signature(this, "EMSA_PKCS1(SHA-224)",
+ data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
+ return verify_rsa_signature(this, "EMSA_PKCS1(SHA-256)",
+ data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
+ return verify_rsa_signature(this, "EMSA_PKCS1(SHA-384)",
+ data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
+ return verify_rsa_signature(this, "EMSA_PKCS1(SHA-512)",
+ data, signature);
+ case SIGN_RSA_EMSA_PSS:
+ return verify_emsa_pss_signature(this, params, data, signature);
+ default:
+ DBG1(DBG_LIB, "signature scheme %N not supported via botan",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+}
+
+METHOD(public_key_t, encrypt, bool,
+ private_botan_rsa_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t plain, chunk_t *crypto)
+{
+ botan_pk_op_encrypt_t encrypt_op;
+ botan_rng_t rng;
+ const char* padding;
+
+ switch (scheme)
+ {
+ case ENCRYPT_RSA_PKCS1:
+ padding = "PKCS1v15";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA1:
+ padding = "OAEP(SHA-1)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA224:
+ padding = "OAEP(SHA-224)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA256:
+ padding = "OAEP(SHA-256)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA384:
+ padding = "OAEP(SHA-384)";
+ break;
+ case ENCRYPT_RSA_OAEP_SHA512:
+ padding = "OAEP(SHA-512)";
+ break;
+ default:
+ DBG1(DBG_LIB, "encryption scheme %N not supported via botan",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ return FALSE;
+ }
+
+ if (botan_pk_op_encrypt_create(&encrypt_op, this->key, padding, 0))
+ {
+ botan_rng_destroy(rng);
+ return FALSE;
+ }
+
+ crypto->len = 0;
+ if (botan_pk_op_encrypt_output_length(encrypt_op, plain.len, &crypto->len))
+ {
+ botan_rng_destroy(rng);
+ botan_pk_op_encrypt_destroy(encrypt_op);
+ return FALSE;
+ }
+
+ *crypto = chunk_alloc(crypto->len);
+ if (botan_pk_op_encrypt(encrypt_op, rng, crypto->ptr, &crypto->len,
+ plain.ptr, plain.len))
+ {
+ chunk_free(crypto);
+ botan_rng_destroy(rng);
+ botan_pk_op_encrypt_destroy(encrypt_op);
+ return FALSE;
+ }
+ botan_rng_destroy(rng);
+ botan_pk_op_encrypt_destroy(encrypt_op);
+ return TRUE;
+}
+
+METHOD(public_key_t, get_keysize, int,
+ private_botan_rsa_public_key_t *this)
+{
+ botan_mp_t n;
+ size_t bits = 0;
+
+ if (botan_mp_init(&n))
+ {
+ return 0;
+ }
+
+ if (botan_pubkey_rsa_get_n(n, this->key) ||
+ botan_mp_num_bits(n, &bits))
+ {
+ botan_mp_destroy(n);
+ return 0;
+ }
+
+ botan_mp_destroy(n);
+ return bits;
+}
+
+METHOD(public_key_t, get_fingerprint, bool,
+ private_botan_rsa_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *fp)
+{
+ return botan_get_fingerprint(this->key, this, type, fp);
+}
+
+METHOD(public_key_t, get_encoding, bool,
+ private_botan_rsa_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ return botan_get_encoding(this->key, type, encoding);
+}
+
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_botan_rsa_public_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.key;
+}
+
+METHOD(public_key_t, destroy, void,
+ private_botan_rsa_public_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ lib->encoding->clear_cache(lib->encoding, this);
+ botan_pubkey_destroy(this->key);
+ free(this);
+ }
+}
+
+/**
+ * Internal generic constructor
+ */
+static private_botan_rsa_public_key_t *create_empty()
+{
+ private_botan_rsa_public_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt,
+ .equals = public_key_equals,
+ .get_keysize = _get_keysize,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
+
+ return this;
+}
+
+/*
+ * Described in header
+ */
+botan_rsa_public_key_t *botan_rsa_public_key_adopt(botan_pubkey_t key)
+{
+ private_botan_rsa_public_key_t *this;
+
+ this = create_empty();
+ this->key = key;
+
+ return &this->public;
+}
+
+/*
+ * Described in header
+ */
+botan_rsa_public_key_t *botan_rsa_public_key_load(key_type_t type,
+ va_list args)
+{
+ private_botan_rsa_public_key_t *this = NULL;
+ chunk_t n, e;
+
+ n = e = chunk_empty;
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_RSA_MODULUS:
+ n = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_PUB_EXP:
+ e = va_arg(args, chunk_t);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ if (n.ptr && e.ptr && type == KEY_RSA)
+ {
+ botan_mp_t mp_n, mp_e;
+
+ if (!chunk_to_botan_mp(n, &mp_n))
+ {
+ return NULL;
+ }
+
+ if (!chunk_to_botan_mp(e, &mp_e))
+ {
+ botan_mp_destroy(mp_n);
+ return NULL;
+ }
+
+ this = create_empty();
+
+ if (botan_pubkey_load_rsa(&this->key, mp_n, mp_e))
+ {
+ botan_mp_destroy(mp_n);
+ botan_mp_destroy(mp_e);
+ free(this);
+ return NULL;
+ }
+
+ botan_mp_destroy(mp_n);
+ botan_mp_destroy(mp_e);
+ }
+
+ return &this->public;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_rsa_public_key.h b/src/libstrongswan/plugins/botan/botan_rsa_public_key.h
new file mode 100644
index 000000000..1d80df9ff
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_rsa_public_key.h
@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_rsa_public_key botan_rsa_public_key
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_RSA_PUBLIC_KEY_H_
+#define BOTAN_RSA_PUBLIC_KEY_H_
+
+#include <botan/ffi.h>
+
+#include <credentials/keys/public_key.h>
+
+typedef struct botan_rsa_public_key_t botan_rsa_public_key_t;
+
+/**
+ * public_key_t implementation of RSA algorithm using Botan.
+ */
+struct botan_rsa_public_key_t {
+
+ /**
+ * Implements the public_key_t interface
+ */
+ public_key_t key;
+};
+
+/**
+ * Load a RSA public key using Botan.
+ *
+ * Accepts a BUILD_RSA_MODULUS/BUILD_RSA_PUB_EXP arguments.
+ *
+ * @param type type of the key, must be KEY_RSA
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+botan_rsa_public_key_t *botan_rsa_public_key_load(key_type_t type,
+ va_list args);
+
+/**
+ * Load a RSA public key by adopting a botan_pubkey_t object.
+ *
+ * @param key public key object (adopted)
+ * @return loaded key, NULL on failure
+ */
+botan_rsa_public_key_t *botan_rsa_public_key_adopt(botan_pubkey_t key);
+
+#endif /** BOTAN_RSA_PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_util.c b/src/libstrongswan/plugins/botan/botan_util.c
new file mode 100644
index 000000000..5e18405d7
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_util.c
@@ -0,0 +1,280 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_util.h"
+
+#include <utils/debug.h>
+
+#include <botan/ffi.h>
+
+/*
+ * Described in header
+ */
+bool chunk_to_botan_mp(chunk_t value, botan_mp_t *mp)
+{
+ if (botan_mp_init(mp))
+ {
+ return FALSE;
+ }
+
+ if (botan_mp_from_bin(*mp, value.ptr, value.len))
+ {
+ botan_mp_destroy(*mp);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/*
+ * Described in header
+ */
+const char *botan_get_hash(hash_algorithm_t hash)
+{
+ switch (hash)
+ {
+ case HASH_MD5:
+ return "MD5";
+ case HASH_SHA1:
+ return "SHA-1";
+ case HASH_SHA224:
+ return "SHA-224";
+ case HASH_SHA256:
+ return "SHA-256";
+ case HASH_SHA384:
+ return "SHA-384";
+ case HASH_SHA512:
+ return "SHA-512";
+ default:
+ return NULL;
+ }
+}
+
+/*
+ * Described in header
+ */
+bool botan_get_encoding(botan_pubkey_t pubkey, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ bool success = TRUE;
+
+ encoding->len = 0;
+ if (botan_pubkey_export(pubkey, NULL, &encoding->len,
+ BOTAN_PRIVKEY_EXPORT_FLAG_DER)
+ != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE)
+ {
+ return FALSE;
+ }
+
+ *encoding = chunk_alloc(encoding->len);
+ if (botan_pubkey_export(pubkey, encoding->ptr, &encoding->len,
+ BOTAN_PRIVKEY_EXPORT_FLAG_DER))
+ {
+ chunk_free(encoding);
+ return FALSE;
+ }
+
+ if (type != PUBKEY_SPKI_ASN1_DER)
+ {
+ chunk_t asn1_encoding = *encoding;
+
+ success = lib->encoding->encode(lib->encoding, type, NULL, encoding,
+ CRED_PART_ECDSA_PUB_ASN1_DER,
+ asn1_encoding, CRED_PART_END);
+ chunk_free(&asn1_encoding);
+ }
+ return success;
+}
+
+/*
+ * Described in header
+ */
+bool botan_get_privkey_encoding(botan_privkey_t key, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ uint32_t format = BOTAN_PRIVKEY_EXPORT_FLAG_DER;
+
+ switch (type)
+ {
+ case PRIVKEY_PEM:
+ format = BOTAN_PRIVKEY_EXPORT_FLAG_PEM;
+ /* fall-through */
+ case PRIVKEY_ASN1_DER:
+ encoding->len = 0;
+ if (botan_privkey_export(key, NULL, &encoding->len, format)
+ != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE)
+ {
+ return FALSE;
+ }
+ *encoding = chunk_alloc(encoding->len);
+ if (botan_privkey_export(key, encoding->ptr, &encoding->len,
+ format))
+ {
+ chunk_free(encoding);
+ return FALSE;
+ }
+ return TRUE;
+ default:
+ return FALSE;
+ }
+}
+
+/*
+ * Described in header
+ */
+bool botan_get_fingerprint(botan_pubkey_t pubkey, void *cache,
+ cred_encoding_type_t type, chunk_t *fp)
+{
+ hasher_t *hasher;
+ chunk_t key;
+
+ if (cache &&
+ lib->encoding->get_cache(lib->encoding, type, cache, fp))
+ {
+ return TRUE;
+ }
+
+ switch (type)
+ {
+ case KEYID_PUBKEY_SHA1:
+ /* subjectPublicKey -> use botan_pubkey_fingerprint() */
+ *fp = chunk_alloc(HASH_SIZE_SHA1);
+ if (botan_pubkey_fingerprint(pubkey, "SHA-1", fp->ptr, &fp->len))
+ {
+ chunk_free(fp);
+ return FALSE;
+ }
+ break;
+ case KEYID_PUBKEY_INFO_SHA1:
+ /* subjectPublicKeyInfo -> use botan_pubkey_export(), then hash */
+ if (!botan_get_encoding(pubkey, PUBKEY_SPKI_ASN1_DER, &key))
+ {
+ return FALSE;
+ }
+
+ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+ if (!hasher || !hasher->allocate_hash(hasher, key, fp))
+ {
+ DBG1(DBG_LIB, "SHA1 hash algorithm not supported, "
+ "fingerprinting failed");
+ DESTROY_IF(hasher);
+ chunk_free(&key);
+ return FALSE;
+ }
+ hasher->destroy(hasher);
+ chunk_free(&key);
+ break;
+ default:
+ return FALSE;
+ }
+
+ if (cache)
+ {
+ lib->encoding->cache(lib->encoding, type, cache, *fp);
+ }
+ return TRUE;
+}
+
+/*
+ * Described in header
+ */
+bool botan_get_signature(botan_privkey_t key, const char *scheme,
+ chunk_t data, chunk_t *signature)
+{
+ botan_pk_op_sign_t sign_op;
+ botan_rng_t rng;
+
+ if (!scheme || !signature)
+ {
+ return FALSE;
+ }
+
+ if (botan_pk_op_sign_create(&sign_op, key, scheme, 0))
+ {
+ return FALSE;
+ }
+
+ if (botan_pk_op_sign_update(sign_op, data.ptr, data.len))
+ {
+ botan_pk_op_sign_destroy(sign_op);
+ return FALSE;
+ }
+
+ signature->len = 0;
+ if (botan_pk_op_sign_output_length(sign_op, &signature->len))
+ {
+ botan_pk_op_sign_destroy(sign_op);
+ return FALSE;
+ }
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ botan_pk_op_sign_destroy(sign_op);
+ return FALSE;
+ }
+
+ *signature = chunk_alloc(signature->len);
+ if (botan_pk_op_sign_finish(sign_op, rng, signature->ptr, &signature->len))
+ {
+ chunk_free(signature);
+ botan_rng_destroy(rng);
+ botan_pk_op_sign_destroy(sign_op);
+ return FALSE;
+ }
+
+ botan_rng_destroy(rng);
+ botan_pk_op_sign_destroy(sign_op);
+ return TRUE;
+}
+
+/*
+ * Described in header
+ */
+bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret)
+{
+ botan_pk_op_ka_t ka;
+
+ if (botan_pk_op_key_agreement_create(&ka, key, "Raw", 0))
+ {
+ return FALSE;
+ }
+
+ if (botan_pk_op_key_agreement_size(ka, &secret->len))
+ {
+ botan_pk_op_key_agreement_destroy(ka);
+ return FALSE;
+ }
+
+ *secret = chunk_alloc(secret->len);
+ if (botan_pk_op_key_agreement(ka, secret->ptr, &secret->len, pub.ptr,
+ pub.len, NULL, 0))
+ {
+ chunk_clear(secret);
+ botan_pk_op_key_agreement_destroy(ka);
+ return FALSE;
+ }
+ botan_pk_op_key_agreement_destroy(ka);
+ return TRUE;
+}
diff --git a/src/libstrongswan/plugins/botan/botan_util.h b/src/libstrongswan/plugins/botan/botan_util.h
new file mode 100644
index 000000000..08830356e
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_util.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Copyright (C) 2018 René Korthaus
+ * Rohde & Schwarz Cybersecurity GmbH
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_util botan_util
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_UTIL_H_
+#define BOTAN_UTIL_H_
+
+#include <library.h>
+
+#include <botan/ffi.h>
+
+/**
+ * Converts chunk_t to botan_mp_t.
+ *
+ * @param value chunk to convert
+ * @param mp allocated botan_mp_t
+ * @return TRUE if conversion successful
+ */
+bool chunk_to_botan_mp(chunk_t value, botan_mp_t *mp);
+
+/**
+ * Get the Botan string identifier for the given hash algorithm.
+ *
+ * @param hash hash algorithm
+ * @return Botan string identifier, NULL if not found
+ */
+const char *botan_get_hash(hash_algorithm_t hash);
+
+/**
+ * Get the encoding of a botan_pubkey_t.
+ *
+ * @param pubkey public key object
+ * @param type encoding type
+ * @param encoding allocated encoding
+ * @return TRUE if encoding successful
+ */
+bool botan_get_encoding(botan_pubkey_t pubkey, cred_encoding_type_t type,
+ chunk_t *encoding);
+
+/**
+ * Get the encoding of a botan_privkey_t.
+ *
+ * @param key private key object
+ * @param type encoding type
+ * @param encoding allocated encoding
+ * @return TRUE if encoding successful
+ */
+bool botan_get_privkey_encoding(botan_privkey_t key, cred_encoding_type_t type,
+ chunk_t *encoding);
+
+/**
+ * Get the fingerprint of a botan_pubkey_t.
+ *
+ * @param pubkey public key object
+ * @param cache key to use for caching, NULL to not cache
+ * @param type fingerprint type
+ * @param fp allocated fingerprint
+ * @return TRUE if fingerprinting successful
+ */
+bool botan_get_fingerprint(botan_pubkey_t pubkey, void *cache,
+ cred_encoding_type_t type, chunk_t *fp);
+
+/**
+ * Sign the given data using the provided key with the specified signature
+ * scheme (hash/padding).
+ *
+ * @param key private key object
+ * @param scheme hash/padding algorithm
+ * @param data data to sign
+ * @param signature allocated signature
+ * @return TRUE if signature successfully created
+ */
+bool botan_get_signature(botan_privkey_t key, const char *scheme,
+ chunk_t data, chunk_t *signature);
+
+/**
+ * Do the Diffie-Hellman key derivation using the given private key and public
+ * value.
+ *
+ * Note that the public value is not verified in this function.
+ *
+ * @param key DH private key
+ * @param pub other's public value
+ * @param secret the derived secret (allocated on success)
+ * @return TRUE if derivation was successful
+ */
+bool botan_dh_key_derivation(botan_privkey_t key, chunk_t pub, chunk_t *secret);
+
+#endif /** BOTAN_UTIL_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_util_keys.c b/src/libstrongswan/plugins/botan/botan_util_keys.c
new file mode 100644
index 000000000..176c2caf9
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_util_keys.c
@@ -0,0 +1,211 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_util_keys.h"
+#include "botan_ec_public_key.h"
+#include "botan_ec_private_key.h"
+#include "botan_rsa_public_key.h"
+#include "botan_rsa_private_key.h"
+
+#include <asn1/asn1.h>
+#include <asn1/oid.h>
+
+/**
+ * Get the algorithm name of a public key
+ */
+static char *get_algo_name(botan_pubkey_t pubkey)
+{
+ char *name;
+ size_t len = 0;
+
+ if (botan_pubkey_algo_name(pubkey, NULL, &len)
+ != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE)
+ {
+ return NULL;
+ }
+
+ name = malloc(len);
+ if (botan_pubkey_algo_name(pubkey, name, &len))
+ {
+ free(name);
+ return NULL;
+ }
+ return name;
+}
+
+/*
+ * Described in header
+ */
+public_key_t *botan_public_key_load(key_type_t type, va_list args)
+{
+ public_key_t *this = NULL;
+ botan_pubkey_t pubkey;
+ chunk_t blob = chunk_empty;
+ botan_rng_t rng;
+ char *name;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_BLOB_ASN1_DER:
+ blob = va_arg(args, chunk_t);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ return NULL;
+ }
+ if (botan_pubkey_load(&pubkey, blob.ptr, blob.len))
+ {
+ botan_rng_destroy(rng);
+ return NULL;
+ }
+ if (botan_pubkey_check_key(pubkey, rng, BOTAN_CHECK_KEY_EXPENSIVE_TESTS))
+ {
+ DBG1(DBG_LIB, "public key failed key checks");
+ botan_pubkey_destroy(pubkey);
+ botan_rng_destroy(rng);
+ return NULL;
+ }
+ botan_rng_destroy(rng);
+
+ name = get_algo_name(pubkey);
+ if (!name)
+ {
+ botan_pubkey_destroy(pubkey);
+ return NULL;
+ }
+
+ if (streq(name, "RSA") && (type == KEY_ANY || type == KEY_RSA))
+ {
+ this = (public_key_t*)botan_rsa_public_key_adopt(pubkey);
+ }
+ else if (streq(name, "ECDSA") && (type == KEY_ANY || type == KEY_ECDSA))
+ {
+ this = (public_key_t*)botan_ec_public_key_adopt(pubkey);
+ }
+ else
+ {
+ botan_pubkey_destroy(pubkey);
+ }
+ free(name);
+ return this;
+}
+
+/**
+ * Determine the curve OID from a PKCS#8 structure
+ */
+static int determine_ec_oid(chunk_t pkcs8)
+{
+ int oid = OID_UNKNOWN;
+ chunk_t inner, params = chunk_empty;
+
+ if (asn1_unwrap(&pkcs8, &pkcs8) == ASN1_SEQUENCE &&
+ asn1_unwrap(&pkcs8, &inner) == ASN1_INTEGER &&
+ asn1_parse_integer_uint64(inner) == 0 &&
+ asn1_parse_algorithmIdentifier(pkcs8, 0, &params) == OID_EC_PUBLICKEY &&
+ params.len &&
+ asn1_unwrap(&params, &params) == ASN1_OID)
+ {
+ oid = asn1_known_oid(params);
+ }
+ return oid;
+}
+
+/*
+ * Described in header
+ */
+private_key_t *botan_private_key_load(key_type_t type, va_list args)
+{
+ private_key_t *this = NULL;
+ botan_privkey_t key;
+ botan_pubkey_t pubkey;
+ chunk_t blob = chunk_empty;
+ botan_rng_t rng;
+ char *name;
+ int oid;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_BLOB_ASN1_DER:
+ blob = va_arg(args, chunk_t);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ return NULL;
+ }
+ if (botan_privkey_load(&key, rng, blob.ptr, blob.len, NULL))
+ {
+ botan_rng_destroy(rng);
+ return NULL;
+ }
+ botan_rng_destroy(rng);
+
+ if (botan_privkey_export_pubkey(&pubkey, key))
+ {
+ botan_privkey_destroy(key);
+ return NULL;
+ }
+ name = get_algo_name(pubkey);
+ botan_pubkey_destroy(pubkey);
+ if (!name)
+ {
+ return NULL;
+ }
+ if (streq(name, "RSA") && (type == KEY_ANY || type == KEY_RSA))
+ {
+ this = (private_key_t*)botan_rsa_private_key_adopt(key);
+ }
+ else if (streq(name, "ECDSA") && (type == KEY_ANY || type == KEY_ECDSA))
+ {
+ oid = determine_ec_oid(blob);
+ if (oid != OID_UNKNOWN)
+ {
+ this = (private_key_t*)botan_ec_private_key_adopt(key, oid);
+ }
+ }
+ if (!this)
+ {
+ botan_privkey_destroy(key);
+ }
+ free(name);
+ return this;
+}
diff --git a/src/libstrongswan/plugins/botan/botan_util_keys.h b/src/libstrongswan/plugins/botan/botan_util_keys.h
new file mode 100644
index 000000000..f05f7ce5e
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_util_keys.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Helper functions to load public and private keys in a generic way
+ *
+ * @defgroup botan_util_keys botan_util_keys
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_UTIL_KEYS_H_
+#define BOTAN_UTIL_KEYS_H_
+
+#include <botan/ffi.h>
+
+#include <credentials/keys/public_key.h>
+#include <credentials/keys/private_key.h>
+
+/**
+ * Load a public key in subjectPublicKeyInfo encoding
+ *
+ * Accepts a BUILD_BLOB_ASN1_DER argument.
+ *
+ * @param type type of the key
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+public_key_t *botan_public_key_load(key_type_t type, va_list args);
+
+/**
+ * Load a private key in PKCS#8 encoding
+ *
+ * Accepts a BUILD_BLOB_ASN1_DER argument.
+ *
+ * @param type type of the key
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+private_key_t *botan_private_key_load(key_type_t type, va_list args);
+
+#endif /** BOTAN_UTIL_KEYS_H_ @}*/
diff --git a/src/libstrongswan/plugins/botan/botan_x25519.c b/src/libstrongswan/plugins/botan/botan_x25519.c
new file mode 100644
index 000000000..519f29f55
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_x25519.c
@@ -0,0 +1,176 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "botan_x25519.h"
+
+#include <botan/build.h>
+
+#ifdef BOTAN_HAS_X25519
+
+#include "botan_util.h"
+
+#include <utils/debug.h>
+
+#include <botan/ffi.h>
+
+typedef struct private_diffie_hellman_t private_diffie_hellman_t;
+
+/**
+ * Private data
+ */
+struct private_diffie_hellman_t {
+
+ /**
+ * Public interface
+ */
+ diffie_hellman_t public;
+
+ /**
+ * Private key
+ */
+ botan_privkey_t key;
+
+ /**
+ * Shared secret
+ */
+ chunk_t shared_secret;
+};
+
+METHOD(diffie_hellman_t, set_other_public_value, bool,
+ private_diffie_hellman_t *this, chunk_t value)
+{
+ if (!diffie_hellman_verify_value(CURVE_25519, value))
+ {
+ return FALSE;
+ }
+
+ chunk_clear(&this->shared_secret);
+
+ return botan_dh_key_derivation(this->key, value, &this->shared_secret);
+}
+
+METHOD(diffie_hellman_t, get_my_public_value, bool,
+ private_diffie_hellman_t *this, chunk_t *value)
+{
+ value->len = 0;
+ if (botan_pk_op_key_agreement_export_public(this->key, NULL, &value->len)
+ != BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE)
+ {
+ return FALSE;
+ }
+
+ *value = chunk_alloc(value->len);
+ if (botan_pk_op_key_agreement_export_public(this->key, value->ptr,
+ &value->len))
+ {
+ chunk_free(value);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, set_private_value, bool,
+ private_diffie_hellman_t *this, chunk_t value)
+{
+ if (value.len != 32)
+ {
+ return FALSE;
+ }
+
+ chunk_clear(&this->shared_secret);
+
+ if (botan_privkey_destroy(this->key))
+ {
+ return FALSE;
+ }
+
+ if (botan_privkey_load_x25519(&this->key, value.ptr))
+ {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, get_shared_secret, bool,
+ private_diffie_hellman_t *this, chunk_t *secret)
+{
+ if (!this->shared_secret.len)
+ {
+ return FALSE;
+ }
+ *secret = chunk_clone(this->shared_secret);
+ return TRUE;
+}
+
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_diffie_hellman_t *this)
+{
+ return CURVE_25519;
+}
+
+METHOD(diffie_hellman_t, destroy, void,
+ private_diffie_hellman_t *this)
+{
+ botan_privkey_destroy(this->key);
+ chunk_clear(&this->shared_secret);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+diffie_hellman_t *botan_x25519_create(diffie_hellman_group_t group)
+{
+ private_diffie_hellman_t *this;
+ botan_rng_t rng;
+
+ INIT(this,
+ .public = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .set_private_value = _set_private_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ );
+
+ if (botan_rng_init(&rng, "user"))
+ {
+ free(this);
+ return NULL;
+ }
+
+ if (botan_privkey_create_ecdh(&this->key, rng, "curve25519"))
+ {
+ DBG1(DBG_LIB, "x25519 private key generation failed");
+ botan_rng_destroy(rng);
+ free(this);
+ return NULL;
+ }
+
+ botan_rng_destroy(rng);
+ return &this->public;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/botan/botan_x25519.h b/src/libstrongswan/plugins/botan/botan_x25519.h
new file mode 100644
index 000000000..e95d6cde4
--- /dev/null
+++ b/src/libstrongswan/plugins/botan/botan_x25519.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * @defgroup botan_x25519 botan_x25519
+ * @{ @ingroup botan_p
+ */
+
+#ifndef BOTAN_X25519_H_
+#define BOTAN_X25519_H_
+
+#include <library.h>
+
+/**
+ * Creates a new X25519 implementation using Botan.
+ *
+ * @param group DH group, must be CURVE_25519
+ * @return object, NULL if not supported
+ */
+diffie_hellman_t *botan_x25519_create(diffie_hellman_group_t group);
+
+#endif /** BOTAN_X25519_H_ @}*/
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
index 07eb457d5..f95094d8b 100644
--- a/src/libstrongswan/plugins/ccm/Makefile.in
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in
index 09cbddee7..b57b78200 100644
--- a/src/libstrongswan/plugins/chapoly/Makefile.in
+++ b/src/libstrongswan/plugins/chapoly/Makefile.in
@@ -325,7 +325,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -351,6 +350,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -371,8 +372,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -427,8 +426,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -457,8 +454,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in
index 234a54cc2..0228adc25 100644
--- a/src/libstrongswan/plugins/cmac/Makefile.in
+++ b/src/libstrongswan/plugins/cmac/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in
index 82f82ca2d..56754db88 100644
--- a/src/libstrongswan/plugins/constraints/Makefile.in
+++ b/src/libstrongswan/plugins/constraints/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
index 7c3012301..b5226d684 100644
--- a/src/libstrongswan/plugins/ctr/Makefile.in
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index 0928dee1c..18c6b7f94 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/curve25519/Makefile.in b/src/libstrongswan/plugins/curve25519/Makefile.in
index cb8bb3405..5b8b45e26 100644
--- a/src/libstrongswan/plugins/curve25519/Makefile.in
+++ b/src/libstrongswan/plugins/curve25519/Makefile.in
@@ -317,7 +317,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -343,6 +342,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -363,8 +364,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -419,8 +418,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -449,8 +446,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index 5ffa778cd..df4d5d657 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index 37799583a..3e8efa37b 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in
index 87b66df04..2bb55f6de 100644
--- a/src/libstrongswan/plugins/files/Makefile.in
+++ b/src/libstrongswan/plugins/files/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index aa0bd5fa8..096e61214 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
index da118ce57..304f4fcd4 100644
--- a/src/libstrongswan/plugins/gcm/Makefile.in
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.c b/src/libstrongswan/plugins/gcm/gcm_aead.c
index e9a072461..513dc2a9b 100644
--- a/src/libstrongswan/plugins/gcm/gcm_aead.c
+++ b/src/libstrongswan/plugins/gcm/gcm_aead.c
@@ -62,7 +62,7 @@ struct private_gcm_aead_t {
};
/**
- * Find a suiteable word size and network order conversion functions
+ * Find a suitable word size and network order conversion functions
*/
#if ULONG_MAX == 18446744073709551615UL && defined(htobe64)
# define htobeword htobe64
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index 3ed4a910f..dab9f6f1b 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
index f59144a86..b57f05e3a 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
@@ -195,8 +195,8 @@ METHOD(diffie_hellman_t, destroy, void,
/*
* Generic internal constructor
*/
-gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len,
- chunk_t g, chunk_t p)
+static gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len,
+ chunk_t g, chunk_t p)
{
private_gcrypt_dh_t *this;
gcry_error_t err;
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index 11aef42f0..a74d76201 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index 241ef7d3b..e9a83fdf4 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 Tobias Brunner
+ * Copyright (C) 2017-2018 Tobias Brunner
* Copyright (C) 2005 Jan Hutter
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2012 Andreas Steffen
@@ -264,14 +264,15 @@ static chunk_t rsasp1(private_gmp_rsa_private_key_t *this, chunk_t data)
}
/**
- * Build a signature using the PKCS#1 EMSA scheme
+ * Hashes the data and builds the plaintext signature value with EMSA
+ * PKCS#1 v1.5 padding.
+ *
+ * Allocates the signature data.
*/
-static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
- hash_algorithm_t hash_algorithm,
- chunk_t data, chunk_t *signature)
+bool gmp_emsa_pkcs1_signature_data(hash_algorithm_t hash_algorithm,
+ chunk_t data, size_t keylen, chunk_t *em)
{
chunk_t digestInfo = chunk_empty;
- chunk_t em;
if (hash_algorithm != HASH_UNKNOWN)
{
@@ -295,43 +296,56 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
/* build DER-encoded digestInfo */
digestInfo = asn1_wrap(ASN1_SEQUENCE, "mm",
asn1_algorithmIdentifier(hash_oid),
- asn1_simple_object(ASN1_OCTET_STRING, hash)
- );
- chunk_free(&hash);
+ asn1_wrap(ASN1_OCTET_STRING, "m", hash));
+
data = digestInfo;
}
- if (data.len > this->k - 3)
+ if (data.len > keylen - 11)
{
- free(digestInfo.ptr);
- DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len,
- mpz_sizeinbase(this->n, 2));
+ chunk_free(&digestInfo);
+ DBG1(DBG_LIB, "signature value of %zu bytes is too long for key of "
+ "%zu bytes", data.len, keylen);
return FALSE;
}
- /* build chunk to rsa-decrypt:
- * EM = 0x00 || 0x01 || PS || 0x00 || T.
- * PS = 0xFF padding, with length to fill em
+ /* EM = 0x00 || 0x01 || PS || 0x00 || T.
+ * PS = 0xFF padding, with length to fill em (at least 8 bytes)
* T = encoded_hash
*/
- em.len = this->k;
- em.ptr = malloc(em.len);
+ *em = chunk_alloc(keylen);
/* fill em with padding */
- memset(em.ptr, 0xFF, em.len);
+ memset(em->ptr, 0xFF, em->len);
/* set magic bytes */
- *(em.ptr) = 0x00;
- *(em.ptr+1) = 0x01;
- *(em.ptr + em.len - data.len - 1) = 0x00;
- /* set DER-encoded hash */
- memcpy(em.ptr + em.len - data.len, data.ptr, data.len);
+ *(em->ptr) = 0x00;
+ *(em->ptr+1) = 0x01;
+ *(em->ptr + em->len - data.len - 1) = 0x00;
+ /* set encoded hash */
+ memcpy(em->ptr + em->len - data.len, data.ptr, data.len);
+
+ chunk_clear(&digestInfo);
+ return TRUE;
+}
+
+/**
+ * Build a signature using the PKCS#1 EMSA scheme
+ */
+static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
+ hash_algorithm_t hash_algorithm,
+ chunk_t data, chunk_t *signature)
+{
+ chunk_t em;
+
+ if (!gmp_emsa_pkcs1_signature_data(hash_algorithm, data, this->k, &em))
+ {
+ return FALSE;
+ }
/* build signature */
*signature = rsasp1(this, em);
- free(digestInfo.ptr);
- free(em.ptr);
-
+ chunk_free(&em);
return TRUE;
}
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index 52bc9fb38..9b5ee67fa 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 Tobias Brunner
+ * Copyright (C) 2017-2018 Tobias Brunner
* Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* HSR Hochschule fuer Technik Rapperswil
@@ -70,7 +70,9 @@ struct private_gmp_rsa_public_key_t {
/**
* Shared functions defined in gmp_rsa_private_key.c
*/
-extern chunk_t gmp_mpz_to_chunk(const mpz_t value);
+chunk_t gmp_mpz_to_chunk(const mpz_t value);
+bool gmp_emsa_pkcs1_signature_data(hash_algorithm_t hash_algorithm,
+ chunk_t data, size_t keylen, chunk_t *em);
/**
* RSAEP algorithm specified in PKCS#1.
@@ -115,26 +117,13 @@ static chunk_t rsavp1(private_gmp_rsa_public_key_t *this, chunk_t data)
}
/**
- * ASN.1 definition of digestInfo
- */
-static const asn1Object_t digestInfoObjects[] = {
- { 0, "digestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
- { 1, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 1 */
- { 1, "digest", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */
- { 0, "exit", ASN1_EOC, ASN1_EXIT }
-};
-#define DIGEST_INFO 0
-#define DIGEST_INFO_ALGORITHM 1
-#define DIGEST_INFO_DIGEST 2
-
-/**
* Verification of an EMSA PKCS1 signature described in PKCS#1
*/
static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
hash_algorithm_t algorithm,
chunk_t data, chunk_t signature)
{
- chunk_t em_ori, em;
+ chunk_t em_expected, em;
bool success = FALSE;
/* remove any preceding 0-bytes from signature */
@@ -148,140 +137,19 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
return FALSE;
}
- /* unpack signature */
- em_ori = em = rsavp1(this, signature);
-
- /* result should look like this:
- * EM = 0x00 || 0x01 || PS || 0x00 || T.
