summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins')
-rw-r--r--src/libstrongswan/plugins/aes/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/aes/aes_plugin.c20
-rw-r--r--src/libstrongswan/plugins/af_alg/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/af_alg/af_alg_crypter.c19
-rw-r--r--src/libstrongswan/plugins/af_alg/af_alg_crypter.h11
-rw-r--r--src/libstrongswan/plugins/af_alg/af_alg_hasher.c7
-rw-r--r--src/libstrongswan/plugins/af_alg/af_alg_hasher.h11
-rw-r--r--src/libstrongswan/plugins/af_alg/af_alg_ops.c2
-rw-r--r--src/libstrongswan/plugins/af_alg/af_alg_plugin.c38
-rw-r--r--src/libstrongswan/plugins/af_alg/af_alg_prf.c9
-rw-r--r--src/libstrongswan/plugins/af_alg/af_alg_prf.h11
-rw-r--r--src/libstrongswan/plugins/af_alg/af_alg_signer.c7
-rw-r--r--src/libstrongswan/plugins/af_alg/af_alg_signer.h11
-rw-r--r--src/libstrongswan/plugins/agent/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/agent/agent_plugin.c17
-rw-r--r--src/libstrongswan/plugins/agent/agent_private_key.c6
-rw-r--r--src/libstrongswan/plugins/blowfish/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/ccm/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/ccm/ccm_aead.c2
-rw-r--r--src/libstrongswan/plugins/ccm/ccm_plugin.c79
-rw-r--r--src/libstrongswan/plugins/cmac/Makefile.am16
-rw-r--r--src/libstrongswan/plugins/cmac/Makefile.in613
-rw-r--r--src/libstrongswan/plugins/cmac/cmac.c321
-rw-r--r--src/libstrongswan/plugins/cmac/cmac.h78
-rw-r--r--src/libstrongswan/plugins/cmac/cmac_plugin.c81
-rw-r--r--src/libstrongswan/plugins/cmac/cmac_plugin.h42
-rw-r--r--src/libstrongswan/plugins/cmac/cmac_prf.c121
-rw-r--r--src/libstrongswan/plugins/cmac/cmac_prf.h50
-rw-r--r--src/libstrongswan/plugins/cmac/cmac_signer.c159
-rw-r--r--src/libstrongswan/plugins/cmac/cmac_signer.h47
-rw-r--r--src/libstrongswan/plugins/constraints/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/ctr/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/ctr/ctr_plugin.c42
-rw-r--r--src/libstrongswan/plugins/curl/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/curl/curl_plugin.c35
-rw-r--r--src/libstrongswan/plugins/des/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/des/des_crypter.c6
-rw-r--r--src/libstrongswan/plugins/des/des_plugin.c24
-rw-r--r--src/libstrongswan/plugins/dnskey/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/dnskey/dnskey_plugin.c21
-rw-r--r--src/libstrongswan/plugins/fips_prf/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/fips_prf/fips_prf.c6
-rw-r--r--src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c25
-rw-r--r--src/libstrongswan/plugins/gcm/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/gcm/gcm_plugin.c46
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c174
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c6
-rw-r--r--src/libstrongswan/plugins/gmp/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_plugin.c121
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c2
-rw-r--r--src/libstrongswan/plugins/hmac/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/hmac/hmac.c4
-rw-r--r--src/libstrongswan/plugins/hmac/hmac.h4
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_plugin.c105
-rw-r--r--src/libstrongswan/plugins/ldap/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/ldap/ldap_plugin.c21
-rw-r--r--src/libstrongswan/plugins/md4/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/md4/md4_hasher.c48
-rw-r--r--src/libstrongswan/plugins/md4/md4_plugin.c18
-rw-r--r--src/libstrongswan/plugins/md5/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/md5/md5_hasher.c50
-rw-r--r--src/libstrongswan/plugins/md5/md5_plugin.c16
-rw-r--r--src/libstrongswan/plugins/mysql/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/mysql/mysql_database.c1
-rw-r--r--src/libstrongswan/plugins/mysql/mysql_plugin.c18
-rw-r--r--src/libstrongswan/plugins/openssl/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crl.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_private_key.c39
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.c309
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c3
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_util.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_x509.c45
-rw-r--r--src/libstrongswan/plugins/padlock/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/pem/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/pem/pem_builder.c49
-rw-r--r--src/libstrongswan/plugins/pem/pem_plugin.c114
-rw-r--r--src/libstrongswan/plugins/pgp/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_builder.c4
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_cert.c156
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_plugin.c42
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_utils.c18
-rw-r--r--src/libstrongswan/plugins/pkcs1/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_builder.c6
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c29
-rw-r--r--src/libstrongswan/plugins/pkcs11/Makefile.am2
-rw-r--r--src/libstrongswan/plugins/pkcs11/Makefile.in14
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11.h24
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_dh.c446
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_dh.h51
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c3
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_library.c203
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_library.h46
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_manager.c19
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_manager.h10
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c217
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c184
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h16
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c597
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h2
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_rng.c137
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_rng.h47
-rw-r--r--src/libstrongswan/plugins/pkcs8/Makefile.am16
-rw-r--r--src/libstrongswan/plugins/pkcs8/Makefile.in611
-rw-r--r--src/libstrongswan/plugins/pkcs8/pkcs8_builder.c632
-rw-r--r--src/libstrongswan/plugins/pkcs8/pkcs8_builder.h36
-rw-r--r--src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c78
-rw-r--r--src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h42
-rw-r--r--src/libstrongswan/plugins/plugin.h18
-rw-r--r--src/libstrongswan/plugins/plugin_feature.c383
-rw-r--r--src/libstrongswan/plugins/plugin_feature.h331
-rw-r--r--src/libstrongswan/plugins/plugin_loader.c485
-rw-r--r--src/libstrongswan/plugins/plugin_loader.h18
-rw-r--r--src/libstrongswan/plugins/pubkey/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_cert.c170
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_plugin.c17
-rw-r--r--src/libstrongswan/plugins/random/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/random/random_plugin.c21
-rw-r--r--src/libstrongswan/plugins/revocation/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/revocation/revocation_validator.c12
-rw-r--r--src/libstrongswan/plugins/sha1/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/sha1/sha1_hasher.c49
-rw-r--r--src/libstrongswan/plugins/sha1/sha1_plugin.c24
-rw-r--r--src/libstrongswan/plugins/sha1/sha1_prf.c60
-rw-r--r--src/libstrongswan/plugins/sha2/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/sha2/sha2_hasher.c279
-rw-r--r--src/libstrongswan/plugins/sha2/sha2_plugin.c27
-rw-r--r--src/libstrongswan/plugins/soup/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/soup/soup_plugin.c21
-rw-r--r--src/libstrongswan/plugins/sqlite/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/sqlite/sqlite_plugin.c18
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.am1
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.in27
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors.h11
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c141
-rw-r--r--src/libstrongswan/plugins/x509/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/x509/x509_ac.c206
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c76
-rw-r--r--src/libstrongswan/plugins/x509/x509_crl.c12
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_request.c126
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_response.c154
-rw-r--r--src/libstrongswan/plugins/x509/x509_pkcs10.c146
-rw-r--r--src/libstrongswan/plugins/x509/x509_plugin.c80
-rw-r--r--src/libstrongswan/plugins/xcbc/Makefile.in7
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc.c4
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc.h2
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_plugin.c44
148 files changed, 8071 insertions, 1947 deletions
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index c93f84ca7..53eecbe8d 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -199,6 +202,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -215,11 +219,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c
index d17355d1d..1e84a7c86 100644
--- a/src/libstrongswan/plugins/aes/aes_plugin.c
+++ b/src/libstrongswan/plugins/aes/aes_plugin.c
@@ -37,11 +37,22 @@ METHOD(plugin_t, get_name, char*,
return "aes";
}
+METHOD(plugin_t, get_features, int,
+ private_aes_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(CRYPTER, aes_crypter_create),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_aes_plugin_t *this)
{
- lib->crypto->remove_crypter(lib->crypto,
- (crypter_constructor_t)aes_crypter_create);
free(this);
}
@@ -56,15 +67,12 @@ plugin_t *aes_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this),
- (crypter_constructor_t)aes_crypter_create);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in
index 00b54b026..679e883e1 100644
--- a/src/libstrongswan/plugins/af_alg/Makefile.in
+++ b/src/libstrongswan/plugins/af_alg/Makefile.in
@@ -195,6 +195,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -203,6 +206,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -219,11 +223,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -267,6 +273,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_crypter.c b/src/libstrongswan/plugins/af_alg/af_alg_crypter.c
index 7b3c062aa..9c547140d 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_crypter.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_crypter.c
@@ -61,7 +61,7 @@ static struct {
/* size of the keying material (key + nonce for ctr mode) */
size_t keymat_size;
size_t iv_size;
-} algs[] = {
+} algs[AF_ALG_CRYPTER] = {
{ENCR_DES, "cbc(des)", 8, 8, 8, 8, },
{ENCR_DES_ECB, "ecb(des)", 8, 8, 8, 0, },
{ENCR_3DES, "cbc(des3_ede)", 8, 24, 24, 8, },
@@ -92,25 +92,20 @@ static struct {
/**
* See header.
*/
-void af_alg_crypter_probe(char *plugin)
+void af_alg_crypter_probe(plugin_feature_t *features, int *pos)
{
- encryption_algorithm_t prev = -1;
af_alg_ops_t *ops;
int i;
for (i = 0; i < countof(algs); i++)
{
- if (prev != algs[i].id)
+ ops = af_alg_ops_create("skcipher", algs[i].name);
+ if (ops)
{
- ops = af_alg_ops_create("skcipher", algs[i].name);
- if (ops)
- {
- ops->destroy(ops);
- lib->crypto->add_crypter(lib->crypto, algs[i].id, plugin,
- (crypter_constructor_t)af_alg_crypter_create);
- }
+ ops->destroy(ops);
+ features[(*pos)++] = PLUGIN_PROVIDE(CRYPTER,
+ algs[i].id, algs[i].key_size);
}
- prev = algs[i].id;
}
}
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_crypter.h b/src/libstrongswan/plugins/af_alg/af_alg_crypter.h
index ed7799cc8..ad2d42a97 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_crypter.h
+++ b/src/libstrongswan/plugins/af_alg/af_alg_crypter.h
@@ -23,8 +23,12 @@
typedef struct af_alg_crypter_t af_alg_crypter_t;
+#include <plugins/plugin.h>
#include <crypto/crypters/crypter.h>
+/** Number of crypters */
+#define AF_ALG_CRYPTER 25
+
/**
* Implementation of signers using AF_ALG.
*/
@@ -47,10 +51,11 @@ af_alg_crypter_t *af_alg_crypter_create(encryption_algorithm_t algo,
size_t key_size);
/**
- * Probe algorithms and register af_alg_crypter_create().
+ * Probe algorithms and return plugin features.
*
- * @param plugin plugin name to register algorithms for
+ * @param features plugin features to create
+ * @param pos current position in features
*/
-void af_alg_crypter_probe(char *plugin);
+void af_alg_crypter_probe(plugin_feature_t *features, int *pos);
#endif /** AF_ALG_CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c
index 11074c4bd..ef2350497 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c
@@ -46,7 +46,7 @@ static struct {
hash_algorithm_t id;
char *name;
size_t size;
-} algs[] = {
+} algs[AF_ALG_HASHER] = {
{HASH_SHA1, "sha1", HASH_SIZE_SHA1 },
{HASH_MD5, "md5", HASH_SIZE_MD5 },
{HASH_SHA224, "sha224", HASH_SIZE_SHA224 },
@@ -59,7 +59,7 @@ static struct {
/**
* See header.
*/
-void af_alg_hasher_probe(char *plugin)
+void af_alg_hasher_probe(plugin_feature_t *features, int *pos)
{
af_alg_ops_t *ops;
int i;
@@ -70,8 +70,7 @@ void af_alg_hasher_probe(char *plugin)
if (ops)
{
ops->destroy(ops);
- lib->crypto->add_hasher(lib->crypto, algs[i].id, plugin,
- (hasher_constructor_t)af_alg_hasher_create);
+ features[(*pos)++] = PLUGIN_PROVIDE(HASHER, algs[i].id);
}
}
}
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_hasher.h b/src/libstrongswan/plugins/af_alg/af_alg_hasher.h
index f44ba2938..5b540875a 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_hasher.h
+++ b/src/libstrongswan/plugins/af_alg/af_alg_hasher.h
@@ -23,8 +23,12 @@
typedef struct af_alg_hasher_t af_alg_hasher_t;
+#include <plugins/plugin.h>
#include <crypto/hashers/hasher.h>
+/** Number of hashers */
+#define AF_ALG_HASHER 7
+
/**
* Implementation of hashers using AF_ALG.
*/
@@ -45,10 +49,11 @@ struct af_alg_hasher_t {
af_alg_hasher_t *af_alg_hasher_create(hash_algorithm_t algo);
/**
- * Probe algorithms and register af_alg_hasher_create().
+ * Probe algorithms and return plugin features.
*
- * @param plugin plugin name to register algorithms for
+ * @param features plugin features to create
+ * @param pos current position in deps
*/
-void af_alg_hasher_probe(char *plugin);
+void af_alg_hasher_probe(plugin_feature_t *features, int *pos);
#endif /** af_alg_HASHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_ops.c b/src/libstrongswan/plugins/af_alg/af_alg_ops.c
index 82a227d97..a7b5de264 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_ops.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_ops.c
@@ -122,7 +122,7 @@ METHOD(af_alg_ops_t, crypt, void,
cmsg->cmsg_level = SOL_ALG;
cmsg->cmsg_type = ALG_SET_OP;
cmsg->cmsg_len = CMSG_LEN(sizeof(type));
- *(u_int32_t*)CMSG_DATA(cmsg) = type;
+ memcpy(CMSG_DATA(cmsg), &type, sizeof(type));
cmsg = CMSG_NXTHDR(&msg, cmsg);
cmsg->cmsg_level = SOL_ALG;
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_plugin.c b/src/libstrongswan/plugins/af_alg/af_alg_plugin.c
index 280ea4e98..445667507 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_plugin.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_plugin.c
@@ -41,18 +41,31 @@ METHOD(plugin_t, get_name, char*,
return "af-alg";
}
+METHOD(plugin_t, get_features, int,
+ private_af_alg_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[AF_ALG_HASHER + AF_ALG_SIGNER +
+ AF_ALG_PRF + AF_ALG_CRYPTER + 4] = {};
+ static int count = 0;
+
+ if (!count)
+ { /* initialize only once */
+ f[count++] = PLUGIN_REGISTER(HASHER, af_alg_hasher_create);
+ af_alg_hasher_probe(f, &count);
+ f[count++] = PLUGIN_REGISTER(SIGNER, af_alg_signer_create);
+ af_alg_signer_probe(f, &count);
+ f[count++] = PLUGIN_REGISTER(PRF, af_alg_prf_create);
+ af_alg_prf_probe(f, &count);
+ f[count++] = PLUGIN_REGISTER(CRYPTER, af_alg_crypter_create);
+ af_alg_crypter_probe(f, &count);
+ }
+ *features = f;
+ return count;
+}
+
METHOD(plugin_t, destroy, void,
private_af_alg_plugin_t *this)
{
- lib->crypto->remove_hasher(lib->crypto,
- (hasher_constructor_t)af_alg_hasher_create);
- lib->crypto->remove_signer(lib->crypto,
- (signer_constructor_t)af_alg_signer_create);
- lib->crypto->remove_prf(lib->crypto,
- (prf_constructor_t)af_alg_prf_create);
- lib->crypto->remove_crypter(lib->crypto,
- (crypter_constructor_t)af_alg_crypter_create);
-
free(this);
}
@@ -67,16 +80,11 @@ plugin_t *af_alg_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- af_alg_hasher_probe(get_name(this));
- af_alg_signer_probe(get_name(this));
- af_alg_prf_probe(get_name(this));
- af_alg_crypter_probe(get_name(this));
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_prf.c b/src/libstrongswan/plugins/af_alg/af_alg_prf.c
index 1c1174abb..a7912291f 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_prf.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_prf.c
@@ -57,7 +57,7 @@ static struct {
char *name;
size_t block_size;
bool xcbc;
-} algs[] = {
+} algs[AF_ALG_PRF] = {
{PRF_HMAC_SHA1, "hmac(sha1)", 20, FALSE, },
{PRF_HMAC_SHA2_256, "hmac(sha256)", 32, FALSE, },
{PRF_HMAC_MD5, "hmac(md5)", 16, FALSE, },
@@ -70,7 +70,7 @@ static struct {
/**
* See header.
*/
-void af_alg_prf_probe(char *plugin)
+void af_alg_prf_probe(plugin_feature_t *features, int *pos)
{
af_alg_ops_t *ops;
int i;
@@ -81,8 +81,7 @@ void af_alg_prf_probe(char *plugin)
if (ops)
{
ops->destroy(ops);
- lib->crypto->add_prf(lib->crypto, algs[i].id, plugin,
- (prf_constructor_t)af_alg_prf_create);
+ features[(*pos)++] = PLUGIN_PROVIDE(PRF, algs[i].id);
}
}
}
@@ -90,7 +89,7 @@ void af_alg_prf_probe(char *plugin)
/**
* Get the kernel algorithm string and block size for our identifier
*/
-static size_t lookup_alg(integrity_algorithm_t algo, char **name, bool *xcbc)
+static size_t lookup_alg(pseudo_random_function_t algo, char **name, bool *xcbc)
{
int i;
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_prf.h b/src/libstrongswan/plugins/af_alg/af_alg_prf.h
index d3275e7be..2f6cf0cf1 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_prf.h
+++ b/src/libstrongswan/plugins/af_alg/af_alg_prf.h
@@ -23,8 +23,12 @@
typedef struct af_alg_prf_t af_alg_prf_t;
+#include <plugins/plugin.h>
#include <crypto/prfs/prf.h>
+/** Number of PRFs */
+#define AF_ALG_PRF 7
+
/**
* Implementation of PRFs using AF_ALG.
*/
@@ -45,10 +49,11 @@ struct af_alg_prf_t {
af_alg_prf_t *af_alg_prf_create(pseudo_random_function_t algo);
/**
- * Probe algorithms and register af_alg_prf_create().
+ * Probe algorithms and return plugin features.
*
- * @param plugin plugin name to register algorithms for
+ * @param features plugin features to create
+ * @param pos current position in features
*/
-void af_alg_prf_probe(char *plugin);
+void af_alg_prf_probe(plugin_feature_t *features, int *pos);
#endif /** AF_ALG_PRF_H_ @}*/
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.c b/src/libstrongswan/plugins/af_alg/af_alg_signer.c
index 34534a06b..6cd79f8f2 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_signer.c
+++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.c
@@ -52,7 +52,7 @@ static struct {
char *name;
size_t block_size;
size_t key_size;
-} algs[] = {
+} algs[AF_ALG_SIGNER] = {
{AUTH_HMAC_SHA1_96, "hmac(sha1)", 12, 20, },
{AUTH_HMAC_SHA1_128, "hmac(sha1)", 16, 20, },
{AUTH_HMAC_SHA1_160, "hmac(sha1)", 20, 20, },
@@ -71,7 +71,7 @@ static struct {
/**
* See header.
*/
-void af_alg_signer_probe(char *plugin)
+void af_alg_signer_probe(plugin_feature_t *features, int *pos)
{
af_alg_ops_t *ops;
int i;
@@ -82,8 +82,7 @@ void af_alg_signer_probe(char *plugin)
if (ops)
{
ops->destroy(ops);
- lib->crypto->add_signer(lib->crypto, algs[i].id, plugin,
- (signer_constructor_t)af_alg_signer_create);
+ features[(*pos)++] = PLUGIN_PROVIDE(SIGNER, algs[i].id);
}
}
}
diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.h b/src/libstrongswan/plugins/af_alg/af_alg_signer.h
index 21487a118..deced7110 100644
--- a/src/libstrongswan/plugins/af_alg/af_alg_signer.h
+++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.h
@@ -23,8 +23,12 @@
typedef struct af_alg_signer_t af_alg_signer_t;
+#include <plugins/plugin.h>
#include <crypto/signers/signer.h>
+/** Number of signers */
+#define AF_ALG_SIGNER 13
+
/**
* Implementation of signers using AF_ALG.
*/
@@ -45,10 +49,11 @@ struct af_alg_signer_t {
af_alg_signer_t *af_alg_signer_create(integrity_algorithm_t algo);
/**
- * Probe algorithms and register af_alg_signer_create().
+ * Probe algorithms and return plugin features.
*
- * @param plugin plugin name to register algorithms for
+ * @param features plugin features to create
+ * @param pos current position in features
*/
-void af_alg_signer_probe(char *plugin);
+void af_alg_signer_probe(plugin_feature_t *features, int *pos);
#endif /** AF_ALG_SIGNER_H_ @}*/
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index ce333660d..452233b85 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -193,6 +193,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -201,6 +204,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -217,11 +221,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -265,6 +271,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c
index 79c13b7c1..980a140b9 100644
--- a/src/libstrongswan/plugins/agent/agent_plugin.c
+++ b/src/libstrongswan/plugins/agent/agent_plugin.c
@@ -37,11 +37,20 @@ METHOD(plugin_t, get_name, char*,
return "agent";
}
+METHOD(plugin_t, get_features, int,
+ private_agent_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(PRIVKEY, agent_private_key_open, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_agent_plugin_t *this)
{
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)agent_private_key_open);
free(this);
}
@@ -56,14 +65,12 @@ plugin_t *agent_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
- (builder_function_t)agent_private_key_open);
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c
index 0864f4118..60b57ad2d 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.c
+++ b/src/libstrongswan/plugins/agent/agent_private_key.c
@@ -161,7 +161,7 @@ static int open_connection(char *path)
*/
static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey)
{
- int len, count;
+ int len;
char buf[2048];
chunk_t blob, key, type, n;
@@ -184,7 +184,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey)
DBG1(DBG_LIB, "received invalid ssh-agent identity response");
return FALSE;
}
- count = read_uint32(&blob);
+ read_uint32(&blob);
while (blob.len)
{
@@ -398,7 +398,7 @@ agent_private_key_t *agent_private_key_open(key_type_t type, va_list args)
}
if (!path)
{
- return FALSE;
+ return NULL;
}
INIT(this,
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index be8ba72ee..52f5fa98a 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -195,6 +195,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -203,6 +206,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -219,11 +223,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -267,6 +273,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
index b2bc4a51f..2ffe6194b 100644
--- a/src/libstrongswan/plugins/ccm/Makefile.in
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -199,6 +202,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -215,11 +219,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.c b/src/libstrongswan/plugins/ccm/ccm_aead.c
index 7fee2b3c4..0d2a56a49 100644
--- a/src/libstrongswan/plugins/ccm/ccm_aead.c
+++ b/src/libstrongswan/plugins/ccm/ccm_aead.c
@@ -67,7 +67,7 @@ typedef struct __attribute__((packed)) {
u_char salt[SALT_SIZE];
u_char iv[IV_SIZE];
} nonce;
- /* lenght of plain text, q */
+ /* length of plain text, q */
u_char q[Q_SIZE];
} b0_t;
diff --git a/src/libstrongswan/plugins/ccm/ccm_plugin.c b/src/libstrongswan/plugins/ccm/ccm_plugin.c
index 2865c2ae4..549f0a736 100644
--- a/src/libstrongswan/plugins/ccm/ccm_plugin.c
+++ b/src/libstrongswan/plugins/ccm/ccm_plugin.c
@@ -5,11 +5,11 @@
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
@@ -38,12 +38,55 @@ METHOD(plugin_t, get_name, char*,
return "ccm";
}
+METHOD(plugin_t, get_features, int,
+ private_ccm_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(AEAD, ccm_aead_create),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 16),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 24),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 32),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 16),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 24),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 32),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 16),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 24),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 32),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32),
+ PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV8, 16),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV8, 24),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV8, 32),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 32),
+ PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV12, 16),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV12, 24),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV12, 32),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 32),
+ PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV16, 16),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV16, 24),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV16, 32),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 32),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_ccm_plugin_t *this)
{
- lib->crypto->remove_aead(lib->crypto,
- (aead_constructor_t)ccm_aead_create);
-
free(this);
}
@@ -53,40 +96,16 @@ METHOD(plugin_t, destroy, void,
plugin_t *ccm_plugin_create()
{
private_ccm_plugin_t *this;
- crypter_t *crypter;
INIT(this,
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 0);
- if (crypter)
- {
- crypter->destroy(crypter);
- lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV8, get_name(this),
- (aead_constructor_t)ccm_aead_create);
- lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV12, get_name(this),
- (aead_constructor_t)ccm_aead_create);
- lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV16, get_name(this),
- (aead_constructor_t)ccm_aead_create);
- }
- crypter = lib->crypto->create_crypter(lib->crypto, ENCR_CAMELLIA_CBC, 0);
- if (crypter)
- {
- crypter->destroy(crypter);
- lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV8, get_name(this),
- (aead_constructor_t)ccm_aead_create);
- lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV12, get_name(this),
- (aead_constructor_t)ccm_aead_create);
- lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16, get_name(this),
- (aead_constructor_t)ccm_aead_create);
- }
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/cmac/Makefile.am b/src/libstrongswan/plugins/cmac/Makefile.am
new file mode 100644
index 000000000..ce0104f11
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-cmac.la
+else
+plugin_LTLIBRARIES = libstrongswan-cmac.la
+endif
+
+libstrongswan_cmac_la_SOURCES = \
+ cmac_plugin.h cmac_plugin.c cmac.h cmac.c \
+ cmac_prf.h cmac_prf.c cmac_signer.h cmac_signer.c
+
+libstrongswan_cmac_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in
new file mode 100644
index 000000000..093e63f32
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/Makefile.in
@@ -0,0 +1,613 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/cmac
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_cmac_la_LIBADD =
+am_libstrongswan_cmac_la_OBJECTS = cmac_plugin.lo cmac.lo cmac_prf.lo \
+ cmac_signer.lo
+libstrongswan_cmac_la_OBJECTS = $(am_libstrongswan_cmac_la_OBJECTS)
+libstrongswan_cmac_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_cmac_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_cmac_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_cmac_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_cmac_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_cmac_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-cmac.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-cmac.la
+libstrongswan_cmac_la_SOURCES = \
+ cmac_plugin.h cmac_plugin.c cmac.h cmac.c \
+ cmac_prf.h cmac_prf.c cmac_signer.h cmac_signer.c
+
+libstrongswan_cmac_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/cmac/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/cmac/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-cmac.la: $(libstrongswan_cmac_la_OBJECTS) $(libstrongswan_cmac_la_DEPENDENCIES)
+ $(libstrongswan_cmac_la_LINK) $(am_libstrongswan_cmac_la_rpath) $(libstrongswan_cmac_la_OBJECTS) $(libstrongswan_cmac_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmac_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmac_prf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmac_signer.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/cmac/cmac.c b/src/libstrongswan/plugins/cmac/cmac.c
new file mode 100644
index 000000000..5ec7073c7
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac.c
@@ -0,0 +1,321 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include "cmac.h"
+
+#include <debug.h>
+
+typedef struct private_cmac_t private_cmac_t;
+
+/**
+ * Private data of a cmac_t object.
+ *
+ * The variable names are the same as in the RFC.
+ */
+struct private_cmac_t {
+
+ /**
+ * Public interface.
+ */
+ cmac_t public;
+
+ /**
+ * Block size, in bytes
+ */
+ u_int8_t b;
+
+ /**
+ * Crypter with key K
+ */
+ crypter_t *k;
+
+ /**
+ * K1
+ */
+ u_int8_t *k1;
+
+ /**
+ * K2
+ */
+ u_int8_t *k2;
+
+ /**
+ * T
+ */
+ u_int8_t *t;
+
+ /**
+ * remaining, unprocessed bytes in append mode
+ */
+ u_int8_t *remaining;
+
+ /**
+ * number of bytes in remaining
+ */
+ int remaining_bytes;
+};
+
+/**
+ * process supplied data, but do not run final operation
+ */
+static void update(private_cmac_t *this, chunk_t data)
+{
+ chunk_t iv;
+
+ if (this->remaining_bytes + data.len <= this->b)
+ { /* no complete block (or last block), just copy into remaining */
+ memcpy(this->remaining + this->remaining_bytes, data.ptr, data.len);
+ this->remaining_bytes += data.len;
+ return;
+ }
+
+ iv = chunk_alloca(this->b);
+ memset(iv.ptr, 0, iv.len);
+
+ /* T := 0x00000000000000000000000000000000 (initially)
+ * for each block M_i (except the last)
+ * X := T XOR M_i;
+ * T := AES-128(K, X);
+ */
+
+ /* append data to remaining bytes, process block M_1 */
+ memcpy(this->remaining + this->remaining_bytes, data.ptr,
+ this->b - this->remaining_bytes);
+ data = chunk_skip(data, this->b - this->remaining_bytes);
+ memxor(this->t, this->remaining, this->b);
+ this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+
+ /* process blocks M_2 ... M_n-1 */
+ while (data.len > this->b)
+ {
+ memcpy(this->remaining, data.ptr, this->b);
+ data = chunk_skip(data, this->b);
+ memxor(this->t, this->remaining, this->b);
+ this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+ }
+
+ /* store remaining bytes of block M_n */
+ memcpy(this->remaining, data.ptr, data.len);
+ this->remaining_bytes = data.len;
+}
+
+/**
+ * process last block M_last
+ */
+static void final(private_cmac_t *this, u_int8_t *out)
+{
+ chunk_t iv;
+
+ iv = chunk_alloca(this->b);
+ memset(iv.ptr, 0, iv.len);
+
+ /* if last block is complete
+ * M_last := M_n XOR K1;
+ * else
+ * M_last := padding(M_n) XOR K2;
+ */
+ if (this->remaining_bytes == this->b)
+ {
+ memxor(this->remaining, this->k1, this->b);
+ }
+ else
+ {
+ /* padding(x) = x || 10^i where i is 128-8*r-1
+ * That is, padding(x) is the concatenation of x and a single '1',
+ * followed by the minimum number of '0's, so that the total length is
+ * equal to 128 bits.
+ */
+ if (this->remaining_bytes < this->b)
+ {
+ this->remaining[this->remaining_bytes] = 0x80;
+ while (++this->remaining_bytes < this->b)
+ {
+ this->remaining[this->remaining_bytes] = 0x00;
+ }
+ }
+ memxor(this->remaining, this->k2, this->b);
+ }
+ /* T := M_last XOR T;
+ * T := AES-128(K,T);
+ */
+ memxor(this->t, this->remaining, this->b);
+ this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL);
+
+ memcpy(out, this->t, this->b);
+
+ /* reset state */
+ memset(this->t, 0, this->b);
+ this->remaining_bytes = 0;
+}
+
+METHOD(cmac_t, get_mac, void,
+ private_cmac_t *this, chunk_t data, u_int8_t *out)
+{
+ /* update T, do not process last block */
+ update(this, data);
+
+ if (out)
+ { /* if not in append mode, process last block and output result */
+ final(this, out);
+ }
+}
+
+METHOD(cmac_t, get_block_size, size_t,
+ private_cmac_t *this)
+{
+ return this->b;
+}
+
+/**
+ * Left-shift the given chunk by one bit.
+ */
+static void bit_shift(chunk_t chunk)
+{
+ size_t i;
+
+ for (i = 0; i < chunk.len; i++)
+ {
+ chunk.ptr[i] <<= 1;
+ if (i < chunk.len - 1 && chunk.ptr[i + 1] & 0x80)
+ {
+ chunk.ptr[i] |= 0x01;
+ }
+ }
+}
+
+/**
+ * Apply the following key derivation (in-place):
+ * if MSB(C) == 0
+ * C := C << 1
+ * else
+ * C := (C << 1) XOR 0x00000000000000000000000000000087
+ */
+static void derive_key(chunk_t chunk)
+{
+ if (chunk.ptr[0] & 0x80)
+ {
+ chunk_t rb;
+
+ rb = chunk_alloca(chunk.len);
+ memset(rb.ptr, 0, rb.len);
+ rb.ptr[rb.len - 1] = 0x87;
+ bit_shift(chunk);
+ memxor(chunk.ptr, rb.ptr, chunk.len);
+ }
+ else
+ {
+ bit_shift(chunk);
+ }
+}
+
+METHOD(cmac_t, set_key, void,
+ private_cmac_t *this, chunk_t key)
+{
+ chunk_t resized, iv, l;
+
+ /* we support variable keys as defined in RFC 4615 */
+ if (key.len == this->b)
+ {
+ resized = key;
+ }
+ else
+ { /* use cmac recursively to resize longer or shorter keys */
+ resized = chunk_alloca(this->b);
+ memset(resized.ptr, 0, resized.len);
+ set_key(this, resized);
+ get_mac(this, key, resized.ptr);
+ }
+
+ /*
+ * Rb = 0x00000000000000000000000000000087
+ * L = 0x00000000000000000000000000000000 encrypted with K
+ * if MSB(L) == 0
+ * K1 = L << 1
+ * else
+ * K1 = (L << 1) XOR Rb
+ * if MSB(K1) == 0
+ * K2 = K1 << 1
+ * else
+ * K2 = (K1 << 1) XOR Rb
+ */
+ iv = chunk_alloca(this->b);
+ memset(iv.ptr, 0, iv.len);
+ l = chunk_alloca(this->b);
+ memset(l.ptr, 0, l.len);
+ this->k->set_key(this->k, resized);
+ this->k->encrypt(this->k, l, iv, NULL);
+ derive_key(l);
+ memcpy(this->k1, l.ptr, l.len);
+ derive_key(l);
+ memcpy(this->k2, l.ptr, l.len);
+ memwipe(l.ptr, l.len);
+}
+
+METHOD(cmac_t, destroy, void,
+ private_cmac_t *this)
+{
+ this->k->destroy(this->k);
+ memwipe(this->k1, this->b);
+ free(this->k1);
+ memwipe(this->k2, this->b);
+ free(this->k2);
+ free(this->t);
+ free(this->remaining);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size)
+{
+ private_cmac_t *this;
+ crypter_t *crypter;
+ u_int8_t b;
+
+ crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size);
+ if (!crypter)
+ {
+ return NULL;
+ }
+ b = crypter->get_block_size(crypter);
+ /* input and output of crypter must be equal for cmac */
+ if (b != key_size)
+ {
+ crypter->destroy(crypter);
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .get_mac = _get_mac,
+ .get_block_size = _get_block_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ .b = b,
+ .k = crypter,
+ .k1 = malloc(b),
+ .k2 = malloc(b),
+ .t = malloc(b),
+ .remaining = malloc(b),
+ );
+ memset(this->t, 0, b);
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/cmac/cmac.h b/src/libstrongswan/plugins/cmac/cmac.h
new file mode 100644
index 000000000..061609127
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac cmac
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef CMAC_H_
+#define CMAC_H_
+
+#include <crypto/crypters/crypter.h>
+
+typedef struct cmac_t cmac_t;
+
+/**
+ * Cipher-based Message Authentication Code (CMAC).