- * PS = 0xFF padding, with length to fill em
- * T = oid || hash
- */
-
- /* check magic bytes */
- if (em.len < 2 || *(em.ptr) != 0x00 || *(em.ptr+1) != 0x01)
+ /* generate expected signature value */
+ if (!gmp_emsa_pkcs1_signature_data(algorithm, data, this->k, &em_expected))
{
- goto end;
- }
- em = chunk_skip(em, 2);
-
- /* find magic 0x00 */
- while (em.len > 0)
- {
- if (*em.ptr == 0x00)
- {
- /* found magic byte, stop */
- em = chunk_skip(em, 1);
- break;
- }
- else if (*em.ptr != 0xFF)
- {
- /* bad padding, decryption failed ?!*/
- goto end;
- }
- em = chunk_skip(em, 1);
- }
-
- if (em.len == 0)
- {
- /* no digestInfo found */
- goto end;
- }
-
- if (algorithm == HASH_UNKNOWN)
- { /* IKEv1 signatures without digestInfo */
- if (em.len != data.len)
- {
- DBG1(DBG_LIB, "hash size in signature is %u bytes instead of"
- " %u bytes", em.len, data.len);
- goto end;
- }
- success = memeq_const(em.ptr, data.ptr, data.len);
+ return FALSE;
}
- else
- { /* IKEv2 and X.509 certificate signatures */
- asn1_parser_t *parser;
- chunk_t object;
- int objectID;
- hash_algorithm_t hash_algorithm = HASH_UNKNOWN;
-
- DBG2(DBG_LIB, "signature verification:");
- parser = asn1_parser_create(digestInfoObjects, em);
- while (parser->iterate(parser, &objectID, &object))
- {
- switch (objectID)
- {
- case DIGEST_INFO:
- {
- if (em.len > object.len)
- {
- DBG1(DBG_LIB, "digestInfo field in signature is"
- " followed by %u surplus bytes",
- em.len - object.len);
- goto end_parser;
- }
- break;
- }
- case DIGEST_INFO_ALGORITHM:
- {
- int hash_oid = asn1_parse_algorithmIdentifier(object,
- parser->get_level(parser)+1, NULL);
-
- hash_algorithm = hasher_algorithm_from_oid(hash_oid);
- if (hash_algorithm == HASH_UNKNOWN || hash_algorithm != algorithm)
- {
- DBG1(DBG_LIB, "expected hash algorithm %N, but found"
- " %N (OID: %#B)", hash_algorithm_names, algorithm,
- hash_algorithm_names, hash_algorithm, &object);
- goto end_parser;
- }
- break;
- }
- case DIGEST_INFO_DIGEST:
- {
- chunk_t hash;
- hasher_t *hasher;
-
- hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
- if (hasher == NULL)
- {
- DBG1(DBG_LIB, "hash algorithm %N not supported",
- hash_algorithm_names, hash_algorithm);
- goto end_parser;
- }
-
- if (object.len != hasher->get_hash_size(hasher))
- {
- DBG1(DBG_LIB, "hash size in signature is %u bytes"
- " instead of %u bytes", object.len,
- hasher->get_hash_size(hasher));
- hasher->destroy(hasher);
- goto end_parser;
- }
-
- /* build our own hash and compare */
- if (!hasher->allocate_hash(hasher, data, &hash))
- {
- hasher->destroy(hasher);
- goto end_parser;
- }
- hasher->destroy(hasher);
- success = memeq_const(object.ptr, hash.ptr, hash.len);
- free(hash.ptr);
- break;
- }
- default:
- break;
- }
- }
+ /* unpack signature */
+ em = rsavp1(this, signature);
-end_parser:
- success &= parser->success(parser);
- parser->destroy(parser);
- }
+ success = chunk_equals_const(em_expected, em);
-end:
- free(em_ori.ptr);
+ chunk_free(&em_expected);
+ chunk_free(&em);
return success;
}
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index 8de79663e..9f1f12601 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in
index 6573b311d..6ec8dc755 100644
--- a/src/libstrongswan/plugins/keychain/Makefile.in
+++ b/src/libstrongswan/plugins/keychain/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index 324157bc0..7582e2147 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 111f53239..e3ec9866c 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index 1a41f73ea..ec49f9540 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/mgf1/Makefile.in b/src/libstrongswan/plugins/mgf1/Makefile.in
index fd69f4042..36ebc1c67 100644
--- a/src/libstrongswan/plugins/mgf1/Makefile.in
+++ b/src/libstrongswan/plugins/mgf1/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index 114507eeb..0b58efb22 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/newhope/Makefile.in b/src/libstrongswan/plugins/newhope/Makefile.in
index 81c10d5c9..cd618382e 100644
--- a/src/libstrongswan/plugins/newhope/Makefile.in
+++ b/src/libstrongswan/plugins/newhope/Makefile.in
@@ -319,7 +319,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -345,6 +344,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -365,8 +366,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -421,8 +420,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -451,8 +448,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/newhope/newhope_ke.c b/src/libstrongswan/plugins/newhope/newhope_ke.c
index 72b7e034c..463276215 100644
--- a/src/libstrongswan/plugins/newhope/newhope_ke.c
+++ b/src/libstrongswan/plugins/newhope/newhope_ke.c
@@ -306,7 +306,7 @@ METHOD(diffie_hellman_t, get_my_public_value, bool,
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (!rng)
{
- DBG1(DBG_LIB, "could not instatiate random source");
+ DBG1(DBG_LIB, "could not instantiate random source");
return FALSE;
}
if (!rng->get_bytes(rng, seed_len, a_seed.ptr))
@@ -463,7 +463,7 @@ METHOD(diffie_hellman_t, set_other_public_value, bool,
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (!rng)
{
- DBG1(DBG_LIB, "could not instatiate random source");
+ DBG1(DBG_LIB, "could not instantiate random source");
goto end;
}
if (!rng->get_bytes(rng, seed_len, noise_seed.ptr))
diff --git a/src/libstrongswan/plugins/newhope/tests/Makefile.in b/src/libstrongswan/plugins/newhope/tests/Makefile.in
index 114035a4a..40961880c 100644
--- a/src/libstrongswan/plugins/newhope/tests/Makefile.in
+++ b/src/libstrongswan/plugins/newhope/tests/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in
index 0e24d4861..d9243ac62 100644
--- a/src/libstrongswan/plugins/nonce/Makefile.in
+++ b/src/libstrongswan/plugins/nonce/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in
index cdfee525b..75f6abda9 100644
--- a/src/libstrongswan/plugins/ntru/Makefile.in
+++ b/src/libstrongswan/plugins/ntru/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.h b/src/libstrongswan/plugins/ntru/ntru_drbg.h
index 3fee1800b..31c12e42c 100644
--- a/src/libstrongswan/plugins/ntru/ntru_drbg.h
+++ b/src/libstrongswan/plugins/ntru/ntru_drbg.h
@@ -71,7 +71,7 @@ struct ntru_drbg_t {
};
/**
- * Create and instantiate a new DRBG objet.
+ * Create and instantiate a new DRBG object.
*
* @param strength security strength in bits
* @param pers_str personalization string
diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_poly.h
index 765b72bdd..642384feb 100644
--- a/src/libstrongswan/plugins/ntru/ntru_poly.h
+++ b/src/libstrongswan/plugins/ntru/ntru_poly.h
@@ -49,7 +49,7 @@ struct ntru_poly_t {
void (*get_array)(ntru_poly_t *this, uint16_t *array);
/**
- * Multiply polynomial a with ntru_poly_t object b having sparse coeffients
+ * Multiply polynomial a with ntru_poly_t object b having sparse coefficients
* to form result polynomial c = a * b
*
* @param a input polynomial a
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index 856055c6a..0fa8142a6 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -320,7 +320,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -346,6 +345,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -366,8 +367,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -422,8 +421,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -452,8 +449,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index 02a022d03..a1460d993 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index 37917d441..1c6d0cfd6 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index 10eb82619..af23b3058 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index ae24d4085..c2648d86c 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
index 967e501d1..c934f0b1d 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
@@ -271,7 +271,8 @@ end:
* }
*
* While the parameters and publicKey fields are OPTIONAL, RFC 5915 says that
- * parameters MUST be included and publicKey SHOULD be.
+ * parameters MUST be included (an errata clarifies this, so this is only the
+ * case for plain private keys, not encoded in PKCS#8) and publicKey SHOULD be.
*/
static bool is_ec_private_key(chunk_t blob)
{
@@ -281,7 +282,8 @@ static bool is_ec_private_key(chunk_t blob)
asn1_parse_integer_uint64(data) == 1 &&
asn1_unwrap(&blob, &data) == ASN1_OCTET_STRING &&
asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_0 &&
- asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1;
+ asn1_unwrap(&data, &data) == ASN1_OID &&
+ (!blob.len || (asn1_unwrap(&blob, &data) == ASN1_CONTEXT_C_1));
}
/**
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in
index 00d5a6a5d..8eec72903 100644
--- a/src/libstrongswan/plugins/pkcs11/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in
index 6bb1b9a36..d47a1906c 100644
--- a/src/libstrongswan/plugins/pkcs12/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs12/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in
index f56df39d1..1539e57d7 100644
--- a/src/libstrongswan/plugins/pkcs7/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs7/Makefile.in
@@ -314,7 +314,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -340,6 +339,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -360,8 +361,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -416,8 +415,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -446,8 +443,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in
index 9c408c443..8d038d698 100644
--- a/src/libstrongswan/plugins/pkcs8/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index ff7501c00..5caae5879 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index 3a22a6316..6359e7cd7 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in
index d37c9834d..91526ccac 100644
--- a/src/libstrongswan/plugins/rc2/Makefile.in
+++ b/src/libstrongswan/plugins/rc2/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in
index 371e34db8..0ff72f58a 100644
--- a/src/libstrongswan/plugins/rdrand/Makefile.in
+++ b/src/libstrongswan/plugins/rdrand/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in
index 15e91b24a..4d4fcf1f1 100644
--- a/src/libstrongswan/plugins/revocation/Makefile.in
+++ b/src/libstrongswan/plugins/revocation/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/revocation/revocation_plugin.c b/src/libstrongswan/plugins/revocation/revocation_plugin.c
index fe7eaa765..f688577e1 100644
--- a/src/libstrongswan/plugins/revocation/revocation_plugin.c
+++ b/src/libstrongswan/plugins/revocation/revocation_plugin.c
@@ -76,6 +76,13 @@ METHOD(plugin_t, get_features, int,
return countof(f);
}
+METHOD(plugin_t, reload, bool,
+ private_revocation_plugin_t *this)
+{
+ this->validator->reload(this->validator);
+ return TRUE;
+}
+
METHOD(plugin_t, destroy, void,
private_revocation_plugin_t *this)
{
@@ -95,6 +102,7 @@ plugin_t *revocation_plugin_create()
.plugin = {
.get_name = _get_name,
.get_features = _get_features,
+ .reload = _reload,
.destroy = _destroy,
},
},
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c
index f8e78ac0c..68292e3cd 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@@ -27,6 +27,7 @@
#include <credentials/certificates/ocsp_response.h>
#include <credentials/sets/ocsp_response_wrapper.h>
#include <selectors/traffic_selector.h>
+#include <threading/spinlock.h>
typedef struct private_revocation_validator_t private_revocation_validator_t;
@@ -50,6 +51,10 @@ struct private_revocation_validator_t {
*/
bool enable_crl;
+ /**
+ * Lock to access flags
+ */
+ spinlock_t *lock;
};
/**
@@ -795,14 +800,21 @@ METHOD(cert_validator_t, validate, bool,
certificate_t *issuer, bool online, u_int pathlen, bool anchor,
auth_cfg_t *auth)
{
- if (online && (this->enable_ocsp || this->enable_crl) &&
+ bool enable_ocsp, enable_crl;
+
+ this->lock->lock(this->lock);
+ enable_ocsp = this->enable_ocsp;
+ enable_crl = this->enable_crl;
+ this->lock->unlock(this->lock);
+
+ if (online && (enable_ocsp || enable_crl) &&
subject->get_type(subject) == CERT_X509 &&
issuer->get_type(issuer) == CERT_X509)
{
DBG1(DBG_CFG, "checking certificate status of \"%Y\"",
subject->get_subject(subject));
- if (this->enable_ocsp)
+ if (enable_ocsp)
{
switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, auth))
{
@@ -831,7 +843,7 @@ METHOD(cert_validator_t, validate, bool,
auth->add(auth, AUTH_RULE_OCSP_VALIDATION, VALIDATION_SKIPPED);
}
- if (this->enable_crl)
+ if (enable_crl)
{
switch (check_crl((x509_t*)subject, (x509_t*)issuer, auth))
{
@@ -865,9 +877,35 @@ METHOD(cert_validator_t, validate, bool,
return TRUE;
}
+METHOD(revocation_validator_t, reload, void,
+ private_revocation_validator_t *this)
+{
+ bool enable_ocsp, enable_crl;
+
+ enable_ocsp = lib->settings->get_bool(lib->settings,
+ "%s.plugins.revocation.enable_ocsp", TRUE, lib->ns);
+ enable_crl = lib->settings->get_bool(lib->settings,
+ "%s.plugins.revocation.enable_crl", TRUE, lib->ns);
+
+ this->lock->lock(this->lock);
+ this->enable_ocsp = enable_ocsp;
+ this->enable_crl = enable_crl;
+ this->lock->unlock(this->lock);
+
+ if (!enable_ocsp)
+ {
+ DBG1(DBG_LIB, "all OCSP validation disabled");
+ }
+ if (!enable_crl)
+ {
+ DBG1(DBG_LIB, "all CRL validation disabled");
+ }
+}
+
METHOD(revocation_validator_t, destroy, void,
private_revocation_validator_t *this)
{
+ this->lock->destroy(this->lock);
free(this);
}
@@ -881,21 +919,13 @@ revocation_validator_t *revocation_validator_create()
INIT(this,
.public = {
.validator.validate = _validate,
+ .reload = _reload,
.destroy = _destroy,
},
- .enable_ocsp = lib->settings->get_bool(lib->settings,
- "%s.plugins.revocation.enable_ocsp", TRUE, lib->ns),
- .enable_crl = lib->settings->get_bool(lib->settings,
- "%s.plugins.revocation.enable_crl", TRUE, lib->ns),
+ .lock = spinlock_create(),
);
- if (!this->enable_ocsp)
- {
- DBG1(DBG_LIB, "all OCSP validation disabled");
- }
- if (!this->enable_crl)
- {
- DBG1(DBG_LIB, "all CRL validation disabled");
- }
+ reload(this);
+
return &this->public;
}
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.h b/src/libstrongswan/plugins/revocation/revocation_validator.h
index 82cbde26b..9128787f1 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.h
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.h
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -36,6 +39,11 @@ struct revocation_validator_t {
cert_validator_t validator;
/**
+ * Reload the configuration
+ */
+ void (*reload)(revocation_validator_t *this);
+
+ /**
* Destroy a revocation_validator_t.
*/
void (*destroy)(revocation_validator_t *this);
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index ff0a30462..89d0fbb09 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index 81284e137..32daea050 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in
index 3ca2f5e24..ec55ffaaa 100644
--- a/src/libstrongswan/plugins/sha3/Makefile.in
+++ b/src/libstrongswan/plugins/sha3/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in
index 47af2c5fd..25e3781de 100644
--- a/src/libstrongswan/plugins/soup/Makefile.in
+++ b/src/libstrongswan/plugins/soup/Makefile.in
@@ -311,7 +311,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -337,6 +336,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -357,8 +358,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -413,8 +412,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -443,8 +440,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index f0649b52a..cc2a8cbd7 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in
index ac644ec0b..864a536ee 100644
--- a/src/libstrongswan/plugins/sshkey/Makefile.in
+++ b/src/libstrongswan/plugins/sshkey/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index 45879e841..c8ad1e5d9 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -331,7 +331,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -357,6 +356,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -377,8 +378,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -433,8 +432,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -463,8 +460,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h
index 9bbe701ee..7ab965a82 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors.h
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h
@@ -303,4 +303,5 @@ TEST_VECTOR_DH(ecp224bp)
TEST_VECTOR_DH(ecp256bp)
TEST_VECTOR_DH(ecp384bp)
TEST_VECTOR_DH(ecp512bp)
-TEST_VECTOR_DH(curve25519)
+TEST_VECTOR_DH(curve25519_1)
+TEST_VECTOR_DH(curve25519_2)
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c b/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c
index f46d81c16..676fcfc5a 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/curve25519.c
@@ -16,10 +16,9 @@
#include <crypto/crypto_tester.h>
/**
- * From RFC 8031
+ * From RFC 8037
*/
-
-dh_test_vector_t curve25519 = {
+dh_test_vector_t curve25519_1 = {
.group = CURVE_25519, .priv_len = 32, .pub_len = 32, .shared_len = 32,
.priv_a = "\x77\x07\x6d\x0a\x73\x18\xa5\x7d\x3c\x16\xc1\x72\x51\xb2\x66\x45"
"\xdf\x4c\x2f\x87\xeb\xc0\x99\x2a\xb1\x77\xfb\xa5\x1d\xb9\x2c\x2a",
@@ -32,3 +31,20 @@ dh_test_vector_t curve25519 = {
.shared = "\x4a\x5d\x9d\x5b\xa4\xce\x2d\xe1\x72\x8e\x3b\xf4\x80\x35\x0f\x25"
"\xe0\x7e\x21\xc9\x47\xd1\x9e\x33\x76\xf0\x9b\x3c\x1e\x16\x17\x42",
};
+
+/**
+ * From RFC 8031
+ */
+dh_test_vector_t curve25519_2 = {
+ .group = CURVE_25519, .priv_len = 32, .pub_len = 32, .shared_len = 32,
+ .priv_a = "\x75\x1f\xb4\x30\x86\x55\xb4\x76\xb6\x78\x9b\x73\x25\xf9\xea\x8c"
+ "\xdd\xd1\x6a\x58\x53\x3f\xf6\xd9\xe6\x00\x09\x46\x4a\x5f\x9d\x94",
+ .priv_b = "\x0a\x54\x64\x52\x53\x29\x0d\x60\xdd\xad\xd0\xe0\x30\xba\xcd\x9e"
+ "\x55\x01\xef\xdc\x22\x07\x55\xa1\xe9\x78\xf1\xb8\x39\xa0\x56\x88",
+ .pub_a = "\x48\xd5\xdd\xd4\x06\x12\x57\xba\x16\x6f\xa3\xf9\xbb\xdb\x74\xf1"
+ "\xa4\xe8\x1c\x08\x93\x84\xfa\x77\xf7\x90\x70\x9f\x0d\xfb\xc7\x66",
+ .pub_b = "\x0b\xe7\xc1\xf5\xaa\xd8\x7d\x7e\x44\x86\x62\x67\x32\x98\xa4\x43"
+ "\x47\x8b\x85\x97\x45\x17\x9e\xaf\x56\x4c\x79\xc0\xef\x6e\xee\x25",
+ .shared = "\xc7\x49\x50\x60\x7a\x12\x32\x7f\x32\x04\xd9\x4b\x68\x25\xbf\xb0"
+ "\x68\xb7\xf8\x31\x9a\x9e\x37\x08\xed\x3d\x43\xce\x81\x30\xc9\x50",
+};
diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in
index 2a4788ee1..8be6c1c3a 100644
--- a/src/libstrongswan/plugins/unbound/Makefile.in
+++ b/src/libstrongswan/plugins/unbound/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in
index 7cd680095..20d6658c3 100644
--- a/src/libstrongswan/plugins/winhttp/Makefile.in
+++ b/src/libstrongswan/plugins/winhttp/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 0f54f8cf0..ce53fff4d 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index bc3a44346..f3d4377d8 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -369,8 +369,13 @@ static bool parse_otherName(chunk_t *blob, int level0, id_type_t *type)
switch (oid)
{
case OID_XMPP_ADDR:
- if (!asn1_parse_simple_object(&object, ASN1_UTF8STRING,
+ if (asn1_parse_simple_object(&object, ASN1_UTF8STRING,
parser->get_level(parser)+1, "xmppAddr"))
+ { /* we handle xmppAddr as RFC822 addr */
+ *blob = object;
+ *type = ID_RFC822_ADDR;
+ }
+ else
{
goto end;
}
@@ -2021,6 +2026,8 @@ chunk_t build_generalName(identification_t *id)
switch (id->get_type(id))
{
+ case ID_DER_ASN1_GN:
+ return chunk_clone(id->get_encoding(id));
case ID_RFC822_ADDR:
context = ASN1_CONTEXT_S_1;
break;
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 3a39037bc..966b6d733 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h
index dd9ad7e1b..03f7a6d8c 100644
--- a/src/libstrongswan/selectors/traffic_selector.h
+++ b/src/libstrongswan/selectors/traffic_selector.h
@@ -395,7 +395,7 @@ traffic_selector_t *traffic_selector_create_from_subnet(
* greater or equal to 256 they are assumed to be type and code as defined
* for traffic_selector_t.
*
- * @param protocol upper layer protocl to allow
+ * @param protocol upper layer protocol to allow
* @param from_port start of allowed port range
* @param to_port end of range
* @return
diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c
index a4c5060fa..44d035fac 100644
--- a/src/libstrongswan/settings/settings.c
+++ b/src/libstrongswan/settings/settings.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2014 Tobias Brunner
+ * Copyright (C) 2010-2018 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -73,6 +73,7 @@ struct private_settings_t {
/**
* Print a format key, but consume already processed arguments
+ * Note that key and start point into the same string
*/
static bool print_key(char *buf, int len, char *start, char *key, va_list args)
{
@@ -115,6 +116,25 @@ static bool print_key(char *buf, int len, char *start, char *key, va_list args)
}
/**
+ * Check if the given section is contained in the given array.
+ */
+static bool has_section(array_t *array, section_t *section)
+{
+ section_t *current;
+ int i;
+
+ for (i = 0; i < array_count(array); i++)
+ {
+ array_get(array, i, &current);
+ if (current == section)
+ {
+ return TRUE;
+ }
+ }
+ return FALSE;
+}
+
+/**
* Find a section by a given key, using buffered key, reusable buffer.
* If "ensure" is TRUE, the sections are created if they don't exist.
*/
@@ -160,15 +180,39 @@ static section_t *find_section_buffered(section_t *section,
}
/**
- * Find all sections via a given key considering fallbacks, using buffered key,
+ * Forward declaration
+ */
+static array_t *find_sections(private_settings_t *this, section_t *section,
+ char *key, va_list args, array_t **sections);
+
+/**
+ * Resolve the given reference. Not thread-safe.
+ * Only a vararg function to get an empty va_list.
+ */
+static void resolve_reference(private_settings_t *this, section_ref_t *ref,
+ array_t **sections, ...)
+{
+ va_list args;
+
+ va_start(args, sections);
+ find_sections(this, this->top, ref->name, args, sections);
+ va_end(args);
+}
+
+/**
+ * Find all sections via a given key considering references, using buffered key,
* reusable buffer.
*/
-static void find_sections_buffered(section_t *section, char *start, char *key,
- va_list args, char *buf, int len, array_t **sections)
+static void find_sections_buffered(private_settings_t *this, section_t *section,
+ char *start, char *key, va_list args,
+ char *buf, int len, bool ignore_refs,
+ array_t **sections)
{
- section_t *found = NULL, *fallback;
+ section_t *found = NULL, *reference;
+ array_t *references;
+ section_ref_t *ref;
char *pos;
- int i;
+ int i, j;
if (!section)
{
@@ -184,7 +228,7 @@ static void find_sections_buffered(section_t *section, char *start, char *key,
return;
}
if (pos)
- { /* restore so we can follow fallbacks */
+ { /* restore so we can follow references */
*pos = '.';
}
if (!strlen(buf))
@@ -199,147 +243,100 @@ static void find_sections_buffered(section_t *section, char *start, char *key,
{
if (pos)
{
- find_sections_buffered(found, start, pos+1, args, buf, len,
- sections);
+ find_sections_buffered(this, found, start, pos+1, args, buf, len,
+ FALSE, sections);
}
- else
+ else if (!has_section(*sections, found))
{
+ /* ignore if already added to avoid loops */
array_insert_create(sections, ARRAY_TAIL, found);
- for (i = 0; i < array_count(found->fallbacks); i++)
+ /* add all sections that are referenced here (also resolves
+ * references in parent sections of the referenced section) */
+ for (i = 0; i < array_count(found->references); i++)
{
- array_get(found->fallbacks, i, &fallback);
- array_insert_create(sections, ARRAY_TAIL, fallback);
+ array_get(found->references, i, &ref);
+ resolve_reference(this, ref, sections);
}
}
}
- if (section->fallbacks)
+ if (!ignore_refs && section != found && section->references)
{
- for (i = 0; i < array_count(section->fallbacks); i++)
+ /* find matching sub-sections relative to the referenced sections */
+ for (i = 0; i < array_count(section->references); i++)
{
- array_get(section->fallbacks, i, &fallback);
- find_sections_buffered(fallback, start, key, args, buf, len,
- sections);
+ array_get(section->references, i, &ref);
+ references = NULL;
+ resolve_reference(this, ref, &references);
+ for (j = 0; j < array_count(references); j++)
+ {
+ array_get(references, j, &reference);
+ /* ignore references in this referenced section, they were
+ * resolved via resolve_reference() */
+ find_sections_buffered(this, reference, start, key, args,
+ buf, len, TRUE, sections);
+ }
+ array_destroy(references);
}
}
}
/**
- * Ensure that the section with the given key exists (thread-safe).
+ * Ensure that the section with the given key exists (not thread-safe).
*/
static section_t *ensure_section(private_settings_t *this, section_t *section,
const char *key, va_list args)
{
char buf[128], keybuf[512];
- section_t *found;
if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
{
return NULL;
}
- /* we might have to change the tree */
- this->lock->write_lock(this->lock);
- found = find_section_buffered(section, keybuf, keybuf, args, buf,
- sizeof(buf), TRUE);
- this->lock->unlock(this->lock);
- return found;
+ return find_section_buffered(section, keybuf, keybuf, args, buf,
+ sizeof(buf), TRUE);
}
/**
- * Find a section by a given key with its fallbacks (not thread-safe!).
- * Sections are returned in depth-first order (array is allocated). NULL is
- * returned if no sections are found.
+ * Find a section by a given key with resolved references (not thread-safe!).
+ * The array is allocated. NULL is returned if no sections are found.
*/
static array_t *find_sections(private_settings_t *this, section_t *section,
- char *key, va_list args)
+ char *key, va_list args, array_t **sections)
{
char buf[128], keybuf[512];
- array_t *sections = NULL;
if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
{
return NULL;
}
- find_sections_buffered(section, keybuf, keybuf, args, buf,
- sizeof(buf), &sections);
- return sections;
-}
-
-/**
- * Check if the given fallback section already exists
- */
-static bool fallback_exists(section_t *section, section_t *fallback)
-{
- if (section == fallback)
- {
- return TRUE;
- }
- else if (section->fallbacks)
- {
- section_t *existing;
- int i;
-
- for (i = 0; i < array_count(section->fallbacks); i++)
- {
- array_get(section->fallbacks, i, &existing);
- if (existing == fallback)
- {
- return TRUE;
- }
- }
- }
- return FALSE;
-}
-
-/**
- * Ensure that the section with the given key exists and add the given fallback
- * section (thread-safe).
- */
-static void add_fallback_to_section(private_settings_t *this,
- section_t *section, const char *key, va_list args,
- section_t *fallback)
-{
- char buf[128], keybuf[512];
- section_t *found;
-
- if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
- {
- return;
- }
- this->lock->write_lock(this->lock);
- found = find_section_buffered(section, keybuf, keybuf, args, buf,
- sizeof(buf), TRUE);
- if (!fallback_exists(found, fallback))
- {
- /* to ensure sections referred to as fallback are not purged, we create
- * the array there too */
- if (!fallback->fallbacks)
- {
- fallback->fallbacks = array_create(0, 0);
- }
- array_insert_create(&found->fallbacks, ARRAY_TAIL, fallback);
- }
- this->lock->unlock(this->lock);
+ find_sections_buffered(this, section, keybuf, keybuf, args, buf,
+ sizeof(buf), FALSE, sections);
+ return *sections;
}
/**
* Find the key/value pair for a key, using buffered key, reusable buffer
- * If "ensure" is TRUE, the sections (and key/value pair) are created if they
- * don't exist.
- * Fallbacks are only considered if "ensure" is FALSE.
+ * There are two modes: 1. To find a key at an exact location and create the
+ * sections (and key/value pair) if necessary, don't pass an array for sections.
+ * 2. To find a key and follow references pass a pointer to an array to store
+ * visited sections. NULL is returned in this case if the key is not found.
*/
-static kv_t *find_value_buffered(section_t *section, char *start, char *key,
- va_list args, char *buf, int len, bool ensure)
+static kv_t *find_value_buffered(private_settings_t *this, section_t *section,
+ char *start, char *key, va_list args,
+ char *buf, int len, bool ignore_refs,
+ array_t **sections)
{
- int i;
- char *pos;
- kv_t *kv = NULL;
section_t *found = NULL;
+ kv_t *kv = NULL;
+ section_ref_t *ref;
+ array_t *references;
+ char *pos;
+ int i, j;
- if (section == NULL)
+ if (!section)
{
return NULL;
}
-
pos = strchr(key, '.');
if (pos)
{
@@ -348,7 +345,7 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key,
{
return NULL;
}
- /* restore so we can retry for fallbacks */
+ /* restore so we can follow references */
*pos = '.';
if (!strlen(buf))
{
@@ -357,7 +354,7 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key,
else if (array_bsearch(section->sections, buf, settings_section_find,
&found) == -1)
{
- if (ensure)
+ if (!sections)
{
found = settings_section_create(strdup(buf));
settings_section_add(section, found, NULL);
@@ -365,53 +362,144 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key,
}
if (found)
{
- kv = find_value_buffered(found, start, pos+1, args, buf, len,
- ensure);
- }
- if (!kv && !ensure && section->fallbacks)
- {
- for (i = 0; !kv && i < array_count(section->fallbacks); i++)
- {
- array_get(section->fallbacks, i, &found);
- kv = find_value_buffered(found, start, key, args, buf, len,
- ensure);
- }
+ kv = find_value_buffered(this, found, start, pos+1, args, buf, len,
+ FALSE, sections);
}
}
else
{
+ if (sections)
+ {
+ array_insert_create(sections, ARRAY_TAIL, section);
+ }
if (!print_key(buf, len, start, key, args))
{
return NULL;
}
if (array_bsearch(section->kv, buf, settings_kv_find, &kv) == -1)
{
- if (ensure)
+ if (!sections)
{
kv = settings_kv_create(strdup(buf), NULL);
settings_kv_add(section, kv, NULL);
}
- else if (section->fallbacks)
+ }
+ }
+ if (!kv && !ignore_refs && sections && section->references)
+ {
+ /* find key relative to the referenced sections */
+ for (i = 0; !kv && i < array_count(section->references); i++)
+ {
+ array_get(section->references, i, &ref);
+ references = NULL;
+ resolve_reference(this, ref, &references);
+ for (j = 0; !kv && j < array_count(references); j++)
{
- for (i = 0; !kv && i < array_count(section->fallbacks); i++)
+ array_get(references, j, &found);
+ /* ignore if already added to avoid loops */
+ if (!has_section(*sections, found))
{
- array_get(section->fallbacks, i, &found);
- kv = find_value_buffered(found, start, key, args, buf, len,
- ensure);
+ /* ignore references in this referenced section, they were
+ * resolved via resolve_reference() */
+ kv = find_value_buffered(this, found, start, key, args,
+ buf, len, TRUE, sections);
}
}
+ array_destroy(references);
}
}
return kv;
}
/**
+ * Remove the key/value pair for a key, using buffered key, reusable buffer
+ */
+static void remove_value_buffered(private_settings_t *this, section_t *section,
+ char *start, char *key, va_list args,
+ char *buf, int len)
+{
+ section_t *found = NULL;
+ kv_t *kv = NULL, *ordered = NULL;
+ char *pos;
+ int idx, i;
+
+ if (!section)
+ {
+ return;
+ }
+ pos = strchr(key, '.');
+ if (pos)
+ {
+ *pos = '\0';
+ pos++;
+ }
+ if (!print_key(buf, len, start, key, args))
+ {
+ return;
+ }
+ if (!strlen(buf))
+ {
+ found = section;
+ }
+ if (pos)
+ {
+ if (array_bsearch(section->sections, buf, settings_section_find,
+ &found) != -1)
+ {
+ remove_value_buffered(this, found, start, pos, args, buf, len);
+ }
+ }
+ else
+ {
+ idx = array_bsearch(section->kv, buf, settings_kv_find, &kv);
+ if (idx != -1)
+ {
+ array_remove(section->kv, idx, NULL);
+ for (i = 0; i < array_count(section->kv_order); i++)
+ {
+ array_get(section->kv_order, i, &ordered);
+ if (kv == ordered)
+ {
+ array_remove(section->kv_order, i, NULL);
+ settings_kv_destroy(kv, this->contents);
+ break;
+ }
+ }
+ }
+ }
+}
+
+/*
+ * Described in header
+ */
+void settings_remove_value(settings_t *settings, char *key, ...)
+{
+ private_settings_t *this = (private_settings_t*)settings;
+ char buf[128], keybuf[512];
+ va_list args;
+
+ if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
+ {
+ return;
+ }
+ va_start(args, key);
+
+ this->lock->read_lock(this->lock);
+ remove_value_buffered(this, this->top, keybuf, keybuf, args, buf,
+ sizeof(buf));
+ this->lock->unlock(this->lock);
+
+ va_end(args);
+}
+
+/**
* Find the string value for a key (thread-safe).
*/
static char *find_value(private_settings_t *this, section_t *section,
char *key, va_list args)
{
char buf[128], keybuf[512], *value = NULL;
+ array_t *sections = NULL;
kv_t *kv;
if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf))
@@ -419,13 +507,14 @@ static char *find_value(private_settings_t *this, section_t *section,
return NULL;
}
this->lock->read_lock(this->lock);
- kv = find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf),
- FALSE);
+ kv = find_value_buffered(this, section, keybuf, keybuf, args,
+ buf, sizeof(buf), FALSE, &sections);
if (kv)
{
value = kv->value;
}
this->lock->unlock(this->lock);
+ array_destroy(sections);
return value;
}
@@ -443,8 +532,8 @@ static void set_value(private_settings_t *this, section_t *section,
return;
}
this->lock->write_lock(this->lock);
- kv = find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf),
- TRUE);
+ kv = find_value_buffered(this, section, keybuf, keybuf, args,
+ buf, sizeof(buf), FALSE, NULL);
if (kv)
{
settings_kv_set(kv, strdupnull(value), this->contents);
@@ -761,12 +850,12 @@ METHOD(settings_t, create_section_enumerator, enumerator_t*,
private_settings_t *this, char *key, ...)
{
enumerator_data_t *data;
- array_t *sections;
+ array_t *sections = NULL;
va_list args;
this->lock->read_lock(this->lock);
va_start(args, key);
- sections = find_sections(this, this->top, key, args);
+ sections = find_sections(this, this->top, key, args, &sections);
va_end(args);
if (!sections)
@@ -793,13 +882,17 @@ CALLBACK(kv_filter, bool,
while (orig->enumerate(orig, &kv))
{
- if (seen->get(seen, kv->key) || !kv->value)
+ if (seen->get(seen, kv->key))
+ {
+ continue;
+ }
+ seen->put(seen, kv->key, kv->key);
+ if (!kv->value)
{
continue;
}
*key = kv->key;
*value = kv->value;
- seen->put(seen, kv->key, kv->key);
return TRUE;
}
return FALSE;
@@ -818,12 +911,12 @@ METHOD(settings_t, create_key_value_enumerator, enumerator_t*,
private_settings_t *this, char *key, ...)
{
enumerator_data_t *data;
- array_t *sections;
+ array_t *sections = NULL;
va_list args;
this->lock->read_lock(this->lock);
va_start(args, key);
- sections = find_sections(this, this->top, key, args);
+ sections = find_sections(this, this->top, key, args, &sections);
va_end(args);
if (!sections)
@@ -845,33 +938,34 @@ METHOD(settings_t, add_fallback, void,
{
section_t *section;
va_list args;
+ char buf[512];
- /* find/create the fallback */
+ this->lock->write_lock(this->lock);
va_start(args, fallback);
- section = ensure_section(this, this->top, fallback, args);
+ section = ensure_section(this, this->top, key, args);
va_end(args);
va_start(args, fallback);
- add_fallback_to_section(this, this->top, key, args, section);
+ if (section && vsnprintf(buf, sizeof(buf), fallback, args) < sizeof(buf))
+ {
+ settings_reference_add(section, strdup(buf), TRUE);
+ }
va_end(args);
+ this->lock->unlock(this->lock);
}
/**
* Load settings from files matching the given file pattern or from a string.
- * All sections and values are added relative to "parent".
* All files (even included ones) have to be loaded successfully.
- * If merge is FALSE the contents of parent are replaced with the parsed
- * contents, otherwise they are merged together.
*/
-static bool load_internal(private_settings_t *this, section_t *parent,
- char *pattern, bool merge, bool string)
+static section_t *load_internal(char *pattern, bool string)
{
section_t *section;
bool loaded;
if (pattern == NULL || !pattern[0])
- { /* TODO: Clear parent if merge is FALSE? */
- return TRUE;
+ {
+ return settings_section_create(NULL);
}
section = settings_section_create(NULL);
@@ -880,61 +974,101 @@ static bool load_internal(private_settings_t *this, section_t *parent,
if (!loaded)
{
settings_section_destroy(section, NULL);
- return FALSE;
+ section = NULL;
}
+ return section;
+}
- this->lock->write_lock(this->lock);
- settings_section_extend(parent, section, this->contents, !merge);
+/**
+ * Add sections and values in "section" relative to "parent".
+ * If merge is FALSE the contents of parent are replaced with the parsed
+ * contents, otherwise they are merged together.
+ *
+ * Releases the write lock and destroys the given section.
+ * If parent is NULL this is all that happens.
+ */
+static bool extend_section(private_settings_t *this, section_t *parent,
+ section_t *section, bool merge)
+{
+ if (parent)
+ {
+ settings_section_extend(parent, section, this->contents, !merge);
+ }
this->lock->unlock(this->lock);
-
settings_section_destroy(section, NULL);
- return TRUE;
+ return parent != NULL;
}
METHOD(settings_t, load_files, bool,
private_settings_t *this, char *pattern, bool merge)
{
- return load_internal(this, this->top, pattern, merge, FALSE);
+ section_t *section;
+
+ section = load_internal(pattern, FALSE);
+ if (!section)
+ {
+ return FALSE;
+ }
+
+ this->lock->write_lock(this->lock);
+ return extend_section(this, this->top, section, merge);
}
METHOD(settings_t, load_files_section, bool,
private_settings_t *this, char *pattern, bool merge, char *key, ...)
{
- section_t *section;
+ section_t *section, *parent;
va_list args;
- va_start(args, key);
- section = ensure_section(this, this->top, key, args);
- va_end(args);
-
+ section = load_internal(pattern, FALSE);
if (!section)
{
return FALSE;
}
- return load_internal(this, section, pattern, merge, FALSE);
+
+ this->lock->write_lock(this->lock);
+
+ va_start(args, key);
+ parent = ensure_section(this, this->top, key, args);
+ va_end(args);
+
+ return extend_section(this, parent, section, merge);
}
METHOD(settings_t, load_string, bool,
private_settings_t *this, char *settings, bool merge)
{
- return load_internal(this, this->top, settings, merge, TRUE);
+ section_t *section;
+
+ section = load_internal(settings, TRUE);
+ if (!section)
+ {
+ return FALSE;
+ }
+
+ this->lock->write_lock(this->lock);
+ return extend_section(this, this->top, section, merge);
}
METHOD(settings_t, load_string_section, bool,
private_settings_t *this, char *settings, bool merge, char *key, ...)
{
- section_t *section;
+ section_t *section, *parent;
va_list args;
- va_start(args, key);
- section = ensure_section(this, this->top, key, args);
- va_end(args);
-
+ section = load_internal(settings, TRUE);
if (!section)
{
return FALSE;
}
- return load_internal(this, section, settings, merge, TRUE);
+
+ this->lock->write_lock(this->lock);
+
+ va_start(args, key);
+ parent = ensure_section(this, this->top, key, args);
+ va_end(args);
+
+ return extend_section(this, parent, section, merge);
}
METHOD(settings_t, destroy, void,
diff --git a/src/libstrongswan/settings/settings.h b/src/libstrongswan/settings/settings.h
index e25c9da38..814cf32e5 100644
--- a/src/libstrongswan/settings/settings.h
+++ b/src/libstrongswan/settings/settings.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2010-2018 Tobias Brunner
* Copyright (C) 2008 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -288,15 +288,9 @@ struct settings_t {
* 'section-one.two' will result in a lookup for the same section/key
* in 'section-two'.
*
- * @note Lookups are depth-first and currently strictly top-down.
- * For instance, if app.sec had lib1.sec as fallback and lib1 had lib2 as
- * fallback the keys/sections in lib2.sec would not be considered. But if
- * app had lib3 as fallback the contents of lib3.sec would (as app is passed
- * during the initial lookup). In the last example the order during
- * enumerations would be app.sec, lib1.sec, lib3.sec.
- *
* @note Additional arguments will be applied to both section format
- * strings so they must be compatible.
+ * strings so they must be compatible. And they are evaluated immediately,
+ * so arguments can't contain dots.
*
* @param section section for which a fallback is configured, printf style
* @param fallback fallback section, printf style
@@ -413,4 +407,18 @@ settings_t *settings_create(char *file);
*/
settings_t *settings_create_string(char *settings);
+/**
+ * Remove the given key/value.
+ *
+ * Compared to setting a key to NULL, which makes it appear to be unset (i.e.
+ * default values will apply) this removes the given key (if found) and
+ * references/fallbacks will apply when looking for that key. This is mainly
+ * usefuls for the unit tests.
+ *
+ * @param settings settings to remove key/value from
+ * @param key key including sections, printf style format
+ * @param ... argument list for key
+ */
+void settings_remove_value(settings_t *settings, char *key, ...);
+
#endif /** SETTINGS_H_ @}*/
diff --git a/src/libstrongswan/settings/settings_lexer.c b/src/libstrongswan/settings/settings_lexer.c
index b13ff8009..c29dfa57b 100644
--- a/src/libstrongswan/settings/settings_lexer.c
+++ b/src/libstrongswan/settings/settings_lexer.c
@@ -468,8 +468,8 @@ static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner );
yyg->yy_c_buf_p = yy_cp;
/* %% [4.0] data tables for the DFA and the user's section 1 definitions go here */
-#define YY_NUM_RULES 30
-#define YY_END_OF_BUFFER 31
+#define YY_NUM_RULES 39
+#define YY_END_OF_BUFFER 40
/* This struct is not used in this scanner,
but its presence is necessary. */
struct yy_trans_info
@@ -477,15 +477,17 @@ struct yy_trans_info
flex_int32_t yy_verify;
flex_int32_t yy_nxt;
};
-static yyconst flex_int16_t yy_accept[63] =
+static yyconst flex_int16_t yy_accept[85] =
{ 0,
- 0, 0, 0, 0, 0, 0, 0, 0, 31, 9,
- 2, 3, 2, 8, 1, 6, 9, 4, 5, 14,
- 11, 12, 10, 13, 20, 16, 15, 17, 18, 29,
- 21, 22, 23, 9, 2, 2, 1, 1, 3, 0,
- 9, 14, 11, 20, 19, 29, 28, 27, 28, 24,
- 25, 26, 1, 9, 9, 9, 9, 9, 0, 7,
- 7, 0
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 40, 12, 2, 3, 2, 11, 1, 7, 6, 8,
+ 9, 12, 4, 5, 17, 14, 15, 14, 18, 13,
+ 16, 23, 20, 21, 19, 22, 29, 25, 24, 26,
+ 27, 38, 30, 31, 32, 12, 2, 2, 1, 1,
+ 3, 0, 12, 17, 0, 14, 14, 13, 13, 15,
+ 0, 23, 20, 29, 28, 38, 37, 36, 37, 33,
+ 34, 35, 1, 12, 17, 13, 12, 12, 12, 12,
+ 0, 10, 10, 0
} ;
static yyconst YY_CHAR yy_ec[256] =
@@ -494,16 +496,16 @@ static yyconst YY_CHAR yy_ec[256] =
1, 1, 4, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 5, 1, 6, 7, 1, 1, 1, 1, 1,
+ 1, 1, 1, 8, 1, 9, 1, 1, 1, 1,
+ 1, 1, 1, 1, 1, 1, 1, 10, 1, 1,
+ 11, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 8, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 1, 9, 1, 1, 1, 1, 1, 1, 10, 11,
+ 1, 12, 1, 1, 1, 1, 1, 1, 13, 14,
- 12, 1, 1, 1, 13, 1, 1, 14, 1, 15,
- 1, 1, 1, 16, 1, 17, 18, 1, 1, 1,
- 1, 1, 19, 1, 20, 1, 1, 1, 1, 1,
+ 15, 1, 1, 1, 16, 1, 1, 17, 1, 18,
+ 1, 1, 1, 19, 1, 20, 21, 1, 1, 1,
+ 1, 1, 22, 1, 23, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
@@ -520,113 +522,144 @@ static yyconst YY_CHAR yy_ec[256] =
1, 1, 1, 1, 1
} ;
-static yyconst YY_CHAR yy_meta[21] =
+static yyconst YY_CHAR yy_meta[24] =
{ 0,
- 1, 2, 3, 4, 5, 6, 7, 8, 9, 1,
- 1, 1, 1, 1, 1, 1, 1, 1, 10, 7
+ 1, 2, 3, 4, 5, 6, 5, 7, 8, 7,
+ 9, 10, 1, 1, 1, 1, 1, 1, 1, 1,
+ 1, 7, 5
} ;
-static yyconst flex_uint16_t yy_base[77] =
+static yyconst flex_uint16_t yy_base[103] =
{ 0,
- 0, 0, 19, 38, 57, 76, 23, 24, 70, 0,
- 95, 244, 0, 244, 31, 244, 54, 244, 244, 0,
- 44, 244, 244, 244, 0, 244, 244, 244, 0, 0,
- 244, 244, 100, 0, 0, 0, 0, 33, 244, 65,
- 57, 0, 45, 0, 244, 0, 244, 244, 62, 244,
- 244, 244, 0, 43, 36, 27, 19, 46, 50, 244,
- 51, 244, 117, 127, 137, 147, 155, 160, 170, 180,
- 186, 193, 203, 213, 223, 233
+ 0, 0, 23, 0, 45, 67, 89, 111, 49, 50,
+ 124, 0, 133, 335, 55, 335, 60, 335, 335, 335,
+ 335, 104, 335, 335, 112, 139, 335, 73, 335, 62,
+ 335, 0, 74, 335, 335, 335, 0, 335, 335, 335,
+ 0, 0, 335, 335, 144, 0, 0, 78, 0, 81,
+ 335, 117, 106, 102, 0, 0, 84, 0, 94, 335,
+ 107, 0, 97, 0, 335, 0, 335, 335, 106, 335,
+ 335, 335, 0, 89, 78, 0, 60, 53, 43, 98,
+ 102, 335, 103, 335, 164, 174, 184, 194, 204, 214,
+ 224, 234, 244, 249, 255, 264, 274, 284, 294, 304,
+
+ 314, 324
} ;
-static yyconst flex_int16_t yy_def[77] =
+static yyconst flex_int16_t yy_def[103] =
{ 0,
- 62, 1, 63, 63, 64, 64, 65, 65, 62, 66,
- 62, 62, 67, 62, 68, 62, 66, 62, 62, 69,
- 62, 62, 62, 62, 70, 62, 62, 62, 71, 72,
- 62, 62, 73, 66, 11, 67, 74, 68, 62, 75,
- 66, 69, 62, 70, 62, 72, 62, 62, 62, 62,
- 62, 62, 74, 66, 66, 66, 66, 66, 76, 62,
- 76, 0, 62, 62, 62, 62, 62, 62, 62, 62,
- 62, 62, 62, 62, 62, 62
+ 84, 1, 84, 3, 85, 85, 86, 86, 87, 87,
+ 84, 88, 84, 84, 84, 84, 89, 84, 84, 84,
+ 84, 88, 84, 84, 90, 84, 84, 84, 84, 91,
+ 84, 92, 84, 84, 84, 84, 93, 84, 84, 84,
+ 94, 95, 84, 84, 96, 88, 13, 84, 97, 89,
+ 84, 98, 88, 90, 99, 26, 84, 100, 91, 84,
+ 101, 92, 84, 93, 84, 95, 84, 84, 84, 84,
+ 84, 84, 97, 88, 99, 100, 88, 88, 88, 88,
+ 102, 84, 102, 0, 84, 84, 84, 84, 84, 84,
+ 84, 84, 84, 84, 84, 84, 84, 84, 84, 84,
+
+ 84, 84
} ;
-static yyconst flex_uint16_t yy_nxt[265] =
+static yyconst flex_uint16_t yy_nxt[359] =
{ 0,
- 10, 11, 12, 13, 11, 14, 15, 16, 10, 10,
- 10, 10, 17, 10, 10, 10, 10, 10, 18, 19,
- 21, 22, 23, 21, 24, 22, 31, 31, 32, 32,
- 58, 33, 33, 39, 40, 39, 40, 57, 22, 21,
- 22, 23, 21, 24, 22, 43, 43, 59, 43, 43,
- 59, 61, 61, 56, 61, 61, 55, 22, 26, 26,
- 27, 26, 28, 26, 48, 29, 54, 39, 41, 62,
- 62, 62, 62, 62, 62, 62, 26, 26, 26, 27,
- 26, 28, 26, 62, 29, 62, 62, 62, 62, 62,
- 62, 62, 62, 62, 62, 26, 35, 62, 36, 35,
-
- 62, 37, 48, 49, 62, 62, 62, 62, 62, 62,
- 62, 62, 62, 62, 50, 51, 52, 20, 20, 20,
- 20, 20, 20, 20, 20, 20, 20, 25, 25, 25,
- 25, 25, 25, 25, 25, 25, 25, 30, 30, 30,
- 30, 30, 30, 30, 30, 30, 30, 34, 62, 62,
- 62, 62, 62, 62, 62, 34, 36, 62, 36, 36,
- 38, 38, 38, 38, 38, 38, 38, 38, 38, 38,
- 42, 62, 62, 62, 62, 62, 62, 42, 42, 42,
- 44, 62, 62, 62, 62, 62, 62, 44, 62, 44,
- 45, 45, 45, 46, 46, 46, 62, 46, 62, 46,
-
- 46, 62, 46, 47, 47, 47, 47, 47, 47, 47,
- 47, 47, 47, 53, 53, 62, 62, 53, 53, 53,
- 53, 53, 53, 40, 40, 40, 40, 40, 40, 40,
- 40, 40, 40, 60, 60, 60, 60, 60, 60, 60,
- 62, 60, 60, 9, 62, 62, 62, 62, 62, 62,
- 62, 62, 62, 62, 62, 62, 62, 62, 62, 62,
- 62, 62, 62, 62
+ 12, 13, 14, 15, 13, 16, 17, 18, 19, 20,
+ 21, 12, 12, 12, 12, 22, 12, 12, 12, 12,
+ 12, 23, 24, 25, 26, 27, 28, 26, 29, 30,
+ 31, 29, 29, 29, 25, 25, 25, 25, 25, 25,
+ 25, 25, 25, 25, 29, 29, 33, 34, 35, 33,
+ 36, 34, 43, 43, 44, 44, 48, 80, 48, 48,
+ 45, 45, 51, 52, 60, 61, 79, 34, 33, 34,
+ 35, 33, 36, 34, 57, 63, 57, 57, 63, 48,
+ 78, 48, 48, 51, 52, 57, 55, 57, 57, 34,
+ 38, 38, 39, 38, 40, 38, 60, 61, 63, 81,
+
+ 41, 63, 81, 83, 83, 77, 83, 83, 68, 60,
+ 55, 38, 38, 38, 39, 38, 40, 38, 74, 51,
+ 55, 53, 41, 84, 84, 84, 84, 84, 84, 84,
+ 84, 84, 84, 38, 47, 84, 48, 47, 84, 49,
+ 56, 84, 57, 56, 84, 58, 68, 69, 84, 84,
+ 84, 84, 84, 84, 84, 84, 84, 84, 84, 84,
+ 84, 70, 71, 72, 32, 32, 32, 32, 32, 32,
+ 32, 32, 32, 32, 37, 37, 37, 37, 37, 37,
+ 37, 37, 37, 37, 42, 42, 42, 42, 42, 42,
+ 42, 42, 42, 42, 46, 84, 84, 84, 84, 84,
+
+ 84, 84, 84, 46, 50, 50, 50, 50, 50, 50,
+ 50, 50, 50, 50, 54, 84, 84, 84, 84, 84,
+ 84, 54, 84, 54, 59, 59, 59, 59, 59, 59,
+ 59, 59, 59, 59, 62, 84, 84, 84, 84, 84,
+ 62, 62, 62, 62, 64, 84, 84, 84, 84, 84,
+ 64, 64, 64, 65, 65, 66, 66, 66, 84, 66,
+ 84, 66, 66, 66, 67, 67, 67, 67, 67, 67,
+ 67, 67, 67, 67, 73, 73, 84, 84, 73, 73,
+ 73, 73, 73, 73, 52, 52, 52, 52, 52, 52,
+ 52, 52, 52, 52, 75, 84, 84, 84, 84, 84,
+
+ 84, 84, 84, 75, 76, 76, 84, 84, 76, 76,
+ 76, 76, 76, 76, 61, 61, 61, 61, 61, 61,
+ 61, 61, 61, 61, 82, 82, 82, 82, 82, 82,
+ 82, 82, 84, 82, 11, 84, 84, 84, 84, 84,
+ 84, 84, 84, 84, 84, 84, 84, 84, 84, 84,
+ 84, 84, 84, 84, 84, 84, 84, 84
} ;
-static yyconst flex_int16_t yy_chk[265] =
+static yyconst flex_int16_t yy_chk[359] =
{ 0,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
- 3, 3, 3, 3, 3, 3, 7, 8, 7, 8,
- 57, 7, 8, 15, 15, 38, 38, 56, 3, 4,
- 4, 4, 4, 4, 4, 21, 43, 58, 21, 43,
- 58, 59, 61, 55, 59, 61, 54, 4, 5, 5,
- 5, 5, 5, 5, 49, 5, 41, 40, 17, 9,
- 0, 0, 0, 0, 0, 0, 5, 6, 6, 6,
- 6, 6, 6, 0, 6, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 0, 6, 11, 0, 11, 11,
-
- 0, 11, 33, 33, 0, 0, 0, 0, 0, 0,
- 0, 0, 0, 0, 33, 33, 33, 63, 63, 63,
- 63, 63, 63, 63, 63, 63, 63, 64, 64, 64,
- 64, 64, 64, 64, 64, 64, 64, 65, 65, 65,
- 65, 65, 65, 65, 65, 65, 65, 66, 0, 0,
- 0, 0, 0, 0, 0, 66, 67, 0, 67, 67,
- 68, 68, 68, 68, 68, 68, 68, 68, 68, 68,
- 69, 0, 0, 0, 0, 0, 0, 69, 69, 69,
- 70, 0, 0, 0, 0, 0, 0, 70, 0, 70,
- 71, 71, 71, 72, 72, 72, 0, 72, 0, 72,
-
- 72, 0, 72, 73, 73, 73, 73, 73, 73, 73,
- 73, 73, 73, 74, 74, 0, 0, 74, 74, 74,
- 74, 74, 74, 75, 75, 75, 75, 75, 75, 75,
- 75, 75, 75, 76, 76, 76, 76, 76, 76, 76,
- 0, 76, 76, 62, 62, 62, 62, 62, 62, 62,
- 62, 62, 62, 62, 62, 62, 62, 62, 62, 62,
- 62, 62, 62, 62
+ 1, 1, 1, 3, 3, 3, 3, 3, 3, 3,
+ 3, 3, 3, 3, 3, 3, 3, 3, 3, 3,
+ 3, 3, 3, 3, 3, 3, 5, 5, 5, 5,
+ 5, 5, 9, 10, 9, 10, 15, 79, 15, 15,
+ 9, 10, 17, 17, 30, 30, 78, 5, 6, 6,
+ 6, 6, 6, 6, 28, 33, 28, 28, 33, 48,
+ 77, 48, 48, 50, 50, 57, 75, 57, 57, 6,
+ 7, 7, 7, 7, 7, 7, 59, 59, 63, 80,
+
+ 7, 63, 80, 81, 83, 74, 81, 83, 69, 61,
+ 54, 7, 8, 8, 8, 8, 8, 8, 53, 52,
+ 25, 22, 8, 11, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 8, 13, 0, 13, 13, 0, 13,
+ 26, 0, 26, 26, 0, 26, 45, 45, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 45, 45, 45, 85, 85, 85, 85, 85, 85,
+ 85, 85, 85, 85, 86, 86, 86, 86, 86, 86,
+ 86, 86, 86, 86, 87, 87, 87, 87, 87, 87,
+ 87, 87, 87, 87, 88, 0, 0, 0, 0, 0,
+
+ 0, 0, 0, 88, 89, 89, 89, 89, 89, 89,
+ 89, 89, 89, 89, 90, 0, 0, 0, 0, 0,
+ 0, 90, 0, 90, 91, 91, 91, 91, 91, 91,
+ 91, 91, 91, 91, 92, 0, 0, 0, 0, 0,
+ 92, 92, 92, 92, 93, 0, 0, 0, 0, 0,
+ 93, 93, 93, 94, 94, 95, 95, 95, 0, 95,
+ 0, 95, 95, 95, 96, 96, 96, 96, 96, 96,
+ 96, 96, 96, 96, 97, 97, 0, 0, 97, 97,
+ 97, 97, 97, 97, 98, 98, 98, 98, 98, 98,
+ 98, 98, 98, 98, 99, 0, 0, 0, 0, 0,
+
+ 0, 0, 0, 99, 100, 100, 0, 0, 100, 100,
+ 100, 100, 100, 100, 101, 101, 101, 101, 101, 101,
+ 101, 101, 101, 101, 102, 102, 102, 102, 102, 102,
+ 102, 102, 0, 102, 84, 84, 84, 84, 84, 84,
+ 84, 84, 84, 84, 84, 84, 84, 84, 84, 84,
+ 84, 84, 84, 84, 84, 84, 84, 84
} ;
/* Table of booleans, true if rule could match eol. */
-static yyconst flex_int32_t yy_rule_can_match_eol[31] =
+static yyconst flex_int32_t yy_rule_can_match_eol[40] =
{ 0,
-0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0,
- 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, };
+0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0,
+ 0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0,
+ };
-static yyconst flex_int16_t yy_rule_linenum[30] =
+static yyconst flex_int16_t yy_rule_linenum[39] =
{ 0,
- 61, 62, 63, 65, 66, 68, 73, 78, 83, 89,
- 90, 92, 112, 118, 125, 128, 148, 151, 154, 157,
- 163, 164, 166, 186, 187, 188, 189, 190, 191
+ 66, 67, 68, 70, 71, 73, 74, 76, 81, 86,
+ 91, 96, 102, 103, 104, 106, 108, 113, 120, 121,
+ 123, 144, 150, 157, 160, 180, 183, 186, 189, 195,
+ 196, 198, 218, 219, 220, 221, 222, 223
} ;
/* The intent behind this definition is that it'll catch
@@ -639,7 +672,7 @@ static yyconst flex_int16_t yy_rule_linenum[30] =
#line 1 "settings/settings_lexer.l"
#line 2 "settings/settings_lexer.l"
/*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -662,7 +695,7 @@ bool settings_parser_open_next_file(parser_helper_t *ctx);
static void include_files(parser_helper_t *ctx);
/* use start conditions stack */
-/* do not declare unneded functions */
+/* do not declare unneeded functions */
#define YY_NO_INPUT 1
/* don't use global variables, and interact properly with bison */
/* maintain the line number */
@@ -670,18 +703,22 @@ static void include_files(parser_helper_t *ctx);
/* prefix function/variable declarations */
/* don't change the name of the output file otherwise autotools has issues */
/* type of our extra data */
+/* state used to scan references */
+
/* state used to scan values */
/* state used to scan include file patterns */
/* state used to scan quoted strings */
-#line 680 "settings/settings_lexer.c"
+/* pattern for section/key names */
+#line 716 "settings/settings_lexer.c"
#define INITIAL 0
-#define val 1
-#define inc 2
-#define str 3
+#define ref 1
+#define val 2
+#define inc 3
+#define str 4
#ifndef YY_NO_UNISTD_H
/* Special case for "unistd.h", since it is non-ANSI. We include it way
@@ -1030,10 +1067,10 @@ YY_DECL
{
/* %% [7.0] user's declarations go here */
-#line 59 "settings/settings_lexer.l"
+#line 64 "settings/settings_lexer.l"
-#line 1037 "settings/settings_lexer.c"
+#line 1074 "settings/settings_lexer.c"
while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */
{
@@ -1062,13 +1099,13 @@ yy_match:
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 63 )
+ if ( yy_current_state >= 85 )
yy_c = yy_meta[(unsigned int) yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
++yy_cp;
}
- while ( yy_base[yy_current_state] != 244 );
+ while ( yy_base[yy_current_state] != 335 );
yy_find_action:
/* %% [10.0] code to find the action number goes here */
@@ -1103,13 +1140,13 @@ do_action: /* This label is used only to access EOF actions. */
{
if ( yy_act == 0 )
fprintf( stderr, "--scanner backing up\n" );
- else if ( yy_act < 30 )
+ else if ( yy_act < 39 )
fprintf( stderr, "--accepting rule at line %ld (\"%s\")\n",
(long)yy_rule_linenum[yy_act], yytext );
- else if ( yy_act == 30 )
+ else if ( yy_act == 39 )
fprintf( stderr, "--accepting default rule (\"%s\")\n",
yytext );
- else if ( yy_act == 31 )
+ else if ( yy_act == 40 )
fprintf( stderr, "--(end of buffer or a NUL)\n" );
else
fprintf( stderr, "--EOF (start condition %d)\n", YY_START );
@@ -1127,81 +1164,138 @@ do_action: /* This label is used only to access EOF actions. */
case 1:
YY_RULE_SETUP
-#line 61 "settings/settings_lexer.l"
+#line 66 "settings/settings_lexer.l"
/* eat comments */
YY_BREAK
case 2:
YY_RULE_SETUP
-#line 62 "settings/settings_lexer.l"
+#line 67 "settings/settings_lexer.l"
/* eat whitespace */
YY_BREAK
case 3:
/* rule 3 can match eol */
YY_RULE_SETUP
-#line 63 "settings/settings_lexer.l"
-return NEWLINE; /* also eats comments at the end of a line */
+#line 68 "settings/settings_lexer.l"
+/* eat newlines and comments at the end of a line */
YY_BREAK
case 4:
-#line 66 "settings/settings_lexer.l"
+#line 71 "settings/settings_lexer.l"
case 5:
YY_RULE_SETUP
-#line 66 "settings/settings_lexer.l"
+#line 71 "settings/settings_lexer.l"
return yytext[0];
YY_BREAK
case 6:
YY_RULE_SETUP
-#line 68 "settings/settings_lexer.l"
+#line 73 "settings/settings_lexer.l"
+return DOT;
+ YY_BREAK
+case 7:
+YY_RULE_SETUP
+#line 74 "settings/settings_lexer.l"
+return COMMA;
+ YY_BREAK
+case 8:
+YY_RULE_SETUP
+#line 76 "settings/settings_lexer.l"
+{
+ yy_push_state(ref, yyscanner);
+ return COLON;
+}
+ YY_BREAK
+case 9:
+YY_RULE_SETUP
+#line 81 "settings/settings_lexer.l"
{
yy_push_state(val, yyscanner);
return yytext[0];
}
YY_BREAK
-case 7:
-/* rule 7 can match eol */
+case 10:
+/* rule 10 can match eol */
*yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */
YY_LINENO_REWIND_TO(yy_cp - 1);
yyg->yy_c_buf_p = yy_cp -= 1;
YY_DO_BEFORE_ACTION; /* set up yytext again */
YY_RULE_SETUP
-#line 73 "settings/settings_lexer.l"
+#line 86 "settings/settings_lexer.l"
{
yyextra->string_init(yyextra);
yy_push_state(inc, yyscanner);
}
YY_BREAK
-case 8:
+case 11:
YY_RULE_SETUP
-#line 78 "settings/settings_lexer.l"
+#line 91 "settings/settings_lexer.l"
{
PARSER_DBG1(yyextra, "unexpected string detected");
return STRING_ERROR;
}
YY_BREAK
-case 9:
+case 12:
YY_RULE_SETUP
-#line 83 "settings/settings_lexer.l"
+#line 96 "settings/settings_lexer.l"
{
yylval->s = strdup(yytext);
return NAME;
}
YY_BREAK
-case 10:
+case 13:
+YY_RULE_SETUP
+#line 102 "settings/settings_lexer.l"
+/* eat comments */
+ YY_BREAK
+case 14:
+YY_RULE_SETUP
+#line 103 "settings/settings_lexer.l"
+/* eat whitespace */
+ YY_BREAK
+case 15:
+/* rule 15 can match eol */
+YY_RULE_SETUP
+#line 104 "settings/settings_lexer.l"
+/* eat newlines and comments at the end of a line */
+ YY_BREAK
+case 16:
+YY_RULE_SETUP
+#line 106 "settings/settings_lexer.l"
+return COMMA;
+ YY_BREAK
+case 17:
YY_RULE_SETUP
-#line 89 "settings/settings_lexer.l"
+#line 108 "settings/settings_lexer.l"
+{
+ yylval->s = strdup(yytext);
+ return NAME;
+ }
+ YY_BREAK
+case 18:
+YY_RULE_SETUP
+#line 113 "settings/settings_lexer.l"
+{
+ unput(yytext[0]);
+ yy_pop_state(yyscanner);
+ }
+ YY_BREAK
+
+
+case 19:
+YY_RULE_SETUP
+#line 120 "settings/settings_lexer.l"
/* just ignore these */
YY_BREAK
-case 11:
+case 20:
YY_RULE_SETUP
-#line 90 "settings/settings_lexer.l"
+#line 121 "settings/settings_lexer.l"
YY_BREAK
case YY_STATE_EOF(val):
-#line 91 "settings/settings_lexer.l"
-case 12:
-/* rule 12 can match eol */
+#line 122 "settings/settings_lexer.l"
+case 21:
+/* rule 21 can match eol */
YY_RULE_SETUP
-#line 92 "settings/settings_lexer.l"
+#line 123 "settings/settings_lexer.l"
{
if (*yytext)
{
@@ -1220,20 +1314,21 @@ YY_RULE_SETUP
}
}
yy_pop_state(yyscanner);
+ return NEWLINE;
}
YY_BREAK
-case 13:
+case 22:
YY_RULE_SETUP
-#line 112 "settings/settings_lexer.l"
+#line 144 "settings/settings_lexer.l"
{
yyextra->string_init(yyextra);
yy_push_state(str, yyscanner);
}
YY_BREAK
/* same as above, but allow more characters */
-case 14:
+case 23:
YY_RULE_SETUP
-#line 118 "settings/settings_lexer.l"
+#line 150 "settings/settings_lexer.l"
{
yylval->s = strdup(yytext);
return NAME;
@@ -1241,18 +1336,18 @@ YY_RULE_SETUP
YY_BREAK
-case 15:
+case 24:
YY_RULE_SETUP
-#line 125 "settings/settings_lexer.l"
+#line 157 "settings/settings_lexer.l"
/* just ignore these */
YY_BREAK
/* we allow all characters except #, } and spaces, they can be escaped */
case YY_STATE_EOF(inc):
-#line 127 "settings/settings_lexer.l"
-case 16:
-/* rule 16 can match eol */
+#line 159 "settings/settings_lexer.l"
+case 25:
+/* rule 25 can match eol */
YY_RULE_SETUP
-#line 128 "settings/settings_lexer.l"
+#line 160 "settings/settings_lexer.l"
{
if (*yytext)
{
@@ -1274,49 +1369,49 @@ YY_RULE_SETUP
yy_pop_state(yyscanner);
}
YY_BREAK
-case 17:
+case 26:
YY_RULE_SETUP
-#line 148 "settings/settings_lexer.l"
+#line 180 "settings/settings_lexer.l"
{ /* string include */
yy_push_state(str, yyscanner);
}
YY_BREAK
-case 18:
+case 27:
YY_RULE_SETUP
-#line 151 "settings/settings_lexer.l"
+#line 183 "settings/settings_lexer.l"
{
yyextra->string_add(yyextra, yytext);
}
YY_BREAK
-case 19:
+case 28:
YY_RULE_SETUP
-#line 154 "settings/settings_lexer.l"
+#line 186 "settings/settings_lexer.l"
{
yyextra->string_add(yyextra, yytext+1);
}
YY_BREAK
-case 20:
+case 29:
YY_RULE_SETUP
-#line 157 "settings/settings_lexer.l"
+#line 189 "settings/settings_lexer.l"
{
yyextra->string_add(yyextra, yytext);
}
YY_BREAK
-case 21:
+case 30:
YY_RULE_SETUP
-#line 163 "settings/settings_lexer.l"
+#line 195 "settings/settings_lexer.l"
/* just ignore these */
YY_BREAK
-case 22:
-#line 165 "settings/settings_lexer.l"
+case 31:
+#line 197 "settings/settings_lexer.l"
YY_RULE_SETUP
case YY_STATE_EOF(str):
-#line 165 "settings/settings_lexer.l"
-case 23:
+#line 197 "settings/settings_lexer.l"
+case 32:
YY_RULE_SETUP
-#line 166 "settings/settings_lexer.l"
+#line 198 "settings/settings_lexer.l"
{
if (!streq(yytext, "\""))
{
@@ -1337,43 +1432,44 @@ YY_RULE_SETUP
}
}
YY_BREAK
-case 24:
+case 33:
YY_RULE_SETUP
-#line 186 "settings/settings_lexer.l"
+#line 218 "settings/settings_lexer.l"
yyextra->string_add(yyextra, "\n");
YY_BREAK
-case 25:
+case 34:
YY_RULE_SETUP
-#line 187 "settings/settings_lexer.l"
+#line 219 "settings/settings_lexer.l"
yyextra->string_add(yyextra, "\r");
YY_BREAK
-case 26:
+case 35:
YY_RULE_SETUP
-#line 188 "settings/settings_lexer.l"
+#line 220 "settings/settings_lexer.l"
yyextra->string_add(yyextra, "\t");
YY_BREAK
-case 27:
-/* rule 27 can match eol */
+case 36:
+/* rule 36 can match eol */
YY_RULE_SETUP
-#line 189 "settings/settings_lexer.l"
+#line 221 "settings/settings_lexer.l"
/* merge lines that end with escaped EOL characters */
YY_BREAK
-case 28:
+case 37:
YY_RULE_SETUP
-#line 190 "settings/settings_lexer.l"
+#line 222 "settings/settings_lexer.l"
yyextra->string_add(yyextra, yytext+1);
YY_BREAK
-case 29:
-/* rule 29 can match eol */
+case 38:
+/* rule 38 can match eol */
YY_RULE_SETUP
-#line 191 "settings/settings_lexer.l"
+#line 223 "settings/settings_lexer.l"
{
yyextra->string_add(yyextra, yytext);
}
YY_BREAK
case YY_STATE_EOF(INITIAL):
-#line 196 "settings/settings_lexer.l"
+case YY_STATE_EOF(ref):
+#line 228 "settings/settings_lexer.l"
{
settings_parser_pop_buffer_state(yyscanner);
if (!settings_parser_open_next_file(yyextra) && !YY_CURRENT_BUFFER)
@@ -1382,12 +1478,12 @@ case YY_STATE_EOF(INITIAL):
}
}
YY_BREAK
-case 30:
+case 39:
YY_RULE_SETUP
-#line 204 "settings/settings_lexer.l"
+#line 236 "settings/settings_lexer.l"
YY_FATAL_ERROR( "flex scanner jammed" );
YY_BREAK
-#line 1391 "settings/settings_lexer.c"
+#line 1487 "settings/settings_lexer.c"
case YY_END_OF_BUFFER:
{
@@ -1705,7 +1801,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 63 )
+ if ( yy_current_state >= 85 )
yy_c = yy_meta[(unsigned int) yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
@@ -1739,11 +1835,11 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state )
{
yy_current_state = (int) yy_def[yy_current_state];
- if ( yy_current_state >= 63 )
+ if ( yy_current_state >= 85 )
yy_c = yy_meta[(unsigned int) yy_c];
}
yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
- yy_is_jam = (yy_current_state == 62);
+ yy_is_jam = (yy_current_state == 84);
(void)yyg;
return yy_is_jam ? 0 : yy_current_state;
@@ -2778,7 +2874,7 @@ void settings_parser_free (void * ptr , yyscan_t yyscanner)
/* %ok-for-header */
-#line 204 "settings/settings_lexer.l"
+#line 236 "settings/settings_lexer.l"
diff --git a/src/libstrongswan/settings/settings_lexer.l b/src/libstrongswan/settings/settings_lexer.l
index fa1ecac10..19ab8d7b2 100644
--- a/src/libstrongswan/settings/settings_lexer.l
+++ b/src/libstrongswan/settings/settings_lexer.l
@@ -1,6 +1,6 @@
%{
/*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -29,7 +29,7 @@ static void include_files(parser_helper_t *ctx);
/* use start conditions stack */
%option stack
-/* do not declare unneded functions */
+/* do not declare unneeded functions */
%option noinput noyywrap
/* don't use global variables, and interact properly with bison */
@@ -49,6 +49,8 @@ static void include_files(parser_helper_t *ctx);
/* type of our extra data */
%option extra-type="parser_helper_t*"
+/* state used to scan references */
+%x ref
/* state used to scan values */
%x val
/* state used to scan include file patterns */
@@ -56,15 +58,26 @@ static void include_files(parser_helper_t *ctx);
/* state used to scan quoted strings */
%x str
+/* pattern for section/key names */
+NAME [^#{}:.,="\r\n\t ]
+
%%
[\t ]*#[^\r\n]* /* eat comments */
[\t\r ]+ /* eat whitespace */
-\n|#.*\n return NEWLINE; /* also eats comments at the end of a line */
+\n|#.*\n /* eat newlines and comments at the end of a line */
"{" |
"}" return yytext[0];
+"." return DOT;
+"," return COMMA;
+
+":" {
+ yy_push_state(ref, yyscanner);
+ return COLON;
+}
+
"=" {
yy_push_state(val, yyscanner);
return yytext[0];
@@ -80,16 +93,34 @@ static void include_files(parser_helper_t *ctx);
return STRING_ERROR;
}
-[^#{}="\r\n\t ]+ {
+{NAME}+ {
yylval->s = strdup(yytext);
return NAME;
}
+<ref>{
+ [\t ]*#[^\r\n]* /* eat comments */
+ [\t\r ]+ /* eat whitespace */
+ \n|#.*\n /* eat newlines and comments at the end of a line */
+
+ "," return COMMA;
+
+ {NAME}+(\.{NAME}+)* {
+ yylval->s = strdup(yytext);
+ return NAME;
+ }
+
+ . {
+ unput(yytext[0]);
+ yy_pop_state(yyscanner);
+ }
+}
+
<val>{
\r /* just ignore these */
[\t ]+
<<EOF>> |
- [#}\n] {
+ [#}\n] {
if (*yytext)
{
switch (yytext[0])
@@ -107,15 +138,16 @@ static void include_files(parser_helper_t *ctx);
}
}
yy_pop_state(yyscanner);
+ return NEWLINE;
}
- "\"" {
+ "\"" {
yyextra->string_init(yyextra);
yy_push_state(str, yyscanner);
}
/* same as above, but allow more characters */
- [^#}"\r\n\t ]+ {
+ [^#}"\r\n\t ]+ {
yylval->s = strdup(yytext);
return NAME;
}
diff --git a/src/libstrongswan/settings/settings_parser.c b/src/libstrongswan/settings/settings_parser.c
index 3d1a2ba27..ad3d5288c 100644
--- a/src/libstrongswan/settings/settings_parser.c
+++ b/src/libstrongswan/settings/settings_parser.c
@@ -71,7 +71,7 @@
#line 1 "settings/settings_parser.y" /* yacc.c:339 */
/*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -120,6 +120,7 @@ static section_t *push_section(parser_helper_t *ctx, char *name);
static section_t *pop_section(parser_helper_t *ctx);
static void add_section(parser_helper_t *ctx, section_t *section);
static void add_setting(parser_helper_t *ctx, kv_t *kv);
+static void add_references(parser_helper_t *ctx, array_t *references);
/**
* Make sure to call lexer with the proper context
@@ -131,7 +132,7 @@ static int yylex(YYSTYPE *lvalp, parser_helper_t *ctx)
}
-#line 135 "settings/settings_parser.c" /* yacc.c:339 */
+#line 136 "settings/settings_parser.c" /* yacc.c:339 */
# ifndef YY_NULLPTR
# if defined __cplusplus && 201103L <= __cplusplus
@@ -168,28 +169,35 @@ extern int settings_parser_debug;
{
NAME = 258,
STRING = 259,
- NEWLINE = 260,
- STRING_ERROR = 261
+ DOT = 260,
+ COMMA = 261,
+ COLON = 262,
+ NEWLINE = 263,
+ STRING_ERROR = 264
};
#endif
/* Tokens. */
#define NAME 258
#define STRING 259
-#define NEWLINE 260
-#define STRING_ERROR 261
+#define DOT 260
+#define COMMA 261
+#define COLON 262
+#define NEWLINE 263
+#define STRING_ERROR 264
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
union YYSTYPE
{
-#line 77 "settings/settings_parser.y" /* yacc.c:355 */
+#line 78 "settings/settings_parser.y" /* yacc.c:355 */
char *s;
struct section_t *sec;
struct kv_t *kv;
+ array_t *refs;
-#line 193 "settings/settings_parser.c" /* yacc.c:355 */
+#line 201 "settings/settings_parser.c" /* yacc.c:355 */
};
typedef union YYSTYPE YYSTYPE;
@@ -205,7 +213,7 @@ int settings_parser_parse (parser_helper_t *ctx);
/* Copy the second part of user declarations. */
-#line 209 "settings/settings_parser.c" /* yacc.c:358 */
+#line 217 "settings/settings_parser.c" /* yacc.c:358 */
#ifdef short
# undef short
@@ -447,21 +455,21 @@ union yyalloc
/* YYFINAL -- State number of the termination state. */
#define YYFINAL 2
/* YYLAST -- Last index in YYTABLE. */
-#define YYLAST 13
+#define YYLAST 19
/* YYNTOKENS -- Number of terminals. */
-#define YYNTOKENS 10
+#define YYNTOKENS 13
/* YYNNTS -- Number of nonterminals. */
-#define YYNNTS 8
+#define YYNNTS 9
/* YYNRULES -- Number of rules. */
-#define YYNRULES 15
+#define YYNRULES 17
/* YYNSTATES -- Number of states. */
-#define YYNSTATES 20
+#define YYNSTATES 24
/* YYTRANSLATE[YYX] -- Symbol number corresponding to YYX as returned
by yylex, with out-of-bounds checking. */
#define YYUNDEFTOK 2
-#define YYMAXUTOK 261
+#define YYMAXUTOK 264
#define YYTRANSLATE(YYX) \
((unsigned int) (YYX) <= YYMAXUTOK ? yytranslate[YYX] : YYUNDEFTOK)
@@ -476,13 +484,13 @@ static const yytype_uint8 yytranslate[] =
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 9, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 12, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
- 2, 2, 2, 8, 2, 7, 2, 2, 2, 2,
+ 2, 2, 2, 11, 2, 10, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
@@ -496,15 +504,15 @@ static const yytype_uint8 yytranslate[] =
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
2, 2, 2, 2, 2, 2, 1, 2, 3, 4,
- 5, 6
+ 5, 6, 7, 8, 9
};
#if YYDEBUG
/* YYRLINE[YYN] -- Source line where rule number YYN was defined. */
static const yytype_uint8 yyrline[] =
{
- 0, 105, 105, 107, 108, 112, 116, 123, 131, 136,
- 143, 148, 155, 156, 170, 171
+ 0, 112, 112, 114, 115, 119, 123, 130, 138, 143,
+ 152, 157, 165, 170, 177, 178, 192, 193
};
#endif
@@ -513,9 +521,10 @@ static const yytype_uint8 yyrline[] =
First, the terminals, then, starting at YYNTOKENS, nonterminals. */
static const char *const yytname[] =
{
- "$end", "error", "$undefined", "NAME", "STRING", "NEWLINE",
- "STRING_ERROR", "'}'", "'{'", "'='", "$accept", "statements",
- "statement", "section", "section_start", "setting", "value", "valuepart", YY_NULLPTR
+ "$end", "error", "$undefined", "NAME", "STRING", "\".\"", "\",\"",
+ "\":\"", "NEWLINE", "STRING_ERROR", "'}'", "'{'", "'='", "$accept",
+ "statements", "statement", "section", "section_start", "references",
+ "setting", "value", "valuepart", YY_NULLPTR
};
#endif
@@ -524,14 +533,15 @@ static const char *const yytname[] =
(internal) symbol number NUM (which must be that of a token). */
static const yytype_uint16 yytoknum[] =
{
- 0, 256, 257, 258, 259, 260, 261, 125, 123, 61
+ 0, 256, 257, 258, 259, 260, 261, 262, 263, 264,
+ 125, 123, 61
};
# endif
-#define YYPACT_NINF -11
+#define YYPACT_NINF -7
#define yypact_value_is_default(Yystate) \
- (!!((Yystate) == (-11)))
+ (!!((Yystate) == (-7)))
#define YYTABLE_NINF -1
@@ -542,8 +552,9 @@ static const yytype_uint16 yytoknum[] =
STATE-NUM. */
static const yytype_int8 yypact[] =
{
- -11, 0, -11, -1, -11, -11, -11, -11, -11, 2,
- -11, -2, 6, -11, -11, -11, -2, -11, -11, -11
+ -7, 0, -7, -6, -7, -7, -7, -7, -7, 1,
+ -7, 8, -1, -7, 4, -7, -7, 8, -7, -7,
+ 10, -7, -7, -7
};
/* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM.