+ *
+ * This class implements the message authentication algorithm
+ * described in RFC 4493.
+ */
+struct cmac_t {
+
+ /**
+ * Generate message authentication code.
+ *
+ * If buffer is NULL, no result is given back. A next call will
+ * append the data to already supplied data. If buffer is not NULL,
+ * the mac of all apended data is calculated, returned and the internal
+ * state is reset.
+ *
+ * @param data chunk of data to authenticate
+ * @param buffer pointer where the generated bytes will be written
+ */
+ void (*get_mac) (cmac_t *this, chunk_t data, u_int8_t *buffer);
+
+ /**
+ * Get the block size of this cmac_t object.
+ *
+ * @return block size in bytes
+ */
+ size_t (*get_block_size) (cmac_t *this);
+
+ /**
+ * Set the key for this cmac_t object.
+ *
+ * @param key key to set
+ */
+ void (*set_key) (cmac_t *this, chunk_t key);
+
+ /**
+ * Destroys a cmac_t object.
+ */
+ void (*destroy) (cmac_t *this);
+};
+
+/**
+ * Creates a new cmac_t object.
+ *
+ * @param algo underlying crypto algorithm
+ * @param key_size key size to use, if required for algorithm
+ * @return cmac_t object, NULL if not supported
+ */
+cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size);
+
+#endif /** CMAC_H_ @}*/
diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.c b/src/libstrongswan/plugins/cmac/cmac_plugin.c
new file mode 100644
index 000000000..5b42c5002
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_plugin.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "cmac_plugin.h"
+
+#include <library.h>
+#include "cmac_prf.h"
+#include "cmac_signer.h"
+
+typedef struct private_cmac_plugin_t private_cmac_plugin_t;
+
+/**
+ * private data of cmac_plugin
+ */
+struct private_cmac_plugin_t {
+
+ /**
+ * public functions
+ */
+ cmac_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_cmac_plugin_t *this)
+{
+ return "cmac";
+}
+
+METHOD(plugin_t, get_features, int,
+ private_cmac_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(PRF, cmac_prf_create),
+ PLUGIN_PROVIDE(PRF, PRF_AES128_CMAC),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_REGISTER(SIGNER, cmac_signer_create),
+ PLUGIN_PROVIDE(SIGNER, AUTH_AES_CMAC_96),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+ };
+ *features = f;
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ private_cmac_plugin_t *this)
+{
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *cmac_plugin_create()
+{
+ private_cmac_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ return &this->public.plugin;
+}
+
diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.h b/src/libstrongswan/plugins/cmac/cmac_plugin.h
new file mode 100644
index 000000000..a31e1077d
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac_p cmac
+ * @ingroup plugins
+ *
+ * @defgroup cmac_plugin cmac_plugin
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef CMAC_PLUGIN_H_
+#define CMAC_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct cmac_plugin_t cmac_plugin_t;
+
+/**
+ * Plugin implementing CMAC algorithm to provide crypter based PRF and signer.
+ */
+struct cmac_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** CMAC_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/cmac/cmac_prf.c b/src/libstrongswan/plugins/cmac/cmac_prf.c
new file mode 100644
index 000000000..17affe439
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_prf.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "cmac_prf.h"
+
+#include "cmac.h"
+
+typedef struct private_cmac_prf_t private_cmac_prf_t;
+
+/**
+ * Private data of a cmac_prf_t object.
+ */
+struct private_cmac_prf_t {
+
+ /**
+ * Public cmac_prf_t interface.
+ */
+ cmac_prf_t public;
+
+ /**
+ * cmac to use for generation.
+ */
+ cmac_t *cmac;
+};
+
+METHOD(prf_t, get_bytes, void,
+ private_cmac_prf_t *this, chunk_t seed, u_int8_t *buffer)
+{
+ this->cmac->get_mac(this->cmac, seed, buffer);
+}
+
+METHOD(prf_t, allocate_bytes, void,
+ private_cmac_prf_t *this, chunk_t seed, chunk_t *chunk)
+{
+ if (chunk)
+ {
+ *chunk = chunk_alloc(this->cmac->get_block_size(this->cmac));
+ get_bytes(this, seed, chunk->ptr);
+ }
+ else
+ {
+ get_bytes(this, seed, NULL);
+ }
+}
+
+METHOD(prf_t, get_block_size, size_t,
+ private_cmac_prf_t *this)
+{
+ return this->cmac->get_block_size(this->cmac);
+}
+
+METHOD(prf_t, get_key_size, size_t,
+ private_cmac_prf_t *this)
+{
+ /* in cmac, block and key size are always equal */
+ return this->cmac->get_block_size(this->cmac);
+}
+
+METHOD(prf_t, set_key, void,
+ private_cmac_prf_t *this, chunk_t key)
+{
+ this->cmac->set_key(this->cmac, key);
+}
+
+METHOD(prf_t, destroy, void,
+ private_cmac_prf_t *this)
+{
+ this->cmac->destroy(this->cmac);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo)
+{
+ private_cmac_prf_t *this;
+ cmac_t *cmac;
+
+ switch (algo)
+ {
+ case PRF_AES128_CMAC:
+ cmac = cmac_create(ENCR_AES_CBC, 16);
+ break;
+ default:
+ return NULL;
+ }
+ if (!cmac)
+ {
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .prf = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .get_block_size = _get_block_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .cmac = cmac,
+ );
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/cmac/cmac_prf.h b/src/libstrongswan/plugins/cmac/cmac_prf.h
new file mode 100644
index 000000000..a53cc5947
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_prf.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac_prf cmac_prf
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef PRF_CMAC_H_
+#define PRF_CMAC_H_
+
+typedef struct cmac_prf_t cmac_prf_t;
+
+#include <crypto/prfs/prf.h>
+
+/**
+ * Implementation of prf_t on CBC block cipher using CMAC, RFC 4493 / RFC 4615.
+ *
+ * This simply wraps a cmac_t in a prf_t. More a question of
+ * interface matching.
+ */
+struct cmac_prf_t {
+
+ /**
+ * Implements prf_t interface.
+ */
+ prf_t prf;
+};
+
+/**
+ * Creates a new cmac_prf_t object.
+ *
+ * @param algo algorithm to implement
+ * @return cmac_prf_t object, NULL if hash not supported
+ */
+cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo);
+
+#endif /** PRF_CMAC_H_ @}*/
diff --git a/src/libstrongswan/plugins/cmac/cmac_signer.c b/src/libstrongswan/plugins/cmac/cmac_signer.c
new file mode 100644
index 000000000..82e8885d6
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_signer.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include "cmac_signer.h"
+#include "cmac.h"
+
+typedef struct private_cmac_signer_t private_cmac_signer_t;
+
+/**
+ * Private data structure with signing context.
+ */
+struct private_cmac_signer_t {
+
+ /**
+ * Public interface.
+ */
+ cmac_signer_t public;
+
+ /**
+ * Assigned cmac function.
+ */
+ cmac_t *cmac;
+
+ /**
+ * Block size (truncation of CMAC MAC)
+ */
+ size_t block_size;
+};
+
+METHOD(signer_t, get_signature, void,
+ private_cmac_signer_t *this, chunk_t data, u_int8_t *buffer)
+{
+ if (buffer == NULL)
+ { /* append mode */
+ this->cmac->get_mac(this->cmac, data, NULL);
+ }
+ else
+ {
+ u_int8_t mac[this->cmac->get_block_size(this->cmac)];
+
+ this->cmac->get_mac(this->cmac, data, mac);
+ memcpy(buffer, mac, this->block_size);
+ }
+}
+
+METHOD(signer_t, allocate_signature, void,
+ private_cmac_signer_t *this, chunk_t data, chunk_t *chunk)
+{
+ if (chunk == NULL)
+ { /* append mode */
+ this->cmac->get_mac(this->cmac, data, NULL);
+ }
+ else
+ {
+ u_int8_t mac[this->cmac->get_block_size(this->cmac)];
+
+ this->cmac->get_mac(this->cmac, data, mac);
+
+ chunk->ptr = malloc(this->block_size);
+ chunk->len = this->block_size;
+
+ memcpy(chunk->ptr, mac, this->block_size);
+ }
+}
+
+METHOD(signer_t, verify_signature, bool,
+ private_cmac_signer_t *this, chunk_t data, chunk_t signature)
+{
+ u_int8_t mac[this->cmac->get_block_size(this->cmac)];
+
+ if (signature.len != this->block_size)
+ {
+ return FALSE;
+ }
+
+ this->cmac->get_mac(this->cmac, data, mac);
+ return memeq(signature.ptr, mac, this->block_size);
+}
+
+METHOD(signer_t, get_key_size, size_t,
+ private_cmac_signer_t *this)
+{
+ return this->cmac->get_block_size(this->cmac);
+}
+
+METHOD(signer_t, get_block_size, size_t,
+ private_cmac_signer_t *this)
+{
+ return this->block_size;
+}
+
+METHOD(signer_t, set_key, void,
+ private_cmac_signer_t *this, chunk_t key)
+{
+ this->cmac->set_key(this->cmac, key);
+}
+
+METHOD(signer_t, destroy, void,
+ private_cmac_signer_t *this)
+{
+ this->cmac->destroy(this->cmac);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo)
+{
+ private_cmac_signer_t *this;
+ size_t truncation;
+ cmac_t *cmac;
+
+ switch (algo)
+ {
+ case AUTH_AES_CMAC_96:
+ cmac = cmac_create(ENCR_AES_CBC, 16);
+ truncation = 12;
+ break;
+ default:
+ return NULL;
+ }
+ if (cmac == NULL)
+ {
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .signer = {
+ .get_signature = _get_signature,
+ .allocate_signature = _allocate_signature,
+ .verify_signature = _verify_signature,
+ .get_key_size = _get_key_size,
+ .get_block_size = _get_block_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .cmac = cmac,
+ .block_size = min(truncation, cmac->get_block_size(cmac)),
+ );
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/cmac/cmac_signer.h b/src/libstrongswan/plugins/cmac/cmac_signer.h
new file mode 100644
index 000000000..2e3724471
--- /dev/null
+++ b/src/libstrongswan/plugins/cmac/cmac_signer.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup cmac_signer cmac_signer
+ * @{ @ingroup cmac_p
+ */
+
+#ifndef CMAC_SIGNER_H_
+#define CMAC_SIGNER_H_
+
+typedef struct cmac_signer_t cmac_signer_t;
+
+#include <crypto/signers/signer.h>
+
+/**
+ * Implementation of signer_t on CBC symmetric cipher using CMAC, RFC 4494.
+ */
+struct cmac_signer_t {
+
+ /**
+ * Implements signer_t interface.
+ */
+ signer_t signer;
+};
+
+/**
+ * Creates a new cmac_signer_t.
+ *
+ * @param algo algorithm to implement
+ * @return cmac_signer_t, NULL if not supported
+ */
+cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo);
+
+#endif /** CMAC_SIGNER_H_ @}*/
diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in
index 8be502a9c..06b66db60 100644
--- a/src/libstrongswan/plugins/constraints/Makefile.in
+++ b/src/libstrongswan/plugins/constraints/Makefile.in
@@ -195,6 +195,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -203,6 +206,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -219,11 +223,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -267,6 +273,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
index 0db640829..853625a19 100644
--- a/src/libstrongswan/plugins/ctr/Makefile.in
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -199,6 +202,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -215,11 +219,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/ctr/ctr_plugin.c b/src/libstrongswan/plugins/ctr/ctr_plugin.c
index 6850cacf0..c01308a52 100644
--- a/src/libstrongswan/plugins/ctr/ctr_plugin.c
+++ b/src/libstrongswan/plugins/ctr/ctr_plugin.c
@@ -38,12 +38,31 @@ METHOD(plugin_t, get_name, char*,
return "ctr";
}
+METHOD(plugin_t, get_features, int,
+ private_ctr_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(CRYPTER, ctr_ipsec_crypter_create),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 24),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 32),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 16),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 24),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 32),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 32),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_ctr_plugin_t *this)
{
- lib->crypto->remove_crypter(lib->crypto,
- (crypter_constructor_t)ctr_ipsec_crypter_create);
-
free(this);
}
@@ -53,31 +72,16 @@ METHOD(plugin_t, destroy, void,
plugin_t *ctr_plugin_create()
{
private_ctr_plugin_t *this;
- crypter_t *crypter;
INIT(this,
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16);
- if (crypter)
- {
- crypter->destroy(crypter);
- lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, get_name(this),
- (crypter_constructor_t)ctr_ipsec_crypter_create);
- }
- crypter = lib->crypto->create_crypter(lib->crypto, ENCR_CAMELLIA_CBC, 16);
- if (crypter)
- {
- crypter->destroy(crypter);
- lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, get_name(this),
- (crypter_constructor_t)ctr_ipsec_crypter_create);
- }
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index cdfb2b801..5b83c60f8 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -199,6 +202,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -215,11 +219,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c
index d0e532055..8628c4bb5 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.c
+++ b/src/libstrongswan/plugins/curl/curl_plugin.c
@@ -40,11 +40,23 @@ METHOD(plugin_t, get_name, char*,
return "curl";
}
+METHOD(plugin_t, get_features, int,
+ private_curl_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(FETCHER, curl_fetcher_create),
+ PLUGIN_PROVIDE(FETCHER, "file://"),
+ PLUGIN_PROVIDE(FETCHER, "http://"),
+ PLUGIN_PROVIDE(FETCHER, "https://"),
+ PLUGIN_PROVIDE(FETCHER, "ftp://"),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_curl_plugin_t *this)
{
- lib->fetcher->remove_fetcher(lib->fetcher,
- (fetcher_constructor_t)curl_fetcher_create);
curl_global_cleanup();
free(this);
}
@@ -61,28 +73,19 @@ plugin_t *curl_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
res = curl_global_init(CURL_GLOBAL_NOTHING);
- if (res == CURLE_OK)
- {
- lib->fetcher->add_fetcher(lib->fetcher,
- (fetcher_constructor_t)curl_fetcher_create, "file://");
- lib->fetcher->add_fetcher(lib->fetcher,
- (fetcher_constructor_t)curl_fetcher_create, "http://");
- lib->fetcher->add_fetcher(lib->fetcher,
- (fetcher_constructor_t)curl_fetcher_create, "https://");
- lib->fetcher->add_fetcher(lib->fetcher,
- (fetcher_constructor_t)curl_fetcher_create, "ftp://");
- }
- else
+ if (res != CURLE_OK)
{
- DBG1(DBG_LIB, "global libcurl initializing failed: %s, curl disabled",
+ DBG1(DBG_LIB, "global libcurl initializing failed: %s",
curl_easy_strerror(res));
+ destroy(this);
+ return NULL;
}
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index d24ac40f8..f4056951a 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -199,6 +202,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -215,11 +219,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c
index 695e7e4c4..bc399ef8a 100644
--- a/src/libstrongswan/plugins/des/des_crypter.c
+++ b/src/libstrongswan/plugins/des/des_crypter.c
@@ -80,7 +80,7 @@ struct private_des_crypter_t {
des_crypter_t public;
/**
- * Key size, depends on algoritm...
+ * Key size, depends on algorithm...
*/
size_t key_size;
@@ -127,7 +127,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
#endif
/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
+ * Very much CPU dependent */
#ifndef DES_UNROLL
#define DES_UNROLL
#endif
@@ -316,7 +316,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
* bytes, probably an issue of accessing non-word aligned objects :-( */
#ifdef DES_PTR
-/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
+/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
* is no reason to not xor all the sub items together. This potentially
* saves a register since things can be xored directly into L */
diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c
index 78b73347d..be2587679 100644
--- a/src/libstrongswan/plugins/des/des_plugin.c
+++ b/src/libstrongswan/plugins/des/des_plugin.c
@@ -37,11 +37,22 @@ METHOD(plugin_t, get_name, char*,
return "des";
}
+METHOD(plugin_t, get_features, int,
+ private_des_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(CRYPTER, des_crypter_create),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_des_plugin_t *this)
{
- lib->crypto->remove_crypter(lib->crypto,
- (crypter_constructor_t)des_crypter_create);
free(this);
}
@@ -56,19 +67,12 @@ plugin_t *des_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->crypto->add_crypter(lib->crypto, ENCR_3DES, get_name(this),
- (crypter_constructor_t)des_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_DES, get_name(this),
- (crypter_constructor_t)des_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, get_name(this),
- (crypter_constructor_t)des_crypter_create);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index 62c52498c..dabddd6d0 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -194,6 +194,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -202,6 +205,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -218,11 +222,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -266,6 +272,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
index 4e08746f8..b6863e8e3 100644
--- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
+++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
@@ -37,11 +37,22 @@ METHOD(plugin_t, get_name, char*,
return "dnskey";
}
+METHOD(plugin_t, get_features, int,
+ private_dnskey_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(PUBKEY, dnskey_public_key_load, FALSE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
+ PLUGIN_REGISTER(PUBKEY, dnskey_public_key_load, FALSE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_dnskey_plugin_t *this)
{
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)dnskey_public_key_load);
free(this);
}
@@ -56,15 +67,11 @@ plugin_t *dnskey_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
- (builder_function_t)dnskey_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE,
- (builder_function_t)dnskey_public_key_load);
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index e88a102b8..cbe9ef303 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -194,6 +194,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -202,6 +205,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -218,11 +222,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -266,6 +272,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c
index ee71f6efd..c0666367a 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c
@@ -127,14 +127,14 @@ METHOD(prf_t, get_bytes, void,
{
/* a. XVAL = (XKEY + XSEED j) mod 2^b */
add_mod(this->b, xkey, xseed, xval);
- DBG3(DBG_LIB, "XVAL %b", xval, this->b);
+ DBG3(DBG_LIB, "XVAL %b", xval, (u_int)this->b);
/* b. wi = G(t, XVAL ) */
this->g(this, chunk_create(xval, this->b), &w[i * this->b]);
- DBG3(DBG_LIB, "w[%d] %b", i, &w[i * this->b], this->b);
+ DBG3(DBG_LIB, "w[%d] %b", i, &w[i * this->b], (u_int)this->b);
/* c. XKEY = (1 + XKEY + wi) mod 2b */
add_mod(this->b, xkey, &w[i * this->b], sum);
add_mod(this->b, sum, one, xkey);
- DBG3(DBG_LIB, "XKEY %b", xkey, this->b);
+ DBG3(DBG_LIB, "XKEY %b", xkey, (u_int)this->b);
}
/* 3.3 done already, mod q not used */
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
index 7038da146..68b6bacb2 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
@@ -37,11 +37,21 @@ METHOD(plugin_t, get_name, char*,
return "fips-prf";
}
+METHOD(plugin_t, get_features, int,
+ private_fips_prf_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(PRF, fips_prf_create),
+ PLUGIN_PROVIDE(PRF, PRF_FIPS_SHA1_160),
+ PLUGIN_DEPENDS(PRF, PRF_KEYED_SHA1),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_fips_prf_plugin_t *this)
{
- lib->crypto->remove_prf(lib->crypto,
- (prf_constructor_t)fips_prf_create);
free(this);
}
@@ -51,25 +61,16 @@ METHOD(plugin_t, destroy, void,
plugin_t *fips_prf_plugin_create()
{
private_fips_prf_plugin_t *this;
- prf_t *prf;
INIT(this,
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- prf = lib->crypto->create_prf(lib->crypto, PRF_KEYED_SHA1);
- if (prf)
- {
- prf->destroy(prf);
- lib->crypto->add_prf(lib->crypto, PRF_FIPS_SHA1_160, get_name(this),
- (prf_constructor_t)fips_prf_create);
- }
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
index 202849eb6..8285b5aeb 100644
--- a/src/libstrongswan/plugins/gcm/Makefile.in
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -199,6 +202,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -215,11 +219,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/gcm/gcm_plugin.c b/src/libstrongswan/plugins/gcm/gcm_plugin.c
index 4b46f0ee4..abfa4f007 100644
--- a/src/libstrongswan/plugins/gcm/gcm_plugin.c
+++ b/src/libstrongswan/plugins/gcm/gcm_plugin.c
@@ -38,12 +38,37 @@ METHOD(plugin_t, get_name, char*,
return "gcm";
}
+METHOD(plugin_t, get_features, int,
+ private_gcm_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(AEAD, gcm_aead_create),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 16),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 24),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 32),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24),
+ PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_gcm_plugin_t *this)
{
- lib->crypto->remove_aead(lib->crypto,
- (aead_constructor_t)gcm_aead_create);
-
free(this);
}
@@ -53,29 +78,16 @@ METHOD(plugin_t, destroy, void,
plugin_t *gcm_plugin_create()
{
private_gcm_plugin_t *this;
- crypter_t *crypter;
INIT(this,
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 0);
- if (crypter)
- {
- crypter->destroy(crypter);
- lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV8, get_name(this),
- (aead_constructor_t)gcm_aead_create);
- lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV12, get_name(this),
- (aead_constructor_t)gcm_aead_create);
- lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16, get_name(this),
- (aead_constructor_t)gcm_aead_create);
- }
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index bedb918b9..4dc72fed0 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -195,6 +195,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -203,6 +206,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -219,11 +223,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -267,6 +273,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index e26277b0b..a48d4a133 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -99,25 +99,81 @@ METHOD(plugin_t, get_name, char*,
return "gcrypt";
}
+METHOD(plugin_t, get_features, int,
+ private_gcrypt_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ /* crypters */
+ PLUGIN_REGISTER(CRYPTER, gcrypt_crypter_create),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 32),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
+ /* gcrypt only supports 128 bit blowfish */
+ PLUGIN_PROVIDE(CRYPTER, ENCR_BLOWFISH, 16),
+#ifdef HAVE_GCRY_CIPHER_CAMELLIA
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 32),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32),
+#endif
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAST, 0),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 32),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_TWOFISH_CBC, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_TWOFISH_CBC, 32),
+ /* hashers */
+ PLUGIN_REGISTER(HASHER, gcrypt_hasher_create),
+ PLUGIN_PROVIDE(HASHER, HASH_MD4),
+ PLUGIN_PROVIDE(HASHER, HASH_MD5),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA1),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA224),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA256),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA384),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA512),
+ /* MODP DH groups */
+ PLUGIN_REGISTER(DH, gcrypt_dh_create),
+ PLUGIN_PROVIDE(DH, MODP_2048_BIT),
+ PLUGIN_PROVIDE(DH, MODP_2048_224),
+ PLUGIN_PROVIDE(DH, MODP_2048_256),
+ PLUGIN_PROVIDE(DH, MODP_1536_BIT),
+ PLUGIN_PROVIDE(DH, MODP_3072_BIT),
+ PLUGIN_PROVIDE(DH, MODP_4096_BIT),
+ PLUGIN_PROVIDE(DH, MODP_6144_BIT),
+ PLUGIN_PROVIDE(DH, MODP_8192_BIT),
+ PLUGIN_PROVIDE(DH, MODP_1024_BIT),
+ PLUGIN_PROVIDE(DH, MODP_1024_160),
+ PLUGIN_PROVIDE(DH, MODP_768_BIT),
+ PLUGIN_REGISTER(DH, gcrypt_dh_create_custom),
+ PLUGIN_PROVIDE(DH, MODP_CUSTOM),
+ /* RSA private/public key loading */
+ PLUGIN_REGISTER(PUBKEY, gcrypt_rsa_public_key_load, TRUE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+ PLUGIN_REGISTER(PRIVKEY, gcrypt_rsa_private_key_load, TRUE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
+ PLUGIN_REGISTER(PRIVKEY_GEN, gcrypt_rsa_private_key_gen, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
+ /* random numbers */
+ PLUGIN_REGISTER(RNG, gcrypt_rng_create),
+ PLUGIN_PROVIDE(RNG, RNG_WEAK),
+ PLUGIN_PROVIDE(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(RNG, RNG_TRUE),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_gcrypt_plugin_t *this)
{
- lib->crypto->remove_hasher(lib->crypto,
- (hasher_constructor_t)gcrypt_hasher_create);
- lib->crypto->remove_crypter(lib->crypto,
- (crypter_constructor_t)gcrypt_crypter_create);
- lib->crypto->remove_rng(lib->crypto,
- (rng_constructor_t)gcrypt_rng_create);
- lib->crypto->remove_dh(lib->crypto,
- (dh_constructor_t)gcrypt_dh_create);
- lib->crypto->remove_dh(lib->crypto,
- (dh_constructor_t)gcrypt_dh_create_custom);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)gcrypt_rsa_private_key_gen);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)gcrypt_rsa_private_key_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)gcrypt_rsa_public_key_load);
free(this);
}
@@ -149,96 +205,12 @@ plugin_t *gcrypt_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- /* hashers */
- lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this),
- (hasher_constructor_t)gcrypt_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_MD4, get_name(this),
- (hasher_constructor_t)gcrypt_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this),
- (hasher_constructor_t)gcrypt_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA224, get_name(this),
- (hasher_constructor_t)gcrypt_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this),
- (hasher_constructor_t)gcrypt_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this),
- (hasher_constructor_t)gcrypt_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this),
- (hasher_constructor_t)gcrypt_hasher_create);
-
- /* crypters */
- lib->crypto->add_crypter(lib->crypto, ENCR_3DES, get_name(this),
- (crypter_constructor_t)gcrypt_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_CAST, get_name(this),
- (crypter_constructor_t)gcrypt_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, get_name(this),
- (crypter_constructor_t)gcrypt_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_DES, get_name(this),
- (crypter_constructor_t)gcrypt_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, get_name(this),
- (crypter_constructor_t)gcrypt_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this),
- (crypter_constructor_t)gcrypt_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, get_name(this),
- (crypter_constructor_t)gcrypt_crypter_create);
-#ifdef HAVE_GCRY_CIPHER_CAMELLIA
- lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, get_name(this),
- (crypter_constructor_t)gcrypt_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, get_name(this),
- (crypter_constructor_t)gcrypt_crypter_create);
-#endif /* HAVE_GCRY_CIPHER_CAMELLIA */
- lib->crypto->add_crypter(lib->crypto, ENCR_SERPENT_CBC, get_name(this),
- (crypter_constructor_t)gcrypt_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC, get_name(this),
- (crypter_constructor_t)gcrypt_crypter_create);
-
- /* random numbers */
- lib->crypto->add_rng(lib->crypto, RNG_WEAK, get_name(this),
- (rng_constructor_t)gcrypt_rng_create);
- lib->crypto->add_rng(lib->crypto, RNG_STRONG, get_name(this),
- (rng_constructor_t)gcrypt_rng_create);
- lib->crypto->add_rng(lib->crypto, RNG_TRUE, get_name(this),
- (rng_constructor_t)gcrypt_rng_create);
-
- /* diffie hellman groups, using modp */
- lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, get_name(this),
- (dh_constructor_t)gcrypt_dh_create);
- lib->crypto->add_dh(lib->crypto, MODP_2048_224, get_name(this),
- (dh_constructor_t)gcrypt_dh_create);
- lib->crypto->add_dh(lib->crypto, MODP_2048_256, get_name(this),
- (dh_constructor_t)gcrypt_dh_create);
- lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, get_name(this),
- (dh_constructor_t)gcrypt_dh_create);
- lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this),
- (dh_constructor_t)gcrypt_dh_create);
- lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this),
- (dh_constructor_t)gcrypt_dh_create);
- lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this),
- (dh_constructor_t)gcrypt_dh_create);
- lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this),
- (dh_constructor_t)gcrypt_dh_create);
- lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this),
- (dh_constructor_t)gcrypt_dh_create);
- lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this),
- (dh_constructor_t)gcrypt_dh_create);
- lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this),
- (dh_constructor_t)gcrypt_dh_create);
- lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this),
- (dh_constructor_t)gcrypt_dh_create_custom);
-
- /* RSA */
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
- (builder_function_t)gcrypt_rsa_private_key_gen);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE,
- (builder_function_t)gcrypt_rsa_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE,
- (builder_function_t)gcrypt_rsa_public_key_load);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index 38ce2cd6c..eb38eea3b 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -68,7 +68,7 @@ chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name, gcry_sexp_t key)
if (key)
{
/* gcrypt might return more bytes than necessary. Truncate
- * to key lenght if key given, or prepend zeros if needed */
+ * to key length if key given, or prepend zeros if needed */
len = gcry_pk_get_nbits(key);
len = len / 8 + (len % 8 ? 1 : 0);
if (len > data.len)
@@ -504,7 +504,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type,
va_list args)
{
private_gcrypt_rsa_private_key_t *this;
- chunk_t n, e, d, p, q, exp, u;
+ chunk_t n, e, d, p, q, u;
gcry_error_t err;
n = e = d = p = q = u = chunk_empty;
@@ -531,7 +531,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type,
case BUILD_RSA_EXP1:
case BUILD_RSA_EXP2:
/* not required for gcrypt */
- exp = va_arg(args, chunk_t);
+ va_arg(args, chunk_t);
continue;
case BUILD_RSA_COEFF:
u = va_arg(args, chunk_t);
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index 18592ab4a..34a23312b 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -200,6 +203,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -216,11 +220,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c
index 55ccd4a4f..d93aa14a1 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.c
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c
@@ -39,19 +39,85 @@ METHOD(plugin_t, get_name, char*,
return "gmp";
}
+METHOD(plugin_t, get_features, int,
+ private_gmp_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ /* DH groups */
+ PLUGIN_REGISTER(DH, gmp_diffie_hellman_create),
+ PLUGIN_PROVIDE(DH, MODP_2048_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_2048_224),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_2048_256),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_1536_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_3072_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_4096_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_6144_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_8192_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_1024_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_1024_160),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_768_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_REGISTER(DH, gmp_diffie_hellman_create_custom),
+ PLUGIN_PROVIDE(DH, MODP_CUSTOM),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ /* private/public keys */
+ PLUGIN_REGISTER(PRIVKEY, gmp_rsa_private_key_load, TRUE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
+ PLUGIN_REGISTER(PRIVKEY_GEN, gmp_rsa_private_key_gen, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
+ PLUGIN_DEPENDS(RNG, RNG_TRUE),
+ PLUGIN_REGISTER(PUBKEY, gmp_rsa_public_key_load, TRUE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+ /* signature schemes, private */
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA224),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
+ PLUGIN_DEPENDS(HASHER, HASH_MD5),
+ /* signature verification schemes */
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA224),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
+ PLUGIN_DEPENDS(HASHER, HASH_MD5),
+ /* en-/decryption schemes */
+ PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1),
+ PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1),
+ PLUGIN_DEPENDS(RNG, RNG_WEAK),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_gmp_plugin_t *this)
{
- lib->crypto->remove_dh(lib->crypto,
- (dh_constructor_t)gmp_diffie_hellman_create);
- lib->crypto->remove_dh(lib->crypto,
- (dh_constructor_t)gmp_diffie_hellman_create_custom);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)gmp_rsa_private_key_gen);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)gmp_rsa_private_key_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)gmp_rsa_public_key_load);
free(this);
}
@@ -66,45 +132,12 @@ plugin_t *gmp_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, get_name(this),
- (dh_constructor_t)gmp_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_2048_224, get_name(this),
- (dh_constructor_t)gmp_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_2048_256, get_name(this),
- (dh_constructor_t)gmp_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, get_name(this),
- (dh_constructor_t)gmp_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this),
- (dh_constructor_t)gmp_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this),
- (dh_constructor_t)gmp_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this),
- (dh_constructor_t)gmp_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this),
- (dh_constructor_t)gmp_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this),
- (dh_constructor_t)gmp_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this),
- (dh_constructor_t)gmp_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this),
- (dh_constructor_t)gmp_diffie_hellman_create);
-
- lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this),
- (dh_constructor_t)gmp_diffie_hellman_create_custom);
-
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
- (builder_function_t)gmp_rsa_private_key_gen);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE,
- (builder_function_t)gmp_rsa_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE,
- (builder_function_t)gmp_rsa_public_key_load);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index a7ba80138..898892f5b 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -137,7 +137,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
if (signature.len == 0 || signature.len > this->k)
{
- return INVALID_ARG;
+ return FALSE;
}
/* unpack signature */
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index b9e2cd817..5242764d4 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -200,6 +203,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -216,11 +220,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c
index 397a1ea11..91294305e 100644
--- a/src/libstrongswan/plugins/hmac/hmac.c
+++ b/src/libstrongswan/plugins/hmac/hmac.c
@@ -4,13 +4,13 @@
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General hmac License as published by the
+ * under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General hmac License
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
diff --git a/src/libstrongswan/plugins/hmac/hmac.h b/src/libstrongswan/plugins/hmac/hmac.h
index be1bce66d..1ed041596 100644
--- a/src/libstrongswan/plugins/hmac/hmac.h
+++ b/src/libstrongswan/plugins/hmac/hmac.h
@@ -29,8 +29,8 @@ typedef struct hmac_t hmac_t;
/**
* Message authentication using hash functions.