@@ -552,19 +563,20 @@ static const yytype_int8 yypact[] =
static const yytype_uint8 yydefact[] =
{
2, 0, 1, 0, 3, 4, 5, 2, 6, 0,
- 8, 11, 0, 9, 14, 15, 10, 12, 7, 13
+ 8, 13, 0, 10, 0, 16, 17, 12, 14, 7,
+ 0, 9, 15, 11
};
/* YYPGOTO[NTERM-NUM]. */
static const yytype_int8 yypgoto[] =
{
- -11, 5, -11, -11, -11, -11, -11, -10
+ -7, 7, -7, -7, -7, -7, -7, -7, 2
};
/* YYDEFGOTO[NTERM-NUM]. */
static const yytype_int8 yydefgoto[] =
{
- -1, 1, 5, 6, 7, 8, 16, 17
+ -1, 1, 5, 6, 7, 14, 8, 17, 18
};
/* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If
@@ -572,36 +584,37 @@ static const yytype_int8 yydefgoto[] =
number is the opposite. If YYTABLE_NINF, syntax error. */
static const yytype_uint8 yytable[] =
{
- 2, 14, 15, 3, 9, 4, 19, 10, 11, 3,
- 13, 4, 12, 18
+ 2, 9, 3, 3, 13, 10, 11, 4, 4, 19,
+ 20, 15, 16, 23, 12, 21, 0, 0, 0, 22
};
-static const yytype_uint8 yycheck[] =
+static const yytype_int8 yycheck[] =
{
- 0, 3, 4, 3, 5, 5, 16, 8, 9, 3,
- 8, 5, 7, 7
+ 0, 7, 3, 3, 3, 11, 12, 8, 8, 10,
+ 6, 3, 4, 3, 7, 11, -1, -1, -1, 17
};
/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
symbol of state STATE-NUM. */
static const yytype_uint8 yystos[] =
{
- 0, 11, 0, 3, 5, 12, 13, 14, 15, 5,
- 8, 9, 11, 8, 3, 4, 16, 17, 7, 17
+ 0, 14, 0, 3, 8, 15, 16, 17, 19, 7,
+ 11, 12, 14, 3, 18, 3, 4, 20, 21, 10,
+ 6, 11, 21, 3
};
/* YYR1[YYN] -- Symbol number of symbol that rule YYN derives. */
static const yytype_uint8 yyr1[] =
{
- 0, 10, 11, 11, 11, 12, 12, 13, 14, 14,
- 15, 15, 16, 16, 17, 17
+ 0, 13, 14, 14, 14, 15, 15, 16, 17, 17,
+ 18, 18, 19, 19, 20, 20, 21, 21
};
/* YYR2[YYN] -- Number of symbols on the right hand side of rule YYN. */
static const yytype_uint8 yyr2[] =
{
- 0, 2, 0, 2, 2, 1, 1, 3, 2, 3,
- 3, 2, 1, 2, 1, 1
+ 0, 2, 0, 2, 2, 1, 1, 3, 2, 4,
+ 1, 3, 3, 2, 1, 2, 1, 1
};
@@ -1027,45 +1040,51 @@ yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, parser_helper_t *c
switch (yytype)
{
case 3: /* NAME */
-#line 91 "settings/settings_parser.y" /* yacc.c:1257 */
+#line 97 "settings/settings_parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1033 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1046 "settings/settings_parser.c" /* yacc.c:1257 */
break;
case 4: /* STRING */
-#line 91 "settings/settings_parser.y" /* yacc.c:1257 */
+#line 97 "settings/settings_parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1039 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1052 "settings/settings_parser.c" /* yacc.c:1257 */
break;
- case 13: /* section */
-#line 93 "settings/settings_parser.y" /* yacc.c:1257 */
+ case 16: /* section */
+#line 99 "settings/settings_parser.y" /* yacc.c:1257 */
{ pop_section(ctx); settings_section_destroy(((*yyvaluep).sec), NULL); }
-#line 1045 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1058 "settings/settings_parser.c" /* yacc.c:1257 */
break;
- case 14: /* section_start */
-#line 93 "settings/settings_parser.y" /* yacc.c:1257 */
+ case 17: /* section_start */
+#line 99 "settings/settings_parser.y" /* yacc.c:1257 */
{ pop_section(ctx); settings_section_destroy(((*yyvaluep).sec), NULL); }
-#line 1051 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1064 "settings/settings_parser.c" /* yacc.c:1257 */
break;
- case 15: /* setting */
-#line 94 "settings/settings_parser.y" /* yacc.c:1257 */
+ case 18: /* references */
+#line 101 "settings/settings_parser.y" /* yacc.c:1257 */
+ { array_destroy_function(((*yyvaluep).refs), (void*)free, NULL); }
+#line 1070 "settings/settings_parser.c" /* yacc.c:1257 */
+ break;
+
+ case 19: /* setting */
+#line 100 "settings/settings_parser.y" /* yacc.c:1257 */
{ settings_kv_destroy(((*yyvaluep).kv), NULL); }
-#line 1057 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1076 "settings/settings_parser.c" /* yacc.c:1257 */
break;
- case 16: /* value */
-#line 91 "settings/settings_parser.y" /* yacc.c:1257 */
+ case 20: /* value */
+#line 97 "settings/settings_parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1063 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1082 "settings/settings_parser.c" /* yacc.c:1257 */
break;
- case 17: /* valuepart */
-#line 91 "settings/settings_parser.y" /* yacc.c:1257 */
+ case 21: /* valuepart */
+#line 97 "settings/settings_parser.y" /* yacc.c:1257 */
{ free(((*yyvaluep).s)); }
-#line 1069 "settings/settings_parser.c" /* yacc.c:1257 */
+#line 1088 "settings/settings_parser.c" /* yacc.c:1257 */
break;
@@ -1331,64 +1350,84 @@ yyreduce:
switch (yyn)
{
case 5:
-#line 113 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 120 "settings/settings_parser.y" /* yacc.c:1646 */
{
add_section(ctx, (yyvsp[0].sec));
}
-#line 1339 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1358 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 6:
-#line 117 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 124 "settings/settings_parser.y" /* yacc.c:1646 */
{
add_setting(ctx, (yyvsp[0].kv));
}
-#line 1347 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1366 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 7:
-#line 124 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 131 "settings/settings_parser.y" /* yacc.c:1646 */
{
pop_section(ctx);
(yyval.sec) = (yyvsp[-2].sec);
}
-#line 1356 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1375 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 8:
-#line 132 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 139 "settings/settings_parser.y" /* yacc.c:1646 */
{
(yyval.sec) = push_section(ctx, (yyvsp[-1].s));
}
-#line 1364 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1383 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 9:
-#line 137 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 144 "settings/settings_parser.y" /* yacc.c:1646 */
{
- (yyval.sec) = push_section(ctx, (yyvsp[-2].s));
+ (yyval.sec) = push_section(ctx, (yyvsp[-3].s));
+ add_references(ctx, (yyvsp[-1].refs));
+ array_destroy((yyvsp[-1].refs));
}
-#line 1372 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1393 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 10:
-#line 144 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 153 "settings/settings_parser.y" /* yacc.c:1646 */
{
- (yyval.kv) = settings_kv_create((yyvsp[-2].s), (yyvsp[0].s));
+ (yyval.refs) = array_create(0, 0);
+ array_insert((yyval.refs), ARRAY_TAIL, (yyvsp[0].s));
}
-#line 1380 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1402 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 11:
-#line 149 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 158 "settings/settings_parser.y" /* yacc.c:1646 */
{
- (yyval.kv) = settings_kv_create((yyvsp[-1].s), NULL);
+ array_insert((yyvsp[-2].refs), ARRAY_TAIL, (yyvsp[0].s));
+ (yyval.refs) = (yyvsp[-2].refs);
}
-#line 1388 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1411 "settings/settings_parser.c" /* yacc.c:1646 */
+ break;
+
+ case 12:
+#line 166 "settings/settings_parser.y" /* yacc.c:1646 */
+ {
+ (yyval.kv) = settings_kv_create((yyvsp[-2].s), (yyvsp[0].s));
+ }
+#line 1419 "settings/settings_parser.c" /* yacc.c:1646 */
break;
case 13:
-#line 157 "settings/settings_parser.y" /* yacc.c:1646 */
+#line 171 "settings/settings_parser.y" /* yacc.c:1646 */
+ {
+ (yyval.kv) = settings_kv_create((yyvsp[-1].s), NULL);
+ }
+#line 1427 "settings/settings_parser.c" /* yacc.c:1646 */
+ break;
+
+ case 15:
+#line 179 "settings/settings_parser.y" /* yacc.c:1646 */
{ /* just put a single space between them, use strings for more */
if (asprintf(&(yyval.s), "%s %s", (yyvsp[-1].s), (yyvsp[0].s)) < 0)
{
@@ -1399,11 +1438,11 @@ yyreduce:
free((yyvsp[-1].s));
free((yyvsp[0].s));
}
-#line 1403 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1442 "settings/settings_parser.c" /* yacc.c:1646 */
break;
-#line 1407 "settings/settings_parser.c" /* yacc.c:1646 */
+#line 1446 "settings/settings_parser.c" /* yacc.c:1646 */
default: break;
}
/* User semantic actions sometimes alter yychar, and that requires
@@ -1631,7 +1670,7 @@ yyreturn:
#endif
return yyresult;
}
-#line 174 "settings/settings_parser.y" /* yacc.c:1906 */
+#line 196 "settings/settings_parser.y" /* yacc.c:1906 */
/**
@@ -1700,6 +1739,27 @@ static void add_setting(parser_helper_t *ctx, kv_t *kv)
}
/**
+ * Adds the given references to the section on top of the stack
+ */
+static void add_references(parser_helper_t *ctx, array_t *references)
+{
+ array_t *sections = (array_t*)ctx->context;
+ section_t *section;
+ enumerator_t *refs;
+ char *ref;
+
+ array_get(sections, ARRAY_TAIL, &section);
+
+ refs = array_create_enumerator(references);
+ while (refs->enumerate(refs, &ref))
+ {
+ settings_reference_add(section, ref, FALSE);
+ array_remove_at(references, refs);
+ }
+ refs->destroy(refs);
+}
+
+/**
* Parse the given file and add all sections and key/value pairs to the
* given section.
*/
diff --git a/src/libstrongswan/settings/settings_parser.h b/src/libstrongswan/settings/settings_parser.h
index b41e0d56f..7c2a82841 100644
--- a/src/libstrongswan/settings/settings_parser.h
+++ b/src/libstrongswan/settings/settings_parser.h
@@ -47,28 +47,35 @@ extern int settings_parser_debug;
{
NAME = 258,
STRING = 259,
- NEWLINE = 260,
- STRING_ERROR = 261
+ DOT = 260,
+ COMMA = 261,
+ COLON = 262,
+ NEWLINE = 263,
+ STRING_ERROR = 264
};
#endif
/* Tokens. */
#define NAME 258
#define STRING 259
-#define NEWLINE 260
-#define STRING_ERROR 261
+#define DOT 260
+#define COMMA 261
+#define COLON 262
+#define NEWLINE 263
+#define STRING_ERROR 264
/* Value type. */
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
union YYSTYPE
{
-#line 77 "settings/settings_parser.y" /* yacc.c:1909 */
+#line 78 "settings/settings_parser.y" /* yacc.c:1909 */
char *s;
struct section_t *sec;
struct kv_t *kv;
+ array_t *refs;
-#line 72 "settings/settings_parser.h" /* yacc.c:1909 */
+#line 79 "settings/settings_parser.h" /* yacc.c:1909 */
};
typedef union YYSTYPE YYSTYPE;
diff --git a/src/libstrongswan/settings/settings_parser.y b/src/libstrongswan/settings/settings_parser.y
index 2ab9ea723..cc1c91775 100644
--- a/src/libstrongswan/settings/settings_parser.y
+++ b/src/libstrongswan/settings/settings_parser.y
@@ -1,6 +1,6 @@
%{
/*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -49,6 +49,7 @@ static section_t *push_section(parser_helper_t *ctx, char *name);
static section_t *pop_section(parser_helper_t *ctx);
static void add_section(parser_helper_t *ctx, section_t *section);
static void add_setting(parser_helper_t *ctx, kv_t *kv);
+static void add_references(parser_helper_t *ctx, array_t *references);
/**
* Make sure to call lexer with the proper context
@@ -78,20 +79,26 @@ static int yylex(YYSTYPE *lvalp, parser_helper_t *ctx)
char *s;
struct section_t *sec;
struct kv_t *kv;
+ array_t *refs;
}
%token <s> NAME STRING
+%token DOT "."
+%token COMMA ","
+%token COLON ":"
%token NEWLINE STRING_ERROR
/* ...and other symbols */
%type <s> value valuepart
%type <sec> section_start section
%type <kv> setting
+%type <refs> references
/* properly destroy string tokens that are strdup()ed on error */
%destructor { free($$); } NAME STRING value valuepart
/* properly destroy parse results on error */
%destructor { pop_section(ctx); settings_section_destroy($$, NULL); } section_start section
%destructor { settings_kv_destroy($$, NULL); } setting
+%destructor { array_destroy_function($$, (void*)free, NULL); } references
/* there are two shift/reduce conflicts because of the "NAME = NAME" and
* "NAME {" ambiguity, and the "NAME =" rule) */
@@ -133,9 +140,24 @@ section_start:
$$ = push_section(ctx, $NAME);
}
|
- NAME NEWLINE '{'
+ NAME ":" references '{'
{
$$ = push_section(ctx, $NAME);
+ add_references(ctx, $references);
+ array_destroy($references);
+ }
+ ;
+
+references:
+ NAME
+ {
+ $$ = array_create(0, 0);
+ array_insert($$, ARRAY_TAIL, $1);
+ }
+ | references "," NAME
+ {
+ array_insert($1, ARRAY_TAIL, $3);
+ $$ = $1;
}
;
@@ -239,6 +261,27 @@ static void add_setting(parser_helper_t *ctx, kv_t *kv)
}
/**
+ * Adds the given references to the section on top of the stack
+ */
+static void add_references(parser_helper_t *ctx, array_t *references)
+{
+ array_t *sections = (array_t*)ctx->context;
+ section_t *section;
+ enumerator_t *refs;
+ char *ref;
+
+ array_get(sections, ARRAY_TAIL, &section);
+
+ refs = array_create_enumerator(references);
+ while (refs->enumerate(refs, &ref))
+ {
+ settings_reference_add(section, ref, FALSE);
+ array_remove_at(references, refs);
+ }
+ refs->destroy(refs);
+}
+
+/**
* Parse the given file and add all sections and key/value pairs to the
* given section.
*/
diff --git a/src/libstrongswan/settings/settings_types.c b/src/libstrongswan/settings/settings_types.c
index 1c2d61de7..625b70409 100644
--- a/src/libstrongswan/settings/settings_types.c
+++ b/src/libstrongswan/settings/settings_types.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2014 Tobias Brunner
+ * Copyright (C) 2010-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -69,6 +69,12 @@ static void kv_destroy(kv_t *kv, int idx, array_t *contents)
settings_kv_destroy(kv, contents);
}
+static void ref_destroy(section_ref_t *ref, int idx, void *ctx)
+{
+ free(ref->name);
+ free(ref);
+}
+
/*
* Described in header
*/
@@ -78,7 +84,7 @@ void settings_section_destroy(section_t *this, array_t *contents)
array_destroy(this->sections_order);
array_destroy_function(this->kv, (void*)kv_destroy, contents);
array_destroy(this->kv_order);
- array_destroy(this->fallbacks);
+ array_destroy_function(this->references, (void*)ref_destroy, NULL);
free(this->name);
free(this);
}
@@ -130,6 +136,35 @@ void settings_kv_add(section_t *section, kv_t *kv, array_t *contents)
}
/*
+ * Described in header
+ */
+void settings_reference_add(section_t *section, char *name, bool permanent)
+{
+ section_ref_t *ref;
+ int i;
+
+ for (i = 0; i < array_count(section->references); i++)
+ {
+ array_get(section->references, i, &ref);
+ if (ref->permanent && !permanent)
+ { /* add it before any permanent references */
+ break;
+ }
+ if (ref->permanent == permanent && streq(name, ref->name))
+ {
+ free(name);
+ return;
+ }
+ }
+
+ INIT(ref,
+ .name = name,
+ .permanent = permanent,
+ );
+ array_insert_create(&section->references, i, ref);
+}
+
+/*
* Add a section to the given parent, optionally remove settings/subsections
* not found when extending an existing section
*/
@@ -167,14 +202,28 @@ void settings_section_add(section_t *parent, section_t *section,
static bool section_purge(section_t *this, array_t *contents)
{
section_t *current;
+ section_ref_t *ref;
int i, idx;
array_destroy_function(this->kv, (void*)kv_destroy, contents);
this->kv = NULL;
array_destroy(this->kv_order);
this->kv_order = NULL;
- /* we ensure sections used as fallback, or configured with fallbacks (or
- * having any such subsections) are not removed */
+ /* remove non-permanent references */
+ for (i = array_count(this->references) - 1; i >= 0; i--)
+ {
+ array_get(this->references, i, &ref);
+ if (!ref->permanent)
+ {
+ array_remove(this->references, i, NULL);
+ ref_destroy(ref, 0, NULL);
+ }
+ }
+ if (!array_count(this->references))
+ {
+ array_destroy(this->references);
+ this->references = NULL;
+ }
for (i = array_count(this->sections_order) - 1; i >= 0; i--)
{
array_get(this->sections_order, i, &current);
@@ -187,7 +236,9 @@ static bool section_purge(section_t *this, array_t *contents)
settings_section_destroy(current, contents);
}
}
- return !this->fallbacks && !array_count(this->sections);
+ /* we ensure sections configured with permanent references (or having any
+ * such subsections) are not removed */
+ return !this->references && !array_count(this->sections);
}
/*
@@ -198,14 +249,15 @@ void settings_section_extend(section_t *base, section_t *extension,
{
enumerator_t *enumerator;
section_t *section;
+ section_ref_t *ref;
kv_t *kv;
array_t *sections = NULL, *kvs = NULL;
int idx;
if (purge)
- { /* remove sections and settings in base not found in extension, the
- * others are removed too (from the _order list) so they can be inserted
- * in the order found in extension */
+ { /* remove sections, settings in base not found in extension, the others
+ * are removed too (from the _order list) so they can be inserted in the
+ * order found in extension, non-permanent references are removed */
enumerator = array_create_enumerator(base->sections_order);
while (enumerator->enumerate(enumerator, (void**)&section))
{
@@ -245,6 +297,18 @@ void settings_section_extend(section_t *base, section_t *extension,
array_sort(kvs, settings_kv_sort, NULL);
}
}
+
+ enumerator = array_create_enumerator(base->references);
+ while (enumerator->enumerate(enumerator, (void**)&ref))
+ {
+ if (ref->permanent)
+ { /* permanent references are ignored */
+ continue;
+ }
+ array_remove_at(base->references, enumerator);
+ ref_destroy(ref, 0, NULL);
+ }
+ enumerator->destroy(enumerator);
}
while (array_remove(extension->sections_order, 0, &section))
@@ -278,6 +342,16 @@ void settings_section_extend(section_t *base, section_t *extension,
array_remove(extension->kv, idx, NULL);
settings_kv_add(base, kv, contents);
}
+
+ while (array_remove(extension->references, 0, &ref))
+ {
+ if (ref->permanent)
+ { /* ignore permanent references in the extension */
+ continue;
+ }
+ settings_reference_add(base, strdup(ref->name), FALSE);
+ ref_destroy(ref, 0, NULL);
+ }
array_destroy(sections);
array_destroy(kvs);
}
diff --git a/src/libstrongswan/settings/settings_types.h b/src/libstrongswan/settings/settings_types.h
index 82bcb230a..8163a0134 100644
--- a/src/libstrongswan/settings/settings_types.h
+++ b/src/libstrongswan/settings/settings_types.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2014 Tobias Brunner
+ * Copyright (C) 2010-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@
#define SETTINGS_TYPES_H_
typedef struct kv_t kv_t;
+typedef struct section_ref_t section_ref_t;
typedef struct section_t section_t;
#include "collections/array.h"
@@ -45,6 +46,23 @@ struct kv_t {
};
/**
+ * Section reference.
+ */
+struct section_ref_t {
+
+ /**
+ * Name of the referenced section.
+ */
+ char *name;
+
+ /**
+ * TRUE for permanent references that were added programmatically via
+ * add_fallback() and are not removed during reloads/purges.
+ */
+ bool permanent;
+};
+
+/**
* Section containing subsections and key value pairs.
*/
struct section_t {
@@ -55,9 +73,9 @@ struct section_t {
char *name;
/**
- * Fallback sections, as section_t.
+ * Referenced sections, as section_ref_t.
*/
- array_t *fallbacks;
+ array_t *references;
/**
* Subsections, as section_t.
@@ -116,6 +134,15 @@ void settings_kv_set(kv_t *kv, char *value, array_t *contents);
void settings_kv_add(section_t *section, kv_t *kv, array_t *contents);
/**
+ * Add a reference to another section.
+ *
+ * @param section section to which to add the reference
+ * @param name name of the referenced section (adopted)
+ * @param permanent whether the reference is not removed during reloads
+ */
+void settings_reference_add(section_t *section, char *name, bool permanent);
+
+/**
* Create a section with the given name.