*
- * This class implements the message authenticaion algorithm
- * described in RFC2104. It uses a hash function, wich must
+ * This class implements the message authentication algorithm
+ * described in RFC2104. It uses a hash function, which must
* be implemented as a hasher_t class.
*/
struct hmac_t {
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c
index 47d6d3cde..7d9ff3c67 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.c
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c
@@ -38,13 +38,50 @@ METHOD(plugin_t, get_name, char*,
return "hmac";
}
+METHOD(plugin_t, get_features, int,
+ private_hmac_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(PRF, hmac_prf_create),
+ PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+ PLUGIN_PROVIDE(PRF, PRF_HMAC_MD5),
+ PLUGIN_DEPENDS(HASHER, HASH_MD5),
+ PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA384),
+ PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ PLUGIN_REGISTER(SIGNER, hmac_signer_create),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_160),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_96),
+ PLUGIN_DEPENDS(HASHER, HASH_MD5),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_128),
+ PLUGIN_DEPENDS(HASHER, HASH_MD5),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_128),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA256),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA384),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA384),
+ PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA512),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_hmac_plugin_t *this)
{
- lib->crypto->remove_prf(lib->crypto,
- (prf_constructor_t)hmac_prf_create);
- lib->crypto->remove_signer(lib->crypto,
- (signer_constructor_t)hmac_signer_create);
free(this);
}
@@ -54,75 +91,17 @@ METHOD(plugin_t, destroy, void,
plugin_t *hmac_plugin_create()
{
private_hmac_plugin_t *this;
- hasher_t *hasher;
INIT(this,
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (hasher)
- {
- hasher->destroy(hasher);
- lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, get_name(this),
- (prf_constructor_t)hmac_prf_create);
- lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, get_name(this),
- (signer_constructor_t)hmac_signer_create);
- lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, get_name(this),
- (signer_constructor_t)hmac_signer_create);
- lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160, get_name(this),
- (signer_constructor_t)hmac_signer_create);
- }
- hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA256);
- if (hasher)
- {
- hasher->destroy(hasher);
- lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, get_name(this),
- (prf_constructor_t)hmac_prf_create);
- lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, get_name(this),
- (signer_constructor_t)hmac_signer_create);
- lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_256, get_name(this),
- (signer_constructor_t)hmac_signer_create);
-
- }
- hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
- if (hasher)
- {
- hasher->destroy(hasher);
- lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, get_name(this),
- (prf_constructor_t)hmac_prf_create);
- lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, get_name(this),
- (signer_constructor_t)hmac_signer_create);
- lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, get_name(this),
- (signer_constructor_t)hmac_signer_create);
- }
- hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA384);
- if (hasher)
- {
- hasher->destroy(hasher);
- lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, get_name(this),
- (prf_constructor_t)hmac_prf_create);
- lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, get_name(this),
- (signer_constructor_t)hmac_signer_create);
- lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_384, get_name(this),
- (signer_constructor_t)hmac_signer_create);
- }
- hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA512);
- if (hasher)
- {
- hasher->destroy(hasher);
- lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, get_name(this),
- (prf_constructor_t)hmac_prf_create);
- lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, get_name(this),
- (signer_constructor_t)hmac_signer_create);
- }
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index b496ace28..851df5667 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -199,6 +202,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -215,11 +219,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.c b/src/libstrongswan/plugins/ldap/ldap_plugin.c
index 08d9748ce..210d33a93 100644
--- a/src/libstrongswan/plugins/ldap/ldap_plugin.c
+++ b/src/libstrongswan/plugins/ldap/ldap_plugin.c
@@ -37,11 +37,21 @@ METHOD(plugin_t, get_name, char*,
return "ldap";
}
+METHOD(plugin_t, get_features, int,
+ private_ldap_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(FETCHER, ldap_fetcher_create),
+ PLUGIN_PROVIDE(FETCHER, "ldap://"),
+ PLUGIN_PROVIDE(FETCHER, "ldaps://"),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_ldap_plugin_t *this)
{
- lib->fetcher->remove_fetcher(lib->fetcher,
- (fetcher_constructor_t)ldap_fetcher_create);
free(this);
}
@@ -56,17 +66,12 @@ plugin_t *ldap_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->fetcher->add_fetcher(lib->fetcher,
- (fetcher_constructor_t)ldap_fetcher_create, "ldap://");
- lib->fetcher->add_fetcher(lib->fetcher,
- (fetcher_constructor_t)ldap_fetcher_create, "ldaps://");
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 82781054b..f5b06a0df 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -199,6 +202,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -215,11 +219,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/md4/md4_hasher.c b/src/libstrongswan/plugins/md4/md4_hasher.c
index 366d37328..6a31017c2 100644
--- a/src/libstrongswan/plugins/md4/md4_hasher.c
+++ b/src/libstrongswan/plugins/md4/md4_hasher.c
@@ -268,10 +268,8 @@ static void MD4Final (private_md4_hasher_t *this, u_int8_t digest[16])
-/**
- * Implementation of hasher_t.get_hash.
- */
-static void get_hash(private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
+METHOD(hasher_t, get_hash, void,
+ private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
{
MD4Update(this, chunk.ptr, chunk.len);
if (buffer != NULL)
@@ -281,11 +279,8 @@ static void get_hash(private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer
}
}
-
-/**
- * Implementation of hasher_t.allocate_hash.
- */
-static void allocate_hash(private_md4_hasher_t *this, chunk_t chunk, chunk_t *hash)
+METHOD(hasher_t, allocate_hash, void,
+ private_md4_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
@@ -302,18 +297,14 @@ static void allocate_hash(private_md4_hasher_t *this, chunk_t chunk, chunk_t *ha
}
}
-/**
- * Implementation of hasher_t.get_hash_size.
- */
-static size_t get_hash_size(private_md4_hasher_t *this)
+METHOD(hasher_t, get_hash_size, size_t,
+ private_md4_hasher_t *this)
{
return HASH_SIZE_MD4;
}
-/**
- * Implementation of hasher_t.reset.
- */
-static void reset(private_md4_hasher_t *this)
+METHOD(hasher_t, reset, void,
+ private_md4_hasher_t *this)
{
this->state[0] = 0x67452301;
this->state[1] = 0xefcdab89;
@@ -323,10 +314,8 @@ static void reset(private_md4_hasher_t *this)
this->count[1] = 0;
}
-/**
- * Implementation of hasher_t.destroy.
- */
-static void destroy(private_md4_hasher_t *this)
+METHOD(hasher_t, destroy, void,
+ private_md4_hasher_t *this)
{
free(this);
}
@@ -342,13 +331,18 @@ md4_hasher_t *md4_hasher_create(hash_algorithm_t algo)
{
return NULL;
}
- this = malloc_thing(private_md4_hasher_t);
- this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash;
- this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash;
- this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size;
- this->public.hasher_interface.reset = (void (*) (hasher_t*))reset;
- this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy;
+ INIT(this,
+ .public = {
+ .hasher_interface = {
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .get_hash_size = _get_hash_size,
+ .reset = _reset,
+ .destroy = _destroy,
+ },
+ },
+ );
/* initialize */
reset(this);
diff --git a/src/libstrongswan/plugins/md4/md4_plugin.c b/src/libstrongswan/plugins/md4/md4_plugin.c
index 371bba280..baa44b7f5 100644
--- a/src/libstrongswan/plugins/md4/md4_plugin.c
+++ b/src/libstrongswan/plugins/md4/md4_plugin.c
@@ -37,11 +37,20 @@ METHOD(plugin_t, get_name, char*,
return "md4";
}
+METHOD(plugin_t, get_features, int,
+ private_md4_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(HASHER, md4_hasher_create),
+ PLUGIN_PROVIDE(HASHER, HASH_MD4),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_md4_plugin_t *this)
{
- lib->crypto->remove_hasher(lib->crypto,
- (hasher_constructor_t)md4_hasher_create);
free(this);
}
@@ -56,15 +65,12 @@ plugin_t *md4_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->crypto->add_hasher(lib->crypto, HASH_MD4, get_name(this),
- (hasher_constructor_t)md4_hasher_create);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index 0e3c37e7e..f7762c37e 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -199,6 +202,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -215,11 +219,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/md5/md5_hasher.c b/src/libstrongswan/plugins/md5/md5_hasher.c
index a97ad5cae..45c2391ef 100644
--- a/src/libstrongswan/plugins/md5/md5_hasher.c
+++ b/src/libstrongswan/plugins/md5/md5_hasher.c
@@ -299,12 +299,8 @@ static void MD5Final (private_md5_hasher_t *this, u_int8_t digest[16])
}
}
-
-
-/**
- * Implementation of hasher_t.get_hash.
- */
-static void get_hash(private_md5_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
+METHOD(hasher_t, get_hash, void,
+ private_md5_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
{
MD5Update(this, chunk.ptr, chunk.len);
if (buffer != NULL)
@@ -314,11 +310,8 @@ static void get_hash(private_md5_hasher_t *this, chunk_t chunk, u_int8_t *buffer
}
}
-
-/**
- * Implementation of hasher_t.allocate_hash.
- */
-static void allocate_hash(private_md5_hasher_t *this, chunk_t chunk, chunk_t *hash)
+METHOD(hasher_t, allocate_hash, void,
+ private_md5_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
@@ -335,18 +328,14 @@ static void allocate_hash(private_md5_hasher_t *this, chunk_t chunk, chunk_t *ha
}
}
-/**
- * Implementation of hasher_t.get_hash_size.
- */
-static size_t get_hash_size(private_md5_hasher_t *this)
+METHOD(hasher_t, get_hash_size, size_t,
+ private_md5_hasher_t *this)
{
return HASH_SIZE_MD5;
}
-/**
- * Implementation of hasher_t.reset.
- */
-static void reset(private_md5_hasher_t *this)
+METHOD(hasher_t, reset, void,
+ private_md5_hasher_t *this)
{
this->state[0] = 0x67452301;
this->state[1] = 0xefcdab89;
@@ -356,10 +345,8 @@ static void reset(private_md5_hasher_t *this)
this->count[1] = 0;
}
-/**
- * Implementation of hasher_t.destroy.
- */
-static void destroy(private_md5_hasher_t *this)
+METHOD(hasher_t, destroy, void,
+ private_md5_hasher_t *this)
{
free(this);
}
@@ -375,13 +362,18 @@ md5_hasher_t *md5_hasher_create(hash_algorithm_t algo)
{
return NULL;
}
- this = malloc_thing(private_md5_hasher_t);
- this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash;
- this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash;
- this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size;
- this->public.hasher_interface.reset = (void (*) (hasher_t*))reset;
- this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy;
+ INIT(this,
+ .public = {
+ .hasher_interface = {
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .get_hash_size = _get_hash_size,
+ .reset = _reset,
+ .destroy = _destroy,
+ },
+ },
+ );
/* initialize */
reset(this);
diff --git a/src/libstrongswan/plugins/md5/md5_plugin.c b/src/libstrongswan/plugins/md5/md5_plugin.c
index c72284193..a3ad7b305 100644
--- a/src/libstrongswan/plugins/md5/md5_plugin.c
+++ b/src/libstrongswan/plugins/md5/md5_plugin.c
@@ -37,6 +37,17 @@ METHOD(plugin_t, get_name, char*,
return "md5";
}
+METHOD(plugin_t, get_features, int,
+ private_md5_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(HASHER, md5_hasher_create),
+ PLUGIN_PROVIDE(HASHER, HASH_MD5),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_md5_plugin_t *this)
{
@@ -56,15 +67,12 @@ plugin_t *md5_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this),
- (hasher_constructor_t)md5_hasher_create);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index 32067d5b4..5025a0eb8 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -193,6 +193,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -201,6 +204,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -217,11 +221,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -265,6 +271,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c
index 5fbfa0f28..25ea42a4f 100644
--- a/src/libstrongswan/plugins/mysql/mysql_database.c
+++ b/src/libstrongswan/plugins/mysql/mysql_database.c
@@ -20,6 +20,7 @@
#include "mysql_database.h"
#include <debug.h>
+#include <chunk.h>
#include <threading/thread_value.h>
#include <threading/mutex.h>
#include <utils/linked_list.h>
diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.c b/src/libstrongswan/plugins/mysql/mysql_plugin.c
index 579df4d50..dd8b32761 100644
--- a/src/libstrongswan/plugins/mysql/mysql_plugin.c
+++ b/src/libstrongswan/plugins/mysql/mysql_plugin.c
@@ -38,11 +38,20 @@ METHOD(plugin_t, get_name, char*,
return "mysql";
}
+METHOD(plugin_t, get_features, int,
+ private_mysql_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(DATABASE, mysql_database_create),
+ PLUGIN_PROVIDE(DATABASE, DB_MYSQL),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_mysql_plugin_t *this)
{
- lib->db->remove_database(lib->db,
- (database_constructor_t)mysql_database_create);
mysql_database_deinit();
free(this);
}
@@ -64,15 +73,12 @@ plugin_t *mysql_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->db->add_database(lib->db,
- (database_constructor_t)mysql_database_create);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index d1c8fce81..8994ff1b4 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -198,6 +198,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -206,6 +209,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -222,11 +226,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -270,6 +276,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 58401faa5..9a9efb2b6 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -185,7 +185,7 @@ METHOD(crl_t, create_enumerator, enumerator_t*,
free(enumerator);
return enumerator_create_empty();
}
- enumerator->num = sk_X509_EXTENSION_num(enumerator->stack);
+ enumerator->num = sk_X509_REVOKED_num(enumerator->stack);
return &enumerator->public;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index 78ed2811a..9e4067589 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -219,7 +219,7 @@ METHOD(diffie_hellman_t, set_other_public_value, void,
return;
}
- chunk_free(&this->shared_secret);
+ chunk_clear(&this->shared_secret);
if (!compute_shared_key(this, &this->shared_secret)) {
DBG1(DBG_LIB, "ECDH shared secret computation failed");
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index f4c4759bf..950504573 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -1,6 +1,6 @@
/*
+ * Copyright (C) 2008-2012 Tobias Brunner
* Copyright (C) 2009 Martin Willi
- * Copyright (C) 2008 Tobias Brunner
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
@@ -371,14 +371,17 @@ openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type,
va_list args)
{
private_openssl_ec_private_key_t *this;
- chunk_t blob = chunk_empty;
+ chunk_t par = chunk_empty, key = chunk_empty;
while (TRUE)
{
switch (va_arg(args, builder_part_t))
{
+ case BUILD_BLOB_ALGID_PARAMS:
+ par = va_arg(args, chunk_t);
+ continue;
case BUILD_BLOB_ASN1_DER:
- blob = va_arg(args, chunk_t);
+ key = va_arg(args, chunk_t);
continue;
case BUILD_END:
break;
@@ -389,18 +392,36 @@ openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type,
}
this = create_empty();
- this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len);
- if (!this->ec)
+
+ if (par.ptr)
{
- destroy(this);
- return NULL;
+ this->ec = d2i_ECParameters(NULL, (const u_char**)&par.ptr, par.len);
+ if (!this->ec)
+ {
+ goto error;
+ }
+ if (!d2i_ECPrivateKey(&this->ec, (const u_char**)&key.ptr, key.len))
+ {
+ goto error;
+ }
+ }
+ else
+ {
+ this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&key.ptr, key.len);
+ if (!this->ec)
+ {
+ goto error;
+ }
}
if (!EC_KEY_check_key(this->ec))
{
- destroy(this);
- return NULL;
+ goto error;
}
return &this->public;
+
+error:
+ destroy(this);
+ return NULL;
}
#endif /* OPENSSL_NO_EC */
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 96aa38bb6..c93ceacc9 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -199,40 +199,175 @@ METHOD(plugin_t, get_name, char*,
return "openssl";
}
+METHOD(plugin_t, get_features, int,
+ private_openssl_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ /* crypters */
+ PLUGIN_REGISTER(CRYPTER, openssl_crypter_create),
+#ifndef OPENSSL_NO_AES
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32),
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32),
+#endif
+#ifndef OPENSSL_NO_RC5
+ PLUGIN_PROVIDE(CRYPTER, ENCR_RC5, 0),
+#endif
+#ifndef OPENSSL_NO_CAST
+ PLUGIN_PROVIDE(CRYPTER, ENCR_CAST, 0),
+#endif
+#ifndef OPENSSL_NO_BLOWFISH
+ PLUGIN_PROVIDE(CRYPTER, ENCR_BLOWFISH, 0),
+#endif
+#ifndef OPENSSL_NO_IDEA
+ PLUGIN_PROVIDE(CRYPTER, ENCR_IDEA, 16),
+#endif
+#ifndef OPENSSL_NO_DES
+ PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8),
+ PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8),
+#endif
+ PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0),
+ /* hashers */
+ PLUGIN_REGISTER(HASHER, openssl_hasher_create),
+#ifndef OPENSSL_NO_SHA1
+ PLUGIN_PROVIDE(HASHER, HASH_SHA1),
+#endif
+#ifndef OPENSSL_NO_MD2
+ PLUGIN_PROVIDE(HASHER, HASH_MD2),
+#endif
+#ifndef OPENSSL_NO_MD4
+ PLUGIN_PROVIDE(HASHER, HASH_MD4),
+#endif
+#ifndef OPENSSL_NO_MD5
+ PLUGIN_PROVIDE(HASHER, HASH_MD5),
+#endif
+#ifndef OPENSSL_NO_SHA256
+ PLUGIN_PROVIDE(HASHER, HASH_SHA224),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA256),
+#endif
+#ifndef OPENSSL_NO_SHA512
+ PLUGIN_PROVIDE(HASHER, HASH_SHA384),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA512),
+#endif
+#ifndef OPENSSL_NO_SHA1
+ /* keyed sha1 hasher (aka prf) */
+ PLUGIN_REGISTER(PRF, openssl_sha1_prf_create),
+ PLUGIN_PROVIDE(PRF, PRF_KEYED_SHA1),
+#endif
+#ifndef OPENSSL_NO_DH
+ /* MODP DH groups */
+ PLUGIN_REGISTER(DH, openssl_diffie_hellman_create),
+ PLUGIN_PROVIDE(DH, MODP_2048_BIT),
+ PLUGIN_PROVIDE(DH, MODP_2048_224),
+ PLUGIN_PROVIDE(DH, MODP_2048_256),
+ PLUGIN_PROVIDE(DH, MODP_1536_BIT),
+ PLUGIN_PROVIDE(DH, MODP_3072_BIT),
+ PLUGIN_PROVIDE(DH, MODP_4096_BIT),
+ PLUGIN_PROVIDE(DH, MODP_6144_BIT),
+ PLUGIN_PROVIDE(DH, MODP_8192_BIT),
+ PLUGIN_PROVIDE(DH, MODP_1024_BIT),
+ PLUGIN_PROVIDE(DH, MODP_1024_160),
+ PLUGIN_PROVIDE(DH, MODP_768_BIT),
+ PLUGIN_PROVIDE(DH, MODP_CUSTOM),
+#endif
+#ifndef OPENSSL_NO_RSA
+ /* RSA private/public key loading */
+ PLUGIN_REGISTER(PRIVKEY, openssl_rsa_private_key_load, TRUE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
+ PLUGIN_REGISTER(PRIVKEY, openssl_rsa_private_key_connect, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+ PLUGIN_REGISTER(PRIVKEY_GEN, openssl_rsa_private_key_gen, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA),
+ PLUGIN_REGISTER(PUBKEY, openssl_rsa_public_key_load, FALSE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+ PLUGIN_REGISTER(PUBKEY, openssl_rsa_public_key_load, TRUE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
+ /* signature/encryption schemes */
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL),
+#ifndef OPENSSL_NO_SHA1
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1),
+#endif
+#ifndef OPENSSL_NO_SHA256
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256),
+#endif
+#ifndef OPENSSL_NO_SHA512
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512),
+#endif
+#ifndef OPENSSL_NO_MD5
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5),
+#endif
+ PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1),
+ PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1),
+#endif /* OPENSSL_NO_RSA */
+ /* certificate/CRL loading */
+ PLUGIN_REGISTER(CERT_DECODE, openssl_x509_load, TRUE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_X509),
+ PLUGIN_REGISTER(CERT_DECODE, openssl_crl_load, TRUE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_CRL),
+#ifndef OPENSSL_NO_ECDH
+ /* EC DH groups */
+ PLUGIN_REGISTER(DH, openssl_ec_diffie_hellman_create),
+ PLUGIN_PROVIDE(DH, ECP_256_BIT),
+ PLUGIN_PROVIDE(DH, ECP_384_BIT),
+ PLUGIN_PROVIDE(DH, ECP_521_BIT),
+ PLUGIN_PROVIDE(DH, ECP_224_BIT),
+ PLUGIN_PROVIDE(DH, ECP_192_BIT),
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ /* EC private/public key loading */
+ PLUGIN_REGISTER(PRIVKEY, openssl_ec_private_key_load, TRUE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
+ PLUGIN_REGISTER(PRIVKEY_GEN, openssl_ec_private_key_gen, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA),
+ PLUGIN_REGISTER(PUBKEY, openssl_ec_public_key_load, TRUE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA),
+ /* signature encryption schemes */
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL),
+#ifndef OPENSSL_NO_SHA1
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER),
+#endif
+#ifndef OPENSSL_NO_SHA256
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256),
+#endif
+#ifndef OPENSSL_NO_SHA512
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384),
+ PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384),
+ PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521),
+#endif
+#endif /* OPENSSL_NO_ECDSA */
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_openssl_plugin_t *this)
{
- lib->crypto->remove_crypter(lib->crypto,
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->remove_hasher(lib->crypto,
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->remove_prf(lib->crypto,
- (prf_constructor_t)openssl_sha1_prf_create);
- lib->crypto->remove_dh(lib->crypto,
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_rsa_private_key_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_rsa_private_key_gen);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_rsa_private_key_connect);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_rsa_public_key_load);
-#ifndef OPENSSL_NO_EC
- lib->crypto->remove_dh(lib->crypto,
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_ec_private_key_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_ec_private_key_gen);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_ec_public_key_load);
-#endif /* OPENSSL_NO_EC */
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_x509_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)openssl_crl_load);
-
#ifndef OPENSSL_NO_ENGINE
ENGINE_cleanup();
#endif /* OPENSSL_NO_ENGINE */
@@ -255,7 +390,7 @@ plugin_t *openssl_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
@@ -279,116 +414,6 @@ plugin_t *openssl_plugin_create()
return NULL;
}
- /* crypter */
- lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_3DES, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_RC5, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_IDEA, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_CAST, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_DES, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
- lib->crypto->add_crypter(lib->crypto, ENCR_NULL, get_name(this),
- (crypter_constructor_t)openssl_crypter_create);
-
- /* hasher */
- lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_MD2, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_MD4, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA224, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this),
- (hasher_constructor_t)openssl_hasher_create);
-
- /* prf */
- lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, get_name(this),
- (prf_constructor_t)openssl_sha1_prf_create);
-
- /* (ec) diffie hellman */
- lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_2048_224, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_2048_256, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
-#ifndef OPENSSL_NO_EC
- lib->crypto->add_dh(lib->crypto, ECP_256_BIT, get_name(this),
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, ECP_384_BIT, get_name(this),
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, ECP_521_BIT, get_name(this),
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, ECP_224_BIT, get_name(this),
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, ECP_192_BIT, get_name(this),
- (dh_constructor_t)openssl_ec_diffie_hellman_create);
-#endif /* OPENSSL_NO_EC */
- lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
- lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this),
- (dh_constructor_t)openssl_diffie_hellman_create);
-
- /* rsa */
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE,
- (builder_function_t)openssl_rsa_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
- (builder_function_t)openssl_rsa_private_key_gen);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
- (builder_function_t)openssl_rsa_private_key_connect);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE,
- (builder_function_t)openssl_rsa_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
- (builder_function_t)openssl_rsa_public_key_load);
-
-#ifndef OPENSSL_NO_EC
- /* ecdsa */
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, TRUE,
- (builder_function_t)openssl_ec_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, FALSE,
- (builder_function_t)openssl_ec_private_key_gen);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, TRUE,
- (builder_function_t)openssl_ec_public_key_load);
-#endif /* OPENSSL_NO_EC */
-
- /* X509 certificates */
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, TRUE,
- (builder_function_t)openssl_x509_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, TRUE,
- (builder_function_t)openssl_crl_load);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index 422e31521..a24bae5d6 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -44,6 +44,8 @@ struct private_openssl_rsa_public_key_t {
refcount_t ref;
};
+
+
/**
* Verification of an EMPSA PKCS1 signature described in PKCS#1
*/
@@ -386,4 +388,3 @@ openssl_rsa_public_key_t *openssl_rsa_public_key_load(key_type_t type,
destroy(this);
return NULL;
}
-
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c
index 99dca3631..1eb1c6723 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.c
+++ b/src/libstrongswan/plugins/openssl/openssl_util.c
@@ -130,7 +130,7 @@ chunk_t openssl_asn1_obj2chunk(ASN1_OBJECT *asn1)
{
if (asn1)
{
- return chunk_create(asn1->data, asn1->length);
+ return chunk_create((u_char*)asn1->data, asn1->length);
}
return chunk_empty;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index f7495b2ae..5caf5182c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -597,7 +600,7 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this,
}
if (constraints->pathlen)
{
-
+
pathlen = ASN1_INTEGER_get(constraints->pathlen);
this->pathlen = (pathlen >= 0 && pathlen < 128) ?
pathlen : X509_NO_CONSTRAINT;
@@ -609,6 +612,41 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this,
}
/**
+ * parse key usage
+ */
+static bool parse_keyUsage_ext(private_openssl_x509_t *this,
+ X509_EXTENSION *ext)
+{
+ ASN1_BIT_STRING *usage;
+
+ usage = X509V3_EXT_d2i(ext);
+ if (usage)
+ {
+ if (usage->length > 0)
+ {
+ int flags = usage->data[0];
+ if (usage->length > 1)
+ {
+ flags |= usage->data[1] << 8;
+ }
+ switch (flags)
+ {
+ case X509v3_KU_CRL_SIGN:
+ this->flags |= X509_CRL_SIGN;
+ break;
+ case X509v3_KU_KEY_CERT_SIGN:
+ /* we use the caBasicContraint, MUST be set */
+ default:
+ break;
+ }
+ }
+ ASN1_BIT_STRING_free(usage);
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
* Parse CRL distribution points
*/
static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this,
@@ -713,7 +751,7 @@ static bool parse_authorityInfoAccess_ext(private_openssl_x509_t *this,
{
if (asprintf(&uri, "%Y", id) > 0)
{
- this->ocsp_uris->insert_first(this->ocsp_uris, uri);
+ this->ocsp_uris->insert_last(this->ocsp_uris, uri);
}
id->destroy(id);
}
@@ -804,6 +842,9 @@ static bool parse_extensions(private_openssl_x509_t *this)
case NID_basic_constraints:
ok = parse_basicConstraints_ext(this, ext);
break;
+ case NID_key_usage:
+ ok = parse_keyUsage_ext(this, ext);
+ break;
case NID_crl_distribution_points:
ok = parse_crlDistributionPoints_ext(this, ext);
break;
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index 7bc342995..6ff607456 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -194,6 +194,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -202,6 +205,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -218,11 +222,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -266,6 +272,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index 92c7fa2fe..98c196ef4 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -200,6 +203,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -216,11 +220,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index b760adda9..c5d96be47 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -73,7 +73,7 @@ static bool find_boundary(char* tag, chunk_t *line)
{
if (present("-----", line))
{
- DBG2(DBG_LIB, " -----%s %.*s-----", tag, (int)name.len, name.ptr);
+ DBG2(DBG_ASN, " -----%s %.*s-----", tag, (int)name.len, name.ptr);
return TRUE;
}
line->ptr++; line->len--; name.len++;
@@ -99,7 +99,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5);
if (hasher == NULL)
{
- DBG1(DBG_LIB, " MD5 hash algorithm not available");
+ DBG1(DBG_ASN, " MD5 hash algorithm not available");
return NOT_SUPPORTED;
}
hash.len = hasher->get_hash_size(hasher);
@@ -121,7 +121,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size);
if (crypter == NULL)
{
- DBG1(DBG_LIB, " %N encryption algorithm not available",
+ DBG1(DBG_ASN, " %N encryption algorithm not available",
encryption_algorithm_names, alg);
return NOT_SUPPORTED;
}
@@ -131,7 +131,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
blob->len % crypter->get_block_size(crypter))
{
crypter->destroy(crypter);
- DBG1(DBG_LIB, " data size is not multiple of block size");
+ DBG1(DBG_ASN, " data size is not multiple of block size");
return PARSE_ERROR;
}
crypter->decrypt(crypter, *blob, iv, &decrypted);
@@ -155,7 +155,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
{
if (*last_padding_pos != padding)
{
- DBG1(DBG_LIB, " invalid passphrase");
+ DBG1(DBG_ASN, " invalid passphrase");
return INVALID_ARG;
}
}
@@ -234,7 +234,7 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp)
}
/* we are looking for a parameter: value pair */
- DBG2(DBG_LIB, " %.*s", (int)line.len, line.ptr);
+ DBG2(DBG_ASN, " %.*s", (int)line.len, line.ptr);
ugh = extract_parameter_value(&name, &value, &line);
if (ugh != NULL)
{
@@ -274,7 +274,7 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp)
}
else
{
- DBG1(DBG_LIB, " encryption algorithm '%.*s'"
+ DBG1(DBG_ASN, " encryption algorithm '%.*s'"
" not supported", dek.len, dek.ptr);
return NOT_SUPPORTED;
}
@@ -298,7 +298,7 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp)
*pgp = TRUE;
data.ptr++;
data.len--;
- DBG2(DBG_LIB, " armor checksum: %.*s", (int)data.len,
+ DBG2(DBG_ASN, " armor checksum: %.*s", (int)data.len,
data.ptr);
continue;
}
@@ -355,7 +355,7 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp)
* load the credential from a blob
*/
static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
- x509_flag_t flags)
+ identification_t *subject, x509_flag_t flags)
{
void *cred = NULL;
bool pgp = FALSE;
@@ -381,10 +381,19 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
{
subtype = pgp ? CERT_GPG : CERT_X509;
}
- cred = lib->creds->create(lib->creds, type, subtype,
+ if (type == CRED_CERTIFICATE && subtype == CERT_TRUSTED_PUBKEY && subject)
+ {
+ cred = lib->creds->create(lib->creds, type, subtype,
+ BUILD_BLOB_ASN1_DER, blob, BUILD_SUBJECT, subject,
+ BUILD_END);
+ }
+ else
+ {
+ cred = lib->creds->create(lib->creds, type, subtype,
pgp ? BUILD_BLOB_PGP : BUILD_BLOB_ASN1_DER, blob,
flags ? BUILD_X509_FLAG : BUILD_END,
flags, BUILD_END);
+ }
chunk_clear(&blob);
return cred;
}
@@ -393,7 +402,7 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
* load the credential from a file
*/
static void *load_from_file(char *file, credential_type_t type, int subtype,
- x509_flag_t flags)
+ identification_t *subject, x509_flag_t flags)
{
void *cred = NULL;
struct stat sb;
@@ -423,7 +432,8 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
return NULL;
}
- cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype, flags);
+ cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype,
+ subject, flags);
munmap(addr, sb.st_size);
close(fd);
@@ -434,7 +444,7 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
* load the credential from a file descriptor
*/
static void *load_from_fd(int fd, credential_type_t type, int subtype,
- x509_flag_t flags)
+ identification_t *subject, x509_flag_t flags)
{
char buf[8096];
char *pos = buf;
@@ -460,7 +470,8 @@ static void *load_from_fd(int fd, credential_type_t type, int subtype,
return NULL;
}
}
- return load_from_blob(chunk_create(buf, total), type, subtype, flags);
+ return load_from_blob(chunk_create(buf, total), type, subtype,
+ subject, flags);
}
/**
@@ -471,6 +482,7 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
char *file = NULL;
int fd = -1;
chunk_t pem = chunk_empty;
+ identification_t *subject = NULL;
int flags = 0;
while (TRUE)
@@ -486,6 +498,9 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
case BUILD_BLOB_PEM:
pem = va_arg(args, chunk_t);
continue;
+ case BUILD_SUBJECT:
+ subject = va_arg(args, identification_t*);
+ continue;
case BUILD_X509_FLAG:
flags = va_arg(args, int);
continue;
@@ -499,15 +514,15 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
if (pem.len)
{
- return load_from_blob(pem, type, subtype, flags);
+ return load_from_blob(pem, type, subtype, subject, flags);
}
if (file)
{
- return load_from_file(file, type, subtype, flags);
+ return load_from_file(file, type, subtype, subject, flags);
}
if (fd != -1)
{
- return load_from_fd(fd, type, subtype, flags);
+ return load_from_fd(fd, type, subtype, subject, flags);
}
return NULL;
}
diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c
index c81605ae5..fca717a10 100644
--- a/src/libstrongswan/plugins/pem/pem_plugin.c
+++ b/src/libstrongswan/plugins/pem/pem_plugin.c
@@ -39,15 +39,69 @@ METHOD(plugin_t, get_name, char*,
return "pem";
}
+METHOD(plugin_t, get_features, int,
+ private_pem_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ /* private key PEM decoding */
+ PLUGIN_REGISTER(PRIVKEY, pem_private_key_load, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+ PLUGIN_DEPENDS(HASHER, HASH_MD5),
+ PLUGIN_REGISTER(PRIVKEY, pem_private_key_load, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
+ PLUGIN_DEPENDS(HASHER, HASH_MD5),
+ PLUGIN_REGISTER(PRIVKEY, pem_private_key_load, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
+ PLUGIN_DEPENDS(HASHER, HASH_MD5),
+ PLUGIN_REGISTER(PRIVKEY, pem_private_key_load, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_DSA),
+ PLUGIN_DEPENDS(HASHER, HASH_MD5),
+
+ /* public key PEM decoding */
+ PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
+ PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+ PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA),
+ PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_DSA),
+
+ /* certificate PEM decoding */
+ PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_ANY),
+ PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_X509),
+ PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_CRL),
+ PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_OCSP_REQUEST),
+ PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_OCSP_RESPONSE),
+ PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_AC),
+ PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_PKCS10_REQUEST),
+ PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_TRUSTED_PUBKEY),
+ PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_GPG),
+
+ /* pluto specific certificate formats */
+ PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_PLUTO_CERT),
+ PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_PLUTO_CRL),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_pem_plugin_t *this)
{
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)pem_private_key_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)pem_public_key_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)pem_certificate_load);
+ lib->encoding->remove_encoder(lib->encoding, pem_encoder_encode);
+
free(this);
}
@@ -62,58 +116,12 @@ plugin_t *pem_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- /* register private key PEM decoding builders */
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
- (builder_function_t)pem_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
- (builder_function_t)pem_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, FALSE,
- (builder_function_t)pem_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_DSA, FALSE,
- (builder_function_t)pem_private_key_load);
-
- /* register public key PEM decoding builders */
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
- (builder_function_t)pem_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE,
- (builder_function_t)pem_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, FALSE,
- (builder_function_t)pem_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_DSA, FALSE,
- (builder_function_t)pem_public_key_load);
-
- /* register certificate PEM decoding builders */
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_ANY, FALSE,
- (builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, FALSE,
- (builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, FALSE,
- (builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, FALSE,
- (builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, FALSE,
- (builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, FALSE,
- (builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, FALSE,
- (builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, FALSE,
- (builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE,
- (builder_function_t)pem_certificate_load);
-
- /* register pluto specific certificate formats */
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT, FALSE,
- (builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL, FALSE,
- (builder_function_t)pem_certificate_load);
-
/* register PEM encoder */
lib->encoding->add_encoder(lib->encoding, pem_encoder_encode);
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index 6be915f29..946424eee 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -200,6 +203,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -216,11 +220,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c
index 440e70a18..361157742 100644
--- a/src/libstrongswan/plugins/pgp/pgp_builder.c
+++ b/src/libstrongswan/plugins/pgp/pgp_builder.c
@@ -152,7 +152,7 @@ static private_key_t *parse_private_key(chunk_t blob)
}
if (!pgp_read_scalar(&packet, 1, &version))
{
- return FALSE;
+ return NULL;
}
switch (version)
{
@@ -166,7 +166,7 @@ static private_key_t *parse_private_key(chunk_t blob)
break;
default:
DBG1(DBG_LIB, "PGP packet version V%d not supported", version);
- return FALSE;
+ return NULL;
}
if (!pgp_read_scalar(&packet, 4, &created))
{
diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c
index 5b21b46d4..70a236855 100644
--- a/src/libstrongswan/plugins/pgp/pgp_cert.c
+++ b/src/libstrongswan/plugins/pgp/pgp_cert.c
@@ -74,35 +74,26 @@ struct private_pgp_cert_t {
};
-/**
- * Implementation of certificate_t.get_type
- */
-static certificate_type_t get_type(private_pgp_cert_t *this)
+METHOD(certificate_t, get_type, certificate_type_t,
+ private_pgp_cert_t *this)
{
return CERT_GPG;
}
-/**
- * Implementation of certificate_t.get_subject
- */
-static identification_t* get_subject(private_pgp_cert_t *this)
+METHOD(certificate_t, get_subject,identification_t*,
+ private_pgp_cert_t *this)
{
return this->user_id;
}
-/**
- * Implementation of certificate_t.get_issuer
- */
-static identification_t* get_issuer(private_pgp_cert_t *this)
+METHOD(certificate_t, get_issuer, identification_t*,
+ private_pgp_cert_t *this)
{
return this->user_id;
}
-/**
- * Implementation of certificate_t.has_subject.