*
* @param name name (gets adopted)
diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in
index 20cb27cf3..82bb640a8 100644
--- a/src/libstrongswan/tests/Makefile.in
+++ b/src/libstrongswan/tests/Makefile.in
@@ -354,7 +354,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -380,6 +379,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -400,8 +401,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -456,8 +455,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -486,8 +483,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libstrongswan/tests/suites/test_identification.c b/src/libstrongswan/tests/suites/test_identification.c
index c0a21fe34..4b2202431 100644
--- a/src/libstrongswan/tests/suites/test_identification.c
+++ b/src/libstrongswan/tests/suites/test_identification.c
@@ -234,6 +234,12 @@ static struct {
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
{ "email:tester", ID_RFC822_ADDR, { .type = ENC_STRING,
.data.s = "tester" }},
+ {"xmppaddr:bob@strongswan.org", ID_DER_ASN1_GN, { .type = ENC_CHUNK,
+ .data.c = chunk_from_chars(0xa0,0x20,0x06,0x08,0x2b,0x06,0x01,0x05,
+ 0x05,0x07,0x08,0x05,0xa0,0x14,0x0c,0x12,
+ 0x62,0x6f,0x62,0x40,0x73,0x74,0x72,0x6f,
+ 0x6e,0x67,0x73,0x77,0x61,0x6e,0x2e,0x6f,
+ 0x72,0x67) }},
{ "{1}:#c0a80101", ID_IPV4_ADDR, { .type = ENC_CHUNK,
.data.c = chunk_from_chars(0xc0,0xa8,0x01,0x01) }},
{ "{0x02}:tester", ID_FQDN, { .type = ENC_STRING,
diff --git a/src/libstrongswan/tests/suites/test_linked_list_enumerator.c b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c
index 19f381ef3..30b7b5c11 100644
--- a/src/libstrongswan/tests/suites/test_linked_list_enumerator.c
+++ b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c
@@ -144,11 +144,12 @@ START_TEST(test_insert_before_ends)
int round;
enumerator = list->create_enumerator(list);
+ /* this does not change the enumerator position, which points to 1 */
list->insert_before(list, enumerator, (void*)0);
ck_assert_int_eq(list->get_count(list), 6);
ck_assert(list->get_first(list, (void*)&x) == SUCCESS);
ck_assert_int_eq(x, 0);
- round = 0;
+ round = 1;
while (enumerator->enumerate(enumerator, &x))
{
ck_assert_int_eq(round, x);
@@ -177,8 +178,13 @@ START_TEST(test_insert_before_empty)
ck_assert_int_eq(x, 1);
ck_assert(list->get_last(list, (void*)&x) == SUCCESS);
ck_assert_int_eq(x, 1);
- ck_assert(enumerator->enumerate(enumerator, &x));
+ ck_assert(!enumerator->enumerate(enumerator, &x));
+ list->insert_before(list, enumerator, (void*)2);
+ ck_assert_int_eq(list->get_count(list), 2);
+ ck_assert(list->get_first(list, (void*)&x) == SUCCESS);
ck_assert_int_eq(x, 1);
+ ck_assert(list->get_last(list, (void*)&x) == SUCCESS);
+ ck_assert_int_eq(x, 2);
ck_assert(!enumerator->enumerate(enumerator, NULL));
enumerator->destroy(enumerator);
}
@@ -221,6 +227,43 @@ START_TEST(test_remove_at)
}
END_TEST
+START_TEST(test_remove_at_multi)
+{
+ enumerator_t *enumerator;
+ intptr_t x;
+ int round;
+
+ round = 1;
+ enumerator = list->create_enumerator(list);
+ while (enumerator->enumerate(enumerator, &x))
+ {
+ ck_assert_int_eq(round, x);
+ if (round == 2 || round == 5)
+ {
+ list->remove_at(list, enumerator);
+ }
+ round++;
+ }
+ ck_assert_int_eq(list->get_count(list), 3);
+ list->reset_enumerator(list, enumerator);
+ round = 1;
+ while (enumerator->enumerate(enumerator, &x))
+ {
+ if (round == 2)
+ { /* skip removed item */
+ round++;
+ }
+ ck_assert_int_eq(round, x);
+ list->remove_at(list, enumerator);
+ round++;
+ }
+ ck_assert_int_eq(list->get_count(list), 0);
+ list->reset_enumerator(list, enumerator);
+ ck_assert(!enumerator->enumerate(enumerator, &x));
+ enumerator->destroy(enumerator);
+}
+END_TEST
+
START_TEST(test_remove_at_ends)
{
enumerator_t *enumerator;
@@ -228,14 +271,14 @@ START_TEST(test_remove_at_ends)
enumerator = list->create_enumerator(list);
list->remove_at(list, enumerator);
- ck_assert_int_eq(list->get_count(list), 5);
+ ck_assert_int_eq(list->get_count(list), 4);
ck_assert(list->get_first(list, (void*)&x) == SUCCESS);
- ck_assert_int_eq(x, 1);
+ ck_assert_int_eq(x, 2);
while (enumerator->enumerate(enumerator, &x))
{
}
list->remove_at(list, enumerator);
- ck_assert_int_eq(list->get_count(list), 5);
+ ck_assert_int_eq(list->get_count(list), 4);
ck_assert(list->get_last(list, (void*)&x) == SUCCESS);
ck_assert_int_eq(x, 5);
enumerator->destroy(enumerator);
@@ -254,14 +297,12 @@ START_TEST(test_insert_before_remove_at)
{
ck_assert_int_eq(round, x);
if (round == 2)
- { /* this replaces the current item, as insert_before does not change
- * the enumerator position */
+ { /* this replaces the current item */
list->insert_before(list, enumerator, (void*)42);
list->remove_at(list, enumerator);
}
else if (round == 4)
- { /* this does not replace the item, as remove_at moves the enumerator
- * position to the previous item */
+ { /* same here, the order of calls does not matter */
list->remove_at(list, enumerator);
list->insert_before(list, enumerator, (void*)21);
}
@@ -276,13 +317,9 @@ START_TEST(test_insert_before_remove_at)
{ /* check replaced item */
ck_assert_int_eq(42, x);
}
- else if (round == 3)
- { /* check misplaced item */
- ck_assert_int_eq(21, x);
- }
else if (round == 4)
- { /* check misplaced item */
- ck_assert_int_eq(3, x);
+ { /* check replace item */
+ ck_assert_int_eq(21, x);
}
else
{
@@ -348,6 +385,7 @@ Suite *linked_list_enumerator_suite_create()
tc = tcase_create("modify");
tcase_add_checked_fixture(tc, setup_list, teardown_list);
tcase_add_test(tc, test_remove_at);
+ tcase_add_test(tc, test_remove_at_multi);
tcase_add_test(tc, test_remove_at_ends);
tcase_add_test(tc, test_insert_before_remove_at);
suite_add_tcase(s, tc);
diff --git a/src/libstrongswan/tests/suites/test_printf.c b/src/libstrongswan/tests/suites/test_printf.c
index 377f2a767..ac2b858bb 100644
--- a/src/libstrongswan/tests/suites/test_printf.c
+++ b/src/libstrongswan/tests/suites/test_printf.c
@@ -204,7 +204,7 @@ Suite *printf_suite_create()
tcase_add_test(tc, test_printf_err);
suite_add_tcase(s, tc);
- tc = tcase_create("unsiged");
+ tc = tcase_create("unsigned");
tcase_add_test(tc, test_printf_unsigned);
suite_add_tcase(s, tc);
diff --git a/src/libstrongswan/tests/suites/test_proposal.c b/src/libstrongswan/tests/suites/test_proposal.c
index 938fa38aa..099cd19c7 100644
--- a/src/libstrongswan/tests/suites/test_proposal.c
+++ b/src/libstrongswan/tests/suites/test_proposal.c
@@ -102,7 +102,12 @@ static struct {
{ PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" },
{ PROTO_ESP, "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
{ PROTO_ESP, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" },
- { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" },
+ { PROTO_ESP, "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256" },
+ { PROTO_ESP, "aes128-sha256-esn", "aes128-sha256-esn", "aes128-sha256-esn" },
+ { PROTO_ESP, "aes128-sha256-noesn", "aes128-sha256-esn", NULL },
+ { PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256-esn", "aes128-sha256-esn" },
+ { PROTO_ESP, "aes128-sha256-noesn-esn", "aes128-sha256", "aes128-sha256" },
+ { PROTO_ESP, "aes128-sha256-esn-noesn", "aes128-sha256-noesn-esn", "aes128-sha256-esn" },
{ PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
{ PROTO_IKE, "aes128-sha256-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072" },
{ PROTO_IKE, "aes128-sha256-modp3072-modpnone", "aes128-sha256-modp3072", "aes128-sha256-modp3072" },
@@ -159,6 +164,29 @@ START_TEST(test_select_spi)
}
END_TEST
+START_TEST(test_matches)
+{
+ proposal_t *self, *other;
+
+ self = proposal_create_from_string(select_data[_i].proto,
+ select_data[_i].self);
+ other = proposal_create_from_string(select_data[_i].proto,
+ select_data[_i].other);
+ if (select_data[_i].expected)
+ {
+ ck_assert(self->matches(self, other, FALSE));
+ ck_assert(other->matches(other, self, FALSE));
+ }
+ else
+ {
+ ck_assert(!self->matches(self, other, FALSE));
+ ck_assert(!other->matches(other, self, FALSE));
+ }
+ other->destroy(other);
+ self->destroy(self);
+}
+END_TEST
+
START_TEST(test_promote_dh_group)
{
proposal_t *proposal;
@@ -312,6 +340,10 @@ Suite *proposal_suite_create()
tcase_add_test(tc, test_select_spi);
suite_add_tcase(s, tc);
+ tc = tcase_create("matches");
+ tcase_add_loop_test(tc, test_matches, 0, countof(select_data));
+ suite_add_tcase(s, tc);
+
tc = tcase_create("promote_dh_group");
tcase_add_test(tc, test_promote_dh_group);
tcase_add_test(tc, test_promote_dh_group_already_front);
diff --git a/src/libstrongswan/tests/suites/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c
index 3f6353404..e6dc7744a 100644
--- a/src/libstrongswan/tests/suites/test_rsa.c
+++ b/src/libstrongswan/tests/suites/test_rsa.c
@@ -146,7 +146,7 @@ static void test_bad_sigs(public_key_t *pubkey)
* RSA key sizes to test
*/
static int key_sizes[] = {
- 768, 1024, 1536, 2048, 3072, 4096,
+ 1024, 1536, 2048, 3072, 4096,
};
START_TEST(test_gen)
diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c
index 0759f7013..e0609605c 100644
--- a/src/libstrongswan/tests/suites/test_settings.c
+++ b/src/libstrongswan/tests/suites/test_settings.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Tobias Brunner
+ * Copyright (C) 2014-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -452,9 +452,10 @@ static void verify_sections(linked_list_t *verifier, char *parent)
enumerator = settings->create_section_enumerator(settings, parent);
ver = verifier->create_enumerator(verifier);
- while (enumerator->enumerate(enumerator, &section) &&
- ver->enumerate(ver, &current))
+ while (enumerator->enumerate(enumerator, &section))
{
+ ck_assert_msg(ver->enumerate(ver, &current),
+ "no more sections expected, found %s", section);
ck_assert_str_eq(section, current);
verifier->remove_at(verifier, ver);
}
@@ -498,10 +499,11 @@ static void verify_key_values(linked_list_t *keys, linked_list_t *values,
enumerator = settings->create_key_value_enumerator(settings, parent);
enum_keys = keys->create_enumerator(keys);
enum_values = values->create_enumerator(values);
- while (enumerator->enumerate(enumerator, &key, &value) &&
- enum_keys->enumerate(enum_keys, &current_key) &&
- enum_values->enumerate(enum_values, &current_value))
+ while (enumerator->enumerate(enumerator, &key, &value))
{
+ ck_assert_msg(enum_keys->enumerate(enum_keys, &current_key),
+ "no more key/value expected, found %s = %s", key, value);
+ ck_assert(enum_values->enumerate(enum_values, &current_value));
ck_assert_str_eq(current_key, key);
ck_assert_str_eq(current_value, value);
keys->remove_at(keys, enum_keys);
@@ -519,8 +521,8 @@ START_TEST(test_key_value_enumerator)
{
linked_list_t *keys, *values;
- keys = linked_list_create_with_items("key1", "key2", "empty", "key3", NULL);
- values = linked_list_create_with_items("val1", "with space", "", "string with\nnewline", NULL);
+ keys = linked_list_create_with_items("key1", "key2", "empty", "key3", "key4", "key5", NULL);
+ values = linked_list_create_with_items("val1", "with space", "", "string with\nnewline", "multi line\nstring", "escaped newline", NULL);
verify_key_values(keys, values, "main");
keys = linked_list_create_with_items("key", "key2", "subsub", NULL);
@@ -894,7 +896,6 @@ START_TEST(test_load_string)
}
END_TEST
-
START_TEST(test_load_string_section)
{
char *content =
@@ -914,13 +915,6 @@ START_TEST(test_load_string_section)
ck_assert(settings->load_string_section(settings, include_content2, TRUE, "main.sub1"));
verify_include();
- /* invalid strings are a failure */
- ck_assert(!settings->load_string_section(settings, "conf {", TRUE, ""));
- /* NULL or empty strings are OK though */
- ck_assert(settings->load_string_section(settings, "", TRUE, ""));
- ck_assert(settings->load_string_section(settings, NULL, TRUE, ""));
- verify_include();
-
ck_assert(settings->load_string_section(settings, include_content2, FALSE, "main"));
verify_null("main.key1");
verify_string("v2", "main.key2");
@@ -934,6 +928,56 @@ START_TEST(test_load_string_section)
}
END_TEST
+START_TEST(test_load_string_section_null)
+{
+ linked_list_t *keys, *values;
+
+ char *content =
+ "main {\n"
+ " key1 = val1\n"
+ " key2 = val2\n"
+ " none = x\n"
+ " sub1 {\n"
+ " include = value\n"
+ " key2 = value2\n"
+ " }\n"
+ "}";
+
+ settings = settings_create_string(content);
+
+ ck_assert(settings->load_string_section(settings, include_content1, TRUE, ""));
+ ck_assert(settings->load_string_section(settings, include_content2, TRUE, "main.sub1"));
+ verify_include();
+
+ /* invalid strings are a failure */
+ ck_assert(!settings->load_string_section(settings, "conf {", TRUE, ""));
+ /* NULL or empty strings are OK though when merging */
+ ck_assert(settings->load_string_section(settings, "", TRUE, ""));
+ ck_assert(settings->load_string_section(settings, NULL, TRUE, ""));
+ verify_include();
+
+ /* they do purge the settings if merge is not TRUE */
+ ck_assert(settings->load_string_section(settings, "", FALSE, "main"));
+ verify_null("main.key1");
+ verify_null("main.sub1.key2");
+
+ keys = linked_list_create_with_items(NULL);
+ verify_sections(keys, "main");
+
+ keys = linked_list_create_with_items(NULL);
+ values = linked_list_create_with_items(NULL);
+ verify_key_values(keys, values, "main");
+
+ keys = linked_list_create_with_items("main", NULL);
+ verify_sections(keys, "");
+
+ ck_assert(settings->load_string_section(settings, NULL, FALSE, ""));
+
+ keys = linked_list_create_with_items(NULL);
+ verify_sections(keys, "");
+}
+END_TEST
+
START_SETUP(setup_fallback_config)
{
create_settings(chunk_from_str(
@@ -1037,6 +1081,50 @@ START_TEST(test_add_fallback)
}
END_TEST
+START_TEST(test_fallback_resolution)
+{
+ linked_list_t *keys, *values;
+
+ settings->destroy(settings);
+ create_settings(chunk_from_str(
+ "base {\n"
+ " sub {\n"
+ " key1 = val1\n"
+ " key2 = val2\n"
+ " key5 = val5\n"
+ " subsub {\n"
+ " subkey1 = subval1\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "other {\n"
+ " sub {\n"
+ " key3 = val3\n"
+ " key4 = val4\n"
+ " }\n"
+ "}\n"
+ "main {\n"
+ " sub {\n"
+ " key4=\n"
+ " key5 = \n"
+ " }\n"
+ "}"));
+
+ settings->add_fallback(settings, "other", "base");
+ settings->add_fallback(settings, "main.sub", "other.sub");
+
+ verify_string("val1", "main.sub.key1");
+ verify_string("val3", "main.sub.key3");
+ verify_null("main.sub.key4");
+ verify_null("main.sub.key5");
+ verify_string("subval1", "main.sub.subsub.subkey1");
+
+ keys = linked_list_create_with_items("key3", "key1", "key2", NULL);
+ values = linked_list_create_with_items("val3", "val1", "val2", NULL);
+ verify_key_values(keys, values, "main.sub");
+}
+END_TEST
+
START_TEST(test_add_fallback_printf)
{
settings->add_fallback(settings, "%s.sub1", "sub", "main");
@@ -1051,6 +1139,264 @@ START_TEST(test_add_fallback_printf)
}
END_TEST
+START_TEST(test_references)
+{
+ linked_list_t *keys, *values;
+
+ create_settings(chunk_from_str(
+ "main {\n"
+ " sub1 {\n"
+ " key1 = sub1val1\n"
+ " key2 = sub1val2\n"
+ " key4 = sub1val4\n"
+ " subsub {\n"
+ " subkey1 = sub1subsubval1\n"
+ " subkey2 = sub1subsubval2\n"
+ " }\n"
+ " subsub1 {\n"
+ " subkey1 = sub1subsub1val1\n"
+ " }\n"
+ " }\n"
+ " sub2 : main.sub1 {\n"
+ " key2 = sub2val2\n"
+ " key3 = sub2val3\n"
+ " key4 =\n"
+ " subsub {\n"
+ " subkey1 = sub2subsubval1\n"
+ " subkey3 = sub2subsubval3\n"
+ " }\n"
+ " }\n"
+ "}"));
+
+ verify_string("sub1val1", "main.sub2.key1");
+ verify_string("sub2val2", "main.sub2.key2");
+ verify_string("sub2val3", "main.sub2.key3");
+ verify_null("main.sub2.key4");
+ verify_string("sub2subsubval1", "main.sub2.subsub.subkey1");
+ verify_string("sub1subsubval2", "main.sub2.subsub.subkey2");
+ verify_string("sub2subsubval3", "main.sub2.subsub.subkey3");
+ verify_string("sub1subsub1val1", "main.sub2.subsub1.subkey1");
+
+ keys = linked_list_create_with_items("subsub", "subsub1", NULL);
+ verify_sections(keys, "main.sub2");
+
+ keys = linked_list_create_with_items("key2", "key3", "key1", NULL);
+ values = linked_list_create_with_items("sub2val2", "sub2val3", "sub1val1", NULL);
+ verify_key_values(keys, values, "main.sub2");
+
+ keys = linked_list_create_with_items("subkey1", "subkey3", "subkey2", NULL);
+ values = linked_list_create_with_items("sub2subsubval1", "sub2subsubval3", "sub1subsubval2", NULL);
+ verify_key_values(keys, values, "main.sub2.subsub");
+}
+END_TEST
+
+START_TEST(test_references_templates)
+{
+ create_settings(chunk_from_str(
+ "sub-def {\n"
+ " key1 = sub1val1\n"
+ " key2 = sub1val2\n"
+ " subsub {\n"
+ " subkey1 = sub1subsubval1\n"
+ " }\n"
+ "}\n"
+ "subsub-def {\n"
+ " subkey1 = sub1subval1\n"
+ " subkey2 = sub1subval1\n"
+ "}\n"
+ "main {\n"
+ " sub1 : sub-def {\n"
+ " key1 = mainsub1val1\n"
+ " subsub : subsub-def {\n"
+ " subkey1 = mainsub1subval1\n"
+ " }\n"
+ " subsub1 {\n"
+ " subkey1 = mainsub1sub1val1\n"
+ " }\n"
+ " }\n"
+ " sub2 : sub-def {\n"
+ " key2 = mainsub2val2\n"
+ " key3 = mainsub2val3\n"
+ " subsub {\n"
+ " subkey3 = mainsub2subsubval3\n"
+ " }\n"
+ " }\n"
+ "}"));
+
+ verify_string("mainsub1val1", "main.sub1.key1");
+ verify_string("sub1val2", "main.sub1.key2");
+ verify_string("mainsub1subval1", "main.sub1.subsub.subkey1");
+ verify_string("sub1subval1", "main.sub1.subsub.subkey2");
+ verify_string("mainsub1sub1val1", "main.sub1.subsub1.subkey1");
+ verify_string("sub1val1", "main.sub2.key1");
+ verify_string("mainsub2val2", "main.sub2.key2");
+ verify_string("mainsub2val3", "main.sub2.key3");
+ verify_string("sub1subsubval1", "main.sub2.subsub.subkey1");
+ verify_null("main.sub2.subsub.subkey2");
+ verify_string("mainsub2subsubval3", "main.sub2.subsub.subkey3");
+}
+END_TEST
+
+START_TEST(test_references_order)
+{
+ linked_list_t *keys, *values;
+
+ create_settings(chunk_from_str(
+ "main {\n"
+ " sub1 {\n"
+ " key1 = sub1val1\n"
+ " key2 = sub1val2\n"
+ " subsub1 {\n"
+ " }\n"
+ " }\n"
+ " sub2 {\n"
+ " key2 = sub2val2\n"
+ " key3 = sub2val3\n"
+ " subsub2 {\n"
+ " }\n"
+ " }\n"
+ " sub3 : main.sub1, main.sub2 {\n"
+ " key3 = sub3val3\n"
+ " }\n"
+ " sub4 : main.sub2, main.sub1 {\n"
+ " key3 = sub4val3\n"
+ " }\n"
+ "}"));
+
+ verify_string("sub1val2", "main.sub3.key2");
+ verify_string("sub3val3", "main.sub3.key3");
+ verify_string("sub2val2", "main.sub4.key2");
+ verify_string("sub4val3", "main.sub4.key3");
+
+ /* the order of referenced keys/subsections depends on the reference
+ * statement's order */
+ keys = linked_list_create_with_items("subsub1", "subsub2", NULL);
+ verify_sections(keys, "main.sub3");
+
+ keys = linked_list_create_with_items("subsub2", "subsub1", NULL);
+ verify_sections(keys, "main.sub4");
+
+ /* local keys are always enumerated first */
+ keys = linked_list_create_with_items("key3", "key1", "key2", NULL);
+ values = linked_list_create_with_items("sub3val3", "sub1val1", "sub1val2", NULL);
+ verify_key_values(keys, values, "main.sub3");
+
+ keys = linked_list_create_with_items("key3", "key2", "key1", NULL);
+ values = linked_list_create_with_items("sub4val3", "sub2val2", "sub1val1", NULL);
+ verify_key_values(keys, values, "main.sub4");
+}
+END_TEST
+
+START_TEST(test_references_resolution)
+{
+ linked_list_t *keys, *values;
+
+ create_settings(chunk_from_str(
+ "sec-a {\n"
+ " sub1 {\n"
+ " a1 = val-a1\n"
+ " key = sec-a-val1\n"
+ " sub-a {\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "sec-b : sec-a {\n"
+ " sub1 {\n"
+ " b1 = val-b1\n"
+ " key = sec-b-val1\n"
+ " sub-b1 {\n"
+ " }\n"
+ " }\n"
+ " sub2 {\n"
+ " b2 = val-b2\n"
+ " key = sec-b-val2\n"
+ " sub-b2 {\n"
+ " }\n"
+ " }\n"
+ "}\n"
+ "sec-c : sec-b {\n"
+ " sub2 : sec-b.sub1 {\n"
+ " c2 = val-c2\n"
+ " key = sec-c-val2\n"
+ " sub-c2 {\n"
+ " }\n"
+ " }\n"
+ "}"));
+
+ verify_string("sec-c-val2", "sec-c.sub2.key");
+ settings_remove_value(settings, "sec-c.sub2.key");
+ verify_string("sec-b-val1", "sec-c.sub2.key");
+ settings_remove_value(settings, "sec-b.sub1.key");
+ verify_string("sec-a-val1", "sec-c.sub2.key");
+ settings_remove_value(settings, "sec-a.sub1.key");
+ verify_string("sec-b-val2", "sec-c.sub2.key");
+ settings_remove_value(settings, "sec-b.sub2.key");
+ verify_null("sec-c.sub2.key");
+
+ keys = linked_list_create_with_items("sub-c2", "sub-b1", "sub-a", "sub-b2", NULL);
+ verify_sections(keys, "sec-c.sub2");
+
+ keys = linked_list_create_with_items("c2", "b1", "a1", "b2", NULL);
+ values = linked_list_create_with_items("val-c2", "val-b1", "val-a1", "val-b2", NULL);
+ verify_key_values(keys, values, "sec-c.sub2");
+}
+END_TEST
+
+START_TEST(test_references_fallback)
+{
+ linked_list_t *keys, *values;
+
+#define test_references_fallback_base_settings \
+ "lib {\n" \
+ " key1 = libval1\n" \
+ " keylib = libval\n" \
+ " sub {\n" \
+ " key1 = libsubval1\n" \
+ " }\n" \
+ " libsub {\n" \
+ " }\n" \
+ "}\n" \
+ "other {\n" \
+ " key1 = otherval1\n" \
+ " keyother = otherval\n" \
+ " sub {\n" \
+ " key1 = othersubval1\n" \
+ " }\n" \
+ " othersub {\n" \
+ " }\n" \
+ "}\n"
+
+ create_settings(chunk_from_str(
+ test_references_fallback_base_settings "app : other {}"));
+
+ /* references have precedence over fallbacks */
+ settings->add_fallback(settings, "app", "lib");
+ verify_string("otherval1", "app.key1");
+ verify_string("libval", "app.keylib");
+ verify_string("othersubval1", "app.sub.key1");
+
+ keys = linked_list_create_with_items("sub", "othersub", "libsub", NULL);
+ verify_sections(keys, "app");
+
+ keys = linked_list_create_with_items("key1", "keyother", "keylib", NULL);
+ values = linked_list_create_with_items("otherval1", "otherval", "libval", NULL);
+ verify_key_values(keys, values, "app");
+
+ /* fallbacks are unaffected when reloading configs with references */
+ ck_assert(settings->load_string_section(settings,
+ test_references_fallback_base_settings "app {}", FALSE, ""));
+ verify_string("libval1", "app.key1");
+ verify_string("libval", "app.keylib");
+ verify_string("libsubval1", "app.sub.key1");
+
+ ck_assert(settings->load_string_section(settings,
+ test_references_fallback_base_settings "app : other {}", FALSE, ""));
+ verify_string("otherval1", "app.key1");
+ verify_string("libval", "app.keylib");
+ verify_string("othersubval1", "app.sub.key1");
+}
+END_TEST
+
START_SETUP(setup_string_config)
{
create_settings(chunk_from_str(
@@ -1115,6 +1461,25 @@ START_TEST(test_valid)
ck_assert(chunk_write(contents, path, 0022, TRUE));
ck_assert(settings->load_files(settings, path, FALSE));
verify_string("a setting with = and { character", "equals");
+
+ contents = chunk_from_str(
+ "ref { key = value }\nvalid:ref {}");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(settings->load_files(settings, path, FALSE));
+ verify_string("value", "valid.key");
+
+ contents = chunk_from_str(
+ "ref { key = value }\nvalid\n:\nref {}");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(settings->load_files(settings, path, FALSE));
+ verify_string("value", "valid.key");
+
+ contents = chunk_from_str(
+ "ref { key = value }\nother { key1 = value1 }\nvalid\n:\nref\n\t,\nother {}");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(settings->load_files(settings, path, FALSE));
+ verify_string("value", "valid.key");
+ verify_string("value1", "valid.key1");
}
END_TEST
@@ -1157,6 +1522,21 @@ START_TEST(test_invalid)
"\"unexpected\" = string");
ck_assert(chunk_write(contents, path, 0022, TRUE));
ck_assert(!settings->load_files(settings, path, FALSE));
+
+ contents = chunk_from_str(
+ "incorrect :: ref {}");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(!settings->load_files(settings, path, FALSE));
+
+ contents = chunk_from_str(
+ "/var/log/daemon.log { dmn = 1 }");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(!settings->load_files(settings, path, FALSE));
+
+ contents = chunk_from_str(
+ "filelog { /var/log/daemon.log = 1 }");
+ ck_assert(chunk_write(contents, path, 0022, TRUE));
+ ck_assert(!settings->load_files(settings, path, FALSE));
}
END_TEST
@@ -1326,14 +1706,25 @@ Suite *settings_suite_create()
tcase_add_checked_fixture(tc, setup_include_config, teardown_config);
tcase_add_test(tc, test_load_string);
tcase_add_test(tc, test_load_string_section);
+ tcase_add_test(tc, test_load_string_section_null);
suite_add_tcase(s, tc);
tc = tcase_create("fallback");
tcase_add_checked_fixture(tc, setup_fallback_config, teardown_config);
tcase_add_test(tc, test_add_fallback);
+ tcase_add_test(tc, test_fallback_resolution);
tcase_add_test(tc, test_add_fallback_printf);
suite_add_tcase(s, tc);
+ tc = tcase_create("references");
+ tcase_add_checked_fixture(tc, NULL, teardown_config);
+ tcase_add_test(tc, test_references);
+ tcase_add_test(tc, test_references_templates);
+ tcase_add_test(tc, test_references_order);
+ tcase_add_test(tc, test_references_resolution);
+ tcase_add_test(tc, test_references_fallback);
+ suite_add_tcase(s, tc);
+
tc = tcase_create("strings");
tcase_add_checked_fixture(tc, setup_string_config, teardown_config);
tcase_add_test(tc, test_strings);
diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c
index 00f000a6a..f1d46ee6b 100644
--- a/src/libstrongswan/tests/suites/test_utils.c
+++ b/src/libstrongswan/tests/suites/test_utils.c
@@ -860,47 +860,75 @@ END_TEST
static struct {
char *s;
bool ok;
+ mark_op_t ops;
mark_t m;
} mark_data[] = {
- {NULL, FALSE, { 0 }},
- {"", TRUE, { 0, 0xffffffff }},
- {"/", TRUE, { 0, 0 }},
- {"42", TRUE, { 42, 0xffffffff }},
- {"0x42", TRUE, { 0x42, 0xffffffff }},
- {"x", FALSE, { 0 }},
- {"42/", TRUE, { 0, 0 }},
- {"42/0", TRUE, { 0, 0 }},
- {"42/x", FALSE, { 0 }},
- {"42/42", TRUE, { 42, 42 }},
- {"42/0xff", TRUE, { 42, 0xff }},
- {"0x42/0xff", TRUE, { 0x42, 0xff }},
- {"/0xff", TRUE, { 0, 0xff }},
- {"/x", FALSE, { 0 }},
- {"x/x", FALSE, { 0 }},
- {"0xfffffff0/0x0000ffff", TRUE, { 0x0000fff0, 0x0000ffff }},
- {"%unique", TRUE, { MARK_UNIQUE, 0xffffffff }},
- {"%unique/", TRUE, { MARK_UNIQUE, 0 }},
- {"%unique/0x0000ffff", TRUE, { MARK_UNIQUE, 0x0000ffff }},
- {"%unique/0xffffffff", TRUE, { MARK_UNIQUE, 0xffffffff }},
- {"%unique0xffffffffff", FALSE, { 0, 0 }},
- {"0xffffffff/0x0000ffff", TRUE, { MARK_UNIQUE, 0x0000ffff }},
- {"0xffffffff/0xffffffff", TRUE, { MARK_UNIQUE, 0xffffffff }},
- {"%unique-dir", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }},
- {"%unique-dir/", TRUE, { MARK_UNIQUE_DIR, 0 }},
- {"%unique-dir/0x0000ffff", TRUE, { MARK_UNIQUE_DIR, 0x0000ffff }},
- {"%unique-dir/0xffffffff", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }},
- {"%unique-dir0xffffffff", FALSE, { 0, 0 }},
- {"0xfffffffe/0x0000ffff", TRUE, { MARK_UNIQUE_DIR, 0x0000ffff }},
- {"0xfffffffe/0xffffffff", TRUE, { MARK_UNIQUE_DIR, 0xffffffff }},
- {"%unique-/0xffffffff", FALSE, { 0, 0 }},
- {"%unique-foo/0xffffffff", FALSE, { 0, 0 }},
+ {NULL, FALSE, MARK_OP_NONE, { 0 }},
+ {"", TRUE, MARK_OP_NONE, { 0, 0xffffffff }},
+ {"/", TRUE, MARK_OP_NONE, { 0, 0 }},
+ {"42", TRUE, MARK_OP_NONE, { 42, 0xffffffff }},
+ {"0x42", TRUE, MARK_OP_NONE, { 0x42, 0xffffffff }},
+ {"x", FALSE, MARK_OP_NONE, { 0 }},
+ {"42/", TRUE, MARK_OP_NONE, { 0, 0 }},
+ {"42/0", TRUE, MARK_OP_NONE, { 0, 0 }},
+ {"42/x", FALSE, MARK_OP_NONE, { 0 }},
+ {"42/42", TRUE, MARK_OP_NONE, { 42, 42 }},
+ {"42/0xff", TRUE, MARK_OP_NONE, { 42, 0xff }},
+ {"0x42/0xff", TRUE, MARK_OP_NONE, { 0x42, 0xff }},
+ {"/0xff", TRUE, MARK_OP_NONE, { 0, 0xff }},
+ {"/x", FALSE, MARK_OP_NONE, { 0 }},
+ {"x/x", FALSE, MARK_OP_NONE, { 0 }},
+ {"0xfffffff0/0x0000ffff", TRUE, MARK_OP_UNIQUE,
+ { 0x0000fff0, 0x0000ffff }},
+ {"%unique", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE, 0xffffffff }},
+ {"%unique/", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE, 0 }},
+ {"%unique", FALSE, MARK_OP_NONE,
+ { 0, 0 }},
+ {"%unique/0x0000ffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE, 0x0000ffff }},
+ {"%unique/0xffffffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE, 0xffffffff }},
+ {"%unique0xffffffffff", FALSE, MARK_OP_UNIQUE,
+ { 0, 0 }},
+ {"0xffffffff/0x0000ffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE, 0x0000ffff }},
+ {"0xffffffff/0xffffffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE, 0xffffffff }},
+ {"%unique-dir", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE_DIR, 0xffffffff }},
+ {"%unique-dir/", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE_DIR, 0 }},
+ {"%unique-dir", FALSE, MARK_OP_NONE,
+ { 0, 0 }},
+ {"%unique-dir/0x0000ffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE_DIR, 0x0000ffff }},
+ {"%unique-dir/0xffffffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE_DIR, 0xffffffff }},
+ {"%unique-dir0xffffffff", FALSE, MARK_OP_UNIQUE,
+ { 0, 0 }},
+ {"0xfffffffe/0x0000ffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE_DIR, 0x0000ffff }},
+ {"0xfffffffe/0xffffffff", TRUE, MARK_OP_UNIQUE,
+ { MARK_UNIQUE_DIR, 0xffffffff }},
+ {"%unique-/0xffffffff", FALSE, MARK_OP_UNIQUE,
+ { 0, 0 }},
+ {"%unique-foo/0xffffffff", FALSE, MARK_OP_UNIQUE,
+ { 0, 0 }},
+ {"%same", TRUE, MARK_OP_SAME,
+ { MARK_SAME, 0xffffffff }},
+ {"%same/0x0000ffff", TRUE, MARK_OP_SAME,
+ { MARK_SAME, 0x0000ffff }},
+ {"%%same", FALSE, MARK_OP_NONE,
+ { 0, 0 }},
};
START_TEST(test_mark_from_string)
{
mark_t mark;
- if (mark_from_string(mark_data[_i].s, &mark))
+ if (mark_from_string(mark_data[_i].s, mark_data[_i].ops, &mark))
{
ck_assert_int_eq(mark.value, mark_data[_i].m.value);
ck_assert_int_eq(mark.mask, mark_data[_i].m.mask);
diff --git a/src/libstrongswan/threading/windows/mutex.c b/src/libstrongswan/threading/windows/mutex.c
index a26889580..135c8022e 100644
--- a/src/libstrongswan/threading/windows/mutex.c
+++ b/src/libstrongswan/threading/windows/mutex.c
@@ -112,7 +112,7 @@ METHOD(condvar_t, timed_wait, bool,
thread_set_active_condvar(&this->cv);
/* while a CriticalSection is recursive, waiting in a condvar releases
- * only one mutex. So release (and reaquire) all locks except the last. */
+ * only one mutex. So release (and reacquire) all locks except the last. */
times = mutex->times;
while (mutex->times-- > 1)
{
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index 56298a60f..36c0c9daa 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -1222,6 +1222,7 @@ static private_identification_t* create_from_string_with_prefix_type(char *str)
{ "dns:", ID_FQDN },
{ "asn1dn:", ID_DER_ASN1_DN },
{ "asn1gn:", ID_DER_ASN1_GN },
+ { "xmppaddr:", ID_DER_ASN1_GN },
{ "keyid:", ID_KEY_ID },
};
private_identification_t *this;
@@ -1233,6 +1234,7 @@ static private_identification_t* create_from_string_with_prefix_type(char *str)
{
this = identification_create(prefixes[i].type);
str += strlen(prefixes[i].str);
+
if (*str == '#')
{
this->encoded = chunk_from_hex(chunk_from_str(str + 1), NULL);
@@ -1241,6 +1243,17 @@ static private_identification_t* create_from_string_with_prefix_type(char *str)
{
this->encoded = chunk_clone(chunk_from_str(str));
}
+
+ if (prefixes[i].type == ID_DER_ASN1_GN &&
+ strcasepfx(prefixes[i].str, "xmppaddr:"))
+ {
+ this->encoded = asn1_wrap(ASN1_CONTEXT_C_0, "mm",
+ asn1_build_known_oid(OID_XMPP_ADDR),
+ asn1_wrap(ASN1_CONTEXT_C_0, "m",
+ asn1_wrap(ASN1_UTF8STRING, "m",
+ this->encoded)));
+ }
+
return this;
}
}
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index b873e12a8..efeb0f478 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2014 Tobias Brunner
+ * Copyright (C) 2013-2018 Tobias Brunner
* Copyright (C) 2006-2013 Martin Willi
* HSR Hochschule fuer Technik Rapperswil
*
@@ -162,7 +162,12 @@ static spinlock_t *lock;
/**
* Is leak detection currently enabled?
*/
-static bool enabled = FALSE;
+static bool enabled;
+
+/**
+ * Whether to report calls to free() with memory not allocated by us
+ */
+static bool ignore_unknown;
/**
* Is leak detection disabled for the current thread?
@@ -609,6 +614,11 @@ static char *whitelist[] = {
/* FHH IMCs and IMVs */
"TNC_IMC_NotifyConnectionChange",
"TNC_IMV_NotifyConnectionChange",
+ /* Botan */
+ "botan_public_key_load",
+ "botan_privkey_create_ecdsa",
+ "botan_privkey_create_ecdh",
+ "botan_privkey_load_ecdh",
};
/**
@@ -883,7 +893,7 @@ HOOK(void, free, void *ptr)
return;
}
/* allow freeing of NULL */
- if (ptr == NULL)
+ if (!ptr)
{
return;
}
@@ -894,21 +904,47 @@ HOOK(void, free, void *ptr)
if (hdr->magic != MEMORY_HEADER_MAGIC ||
tail->magic != MEMORY_TAIL_MAGIC)
{
+ bool bt = TRUE;
+
+ /* check if memory appears to be allocated by our hooks */
if (has_hdr(hdr))
{
- /* memory was allocated by our hooks but is corrupted */
fprintf(stderr, "freeing corrupted memory (%p): "
- "header magic 0x%x, tail magic 0x%x:\n",
- ptr, hdr->magic, tail->magic);
+ "%u bytes, header magic 0x%x, tail magic 0x%x:\n",
+ ptr, hdr->bytes, hdr->magic, tail->magic);
+ remove_hdr(hdr);
+
+ if (hdr->magic == MEMORY_HEADER_MAGIC)
+ { /* only access the old backtrace if header magic is valid */
+ hdr->backtrace->log(hdr->backtrace, stderr, TRUE);
+ hdr->backtrace->destroy(hdr->backtrace);
+ }
+ else
+ {
+ fprintf(stderr, " header magic invalid, ignore backtrace of "
+ "allocation\n");
+ }
}
else
{
- /* memory was not allocated by our hooks */
- fprintf(stderr, "freeing invalid memory (%p)\n", ptr);
+ /* just free this block of unknown memory */
+ hdr = ptr;
+
+ if (ignore_unknown)
+ {
+ bt = FALSE;
+ }
+ else
+ {
+ fprintf(stderr, "freeing unknown memory (%p):\n", ptr);
+ }
+ }
+ if (bt)
+ {
+ backtrace = backtrace_create(2);
+ backtrace->log(backtrace, stderr, TRUE);
+ backtrace->destroy(backtrace);
}
- backtrace = backtrace_create(2);
- backtrace->log(backtrace, stderr, TRUE);
- backtrace->destroy(backtrace);
}
else
{
@@ -916,12 +952,11 @@ HOOK(void, free, void *ptr)
hdr->backtrace->destroy(hdr->backtrace);
- /* clear MAGIC, set mem to something remarkable */
+ /* set mem to something remarkable */
memset(hdr, MEMORY_FREE_PATTERN,
sizeof(memory_header_t) + hdr->bytes + sizeof(memory_tail_t));
-
- real_free(hdr);
}
+ real_free(hdr);
enable_thread(before);
}
@@ -933,19 +968,19 @@ HOOK(void*, realloc, void *old, size_t bytes)
memory_header_t *hdr;
memory_tail_t *tail;
backtrace_t *backtrace;
- bool before;
+ bool before, have_backtrace = TRUE;
if (!enabled || thread_disabled->get(thread_disabled))
{
return real_realloc(old, bytes);
}
/* allow reallocation of NULL */
- if (old == NULL)
+ if (!old)
{
return malloc(bytes);
}
/* handle zero size as a free() */
- if (bytes == 0)
+ if (!bytes)
{
free(old);
return NULL;
@@ -954,22 +989,64 @@ HOOK(void*, realloc, void *old, size_t bytes)
hdr = old - sizeof(memory_header_t);
tail = old + hdr->bytes;
- remove_hdr(hdr);
-
+ before = enable_thread(FALSE);
if (hdr->magic != MEMORY_HEADER_MAGIC ||
tail->magic != MEMORY_TAIL_MAGIC)
{
- fprintf(stderr, "reallocating invalid memory (%p):\n"
- "header magic 0x%x:\n", old, hdr->magic);
- backtrace = backtrace_create(2);
- backtrace->log(backtrace, stderr, TRUE);
- backtrace->destroy(backtrace);
+ bool bt = TRUE;
+
+ /* check if memory appears to be allocated by our hooks */
+ if (has_hdr(hdr))
+ {
+ fprintf(stderr, "reallocating corrupted memory (%p, %u bytes): "
+ "%zu bytes, header magic 0x%x, tail magic 0x%x:\n",
+ old, hdr->bytes, bytes, hdr->magic, tail->magic);
+ remove_hdr(hdr);
+
+ if (hdr->magic == MEMORY_HEADER_MAGIC)
+ { /* only access header fields (backtrace, bytes) if header magic
+ * is still valid */
+ hdr->backtrace->log(hdr->backtrace, stderr, TRUE);
+ memset(&tail->magic, MEMORY_ALLOC_PATTERN, sizeof(tail->magic));
+ }
+ else
+ {
+ fprintf(stderr, " header magic invalid, ignore backtrace of "
+ "allocation\n");
+ have_backtrace = FALSE;
+ hdr->magic = MEMORY_HEADER_MAGIC;
+ }
+ }
+ else
+ {
+ /* adopt this block of unknown memory */
+ hdr = old;
+ have_backtrace = FALSE;
+
+ if (ignore_unknown)
+ {
+ bt = FALSE;
+ }
+ else
+ {
+ fprintf(stderr, "reallocating unknown memory (%p): %zu bytes:\n",
+ old, bytes);
+ }
+ }
+ if (bt)
+ {
+ backtrace = backtrace_create(2);
+ backtrace->log(backtrace, stderr, TRUE);
+ backtrace->destroy(backtrace);
+ }
}
else
{
+ remove_hdr(hdr);
/* clear tail magic, allocate, set tail magic */
memset(&tail->magic, MEMORY_ALLOC_PATTERN, sizeof(tail->magic));
}
+
hdr = real_realloc(hdr,
sizeof(memory_header_t) + bytes + sizeof(memory_tail_t));
tail = ((void*)hdr) + bytes + sizeof(memory_header_t);
@@ -978,8 +1055,10 @@ HOOK(void*, realloc, void *old, size_t bytes)
/* update statistics */
hdr->bytes = bytes;
- before = enable_thread(FALSE);
- hdr->backtrace->destroy(hdr->backtrace);
+ if (have_backtrace)
+ {
+ hdr->backtrace->destroy(hdr->backtrace);
+ }
hdr->backtrace = backtrace_create(2);
enable_thread(before);
@@ -1022,6 +1101,7 @@ leak_detective_t *leak_detective_create()
free(this);
return NULL;
}
+ ignore_unknown = getenv("LEAK_DETECTIVE_IGNORE_UNKNOWN") != NULL;
lock = spinlock_create();
thread_disabled = thread_value_create(NULL);
diff --git a/src/libstrongswan/utils/utils/atomics.h b/src/libstrongswan/utils/utils/atomics.h
index a973b1adc..c23b361ec 100644
--- a/src/libstrongswan/utils/utils/atomics.h
+++ b/src/libstrongswan/utils/utils/atomics.h
@@ -27,8 +27,14 @@
*/
typedef u_int refcount_t;
+/* use __atomic* built-ins with clang, if available (note that clang also
+ * defines __GNUC__, however only claims to be GCC 4.2) */
+#if defined(__clang__)
+# if __has_builtin(__atomic_add_fetch)
+# define HAVE_GCC_ATOMIC_OPERATIONS
+# endif
/* use __atomic* built-ins with GCC 4.7 and newer */
-#ifdef __GNUC__
+#elif defined(__GNUC__)
# if (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 6))
# define HAVE_GCC_ATOMIC_OPERATIONS
# endif
@@ -47,7 +53,7 @@ typedef u_int refcount_t;
#define ref_put(ref) (!__atomic_sub_fetch(ref, 1, __ATOMIC_ACQ_REL))
#define ref_cur(ref) __atomic_load_n(ref, __ATOMIC_RELAXED)
-#define _cas_impl(ptr, oldval, newval) ({ typeof(oldval) _old = oldval; \
+#define _cas_impl(ptr, oldval, newval) ({ typeof(*ptr) _old = oldval; \
__atomic_compare_exchange_n(ptr, &_old, newval, FALSE, \
__ATOMIC_SEQ_CST, __ATOMIC_RELAXED); })
#define cas_bool(ptr, oldval, newval) _cas_impl(ptr, oldval, newval)
diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in
index 3412ab1cb..ea6449df3 100644
--- a/src/libtls/Makefile.in
+++ b/src/libtls/Makefile.in
@@ -363,7 +363,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -389,6 +388,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -409,8 +410,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -465,8 +464,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -495,8 +492,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in
index c46ca18bd..20913bc09 100644
--- a/src/libtls/tests/Makefile.in
+++ b/src/libtls/tests/Makefile.in
@@ -307,7 +307,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -333,6 +332,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -353,8 +354,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -409,8 +408,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -439,8 +436,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c
index 2ba6dd2a6..1f2439ca1 100644
--- a/src/libtls/tls_peer.c
+++ b/src/libtls/tls_peer.c
@@ -188,7 +188,7 @@ static status_t process_server_hello(private_tls_peer_t *this,
suite = cipher;
if (!this->crypto->select_cipher_suite(this->crypto, &suite, 1, KEY_ANY))
{
- DBG1(DBG_TLS, "received TLS cipher suite %N inacceptable",
+ DBG1(DBG_TLS, "received TLS cipher suite %N unacceptable",
tls_cipher_suite_names, suite);
this->alert->add(this->alert, TLS_FATAL, TLS_HANDSHAKE_FAILURE);
return NEED_MORE;
diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c
index 422211afa..70d17f22c 100644
--- a/src/libtls/tls_server.c
+++ b/src/libtls/tls_server.c
@@ -190,7 +190,7 @@ static bool select_suite_and_key(private_tls_server_t *this,
suites, count, type);
if (!this->suite)
{
- DBG1(DBG_TLS, "received cipher suites inacceptable");
+ DBG1(DBG_TLS, "received cipher suites unacceptable");
return FALSE;
}
this->server_auth->destroy(this->server_auth);
@@ -199,7 +199,7 @@ static bool select_suite_and_key(private_tls_server_t *this,
this->server_auth);
if (!key)
{
- DBG1(DBG_TLS, "received cipher suites inacceptable");
+ DBG1(DBG_TLS, "received cipher suites unacceptable");
return FALSE;
}
}
diff --git a/src/libtls/tls_socket.h b/src/libtls/tls_socket.h
index 0d4db3b41..7924c585c 100644
--- a/src/libtls/tls_socket.h
+++ b/src/libtls/tls_socket.h
@@ -104,7 +104,7 @@ struct tls_socket_t {
* @param peer client identity, NULL for no client authentication
* @param fd socket to read/write from
* @param cache session cache to use, or NULL
- * @param max_version maximun TLS version to negotiate
+ * @param max_version maximum TLS version to negotiate
* @param nullok accept NULL encryption ciphers
* @return TLS socket wrapper
*/
diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in
index 97995800b..ab45f6f91 100644
--- a/src/libtnccs/Makefile.in
+++ b/src/libtnccs/Makefile.in
@@ -367,7 +367,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -393,6 +392,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -413,8 +414,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -469,8 +468,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -499,8 +496,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in
index 7143a1ce2..70c87ee51 100644
--- a/src/libtnccs/plugins/tnc_imc/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imc/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in
index a142a7eff..532ec741a 100644
--- a/src/libtnccs/plugins/tnc_imv/Makefile.in
+++ b/src/libtnccs/plugins/tnc_imv/Makefile.in
@@ -316,7 +316,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -342,6 +341,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -362,8 +363,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -418,8 +417,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -448,8 +445,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
index 72a195eca..4ffdf5a43 100644
--- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in
+++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in
index 7e15cb2ff..7649e999b 100644
--- a/src/libtnccs/plugins/tnccs_11/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_11/Makefile.in
@@ -325,7 +325,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -351,6 +350,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -371,8 +372,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -427,8 +426,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -457,8 +454,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in
index d7d445fd1..69d48dc47 100644
--- a/src/libtnccs/plugins/tnccs_20/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_20/Makefile.in
@@ -328,7 +328,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -354,6 +353,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -374,8 +375,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -430,8 +429,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -460,8 +457,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c
index 86ae1c099..32d950297 100644
--- a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c
+++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c
@@ -92,6 +92,11 @@ struct private_tnccs_20_server_t {
bool request_handshake_retry;
/**
+ * Flag set after sending SRETRY batch
+ */
+ bool retry_handshake;
+
+ /**
* SendMessage() by IMV only allowed if flag is set
*/
bool send_msg;
@@ -279,8 +284,9 @@ static void build_retry_batch(private_tnccs_20_server_t *this)
change_batch_type(this, PB_BATCH_SRETRY);
this->recs->clear_recommendation(this->recs);
- tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id,
- TNC_CONNECTION_STATE_HANDSHAKE);
+
+ /* Handshake will be retried with next incoming CDATA batch */
+ this->retry_handshake = TRUE;
}
METHOD(tnccs_20_handler_t, process, status_t,
@@ -301,7 +307,17 @@ METHOD(tnccs_20_handler_t, process, status_t,
pb_tnc_msg_t *msg;
bool empty = TRUE;
- if (batch_type == PB_BATCH_CRETRY)
+ if (batch_type == PB_BATCH_CDATA)
+ {
+ /* retry handshake after a previous SRETRY batch */
+ if (this->retry_handshake)
+ {
+ tnc->imvs->notify_connection_change(tnc->imvs,
+ this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE);
+ this->retry_handshake = FALSE;
+ }
+ }
+ else if (batch_type == PB_BATCH_CRETRY)
{
/* Send an SRETRY batch in response */
this->mutex->lock(this->mutex);
diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
index 79db1e9b4..d18924612 100644
--- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
+++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in
@@ -315,7 +315,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -341,6 +340,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -361,8 +362,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -417,8 +416,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -447,8 +444,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in
index bd1da8e18..9b4b149a5 100644
--- a/src/libtncif/Makefile.in
+++ b/src/libtncif/Makefile.in
@@ -277,7 +277,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -303,6 +302,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -323,8 +324,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -379,8 +378,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -409,8 +406,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtpmtss/Makefile.am b/src/libtpmtss/Makefile.am
index 1b3a9706f..d192fc126 100644
--- a/src/libtpmtss/Makefile.am
+++ b/src/libtpmtss/Makefile.am
@@ -24,8 +24,8 @@ libtpmtss_la_SOURCES = \
tpm_tss.h tpm_tss.c \
tpm_tss_quote_info.h tpm_tss_quote_info.c \
tpm_tss_trousers.h tpm_tss_trousers.c \
- tpm_tss_tss2.h tpm_tss_tss2.c \
- tpm_tss_tss2_names.h tpm_tss_tss2_names.c
+ tpm_tss_tss2.h tpm_tss_tss2_v1.c tpm_tss_tss2_v2.c \
+ tpm_tss_tss2_names.h tpm_tss_tss2_names_v1.c tpm_tss_tss2_names_v2.c
if MONOLITHIC
SUBDIRS =
diff --git a/src/libtpmtss/Makefile.in b/src/libtpmtss/Makefile.in
index 50861bcdd..724906de9 100644
--- a/src/libtpmtss/Makefile.in
+++ b/src/libtpmtss/Makefile.in
@@ -146,7 +146,8 @@ libtpmtss_la_DEPENDENCIES = \
$(top_builddir)/src/libstrongswan/libstrongswan.la \
$(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) $(am__append_4)
am_libtpmtss_la_OBJECTS = tpm_tss.lo tpm_tss_quote_info.lo \
- tpm_tss_trousers.lo tpm_tss_tss2.lo tpm_tss_tss2_names.lo
+ tpm_tss_trousers.lo tpm_tss_tss2_v1.lo tpm_tss_tss2_v2.lo \
+ tpm_tss_tss2_names_v1.lo tpm_tss_tss2_names_v2.lo
libtpmtss_la_OBJECTS = $(am_libtpmtss_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -355,7 +356,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -381,6 +381,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -401,8 +403,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -457,8 +457,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -487,8 +485,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
@@ -511,8 +513,8 @@ libtpmtss_la_SOURCES = \
tpm_tss.h tpm_tss.c \
tpm_tss_quote_info.h tpm_tss_quote_info.c \
tpm_tss_trousers.h tpm_tss_trousers.c \
- tpm_tss_tss2.h tpm_tss_tss2.c \
- tpm_tss_tss2_names.h tpm_tss_tss2_names.c
+ tpm_tss_tss2.h tpm_tss_tss2_v1.c tpm_tss_tss2_v2.c \
+ tpm_tss_tss2_names.h tpm_tss_tss2_names_v1.c tpm_tss_tss2_names_v2.c
@MONOLITHIC_FALSE@SUBDIRS = . $(am__append_3)
@MONOLITHIC_TRUE@SUBDIRS = $(am__append_3)
@@ -600,8 +602,10 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_quote_info.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_trousers.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_names.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_names_v1.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_names_v2.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_v1.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_v2.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
diff --git a/src/libtpmtss/plugins/tpm/Makefile.in b/src/libtpmtss/plugins/tpm/Makefile.in
index e03e73656..7cbd25414 100644
--- a/src/libtpmtss/plugins/tpm/Makefile.in
+++ b/src/libtpmtss/plugins/tpm/Makefile.in
@@ -312,7 +312,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -338,6 +337,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -358,8 +359,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -414,8 +413,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -444,8 +441,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/libtpmtss/plugins/tpm/tpm_plugin.c b/src/libtpmtss/plugins/tpm/tpm_plugin.c
index e98899852..a00f46ea2 100644
--- a/src/libtpmtss/plugins/tpm/tpm_plugin.c
+++ b/src/libtpmtss/plugins/tpm/tpm_plugin.c
@@ -18,6 +18,7 @@
#include "tpm_cert.h"
#include "tpm_rng.h"
+#include <tpm_tss.h>
#include <library.h>
typedef struct private_tpm_plugin_t private_tpm_plugin_t;
@@ -80,6 +81,7 @@ METHOD(plugin_t, destroy, void,
private_tpm_plugin_t *this)
{
free(this);
+ libtpmtss_deinit();
}
/*
@@ -89,6 +91,11 @@ plugin_t *tpm_plugin_create()
{
private_tpm_plugin_t *this;
+ if (!libtpmtss_init())
+ {
+ return NULL;
+ }
+
INIT(this,
.public = {
.plugin = {
diff --git a/src/libtpmtss/plugins/tpm/tpm_private_key.c b/src/libtpmtss/plugins/tpm/tpm_private_key.c
index 0df5ee94c..3b7582ae3 100644
--- a/src/libtpmtss/plugins/tpm/tpm_private_key.c
+++ b/src/libtpmtss/plugins/tpm/tpm_private_key.c
@@ -93,7 +93,7 @@ METHOD(private_key_t, sign, bool,
enumerator->destroy(enumerator);
return this->tpm->sign(this->tpm, this->hierarchy, this->handle, scheme,
- data, pin, signature);
+ params, data, pin, signature);
}
METHOD(private_key_t, decrypt, bool,
diff --git a/src/libtpmtss/tpm_tss.c b/src/libtpmtss/tpm_tss.c
index 42a341896..72fd45b81 100644
--- a/src/libtpmtss/tpm_tss.c
+++ b/src/libtpmtss/tpm_tss.c
@@ -27,12 +27,20 @@
/**
* Described in header.
*/
-void libtpmtss_init(void)
+bool libtpmtss_init(void)
{
- /* empty */
+ return tpm_tss_tss2_init();
}
-typedef tpm_tss_t*(*tpm_tss_create)();
+/**
+ * Described in header.
+ */
+void libtpmtss_deinit(void)
+{
+ tpm_tss_tss2_deinit();
+}
+
+typedef tpm_tss_t*(*tpm_tss_create)(void);
/**
* See header.
diff --git a/src/libtpmtss/tpm_tss.h b/src/libtpmtss/tpm_tss.h
index bcb7ab949..11e4a7c15 100644
--- a/src/libtpmtss/tpm_tss.h
+++ b/src/libtpmtss/tpm_tss.h
@@ -48,14 +48,14 @@ struct tpm_tss_t {
/**
* Get TPM version supported by TSS
*
- * @return TPM version
+ * @return TPM version
*/
tpm_version_t (*get_version)(tpm_tss_t *this);
/**
* Get TPM version info (TPM 1.2 only)
*
- * @return TPM version info struct
+ * @return TPM version info struct
*/
chunk_t (*get_version_info)(tpm_tss_t *this);
@@ -74,8 +74,8 @@ struct tpm_tss_t {
/**
* Get public key from TPM using its object handle (TPM 2.0 only)
*
- * @param handle key object handle
- * @return public key in PKCS#1 format
+ * @param handle key object handle
+ * @return public key in PKCS#1 format
*/
chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle);
@@ -125,14 +125,15 @@ struct tpm_tss_t {
* @param handle object handle of TPM key to be used for signature
* @param hierarchy hierarchy the TPM key object is attached to
* @param scheme scheme to be used for signature
+ * @param param signature scheme parameters
* @param data data to be hashed and signed
* @param pin PIN code or empty chunk
* @param signature returns signature
* @return TRUE if signature succeeded
*/
bool (*sign)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
- signature_scheme_t scheme, chunk_t data, chunk_t pin,
- chunk_t *signature);
+ signature_scheme_t scheme, void *params, chunk_t data,
+ chunk_t pin, chunk_t *signature);
/**
* Get random bytes from the TPM
@@ -169,8 +170,15 @@ struct tpm_tss_t {
tpm_tss_t *tpm_tss_probe(tpm_version_t version);
/**
- * Dummy libtpmtss initialization function needed for integrity test
+ * libtpmtss initialization function
+ *
+ * @return TRUE if initialization was successful
+ */
+bool libtpmtss_init(void);
+
+/**
+ * libtpmtss de-initialization function
*/
-void libtpmtss_init(void);
+void libtpmtss_deinit(void);
#endif /** TPM_TSS_H_ @}*/
diff --git a/src/libtpmtss/tpm_tss_trousers.c b/src/libtpmtss/tpm_tss_trousers.c
index 6ed57af9d..81e542d02 100644
--- a/src/libtpmtss/tpm_tss_trousers.c
+++ b/src/libtpmtss/tpm_tss_trousers.c
@@ -584,7 +584,8 @@ err1:
METHOD(tpm_tss_t, sign, bool,
private_tpm_tss_trousers_t *this, uint32_t hierarchy, uint32_t handle,
- signature_scheme_t scheme, chunk_t data, chunk_t pin, chunk_t *signature)
+ signature_scheme_t scheme, void *params, chunk_t data, chunk_t pin,
+ chunk_t *signature)
{
return FALSE;
}
diff --git a/src/libtpmtss/tpm_tss_trousers.h b/src/libtpmtss/tpm_tss_trousers.h
index 3afba0db2..3ff3e6685 100644
--- a/src/libtpmtss/tpm_tss_trousers.h
+++ b/src/libtpmtss/tpm_tss_trousers.h
@@ -47,6 +47,6 @@ struct tpm_tss_trousers_t {
/**
* Create a tpm_tss_trousers instance.
*/
-tpm_tss_t *tpm_tss_trousers_create();
+tpm_tss_t *tpm_tss_trousers_create(void);
#endif /** TPM_TSS_TROUSERS_H_ @}*/
diff --git a/src/libtpmtss/tpm_tss_tss2.h b/src/libtpmtss/tpm_tss_tss2.h
index f3a11e5fd..f2846c916 100644
--- a/src/libtpmtss/tpm_tss_tss2.h
+++ b/src/libtpmtss/tpm_tss_tss2.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -26,6 +26,18 @@
/**
* Create a tpm_tss_tss2 instance.
*/
-tpm_tss_t *tpm_tss_tss2_create();
+tpm_tss_t *tpm_tss_tss2_create(void);
+
+/**
+ * Initialize the tpm_tss_tss2 library.
+ *
+ * @return TRUE if initialization was successful
+ */
+bool tpm_tss_tss2_init(void);
+
+/**
+ * /De-initialize the tpm_tss_tss2 library.
+ */
+void tpm_tss_tss2_deinit(void);
#endif /** TPM_TSS_TSS2_H_ @}*/
diff --git a/src/libtpmtss/tpm_tss_tss2_names.c b/src/libtpmtss/tpm_tss_tss2_names_v1.c
index a613ac566..d2a4b5b57 100644
--- a/src/libtpmtss/tpm_tss_tss2_names.c
+++ b/src/libtpmtss/tpm_tss_tss2_names_v1.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -15,7 +15,7 @@
#include "tpm_tss_tss2_names.h"
-#ifdef TSS_TSS2
+#ifdef TSS_TSS2_V1
#include <tpm20.h>
@@ -102,7 +102,9 @@ ENUM_NEXT(tpm_ecc_curve_names, TPM_ECC_SM2_P256, TPM_ECC_SM2_P256, TPM_ECC_BN_P6
);
ENUM_END(tpm_ecc_curve_names, TPM_ECC_SM2_P256);
-#else /* TSS_TSS2 */
+#else /* TSS_TSS2_V1 */
+
+#ifndef TSS_TSS2_V2
/**
* TPM 2.0 algorithm ID names
@@ -118,6 +120,8 @@ ENUM(tpm_ecc_curve_names, 0, 0,
"NONE"
);
-#endif /* TSS_TSS2 */
+#endif /* !TSS_TSS2_V2 */
+
+#endif /* TSS_TSS2_V1 */
diff --git a/src/libtpmtss/tpm_tss_tss2_names_v2.c b/src/libtpmtss/tpm_tss_tss2_names_v2.c
new file mode 100644
index 000000000..c8d29e4e6
--- /dev/null
+++ b/src/libtpmtss/tpm_tss_tss2_names_v2.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2018 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifdef TSS_TSS2_V2
+
+#include "tpm_tss_tss2_names.h"
+
+#include <tss2/tss2_sys.h>
+
+/**
+ * TPM 2.0 algorithm ID names
+ */
+ENUM_BEGIN(tpm_alg_id_names, TPM2_ALG_ERROR, TPM2_ALG_RSA,
+ "ERROR",
+ "RSA"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_SHA1, TPM2_ALG_KEYEDHASH, TPM2_ALG_RSA,
+ "SHA1",
+ "HMAC",
+ "AES",
+ "MGF1",
+ "KEYEDHASH"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_XOR, TPM2_ALG_SHA512, TPM2_ALG_KEYEDHASH,
+ "XOR",
+ "SHA256",
+ "SHA384",
+ "SHA512"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_NULL, TPM2_ALG_NULL, TPM2_ALG_SHA512,
+ "NULL"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_SM3_256, TPM2_ALG_ECMQV, TPM2_ALG_NULL,
+ "SM3_256",
+ "SM4",
+ "RSASSA",
+ "RSAES",
+ "RSAPSS",
+ "OAEP",
+ "ECDSA",
+ "ECDH",
+ "SM2",
+ "ECSCHNORR",
+ "ECMQV"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_KDF1_SP800_56A, TPM2_ALG_ECC, TPM2_ALG_ECMQV,
+ "KDF1_SP800_56A",
+ "KDF2",
+ "KDF1_SP800_108",
+ "ECC"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_SYMCIPHER, TPM2_ALG_CAMELLIA, TPM2_ALG_ECC,
+ "SYMCIPHER",
+ "CAMELLIA"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_CTR, TPM2_ALG_ECB, TPM2_ALG_CAMELLIA,
+ "CTR",
+ "OFB",
+ "CBC",
+ "CFB",
+ "ECB"
+);
+ENUM_END(tpm_alg_id_names, TPM2_ALG_ECB);
+
+/**
+ * TPM 2.0 ECC curve names
+ */
+ENUM_BEGIN(tpm_ecc_curve_names, TPM2_ECC_NONE, TPM2_ECC_NIST_P521,
+ "NONE",
+ "NIST_P192",
+ "NIST_P224",
+ "NIST_P256",
+ "NIST_P384",
+ "NIST_P521"
+);
+ENUM_NEXT(tpm_ecc_curve_names, TPM2_ECC_BN_P256, TPM2_ECC_BN_P638, TPM2_ECC_NIST_P521,
+ "BN_P256",
+ "BN_P638"
+);
+ENUM_NEXT(tpm_ecc_curve_names, TPM2_ECC_SM2_P256, TPM2_ECC_SM2_P256, TPM2_ECC_BN_P638,
+ "SM2_P256"
+);
+ENUM_END(tpm_ecc_curve_names, TPM2_ECC_SM2_P256);
+
+#endif /* TSS_TSS2_V2 */
+
diff --git a/src/libtpmtss/tpm_tss_tss2.c b/src/libtpmtss/tpm_tss_tss2_v1.c
index 90a16c103..9ed2798f7 100644
--- a/src/libtpmtss/tpm_tss_tss2.c
+++ b/src/libtpmtss/tpm_tss_tss2_v1.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -16,7 +16,7 @@
#include "tpm_tss_tss2.h"
#include "tpm_tss_tss2_names.h"
-#ifdef TSS_TSS2
+#ifdef TSS_TSS2_V1
#include <asn1/asn1.h>
#include <asn1/oid.h>
@@ -24,9 +24,9 @@
#include <tpm20.h>
-#ifdef TSS2_TCTI_TABRMD
+#ifdef TSS2_TCTI_TABRMD_V1
#include <tcti/tcti-tabrmd.h>
-#endif /* TSS2_TCTI_TABRMD */
+#endif /* TSS2_TCTI_TABRMD_V1 */
#ifdef TSS2_TCTI_SOCKET
#include <tcti_socket.h>
@@ -828,10 +828,12 @@ METHOD(tpm_tss_t, quote, bool,
METHOD(tpm_tss_t, sign, bool,
private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle,
- signature_scheme_t scheme, chunk_t data, chunk_t pin, chunk_t *signature)
+ signature_scheme_t scheme, void *params, chunk_t data, chunk_t pin,
+ chunk_t *signature)
{
key_type_t key_type;
hash_algorithm_t hash_alg;
+ rsa_pss_params_t *rsa_pss_params;
uint32_t rval;
TPM_ALG_ID alg_id;
@@ -870,8 +872,17 @@ METHOD(tpm_tss_t, sign, bool,
}
*( (uint8_t *)((void *)&session_data_cmd.sessionAttributes ) ) = 0;
- key_type = key_type_from_signature_scheme(scheme);
- hash_alg = hasher_from_signature_scheme(scheme, NULL);
+ if (scheme == SIGN_RSA_EMSA_PSS)
+ {
+ key_type = KEY_RSA;
+ rsa_pss_params = (rsa_pss_params_t *)params;
+ hash_alg = rsa_pss_params->hash;
+ }
+ else
+ {
+ key_type = key_type_from_signature_scheme(scheme);
+ hash_alg = hasher_from_signature_scheme(scheme, NULL);
+ }
/* Check if hash algorithm is supported by TPM */
alg_id = hash_alg_to_tpm_alg_id(hash_alg);
@@ -890,8 +901,16 @@ METHOD(tpm_tss_t, sign, bool,
if (key_type == KEY_RSA && public.t.publicArea.type == TPM_ALG_RSA)
{
- sig_scheme.scheme = TPM_ALG_RSASSA;
- sig_scheme.details.rsassa.hashAlg = alg_id;
+ if (scheme == SIGN_RSA_EMSA_PSS)
+ {
+ sig_scheme.scheme = TPM_ALG_RSAPSS;
+ sig_scheme.details.rsapss.hashAlg = alg_id;
+ }
+ else
+ {
+ sig_scheme.scheme = TPM_ALG_RSASSA;
+ sig_scheme.details.rsassa.hashAlg = alg_id;
+ }
}
else if (key_type == KEY_ECDSA && public.t.publicArea.type == TPM_ALG_ECC)
{
@@ -983,6 +1002,12 @@ METHOD(tpm_tss_t, sign, bool,
sig.signature.rsassa.sig.t.buffer,
sig.signature.rsassa.sig.t.size));
break;
+ case SIGN_RSA_EMSA_PSS:
+ *signature = chunk_clone(
+ chunk_create(
+ sig.signature.rsapss.sig.t.buffer,
+ sig.signature.rsapss.sig.t.size));
+ break;
case SIGN_ECDSA_256:
case SIGN_ECDSA_384:
case SIGN_ECDSA_521:
@@ -1046,12 +1071,14 @@ METHOD(tpm_tss_t, get_data, bool,
private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle,
chunk_t pin, chunk_t *data)
{
- uint16_t nv_size, nv_offset = 0;
+ uint16_t max_data_size, nv_size, nv_offset = 0;
uint32_t rval;
+ TPMS_CAPABILITY_DATA cap_data;
+ TPMI_YES_NO more_data;
TPM2B_NAME nv_name = { { sizeof(TPM2B_NAME)-2, } };
TPM2B_NV_PUBLIC nv_public = { { 0, } };
- TPM2B_MAX_NV_BUFFER nv_data = { { sizeof(TPM2B_MAX_NV_BUFFER)-2, } };
+ TPM2B_MAX_NV_BUFFER nv_data = { { MAX_NV_BUFFER_SIZE, } };
TPMS_AUTH_COMMAND session_data_cmd;
TPMS_AUTH_RESPONSE session_data_rsp;
TSS2_SYS_CMD_AUTHS sessions_data_cmd;
@@ -1059,6 +1086,18 @@ METHOD(tpm_tss_t, get_data, bool,
TPMS_AUTH_COMMAND *session_data_cmd_array[1];
TPMS_AUTH_RESPONSE *session_data_rsp_array[1];
+ /* query maximum TPM data transmission size */
+ rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_TPM_PROPERTIES,
+ TPM_PT_NV_BUFFER_MAX, 1, &more_data, &cap_data, 0);
+ if (rval != TPM_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_GetCapability failed for "
+ "TPM_CAP_TPM_PROPERTIES: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+ max_data_size = min(cap_data.data.tpmProperties.tpmProperty[0].value,
+ MAX_NV_BUFFER_SIZE);
+
/* get size of NV object */
rval = Tss2_Sys_NV_ReadPublic(this->sys_context, handle, 0, &nv_public,
&nv_name, 0);
@@ -1093,11 +1132,11 @@ METHOD(tpm_tss_t, get_data, bool,
}
*( (uint8_t *)((void *)&session_data_cmd.sessionAttributes ) ) = 0;
- /* read NV data an NV buffer block at a time */
+ /* read NV data a maximum data size block at a time */
while (nv_size > 0)
{
rval = Tss2_Sys_NV_Read(this->sys_context, hierarchy, handle,
- &sessions_data_cmd, min(nv_size, MAX_NV_BUFFER_SIZE),
+ &sessions_data_cmd, min(nv_size, max_data_size),
nv_offset, &nv_data, &sessions_data_rsp);
if (rval != TPM_RC_SUCCESS)
@@ -1154,7 +1193,7 @@ tpm_tss_t *tpm_tss_tss2_create()
{
available = initialize_sys_context(this);
}
- DBG1(DBG_PTS, "TPM 2.0 via TSS2 %savailable", available ? "" : "not ");
+ DBG1(DBG_PTS, "TPM 2.0 via TSS2 v1 %savailable", available ? "" : "not ");
if (!available)
{
@@ -1164,13 +1203,15 @@ tpm_tss_t *tpm_tss_tss2_create()
return &this->public;
}
-#else /* TSS_TSS2 */
+#else /* TSS_TSS2_V1 */
-tpm_tss_t *tpm_tss_tss2_create()
+#ifndef TSS_TSS2_V2
+tpm_tss_t *tpm_tss_tss2_create(void)
{
return NULL;
}
+#endif /* !TSS_TSS2_V2 */
-#endif /* TSS_TSS2 */
+#endif /* TSS_TSS2_V1 */
diff --git a/src/libtpmtss/tpm_tss_tss2_v2.c b/src/libtpmtss/tpm_tss_tss2_v2.c
new file mode 100644
index 000000000..7cb0d48a9
--- /dev/null
+++ b/src/libtpmtss/tpm_tss_tss2_v2.c
@@ -0,0 +1,1190 @@
+/*
+ * Copyright (C) 2018 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tpm_tss_tss2.h"
+#include "tpm_tss_tss2_names.h"
+
+#ifdef TSS_TSS2_V2
+
+#include <asn1/asn1.h>
+#include <asn1/oid.h>
+#include <bio/bio_reader.h>
+
+#include <tss2/tss2_sys.h>
+
+#include <dlfcn.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#define LABEL "TPM 2.0 -"
+
+#define PLATFORM_PCR 24
+
+typedef struct private_tpm_tss_tss2_t private_tpm_tss_tss2_t;
+
+/**
+ * Private data of an tpm_tss_tss2_t object.