- */
-static id_match_t has_subject(private_pgp_cert_t *this,
- identification_t *subject)
+METHOD(certificate_t, has_subject, id_match_t,
+ private_pgp_cert_t *this, identification_t *subject)
{
id_match_t match_user_id;
@@ -116,46 +107,36 @@ static id_match_t has_subject(private_pgp_cert_t *this,
return match_user_id;
}
-/**
- * Implementation of certificate_t.has_subject.
- */
-static id_match_t has_issuer(private_pgp_cert_t *this, identification_t *issuer)
+METHOD(certificate_t, has_issuer, id_match_t,
+ private_pgp_cert_t *this, identification_t *issuer)
{
return ID_MATCH_NONE;
}
-/**
- * Implementation of certificate_t.issued_by
- */
-static bool issued_by(private_pgp_cert_t *this, certificate_t *issuer)
+METHOD(certificate_t, issued_by,bool,
+ private_pgp_cert_t *this, certificate_t *issuer)
{
/* TODO: check signature blobs for a valid signature */
return FALSE;
}
-/**
- * Implementation of certificate_t.get_public_key
- */
-static public_key_t* get_public_key(private_pgp_cert_t *this)
+METHOD(certificate_t, get_public_key, public_key_t*,
+ private_pgp_cert_t *this)
{
this->key->get_ref(this->key);
return this->key;
}
-/**
- * Implementation of certificate_t.get_ref
- */
-static private_pgp_cert_t* get_ref(private_pgp_cert_t *this)
+METHOD(certificate_t, get_ref, certificate_t*,
+ private_pgp_cert_t *this)
{
ref_get(&this->ref);
- return this;
+ return &this->public.interface.interface;
}
-/**
- * Implementation of certificate_t.get_validity.
- */
-static bool get_validity(private_pgp_cert_t *this, time_t *when,
- time_t *not_before, time_t *not_after)
+METHOD(certificate_t, get_validity, bool,
+ private_pgp_cert_t *this, time_t *when, time_t *not_before,
+ time_t *not_after)
{
time_t t, until;
@@ -187,11 +168,8 @@ static bool get_validity(private_pgp_cert_t *this, time_t *when,
return (t >= this->valid && t <= until);
}
-/**
- * Implementation of certificate_t.get_encoding.
- */
-static bool get_encoding(private_pgp_cert_t *this, cred_encoding_type_t type,
- chunk_t *encoding)
+METHOD(certificate_t, get_encoding, bool,
+ private_pgp_cert_t *this, cred_encoding_type_t type, chunk_t *encoding)
{
if (type == CERT_PGP_PKT)
{
@@ -202,10 +180,8 @@ static bool get_encoding(private_pgp_cert_t *this, cred_encoding_type_t type,
CRED_PART_PGP_CERT, this->encoding, CRED_PART_END);
}
-/**
- * Implementation of certificate_t.equals.
- */
-static bool equals(private_pgp_cert_t *this, certificate_t *other)
+METHOD(certificate_t, equals, bool,
+ private_pgp_cert_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
@@ -231,10 +207,8 @@ static bool equals(private_pgp_cert_t *this, certificate_t *other)
return equal;
}
-/**
- * Implementation of pgp_cert_t.destroy.
- */
-static void destroy(private_pgp_cert_t *this)
+METHOD(certificate_t, destroy, void,
+ private_pgp_cert_t *this)
{
if (ref_put(&this->ref))
{
@@ -246,10 +220,8 @@ static void destroy(private_pgp_cert_t *this)
}
}
-/**
- * Implementation of pgp_certificate_t.get_fingerprint.
- */
-static chunk_t get_fingerprint(private_pgp_cert_t *this)
+METHOD(pgp_certificate_t, get_fingerprint, chunk_t,
+ private_pgp_cert_t *this)
{
return this->fingerprint;
}
@@ -259,30 +231,30 @@ static chunk_t get_fingerprint(private_pgp_cert_t *this)
*/
private_pgp_cert_t *create_empty()
{
- private_pgp_cert_t *this = malloc_thing(private_pgp_cert_t);
-
- this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type;
- this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject;
- this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer;
- this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject;
- this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_issuer;
- this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
- this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
- this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
- this->public.interface.interface.get_encoding = (bool (*) (certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
- this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
- this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;
- this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy;
- this->public.interface.get_fingerprint = (chunk_t (*)(pgp_certificate_t*))get_fingerprint;
-
- this->key = NULL;
- this->version = 0;
- this->created = 0;
- this->valid = 0;
- this->user_id = NULL;
- this->fingerprint = chunk_empty;
- this->encoding = chunk_empty;
- this->ref = 1;
+ private_pgp_cert_t *this;
+
+ INIT(this,
+ .public = {
+ .interface = {
+ .interface = {
+ .get_type = _get_type,
+ .get_subject = _get_subject,
+ .get_issuer = _get_issuer,
+ .has_subject = _has_subject,
+ .has_issuer = _has_issuer,
+ .issued_by = _issued_by,
+ .get_public_key = _get_public_key,
+ .get_validity = _get_validity,
+ .get_encoding = _get_encoding,
+ .equals = _equals,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_fingerprint = _get_fingerprint,
+ },
+ },
+ .ref = 1,
+ );
return this;
}
@@ -314,18 +286,18 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
}
break;
default:
- DBG1(DBG_LIB, "PGP packet version V%d not supported",
+ DBG1(DBG_ASN, "PGP packet version V%d not supported",
this->version);
return FALSE;
}
if (this->valid)
{
- DBG2(DBG_LIB, "L2 - created %T, valid %d days", &this->created, FALSE,
+ DBG2(DBG_ASN, "L2 - created %T, valid %d days", &this->created, FALSE,
this->valid);
}
else
{
- DBG2(DBG_LIB, "L2 - created %T, never expires", &this->created, FALSE);
+ DBG2(DBG_ASN, "L2 - created %T, never expires", &this->created, FALSE);
}
DESTROY_IF(this->key);
this->key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
@@ -346,13 +318,13 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (hasher == NULL)
{
- DBG1(DBG_LIB, "no SHA-1 hasher available");
+ DBG1(DBG_ASN, "no SHA-1 hasher available");
return FALSE;
}
hasher->allocate_hash(hasher, pubkey_packet_header, NULL);
hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint);
hasher->destroy(hasher);
- DBG2(DBG_LIB, "L2 - v4 fingerprint %#B", &this->fingerprint);
+ DBG2(DBG_ASN, "L2 - v4 fingerprint %#B", &this->fingerprint);
}
else
{
@@ -363,7 +335,7 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet)
return FALSE;
}
this->fingerprint = chunk_clone(this->fingerprint);
- DBG2(DBG_LIB, "L2 - v3 fingerprint %#B", &this->fingerprint);
+ DBG2(DBG_ASN, "L2 - v3 fingerprint %#B", &this->fingerprint);
}
return TRUE;
}
@@ -383,7 +355,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
/* we parse only v3 or v4 signature packets */
if (version != 3 && version != 4)
{
- DBG2(DBG_LIB, "L2 - v%d signature ignored", version);
+ DBG2(DBG_ASN, "L2 - v%d signature ignored", version);
return TRUE;
}
if (version == 4)
@@ -392,7 +364,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
{
return FALSE;
}
- DBG2(DBG_LIB, "L2 - v%d signature of type 0x%02x", version, type);
+ DBG2(DBG_ASN, "L2 - v%d signature of type 0x%02x", version, type);
}
else
{
@@ -405,7 +377,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet)
{
return FALSE;
}
- DBG2(DBG_LIB, "L2 - v3 signature of type 0x%02x, created %T", type,
+ DBG2(DBG_ASN, "L2 - v3 signature of type 0x%02x, created %T", type,
&created, FALSE);
}
/* TODO: parse and save signature to a list */
@@ -419,7 +391,7 @@ static bool parse_user_id(private_pgp_cert_t *this, chunk_t packet)
{
DESTROY_IF(this->user_id);
this->user_id = identification_create_from_encoding(ID_KEY_ID, packet);
- DBG2(DBG_LIB, "L2 - '%Y'", this->user_id);
+ DBG2(DBG_ASN, "L2 - '%Y'", this->user_id);
return TRUE;
}
@@ -469,14 +441,14 @@ pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args)
if (!parse_signature(this, packet))
{
destroy(this);
- return FALSE;
+ return NULL;
}
break;
case PGP_PKT_USER_ID:
if (!parse_user_id(this, packet))
{
destroy(this);
- return FALSE;
+ return NULL;
}
break;
default:
diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c
index 52e9d96b1..a2cf403dc 100644
--- a/src/libstrongswan/plugins/pgp/pgp_plugin.c
+++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c
@@ -39,17 +39,30 @@ METHOD(plugin_t, get_name, char*,
return "pgp";
}
-METHOD(plugin_t, destroy, void,
- private_pgp_plugin_t *this)
+METHOD(plugin_t, get_features, int,
+ private_pgp_plugin_t *this, plugin_feature_t *features[])
{
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)pgp_public_key_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)pgp_private_key_load);
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(PRIVKEY, pgp_private_key_load, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+ PLUGIN_REGISTER(PRIVKEY, pgp_private_key_load, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)pgp_cert_load);
+ PLUGIN_REGISTER(PUBKEY, pgp_public_key_load, FALSE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
+ PLUGIN_REGISTER(PUBKEY, pgp_public_key_load, FALSE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+
+ PLUGIN_REGISTER(CERT_DECODE, pgp_cert_load, FALSE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_GPG),
+ };
+ *features = f;
+ return countof(f);
+}
+METHOD(plugin_t, destroy, void,
+ private_pgp_plugin_t *this)
+{
lib->encoding->remove_encoder(lib->encoding, pgp_encoder_encode);
free(this);
@@ -66,21 +79,12 @@ plugin_t *pgp_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
- (builder_function_t)pgp_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE,
- (builder_function_t)pgp_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
- (builder_function_t)pgp_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
- (builder_function_t)pgp_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE,
- (builder_function_t)pgp_cert_load);
+
lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.c b/src/libstrongswan/plugins/pgp/pgp_utils.c
index 2d85cc0c8..7fd905ce4 100644
--- a/src/libstrongswan/plugins/pgp/pgp_utils.c
+++ b/src/libstrongswan/plugins/pgp/pgp_utils.c
@@ -79,7 +79,7 @@ bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar)
if (bytes > blob->len)
{
- DBG1(DBG_LIB, "PGP data too short to read %d byte scalar", bytes);
+ DBG1(DBG_ASN, "PGP data too short to read %d byte scalar", bytes);
return FALSE;
}
while (bytes-- > 0)
@@ -100,13 +100,13 @@ bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi)
if (!pgp_read_scalar(blob, 2, &bits))
{
- DBG1(DBG_LIB, "PGP data too short to read MPI length");
+ DBG1(DBG_ASN, "PGP data too short to read MPI length");
return FALSE;
}
bytes = (bits + 7) / 8;
if (bytes > blob->len)
{
- DBG1(DBG_LIB, "PGP data too short to read %d byte MPI", bytes);
+ DBG1(DBG_ASN, "PGP data too short to read %d byte MPI", bytes);
return FALSE;
}
*mpi = chunk_create(blob->ptr, bytes);
@@ -146,7 +146,7 @@ bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag)
if (!blob->len)
{
- DBG1(DBG_LIB, "missing input");
+ DBG1(DBG_ASN, "missing input");
return FALSE;
}
t = blob->ptr[0];
@@ -154,27 +154,27 @@ bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag)
/* bit 7 must be set */
if (!(t & 0x80))
{
- DBG1(DBG_LIB, "invalid packet tag");
+ DBG1(DBG_ASN, "invalid packet tag");
return FALSE;
}
/* bit 6 set defines new packet format */
if (t & 0x40)
{
- DBG1(DBG_LIB, "new PGP packet format not supported");
+ DBG1(DBG_ASN, "new PGP packet format not supported");
return FALSE;
}
t = (t & 0x3C) >> 2;
if (!pgp_old_packet_length(blob, &len) || len > blob->len)
{
- DBG1(DBG_LIB, "invalid packet length");
+ DBG1(DBG_ASN, "invalid packet length");
return FALSE;
}
*data = chunk_create(blob->ptr, len);
*blob = chunk_skip(*blob, len);
*tag = t;
- DBG2(DBG_LIB, "L1 - PGP %N (%u bytes)", pgp_packet_tag_names, t, len);
- DBG3(DBG_LIB, "%B", data);
+ DBG2(DBG_ASN, "L1 - PGP %N (%u bytes)", pgp_packet_tag_names, t, len);
+ DBG3(DBG_ASN, "%B", data);
return TRUE;
}
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index 1ae880c3b..f9322a62d 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -193,6 +193,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -201,6 +204,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -217,11 +221,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -265,6 +271,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
index a605fabc7..6d022f362 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c
@@ -81,10 +81,10 @@ static public_key_t *parse_public_key(chunk_t blob)
/* skip initial bit string octet defining 0 unused bits */
object = chunk_skip(object, 1);
}
- DBG2(DBG_LIB, "-- > --");
+ DBG2(DBG_ASN, "-- > --");
key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, type,
BUILD_BLOB_ASN1_DER, object, BUILD_END);
- DBG2(DBG_LIB, "-- < --");
+ DBG2(DBG_ASN, "-- < --");
break;
}
}
@@ -197,7 +197,7 @@ static private_key_t *parse_rsa_private_key(chunk_t blob)
case PRIV_KEY_VERSION:
if (object.len > 0 && *object.ptr != 0)
{
- DBG1(DBG_LIB, "PKCS#1 private key format is not version 1");
+ DBG1(DBG_ASN, "PKCS#1 private key format is not version 1");
goto end;
}
break;
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
index e0e24cab2..b304a5101 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
@@ -38,14 +38,24 @@ METHOD(plugin_t, get_name, char*,
return "pkcs1";
}
+METHOD(plugin_t, get_features, int,
+ private_pkcs1_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(PRIVKEY, pkcs1_private_key_load, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
+ PLUGIN_REGISTER(PUBKEY, pkcs1_public_key_load, FALSE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_ANY),
+ PLUGIN_REGISTER(PUBKEY, pkcs1_public_key_load, FALSE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_pkcs1_plugin_t *this)
{
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)pkcs1_public_key_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)pkcs1_private_key_load);
-
lib->encoding->remove_encoder(lib->encoding, pkcs1_encoder_encode);
free(this);
@@ -62,19 +72,12 @@ plugin_t *pkcs1_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
- (builder_function_t)pkcs1_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE,
- (builder_function_t)pkcs1_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
- (builder_function_t)pkcs1_private_key_load);
-
lib->encoding->add_encoder(lib->encoding, pkcs1_encoder_encode);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.am b/src/libstrongswan/plugins/pkcs11/Makefile.am
index 199039d95..d032b879a 100644
--- a/src/libstrongswan/plugins/pkcs11/Makefile.am
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.am
@@ -16,6 +16,8 @@ libstrongswan_pkcs11_la_SOURCES = \
pkcs11_private_key.h pkcs11_private_key.c \
pkcs11_public_key.h pkcs11_public_key.c \
pkcs11_hasher.h pkcs11_hasher.c \
+ pkcs11_rng.h pkcs11_rng.c \
+ pkcs11_dh.h pkcs11_dh.c \
pkcs11_manager.h pkcs11_manager.c
libstrongswan_pkcs11_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in
index 1a67f88cc..2ead77f5a 100644
--- a/src/libstrongswan/plugins/pkcs11/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.in
@@ -77,7 +77,8 @@ LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_pkcs11_la_LIBADD =
am_libstrongswan_pkcs11_la_OBJECTS = pkcs11_plugin.lo \
pkcs11_library.lo pkcs11_creds.lo pkcs11_private_key.lo \
- pkcs11_public_key.lo pkcs11_hasher.lo pkcs11_manager.lo
+ pkcs11_public_key.lo pkcs11_hasher.lo pkcs11_rng.lo \
+ pkcs11_dh.lo pkcs11_manager.lo
libstrongswan_pkcs11_la_OBJECTS = \
$(am_libstrongswan_pkcs11_la_OBJECTS)
libstrongswan_pkcs11_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
@@ -195,6 +196,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -203,6 +207,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -219,11 +224,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -267,6 +274,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
@@ -288,6 +296,8 @@ libstrongswan_pkcs11_la_SOURCES = \
pkcs11_private_key.h pkcs11_private_key.c \
pkcs11_public_key.h pkcs11_public_key.c \
pkcs11_hasher.h pkcs11_hasher.c \
+ pkcs11_rng.h pkcs11_rng.c \
+ pkcs11_dh.h pkcs11_dh.c \
pkcs11_manager.h pkcs11_manager.c
libstrongswan_pkcs11_la_LDFLAGS = -module -avoid-version
@@ -375,12 +385,14 @@ distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_creds.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_dh.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_hasher.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_library.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_manager.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_plugin.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_private_key.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_public_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_rng.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11.h b/src/libstrongswan/plugins/pkcs11/pkcs11.h
index 2e6a1e3ed..da29a77d0 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11.h
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11.h
@@ -179,6 +179,14 @@ extern "C" {
#define unlock_mutex UnlockMutex
#define reserved pReserved
+#define ck_ec_kdf_type_t CK_EC_KDF_TYPE
+
+#define ck_ecdh1_derive_args _CK_ECDH1_DERIVE_PARAMS
+#define shared_data_len ulSharedDataLen
+#define shared_data pSharedData
+#define public_data_len ulPublicDataLen
+#define public_data pPublicData
+
#endif /* CRYPTOKI_COMPAT */
@@ -1090,6 +1098,19 @@ struct ck_c_initialize_args
void *reserved;
};
+typedef unsigned long ck_ec_kdf_type_t;
+
+#define CKD_NULL (1)
+#define CKD_SHA1_DKF (2)
+
+struct ck_ecdh1_derive_params
+{
+ ck_ec_kdf_type_t kdf;
+ unsigned long shared_data_len;
+ void *shared_data;
+ unsigned long public_data_len;
+ void *public_data;
+};
#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0)
#define CKF_OS_LOCKING_OK (1 << 1)
@@ -1260,6 +1281,9 @@ typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
+typedef struct ck_ecdh1_derive_params CK_ECDH1_DERIVE_PARAMS;
+typedef struct ck_ecdh1_derive_params *CK_ECDH1_DERIVE_PARAMS_PTR;
+
#define NULL_PTR NULL
/* Delete the helper macros defined at the top of the file. */
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
new file mode 100644
index 000000000..c870370c8
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c
@@ -0,0 +1,446 @@
+/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_dh.h"
+
+#include <debug.h>
+#include <library.h>
+#include <asn1/asn1.h>
+#include <asn1/oid.h>
+
+#include "pkcs11_manager.h"
+
+typedef struct private_pkcs11_dh_t private_pkcs11_dh_t;
+
+/**
+ * Private data of an pkcs11_dh_t object.
+ */
+struct private_pkcs11_dh_t {
+
+ /**
+ * Public pkcs11_dh_t interface
+ */
+ pkcs11_dh_t public;
+
+ /**
+ * PKCS#11 library
+ */
+ pkcs11_library_t *lib;
+
+ /**
+ * Session handle for this objct
+ */
+ CK_SESSION_HANDLE session;
+
+ /**
+ * Diffie Hellman group number.
+ */
+ u_int16_t group;
+
+ /**
+ * Handle for own private value
+ */
+ CK_OBJECT_HANDLE pri_key;
+
+ /**
+ * Own public value
+ */
+ chunk_t pub_key;
+
+ /**
+ * Shared secret
+ */
+ chunk_t secret;
+
+ /**
+ * Mechanism to use to generate a key pair
+ */
+ CK_MECHANISM_TYPE mech_key;
+
+ /**
+ * Mechanism to use to derive a shared secret
+ */
+ CK_MECHANISM_TYPE mech_derive;
+
+};
+
+/**
+ * Derive a DH/ECDH shared secret.
+ *
+ * If this succeeds the shared secret is stored in this->secret.
+ */
+static void derive_secret(private_pkcs11_dh_t *this, chunk_t other)
+{
+ CK_OBJECT_CLASS klass = CKO_SECRET_KEY;
+ CK_KEY_TYPE type = CKK_GENERIC_SECRET;
+ CK_ATTRIBUTE attr[] = {
+ { CKA_CLASS, &klass, sizeof(klass) },
+ { CKA_KEY_TYPE, &type, sizeof(type) },
+ };
+ CK_MECHANISM mech = {
+ this->mech_derive,
+ other.ptr,
+ other.len,
+ };
+ CK_OBJECT_HANDLE secret;
+ CK_RV rv;
+
+ rv = this->lib->f->C_DeriveKey(this->session, &mech, this->pri_key,
+ attr, countof(attr), &secret);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_DeriveKey() error: %N", ck_rv_names, rv);
+ return;
+ }
+ if (!this->lib->get_ck_attribute(this->lib, this->session, secret,
+ CKA_VALUE, &this->secret))
+ {
+ chunk_free(&this->secret);
+ return;
+ }
+}
+
+METHOD(diffie_hellman_t, set_other_public_value, void,
+ private_pkcs11_dh_t *this, chunk_t value)
+{
+ switch (this->group)
+ {
+ case ECP_192_BIT:
+ case ECP_224_BIT:
+ case ECP_256_BIT:
+ case ECP_384_BIT:
+ case ECP_521_BIT:
+ { /* we expect the public value to just be the concatenated x and y
+ * coordinates, so we tag the value as an uncompressed ECPoint */
+ chunk_t tag = chunk_from_chars(0x04);
+ chunk_t pubkey = chunk_cata("cc", tag, value);
+ CK_ECDH1_DERIVE_PARAMS params = {
+ CKD_NULL,
+ 0,
+ NULL,
+ pubkey.len,
+ pubkey.ptr,
+ };
+
+ if (!lib->settings->get_bool(lib->settings,
+ "libstrongswan.ecp_x_coordinate_only", TRUE))
+ { /* we only get the x coordinate back */
+ return;
+ }
+ value = chunk_from_thing(params);
+ break;
+ }
+ default:
+ break;
+ }
+ derive_secret(this, value);
+}
+
+METHOD(diffie_hellman_t, get_my_public_value, void,
+ private_pkcs11_dh_t *this, chunk_t *value)
+{
+ *value = chunk_clone(this->pub_key);
+}
+
+METHOD(diffie_hellman_t, get_shared_secret, status_t,
+ private_pkcs11_dh_t *this, chunk_t *secret)
+{
+ if (!this->secret.ptr)
+ {
+ return FAILED;
+ }
+ *secret = chunk_clone(this->secret);
+ return SUCCESS;
+}
+
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_pkcs11_dh_t *this)
+{
+ return this->group;
+}
+
+METHOD(diffie_hellman_t, destroy, void,
+ private_pkcs11_dh_t *this)
+{
+ this->lib->f->C_CloseSession(this->session);
+ chunk_clear(&this->pub_key);
+ chunk_clear(&this->secret);
+ free(this);
+}
+
+/**
+ * Generate a DH/ECDH key pair.
+ *
+ * If this succeeds, this->pri_key has a handle to the private key and
+ * this->pub_key stores the public key.
+ */
+static bool generate_key_pair(private_pkcs11_dh_t *this, CK_ATTRIBUTE_PTR pub,
+ int pub_len, CK_ATTRIBUTE_PTR pri, int pri_len,
+ CK_ATTRIBUTE_TYPE attr)
+{
+ CK_MECHANISM mech = {
+ this->mech_key,
+ NULL,
+ 0,
+ };
+ CK_OBJECT_HANDLE pub_key;
+ CK_RV rv;
+
+ rv = this->lib->f->C_GenerateKeyPair(this->session, &mech, pub, pub_len,
+ pri, pri_len, &pub_key, &this->pri_key);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GenerateKeyPair() error: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ if (!this->lib->get_ck_attribute(this->lib, this->session, pub_key,
+ attr, &this->pub_key))
+ {
+ chunk_free(&this->pub_key);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ * Generate DH key pair.
+ */
+static bool generate_key_pair_modp(private_pkcs11_dh_t *this, size_t exp_len,
+ chunk_t g, chunk_t p)
+{
+ CK_BBOOL ck_true = CK_TRUE;
+ CK_ATTRIBUTE pub_attr[] = {
+ { CKA_DERIVE, &ck_true, sizeof(ck_true) },
+ { CKA_PRIME, p.ptr, p.len },
+ { CKA_BASE, g.ptr, g.len },
+ };
+ CK_ULONG bits = exp_len * 8;
+ CK_ATTRIBUTE pri_attr[] = {
+ { CKA_DERIVE, &ck_true, sizeof(ck_true) },
+ { CKA_VALUE_BITS, &bits, sizeof(bits) },
+ };
+ return generate_key_pair(this, pub_attr, countof(pub_attr), pri_attr,
+ countof(pri_attr), CKA_VALUE);
+}
+
+/**
+ * Generate ECDH key pair.
+ */
+static bool generate_key_pair_ecp(private_pkcs11_dh_t *this,
+ chunk_t ecparams)
+{
+ CK_BBOOL ck_true = CK_TRUE;
+ CK_ATTRIBUTE pub_attr[] = {
+ { CKA_DERIVE, &ck_true, sizeof(ck_true) },
+ { CKA_EC_PARAMS, ecparams.ptr, ecparams.len },
+ };
+ CK_ATTRIBUTE pri_attr[] = {
+ { CKA_DERIVE, &ck_true, sizeof(ck_true) },
+ };
+ chunk_t pub_key;
+ if (!generate_key_pair(this, pub_attr, countof(pub_attr), pri_attr,
+ countof(pri_attr), CKA_EC_POINT))
+ {
+ return FALSE;
+ }
+ if (this->pub_key.len <= 0 || this->pub_key.ptr[0] != 0x04)
+ { /* we currently only support the point in uncompressed form which
+ * looks like this: 0x04 || x || y */
+ chunk_clear(&this->pub_key);
+ return FALSE;
+ }
+ pub_key = chunk_clone(chunk_skip(this->pub_key, 1));
+ chunk_clear(&this->pub_key);
+ this->pub_key = pub_key;
+ return TRUE;
+}
+
+/**
+ * Find a token we can use for DH/ECDH algorithm
+ */
+static pkcs11_library_t *find_token(private_pkcs11_dh_t *this,
+ CK_SESSION_HANDLE *session)
+{
+ enumerator_t *tokens, *mechs;
+ pkcs11_manager_t *manager;
+ pkcs11_library_t *current, *found = NULL;
+ CK_MECHANISM_TYPE type;
+ CK_SLOT_ID slot;
+
+ manager = lib->get(lib, "pkcs11-manager");
+ if (!manager)
+ {
+ return NULL;
+ }
+ tokens = manager->create_token_enumerator(manager);
+ while (tokens->enumerate(tokens, &current, &slot))
+ {
+ mechs = current->create_mechanism_enumerator(current, slot);
+ while (mechs->enumerate(mechs, &type, NULL))
+ { /* we assume we can generate key pairs if the derive mechanism
+ * is supported */
+ if (type == this->mech_derive)
+ {
+ if (current->f->C_OpenSession(slot, CKF_SERIAL_SESSION,
+ NULL, NULL, session) == CKR_OK)
+ {
+ found = current;
+ break;
+ }
+ }
+ }
+ mechs->destroy(mechs);
+ if (found)
+ {
+ break;
+ }
+ }
+ tokens->destroy(tokens);
+ return found;
+}
+
+/**
+ * Generic internal constructor
+ */
+static private_pkcs11_dh_t *create_generic(diffie_hellman_group_t group,
+ CK_MECHANISM_TYPE key,
+ CK_MECHANISM_TYPE derive)
+{
+ private_pkcs11_dh_t *this;
+
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ .group = group,
+ .mech_key = key,
+ .mech_derive = derive,
+ );
+
+ this->lib = find_token(this, &this->session);
+ if (!this->lib)
+ {
+ free(this);
+ return NULL;
+ }
+ return this;
+}
+
+static pkcs11_dh_t *create_ecp(diffie_hellman_group_t group, chunk_t ecparam)
+{
+ private_pkcs11_dh_t *this = create_generic(group, CKM_EC_KEY_PAIR_GEN,
+ CKM_ECDH1_DERIVE);
+
+ if (this)
+ {
+ if (generate_key_pair_ecp(this, ecparam))
+ {
+ chunk_free(&ecparam);
+ return &this->public;
+ }
+ chunk_free(&ecparam);
+ free(this);
+ }
+ return NULL;
+}
+
+/**
+ * Constructor for MODP DH
+ */
+static pkcs11_dh_t *create_modp(diffie_hellman_group_t group, size_t exp_len,
+ chunk_t g, chunk_t p)
+{
+ private_pkcs11_dh_t *this = create_generic(group, CKM_DH_PKCS_KEY_PAIR_GEN,
+ CKM_DH_PKCS_DERIVE);
+
+ if (this)
+ {
+ if (generate_key_pair_modp(this, exp_len, g, p))
+ {
+ return &this->public;
+ }
+ free(this);
+ }
+ return NULL;
+}
+
+/**
+ * Lookup the EC params for the given group.