+ */
+struct private_tpm_tss_tss2_t {
+
+ /**
+ * Public tpm_tss_tss2_t interface.
+ */
+ tpm_tss_t public;
+
+ /**
+ * TCTI context
+ */
+ TSS2_TCTI_CONTEXT *tcti_context;
+
+ /**
+ * SYS context
+ */
+ TSS2_SYS_CONTEXT *sys_context;
+
+ /**
+ * Number of supported algorithms
+ */
+ size_t supported_algs_count;
+
+ /**
+ * List of supported algorithms
+ */
+ TPM2_ALG_ID supported_algs[TPM2_PT_ALGORITHM_SET];
+};
+
+/**
+ * Global TCTI dynamic library handle and init function
+ */
+static void *tcti_handle;
+
+static TSS2_TCTI_INIT_FUNC tcti_init;
+
+static char *tcti_opts;
+
+/**
+ * Empty AUTH_COMMAND
+ */
+static const TPMS_AUTH_COMMAND auth_cmd_empty;
+
+/**
+ * Convert hash algorithm to TPM2_ALG_ID
+ */
+static TPM2_ALG_ID hash_alg_to_tpm_alg_id(hash_algorithm_t alg)
+{
+ switch (alg)
+ {
+ case HASH_SHA1:
+ return TPM2_ALG_SHA1;
+ case HASH_SHA256:
+ return TPM2_ALG_SHA256;
+ case HASH_SHA384:
+ return TPM2_ALG_SHA384;
+ case HASH_SHA512:
+ return TPM2_ALG_SHA512;
+ default:
+ return TPM2_ALG_ERROR;
+ }
+}
+
+/**
+ * Convert TPM2_ALG_ID to hash algorithm
+ */
+static hash_algorithm_t hash_alg_from_tpm_alg_id(TPM2_ALG_ID alg)
+{
+ switch (alg)
+ {
+ case TPM2_ALG_SHA1:
+ return HASH_SHA1;
+ case TPM2_ALG_SHA256:
+ return HASH_SHA256;
+ case TPM2_ALG_SHA384:
+ return HASH_SHA384;
+ case TPM2_ALG_SHA512:
+ return HASH_SHA512;
+ default:
+ return HASH_UNKNOWN;
+ }
+}
+
+/**
+ * Check if an algorithm given by its TPM2_ALG_ID is supported by the TPM
+ */
+static bool is_supported_alg(private_tpm_tss_tss2_t *this, TPM2_ALG_ID alg_id)
+{
+ int i;
+
+ if (alg_id == TPM2_ALG_ERROR)
+ {
+ return FALSE;
+ }
+
+ for (i = 0; i < this->supported_algs_count; i++)
+ {
+ if (this->supported_algs[i] == alg_id)
+ {
+ return TRUE;
+ }
+ }
+
+ return FALSE;
+}
+
+/**
+ * Get a list of supported algorithms
+ */
+static bool get_algs_capability(private_tpm_tss_tss2_t *this)
+{
+ TPMS_CAPABILITY_DATA cap_data;
+ TPMS_TAGGED_PROPERTY tp;
+ TPMI_YES_NO more_data;
+ TPM2_ALG_ID alg;
+ uint32_t rval, i, offset, revision = 0, year = 0;
+ size_t len = BUF_LEN;
+ char buf[BUF_LEN], manufacturer[5], vendor_string[17];
+ char *pos = buf;
+ int written;
+
+ /* get fixed properties */
+ rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_TPM_PROPERTIES,
+ TPM2_PT_FIXED, TPM2_MAX_TPM_PROPERTIES,
+ &more_data, &cap_data, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s GetCapability failed for TPM2_CAP_TPM_PROPERTIES: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+ memset(manufacturer, '\0', sizeof(manufacturer));
+ memset(vendor_string, '\0', sizeof(vendor_string));
+
+ /* print fixed properties */
+ for (i = 0; i < cap_data.data.tpmProperties.count; i++)
+ {
+ tp = cap_data.data.tpmProperties.tpmProperty[i];
+ switch (tp.property)
+ {
+ case TPM2_PT_REVISION:
+ revision = tp.value;
+ break;
+ case TPM2_PT_YEAR:
+ year = tp.value;
+ break;
+ case TPM2_PT_MANUFACTURER:
+ htoun32(manufacturer, tp.value);
+ break;
+ case TPM2_PT_VENDOR_STRING_1:
+ case TPM2_PT_VENDOR_STRING_2:
+ case TPM2_PT_VENDOR_STRING_3:
+ case TPM2_PT_VENDOR_STRING_4:
+ offset = 4 * (tp.property - TPM2_PT_VENDOR_STRING_1);
+ htoun32(vendor_string + offset, tp.value);
+ break;
+ default:
+ break;
+ }
+ }
+ DBG2(DBG_PTS, "%s manufacturer: %s (%s) rev: %05.2f %u", LABEL, manufacturer,
+ vendor_string, (float)revision/100, year);
+
+ /* get supported algorithms */
+ rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_ALGS,
+ 0, TPM2_PT_ALGORITHM_SET, &more_data, &cap_data, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s GetCapability failed for TPM2_CAP_ALGS: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+
+ /* Number of supported algorithms */
+ this->supported_algs_count = cap_data.data.algorithms.count;
+
+ /* store and print supported algorithms */
+ for (i = 0; i < this->supported_algs_count; i++)
+ {
+ alg = cap_data.data.algorithms.algProperties[i].alg;
+ this->supported_algs[i] = alg;
+
+ written = snprintf(pos, len, " %N", tpm_alg_id_names, alg);
+ if (written < 0 || written >= len)
+ {
+ break;
+ }
+ pos += written;
+ len -= written;
+ }
+ DBG2(DBG_PTS, "%s algorithms:%s", LABEL, buf);
+
+ /* get supported ECC curves */
+ rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_ECC_CURVES,
+ 0, TPM2_PT_LOADED_CURVES, &more_data, &cap_data, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s GetCapability failed for TPM2_ECC_CURVES: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+
+ /* reset print buffer */
+ pos = buf;
+ len = BUF_LEN;
+
+ /* print supported ECC curves */
+ for (i = 0; i < cap_data.data.eccCurves.count; i++)
+ {
+ written = snprintf(pos, len, " %N", tpm_ecc_curve_names,
+ cap_data.data.eccCurves.eccCurves[i]);
+ if (written < 0 || written >= len)
+ {
+ break;
+ }
+ pos += written;
+ len -= written;
+ }
+ DBG2(DBG_PTS, "%s ECC curves:%s", LABEL, buf);
+
+ return TRUE;
+}
+
+/**
+ * Initialize TSS2 TCTI context
+ */
+static bool initialize_tcti_context(private_tpm_tss_tss2_t *this)
+{
+ size_t tcti_context_size;
+ uint32_t rval;
+
+ if (!tcti_init)
+ {
+ return FALSE;
+ }
+
+ /* determine size of tcti context */
+ rval = tcti_init(NULL, &tcti_context_size, tcti_opts);
+ if (rval != TSS2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s tcti init setup failed: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+
+ /* allocate and initialize memory for tcti context */
+ this->tcti_context = (TSS2_TCTI_CONTEXT*)malloc(tcti_context_size);
+ memset(this->tcti_context, 0x00, tcti_context_size);
+
+ /* initialize tcti context */
+ rval = tcti_init(this->tcti_context, &tcti_context_size, tcti_opts);
+ if (rval != TSS2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s tcti init allocation failed: 0x%06x", LABEL,rval);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ * Initialize TSS2 Sys context
+ */
+static bool initialize_sys_context(private_tpm_tss_tss2_t *this)
+{
+ uint32_t sys_context_size;
+ uint32_t rval;
+
+ TSS2_ABI_VERSION abi_version = {
+ .tssCreator = 1,
+ .tssFamily = 2,
+ .tssLevel = 1,
+ .tssVersion = 108
+ };
+
+ /* determine size of sys context */
+ sys_context_size = Tss2_Sys_GetContextSize(0);
+
+ /* allocate memory for sys context */
+ this->sys_context = (TSS2_SYS_CONTEXT*)malloc(sys_context_size);
+
+ /* initialize sys context */
+ rval = Tss2_Sys_Initialize(this->sys_context, sys_context_size,
+ this->tcti_context, &abi_version);
+ if (rval != TSS2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s could not get sys_context: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+
+ /* get a list of supported algorithms and ECC curves */
+ return get_algs_capability(this);
+}
+
+/**
+ * Finalize TSS context
+ */
+static void finalize_context(private_tpm_tss_tss2_t *this)
+{
+ if (this->tcti_context)
+ {
+ Tss2_Tcti_Finalize(this->tcti_context);
+ free(this->tcti_context);
+ }
+ if (this->sys_context)
+ {
+ Tss2_Sys_Finalize(this->sys_context);
+ free(this->sys_context);
+ }
+}
+
+METHOD(tpm_tss_t, get_version, tpm_version_t,
+ private_tpm_tss_tss2_t *this)
+{
+ return TPM_VERSION_2_0;
+}
+
+METHOD(tpm_tss_t, get_version_info, chunk_t,
+ private_tpm_tss_tss2_t *this)
+{
+ return chunk_empty;
+}
+
+/**
+ * read the public key portion of a TSS 2.0 AIK key from NVRAM
+ */
+bool read_public(private_tpm_tss_tss2_t *this, TPMI_DH_OBJECT handle,
+ TPM2B_PUBLIC *public)
+{
+ uint32_t rval;
+
+ TPM2B_NAME name = { sizeof(TPM2B_NAME)-2, };
+ TPM2B_NAME qualified_name = { sizeof(TPM2B_NAME)-2, };
+ TSS2L_SYS_AUTH_RESPONSE auth_rsp;
+
+
+ /* read public key for a given object handle from TPM 2.0 NVRAM */
+ rval = Tss2_Sys_ReadPublic(this->sys_context, handle, 0, public, &name,
+ &qualified_name, &auth_rsp);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s could not read public key from handle 0x%08x: 0x%06x",
+ LABEL, handle, rval);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, generate_aik, bool,
+ private_tpm_tss_tss2_t *this, chunk_t ca_modulus, chunk_t *aik_blob,
+ chunk_t *aik_pubkey, chunk_t *identity_req)
+{
+ return FALSE;
+}
+
+METHOD(tpm_tss_t, get_public, chunk_t,
+ private_tpm_tss_tss2_t *this, uint32_t handle)
+{
+ TPM2B_PUBLIC public = { 0, };
+ TPM2_ALG_ID sig_alg, digest_alg;
+ chunk_t aik_blob, aik_pubkey = chunk_empty;
+
+ if (!read_public(this, handle, &public))
+ {
+ return chunk_empty;
+ }
+
+ aik_blob = chunk_create((u_char*)&public, sizeof(public));
+ DBG3(DBG_LIB, "%s AIK public key blob: %B", LABEL, &aik_blob);
+
+ /* convert TSS 2.0 AIK public key blot into PKCS#1 format */
+ switch (public.publicArea.type)
+ {
+ case TPM2_ALG_RSA:
+ {
+ TPM2B_PUBLIC_KEY_RSA *rsa;
+ TPMT_RSA_SCHEME *scheme;
+ chunk_t aik_exponent, aik_modulus;
+
+ scheme = &public.publicArea.parameters.rsaDetail.scheme;
+ sig_alg = scheme->scheme;
+ digest_alg = scheme->details.anySig.hashAlg;
+
+ rsa = &public.publicArea.unique.rsa;
+ aik_modulus = chunk_create(rsa->buffer, rsa->size);
+ aik_exponent = chunk_from_chars(0x01, 0x00, 0x01);
+
+ /* subjectPublicKeyInfo encoding of AIK RSA key */
+ if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER,
+ NULL, &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus,
+ CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END))
+ {
+ DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of AIK key "
+ "failed", LABEL);
+ return chunk_empty;
+ }
+ break;
+ }
+ case TPM2_ALG_ECC:
+ {
+ TPMS_ECC_POINT *ecc;
+ TPMT_ECC_SCHEME *scheme;
+ chunk_t ecc_point;
+ uint8_t *pos;
+
+ scheme = &public.publicArea.parameters.eccDetail.scheme;
+ sig_alg = scheme->scheme;
+ digest_alg = scheme->details.anySig.hashAlg;
+
+ ecc = &public.publicArea.unique.ecc;
+
+ /* allocate space for bit string */
+ pos = asn1_build_object(&ecc_point, ASN1_BIT_STRING,
+ 2 + ecc->x.size + ecc->y.size);
+ /* bit string length is a multiple of octets */
+ *pos++ = 0x00;
+ /* uncompressed ECC point format */
+ *pos++ = 0x04;
+ /* copy x coordinate of ECC point */
+ memcpy(pos, ecc->x.buffer, ecc->x.size);
+ pos += ecc->x.size;
+ /* copy y coordinate of ECC point */
+ memcpy(pos, ecc->y.buffer, ecc->y.size);
+ /* subjectPublicKeyInfo encoding of AIK ECC key */
+ aik_pubkey = asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_build_known_oid(OID_EC_PUBLICKEY),
+ asn1_build_known_oid(ecc->x.size == 32 ?
+ OID_PRIME256V1 : OID_SECT384R1)),
+ ecc_point);
+ break;
+ }
+ default:
+ DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL);
+ return chunk_empty;
+ }
+ DBG1(DBG_PTS, "AIK signature algorithm is %N with %N hash",
+ tpm_alg_id_names, sig_alg, tpm_alg_id_names, digest_alg);
+ return aik_pubkey;
+}
+
+/**
+ * Configure a PCR Selection assuming a maximum of 24 registers
+ */
+static bool init_pcr_selection(private_tpm_tss_tss2_t *this, uint32_t pcrs,
+ hash_algorithm_t alg, TPML_PCR_SELECTION *pcr_sel)
+{
+ TPM2_ALG_ID alg_id;
+ uint32_t pcr;
+
+ /* check if hash algorithm is supported by TPM */
+ alg_id = hash_alg_to_tpm_alg_id(alg);
+ if (!is_supported_alg(this, alg_id))
+ {
+ DBG1(DBG_PTS, "%s %N hash algorithm not supported by TPM",
+ LABEL, hash_algorithm_short_names, alg);
+ return FALSE;
+ }
+
+ /* initialize the PCR Selection structure,*/
+ pcr_sel->count = 1;
+ pcr_sel->pcrSelections[0].hash = alg_id;
+ pcr_sel->pcrSelections[0].sizeofSelect = 3;
+ pcr_sel->pcrSelections[0].pcrSelect[0] = 0;
+ pcr_sel->pcrSelections[0].pcrSelect[1] = 0;
+ pcr_sel->pcrSelections[0].pcrSelect[2] = 0;
+
+ /* set the selected PCRs */
+ for (pcr = 0; pcr < PLATFORM_PCR; pcr++)
+ {
+ if (pcrs & (1 << pcr))
+ {
+ pcr_sel->pcrSelections[0].pcrSelect[pcr / 8] |= ( 1 << (pcr % 8) );
+ }
+ }
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, read_pcr, bool,
+ private_tpm_tss_tss2_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+ hash_algorithm_t alg)
+{
+ TPML_PCR_SELECTION pcr_selection;
+ TPML_DIGEST pcr_values;
+
+ uint32_t pcr_update_counter, rval;
+ uint8_t *pcr_value_ptr;
+ size_t pcr_value_len;
+
+ if (pcr_num >= PLATFORM_PCR)
+ {
+ DBG1(DBG_PTS, "%s maximum number of supported PCR is %d",
+ LABEL, PLATFORM_PCR);
+ return FALSE;
+ }
+
+ if (!init_pcr_selection(this, (1 << pcr_num), alg, &pcr_selection))
+ {
+ return FALSE;
+ }
+
+ /* initialize the PCR Digest structure */
+ memset(&pcr_values, 0, sizeof(TPML_DIGEST));
+
+ /* read the PCR value */
+ rval = Tss2_Sys_PCR_Read(this->sys_context, 0, &pcr_selection,
+ &pcr_update_counter, &pcr_selection, &pcr_values, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s PCR bank could not be read: 0x%60x",
+ LABEL, rval);
+ return FALSE;
+ }
+ pcr_value_ptr = (uint8_t *)pcr_values.digests[0].buffer;
+ pcr_value_len = (size_t) pcr_values.digests[0].size;
+
+ *pcr_value = chunk_clone(chunk_create(pcr_value_ptr, pcr_value_len));
+
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, extend_pcr, bool,
+ private_tpm_tss_tss2_t *this, uint32_t pcr_num, chunk_t *pcr_value,
+ chunk_t data, hash_algorithm_t alg)
+{
+ uint32_t rval;
+ TPM2_ALG_ID alg_id;
+ TPML_DIGEST_VALUES digest_values;
+ TSS2L_SYS_AUTH_COMMAND auth_cmd = { 1, { auth_cmd_empty } };
+ TSS2L_SYS_AUTH_RESPONSE auth_rsp;
+
+ auth_cmd.auths[0].sessionHandle = TPM2_RS_PW;
+
+ /* check if hash algorithm is supported by TPM */
+ alg_id = hash_alg_to_tpm_alg_id(alg);
+ if (!is_supported_alg(this, alg_id))
+ {
+ DBG1(DBG_PTS, "%s %N hash algorithm not supported by TPM",
+ LABEL, hash_algorithm_short_names, alg);
+ return FALSE;
+ }
+
+ digest_values.count = 1;
+ digest_values.digests[0].hashAlg = alg_id;
+
+ switch (alg)
+ {
+ case HASH_SHA1:
+ if (data.len != HASH_SIZE_SHA1)
+ {
+ return FALSE;
+ }
+ memcpy(digest_values.digests[0].digest.sha1, data.ptr,
+ HASH_SIZE_SHA1);
+ break;
+ case HASH_SHA256:
+ if (data.len != HASH_SIZE_SHA256)
+ {
+ return FALSE;
+ }
+ memcpy(digest_values.digests[0].digest.sha256, data.ptr,
+ HASH_SIZE_SHA256);
+ break;
+ case HASH_SHA384:
+ if (data.len != HASH_SIZE_SHA384)
+ {
+ return FALSE;
+ }
+ memcpy(digest_values.digests[0].digest.sha384, data.ptr,
+ HASH_SIZE_SHA384);
+ break;
+ case HASH_SHA512:
+ if (data.len != HASH_SIZE_SHA512)
+ {
+ return FALSE;
+ }
+ memcpy(digest_values.digests[0].digest.sha512, data.ptr,
+ HASH_SIZE_SHA512);
+ break;
+ default:
+ return FALSE;
+ }
+
+ /* extend PCR */
+ rval = Tss2_Sys_PCR_Extend(this->sys_context, pcr_num, &auth_cmd,
+ &digest_values, &auth_rsp);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS, "%s PCR %02u could not be extended: 0x%06x",
+ LABEL, pcr_num, rval);
+ return FALSE;
+ }
+
+ /* get updated PCR value */
+ return read_pcr(this, pcr_num, pcr_value, alg);
+}
+
+METHOD(tpm_tss_t, quote, bool,
+ private_tpm_tss_tss2_t *this, uint32_t aik_handle, uint32_t pcr_sel,
+ hash_algorithm_t alg, chunk_t data, tpm_quote_mode_t *quote_mode,
+ tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig)
+{
+ chunk_t quoted_chunk, qualified_signer, extra_data, clock_info,
+ firmware_version, pcr_select, pcr_digest;
+ hash_algorithm_t pcr_digest_alg;
+ bio_reader_t *reader;
+ uint32_t rval;
+
+ TPM2B_DATA qualifying_data;
+ TPML_PCR_SELECTION pcr_selection;
+ TPM2B_ATTEST quoted = { sizeof(TPM2B_ATTEST)-2, };
+ TPMT_SIG_SCHEME scheme;
+ TPMT_SIGNATURE sig;
+ TPMI_ALG_HASH hash_alg;
+ TSS2L_SYS_AUTH_COMMAND auth_cmd = { 1, { auth_cmd_empty } };
+ TSS2L_SYS_AUTH_RESPONSE auth_rsp;
+
+ auth_cmd.auths[0].sessionHandle = TPM2_RS_PW;
+
+ qualifying_data.size = data.len;
+ memcpy(qualifying_data.buffer, data.ptr, data.len);
+
+ scheme.scheme = TPM2_ALG_NULL;
+ memset(&sig, 0x00, sizeof(sig));
+
+ /* set Quote mode */
+ *quote_mode = TPM_QUOTE_TPM2;
+
+ if (!init_pcr_selection(this, pcr_sel, alg, &pcr_selection))
+ {
+ return FALSE;
+ }
+
+ rval = Tss2_Sys_Quote(this->sys_context, aik_handle, &auth_cmd,
+ &qualifying_data, &scheme, &pcr_selection, &quoted,
+ &sig, &auth_rsp);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_Quote failed: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+ quoted_chunk = chunk_create(quoted.attestationData, quoted.size);
+
+ reader = bio_reader_create(chunk_skip(quoted_chunk, 6));
+ if (!reader->read_data16(reader, &qualified_signer) ||
+ !reader->read_data16(reader, &extra_data) ||
+ !reader->read_data (reader, 17, &clock_info) ||
+ !reader->read_data (reader, 8, &firmware_version) ||
+ !reader->read_data (reader, 10, &pcr_select) ||
+ !reader->read_data16(reader, &pcr_digest))
+ {
+ DBG1(DBG_PTS, "%s parsing of quoted struct failed", LABEL);
+ reader->destroy(reader);
+ return FALSE;
+ }
+ reader->destroy(reader);
+
+ DBG2(DBG_PTS, "PCR Composite digest: %B", &pcr_digest);
+ DBG2(DBG_PTS, "TPM Quote Info: %B", &quoted_chunk);
+ DBG2(DBG_PTS, "qualifiedSigner: %B", &qualified_signer);
+ DBG2(DBG_PTS, "extraData: %B", &extra_data);
+ DBG2(DBG_PTS, "clockInfo: %B", &clock_info);
+ DBG2(DBG_PTS, "firmwareVersion: %B", &firmware_version);
+ DBG2(DBG_PTS, "pcrSelect: %B", &pcr_select);
+
+ /* extract signature */
+ switch (sig.sigAlg)
+ {
+ case TPM2_ALG_RSASSA:
+ case TPM2_ALG_RSAPSS:
+ *quote_sig = chunk_clone(
+ chunk_create(
+ sig.signature.rsassa.sig.buffer,
+ sig.signature.rsassa.sig.size));
+ hash_alg = sig.signature.rsassa.hash;
+ break;
+ case TPM2_ALG_ECDSA:
+ case TPM2_ALG_ECDAA:
+ case TPM2_ALG_SM2:
+ case TPM2_ALG_ECSCHNORR:
+ *quote_sig = chunk_cat("cc",
+ chunk_create(
+ sig.signature.ecdsa.signatureR.buffer,
+ sig.signature.ecdsa.signatureR.size),
+ chunk_create(
+ sig.signature.ecdsa.signatureS.buffer,
+ sig.signature.ecdsa.signatureS.size));
+ hash_alg = sig.signature.ecdsa.hash;
+ break;
+ default:
+ DBG1(DBG_PTS, "%s unsupported %N signature algorithm",
+ LABEL, tpm_alg_id_names, sig.sigAlg);
+ return FALSE;
+ };
+
+ DBG2(DBG_PTS, "PCR digest algorithm is %N", tpm_alg_id_names, hash_alg);
+ pcr_digest_alg = hash_alg_from_tpm_alg_id(hash_alg);
+
+ DBG2(DBG_PTS, "TPM Quote Signature: %B", quote_sig);
+
+ /* Create and initialize Quote Info object */
+ *quote_info = tpm_tss_quote_info_create(*quote_mode, pcr_digest_alg,
+ pcr_digest);
+ (*quote_info)->set_tpm2_info(*quote_info, qualified_signer, clock_info,
+ pcr_select);
+ (*quote_info)->set_version_info(*quote_info, firmware_version);
+
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, sign, bool,
+ private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle,
+ signature_scheme_t scheme, void *params, chunk_t data, chunk_t pin,
+ chunk_t *signature)
+{
+ key_type_t key_type;
+ hash_algorithm_t hash_alg;
+ rsa_pss_params_t *rsa_pss_params;
+ uint32_t rval;
+
+ TPM2_ALG_ID alg_id;
+ TPM2B_MAX_BUFFER buffer;
+ TPM2B_DIGEST hash = { sizeof(TPM2B_DIGEST)-2, };
+ TPMT_TK_HASHCHECK validation;
+ TPM2B_PUBLIC public = { 0, };
+ TPMT_SIG_SCHEME sig_scheme;
+ TPMT_SIGNATURE sig;
+ TPMS_AUTH_COMMAND *cmd;
+ TSS2L_SYS_AUTH_COMMAND auth_cmd = { 1, { auth_cmd_empty } };
+ TSS2L_SYS_AUTH_RESPONSE auth_rsp;
+
+ cmd = &auth_cmd.auths[0];
+ cmd->sessionHandle = TPM2_RS_PW;
+
+ if (pin.len > 0)
+ {
+ cmd->hmac.size = min(sizeof(cmd->hmac)-2, pin.len);
+ memcpy(cmd->hmac.buffer, pin.ptr, cmd->hmac.size);
+ }
+
+ if (scheme == SIGN_RSA_EMSA_PSS)
+ {
+ key_type = KEY_RSA;
+ rsa_pss_params = (rsa_pss_params_t *)params;
+ hash_alg = rsa_pss_params->hash;
+ }
+ else
+ {
+ key_type = key_type_from_signature_scheme(scheme);
+ hash_alg = hasher_from_signature_scheme(scheme, NULL);
+ }
+
+ /* Check if hash algorithm is supported by TPM */
+ alg_id = hash_alg_to_tpm_alg_id(hash_alg);
+ if (!is_supported_alg(this, alg_id))
+ {
+ DBG1(DBG_PTS, "%s %N hash algorithm not supported by TPM",
+ LABEL, hash_algorithm_short_names, hash_alg);
+ return FALSE;
+ }
+
+ /* Get public key */
+ if (!read_public(this, handle, &public))
+ {
+ return FALSE;
+ }
+
+ if (key_type == KEY_RSA && public.publicArea.type == TPM2_ALG_RSA)
+ {
+ if (scheme == SIGN_RSA_EMSA_PSS)
+ {
+ sig_scheme.scheme = TPM2_ALG_RSAPSS;
+ sig_scheme.details.rsapss.hashAlg = alg_id;
+ }
+ else
+ {
+ sig_scheme.scheme = TPM2_ALG_RSASSA;
+ sig_scheme.details.rsassa.hashAlg = alg_id;
+ }
+ }
+ else if (key_type == KEY_ECDSA && public.publicArea.type == TPM2_ALG_ECC)
+ {
+ sig_scheme.scheme = TPM2_ALG_ECDSA;
+ sig_scheme.details.ecdsa.hashAlg = alg_id;
+
+ }
+ else
+ {
+ DBG1(DBG_PTS, "%s signature scheme %N not supported by TPM key",
+ LABEL, signature_scheme_names, scheme);
+ return FALSE;
+ }
+
+ if (data.len <= TPM2_MAX_DIGEST_BUFFER)
+ {
+ memcpy(buffer.buffer, data.ptr, data.len);
+ buffer.size = data.len;
+
+ rval = Tss2_Sys_Hash(this->sys_context, 0, &buffer, alg_id, hierarchy,
+ &hash, &validation, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_Hash failed: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+ }
+ else
+ {
+ TPMI_DH_OBJECT sequence_handle;
+ TPM2B_AUTH null_auth;
+
+ null_auth.size = 0;
+ rval = Tss2_Sys_HashSequenceStart(this->sys_context, 0, &null_auth,
+ alg_id, &sequence_handle, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_HashSequenceStart failed: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+
+ while (data.len > 0)
+ {
+ buffer.size = min(data.len, TPM2_MAX_DIGEST_BUFFER);
+ memcpy(buffer.buffer, data.ptr, buffer.size);
+ data.ptr += buffer.size;
+ data.len -= buffer.size;
+
+ rval = Tss2_Sys_SequenceUpdate(this->sys_context, sequence_handle,
+ &auth_cmd, &buffer, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_SequenceUpdate failed: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+ }
+ buffer.size = 0;
+
+ rval = Tss2_Sys_SequenceComplete(this->sys_context, sequence_handle,
+ &auth_cmd, &buffer, hierarchy,
+ &hash, &validation, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_SequenceComplete failed: 0x%06x",
+ LABEL, rval);
+ return FALSE;
+ }
+ }
+
+ rval = Tss2_Sys_Sign(this->sys_context, handle, &auth_cmd, &hash,
+ &sig_scheme, &validation, &sig, &auth_rsp);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_Sign failed: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+
+ /* extract signature */
+ switch (scheme)
+ {
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_256:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_384:
+ case SIGN_RSA_EMSA_PKCS1_SHA2_512:
+ *signature = chunk_clone(
+ chunk_create(
+ sig.signature.rsassa.sig.buffer,
+ sig.signature.rsassa.sig.size));
+ break;
+ case SIGN_RSA_EMSA_PSS:
+ *signature = chunk_clone(
+ chunk_create(
+ sig.signature.rsapss.sig.buffer,
+ sig.signature.rsapss.sig.size));
+ break;
+ case SIGN_ECDSA_256:
+ case SIGN_ECDSA_384:
+ case SIGN_ECDSA_521:
+ *signature = chunk_cat("cc",
+ chunk_create(
+ sig.signature.ecdsa.signatureR.buffer,
+ sig.signature.ecdsa.signatureR.size),
+ chunk_create(
+ sig.signature.ecdsa.signatureS.buffer,
+ sig.signature.ecdsa.signatureS.size));
+ break;
+ case SIGN_ECDSA_WITH_SHA256_DER:
+ case SIGN_ECDSA_WITH_SHA384_DER:
+ case SIGN_ECDSA_WITH_SHA512_DER:
+ *signature = asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_integer("c",
+ chunk_create(
+ sig.signature.ecdsa.signatureR.buffer,
+ sig.signature.ecdsa.signatureR.size)),
+ asn1_integer("c",
+ chunk_create(
+ sig.signature.ecdsa.signatureS.buffer,
+ sig.signature.ecdsa.signatureS.size)));
+ break;
+ default:
+ DBG1(DBG_PTS, "%s unsupported %N signature scheme",
+ LABEL, signature_scheme_names, scheme);
+ return FALSE;
+ };
+
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, get_random, bool,
+ private_tpm_tss_tss2_t *this, size_t bytes, uint8_t *buffer)
+{
+ size_t len, random_len= sizeof(TPM2B_DIGEST)-2;
+ TPM2B_DIGEST random = { random_len, };
+ uint8_t *pos = buffer;
+ uint32_t rval;
+
+ while (bytes > 0)
+ {
+ len = min(bytes, random_len);
+
+ rval = Tss2_Sys_GetRandom(this->sys_context, NULL, len, &random, NULL);
+ if (rval != TSS2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_GetRandom failed: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+ memcpy(pos, random.buffer, random.size);
+ pos += random.size;
+ bytes -= random.size;
+ }
+
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, get_data, bool,
+ private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle,
+ chunk_t pin, chunk_t *data)
+{
+ uint16_t max_data_size, nv_size, nv_offset = 0;
+ uint32_t rval;
+
+ TPMS_CAPABILITY_DATA cap_data;
+ TPMI_YES_NO more_data;
+ TPM2B_NAME nv_name = { sizeof(TPM2B_NAME)-2, };
+ TPM2B_NV_PUBLIC nv_public = { 0, };
+ TPM2B_MAX_NV_BUFFER nv_data = { TPM2_MAX_NV_BUFFER_SIZE, };
+ TPMS_AUTH_COMMAND *cmd;
+ TSS2L_SYS_AUTH_COMMAND auth_cmd = { 1, { auth_cmd_empty } };
+ TSS2L_SYS_AUTH_RESPONSE auth_rsp;
+
+ /* query maximum TPM data transmission size */
+ rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM2_CAP_TPM_PROPERTIES,
+ TPM2_PT_NV_BUFFER_MAX, 1, &more_data, &cap_data, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_GetCapability failed for "
+ "TPM2_CAP_TPM_PROPERTIES: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+ max_data_size = min(cap_data.data.tpmProperties.tpmProperty[0].value,
+ TPM2_MAX_NV_BUFFER_SIZE);
+
+ /* get size of NV object */
+ rval = Tss2_Sys_NV_ReadPublic(this->sys_context, handle, 0, &nv_public,
+ &nv_name, 0);
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_NV_ReadPublic failed: 0x%06x", LABEL, rval);
+ return FALSE;
+ }
+ nv_size = nv_public.nvPublic.dataSize;
+ *data = chunk_alloc(nv_size);
+
+ /* prepare NV read session */
+ cmd = &auth_cmd.auths[0];
+ cmd->sessionHandle = TPM2_RS_PW;
+
+ if (pin.len > 0)
+ {
+ cmd->hmac.size = min(sizeof(cmd->hmac)-2, pin.len);
+ memcpy(cmd->hmac.buffer, pin.ptr, cmd->hmac.size);
+ }
+
+ /* read NV data a maximum data size block at a time */
+ while (nv_size > 0)
+ {
+ rval = Tss2_Sys_NV_Read(this->sys_context, hierarchy, handle, &auth_cmd,
+ min(nv_size, max_data_size), nv_offset, &nv_data, &auth_rsp);
+
+ if (rval != TPM2_RC_SUCCESS)
+ {
+ DBG1(DBG_PTS,"%s Tss2_Sys_NV_Read failed: 0x%06x", LABEL, rval);
+ chunk_free(data);
+ return FALSE;
+ }
+ memcpy(data->ptr + nv_offset, nv_data.buffer, nv_data.size);
+ nv_offset += nv_data.size;
+ nv_size -= nv_data.size;
+ }
+
+ return TRUE;
+}
+
+METHOD(tpm_tss_t, destroy, void,
+ private_tpm_tss_tss2_t *this)
+{
+ finalize_context(this);
+ free(this);
+}
+
+/**
+ * See header
+ */
+tpm_tss_t *tpm_tss_tss2_create()
+{
+ private_tpm_tss_tss2_t *this;
+ bool available;
+
+ INIT(this,
+ .public = {
+ .get_version = _get_version,
+ .get_version_info = _get_version_info,
+ .generate_aik = _generate_aik,
+ .get_public = _get_public,
+ .read_pcr = _read_pcr,
+ .extend_pcr = _extend_pcr,
+ .quote = _quote,
+ .sign = _sign,
+ .get_random = _get_random,
+ .get_data = _get_data,
+ .destroy = _destroy,
+ },
+ );
+
+ available = initialize_tcti_context(this);
+ if (available)
+ {
+ available = initialize_sys_context(this);
+ }
+ DBG1(DBG_PTS, "TPM 2.0 via TSS2 v2 %savailable", available ? "" : "not ");
+
+ if (!available)
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
+/**
+ * See header
+ */
+bool tpm_tss_tss2_init(void)
+{
+ TSS2_TCTI_INFO_FUNC infofn;
+ const TSS2_TCTI_INFO *info;
+ char tcti_lib_format[] = "libtss2-tcti-%s.so.0";
+ char tcti_lib[BUF_LEN];
+ char *tcti_names[] = { "device", "tabrmd", "mssim" };
+ char *tcti_options[] = { "/dev/tpmrm0", "", "" };
+ char *tcti_name;
+ bool match = FALSE;
+ struct stat st;
+ int i = 0;
+
+ /* check for the existence of an in-kernel TPM resource manager */
+ if (stat(tcti_options[i], &st))
+ {
+ i = 1;
+ }
+ DBG2(DBG_PTS, "%s \"%s\" in-kernel resource manager is %spresent",
+ LABEL, tcti_options[0], i ? "not " : "");
+
+ /* select a dynamic TCTI library (device, tabrmd or mssim) */
+ tcti_name = lib->settings->get_str(lib->settings,
+ "%s.plugins.tpm.tcti.name", tcti_names[i], lib->ns);
+ snprintf(tcti_lib, BUF_LEN, tcti_lib_format, tcti_name);
+
+ for (i = 0; i < countof(tcti_names); i++)
+ {
+ if (streq(tcti_name, tcti_names[i]))
+ {
+ match = TRUE;
+ break;
+ }
+ }
+ if (!match)
+ {
+ DBG1(DBG_PTS, "%s \"%s\" is not a valid TCTI library name",
+ LABEL, tcti_lib);
+ return FALSE;
+ }
+
+ tcti_opts = lib->settings->get_str(lib->settings,
+ "%s.plugins.tpm.tcti.opts", tcti_options[i], lib->ns);
+
+ /* open the selected dynamic TCTI library */
+ tcti_handle = dlopen(tcti_lib, RTLD_LAZY);
+ if (!tcti_handle)
+ {
+ DBG1(DBG_PTS, "%s could not load \"%s\"", LABEL, tcti_lib);
+ return FALSE;
+ }
+
+ infofn = (TSS2_TCTI_INFO_FUNC)dlsym(tcti_handle, TSS2_TCTI_INFO_SYMBOL);
+ if (!infofn)
+ {
+ DBG1(DBG_PTS, "%s symbol \"%s\" not found in \"%s\"", LABEL,
+ TSS2_TCTI_INFO_SYMBOL, tcti_lib);
+ tpm_tss_tss2_deinit();
+
+ return FALSE;
+ }
+ DBG2(DBG_PTS, "%s \"%s\" successfully loaded", LABEL, tcti_lib);
+ info = infofn();
+ tcti_init = info->init;
+
+ return TRUE;
+}
+
+/**
+ * See header
+ */
+void tpm_tss_tss2_deinit(void)
+{
+ dlclose(tcti_handle);
+ tcti_handle = NULL;
+ tcti_init = NULL;
+ tcti_opts = NULL;
+}
+
+#else /* TSS_TSS2_V2 */
+
+/**
+ * See header
+ */
+bool tpm_tss_tss2_init(void)
+{
+ return TRUE;
+}
+
+/**
+ * See header
+ */
+void tpm_tss_tss2_deinit(void)
+{
+ /* empty */
+}
+
+#endif /* TSS_TSS2_V2 */
+
diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in
index c8450d27f..534e2046c 100644
--- a/src/manager/Makefile.in
+++ b/src/manager/Makefile.in
@@ -329,7 +329,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -355,6 +354,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -375,8 +376,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -431,8 +430,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -461,8 +458,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/manager/main.c b/src/manager/main.c
index 1ba8b1e04..dbde1c098 100644
--- a/src/manager/main.c
+++ b/src/manager/main.c
@@ -50,7 +50,7 @@ int main (int arc, char *argv[])
{
DBG1(DBG_LIB, "database URI undefined, set manager.database "
"in strongswan.conf");
- //return 1;
+ return 1;
}
storage = storage_create(database);
diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in
index 02b5607b1..ea5da2f98 100644
--- a/src/medsrv/Makefile.in
+++ b/src/medsrv/Makefile.in
@@ -318,7 +318,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -344,6 +343,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -364,8 +365,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -420,8 +419,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -450,8 +447,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in
index 8b369b38d..bdc792ec2 100644
--- a/src/pki/Makefile.in
+++ b/src/pki/Makefile.in
@@ -331,7 +331,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -357,6 +356,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -377,8 +378,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -433,8 +432,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -463,8 +460,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/pki/commands/signcrl.c b/src/pki/commands/signcrl.c