+ */
+static chunk_t ecparams_lookup(diffie_hellman_group_t group)
+{
+ switch (group)
+ {
+ case ECP_192_BIT:
+ return asn1_build_known_oid(OID_PRIME192V1);
+ case ECP_224_BIT:
+ return asn1_build_known_oid(OID_SECT224R1);
+ case ECP_256_BIT:
+ return asn1_build_known_oid(OID_PRIME256V1);
+ case ECP_384_BIT:
+ return asn1_build_known_oid(OID_SECT384R1);
+ case ECP_521_BIT:
+ return asn1_build_known_oid(OID_SECT521R1);
+ default:
+ break;
+ }
+ return chunk_empty;
+}
+
+/**
+ * Described in header.
+ */
+pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group,
+ chunk_t g, chunk_t p)
+{
+ switch (group)
+ {
+ case MODP_CUSTOM:
+ {
+ return create_modp(group, p.len, g, p);
+ }
+ case ECP_192_BIT:
+ case ECP_224_BIT:
+ case ECP_256_BIT:
+ case ECP_384_BIT:
+ case ECP_521_BIT:
+ {
+ chunk_t params = ecparams_lookup(group);
+ if (params.ptr)
+ {
+ return create_ecp(group, params);
+ }
+ break;
+ }
+ default:
+ {
+ diffie_hellman_params_t *params = diffie_hellman_get_params(group);
+ if (params)
+ {
+ return create_modp(group, params->exp_len, params->generator,
+ params->prime);
+ }
+ break;
+ }
+ }
+ return NULL;
+}
+
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h
new file mode 100644
index 000000000..2654130c0
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11_dh pkcs11_dh
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_DH_H_
+#define PKCS11_DH_H_
+
+typedef struct pkcs11_dh_t pkcs11_dh_t;
+
+#include <library.h>
+
+/**
+ * Implementation of the Diffie-Hellman algorithm via PKCS#11.
+ */
+struct pkcs11_dh_t {
+
+ /**
+ * Implements diffie_hellman_t interface.
+ */
+ diffie_hellman_t dh;
+};
+
+/**
+ * Creates a new pkcs11_dh_t object.
+ *
+ * @param group Diffie Hellman group number to use
+ * @param g generator in case group is MODP_CUSTOM
+ * @param p prime in case group is MODP_CUSTOM
+ * @return pkcs11_dh_t object, NULL if not supported
+ */
+pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group,
+ chunk_t g, chunk_t p);
+
+#endif /** PKCS11_DH_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
index 6d327be40..069fa98b6 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
@@ -260,7 +260,7 @@ static pkcs11_library_t* find_token(hash_algorithm_t algo,
{
return NULL;
}
- manager = pkcs11_manager_get();
+ manager = lib->get(lib, "pkcs11-manager");
if (!manager)
{
return NULL;
@@ -315,6 +315,7 @@ pkcs11_hasher_t *pkcs11_hasher_create(hash_algorithm_t algo)
this->lib = find_token(algo, &this->session, &this->mech, &this->size);
if (!this->lib)
{
+ this->mutex->destroy(this->mutex);
free(this);
return NULL;
}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
index 6f7926808..97c3d2fcf 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -447,6 +450,123 @@ ENUM_NEXT(ck_mech_names, CKM_DSA_PARAMETER_GEN, CKM_X9_42_DH_PARAMETER_GEN,
"X9_42_DH_PARAMETER_GEN");
ENUM_END(ck_mech_names, CKM_X9_42_DH_PARAMETER_GEN);
+
+ENUM_BEGIN(ck_attr_names, CKA_CLASS, CKA_LABEL,
+ "CLASS",
+ "TOKEN",
+ "PRIVATE",
+ "LABEL");
+ENUM_NEXT(ck_attr_names, CKA_APPLICATION, CKA_OBJECT_ID, CKA_LABEL,
+ "APPLICATION",
+ "VALUE",
+ "OBJECT_ID");
+ENUM_NEXT(ck_attr_names, CKA_CERTIFICATE_TYPE, CKA_HASH_OF_ISSUER_PUBLIC_KEY,
+ CKA_OBJECT_ID,
+ "CERTIFICATE_TYPE",
+ "ISSUER",
+ "SERIAL_NUMBER",
+ "AC_ISSUER",
+ "OWNER",
+ "ATTR_TYPES",
+ "TRUSTED",
+ "CERTIFICATE_CATEGORY",
+ "JAVA_MIDP_SECURITY_DOMAIN",
+ "URL",
+ "HASH_OF_SUBJECT_PUBLIC_KEY",
+ "HASH_OF_ISSUER_PUBLIC_KEY");
+ENUM_NEXT(ck_attr_names, CKA_CHECK_VALUE, CKA_CHECK_VALUE,
+ CKA_HASH_OF_ISSUER_PUBLIC_KEY,
+ "CHECK_VALUE");
+ENUM_NEXT(ck_attr_names, CKA_KEY_TYPE, CKA_DERIVE, CKA_CHECK_VALUE,
+ "KEY_TYPE",
+ "SUBJECT",
+ "ID",
+ "SENSITIVE",
+ "ENCRYPT",
+ "DECRYPT",
+ "WRAP",
+ "UNWRAP",
+ "SIGN",
+ "SIGN_RECOVER",
+ "VERIFY",
+ "VERIFY_RECOVER",
+ "DERIVE");
+ENUM_NEXT(ck_attr_names, CKA_START_DATE, CKA_END_DATE, CKA_DERIVE,
+ "START_DATE",
+ "END_DATE");
+ENUM_NEXT(ck_attr_names, CKA_MODULUS, CKA_COEFFICIENT, CKA_END_DATE,
+ "MODULUS",
+ "MODULUS_BITS",
+ "PUBLIC_EXPONENT",
+ "PRIVATE_EXPONENT",
+ "PRIME_1",
+ "PRIME_2",
+ "EXPONENT_1",
+ "EXPONENT_2",
+ "COEFFICIENT");
+ENUM_NEXT(ck_attr_names, CKA_PRIME, CKA_SUB_PRIME_BITS, CKA_COEFFICIENT,
+ "PRIME",
+ "SUBPRIME",
+ "BASE",
+ "PRIME_BITS",
+ "SUB_PRIME_BITS");
+ENUM_NEXT(ck_attr_names, CKA_VALUE_BITS, CKA_KEY_GEN_MECHANISM,
+ CKA_SUB_PRIME_BITS,
+ "VALUE_BITS",
+ "VALUE_LEN",
+ "EXTRACTABLE",
+ "LOCAL",
+ "NEVER_EXTRACTABLE",
+ "ALWAYS_SENSITIVE",
+ "KEY_GEN_MECHANISM");
+ENUM_NEXT(ck_attr_names, CKA_MODIFIABLE, CKA_MODIFIABLE, CKA_KEY_GEN_MECHANISM,
+ "MODIFIABLE");
+ENUM_NEXT(ck_attr_names, CKA_EC_PARAMS, CKA_EC_POINT, CKA_MODIFIABLE,
+ "EC_PARAMS",
+ "EC_POINT");
+ENUM_NEXT(ck_attr_names, CKA_SECONDARY_AUTH, CKA_ALWAYS_AUTHENTICATE,
+ CKA_EC_POINT,
+ "SECONDARY_AUTH",
+ "AUTH_PIN_FLAGS",
+ "ALWAYS_AUTHENTICATE");
+ENUM_NEXT(ck_attr_names, CKA_WRAP_WITH_TRUSTED, CKA_WRAP_WITH_TRUSTED,
+ CKA_ALWAYS_AUTHENTICATE,
+ "WRAP_WITH_TRUSTED");
+ENUM_NEXT(ck_attr_names, CKA_HW_FEATURE_TYPE, CKA_HAS_RESET,
+ CKA_WRAP_WITH_TRUSTED,
+ "HW_FEATURE_TYPE",
+ "RESET_ON_INIT",
+ "HAS_RESET");
+ENUM_NEXT(ck_attr_names, CKA_PIXEL_X, CKA_BITS_PER_PIXEL, CKA_HAS_RESET,
+ "PIXEL_X",
+ "RESOLUTION",
+ "CHAR_ROWS",
+ "CHAR_COLUMNS",
+ "COLOR",
+ "BITS_PER_PIXEL");
+ENUM_NEXT(ck_attr_names, CKA_CHAR_SETS, CKA_MIME_TYPES, CKA_BITS_PER_PIXEL,
+ "CHAR_SETS",
+ "ENCODING_METHODS",
+ "MIME_TYPES");
+ENUM_NEXT(ck_attr_names, CKA_MECHANISM_TYPE, CKA_SUPPORTED_CMS_ATTRIBUTES,
+ CKA_MIME_TYPES,
+ "MECHANISM_TYPE",
+ "REQUIRED_CMS_ATTRIBUTES",
+ "DEFAULT_CMS_ATTRIBUTES",
+ "SUPPORTED_CMS_ATTRIBUTES");
+ENUM_NEXT(ck_attr_names, CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE,
+ CKA_SUPPORTED_CMS_ATTRIBUTES,
+ "WRAP_TEMPLATE",
+ "UNWRAP_TEMPLATE");
+ENUM_NEXT(ck_attr_names, CKA_ALLOWED_MECHANISMS, CKA_ALLOWED_MECHANISMS,
+ CKA_UNWRAP_TEMPLATE,
+ "ALLOWED_MECHANISMS");
+ENUM_END(ck_attr_names, CKA_ALLOWED_MECHANISMS);
+/* the values in an enum_name_t are stored as int, thus CKA_VENDOR_DEFINED
+ * will overflow and is thus not defined here */
+
+
+
/**
* Private data of an pkcs11_library_t object.
*/
@@ -495,10 +615,12 @@ typedef struct {
CK_SESSION_HANDLE session;
/* pkcs11 library */
pkcs11_library_t *lib;
- /* attributes to retreive */
+ /* attributes to retrieve */
CK_ATTRIBUTE_PTR attr;
/* number of attributes */
CK_ULONG count;
+ /* object handle in case of a single object */
+ CK_OBJECT_HANDLE object;
/* currently allocated attributes, to free */
linked_list_t *freelist;
} object_enumerator_t;
@@ -552,7 +674,7 @@ static bool get_attributes(object_enumerator_t *this, CK_OBJECT_HANDLE object)
if (rv != CKR_OK)
{
free_attrs(this);
- DBG1(DBG_CFG, "C_GetAttributeValue(NULL) error: %N", ck_rv_names, rv);
+ DBG1(DBG_CFG, "C_GetAttributeValue() error: %N", ck_rv_names, rv);
return FALSE;
}
return TRUE;
@@ -565,11 +687,19 @@ METHOD(enumerator_t, object_enumerate, bool,
CK_ULONG found;
CK_RV rv;
- rv = this->lib->f->C_FindObjects(this->session, &object, 1, &found);
- if (rv != CKR_OK)
+ if (!this->object)
{
- DBG1(DBG_CFG, "C_FindObjects() failed: %N", ck_rv_names, rv);
- return FALSE;
+ rv = this->lib->f->C_FindObjects(this->session, &object, 1, &found);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_FindObjects() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ }
+ else
+ {
+ object = this->object;
+ found = 1;
}
if (found)
{
@@ -580,7 +710,10 @@ METHOD(enumerator_t, object_enumerate, bool,
return FALSE;
}
}
- *out = object;
+ if (out)
+ {
+ *out = object;
+ }
return TRUE;
}
return FALSE;
@@ -589,7 +722,10 @@ METHOD(enumerator_t, object_enumerate, bool,
METHOD(enumerator_t, object_destroy, void,
object_enumerator_t *this)
{
- this->lib->f->C_FindObjectsFinal(this->session);
+ if (!this->object)
+ {
+ this->lib->f->C_FindObjectsFinal(this->session);
+ }
free_attrs(this);
this->freelist->destroy(this->freelist);
free(this);
@@ -624,6 +760,27 @@ METHOD(pkcs11_library_t, create_object_enumerator, enumerator_t*,
return &enumerator->public;
}
+METHOD(pkcs11_library_t, create_object_attr_enumerator, enumerator_t*,
+ private_pkcs11_library_t *this, CK_SESSION_HANDLE session,
+ CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR attr, CK_ULONG count)
+{
+ object_enumerator_t *enumerator;
+
+ INIT(enumerator,
+ .public = {
+ .enumerate = (void*)_object_enumerate,
+ .destroy = _object_destroy,
+ },
+ .session = session,
+ .lib = &this->public,
+ .attr = attr,
+ .count = count,
+ .object = object,
+ .freelist = linked_list_create(),
+ );
+ return &enumerator->public;
+}
+
/**
* Enumerator over mechanisms
*/
@@ -707,6 +864,32 @@ METHOD(pkcs11_library_t, create_mechanism_enumerator, enumerator_t*,
return &enumerator->public;
}
+METHOD(pkcs11_library_t, get_ck_attribute, bool,
+ private_pkcs11_library_t *this, CK_SESSION_HANDLE session,
+ CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_TYPE type, chunk_t *data)
+{
+ CK_ATTRIBUTE attr = { type, NULL, 0 };
+ CK_RV rv;
+ rv = this->public.f->C_GetAttributeValue(session, obj, &attr, 1);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetAttributeValue(%N) error: %N", ck_attr_names, type,
+ ck_rv_names, rv);
+ return FALSE;
+ }
+ *data = chunk_alloc(attr.ulValueLen);
+ attr.pValue = data->ptr;
+ rv = this->public.f->C_GetAttributeValue(session, obj, &attr, 1);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetAttributeValue(%N) error: %N", ck_attr_names, type,
+ ck_rv_names, rv);
+ chunk_free(data);
+ return FALSE;
+ }
+ return TRUE;
+}
+
METHOD(pkcs11_library_t, destroy, void,
private_pkcs11_library_t *this)
{
@@ -739,7 +922,7 @@ void pkcs11_library_trim(char *str, int len)
*/
static CK_RV CreateMutex(CK_VOID_PTR_PTR data)
{
- *data = mutex_create(MUTEX_TYPE_DEFAULT);
+ *data = mutex_create(MUTEX_TYPE_RECURSIVE);
return CKR_OK;
}
@@ -889,7 +1072,9 @@ pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking)
.get_name = _get_name,
.get_features = _get_features,
.create_object_enumerator = _create_object_enumerator,
+ .create_object_attr_enumerator = _create_object_attr_enumerator,
.create_mechanism_enumerator = _create_mechanism_enumerator,
+ .get_ck_attribute = _get_ck_attribute,
.destroy = _destroy,
},
.name = name,
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h
index abe023448..e76e65e07 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -27,6 +30,7 @@ typedef struct pkcs11_library_t pkcs11_library_t;
#include "pkcs11.h"
#include <enum.h>
+#include <chunk.h>
#include <utils/enumerator.h>
/**
@@ -72,7 +76,7 @@ struct pkcs11_library_t {
*
* @param session session to use
* @param tmpl search template
- * @param tcount number of attributes in the search template
+ * @param tcount number of attributes in the search template
* @param attr attributes to read from object
* @param acount number of attributes to read
*/
@@ -81,6 +85,24 @@ struct pkcs11_library_t {
CK_ATTRIBUTE_PTR attr, CK_ULONG acount);
/**
+ * This is very similar to the object enumerator but is only used to
+ * easily retrieve multiple attributes from a single object for which
+ * a handle is already known.
+ *
+ * The given attribute array is automatically filled in with the
+ * associated attributes. If the value of an output attribute is NULL,
+ * the required memory gets allocated/freed during enumeration.
+ *
+ * @param session session to use
+ * @param object object handle
+ * @param attr attributes to read from object
+ * @param count number of attributes to read
+ */
+ enumerator_t* (*create_object_attr_enumerator)(pkcs11_library_t *this,
+ CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object,
+ CK_ATTRIBUTE_PTR attr, CK_ULONG count);
+
+ /**
* Create an enumerator over supported mechanisms of a token.
*
* The resulting enumerator enumerates over the mechanism type, and if
@@ -93,6 +115,21 @@ struct pkcs11_library_t {
CK_SLOT_ID slot);
/**
+ * Retrieve a single attribute from the given object.
+ *
+ * Memory for the data is allocated.
+ *
+ * @param session session with the PKCS#11 library
+ * @param obj object handle
+ * @param type attribute type to extract
+ * @param data extracted data
+ * @return TRUE if successful
+ */
+ bool (*get_ck_attribute)(pkcs11_library_t *this, CK_SESSION_HANDLE session,
+ CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_TYPE type,
+ chunk_t *data);
+
+ /**
* Destroy a pkcs11_library_t.
*/
void (*destroy)(pkcs11_library_t *this);
@@ -109,7 +146,12 @@ extern enum_name_t *ck_rv_names;
extern enum_name_t *ck_mech_names;
/**
- * Trim/null terminate a string returned by the varius PKCS#11 functions.
+ * Enum names for CK_ATTRIBUTE_TYPE values
+ */
+extern enum_name_t *ck_attr_names;
+
+/**
+ * Trim/null terminate a string returned by the various PKCS#11 functions.
*
* @param str string to trim
* @param len max length of the string
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
index 431cd6a2c..5b321b26e 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
@@ -323,17 +323,11 @@ METHOD(pkcs11_manager_t, create_token_enumerator, enumerator_t*,
return &enumerator->public;
}
-/**
- * Singleton instance
- */
-static private_pkcs11_manager_t *singleton = NULL;
-
METHOD(pkcs11_manager_t, destroy, void,
private_pkcs11_manager_t *this)
{
this->libs->destroy_function(this->libs, (void*)lib_entry_destroy);
free(this);
- singleton = NULL;
}
/**
@@ -386,14 +380,12 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb,
}
enumerator->destroy(enumerator);
- singleton = this;
-
enumerator = this->libs->create_enumerator(this->libs);
while (enumerator->enumerate(enumerator, &entry))
{
query_slots(entry);
- entry->job = callback_job_create((void*)dispatch_slot_events,
- entry, (void*)end_dispatch, NULL);
+ entry->job = callback_job_create_with_prio((void*)dispatch_slot_events,
+ entry, (void*)end_dispatch, NULL, JOB_PRIO_CRITICAL);
lib->processor->queue_job(lib->processor, (job_t*)entry->job);
}
enumerator->destroy(enumerator);
@@ -401,10 +393,3 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb,
return &this->public;
}
-/**
- * See header
- */
-pkcs11_manager_t *pkcs11_manager_get()
-{
- return (pkcs11_manager_t*)singleton;
-}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h
index b80d67324..2f51fb30e 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h
@@ -32,7 +32,7 @@ typedef struct pkcs11_manager_t pkcs11_manager_t;
*
* @param data user supplied data, as passed to pkcs11_manager_create()
* @param p11 loaded PKCS#11 library token belongs to
- * @param slot slot number the event occured in
+ * @param slot slot number the event occurred in
* @param add TRUE if token was added to the slot, FALSE if removed
*/
typedef void (*pkcs11_manager_token_event_t)(void *data, pkcs11_library_t *p11,
@@ -67,12 +67,4 @@ struct pkcs11_manager_t {
pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb,
void *data);
-
-/**
- * Get the singleton instance of the manager
- *
- * @return instance, NULL if none available
- */
-pkcs11_manager_t *pkcs11_manager_get();
-
#endif /** PKCS11_MANAGER_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
index 7b537cfa7..183fce53a 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -19,12 +22,15 @@
#include <debug.h>
#include <utils/linked_list.h>
#include <threading/mutex.h>
+#include <threading/rwlock.h>
#include "pkcs11_manager.h"
#include "pkcs11_creds.h"
#include "pkcs11_private_key.h"
#include "pkcs11_public_key.h"
#include "pkcs11_hasher.h"
+#include "pkcs11_rng.h"
+#include "pkcs11_dh.h"
typedef struct private_pkcs11_plugin_t private_pkcs11_plugin_t;
@@ -52,6 +58,16 @@ struct private_pkcs11_plugin_t {
* mutex to lock list
*/
mutex_t *mutex;
+
+ /**
+ * TRUE if events from tokens are to be handled
+ */
+ bool handle_events;
+
+ /**
+ * Lock for the above flag
+ */
+ rwlock_t *handle_events_lock;
};
/**
@@ -61,9 +77,10 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
CK_SLOT_ID slot, bool add)
{
enumerator_t *enumerator;
- pkcs11_creds_t *creds, *found = NULL;;
+ pkcs11_creds_t *creds, *found = NULL;
- if (add)
+ this->handle_events_lock->read_lock(this->handle_events_lock);
+ if (add && this->handle_events)
{
creds = pkcs11_creds_create(p11, slot);
if (creds)
@@ -74,7 +91,7 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
lib->credmgr->add_set(lib->credmgr, &creds->set);
}
}
- else
+ else if (this->handle_events)
{
this->mutex->lock(this->mutex);
enumerator = this->creds->create_enumerator(this->creds);
@@ -99,6 +116,7 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
lib->credmgr->flush_cache(lib->credmgr, CERT_X509);
}
}
+ this->handle_events_lock->unlock(this->handle_events_lock);
}
METHOD(plugin_t, get_name, char*,
@@ -107,23 +125,158 @@ METHOD(plugin_t, get_name, char*,
return "pkcs11";
}
-METHOD(plugin_t, destroy, void,
- private_pkcs11_plugin_t *this)
+/**
+ * Load/unload certificates from tokens.
+ */
+static bool handle_certs(private_pkcs11_plugin_t *this,
+ plugin_feature_t *feature, bool reg, void *data)
{
- pkcs11_creds_t *creds;
+ this->handle_events_lock->write_lock(this->handle_events_lock);
+ this->handle_events = reg;
+ this->handle_events_lock->unlock(this->handle_events_lock);
+
+ if (reg)
+ {
+ enumerator_t *enumerator;
+ pkcs11_library_t *p11;
+ CK_SLOT_ID slot;
+
+ enumerator = this->manager->create_token_enumerator(this->manager);
+ while (enumerator->enumerate(enumerator, &p11, &slot))
+ {
+ token_event_cb(this, p11, slot, TRUE);
+ }
+ enumerator->destroy(enumerator);
+ }
+ else
+ {
+ pkcs11_creds_t *creds;
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)pkcs11_private_key_connect);
- while (this->creds->remove_last(this->creds, (void**)&creds) == SUCCESS)
+ while (this->creds->remove_last(this->creds, (void**)&creds) == SUCCESS)
+ {
+ lib->credmgr->remove_set(lib->credmgr, &creds->set);
+ creds->destroy(creds);
+ }
+ }
+ return TRUE;
+}
+/**
+ * Add a set of features
+ */
+static inline void add_features(plugin_feature_t *f, plugin_feature_t *n,
+ int count, int *pos)
+{
+ int i;
+ for (i = 0; i < count; i++)
{
- lib->credmgr->remove_set(lib->credmgr, &creds->set);
- creds->destroy(creds);
+ f[(*pos)++] = n[i];
}
- lib->crypto->remove_hasher(lib->crypto,
- (hasher_constructor_t)pkcs11_hasher_create);
- this->creds->destroy(this->creds);
+}
+
+METHOD(plugin_t, get_features, int,
+ private_pkcs11_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f_hash[] = {
+ PLUGIN_REGISTER(HASHER, pkcs11_hasher_create),
+ PLUGIN_PROVIDE(HASHER, HASH_MD2),
+ PLUGIN_PROVIDE(HASHER, HASH_MD5),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA1),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA256),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA384),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA512),
+ };
+ static plugin_feature_t f_dh[] = {
+ PLUGIN_REGISTER(DH, pkcs11_dh_create),
+ PLUGIN_PROVIDE(DH, MODP_2048_BIT),
+ PLUGIN_PROVIDE(DH, MODP_2048_224),
+ PLUGIN_PROVIDE(DH, MODP_2048_256),
+ PLUGIN_PROVIDE(DH, MODP_1536_BIT),
+ PLUGIN_PROVIDE(DH, MODP_3072_BIT),
+ PLUGIN_PROVIDE(DH, MODP_4096_BIT),
+ PLUGIN_PROVIDE(DH, MODP_6144_BIT),
+ PLUGIN_PROVIDE(DH, MODP_8192_BIT),
+ PLUGIN_PROVIDE(DH, MODP_1024_BIT),
+ PLUGIN_PROVIDE(DH, MODP_1024_160),
+ PLUGIN_PROVIDE(DH, MODP_768_BIT),
+ PLUGIN_PROVIDE(DH, MODP_CUSTOM),
+ };
+ static plugin_feature_t f_ecdh[] = {
+ PLUGIN_REGISTER(DH, pkcs11_dh_create),
+ PLUGIN_PROVIDE(DH, ECP_192_BIT),
+ PLUGIN_PROVIDE(DH, ECP_224_BIT),
+ PLUGIN_PROVIDE(DH, ECP_256_BIT),
+ PLUGIN_PROVIDE(DH, ECP_384_BIT),
+ PLUGIN_PROVIDE(DH, ECP_521_BIT),
+ };
+ static plugin_feature_t f_rng[] = {
+ PLUGIN_REGISTER(RNG, pkcs11_rng_create),
+ PLUGIN_PROVIDE(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(RNG, RNG_TRUE),
+ };
+ static plugin_feature_t f_privkey[] = {
+ PLUGIN_REGISTER(PRIVKEY, pkcs11_private_key_connect, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ANY),
+ };
+ static plugin_feature_t f_pubkey[] = {
+ PLUGIN_REGISTER(PUBKEY, pkcs11_public_key_load, TRUE),
+ PLUGIN_PROVIDE(PUBKEY, KEY_RSA),
+ PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA),
+ };
+ static plugin_feature_t f_manager[] = {
+ PLUGIN_CALLBACK((plugin_feature_callback_t)handle_certs, NULL),
+ PLUGIN_PROVIDE(CUSTOM, "pkcs11-certs"),
+ PLUGIN_DEPENDS(CERT_DECODE, CERT_X509),
+ };
+ static plugin_feature_t f[countof(f_hash) + countof(f_dh) + countof(f_rng) +
+ countof(f_ecdh) + countof(f_privkey) +
+ countof(f_pubkey) + countof(f_manager)] = {};
+ static int count = 0;
+
+ if (!count)
+ { /* initialize only once */
+ bool use_ecc = lib->settings->get_bool(lib->settings,
+ "libstrongswan.plugins.pkcs11.use_ecc", FALSE);
+ add_features(f, f_manager, countof(f_manager), &count);
+ /* private key handling for EC keys is not disabled by use_ecc */
+ add_features(f, f_privkey, countof(f_privkey), &count);
+ if (lib->settings->get_bool(lib->settings,
+ "libstrongswan.plugins.pkcs11.use_pubkey", FALSE))
+ {
+ add_features(f, f_pubkey, countof(f_pubkey) - (use_ecc ? 0 : 1),
+ &count);
+ }
+ if (lib->settings->get_bool(lib->settings,
+ "libstrongswan.plugins.pkcs11.use_hasher", FALSE))
+ {
+ add_features(f, f_hash, countof(f_hash), &count);
+ }
+ if (lib->settings->get_bool(lib->settings,
+ "libstrongswan.plugins.pkcs11.use_rng", FALSE))
+ {
+ add_features(f, f_rng, countof(f_rng), &count);
+ }
+ if (lib->settings->get_bool(lib->settings,
+ "libstrongswan.plugins.pkcs11.use_dh", FALSE))
+ {
+ add_features(f, f_dh, countof(f_dh), &count);
+ if (use_ecc)
+ {
+ add_features(f, f_ecdh, countof(f_ecdh), &count);
+ }
+ }
+ }
+ *features = f;
+ return count;
+}
+
+METHOD(plugin_t, destroy, void,
+ private_pkcs11_plugin_t *this)
+{
+ lib->set(lib, "pkcs11-manager", NULL);
this->manager->destroy(this->manager);
+ this->creds->destroy(this->creds);
this->mutex->destroy(this->mutex);
+ this->handle_events_lock->destroy(this->handle_events_lock);
free(this);
}
@@ -133,52 +286,22 @@ METHOD(plugin_t, destroy, void,
plugin_t *pkcs11_plugin_create()
{
private_pkcs11_plugin_t *this;
- enumerator_t *enumerator;
- pkcs11_library_t *p11;
- CK_SLOT_ID slot;
INIT(this,
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
.creds = linked_list_create(),
.mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .handle_events_lock = rwlock_create(RWLOCK_TYPE_DEFAULT),
);
this->manager = pkcs11_manager_create((void*)token_event_cb, this);
-
- if (lib->settings->get_bool(lib->settings,
- "libstrongswan.plugins.pkcs11.use_hasher", FALSE))
- {
- lib->crypto->add_hasher(lib->crypto, HASH_MD2, get_name(this),
- (hasher_constructor_t)pkcs11_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this),
- (hasher_constructor_t)pkcs11_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this),
- (hasher_constructor_t)pkcs11_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this),
- (hasher_constructor_t)pkcs11_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this),
- (hasher_constructor_t)pkcs11_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this),
- (hasher_constructor_t)pkcs11_hasher_create);
- }
-
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
- (builder_function_t)pkcs11_private_key_connect);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE,
- (builder_function_t)pkcs11_public_key_load);
-
- enumerator = this->manager->create_token_enumerator(this->manager);
- while (enumerator->enumerate(enumerator, &p11, &slot))
- {
- token_event_cb(this, p11, slot, TRUE);
- }
- enumerator->destroy(enumerator);
+ lib->set(lib, "pkcs11-manager", this->manager);
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
index b4cc7a805..b616abc38 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -19,7 +22,6 @@
#include "pkcs11_manager.h"
#include <debug.h>
-#include <threading/mutex.h>
typedef struct private_pkcs11_private_key_t private_pkcs11_private_key_t;
@@ -39,14 +41,14 @@ struct private_pkcs11_private_key_t {
pkcs11_library_t *lib;
/**
- * Token session
+ * Slot the token is in
*/
- CK_SESSION_HANDLE session;
+ CK_SLOT_ID slot;
/**
- * Mutex to lock session
+ * Token session
*/
- mutex_t *mutex;
+ CK_SESSION_HANDLE session;
/**
* Key object on the token
@@ -72,12 +74,24 @@ struct private_pkcs11_private_key_t {
* References to this key
*/
refcount_t ref;
+
+ /**
+ * Type of this private key
+ */
+ key_type_t type;
};
+/**
+ * Implemented in pkcs11_public_key.c
+ */
+public_key_t *pkcs11_public_key_connect(pkcs11_library_t *p11,
+ int slot, key_type_t type, chunk_t keyid);
+
+
METHOD(private_key_t, get_type, key_type_t,
private_pkcs11_private_key_t *this)
{
- return this->pubkey->get_type(this->pubkey);
+ return this->type;
}
METHOD(private_key_t, get_keysize, int,
@@ -89,18 +103,45 @@ METHOD(private_key_t, get_keysize, int,
/**
* See header.
*/
-CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme)
+CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme,
+ key_type_t type, size_t keylen,
+ hash_algorithm_t *hash)
{
static struct {
signature_scheme_t scheme;
CK_MECHANISM mechanism;
+ key_type_t type;
+ size_t keylen;
+ hash_algorithm_t hash;
} mappings[] = {
- {SIGN_RSA_EMSA_PKCS1_NULL, {CKM_RSA_PKCS, NULL, 0}},
- {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0}},
- {SIGN_RSA_EMSA_PKCS1_SHA256, {CKM_SHA256_RSA_PKCS, NULL, 0}},
- {SIGN_RSA_EMSA_PKCS1_SHA384, {CKM_SHA384_RSA_PKCS, NULL, 0}},
- {SIGN_RSA_EMSA_PKCS1_SHA512, {CKM_SHA512_RSA_PKCS, NULL, 0}},
- {SIGN_RSA_EMSA_PKCS1_MD5, {CKM_MD5_RSA_PKCS, NULL, 0}},
+ {SIGN_RSA_EMSA_PKCS1_NULL, {CKM_RSA_PKCS, NULL, 0},
+ KEY_RSA, 0, HASH_UNKNOWN},
+ {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0},
+ KEY_RSA, 0, HASH_UNKNOWN},
+ {SIGN_RSA_EMSA_PKCS1_SHA256, {CKM_SHA256_RSA_PKCS, NULL, 0},
+ KEY_RSA, 0, HASH_UNKNOWN},
+ {SIGN_RSA_EMSA_PKCS1_SHA384, {CKM_SHA384_RSA_PKCS, NULL, 0},
+ KEY_RSA, 0, HASH_UNKNOWN},
+ {SIGN_RSA_EMSA_PKCS1_SHA512, {CKM_SHA512_RSA_PKCS, NULL, 0},
+ KEY_RSA, 0, HASH_UNKNOWN},
+ {SIGN_RSA_EMSA_PKCS1_MD5, {CKM_MD5_RSA_PKCS, NULL, 0},
+ KEY_RSA, 0, HASH_UNKNOWN},
+ {SIGN_ECDSA_WITH_NULL, {CKM_ECDSA, NULL, 0},
+ KEY_ECDSA, 0, HASH_UNKNOWN},
+ {SIGN_ECDSA_WITH_SHA1_DER, {CKM_ECDSA_SHA1, NULL, 0},
+ KEY_ECDSA, 0, HASH_UNKNOWN},
+ {SIGN_ECDSA_WITH_SHA256_DER, {CKM_ECDSA, NULL, 0},
+ KEY_ECDSA, 0, HASH_SHA256},
+ {SIGN_ECDSA_WITH_SHA384_DER, {CKM_ECDSA, NULL, 0},
+ KEY_ECDSA, 0, HASH_SHA384},
+ {SIGN_ECDSA_WITH_SHA512_DER, {CKM_ECDSA, NULL, 0},
+ KEY_ECDSA, 0, HASH_SHA512},
+ {SIGN_ECDSA_256, {CKM_ECDSA, NULL, 0},
+ KEY_ECDSA, 256, HASH_SHA256},
+ {SIGN_ECDSA_384, {CKM_ECDSA, NULL, 0},
+ KEY_ECDSA, 384, HASH_SHA384},
+ {SIGN_ECDSA_521, {CKM_ECDSA, NULL, 0},
+ KEY_ECDSA, 521, HASH_SHA512},
};
int i;
@@ -108,6 +149,15 @@ CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme)
{
if (mappings[i].scheme == scheme)
{
+ size_t len = mappings[i].keylen;
+ if (mappings[i].type != type || (len && keylen != len))
+ {
+ return NULL;
+ }
+ if (hash)
+ {
+ *hash = mappings[i].hash;
+ }
return &mappings[i].mechanism;
}
}
@@ -141,7 +191,8 @@ CK_MECHANISM_PTR pkcs11_encryption_scheme_to_mech(encryption_scheme_t scheme)
/**
* Reauthenticate to do a signature
*/
-static bool reauth(private_pkcs11_private_key_t *this)
+static bool reauth(private_pkcs11_private_key_t *this,
+ CK_SESSION_HANDLE session)
{
enumerator_t *enumerator;
shared_key_t *shared;
@@ -155,7 +206,7 @@ static bool reauth(private_pkcs11_private_key_t *this)
{
found = TRUE;
pin = shared->get_key(shared);
- rv = this->lib->f->C_Login(this->session, CKU_CONTEXT_SPECIFIC,
+ rv = this->lib->f->C_Login(session, CKU_CONTEXT_SPECIFIC,
pin.ptr, pin.len);
if (rv == CKR_OK)
{
@@ -179,33 +230,61 @@ METHOD(private_key_t, sign, bool,
chunk_t data, chunk_t *signature)
{
CK_MECHANISM_PTR mechanism;
+ CK_SESSION_HANDLE session;
CK_BYTE_PTR buf;
CK_ULONG len;
CK_RV rv;
+ hash_algorithm_t hash_alg;
+ chunk_t hash = chunk_empty;
- mechanism = pkcs11_signature_scheme_to_mech(scheme);
+ mechanism = pkcs11_signature_scheme_to_mech(scheme, this->type,
+ get_keysize(this), &hash_alg);
if (!mechanism)
{
DBG1(DBG_LIB, "signature scheme %N not supported",
signature_scheme_names, scheme);
return FALSE;
}
- this->mutex->lock(this->mutex);
- rv = this->lib->f->C_SignInit(this->session, mechanism, this->object);
- if (this->reauth && !reauth(this))
+ rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
+ if (rv != CKR_OK)
{
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ rv = this->lib->f->C_SignInit(session, mechanism, this->object);
+ if (this->reauth && !reauth(this, session))
+ {
+ this->lib->f->C_CloseSession(session);
return FALSE;
}
if (rv != CKR_OK)
{
- this->mutex->unlock(this->mutex);
+ this->lib->f->C_CloseSession(session);
DBG1(DBG_LIB, "C_SignInit() failed: %N", ck_rv_names, rv);
return FALSE;
}
+ if (hash_alg != HASH_UNKNOWN)
+ {
+ hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
+ if (!hasher)
+ {
+ this->lib->f->C_CloseSession(session);
+ return FALSE;
+ }
+ hasher->allocate_hash(hasher, data, &hash);
+ hasher->destroy(hasher);
+ data = hash;
+ }
len = (get_keysize(this) + 7) / 8;
+ if (this->type == KEY_ECDSA)
+ { /* signature is twice the length of the base point order */
+ len *= 2;
+ }
buf = malloc(len);
- rv = this->lib->f->C_Sign(this->session, data.ptr, data.len, buf, &len);
- this->mutex->unlock(this->mutex);
+ rv = this->lib->f->C_Sign(session, data.ptr, data.len, buf, &len);
+ this->lib->f->C_CloseSession(session);
+ chunk_free(&hash);
if (rv != CKR_OK)
{
DBG1(DBG_LIB, "C_Sign() failed: %N", ck_rv_names, rv);
@@ -221,6 +300,7 @@ METHOD(private_key_t, decrypt, bool,
chunk_t crypt, chunk_t *plain)
{
CK_MECHANISM_PTR mechanism;
+ CK_SESSION_HANDLE session;
CK_BYTE_PTR buf;
CK_ULONG len;
CK_RV rv;
@@ -232,22 +312,29 @@ METHOD(private_key_t, decrypt, bool,
encryption_scheme_names, scheme);
return FALSE;
}
- this->mutex->lock(this->mutex);
- rv = this->lib->f->C_DecryptInit(this->session, mechanism, this->object);
- if (this->reauth && !reauth(this))
+ rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
+ if (rv != CKR_OK)
{
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ rv = this->lib->f->C_DecryptInit(session, mechanism, this->object);
+ if (this->reauth && !reauth(this, session))
+ {
+ this->lib->f->C_CloseSession(session);
return FALSE;
}
if (rv != CKR_OK)
{
- this->mutex->unlock(this->mutex);
+ this->lib->f->C_CloseSession(session);
DBG1(DBG_LIB, "C_DecryptInit() failed: %N", ck_rv_names, rv);
return FALSE;
}
len = (get_keysize(this) + 7) / 8;
buf = malloc(len);
- rv = this->lib->f->C_Decrypt(this->session, crypt.ptr, crypt.len, buf, &len);
- this->mutex->unlock(this->mutex);
+ rv = this->lib->f->C_Decrypt(session, crypt.ptr, crypt.len, buf, &len);
+ this->lib->f->C_CloseSession(session);
if (rv != CKR_OK)
{
DBG1(DBG_LIB, "C_Decrypt() failed: %N", ck_rv_names, rv);
@@ -294,7 +381,6 @@ METHOD(private_key_t, destroy, void,
{
this->pubkey->destroy(this->pubkey);
}
- this->mutex->destroy(this->mutex);
this->keyid->destroy(this->keyid);
this->lib->f->C_CloseSession(this->session);
free(this);
@@ -311,7 +397,7 @@ static pkcs11_library_t* find_lib(char *module)
pkcs11_library_t *p11, *found = NULL;
CK_SLOT_ID slot;
- manager = pkcs11_manager_get();
+ manager = lib->get(lib, "pkcs11-manager");
if (!manager)
{
return NULL;
@@ -339,7 +425,7 @@ static pkcs11_library_t* find_lib_by_keyid(chunk_t keyid, int *slot)
pkcs11_library_t *p11, *found = NULL;
CK_SLOT_ID current;
- manager = pkcs11_manager_get();
+ manager = lib->get(lib, "pkcs11-manager");
if (!manager)
{
return NULL;
@@ -404,13 +490,11 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid)
CK_BBOOL reauth = FALSE;
CK_ATTRIBUTE attr[] = {
{CKA_KEY_TYPE, &type, sizeof(type)},
- {CKA_MODULUS, NULL, 0},
- {CKA_PUBLIC_EXPONENT, NULL, 0},
{CKA_ALWAYS_AUTHENTICATE, &reauth, sizeof(reauth)},
};
enumerator_t *enumerator;
- chunk_t modulus, pubexp;
int count = countof(attr);
+ bool found = FALSE;
/* do not use CKA_ALWAYS_AUTHENTICATE if not supported */
if (!(this->lib->get_features(this->lib) & PKCS11_ALWAYS_AUTH_KEYS))
@@ -421,26 +505,16 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid)
this->session, tmpl, countof(tmpl), attr, count);
if (enumerator->enumerate(enumerator, &object))
{
+ this->type = KEY_RSA;
switch (type)
{
+ case CKK_ECDSA:
+ this->type = KEY_ECDSA;
+ /* fall-through */
case CKK_RSA:
- if (attr[1].ulValueLen == -1 || attr[2].ulValueLen == -1)
- {
- DBG1(DBG_CFG, "reading modulus/exponent from PKCS#1 failed");
- break;
- }
- modulus = chunk_create(attr[1].pValue, attr[1].ulValueLen);
- pubexp = chunk_create(attr[2].pValue, attr[2].ulValueLen);
- this->pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
- KEY_RSA, BUILD_RSA_MODULUS, modulus,
- BUILD_RSA_PUB_EXP, pubexp, BUILD_END);
- if (!this->pubkey)
- {
- DBG1(DBG_CFG, "extracting public key from PKCS#11 RSA "
- "private key failed");
- }
this->reauth = reauth;
this->object = object;
+ found = TRUE;
break;
default:
DBG1(DBG_CFG, "PKCS#11 key type %d not supported", type);
@@ -448,7 +522,7 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid)
}
}
enumerator->destroy(enumerator);
- return this->pubkey != NULL;
+ return found;
}
/**
@@ -587,7 +661,7 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
return NULL;
}
- this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ this->slot = slot;
this->keyid = identification_create_from_encoding(ID_KEY_ID, keyid);
if (!login(this, slot))
@@ -602,5 +676,13 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
return NULL;
}
+ this->pubkey = pkcs11_public_key_connect(this->lib, slot, this->type,
+ keyid);
+ if (!this->pubkey)
+ {
+ destroy(this);
+ return NULL;
+ }
+
return &this->public;
}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h
index 428913f0a..6d3a9556e 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -46,14 +49,23 @@ struct pkcs11_private_key_t {
*
* @param type type of the key
* @param args builder_part_t argument list
- * @return loaded key, NULL on failure
+ * @return loaded key, NULL on failure
*/
pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args);
/**
* Get the Cryptoki mechanism for a signature scheme.
+ *
+ * Verifies that the given key is usable for this scheme.
+ *
+ * @param scheme signature scheme
+ * @param type key type
+ * @param keylen key length in bits
+ * @param hash hash algorithm to apply first (HASH_UNKNOWN if none)
*/
-CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme);
+CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme,
+ key_type_t type, size_t keylen,
+ hash_algorithm_t *hash);
/**
* Get the Cryptoki mechanism for a encryption scheme.
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
index 8d32d9a3f..d4ec9235d 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
@@ -1,4 +1,7 @@
/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
* Copyright (C) 2010 Martin Willi
* Copyright (C) 2010 revosec AG
*
@@ -19,8 +22,10 @@
#include "pkcs11_private_key.h"
#include "pkcs11_manager.h"
+#include <asn1/oid.h>
+#include <asn1/asn1.h>
+#include <asn1/asn1_parser.h>
#include <debug.h>
-#include <threading/mutex.h>
typedef struct private_pkcs11_public_key_t private_pkcs11_public_key_t;
@@ -40,7 +45,7 @@ struct private_pkcs11_public_key_t {
key_type_t type;
/**
- * Key size in bytes
+ * Key size in bits
*/
size_t k;
@@ -65,16 +70,121 @@ struct private_pkcs11_public_key_t {
CK_OBJECT_HANDLE object;
/**
- * Mutex to lock session
- */
- mutex_t *mutex;
-
- /**
* References to this key
*/
refcount_t ref;
};
+/**
+ * Helper function that returns the base point order length in bits of the
+ * given named curve.
+ *
+ * Currently only a subset of defined curves is supported (namely the 5 curves
+ * over Fp recommended by NIST). IKEv2 only supports 3 out of these.
+ *
+ * 0 is returned if the given curve is not supported.
+ */
+static size_t basepoint_order_len(int oid)
+{
+ switch (oid)
+ {
+ case OID_PRIME192V1:
+ return 192;
+ case OID_SECT224R1:
+ return 224;
+ case OID_PRIME256V1:
+ return 256;
+ case OID_SECT384R1:
+ return 384;
+ case OID_SECT521R1:
+ return 521;
+ default:
+ return 0;
+ }
+}
+
+/**
+ * Parses the given ecParameters (ASN.1) and returns the key length.
+ */
+static bool keylen_from_ecparams(chunk_t ecparams, size_t *keylen)
+{
+ if (!asn1_parse_simple_object(&ecparams, ASN1_OID, 0, "named curve"))
+ {
+ return FALSE;
+ }
+ *keylen = basepoint_order_len(asn1_known_oid(ecparams));
+ return *keylen > 0;
+}
+
+/**
+ * ASN.1 definition of a subjectPublicKeyInfo structure when used with ECDSA
+ * we currently only support named curves.
+ */
+static const asn1Object_t pkinfoObjects[] = {
+ { 0, "subjectPublicKeyInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
+ { 2, "algorithm", ASN1_OID, ASN1_BODY }, /* 2 */
+ { 2, "namedCurve", ASN1_OID, ASN1_RAW }, /* 3 */
+ { 1, "subjectPublicKey", ASN1_BIT_STRING, ASN1_BODY }, /* 4 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+#define PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM 2
+#define PKINFO_SUBJECT_PUBLIC_KEY_NAMEDCURVE 3
+#define PKINFO_SUBJECT_PUBLIC_KEY 4
+
+/**
+ * Extract the DER encoded Parameters and ECPoint from the given DER encoded
+ * subjectPublicKeyInfo.
+ */
+static bool parse_ecdsa_public_key(chunk_t blob, chunk_t *ecparams,
+ chunk_t *ecpoint, size_t *keylen)
+{
+ asn1_parser_t *parser;
+ chunk_t object;
+ int objectID;
+ bool success = FALSE;
+
+ parser = asn1_parser_create(pkinfoObjects, blob);
+
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ switch (objectID)
+ {
+ case PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM:
+ {
+ if (asn1_known_oid(object) != OID_EC_PUBLICKEY)
+ {
+ goto end;
+ }
+ break;
+ }
+ case PKINFO_SUBJECT_PUBLIC_KEY_NAMEDCURVE:
+ {
+ *ecparams = object;
+ if (!keylen_from_ecparams(object, keylen))
+ {
+ goto end;
+ }
+ break;
+ }
+ case PKINFO_SUBJECT_PUBLIC_KEY:
+ {
+ if (object.len > 0 && *object.ptr == 0x00)
+ { /* skip initial bit string octet defining 0 unused bits */
+ object = chunk_skip(object, 1);
+ }
+ *ecpoint = object;
+ break;
+ }
+ }
+ }
+ success = parser->success(parser);
+end:
+ parser->destroy(parser);
+ return success;
+}
+
+
METHOD(public_key_t, get_type, key_type_t,
private_pkcs11_public_key_t *this)
{
@@ -84,7 +194,7 @@ METHOD(public_key_t, get_type, key_type_t,
METHOD(public_key_t, get_keysize, int,
private_pkcs11_public_key_t *this)
{
- return this->k * 8;
+ return this->k;
}
METHOD(public_key_t, verify, bool,
@@ -92,9 +202,13 @@ METHOD(public_key_t, verify, bool,
chunk_t data, chunk_t sig)
{
CK_MECHANISM_PTR mechanism;
+ CK_SESSION_HANDLE session;
CK_RV rv;
+ hash_algorithm_t hash_alg;
+ chunk_t hash = chunk_empty;
- mechanism = pkcs11_signature_scheme_to_mech(scheme);
+ mechanism = pkcs11_signature_scheme_to_mech(scheme, this->type, this->k,
+ &hash_alg);
if (!mechanism)
{
DBG1(DBG_LIB, "signature scheme %N not supported",
@@ -105,17 +219,35 @@ METHOD(public_key_t, verify, bool,
{ /* trim leading zero byte in sig */
sig = chunk_skip(sig, 1);
}
- this->mutex->lock(this->mutex);
- rv = this->lib->f->C_VerifyInit(this->session, mechanism, this->object);
+ rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
if (rv != CKR_OK)
{
- this->mutex->unlock(this->mutex);
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ rv = this->lib->f->C_VerifyInit(session, mechanism, this->object);
+ if (rv != CKR_OK)
+ {
+ this->lib->f->C_CloseSession(session);
DBG1(DBG_LIB, "C_VerifyInit() failed: %N", ck_rv_names, rv);
return FALSE;
}
- rv = this->lib->f->C_Verify(this->session, data.ptr, data.len,
- sig.ptr, sig.len);
- this->mutex->unlock(this->mutex);
+ if (hash_alg != HASH_UNKNOWN)
+ {
+ hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, hash_alg);
+ if (!hasher)
+ {
+ this->lib->f->C_CloseSession(session);
+ return FALSE;
+ }
+ hasher->allocate_hash(hasher, data, &hash);
+ hasher->destroy(hasher);
+ data = hash;
+ }
+ rv = this->lib->f->C_Verify(session, data.ptr, data.len, sig.ptr, sig.len);
+ this->lib->f->C_CloseSession(session);
+ chunk_free(&hash);
if (rv != CKR_OK)
{
DBG1(DBG_LIB, "C_Verify() failed: %N", ck_rv_names, rv);
@@ -129,6 +261,7 @@ METHOD(public_key_t, encrypt, bool,
chunk_t plain, chunk_t *crypt)
{
CK_MECHANISM_PTR mechanism;
+ CK_SESSION_HANDLE session;
CK_BYTE_PTR buf;
CK_ULONG len;
CK_RV rv;
@@ -140,18 +273,24 @@ METHOD(public_key_t, encrypt, bool,
encryption_scheme_names, scheme);
return FALSE;
}
- this->mutex->lock(this->mutex);
- rv = this->lib->f->C_EncryptInit(this->session, mechanism, this->object);
+ rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
if (rv != CKR_OK)
{
- this->mutex->unlock(this->mutex);
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ rv = this->lib->f->C_EncryptInit(session, mechanism, this->object);
+ if (rv != CKR_OK)
+ {
+ this->lib->f->C_CloseSession(session);
DBG1(DBG_LIB, "C_EncryptInit() failed: %N", ck_rv_names, rv);
return FALSE;
}
len = (get_keysize(this) + 7) / 8;
buf = malloc(len);
- rv = this->lib->f->C_Encrypt(this->session, plain.ptr, plain.len, buf, &len);
- this->mutex->unlock(this->mutex);
+ rv = this->lib->f->C_Encrypt(session, plain.ptr, plain.len, buf, &len);
+ this->lib->f->C_CloseSession(session);
if (rv != CKR_OK)
{
DBG1(DBG_LIB, "C_Encrypt() failed: %N", ck_rv_names, rv);
@@ -163,40 +302,119 @@ METHOD(public_key_t, encrypt, bool,
}
/**
+ * Encode ECDSA key using a given encoding type
+ */
+static bool encode_ecdsa(private_pkcs11_public_key_t *this,
+ cred_encoding_type_t type, chunk_t *encoding)
+{
+ enumerator_t *enumerator;
+ bool success = FALSE;
+ CK_ATTRIBUTE attr[] = {
+ {CKA_EC_PARAMS, NULL, 0},
+ {CKA_EC_POINT, NULL, 0},
+ };
+
+ if (type != PUBKEY_SPKI_ASN1_DER && type != PUBKEY_PEM)
+ {
+ return FALSE;
+ }
+
+ enumerator = this->lib->create_object_attr_enumerator(this->lib,
+ this->session, this->object, attr, countof(attr));
+ if (enumerator && enumerator->enumerate(enumerator, NULL) &&
+ attr[0].ulValueLen > 0 && attr[1].ulValueLen > 0)
+ {
+ chunk_t ecparams, ecpoint;
+ ecparams = chunk_create(attr[0].pValue, attr[0].ulValueLen);
+ ecpoint = chunk_create(attr[1].pValue, attr[1].ulValueLen);
+ /* encode as subjectPublicKeyInfo */
+ *encoding = asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_wrap(ASN1_SEQUENCE, "mc",
+ asn1_build_known_oid(OID_EC_PUBLICKEY), ecparams),
+ asn1_bitstring("c", ecpoint));
+ success = TRUE;
+ if (type == PUBKEY_PEM)
+ {
+ chunk_t asn1 = *encoding;
+ success = lib->encoding->encode(lib->encoding, PUBKEY_PEM,
+ NULL, encoding, CRED_PART_ECDSA_PUB_ASN1_DER,
+ asn1, CRED_PART_END);
+ chunk_clear(&asn1);
+ }
+ }
+ DESTROY_IF(enumerator);
+ return success;
+}
+
+/**
+ * Compute fingerprint of an ECDSA key
+ */
+static bool fingerprint_ecdsa(private_pkcs11_public_key_t *this,
+ cred_encoding_type_t type, chunk_t *fp)
+{
+ hasher_t *hasher;
+ chunk_t asn1;
+
+ switch (type)
+ {
+ case KEYID_PUBKEY_SHA1:
+ if (!this->lib->get_ck_attribute(this->lib, this->session,
+ this->object, CKA_EC_POINT, &asn1))
+ {
+ return FALSE;
+ }
+ break;
+ case KEYID_PUBKEY_INFO_SHA1:
+ if (!encode_ecdsa(this, PUBKEY_SPKI_ASN1_DER, &asn1))
+ {
+ return FALSE;
+ }
+ break;
+ default:
+ return FALSE;
+ }
+ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+ if (!hasher)
+ {
+ chunk_clear(&asn1);
+ return FALSE;
+ }
+ hasher->allocate_hash(hasher, asn1, fp);
+ hasher->destroy(hasher);
+ chunk_clear(&asn1);
+ lib->encoding->cache(lib->encoding, type, this, *fp);
+ return TRUE;
+}
+
+/**
* Encode RSA key using a given encoding type
*/
static bool encode_rsa(private_pkcs11_public_key_t *this,
cred_encoding_type_t type, void *cache, chunk_t *encoding)
{
- CK_RV rv;
+ enumerator_t *enumerator;
bool success = FALSE;
- chunk_t n, e;
CK_ATTRIBUTE attr[] = {
{CKA_MODULUS, NULL, 0},
{CKA_PUBLIC_EXPONENT, NULL, 0},
};
- rv = this->lib->f->C_GetAttributeValue(this->session, this->object,
- attr, countof(attr));
- if (rv != CKR_OK ||
- attr[0].ulValueLen == 0 || attr[0].ulValueLen == -1 ||
- attr[1].ulValueLen == 0 || attr[1].ulValueLen == -1)
- {
- return FALSE;
- }
- attr[0].pValue = malloc(attr[0].ulValueLen);
- attr[1].pValue = malloc(attr[1].ulValueLen);
- rv = this->lib->f->C_GetAttributeValue(this->session, this->object,
- attr, countof(attr));
- if (rv == CKR_OK)
+ enumerator = this->lib->create_object_attr_enumerator(this->lib,
+ this->session, this->object, attr, countof(attr));
+ if (enumerator && enumerator->enumerate(enumerator, NULL) &&
+ attr[0].ulValueLen > 0 && attr[1].ulValueLen > 0)
{
+ chunk_t n, e;
n = chunk_create(attr[0].pValue, attr[0].ulValueLen);
+ if (n.ptr[0] & 0x80)
+ { /* add leading 0x00, encoders expect it already like this */
+ n = chunk_cata("cc", chunk_from_chars(0x00), n);
+ }
e = chunk_create(attr[1].pValue, attr[1].ulValueLen);
success = lib->encoding->encode(lib->encoding, type, cache, encoding,
CRED_PART_RSA_MODULUS, n, CRED_PART_RSA_PUB_EXP, e, CRED_PART_END);
}
- free(attr[0].pValue);
- free(attr[1].pValue);
+ DESTROY_IF(enumerator);
return success;
}
@@ -208,6 +426,8 @@ METHOD(public_key_t, get_encoding, bool,
{
case KEY_RSA:
return encode_rsa(this, type, NULL, encoding);
+ case KEY_ECDSA:
+ return encode_ecdsa(this, type, encoding);
default:
return FALSE;
}
@@ -224,6 +444,8 @@ METHOD(public_key_t, get_fingerprint, bool,
{
case KEY_RSA:
return encode_rsa(this, type, this, fp);
+ case KEY_ECDSA:
+ return fingerprint_ecdsa(this, type, fp);
default:
return FALSE;
}
@@ -243,7 +465,6 @@ METHOD(public_key_t, destroy, void,
{
lib->encoding->clear_cache(lib->encoding, this);
this->lib->f->C_CloseSession(this->session);
- this->mutex->destroy(this->mutex);
free(this);
}
}
@@ -278,7 +499,6 @@ static private_pkcs11_public_key_t *create(key_type_t type, size_t k,
.slot = slot,
.session = session,
.object = object,
- .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
.ref = 1,
);
@@ -288,7 +508,8 @@ static private_pkcs11_public_key_t *create(key_type_t type, size_t k,
/**
* Find a key object, including PKCS11 library and slot
*/
-static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e)
+static private_pkcs11_public_key_t* find_key(key_type_t type, size_t keylen,
+ CK_ATTRIBUTE_PTR tmpl, int count)
{
private_pkcs11_public_key_t *this = NULL;
pkcs11_manager_t *manager;
@@ -296,7 +517,7 @@ static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e)
pkcs11_library_t *p11;
CK_SLOT_ID slot;
- manager = pkcs11_manager_get();
+ manager = lib->get(lib, "pkcs11-manager");
if (!manager)
{
return NULL;
@@ -305,14 +526,6 @@ static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e)
enumerator = manager->create_token_enumerator(manager);
while (enumerator->enumerate(enumerator, &p11, &slot))
{
- CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
- CK_KEY_TYPE type = CKK_RSA;
- CK_ATTRIBUTE tmpl[] = {
- {CKA_CLASS, &class, sizeof(class)},
- {CKA_KEY_TYPE, &type, sizeof(type)},
- {CKA_MODULUS, n.ptr, n.len},
- {CKA_PUBLIC_EXPONENT, e.ptr, e.len},
- };
CK_OBJECT_HANDLE object;
CK_SESSION_HANDLE session;
CK_RV rv;
@@ -324,11 +537,11 @@ static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e)
DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv);
continue;
}
- keys = p11->create_object_enumerator(p11, session,
- tmpl, countof(tmpl), NULL, 0);
+ keys = p11->create_object_enumerator(p11, session, tmpl, count,
+ NULL, 0);
if (keys->enumerate(keys, &object))
{
- this = create(KEY_RSA, n.len, p11, slot, session, object);
+ this = create(type, keylen, p11, slot, session, object);
keys->destroy(keys);
break;
}
@@ -340,9 +553,46 @@ static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e)
}
/**
+ * Find an RSA key object
+ */
+static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e,
+ size_t keylen)
+{
+ CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
+ CK_KEY_TYPE type = CKK_RSA;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_KEY_TYPE, &type, sizeof(type)},
+ {CKA_MODULUS, n.ptr, n.len},
+ {CKA_PUBLIC_EXPONENT, e.ptr, e.len},
+ };
+ return find_key(KEY_RSA, keylen, tmpl, countof(tmpl));
+}
+
+/**
+ * Find an ECDSA key object
+ */
+static private_pkcs11_public_key_t* find_ecdsa_key(chunk_t ecparams,
+ chunk_t ecpoint,
+ size_t keylen)
+{
+ CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
+ CK_KEY_TYPE type = CKK_ECDSA;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_KEY_TYPE, &type, sizeof(type)},
+ {CKA_EC_PARAMS, ecparams.ptr, ecparams.len},
+ {CKA_EC_POINT, ecpoint.ptr, ecpoint.len},
+ };
+ return find_key(KEY_ECDSA, keylen, tmpl, countof(tmpl));
+}
+
+/**
* Create a key object in a suitable token session
*/
-static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e)
+static private_pkcs11_public_key_t* create_key(key_type_t type, size_t keylen,
+ CK_MECHANISM_TYPE_PTR mechanisms, int mcount,
+ CK_ATTRIBUTE_PTR tmpl, int count)
{
private_pkcs11_public_key_t *this = NULL;
pkcs11_manager_t *manager;
@@ -350,7 +600,7 @@ static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e)
pkcs11_library_t *p11;
CK_SLOT_ID slot;
- manager = pkcs11_manager_get();
+ manager = lib->get(lib, "pkcs11-manager");
if (!manager)
{
return NULL;
@@ -361,14 +611,6 @@ static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e)
{
CK_MECHANISM_TYPE mech;
CK_MECHANISM_INFO info;
- CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
- CK_KEY_TYPE type = CKK_RSA;
- CK_ATTRIBUTE tmpl[] = {
- {CKA_CLASS, &class, sizeof(class)},
- {CKA_KEY_TYPE, &type, sizeof(type)},
- {CKA_MODULUS, n.ptr, n.len},
- {CKA_PUBLIC_EXPONENT, e.ptr, e.len}
- };
CK_OBJECT_HANDLE object;
CK_SESSION_HANDLE session;
CK_RV rv;
@@ -376,21 +618,23 @@ static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e)
mechs = p11->create_mechanism_enumerator(p11, slot);
while (mechs->enumerate(mechs, &mech, &info))
{
+ bool found = FALSE;
+ int i;
if (!(info.flags & CKF_VERIFY))
{
continue;
}
- switch (mech)
+ for (i = 0; i < mcount; i++)
{
- case CKM_RSA_PKCS:
- case CKM_SHA1_RSA_PKCS:
- case CKM_SHA256_RSA_PKCS:
- case CKM_SHA384_RSA_PKCS:
- case CKM_SHA512_RSA_PKCS:
- case CKM_MD5_RSA_PKCS:
+ if (mechanisms[i] == mech)
+ {
+ found = TRUE;
break;
- default:
- continue;
+ }
+ }
+ if (!found)
+ {
+ continue;
}
rv = p11->f->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL,
&session);
@@ -400,20 +644,21 @@ static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e)
ck_rv_names, rv);
continue;
}
- rv = p11->f->C_CreateObject(session, tmpl, countof(tmpl), &object);
+ rv = p11->f->C_CreateObject(session, tmpl, count, &object);
if (rv == CKR_OK)
{
- this = create(KEY_RSA, n.len, p11, slot, session, object);
- DBG2(DBG_CFG, "created RSA public key on token '%s':%d ",
- p11->get_name(p11), slot);
- break;
+ this = create(type, keylen, p11, slot, session, object);
+ DBG2(DBG_CFG, "created %N public key on token '%s':%d ",
+ key_type_names, type, p11->get_name(p11), slot);
}
else
{
- DBG1(DBG_CFG, "creating RSA public key on token '%s':%d "
- "failed: %N", p11->get_name(p11), slot, ck_rv_names, rv);
+ DBG1(DBG_CFG, "creating %N public key on token '%s':%d "
+ "failed: %N", key_type_names, type, p11->get_name(p11),
+ slot, ck_rv_names, rv);
p11->f->C_CloseSession(session);
}
+ break;
}
mechs->destroy(mechs);
if (this)
@@ -426,18 +671,71 @@ static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e)
}
/**
+ * Create an RSA key object in a suitable token session
+ */
+static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e,
+ size_t keylen)
+{
+ CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
+ CK_KEY_TYPE type = CKK_RSA;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_KEY_TYPE, &type, sizeof(type)},
+ {CKA_MODULUS, n.ptr, n.len},
+ {CKA_PUBLIC_EXPONENT, e.ptr, e.len},
+ };
+ CK_MECHANISM_TYPE mechs[] = {
+ CKM_RSA_PKCS,
+ CKM_SHA1_RSA_PKCS,
+ CKM_SHA256_RSA_PKCS,
+ CKM_SHA384_RSA_PKCS,
+ CKM_SHA512_RSA_PKCS,
+ CKM_MD5_RSA_PKCS,
+ };
+ return create_key(KEY_RSA, keylen, mechs, countof(mechs), tmpl,
+ countof(tmpl));
+}
+
+/**
+ * Create an ECDSA key object in a suitable token session
+ */
+static private_pkcs11_public_key_t* create_ecdsa_key(chunk_t ecparams,
+ chunk_t ecpoint,
+ size_t keylen)
+{
+ CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
+ CK_KEY_TYPE type = CKK_ECDSA;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_KEY_TYPE, &type, sizeof(type)},
+ {CKA_EC_PARAMS, ecparams.ptr, ecparams.len},
+ {CKA_EC_POINT, ecpoint.ptr, ecpoint.len},
+ };
+ CK_MECHANISM_TYPE mechs[] = {
+ CKM_ECDSA,
+ CKM_ECDSA_SHA1,
+ };
+ return create_key(KEY_ECDSA, keylen, mechs,
+ countof(mechs), tmpl, countof(tmpl));
+}
+
+/**
* See header
*/
pkcs11_public_key_t *pkcs11_public_key_load(key_type_t type, va_list args)
{
private_pkcs11_public_key_t *this;
- chunk_t n, e;
+ chunk_t n, e, blob;
+ size_t keylen = 0;
- n = e = chunk_empty;
+ n = e = blob = chunk_empty;
while (TRUE)
{
switch (va_arg(args, builder_part_t))
{
+ case BUILD_BLOB_ASN1_DER:
+ blob = va_arg(args, chunk_t);
+ continue;
case BUILD_RSA_MODULUS:
n = va_arg(args, chunk_t);
continue;
@@ -457,17 +755,152 @@ pkcs11_public_key_t *pkcs11_public_key_load(key_type_t type, va_list args)
{ /* trim leading zero byte in modulus */
n = chunk_skip(n, 1);
}
- this = find_rsa_key(n, e);
+ keylen = n.len * 8;
+ this = find_rsa_key(n, e, keylen);
if (this)
{
return &this->public;
}
- this = create_rsa_key(n, e);
+ this = create_rsa_key(n, e, keylen);
if (this)
{
return &this->public;
}
}
+ else if (type == KEY_ECDSA && blob.ptr)
+ {
+ chunk_t ecparams, ecpoint;
+ ecparams = ecpoint = chunk_empty;
+ if (parse_ecdsa_public_key(blob, &ecparams, &ecpoint, &keylen))
+ {
+ this = find_ecdsa_key(ecparams, ecpoint, keylen);
+ if (this)
+ {
+ return &this->public;
+ }
+ this = create_ecdsa_key(ecparams, ecpoint, keylen);
+ if (this)
+ {
+ return &this->public;
+ }
+ }
+ }
return NULL;
}
+static private_pkcs11_public_key_t *find_key_by_keyid(pkcs11_library_t *p11,
+ int slot, key_type_t key_type,
+ chunk_t keyid)
+{
+ CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
+ CK_KEY_TYPE type;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_ID, keyid.ptr, keyid.len},
+ {CKA_KEY_TYPE, &type, sizeof(type)},
+ };
+ CK_OBJECT_HANDLE object;
+ CK_ATTRIBUTE attr[] = {
+ {CKA_KEY_TYPE, &type, sizeof(type)},
+ };
+ CK_SESSION_HANDLE session;
+ CK_RV rv;
+ enumerator_t *enumerator;
+ int count = countof(tmpl);
+ bool found = FALSE;
+ size_t keylen;
+
+ switch (key_type)
+ {
+ case KEY_RSA:
+ type = CKK_RSA;
+ break;
+ case KEY_ECDSA:
+ type = CKK_ECDSA;
+ break;
+ default:
+ /* don't specify key type on KEY_ANY */
+ count--;
+ break;
+ }
+
+ rv = p11->f->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL, &session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening public key session on '%s':%d failed: %N",
+ p11->get_name(p11), slot, ck_rv_names, rv);
+ return NULL;
+ }
+
+ enumerator = p11->create_object_enumerator(p11, session, tmpl, count, attr,
+ countof(attr));
+ if (enumerator->enumerate(enumerator, &object))
+ {
+ switch (type)
+ {
+ case CKK_ECDSA:
+ {
+ chunk_t ecparams;
+ if (p11->get_ck_attribute(p11, session, object, CKA_EC_PARAMS,
+ &ecparams) &&
+ keylen_from_ecparams(ecparams, &keylen))
+ {
+ chunk_free(&ecparams);
+ key_type = KEY_ECDSA;
+ found = TRUE;
+ }
+ break;
+ }
+ case CKK_RSA:
+ {
+ chunk_t n;
+ if (p11->get_ck_attribute(p11, session, object, CKA_MODULUS,
+ &n) && n.len > 0)
+ {
+ keylen = n.len * 8;
+ chunk_free(&n);
+ key_type = KEY_RSA;
+ found = TRUE;
+ }
+ break;
+ }
+ default:
+ DBG1(DBG_CFG, "PKCS#11 key type %d not supported", type);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+
+ if (found)
+ {
+ return create(key_type, keylen, p11, slot, session, object);
+ }
+ p11->f->C_CloseSession(session);
+ return NULL;
+}
+
+/**
+ * Find a public key on the given token with a specific keyid.