index 50f939687..ca208a5cf 100644
--- a/src/pki/commands/signcrl.c
+++ b/src/pki/commands/signcrl.c
@@ -124,7 +124,7 @@ static int sign_crl()
char *arg, *cacert = NULL, *cakey = NULL, *lastupdate = NULL, *error = NULL;
char *basecrl = NULL;
char serial[512], *keyid = NULL;
- int serial_len = 0;
+ int serial_len;
crl_reason_t reason = CRL_REASON_UNSPECIFIED;
time_t thisUpdate, nextUpdate, date = time(NULL);
time_t lifetime = 15 * 24 * 60 * 60;
@@ -204,7 +204,6 @@ static int sign_crl()
}
add_revoked(list, chunk_create(serial, serial_len), reason, date);
date = time(NULL);
- serial_len = 0;
reason = CRL_REASON_UNSPECIFIED;
continue;
case 's':
@@ -222,7 +221,6 @@ static int sign_crl()
serial_len = chunk.len;
add_revoked(list, chunk_create(serial, serial_len), reason, date);
date = time(NULL);
- serial_len = 0;
reason = CRL_REASON_UNSPECIFIED;
continue;
}
diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in
index 533dfcab1..ce9273439 100644
--- a/src/pki/man/Makefile.in
+++ b/src/pki/man/Makefile.in
@@ -268,7 +268,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -294,6 +293,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -314,8 +315,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -370,8 +369,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -400,8 +397,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in
index e6815434f..cd207bb38 100644
--- a/src/pool/Makefile.in
+++ b/src/pool/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in
index 1bab5804f..2fb49b4ef 100644
--- a/src/pt-tls-client/Makefile.in
+++ b/src/pt-tls-client/Makefile.in
@@ -313,7 +313,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -339,6 +338,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -359,8 +360,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -415,8 +414,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -445,8 +442,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in
index 1d5e53241..c0fd915d6 100644
--- a/src/scepclient/Makefile.in
+++ b/src/scepclient/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/sec-updater/Makefile.in b/src/sec-updater/Makefile.in
index a434b9d34..b66aab7b9 100644
--- a/src/sec-updater/Makefile.in
+++ b/src/sec-updater/Makefile.in
@@ -310,7 +310,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -336,6 +335,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -356,8 +357,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -412,8 +411,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -442,8 +439,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 80fd2c68d..d871a8bcc 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -355,7 +355,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -381,6 +380,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -401,8 +402,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -457,8 +456,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -487,8 +484,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/starter/confread.c b/src/starter/confread.c
index 345d0b60b..407ef5e13 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -444,7 +444,7 @@ static void handle_keyword(kw_token_t token, starter_conn_t *conn, char *key,
KW_SA_OPTION_FLAG("yes", "no", SA_OPTION_COMPRESS)
break;
case KW_MARK:
- if (!mark_from_string(value, &conn->mark_in))
+ if (!mark_from_string(value, MARK_OP_UNIQUE, &conn->mark_in))
{
cfg->err++;
break;
@@ -452,13 +452,13 @@ static void handle_keyword(kw_token_t token, starter_conn_t *conn, char *key,
conn->mark_out = conn->mark_in;
break;
case KW_MARK_IN:
- if (!mark_from_string(value, &conn->mark_in))
+ if (!mark_from_string(value, MARK_OP_UNIQUE, &conn->mark_in))
{
cfg->err++;
}
break;
case KW_MARK_OUT:
- if (!mark_from_string(value, &conn->mark_out))
+ if (!mark_from_string(value, MARK_OP_UNIQUE, &conn->mark_out))
{
cfg->err++;
}
diff --git a/src/starter/parser/lexer.c b/src/starter/parser/lexer.c
index d19cee08a..ff7c75bb7 100644
--- a/src/starter/parser/lexer.c
+++ b/src/starter/parser/lexer.c
@@ -657,7 +657,7 @@ bool conf_parser_open_next_file(parser_helper_t *ctx);
static void include_files(parser_helper_t *ctx);
/* use start conditions stack */
-/* do not declare unneded functions */
+/* do not declare unneeded functions */
#define YY_NO_INPUT 1
/* don't use global variables, and interact properly with bison */
/* maintain the line number */
diff --git a/src/starter/parser/lexer.l b/src/starter/parser/lexer.l
index e10fd1b38..fb23a0f93 100644
--- a/src/starter/parser/lexer.l
+++ b/src/starter/parser/lexer.l
@@ -30,7 +30,7 @@ static void include_files(parser_helper_t *ctx);
/* use start conditions stack */
%option stack
-/* do not declare unneded functions */
+/* do not declare unneeded functions */
%option noinput noyywrap
/* don't use global variables, and interact properly with bison */
diff --git a/src/starter/starter.c b/src/starter/starter.c
index 8ca1af29c..5038429bd 100644
--- a/src/starter/starter.c
+++ b/src/starter/starter.c
@@ -650,6 +650,7 @@ int main (int argc, char **argv)
*/
if (_action_ & FLAG_ACTION_RELOAD)
{
+ _action_ &= ~FLAG_ACTION_RELOAD;
if (starter_charon_pid())
{
for (conn = cfg->conn_first; conn; conn = conn->next)
@@ -679,7 +680,6 @@ int main (int argc, char **argv)
}
}
}
- _action_ &= ~FLAG_ACTION_RELOAD;
}
/*
@@ -687,6 +687,7 @@ int main (int argc, char **argv)
*/
if (_action_ & FLAG_ACTION_UPDATE)
{
+ _action_ &= ~FLAG_ACTION_UPDATE;
DBG2(DBG_APP, "Reloading config...");
new_cfg = confread_load(config_file);
@@ -767,7 +768,6 @@ int main (int argc, char **argv)
confread_free(new_cfg);
}
}
- _action_ &= ~FLAG_ACTION_UPDATE;
last_reload = time_monotonic(NULL);
}
@@ -776,6 +776,7 @@ int main (int argc, char **argv)
*/
if (_action_ & FLAG_ACTION_START_CHARON)
{
+ _action_ &= ~FLAG_ACTION_START_CHARON;
if (!starter_charon_pid())
{
DBG2(DBG_APP, "Attempting to start %s...", daemon_name);
@@ -786,7 +787,6 @@ int main (int argc, char **argv)
}
starter_stroke_configure(cfg);
}
- _action_ &= ~FLAG_ACTION_START_CHARON;
for (ca = cfg->ca_first; ca; ca = ca->next)
{
diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in
index ce0c7b43c..115c7262d 100644
--- a/src/starter/tests/Makefile.in
+++ b/src/starter/tests/Makefile.in
@@ -307,7 +307,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -333,6 +332,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -353,8 +354,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -409,8 +408,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -439,8 +436,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in
index be31bc581..1c15bd305 100644
--- a/src/stroke/Makefile.in
+++ b/src/stroke/Makefile.in
@@ -281,7 +281,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -307,6 +306,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -327,8 +328,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -383,8 +382,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -413,8 +410,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/sw-collector/Makefile.in b/src/sw-collector/Makefile.in
index 28169508a..2bd25a8b0 100644
--- a/src/sw-collector/Makefile.in
+++ b/src/sw-collector/Makefile.in
@@ -318,7 +318,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -344,6 +343,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -364,8 +365,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -420,8 +419,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -450,8 +447,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in
index ea7130bbb..c746573f8 100644
--- a/src/swanctl/Makefile.in
+++ b/src/swanctl/Makefile.in
@@ -331,7 +331,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -357,6 +356,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -377,8 +378,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -433,8 +432,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -463,8 +460,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@
diff --git a/src/swanctl/commands/counters.c b/src/swanctl/commands/counters.c
index ab386b5d8..909ca4366 100644
--- a/src/swanctl/commands/counters.c
+++ b/src/swanctl/commands/counters.c
@@ -48,7 +48,7 @@ static int counters(vici_conn_t *conn)
vici_res_t *res;
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *name = NULL;
- int ret;
+ int ret = 0;
bool all = FALSE, reset = FALSE;
while (TRUE)
@@ -131,7 +131,7 @@ static int counters(vici_conn_t *conn)
}
}
vici_free_res(res);
- return 0;
+ return ret;
}
/**
diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c
index 8e452a6f6..bf8d2cd79 100644
--- a/src/swanctl/commands/initiate.c
+++ b/src/swanctl/commands/initiate.c
@@ -131,7 +131,7 @@ static void __attribute__ ((constructor))reg()
{"--child <name> [--ike <name>] [--timeout <s>] [--raw|--pretty]"},
{
{"help", 'h', 0, "show usage information"},
- {"child", 'c', 1, "initate a CHILD_SA configuration"},
+ {"child", 'c', 1, "initiate a CHILD_SA configuration"},
{"ike", 'i', 1, "name of the connection to which the child belongs"},
{"timeout", 't', 1, "timeout in seconds before detaching"},
{"raw", 'r', 0, "dump raw response message"},
diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c
index f692e9966..5f7dd8189 100644
--- a/src/swanctl/commands/list_conns.c
+++ b/src/swanctl/commands/list_conns.c
@@ -2,7 +2,7 @@
* Copyright (C) 2014 Martin Willi
* Copyright (C) 2014 revosec AG
*
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2018 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -199,6 +199,10 @@ CALLBACK(conn_sn, int,
{
printf(" groups: %s\n", auth->get(auth, "groups"));
}
+ if (auth->get(auth, "cert_policy"))
+ {
+ printf(" cert policy: %s\n", auth->get(auth, "cert_policy"));
+ }
if (auth->get(auth, "certs"))
{
printf(" certs: %s\n", auth->get(auth, "certs"));
@@ -234,7 +238,7 @@ CALLBACK(conns, int,
void *null, vici_res_t *res, char *name)
{
int ret;
- char *version, *reauth_time, *rekey_time, *dpd_delay;
+ char *version, *reauth_time, *rekey_time, *dpd_delay, *ppk_id, *ppk_req;
hashtable_t *ike;
version = vici_find_str(res, "", "%s.version", name);
@@ -278,6 +282,14 @@ CALLBACK(conns, int,
}
printf("\n");
+ ppk_id = vici_find_str(res, NULL, "%s.ppk_id", name);
+ ppk_req = vici_find_str(res, NULL, "%s.ppk_required", name);
+ if (ppk_id || ppk_req)
+ {
+ printf(" ppk: %s%s%srequired\n", ppk_id ?: "", ppk_id ? ", " : "",
+ !ppk_req || !streq(ppk_req, "yes") ? "not " : "");
+ }
+
ret = vici_parse_cb(res, conn_sn, NULL, conn_list, ike);
free_hashtable(ike);
return ret;
diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c
index 28602fc65..232f03cc2 100644
--- a/src/swanctl/commands/list_sas.c
+++ b/src/swanctl/commands/list_sas.c
@@ -266,6 +266,10 @@ CALLBACK(ike_sa, int,
}
printf("/%s", ike->get(ike, "prf-alg"));
printf("/%s", ike->get(ike, "dh-group"));
+ if (streq(ike->get(ike, "ppk"), "yes"))
+ {
+ printf("/PPK");
+ }
printf("\n");
}
diff --git a/src/swanctl/commands/load_all.c b/src/swanctl/commands/load_all.c
index 0010ce140..26f043a6a 100644
--- a/src/swanctl/commands/load_all.c
+++ b/src/swanctl/commands/load_all.c
@@ -31,8 +31,8 @@ static int load_all(vici_conn_t *conn)
bool clear = FALSE, noprompt = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
+ char *arg, *file = SWANCTL_CONF;
int ret = 0;
- char *arg;
while (TRUE)
{
@@ -52,6 +52,9 @@ static int load_all(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -60,10 +63,10 @@ static int load_all(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -104,6 +107,7 @@ static void __attribute__ ((constructor))reg()
{"noprompt", 'n', 0, "do not prompt for passwords"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/load_authorities.c b/src/swanctl/commands/load_authorities.c
index d82c0f98e..61682a386 100644
--- a/src/swanctl/commands/load_authorities.c
+++ b/src/swanctl/commands/load_authorities.c
@@ -310,7 +310,7 @@ static int load_authorities(vici_conn_t *conn)
{
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg;
+ char *arg, *file = SWANCTL_CONF;
int ret;
while (TRUE)
@@ -325,6 +325,9 @@ static int load_authorities(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -333,10 +336,10 @@ static int load_authorities(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -360,6 +363,7 @@ static void __attribute__ ((constructor))reg()
{"help", 'h', 0, "show usage information"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c
index 0518ef54f..dad03945d 100644
--- a/src/swanctl/commands/load_conns.c
+++ b/src/swanctl/commands/load_conns.c
@@ -425,7 +425,7 @@ static int load_conns(vici_conn_t *conn)
{
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg;
+ char *arg, *file = SWANCTL_CONF;
int ret;
while (TRUE)
@@ -440,6 +440,9 @@ static int load_conns(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -448,10 +451,10 @@ static int load_conns(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -474,6 +477,7 @@ static void __attribute__ ((constructor))reg()
{"help", 'h', 0, "show usage information"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c
index 15ef2f151..a9e352f7e 100644
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@@ -665,6 +665,7 @@ static bool load_secret(load_ctx_t *ctx, char *section)
"xauth",
"ntlm",
"ike",
+ "ppk",
"private",
"rsa",
"ecdsa",
@@ -688,7 +689,7 @@ static bool load_secret(load_ctx_t *ctx, char *section)
return FALSE;
}
if (!streq(type, "eap") && !streq(type, "xauth") && !streq(type, "ntlm") &&
- !streq(type, "ike"))
+ !streq(type, "ike") && !streq(type, "ppk"))
{ /* skip non-shared secrets */
return TRUE;
}
@@ -945,7 +946,7 @@ static int load_creds(vici_conn_t *conn)
bool clear = FALSE, noprompt = FALSE;
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg;
+ char *arg, *file = SWANCTL_CONF;
int ret;
while (TRUE)
@@ -966,6 +967,9 @@ static int load_creds(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -974,10 +978,10 @@ static int load_creds(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -1002,6 +1006,7 @@ static void __attribute__ ((constructor))reg()
{"noprompt", 'n', 0, "do not prompt for passwords"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c
index feb8d3a52..ec9508efb 100644
--- a/src/swanctl/commands/load_pools.c
+++ b/src/swanctl/commands/load_pools.c
@@ -251,7 +251,7 @@ static int load_pools(vici_conn_t *conn)
{
command_format_options_t format = COMMAND_FORMAT_NONE;
settings_t *cfg;
- char *arg;
+ char *arg, *file = SWANCTL_CONF;
int ret;
while (TRUE)
@@ -266,6 +266,9 @@ static int load_pools(vici_conn_t *conn)
case 'r':
format |= COMMAND_FORMAT_RAW;
continue;
+ case 'f':
+ file = arg;
+ continue;
case EOF:
break;
default:
@@ -274,10 +277,10 @@ static int load_pools(vici_conn_t *conn)
break;
}
- cfg = settings_create(SWANCTL_CONF);
+ cfg = settings_create(file);
if (!cfg)
{
- fprintf(stderr, "parsing '%s' failed\n", SWANCTL_CONF);
+ fprintf(stderr, "parsing '%s' failed\n", file);
return EINVAL;
}
@@ -300,6 +303,7 @@ static void __attribute__ ((constructor))reg()
{"help", 'h', 0, "show usage information"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
+ {"file", 'f', 1, "custom path to swanctl.conf"},
}
});
}
diff --git a/src/swanctl/commands/rekey.c b/src/swanctl/commands/rekey.c
index 47a313657..f44ecaa3c 100644
--- a/src/swanctl/commands/rekey.c
+++ b/src/swanctl/commands/rekey.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 Tobias Brunner
+ * Copyright (C) 2017-2018 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -24,6 +24,7 @@ static int rekey(vici_conn_t *conn)
command_format_options_t format = COMMAND_FORMAT_NONE;
char *arg, *child = NULL, *ike = NULL;
int ret = 0, child_id = 0, ike_id = 0;
+ bool reauth = FALSE;
while (TRUE)
{
@@ -49,6 +50,9 @@ static int rekey(vici_conn_t *conn)
case 'I':
ike_id = atoi(arg);
continue;
+ case 'a':
+ reauth = TRUE;
+ continue;
case EOF:
break;
default:
@@ -74,6 +78,10 @@ static int rekey(vici_conn_t *conn)
{
vici_add_key_valuef(req, "ike-id", "%d", ike_id);
}
+ if (reauth)
+ {
+ vici_add_key_valuef(req, "reauth", "yes");
+ }
res = vici_submit(req, conn);
if (!res)
{
@@ -111,13 +119,14 @@ static void __attribute__ ((constructor))reg()
command_register((command_t) {
rekey, 'R', "rekey", "rekey an SA",
{"--child <name> | --ike <name | --child-id <id> | --ike-id <id>",
- "[--raw|--pretty]"},
+ "[--reauth] [--raw|--pretty]"},
{
{"help", 'h', 0, "show usage information"},
{"child", 'c', 1, "rekey by CHILD_SA name"},
{"ike", 'i', 1, "rekey by IKE_SA name"},
{"child-id", 'C', 1, "rekey by CHILD_SA unique identifier"},
{"ike-id", 'I', 1, "rekey by IKE_SA unique identifier"},
+ {"reauth", 'a', 0, "reauthenticate instead of rekey an IKEv2 SA"},
{"raw", 'r', 0, "dump raw response message"},
{"pretty", 'P', 0, "dump raw response message in pretty print"},
}
diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf
index 9b87a963a..c50f20dc6 100644
--- a/src/swanctl/swanctl.conf
+++ b/src/swanctl/swanctl.conf
@@ -56,6 +56,13 @@
# Send certificate payloads (always, never or ifasked).
# send_cert = ifasked
+ # String identifying the Postquantum Preshared Key (PPK) to be used.
+ # ppk_id =
+
+ # Whether a Postquantum Preshared Key (PPK) is required for this
+ # connection.
+ # ppk_required = no
+
# Number of retransmission sequences to perform during initial connect.
# keyingtries = 1
@@ -311,6 +318,14 @@
# Netfilter mark and mask for output traffic.
# mark_out = 0/0x00000000
+ # Netfilter mark applied to packets after the inbound IPsec SA
+ # processed them.
+ # set_mark_in = 0/0x00000000
+
+ # Netfilter mark applied to packets after the outbound IPsec SA
+ # processed them.
+ # set_mark_out = 0/0x00000000
+
# Traffic Flow Confidentiality padding.
# tfc_padding = 0
@@ -321,6 +336,18 @@
# IPsec implementation.
# hw_offload = no
+ # Whether to copy the DF bit to the outer IPv4 header in tunnel
+ # mode.
+ # copy_df = yes
+
+ # Whether to copy the ECN header field to/from the outer IP
+ # header in tunnel mode.
+ # copy_ecn = yes
+
+ # Whether to copy the DSCP header field to/from the outer IP
+ # header in tunnel mode.
+ # copy_dscp = out
+
# Action to perform after loading the configuration (none, trap,
# start).
# start_action = none
@@ -379,6 +406,17 @@
# }
+ # Postquantum Preshared Key (PPK) section for a specific secret.
+ # ppk<suffix> {
+
+ # Value of the PPK.
+ # secret =
+
+ # PPK identity the PPK belongs to.
+ # id<suffix> =
+
+ # }
+
# Private key decryption passphrase for a key in the private folder.
# private<suffix> {
diff --git a/src/swanctl/swanctl.conf.5.head.in b/src/swanctl/swanctl.conf.5.head.in
index 5742d2593..a14225df0 100644
--- a/src/swanctl/swanctl.conf.5.head.in
+++ b/src/swanctl/swanctl.conf.5.head.in
@@ -6,8 +6,8 @@ swanctl.conf is the configuration file used by the
.BR swanctl (8)
tool to load configurations and credentials into the strongSwan IKE daemon.
-For a description of the basic file syntax, including how to split the
-configuration in multiple files by including other files, refer to
+For a description of the basic file syntax, including how to reference sections
+or split the configuration in multiple files by including other files, refer to
.BR strongswan.conf (5).
.SH TIME FORMATS
diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main
index 1f7e3a2cc..1f8900959 100644
--- a/src/swanctl/swanctl.conf.5.main
+++ b/src/swanctl/swanctl.conf.5.main
@@ -217,6 +217,14 @@ causes certificate payloads to be sent unconditionally
whenever certificate authentication is used.
.TP
+.BR connections.<conn>.ppk_id " []"
+String identifying the Postquantum Preshared Key (PPK) to be used.
+
+.TP
+.BR connections.<conn>.ppk_required " [no]"
+Whether a Postquantum Preshared Key (PPK) is required for this connection.
+
+.TP
.BR connections.<conn>.keyingtries " [1]"
Number of retransmission sequences to perform during initial connect. Instead of
giving up initiation after the first retransmission sequence with the default
@@ -1127,6 +1135,52 @@ The default
mask if omitted is 0xffffffff.
.TP
+.BR connections.<conn>.children.<child>.set_mark_in " [0/0x00000000]"
+Netfilter mark applied to packets after the inbound IPsec SA processed them.
+This way it's not necessary to mark packets via Netfilter before decryption or
+right afterwards to match policies or process them differently (e.g. via policy
+routing).
+
+An additional mask may be appended to the mark, separated by
+.RI "" "/" "."
+The default
+mask if omitted is 0xffffffff. The special value
+.RI "" "%same" ""
+uses the value (but not
+the mask) from
+.RB "" "mark_in" ""
+as mark value, which can be fixed,
+.RI "" "%unique" ""
+or
+.RI "" "%unique\-dir" "."
+
+
+Setting marks in XFRM input requires Linux 4.19 or higher.
+
+.TP
+.BR connections.<conn>.children.<child>.set_mark_out " [0/0x00000000]"
+Netfilter mark applied to packets after the outbound IPsec SA processed them.
+This allows processing ESP packets differently than the original traffic (e.g.
+via policy routing).
+
+An additional mask may be appended to the mark, separated by
+.RI "" "/" "."
+The default
+mask if omitted is 0xffffffff. The special value
+.RI "" "%same" ""
+uses the value (but not
+the mask) from
+.RB "" "mark_out" ""
+as mark value, which can be fixed,
+.RI "" "%unique" ""
+or
+.RI "" "%unique\-dir" "."
+
+
+Setting marks in XFRM output is supported since Linux 4.14. Setting a mask
+requires at least Linux 4.19.
+
+.TP
.BR connections.<conn>.children.<child>.tfc_padding " [0]"
Pads ESP packets with additional data to have a consistent ESP packet size for
improved Traffic Flow Confidentiality. The padding defines the minimum size of
@@ -1155,6 +1209,44 @@ enables offloading, if it's supported, but the installation does not fail
otherwise.
.TP
+.BR connections.<conn>.children.<child>.copy_df " [yes]"
+Whether to copy the DF bit to the outer IPv4 header in tunnel mode. This
+effectively disables Path MTU discovery (PMTUD). Controlling this behavior is
+not supported by all kernel interfaces.
+
+.TP
+.BR connections.<conn>.children.<child>.copy_ecn " [yes]"
+Whether to copy the ECN (Explicit Congestion Notification) header field to/from
+the outer IP header in tunnel mode. Controlling this behavior is not supported
+by all kernel interfaces.
+
+.TP
+.BR connections.<conn>.children.<child>.copy_dscp " [out]"
+Whether to copy the DSCP (Differentiated Services Field Codepoint) header field
+to/from the outer IP header in tunnel mode. The value
+.RI "" "out" ""
+only copies the
+field from the inner to the outer header, the value
+.RI "" "in" ""
+does the opposite and
+only copies the field from the outer to the inner header when decapsulating, the
+value
+.RI "" "yes" ""
+copies the field in both directions, and the value
+.RI "" "no" ""
+disables
+copying the field altogether. Setting this to
+.RI "" "yes" ""
+or
+.RI "" "in" ""
+could allow an
+attacker to adversely affect other traffic at the receiver, which is why the
+default is
+.RI "" "out" "."
+Controlling this behavior is not supported by all kernel
+interfaces.
+
+.TP
.BR connections.<conn>.children.<child>.start_action " [none]"
Action to perform after loading the configuration. The default of
.RI "" "none" ""
@@ -1297,6 +1389,31 @@ prefix, if a secret is shared between multiple
peers.
.TP
+.B secrets.ppk<suffix>
+.br
+Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is
+defined in a unique section having the
+.RI "" "ppk" ""
+prefix.
+
+.TP
+.BR secrets.ppk<suffix>.secret " []"
+Value of the PPK. It may either be an ASCII string, a hex encoded string if
+it has a
+.RI "" "0x" ""
+prefix or a Base64 encoded string if it has a
+.RI "" "0s" ""
+prefix in its
+value. Should have at least 256 bits of entropy for 128\-bit security.
+
+.TP
+.BR secrets.ppk<suffix>.id<suffix> " []"
+PPK identity the PPK belongs to. Multiple unique identities may be specified,
+each having an
+.RI "" "id" ""
+prefix, if a secret is shared between multiple peers.
+
+.TP
.B secrets.private<suffix>
.br
Private key decryption passphrase for a key in the
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index 120e5812e..1c1e85e3e 100644
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -188,6 +188,12 @@ connections.<conn>.send_cert = ifasked
certificate payloads altogether, _always_ causes certificate payloads to be
sent unconditionally whenever certificate authentication is used.
+connections.<conn>.ppk_id =
+ String identifying the Postquantum Preshared Key (PPK) to be used.
+
+connections.<conn>.ppk_required = no
+ Whether a Postquantum Preshared Key (PPK) is required for this connection.
+
connections.<conn>.keyingtries = 1
Number of retransmission sequences to perform during initial connect.
@@ -910,6 +916,37 @@ connections.<conn>.children.<child>.mark_out = 0/0x00000000
An additional mask may be appended to the mark, separated by _/_. The
default mask if omitted is 0xffffffff.
+connections.<conn>.children.<child>.set_mark_in = 0/0x00000000
+ Netfilter mark applied to packets after the inbound IPsec SA processed them.
+
+ Netfilter mark applied to packets after the inbound IPsec SA processed them.
+ This way it's not necessary to mark packets via Netfilter before decryption
+ or right afterwards to match policies or process them differently (e.g. via
+ policy routing).
+
+ An additional mask may be appended to the mark, separated by _/_. The
+ default mask if omitted is 0xffffffff. The special value _%same_ uses
+ the value (but not the mask) from **mark_in** as mark value, which can be
+ fixed, _%unique_ or _%unique-dir_.
+
+ Setting marks in XFRM input requires Linux 4.19 or higher.
+
+connections.<conn>.children.<child>.set_mark_out = 0/0x00000000
+ Netfilter mark applied to packets after the outbound IPsec SA processed
+ them.
+
+ Netfilter mark applied to packets after the outbound IPsec SA processed
+ them. This allows processing ESP packets differently than the original
+ traffic (e.g. via policy routing).
+
+ An additional mask may be appended to the mark, separated by _/_. The
+ default mask if omitted is 0xffffffff. The special value _%same_ uses
+ the value (but not the mask) from **mark_out** as mark value, which can be
+ fixed, _%unique_ or _%unique-dir_.
+
+ Setting marks in XFRM output is supported since Linux 4.14. Setting a mask
+ requires at least Linux 4.19.
+
connections.<conn>.children.<child>.tfc_padding = 0
Traffic Flow Confidentiality padding.
@@ -937,6 +974,35 @@ connections.<conn>.children.<child>.hw_offload = no
enables offloading, if it's supported, but the installation does not fail
otherwise.
+connections.<conn>.children.<child>.copy_df = yes
+ Whether to copy the DF bit to the outer IPv4 header in tunnel mode.
+
+ Whether to copy the DF bit to the outer IPv4 header in tunnel mode. This
+ effectively disables Path MTU discovery (PMTUD). Controlling this behavior
+ is not supported by all kernel interfaces.
+
+connections.<conn>.children.<child>.copy_ecn = yes
+ Whether to copy the ECN header field to/from the outer IP header in tunnel
+ mode.
+
+ Whether to copy the ECN (Explicit Congestion Notification) header field
+ to/from the outer IP header in tunnel mode. Controlling this behavior is not
+ supported by all kernel interfaces.
+
+connections.<conn>.children.<child>.copy_dscp = out
+ Whether to copy the DSCP header field to/from the outer IP header in tunnel
+ mode.
+
+ Whether to copy the DSCP (Differentiated Services Field Codepoint) header
+ field to/from the outer IP header in tunnel mode. The value _out_ only
+ copies the field from the inner to the outer header, the value _in_ does the
+ opposite and only copies the field from the outer to the inner header when
+ decapsulating, the value _yes_ copies the field in both directions, and the
+ value _no_ disables copying the field altogether. Setting this to _yes_ or
+ _in_ could allow an attacker to adversely affect other traffic at the
+ receiver, which is why the default is _out_. Controlling this behavior is
+ not supported by all kernel interfaces.
+
connections.<conn>.children.<child>.start_action = none
Action to perform after loading the configuration (_none_, _trap_, _start_).
@@ -1047,6 +1113,26 @@ secrets.ike<suffix>.id<suffix> =
may be specified, each having an _id_ prefix, if a secret is shared between
multiple peers.
+secrets.ppk<suffix> { # }
+ Postquantum Preshared Key (PPK) section for a specific secret.
+
+ Postquantum Preshared Key (PPK) section for a specific secret. Each PPK is
+ defined in a unique section having the _ppk_ prefix.
+
+secrets.ppk<suffix>.secret =
+ Value of the PPK.
+
+ Value of the PPK. It may either be an ASCII string, a hex encoded string if
+ it has a _0x_ prefix or a Base64 encoded string if it has a _0s_ prefix in
+ its value. Should have at least 256 bits of entropy for 128-bit security.
+
+secrets.ppk<suffix>.id<suffix> =
+ PPK identity the PPK belongs to.
+
+ PPK identity the PPK belongs to. Multiple unique identities
+ may be specified, each having an _id_ prefix, if a secret is shared between
+ multiple peers.
+
secrets.private<suffix> { # }
Private key decryption passphrase for a key in the _private_ folder.
diff --git a/src/tpm_extendpcr/Makefile.in b/src/tpm_extendpcr/Makefile.in
index 0ce681c69..84867829c 100644
--- a/src/tpm_extendpcr/Makefile.in
+++ b/src/tpm_extendpcr/Makefile.in
@@ -280,7 +280,6 @@ PYTHON_VERSION = @PYTHON_VERSION@
PY_TEST = @PY_TEST@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
-RUBY = @RUBY@
RUBYGEMDIR = @RUBYGEMDIR@
SED = @SED@
SET_MAKE = @SET_MAKE@
@@ -306,6 +305,8 @@ am__tar = @am__tar@
am__untar = @am__untar@
attest_plugins = @attest_plugins@
bindir = @bindir@
+botan_CFLAGS = @botan_CFLAGS@
+botan_LIBS = @botan_LIBS@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
@@ -326,8 +327,6 @@ dvidir = @dvidir@
exec_prefix = @exec_prefix@
fips_mode = @fips_mode@
fuzz_plugins = @fuzz_plugins@
-gtk_CFLAGS = @gtk_CFLAGS@
-gtk_LIBS = @gtk_LIBS@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -382,8 +381,6 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
-ruby_CFLAGS = @ruby_CFLAGS@
-ruby_LIBS = @ruby_LIBS@
runstatedir = @runstatedir@
s_plugins = @s_plugins@
sbindir = @sbindir@
@@ -412,8 +409,12 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
tss2_CFLAGS = @tss2_CFLAGS@
tss2_LIBS = @tss2_LIBS@
+tss2_esys_CFLAGS = @tss2_esys_CFLAGS@
+tss2_esys_LIBS = @tss2_esys_LIBS@
tss2_socket_CFLAGS = @tss2_socket_CFLAGS@
tss2_socket_LIBS = @tss2_socket_LIBS@
+tss2_sys_CFLAGS = @tss2_sys_CFLAGS@
+tss2_sys_LIBS = @tss2_sys_LIBS@
tss2_tabrmd_CFLAGS = @tss2_tabrmd_CFLAGS@
tss2_tabrmd_LIBS = @tss2_tabrmd_LIBS@
urandom_device = @urandom_device@