+ *
+ * Used by pkcs11_private_key_t.
+ *
+ * TODO: if no public key is found, we should perhaps search for a certificate
+ * with the given keyid and extract the key from there
+ *
+ * @param p11 PKCS#11 module
+ * @param slot slot id
+ * @param type type of the key
+ * @param keyid key id
+ */
+pkcs11_public_key_t *pkcs11_public_key_connect(pkcs11_library_t *p11,
+ int slot, key_type_t type, chunk_t keyid)
+{
+ private_pkcs11_public_key_t *this;
+
+ this = find_key_by_keyid(p11, slot, type, keyid);
+ if (!this)
+ {
+ return NULL;
+ }
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h
index 4fd94620e..b3ea725a2 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h
@@ -42,7 +42,7 @@ struct pkcs11_public_key_t {
*
* @param type type of the key
* @param args builder_part_t argument list
- * @return loaded key, NULL on failure
+ * @return loaded key, NULL on failure
*/
pkcs11_public_key_t *pkcs11_public_key_load(key_type_t type, va_list args);
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c
new file mode 100644
index 000000000..45cf0b7c2
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_rng.h"
+
+#include <debug.h>
+
+#include "pkcs11_manager.h"
+
+typedef struct private_pkcs11_rng_t private_pkcs11_rng_t;
+
+/**
+ * Private data of an pkcs11_rng_t object.
+ */
+struct private_pkcs11_rng_t {
+
+ /**
+ * Public interface.
+ */
+ pkcs11_rng_t public;
+
+ /**
+ * PKCS#11 library
+ */
+ pkcs11_library_t *lib;
+
+ /**
+ * Mechanism for this rng
+ */
+ CK_SESSION_HANDLE session;
+
+};
+
+METHOD(rng_t, get_bytes, void,
+ private_pkcs11_rng_t *this, size_t bytes, u_int8_t *buffer)
+{
+ CK_RV rv;
+ rv = this->lib->f->C_GenerateRandom(this->session, buffer, bytes);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GenerateRandom() failed: %N", ck_rv_names, rv);
+ abort();
+ }
+}
+
+METHOD(rng_t, allocate_bytes, void,
+ private_pkcs11_rng_t *this, size_t bytes, chunk_t *chunk)
+{
+ *chunk = chunk_alloc(bytes);
+ get_bytes(this, chunk->len, chunk->ptr);
+}
+
+METHOD(rng_t, destroy, void,
+ private_pkcs11_rng_t *this)
+{
+ this->lib->f->C_CloseSession(this->session);
+ free(this);
+}
+
+/**
+ * Find a token with its own RNG
+ */
+static pkcs11_library_t *find_token(CK_SESSION_HANDLE *session)
+{
+ enumerator_t *tokens;
+ pkcs11_manager_t *manager;
+ pkcs11_library_t *current, *found = NULL;
+ CK_SLOT_ID slot;
+
+ manager = lib->get(lib, "pkcs11-manager");
+ if (!manager)
+ {
+ return NULL;
+ }
+ tokens = manager->create_token_enumerator(manager);
+ while (tokens->enumerate(tokens, &current, &slot))
+ {
+ CK_TOKEN_INFO info;
+ CK_RV rv;
+ rv = current->f->C_GetTokenInfo(slot, &info);
+ if (rv != CKR_OK)
+ {
+ continue;
+ }
+ if (info.flags & CKF_RNG)
+ {
+ if (current->f->C_OpenSession(slot, CKF_SERIAL_SESSION,
+ NULL, NULL, session) == CKR_OK)
+ {
+ found = current;
+ break;
+ }
+ }
+ }
+ tokens->destroy(tokens);
+ return found;
+}
+
+/*
+ * Described in header.
+ */
+pkcs11_rng_t *pkcs11_rng_create(rng_quality_t quality)
+{
+ private_pkcs11_rng_t *this;
+
+ INIT(this,
+ .public = {
+ .rng = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ this->lib = find_token(&this->session);
+ if (!this->lib)
+ {
+ free(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.h b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.h
new file mode 100644
index 000000000..998631f7e
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2011 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11_rng pkcs11_rng
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_RNG_H_
+#define PKCS11_RNG_H_
+
+typedef struct pkcs11_rng_t pkcs11_rng_t;
+
+#include <library.h>
+
+/**
+ * rng_t implementation via PKCS#11
+ */
+struct pkcs11_rng_t {
+
+ /**
+ * Implements rng_t.
+ */
+ rng_t rng;
+};
+
+/**
+ * Creates a pkcs11_rng_t instance.
+ *
+ * @param quality required quality of randomness
+ * @return created pkcs11_rng_t
+ */
+pkcs11_rng_t *pkcs11_rng_create(rng_quality_t quality);
+
+#endif /** PKCS11_RNG_H_ @} */
diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.am b/src/libstrongswan/plugins/pkcs8/Makefile.am
new file mode 100644
index 000000000..bcaf2c6a5
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-pkcs8.la
+else
+plugin_LTLIBRARIES = libstrongswan-pkcs8.la
+endif
+
+libstrongswan_pkcs8_la_SOURCES = \
+ pkcs8_plugin.h pkcs8_plugin.c \
+ pkcs8_builder.h pkcs8_builder.c
+
+libstrongswan_pkcs8_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in
new file mode 100644
index 000000000..2b9c6cf95
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.in
@@ -0,0 +1,611 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/pkcs8
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_pkcs8_la_LIBADD =
+am_libstrongswan_pkcs8_la_OBJECTS = pkcs8_plugin.lo pkcs8_builder.lo
+libstrongswan_pkcs8_la_OBJECTS = $(am_libstrongswan_pkcs8_la_OBJECTS)
+libstrongswan_pkcs8_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_pkcs8_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_pkcs8_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_pkcs8_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_pkcs8_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_pkcs8_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+imcvdir = @imcvdir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
+ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
+pcsclite_CFLAGS = @pcsclite_CFLAGS@
+pcsclite_LIBS = @pcsclite_LIBS@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+soup_CFLAGS = @soup_CFLAGS@
+soup_LIBS = @soup_LIBS@
+srcdir = @srcdir@
+starter_plugins = @starter_plugins@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+systemdsystemunitdir = @systemdsystemunitdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pkcs8.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pkcs8.la
+libstrongswan_pkcs8_la_SOURCES = \
+ pkcs8_plugin.h pkcs8_plugin.c \
+ pkcs8_builder.h pkcs8_builder.c
+
+libstrongswan_pkcs8_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs8/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs8/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-pkcs8.la: $(libstrongswan_pkcs8_la_OBJECTS) $(libstrongswan_pkcs8_la_DEPENDENCIES)
+ $(libstrongswan_pkcs8_la_LINK) $(am_libstrongswan_pkcs8_la_rpath) $(libstrongswan_pkcs8_la_OBJECTS) $(libstrongswan_pkcs8_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs8_builder.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs8_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
new file mode 100644
index 000000000..346240ae1
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
@@ -0,0 +1,632 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs8_builder.h"
+
+#include <debug.h>
+#include <asn1/oid.h>
+#include <asn1/asn1.h>
+#include <asn1/asn1_parser.h>
+#include <credentials/keys/private_key.h>
+
+/**
+ * ASN.1 definition of a privateKeyInfo structure
+ */
+static const asn1Object_t pkinfoObjects[] = {
+ { 0, "privateKeyInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
+ { 1, "privateKeyAlgorithm", ASN1_EOC, ASN1_RAW }, /* 2 */
+ { 1, "privateKey", ASN1_OCTET_STRING, ASN1_BODY }, /* 3 */
+ { 1, "attributes", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 4 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 5 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+#define PKINFO_PRIVATE_KEY_ALGORITHM 2
+#define PKINFO_PRIVATE_KEY 3
+
+/**
+ * Load a generic private key from an ASN.1 encoded blob
+ */
+static private_key_t *parse_private_key(chunk_t blob)
+{
+ asn1_parser_t *parser;
+ chunk_t object, params = chunk_empty;
+ int objectID;
+ private_key_t *key = NULL;
+ key_type_t type = KEY_ANY;
+
+ parser = asn1_parser_create(pkinfoObjects, blob);
+ parser->set_flags(parser, FALSE, TRUE);
+
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ switch (objectID)
+ {
+ case PKINFO_PRIVATE_KEY_ALGORITHM:
+ {
+ int oid = asn1_parse_algorithmIdentifier(object,
+ parser->get_level(parser) + 1, &params);
+
+ switch (oid)
+ {
+ case OID_RSA_ENCRYPTION:
+ type = KEY_RSA;
+ break;
+ case OID_EC_PUBLICKEY:
+ type = KEY_ECDSA;
+ break;
+ default:
+ /* key type not supported */
+ goto end;
+ }
+ break;
+ }
+ case PKINFO_PRIVATE_KEY:
+ {
+ DBG2(DBG_ASN, "-- > --");
+ if (params.ptr)
+ {
+ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
+ type, BUILD_BLOB_ALGID_PARAMS,
+ params, BUILD_BLOB_ASN1_DER,
+ object, BUILD_END);
+ }
+ else
+ {
+ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY,
+ type, BUILD_BLOB_ASN1_DER, object,
+ BUILD_END);
+ }
+ DBG2(DBG_ASN, "-- < --");
+ break;
+ }
+ }
+ }
+
+end:
+ parser->destroy(parser);
+ return key;
+}
+
+/**
+ * Verify padding of decrypted blob.
+ * Length of blob is adjusted accordingly.
+ */
+static bool verify_padding(chunk_t *blob)
+{
+ u_int8_t padding, count;
+
+ padding = count = blob->ptr[blob->len - 1];
+ if (padding > 8)
+ {
+ return FALSE;
+ }
+ for (; blob->len && count; --blob->len, --count)
+ {
+ if (blob->ptr[blob->len - 1] != padding)
+ {
+ return FALSE;
+ }
+ }
+ return TRUE;
+}
+
+/**
+ * Prototype for key derivation functions.
+ */
+typedef void (*kdf_t)(void *generator, chunk_t password, chunk_t salt,
+ u_int64_t iterations, chunk_t key);
+
+/**
+ * Try to decrypt the given blob with multiple passwords using the given
+ * key derivation function. keymat is where the kdf function writes the key
+ * to, key and iv point to the actual keys and initialization vectors resp.
+ */
+static private_key_t *decrypt_private_key(chunk_t blob,
+ encryption_algorithm_t encr, size_t key_len, kdf_t kdf,
+ void *generator, chunk_t salt, u_int64_t iterations,
+ chunk_t keymat, chunk_t key, chunk_t iv)
+{
+ enumerator_t *enumerator;
+ shared_key_t *shared;
+ crypter_t *crypter;
+ private_key_t *private_key = NULL;
+
+ crypter = lib->crypto->create_crypter(lib->crypto, encr, key_len);
+ if (!crypter)
+ {
+ DBG1(DBG_ASN, " %N encryption algorithm not available",
+ encryption_algorithm_names, encr);
+ return NULL;
+ }
+ if (blob.len % crypter->get_block_size(crypter))
+ {
+ DBG1(DBG_ASN, " data size is not a multiple of block size");
+ crypter->destroy(crypter);
+ return NULL;
+ }
+
+ enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
+ SHARED_PRIVATE_KEY_PASS, NULL, NULL);
+ while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
+ {
+ chunk_t decrypted;
+
+ kdf(generator, shared->get_key(shared), salt, iterations, keymat);
+
+ crypter->set_key(crypter, key);
+ crypter->decrypt(crypter, blob, iv, &decrypted);
+ if (verify_padding(&decrypted))
+ {
+ private_key = parse_private_key(decrypted);
+ if (private_key)
+ {
+ chunk_clear(&decrypted);
+ break;
+ }
+ }
+ chunk_free(&decrypted);
+ }
+ enumerator->destroy(enumerator);
+ crypter->destroy(crypter);
+
+ return private_key;
+}
+
+/**
+ * Function F of PBKDF2
+ */
+static void pbkdf2_f(chunk_t block, prf_t *prf, chunk_t seed,
+ u_int64_t iterations)
+{
+ chunk_t u;
+ u_int64_t i;
+
+ u = chunk_alloca(prf->get_block_size(prf));
+ prf->get_bytes(prf, seed, u.ptr);
+ memcpy(block.ptr, u.ptr, block.len);
+
+ for (i = 1; i < iterations; i++)
+ {
+ prf->get_bytes(prf, u, u.ptr);
+ memxor(block.ptr, u.ptr, block.len);
+ }
+}
+
+/**
+ * PBKDF2 key derivation function
+ */
+static void pbkdf2(prf_t *prf, chunk_t password, chunk_t salt,
+ u_int64_t iterations, chunk_t key)
+{
+ chunk_t keymat, block, seed;
+ size_t blocks;
+ u_int32_t i = 0, *ni;
+
+ prf->set_key(prf, password);
+
+ block.len = prf->get_block_size(prf);
+ blocks = (key.len - 1) / block.len + 1;
+ keymat = chunk_alloca(blocks * block.len);
+
+ seed = chunk_cata("cc", salt, chunk_from_thing(i));
+ ni = (u_int32_t*)(seed.ptr + salt.len);
+
+ for (; i < blocks; i++)
+ {
+ *ni = htonl(i + 1);
+ block.ptr = keymat.ptr + (i * block.len);
+ pbkdf2_f(block, prf, seed, iterations);
+ }
+
+ memcpy(key.ptr, keymat.ptr, key.len);
+}
+
+/**
+ * Decrypt an encrypted PKCS#8 encoded private key according to PBES2
+ */
+static private_key_t *decrypt_private_key_pbes2(chunk_t blob,
+ encryption_algorithm_t encr, size_t key_len,
+ chunk_t iv, pseudo_random_function_t prf_func,
+ chunk_t salt, u_int64_t iterations)
+{
+ private_key_t *private_key;
+ prf_t *prf;
+ chunk_t key;
+
+ prf = lib->crypto->create_prf(lib->crypto, prf_func);
+ if (!prf)
+ {
+ DBG1(DBG_ASN, " %N prf algorithm not available",
+ pseudo_random_function_names, prf_func);
+ return NULL;
+ }
+
+ key = chunk_alloca(key_len);
+
+ private_key = decrypt_private_key(blob, encr, key_len, (kdf_t)pbkdf2, prf,
+ salt, iterations, key, key, iv);
+
+ prf->destroy(prf);
+ return private_key;
+}
+
+/**
+ * PBKDF1 key derivation function
+ */
+static void pbkdf1(hasher_t *hasher, chunk_t password, chunk_t salt,
+ u_int64_t iterations, chunk_t key)
+{
+ chunk_t hash;
+ u_int64_t i;
+
+ hash = chunk_alloca(hasher->get_hash_size(hasher));
+ hasher->get_hash(hasher, password, NULL);
+ hasher->get_hash(hasher, salt, hash.ptr);
+
+ for (i = 1; i < iterations; i++)
+ {
+ hasher->get_hash(hasher, hash, hash.ptr);
+ }
+
+ memcpy(key.ptr, hash.ptr, key.len);
+}
+
+/**
+ * Decrypt an encrypted PKCS#8 encoded private key according to PBES1
+ */
+static private_key_t *decrypt_private_key_pbes1(chunk_t blob,
+ encryption_algorithm_t encr, size_t key_len,
+ hash_algorithm_t hash, chunk_t salt,
+ u_int64_t iterations)
+{
+ private_key_t *private_key = NULL;
+ hasher_t *hasher = NULL;
+ chunk_t keymat, key, iv;
+
+ hasher = lib->crypto->create_hasher(lib->crypto, hash);
+ if (!hasher)
+ {
+ DBG1(DBG_ASN, " %N hash algorithm not available",
+ hash_algorithm_names, hash);
+ goto end;
+ }
+ if (hasher->get_hash_size(hasher) < key_len)
+ {
+ goto end;
+ }
+
+ keymat = chunk_alloca(key_len * 2);
+ key.len = key_len;
+ key.ptr = keymat.ptr;
+ iv.len = key_len;
+ iv.ptr = keymat.ptr + key_len;
+
+ private_key = decrypt_private_key(blob, encr, key_len, (kdf_t)pbkdf1,
+ hasher, salt, iterations, keymat,
+ key, iv);
+
+end:
+ DESTROY_IF(hasher);
+ return private_key;
+}
+
+/**
+ * Parse an ASN1_INTEGER to a u_int64_t.
+ */
+static u_int64_t parse_asn1_integer_uint64(chunk_t blob)
+{
+ u_int64_t val = 0;
+ int i;
+
+ for (i = 0; i < blob.len; i++)
+ { /* if it is longer than 8 bytes, we just use the 8 LSBs */
+ val <<= 8;
+ val |= (u_int64_t)blob.ptr[i];
+ }
+ return val;
+}
+
+/**
+ * ASN.1 definition of a PBKDF2-params structure
+ * The salt is actually a CHOICE and could be an AlgorithmIdentifier from
+ * PBKDF2-SaltSources (but as per RFC 2898 that's for future versions).
+ */
+static const asn1Object_t pbkdf2ParamsObjects[] = {
+ { 0, "PBKDF2-params", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "salt", ASN1_OCTET_STRING, ASN1_BODY }, /* 1 */
+ { 1, "iterationCount",ASN1_INTEGER, ASN1_BODY }, /* 2 */
+ { 1, "keyLength", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 3 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */
+ { 1, "prf", ASN1_EOC, ASN1_DEF|ASN1_RAW }, /* 5 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+#define PBKDF2_SALT 1
+#define PBKDF2_ITERATION_COUNT 2
+#define PBKDF2_KEY_LENGTH 3
+#define PBKDF2_PRF 5
+
+/**
+ * Parse a PBKDF2-params structure
+ */
+static void parse_pbkdf2_params(chunk_t blob, chunk_t *salt,
+ u_int64_t *iterations, size_t *key_len,
+ pseudo_random_function_t *prf)
+{
+ asn1_parser_t *parser;
+ chunk_t object;
+ int objectID;
+
+ parser = asn1_parser_create(pbkdf2ParamsObjects, blob);
+
+ *key_len = 0; /* key_len is optional */
+
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ switch (objectID)
+ {
+ case PBKDF2_SALT:
+ {
+ *salt = object;
+ break;
+ }
+ case PBKDF2_ITERATION_COUNT:
+ {
+ *iterations = parse_asn1_integer_uint64(object);
+ break;
+ }
+ case PBKDF2_KEY_LENGTH:
+ {
+ *key_len = (size_t)parse_asn1_integer_uint64(object);
+ break;
+ }
+ case PBKDF2_PRF:
+ { /* defaults to id-hmacWithSHA1 */
+ *prf = PRF_HMAC_SHA1;
+ break;
+ }
+ }
+ }
+
+ parser->destroy(parser);
+}
+
+/**
+ * ASN.1 definition of a PBES2-params structure
+ */
+static const asn1Object_t pbes2ParamsObjects[] = {
+ { 0, "PBES2-params", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "keyDerivationFunc", ASN1_EOC, ASN1_RAW }, /* 1 */
+ { 1, "encryptionScheme", ASN1_EOC, ASN1_RAW }, /* 2 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+#define PBES2PARAMS_KEY_DERIVATION_FUNC 1
+#define PBES2PARAMS_ENCRYPTION_SCHEME 2
+
+/**
+ * Parse a PBES2-params structure
+ */
+static void parse_pbes2_params(chunk_t blob, chunk_t *salt,
+ u_int64_t *iterations, size_t *key_len,
+ pseudo_random_function_t *prf,
+ encryption_algorithm_t *encr, chunk_t *iv)
+{
+ asn1_parser_t *parser;
+ chunk_t object, params;
+ int objectID;
+
+ parser = asn1_parser_create(pbes2ParamsObjects, blob);
+
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ switch (objectID)
+ {
+ case PBES2PARAMS_KEY_DERIVATION_FUNC:
+ {
+ int oid = asn1_parse_algorithmIdentifier(object,
+ parser->get_level(parser) + 1, &params);
+ if (oid != OID_PBKDF2)
+ { /* unsupported key derivation function */
+ goto end;
+ }
+ parse_pbkdf2_params(params, salt, iterations, key_len, prf);
+ break;
+ }
+ case PBES2PARAMS_ENCRYPTION_SCHEME:
+ {
+ int oid = asn1_parse_algorithmIdentifier(object,
+ parser->get_level(parser) + 1, &params);
+ if (oid != OID_3DES_EDE_CBC)
+ { /* unsupported encryption scheme */
+ goto end;
+ }
+ if (*key_len <= 0)
+ { /* default key len for DES-EDE3-CBC-Pad */
+ *key_len = 24;
+ }
+ if (!asn1_parse_simple_object(&params, ASN1_OCTET_STRING,
+ parser->get_level(parser) + 1, "IV"))
+ {
+ goto end;
+ }
+ *encr = ENCR_3DES;
+ *iv = params;
+ break;
+ }
+ }
+ }
+
+end:
+ parser->destroy(parser);
+}
+
+/**
+ * ASN.1 definition of a PBEParameter structure
+ */
+static const asn1Object_t pbeParameterObjects[] = {
+ { 0, "PBEParameter", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "salt", ASN1_OCTET_STRING, ASN1_BODY }, /* 1 */
+ { 1, "iterationCount", ASN1_INTEGER, ASN1_BODY }, /* 2 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+#define PBEPARAM_SALT 1
+#define PBEPARAM_ITERATION_COUNT 2
+
+/**
+ * Parse a PBEParameter structure
+ */
+static void parse_pbe_parameters(chunk_t blob, chunk_t *salt,
+ u_int64_t *iterations)
+{
+ asn1_parser_t *parser;
+ chunk_t object;
+ int objectID;
+
+ parser = asn1_parser_create(pbeParameterObjects, blob);
+
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ switch (objectID)
+ {
+ case PBEPARAM_SALT:
+ {
+ *salt = object;
+ break;
+ }
+ case PBEPARAM_ITERATION_COUNT:
+ {
+ *iterations = parse_asn1_integer_uint64(object);
+ break;
+ }
+ }
+ }
+
+ parser->destroy(parser);
+}
+
+/**
+ * ASN.1 definition of an encryptedPrivateKeyInfo structure
+ */
+static const asn1Object_t encryptedPKIObjects[] = {
+ { 0, "encryptedPrivateKeyInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "encryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 1 */
+ { 1, "encryptedData", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+#define EPKINFO_ENCRYPTION_ALGORITHM 1
+#define EPKINFO_ENCRYPTED_DATA 2
+
+/**
+ * Load an encrypted private key from an ASN.1 encoded blob
+ * Schemes per PKCS#5 (RFC 2898)
+ */
+static private_key_t *parse_encrypted_private_key(chunk_t blob)
+{
+ asn1_parser_t *parser;
+ chunk_t object, params, salt, iv;
+ u_int64_t iterations = 0;
+ int objectID;
+ encryption_algorithm_t encr = ENCR_UNDEFINED;
+ hash_algorithm_t hash = HASH_UNKNOWN;
+ pseudo_random_function_t prf = PRF_UNDEFINED;
+ private_key_t *key = NULL;
+ size_t key_len = 8;
+
+ parser = asn1_parser_create(encryptedPKIObjects, blob);
+
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ switch (objectID)
+ {
+ case EPKINFO_ENCRYPTION_ALGORITHM:
+ {
+ int oid = asn1_parse_algorithmIdentifier(object,
+ parser->get_level(parser) + 1, &params);
+
+ switch (oid)
+ {
+ case OID_PBE_MD5_DES_CBC:
+ encr = ENCR_DES;
+ hash = HASH_MD5;
+ parse_pbe_parameters(params, &salt, &iterations);
+ break;
+ case OID_PBE_SHA1_DES_CBC:
+ encr = ENCR_DES;
+ hash = HASH_SHA1;
+ parse_pbe_parameters(params, &salt, &iterations);
+ break;
+ case OID_PBES2:
+ parse_pbes2_params(params, &salt, &iterations,
+ &key_len, &prf, &encr, &iv);
+ break;
+ default:
+ /* encryption scheme not supported */
+ goto end;
+ }
+ break;
+ }
+ case EPKINFO_ENCRYPTED_DATA:
+ {
+ if (prf != PRF_UNDEFINED)
+ {
+ key = decrypt_private_key_pbes2(object, encr, key_len, iv,
+ prf, salt, iterations);
+ }
+ else
+ {
+ key = decrypt_private_key_pbes1(object, encr, key_len, hash,
+ salt, iterations);
+ }
+ break;
+ }
+ }
+ }
+
+end:
+ parser->destroy(parser);
+ return key;
+}
+
+/**
+ * See header.
+ */
+private_key_t *pkcs8_private_key_load(key_type_t type, va_list args)
+{
+ chunk_t blob = chunk_empty;
+ private_key_t *key;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_BLOB_ASN1_DER:
+ blob = va_arg(args, chunk_t);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+ /* we don't know whether it is encrypted or not, try both ways */
+ key = parse_encrypted_private_key(blob);
+ if (!key)
+ {
+ key = parse_private_key(blob);
+ }
+ return key;
+}
+
diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h
new file mode 100644
index 000000000..b07f2d927
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs8_builder pkcs8_builder
+ * @{ @ingroup pkcs8
+ */
+
+#ifndef PKCS8_BUILDER_H_
+#define PKCS8_BUILDER_H_
+
+#include <credentials/builder.h>
+#include <credentials/keys/private_key.h>
+
+/**
+ * Load an RSA or ECDSA private key from PKCS#8 data.
+ *
+ * @param type type of the key, KEY_RSA or KEY_ECDSA
+ * @param args builder_part_t argument list
+ * @return private key, NULL on failure
+ */
+private_key_t *pkcs8_private_key_load(key_type_t type, va_list args);
+
+#endif /** PKCS8_BUILDER_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c
new file mode 100644
index 000000000..f78c83054
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs8_plugin.h"
+
+#include <library.h>
+
+#include "pkcs8_builder.h"
+
+typedef struct private_pkcs8_plugin_t private_pkcs8_plugin_t;
+
+/**
+ * private data of pkcs8_plugin
+ */
+struct private_pkcs8_plugin_t {
+
+ /**
+ * public functions
+ */
+ pkcs8_plugin_t public;
+};
+
+METHOD(plugin_t, get_name, char*,
+ private_pkcs8_plugin_t *this)
+{
+ return "pkcs8";
+}
+
+METHOD(plugin_t, get_features, int,
+ private_pkcs8_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(PRIVKEY, pkcs8_private_key_load, FALSE),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_RSA),
+ PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA),
+ };
+ *features = f;
+ return countof(f);
+}
+
+METHOD(plugin_t, destroy, void,
+ private_pkcs8_plugin_t *this)
+{
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *pkcs8_plugin_create()
+{
+ private_pkcs8_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .get_name = _get_name,
+ .get_features = _get_features,
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ return &this->public.plugin;
+}
+
diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h
new file mode 100644
index 000000000..03ca950a3
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs8 pkcs8
+ * @ingroup plugins
+ *
+ * @defgroup pkcs8_plugin pkcs8_plugin
+ * @{ @ingroup pkcs8
+ */
+
+#ifndef PKCS8_PLUGIN_H_
+#define PKCS8_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct pkcs8_plugin_t pkcs8_plugin_t;
+
+/**
+ * Plugin providing PKCS#8 private key decoding functions
+ */
+struct pkcs8_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+#endif /** PKCS8_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/plugin.h b/src/libstrongswan/plugins/plugin.h
index 5c92fd1d8..7bfbdf1d4 100644
--- a/src/libstrongswan/plugins/plugin.h
+++ b/src/libstrongswan/plugins/plugin.h
@@ -21,10 +21,11 @@
#ifndef PLUGIN_H_
#define PLUGIN_H_
-#include <utils.h>
-
typedef struct plugin_t plugin_t;
+#include <library.h>
+#include <plugins/plugin_feature.h>
+
/**
* Interface definition of a plugin.
*/
@@ -38,6 +39,17 @@ struct plugin_t {
char* (*get_name)(plugin_t *this);
/**
+ * Get plugin features with dependencies.
+ *
+ * The returned array contains features provided by the plugin and
+ * dependencies for that feature. See plugin_feature_t for details.
+ *
+ * @param features pointer receiving plugin features
+ * @return number of features
+ */
+ int (*get_features)(plugin_t *this, plugin_feature_t *features[]);
+
+ /**
* Try to reload plugin configuration.
*
* @return TRUE if reloaded, FALSE if reloading not supporty by plugin
@@ -52,7 +64,7 @@ struct plugin_t {
/**
- * Plugin constructor function definiton.
+ * Plugin constructor function definition.
*
* Each plugin has a constructor function. This function is called on daemon
* startup to initialize each plugin.
diff --git a/src/libstrongswan/plugins/plugin_feature.c b/src/libstrongswan/plugins/plugin_feature.c
new file mode 100644
index 000000000..2a97205bb
--- /dev/null
+++ b/src/libstrongswan/plugins/plugin_feature.c
@@ -0,0 +1,383 @@
+/*
+ * Copyright (C) 2011 Martin Willi
+ * Copyright (C) 2011 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#define _GNU_SOURCE
+#include <stdio.h>
+
+#include "plugin_feature.h"
+
+#include <debug.h>
+
+ENUM(plugin_feature_names, FEATURE_NONE, FEATURE_CUSTOM,
+ "NONE",
+ "CRYPTER",
+ "AEAD",
+ "SIGNER",
+ "HASHER",
+ "PRF",
+ "DH",
+ "RNG",
+ "PRIVKEY",
+ "PRIVKEY_GEN",
+ "PRIVKEY_SIGN",
+ "PRIVKEY_DECRYPT",
+ "PUBKEY",
+ "PUBKEY_VERIFY",
+ "PUBKEY_ENCRYPT",
+ "CERT_DECODE",
+ "CERT_ENCODE",
+ "EAP_SERVER",
+ "EAP_CLIENT",
+ "DATABASE",
+ "FETCHER",
+ "CUSTOM",
+);
+
+/**
+ * See header.
+ */
+bool plugin_feature_matches(plugin_feature_t *a, plugin_feature_t *b)
+{
+ if (a->type == b->type)
+ {
+ switch (a->type)
+ {
+ case FEATURE_NONE:
+ return FALSE;
+ case FEATURE_CRYPTER:
+ return a->arg.crypter.alg == b->arg.crypter.alg &&
+ a->arg.crypter.key_size == b->arg.crypter.key_size;
+ case FEATURE_AEAD:
+ return a->arg.aead.alg == b->arg.aead.alg &&
+ a->arg.aead.key_size == b->arg.aead.key_size;
+ case FEATURE_SIGNER:
+ return a->arg.signer == b->arg.signer;
+ case FEATURE_HASHER:
+ return a->arg.hasher == b->arg.hasher;
+ case FEATURE_PRF:
+ return a->arg.prf == b->arg.prf;
+ case FEATURE_DH:
+ return a->arg.dh_group == b->arg.dh_group;
+ case FEATURE_RNG:
+ return a->arg.rng_quality <= b->arg.rng_quality;
+ case FEATURE_PRIVKEY:
+ case FEATURE_PRIVKEY_GEN:
+ case FEATURE_PUBKEY:
+ return a->arg.privkey == b->arg.privkey;
+ case FEATURE_PRIVKEY_SIGN:
+ case FEATURE_PUBKEY_VERIFY:
+ return a->arg.privkey_sign == b->arg.privkey_sign;
+ case FEATURE_PRIVKEY_DECRYPT:
+ case FEATURE_PUBKEY_ENCRYPT:
+ return a->arg.privkey_decrypt == b->arg.privkey_decrypt;
+ case FEATURE_CERT_DECODE:
+ case FEATURE_CERT_ENCODE:
+ return a->arg.cert == b->arg.cert;
+ case FEATURE_EAP_SERVER:
+ case FEATURE_EAP_PEER:
+ return a->arg.eap == b->arg.eap;
+ case FEATURE_DATABASE:
+ return a->arg.database == DB_ANY ||
+ a->arg.database == b->arg.database;
+ case FEATURE_FETCHER:
+ return a->arg.fetcher == NULL ||
+ streq(a->arg.fetcher, b->arg.fetcher);
+ case FEATURE_CUSTOM:
+ return streq(a->arg.custom, b->arg.custom);
+ }
+ }
+ return FALSE;
+}
+
+/**
+ * See header.
+ */
+char* plugin_feature_get_string(plugin_feature_t *feature)
+{
+ char *str = NULL;
+
+ if (feature->kind == FEATURE_REGISTER)
+ {
+ return strdup("(register function)");
+ }
+ switch (feature->type)
+ {
+ case FEATURE_NONE:
+ return strdup("NONE");
+ case FEATURE_CRYPTER:
+ if (asprintf(&str, "%N:%N-%d", plugin_feature_names, feature->type,
+ encryption_algorithm_names, feature->arg.crypter.alg,
+ feature->arg.crypter.key_size) > 0)
+ {
+ return str;
+ }
+ break;
+ case FEATURE_AEAD:
+ if (asprintf(&str, "%N:%N-%d", plugin_feature_names, feature->type,
+ encryption_algorithm_names, feature->arg.aead.alg,
+ feature->arg.aead.key_size) > 0)
+ {
+ return str;
+ }
+ break;
+ case FEATURE_SIGNER:
+ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
+ integrity_algorithm_names, feature->arg.signer) > 0)
+ {
+ return str;
+ }
+ break;
+ case FEATURE_HASHER:
+ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
+ hash_algorithm_names, feature->arg.hasher) > 0)
+ {
+ return str;
+ }
+ break;
+ case FEATURE_PRF:
+ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
+ pseudo_random_function_names, feature->arg.prf) > 0)
+ {
+ return str;
+ }
+ break;
+ case FEATURE_DH:
+ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
+ diffie_hellman_group_names, feature->arg.dh_group) > 0)
+ {
+ return str;
+ }
+ break;
+ case FEATURE_RNG:
+ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
+ rng_quality_names, feature->arg.rng_quality) > 0)
+ {
+ return str;
+ }
+ break;
+ case FEATURE_PRIVKEY:
+ case FEATURE_PRIVKEY_GEN:
+ case FEATURE_PUBKEY:
+ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
+ key_type_names, feature->arg.privkey) > 0)
+ {
+ return str;
+ }
+ break;
+ case FEATURE_PRIVKEY_SIGN:
+ case FEATURE_PUBKEY_VERIFY:
+ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
+ signature_scheme_names, feature->arg.privkey_sign) > 0)
+ {
+ return str;
+ }
+ break;
+ case FEATURE_PRIVKEY_DECRYPT:
+ case FEATURE_PUBKEY_ENCRYPT:
+ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
+ encryption_scheme_names, feature->arg.privkey_decrypt) > 0)
+ {
+ return str;
+ }
+ break;
+ case FEATURE_CERT_DECODE:
+ case FEATURE_CERT_ENCODE:
+ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
+ certificate_type_names, feature->arg.cert) > 0)
+ {
+ return str;
+ }
+ break;
+ case FEATURE_EAP_SERVER:
+ case FEATURE_EAP_PEER:
+ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
+ eap_type_short_names, feature->arg.eap) > 0)
+ {
+ return str;
+ }
+ break;
+ case FEATURE_DATABASE:
+ if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type,
+ db_driver_names, feature->arg.database) > 0)
+ {
+ return str;
+ }
+ break;
+ case FEATURE_FETCHER:
+ if (asprintf(&str, "%N:%s", plugin_feature_names, feature->type,
+ feature->arg.fetcher) > 0)
+ {
+ return str;
+ }
+ break;
+ case FEATURE_CUSTOM:
+ if (asprintf(&str, "%N:%s", plugin_feature_names, feature->type,
+ feature->arg.custom) > 0)
+ {
+ return str;
+ }
+ break;
+ }
+ if (!str)
+ {
+ str = strdup("(invalid)");
+ }
+ return str;
+}
+
+/**
+ * See header.
+ */
+bool plugin_feature_load(plugin_t *plugin, plugin_feature_t *feature,
+ plugin_feature_t *reg)
+{
+ char *name;
+
+ if (!reg)
+ { /* noting to do for this feature */
+ return TRUE;
+ }
+ if (reg->kind == FEATURE_CALLBACK)
+ {
+ if (reg->arg.cb.f(plugin, feature, TRUE, reg->arg.cb.data))
+ {
+ return TRUE;
+ }
+ return FALSE;
+ }
+ name = plugin->get_name(plugin);
+ switch (feature->type)
+ {
+ case FEATURE_CRYPTER:
+ lib->crypto->add_crypter(lib->crypto, feature->arg.crypter.alg,
+ name, reg->arg.reg.f);
+ break;
+ case FEATURE_AEAD:
+ lib->crypto->add_aead(lib->crypto, feature->arg.aead.alg,
+ name, reg->arg.reg.f);
+ break;
+ case FEATURE_SIGNER:
+ lib->crypto->add_signer(lib->crypto, feature->arg.signer,
+ name, reg->arg.reg.f);
+ break;
+ case FEATURE_HASHER:
+ lib->crypto->add_hasher(lib->crypto, feature->arg.hasher,
+ name, reg->arg.reg.f);
+ break;
+ case FEATURE_PRF:
+ lib->crypto->add_prf(lib->crypto, feature->arg.prf,
+ name, reg->arg.reg.f);
+ break;
+ case FEATURE_DH:
+ lib->crypto->add_dh(lib->crypto, feature->arg.dh_group,
+ name, reg->arg.reg.f);
+ break;
+ case FEATURE_RNG:
+ lib->crypto->add_rng(lib->crypto, feature->arg.rng_quality,
+ name, reg->arg.reg.f);
+ break;
+ case FEATURE_PRIVKEY:
+ case FEATURE_PRIVKEY_GEN:
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY,
+ feature->arg.privkey, reg->arg.reg.final,
+ reg->arg.reg.f);
+ break;
+ case FEATURE_PUBKEY:
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY,
+ feature->arg.pubkey, reg->arg.reg.final,
+ reg->arg.reg.f);
+ break;
+ case FEATURE_CERT_DECODE:
+ case FEATURE_CERT_ENCODE:
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE,
+ feature->arg.cert, reg->arg.reg.final,
+ reg->arg.reg.f);
+ break;
+ case FEATURE_DATABASE:
+ lib->db->add_database(lib->db, reg->arg.reg.f);
+ break;
+ case FEATURE_FETCHER:
+ lib->fetcher->add_fetcher(lib->fetcher, reg->arg.reg.f,
+ feature->arg.fetcher);
+ break;
+ default:
+ break;
+ }
+ return TRUE;
+}
+
+/**
+ * See header.
+ */
+bool plugin_feature_unload(plugin_t *plugin, plugin_feature_t *feature,
+ plugin_feature_t *reg)
+{
+ if (!reg)
+ { /* noting to do for this feature */
+ return TRUE;
+ }
+ if (reg->kind == FEATURE_CALLBACK)
+ {
+ if (reg->arg.cb.f(plugin, feature, FALSE, reg->arg.cb.data))
+ {
+ return TRUE;
+ }
+ return FALSE;
+ }
+ switch (feature->type)
+ {
+ case FEATURE_CRYPTER:
+ lib->crypto->remove_crypter(lib->crypto, reg->arg.reg.f);
+ break;
+ case FEATURE_AEAD:
+ lib->crypto->remove_aead(lib->crypto, reg->arg.reg.f);
+ break;
+ case FEATURE_SIGNER:
+ lib->crypto->remove_signer(lib->crypto, reg->arg.reg.f);
+ break;
+ case FEATURE_HASHER:
+ lib->crypto->remove_hasher(lib->crypto, reg->arg.reg.f);
+ break;
+ case FEATURE_PRF:
+ lib->crypto->remove_prf(lib->crypto, reg->arg.reg.f);
+ break;
+ case FEATURE_DH:
+ lib->crypto->remove_dh(lib->crypto, reg->arg.reg.f);
+ break;
+ case FEATURE_RNG:
+ lib->crypto->remove_rng(lib->crypto, reg->arg.reg.f);
+ break;
+ case FEATURE_PRIVKEY:
+ case FEATURE_PRIVKEY_GEN:
+ lib->creds->remove_builder(lib->creds, reg->arg.reg.f);
+ break;
+ case FEATURE_PUBKEY:
+ lib->creds->remove_builder(lib->creds, reg->arg.reg.f);
+ break;
+ case FEATURE_CERT_DECODE:
+ case FEATURE_CERT_ENCODE:
+ lib->creds->remove_builder(lib->creds, reg->arg.reg.f);
+ break;
+ case FEATURE_DATABASE:
+ lib->db->remove_database(lib->db, reg->arg.reg.f);
+ break;
+ case FEATURE_FETCHER:
+ lib->fetcher->remove_fetcher(lib->fetcher, reg->arg.reg.f);
+ break;
+ default:
+ break;
+ }
+ return TRUE;
+}
diff --git a/src/libstrongswan/plugins/plugin_feature.h b/src/libstrongswan/plugins/plugin_feature.h
new file mode 100644
index 000000000..b1500feba
--- /dev/null
+++ b/src/libstrongswan/plugins/plugin_feature.h
@@ -0,0 +1,331 @@
+/*
+ * Copyright (C) 2011 Martin Willi
+ * Copyright (C) 2011 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup plugin_feature plugin_feature
+ * @{ @ingroup plugins
+ */
+
+#ifndef PLUGIN_FEATURE_H_
+#define PLUGIN_FEATURE_H_
+
+typedef struct plugin_feature_t plugin_feature_t;
+
+#include <library.h>
+#include <eap/eap.h>
+#include <plugins/plugin.h>
+
+/**
+ * Callback function of a plugin to (un-)register a specified feature.
+ *
+ * @param plugin plugin instance
+ * @param feature feature to register
+ * @param reg TRUE to register, FALSE to unregister
+ * @param cb_data user data passed with callback function
+ * @return TRUE if registered successfully
+ */
+typedef bool (*plugin_feature_callback_t)(plugin_t *plugin,
+ plugin_feature_t *feature,
+ bool reg,void *cb_data);
+
+/**
+ * Feature a plugin provides or depends on, including registration functions.
+ *
+ * Each plugin returns a list of plugin features, allowing the plugin loader
+ * to resolve dependencies and register the feature. FEATURE_PROVIDE defines
+ * features provided by the plugin, hard (DEPENDS) or soft (SDEPEND) dependency
+ * specified is related to the previously defined PROVIDE feature.
+ * If a plugin feature requires to hook in functionality into the library
+ * or a daemon, it can use REGISTER or CALLBACK entries. Each PROVIDED feature
+ * uses the REGISTER/CALLBACK entry defined previously. The REGISTER entry
+ * defines a common feature registration function directly passed to the
+ * associated manager or factory (crypto/credential factory etc.). A callback
+ * function is more generic allows the loader to invoke a callback to do
+ * the registration.
+ *
+ * To conviently create feature lists, use the four macros PLUGIN_REGISTER,
+ * PLUGIN_CALLBACK, PLUGIN_PROVIDE, PLUGIN_DEPENDS and PLUGIN_SDEPEND. Use
+ * identation to show how the registration functions and dependencies are
+ * related to a provided feature, such as:
+ *
+ * @verbatim
+ // two features, one with two dependencies, both use a callback to register
+ PLUGIN_CALLBACK(...),
+ PLUGIN_PROVIDE(...),
+ PLUGIN_DEPENDS(...),
+ PLUGIN_SDEPEND(...),
+ PLUGIN_PROVIDE(...),
+ // common constructor to register for a feature with one dependency
+ PLUGIN_REGISTER(...),
+ PLUGIN_PROVIDE(...),
+ PLUGIN_DEPENDS(...),
+ // feature that does not use a registration function
+ PLUGIN_PROVIDE(...),
+ @endverbatim
+ */
+struct plugin_feature_t {
+ /** kind of entry */
+ enum {
+ /* plugin provides this feature */
+ FEATURE_PROVIDE,
+ /* a feature depends on this feature, hard dependency */
+ FEATURE_DEPENDS,
+ /* a feature can optionally use this feature, soft dependency */
+ FEATURE_SDEPEND,
+ /* register the specified function for all following features */
+ FEATURE_REGISTER,
+ /* use a callback to register all following features */
+ FEATURE_CALLBACK,
+ } kind;
+ /* type of feature */
+ enum {
+ /** not a feature */
+ FEATURE_NONE,
+ /** crypter_t */
+ FEATURE_CRYPTER,
+ /** aead_t */
+ FEATURE_AEAD,
+ /** signer_t */
+ FEATURE_SIGNER,
+ /** hasher_t */
+ FEATURE_HASHER,
+ /** prf_t */
+ FEATURE_PRF,
+ /** diffie_hellman_t */
+ FEATURE_DH,
+ /** rng_t */
+ FEATURE_RNG,
+ /** generic private key support */
+ FEATURE_PRIVKEY,
+ /** generating new private keys */
+ FEATURE_PRIVKEY_GEN,
+ /** private_key_t->sign() */
+ FEATURE_PRIVKEY_SIGN,
+ /** private_key_t->decrypt() */
+ FEATURE_PRIVKEY_DECRYPT,
+ /** generic public key support */
+ FEATURE_PUBKEY,
+ /** public_key_t->verify() */
+ FEATURE_PUBKEY_VERIFY,
+ /** public_key_t->encrypt() */
+ FEATURE_PUBKEY_ENCRYPT,
+ /** parsing certificates */
+ FEATURE_CERT_DECODE,
+ /** generating certificates */
+ FEATURE_CERT_ENCODE,
+ /** EAP server implementation */
+ FEATURE_EAP_SERVER,
+ /** EAP peer implementation */
+ FEATURE_EAP_PEER,
+ /** database_t */
+ FEATURE_DATABASE,
+ /** fetcher_t */
+ FEATURE_FETCHER,
+ /** custom feature, described with a string */
+ FEATURE_CUSTOM,
+ } type;
+ /** More specific data for each type */
+ union {
+ /** FEATURE_CRYPTER */
+ struct {
+ encryption_algorithm_t alg;
+ size_t key_size;
+ } crypter;
+ /** FEATURE_AEAD */
+ struct {
+ encryption_algorithm_t alg;
+ size_t key_size;
+ } aead;
+ /** FEATURE_SIGNER */
+ integrity_algorithm_t signer;
+ /** FEATURE_PRF */
+ pseudo_random_function_t prf;
+ /** FEATURE_HASHER */
+ hash_algorithm_t hasher;
+ /** FEATURE_DH */
+ diffie_hellman_group_t dh_group;
+ /** FEATURE_RNG */
+ rng_quality_t rng_quality;
+ /** FEATURE_PRIVKEY */
+ key_type_t privkey;
+ /** FEATURE_PRIVKEY_GEN */
+ key_type_t privkey_gen;
+ /** FEATURE_PRIVKEY_SIGN */
+ signature_scheme_t privkey_sign;
+ /** FEATURE_PRIVKEY_DECRYPT */
+ encryption_scheme_t privkey_decrypt;
+ /** FEATURE_PUBKEY */
+ key_type_t pubkey;
+ /** FEATURE_PUBKEY_VERIFY */
+ signature_scheme_t pubkey_verify;
+ /** FEATURE_PUBKEY_ENCRYPT */
+ encryption_scheme_t pubkey_encrypt;
+ /** FEATURE_CERT_DECODE/ENCODE */
+ certificate_type_t cert;
+ /** FEATURE_EAP_SERVER/CLIENT */
+ eap_type_t eap;
+ /** FEATURE_DATABASE */
+ db_driver_t database;
+ /** FEATURE_FETCHER */
+ char *fetcher;
+ /** FEATURE_CUSTOM */
+ char *custom;
+
+ /** FEATURE_REGISTER */
+ struct {
+ /** final flag to pass for builder_function_t */
+ bool final;
+ /** feature specific function to register for this type */
+ void *f;
+ } reg;
+
+ /** FEATURE_CALLBACK */
+ struct {
+ /** callback function to invoke for registration */
+ plugin_feature_callback_t f;
+ /** data to pass to callback */
+ void *data;
+ } cb;
+ } arg;
+};
+
+#define FEATURE(kind, type, ...) _PLUGIN_FEATURE_##type(kind, __VA_ARGS__)
+
+/**
+ * Define function to register directly for all upcoming features.
+ *
+ * @param type feature type to register
+ * @param f type specific function to register
+ * @param ... type specific additional arguments
+ */
+#define PLUGIN_REGISTER(type, f, ...) _PLUGIN_FEATURE_REGISTER_##type(type, f, ##__VA_ARGS__)
+
+/**
+ * Define a callback to invoke for registering all upcoming features.
+ *
+ * @param cb type specific callback function to register
+ * @param data data pointer to pass to callback
+ */
+#define PLUGIN_CALLBACK(cb, data) _PLUGIN_FEATURE_CALLBACK(cb, data)
+
+/**
+ * Define a feature the plugin provides.
+ *
+ * @param type feature type to provide
+ * @param ... type specific arguments
+ */
+#define PLUGIN_PROVIDE(type, ...) _PLUGIN_FEATURE_##type(PROVIDE, __VA_ARGS__)
+
+/**
+ * Define a hard dependency for the previously defined feature.
+ *
+ * @param type feature type to provide
+ * @param ... type specific arguments
+ */
+#define PLUGIN_DEPENDS(type, ...) _PLUGIN_FEATURE_##type(DEPENDS, __VA_ARGS__)
+
+/**
+ * Define a soft dependency for the previously defined feature.
+ *
+ * @param type feature type to provide
+ * @param ... type specific arguments
+ */
+#define PLUGIN_SDEPEND(type, ...) _PLUGIN_FEATURE_##type(SDEPEND, __VA_ARGS__)
+
+#define __PLUGIN_FEATURE(kind, type, ...) (plugin_feature_t){ FEATURE_##kind, FEATURE_##type, { __VA_ARGS__ }}
+#define _PLUGIN_FEATURE_CRYPTER(kind, alg, size) __PLUGIN_FEATURE(kind, CRYPTER, .crypter = { alg, size })
+#define _PLUGIN_FEATURE_AEAD(kind, alg, size) __PLUGIN_FEATURE(kind, AEAD, .aead = { alg, size })
+#define _PLUGIN_FEATURE_SIGNER(kind, alg) __PLUGIN_FEATURE(kind, SIGNER, .signer = alg)
+#define _PLUGIN_FEATURE_HASHER(kind, alg) __PLUGIN_FEATURE(kind, HASHER, .hasher = alg)
+#define _PLUGIN_FEATURE_PRF(kind, alg) __PLUGIN_FEATURE(kind, PRF, .prf = alg)
+#define _PLUGIN_FEATURE_DH(kind, group) __PLUGIN_FEATURE(kind, DH, .dh_group = group)
+#define _PLUGIN_FEATURE_RNG(kind, quality) __PLUGIN_FEATURE(kind, RNG, .rng_quality = quality)
+#define _PLUGIN_FEATURE_PRIVKEY(kind, type) __PLUGIN_FEATURE(kind, PRIVKEY, .privkey = type)
+#define _PLUGIN_FEATURE_PRIVKEY_GEN(kind, type) __PLUGIN_FEATURE(kind, PRIVKEY_GEN, .privkey_gen = type)
+#define _PLUGIN_FEATURE_PRIVKEY_SIGN(kind, scheme) __PLUGIN_FEATURE(kind, PRIVKEY_SIGN, .privkey_sign = scheme)
+#define _PLUGIN_FEATURE_PRIVKEY_DECRYPT(kind, scheme) __PLUGIN_FEATURE(kind, PRIVKEY_DECRYPT, .privkey_decrypt = scheme)
+#define _PLUGIN_FEATURE_PUBKEY(kind, type) __PLUGIN_FEATURE(kind, PUBKEY, .pubkey = type)
+#define _PLUGIN_FEATURE_PUBKEY_VERIFY(kind, scheme) __PLUGIN_FEATURE(kind, PUBKEY_VERIFY, .pubkey_verify = scheme)
+#define _PLUGIN_FEATURE_PUBKEY_ENCRYPT(kind, scheme) __PLUGIN_FEATURE(kind, PUBKEY_ENCRYPT, .pubkey_encrypt = scheme)
+#define _PLUGIN_FEATURE_CERT_DECODE(kind, type) __PLUGIN_FEATURE(kind, CERT_DECODE, .cert = type)
+#define _PLUGIN_FEATURE_CERT_ENCODE(kind, type) __PLUGIN_FEATURE(kind, CERT_ENCODE, .cert = type)
+#define _PLUGIN_FEATURE_EAP_SERVER(kind, type) __PLUGIN_FEATURE(kind, EAP_SERVER, .eap = type)
+#define _PLUGIN_FEATURE_EAP_PEER(kind, type) __PLUGIN_FEATURE(kind, EAP_PEER, .eap = type)
+#define _PLUGIN_FEATURE_DATABASE(kind, type) __PLUGIN_FEATURE(kind, DATABASE, .database = type)
+#define _PLUGIN_FEATURE_FETCHER(kind, type) __PLUGIN_FEATURE(kind, FETCHER, .fetcher = type)
+#define _PLUGIN_FEATURE_CUSTOM(kind, name) __PLUGIN_FEATURE(kind, CUSTOM, .custom = name)
+
+#define __PLUGIN_FEATURE_REGISTER(type, _f) (plugin_feature_t){ FEATURE_REGISTER, FEATURE_##type, .arg.reg.f = _f }
+#define __PLUGIN_FEATURE_REGISTER_BUILDER(type, _f, _final) (plugin_feature_t){ FEATURE_REGISTER, FEATURE_##type, .arg.reg = {.f = _f, .final = _final, }}
+#define _PLUGIN_FEATURE_REGISTER_CRYPTER(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
+#define _PLUGIN_FEATURE_REGISTER_AEAD(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
+#define _PLUGIN_FEATURE_REGISTER_SIGNER(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
+#define _PLUGIN_FEATURE_REGISTER_HASHER(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
+#define _PLUGIN_FEATURE_REGISTER_PRF(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
+#define _PLUGIN_FEATURE_REGISTER_DH(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
+#define _PLUGIN_FEATURE_REGISTER_RNG(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
+#define _PLUGIN_FEATURE_REGISTER_PRIVKEY(type, f, final) __PLUGIN_FEATURE_REGISTER_BUILDER(type, f, final)
+#define _PLUGIN_FEATURE_REGISTER_PRIVKEY_GEN(type, f, final)__PLUGIN_FEATURE_REGISTER_BUILDER(type, f, final)
+#define _PLUGIN_FEATURE_REGISTER_PUBKEY(type, f, final) __PLUGIN_FEATURE_REGISTER_BUILDER(type, f, final)
+#define _PLUGIN_FEATURE_REGISTER_CERT_DECODE(type, f, final)__PLUGIN_FEATURE_REGISTER_BUILDER(type, f, final)
+#define _PLUGIN_FEATURE_REGISTER_CERT_ENCODE(type, f, final)__PLUGIN_FEATURE_REGISTER_BUILDER(type, f, final)
+#define _PLUGIN_FEATURE_REGISTER_DATABASE(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
+#define _PLUGIN_FEATURE_REGISTER_FETCHER(type, f) __PLUGIN_FEATURE_REGISTER(type, f)
+
+#define _PLUGIN_FEATURE_CALLBACK(_cb, _data) (plugin_feature_t){ FEATURE_CALLBACK, FEATURE_NONE, .arg.cb = { .f = _cb, .data = _data } }
+
+/**
+ * Names for plugin_feature_t types.
+ */
+extern enum_name_t *plugin_feature_names;
+
+/**
+ * Check if feature a matches to feature b.
+ *
+ * @param a feature to check
+ * @param b feature to match against
+ * @return TRUE if a matches b
+ */
+bool plugin_feature_matches(plugin_feature_t *a, plugin_feature_t *b);
+
+/**
+ * Get a string describing feature.
+ *
+ * @param feature feature to describe
+ * @return allocated string describing feature
+ */
+char* plugin_feature_get_string(plugin_feature_t *feature);
+
+/**
+ * Load a plugin feature using a REGISTER/CALLBACK feature entry.
+ *
+ * @param plugin plugin providing feature
+ * @param feature feature to load
+ * @param reg REGISTER/CALLBACK feature entry to use for registration
+ */
+bool plugin_feature_load(plugin_t *plugin, plugin_feature_t *feature,
+ plugin_feature_t *reg);
+
+/**
+ * Unload a plugin feature using a REGISTER/CALLBACK feature entry.
+ *
+ * @param plugin plugin providing feature
+ * @param feature feature to unload
+ * @param reg REGISTER/CALLBACK feature entry to use for deregistration
+ */
+bool plugin_feature_unload(plugin_t *plugin, plugin_feature_t *feature,
+ plugin_feature_t *reg);
+
+#endif /** PLUGIN_FEATURE_H_ @}*/
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c
index b4d7bf7c7..f97cbb31f 100644
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010 Tobias Brunner
+ * Copyright (C) 2010-2012 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -23,11 +23,13 @@
#include <stdio.h>
#include <debug.h>
+#include <library.h>
#include <integrity_checker.h>
#include <utils/linked_list.h>
#include <plugins/plugin.h>
typedef struct private_plugin_loader_t private_plugin_loader_t;
+typedef struct plugin_entry_t plugin_entry_t;
/**
* private data of plugin_loader
@@ -40,20 +42,67 @@ struct private_plugin_loader_t {
plugin_loader_t public;
/**
- * list of loaded plugins
+ * List of plugins, as plugin_entry_t
*/
linked_list_t *plugins;
+
+ /**
+ * List of names of loaded plugins
+ */
+ char *loaded_plugins;
+};
+
+/**
+ * Entry for a plugin
+ */
+struct plugin_entry_t {
+
+ /**
+ * Plugin instance
+ */
+ plugin_t *plugin;
+
+ /**
+ * dlopen handle, if in separate lib
+ */
+ void *handle;
+
+ /**
+ * List of loaded features
+ */
+ linked_list_t *loaded;
+
+ /**
+ * List features failed to load
+ */
+ linked_list_t *failed;
};
/**
+ * Destroy a plugin entry
+ */
+static void plugin_entry_destroy(plugin_entry_t *entry)
+{
+ DESTROY_IF(entry->plugin);
+ if (entry->handle)
+ {
+ dlclose(entry->handle);
+ }
+ entry->loaded->destroy(entry->loaded);
+ entry->failed->destroy(entry->failed);
+ free(entry);
+}
+
+/**
* create a plugin
* returns: NOT_FOUND, if the constructor was not found
* FAILED, if the plugin could not be constructed
*/
static status_t create_plugin(private_plugin_loader_t *this, void *handle,
- char *name, bool integrity, plugin_t **plugin)
+ char *name, bool integrity, plugin_entry_t **entry)
{
char create[128];
+ plugin_t *plugin;
plugin_constructor_t constructor;
if (snprintf(create, sizeof(create), "%s_plugin_create",
@@ -77,13 +126,18 @@ static status_t create_plugin(private_plugin_loader_t *this, void *handle,
DBG1(DBG_LIB, "plugin '%s': passed file and segment integrity tests",
name);
}
- *plugin = constructor();
- if (*plugin == NULL)
+ plugin = constructor();
+ if (plugin == NULL)
{
DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name,
create);
return FAILED;
}
+ INIT(*entry,
+ .plugin = plugin,
+ .loaded = linked_list_create(),
+ .failed = linked_list_create(),
+ );
DBG2(DBG_LIB, "plugin '%s': loaded successfully", name);
return SUCCESS;
}
@@ -91,28 +145,21 @@ static status_t create_plugin(private_plugin_loader_t *this, void *handle,
/**
* load a single plugin
*/
-static plugin_t* load_plugin(private_plugin_loader_t *this,
- char *path, char *name)
+static bool load_plugin(private_plugin_loader_t *this, char *name, char *file)
{
- char file[PATH_MAX];
+ plugin_entry_t *entry;
void *handle;
- plugin_t *plugin;
- switch (create_plugin(this, RTLD_DEFAULT, name, FALSE, &plugin))
+ switch (create_plugin(this, RTLD_DEFAULT, name, FALSE, &entry))
{
case SUCCESS:
- return plugin;
+ this->plugins->insert_last(this->plugins, entry);
+ return TRUE;
case NOT_FOUND:
/* try to load the plugin from a file */
break;
default:
- return NULL;
- }
-
- if (snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path,
- name) >= sizeof(file))
- {
- return NULL;
+ return FALSE;
}
if (lib->integrity)
{
@@ -120,26 +167,80 @@ static plugin_t* load_plugin(private_plugin_loader_t *this,
{
DBG1(DBG_LIB, "plugin '%s': failed file integrity test of '%s'",
name, file);
- return NULL;
+ return FALSE;
}
}
handle = dlopen(file, RTLD_LAZY);
if (handle == NULL)
{
DBG1(DBG_LIB, "plugin '%s' failed to load: %s", name, dlerror());
- return NULL;
+ return FALSE;
}
- if (create_plugin(this, handle, name, TRUE, &plugin) != SUCCESS)
+ if (create_plugin(this, handle, name, TRUE, &entry) != SUCCESS)
{
dlclose(handle);
- return NULL;
+ return FALSE;
}
- /* we do not store or free dlopen() handles, leak_detective requires
- * the modules to keep loaded until leak report */
- return plugin;
+ entry->handle = handle;
+ this->plugins->insert_last(this->plugins, entry);
+ return TRUE;
}
/**
+ * Convert enumerated entries to plugin_t
+ */
+static bool plugin_filter(void *null, plugin_entry_t **entry, plugin_t **plugin,
+ void *in, linked_list_t **list)
+{
+ *plugin = (*entry)->plugin;
+ if (list)
+ {
+ *list = (*entry)->loaded;
+ }
+ return TRUE;
+}
+
+METHOD(plugin_loader_t, create_plugin_enumerator, enumerator_t*,
+ private_plugin_loader_t *this)
+{
+ return enumerator_create_filter(
+ this->plugins->create_enumerator(this->plugins),
+ (void*)plugin_filter, NULL, NULL);
+}
+
+/**
+ * Create a list of the names of all loaded plugins
+ */
+static char* loaded_plugins_list(private_plugin_loader_t *this)
+{
+ int buf_len = 128, len = 0;
+ char *buf, *name;
+ enumerator_t *enumerator;
+ plugin_t *plugin;
+
+ buf = malloc(buf_len);
+ buf[0] = '\0';
+ enumerator = create_plugin_enumerator(this);
+ while (enumerator->enumerate(enumerator, &plugin, NULL))
+ {
+ name = plugin->get_name(plugin);
+ if (len + (strlen(name) + 1) >= buf_len)
+ {
+ buf_len <<= 1;
+ buf = realloc(buf, buf_len);
+ }
+ len += snprintf(&buf[len], buf_len - len, "%s ", name);
+ }
+ enumerator->destroy(enumerator);
+ if (len > 0 && buf[len - 1] == ' ')
+ {
+ buf[len - 1] = '\0';
+ }
+ return buf;
+}
+
+
+/**
* Check if a plugin is already loaded
*/
static bool plugin_loaded(private_plugin_loader_t *this, char *name)
@@ -148,8 +249,8 @@ static bool plugin_loaded(private_plugin_loader_t *this, char *name)
bool found = FALSE;
plugin_t *plugin;
- enumerator = this->plugins->create_enumerator(this->plugins);
- while (enumerator->enumerate(enumerator, &plugin))
+ enumerator = create_plugin_enumerator(this);
+ while (enumerator->enumerate(enumerator, &plugin, NULL))
{
if (streq(plugin->get_name(plugin), name))
{
@@ -161,6 +262,235 @@ static bool plugin_loaded(private_plugin_loader_t *this, char *name)
return found;
}
+/**
+ * Check if a feature of a plugin is already loaded
+ */
+static bool feature_loaded(private_plugin_loader_t *this, plugin_entry_t *entry,
+ plugin_feature_t *feature)
+{
+ return entry->loaded->find_first(entry->loaded, NULL,
+ (void**)&feature) == SUCCESS;
+}
+
+/**
+ * Check if loading a feature of a plugin failed
+ */
+static bool feature_failed(private_plugin_loader_t *this, plugin_entry_t *entry,
+ plugin_feature_t *feature)
+{
+ return entry->failed->find_first(entry->failed, NULL,
+ (void**)&feature) == SUCCESS;
+}
+
+/**
+ * Check if dependencies are satisfied
+ */
+static bool dependencies_satisfied(private_plugin_loader_t *this,
+ plugin_entry_t *entry, bool soft, bool report,
+ plugin_feature_t *features, int count)
+{
+ int i;
+
+ /* first entry is provided feature, followed by dependencies */
+ for (i = 1; i < count; i++)
+ {
+ enumerator_t *entries, *loaded;
+ plugin_feature_t *feature;
+ plugin_entry_t *current;
+ bool found = FALSE;
+
+ if (features[i].kind != FEATURE_DEPENDS &&
+ features[i].kind != FEATURE_SDEPEND)
+ { /* end of dependencies */
+ break;
+ }
+ entries = this->plugins->create_enumerator(this->plugins);
+ while (entries->enumerate(entries, &current))
+ {
+ loaded = current->loaded->create_enumerator(current->loaded);
+ while (loaded->enumerate(loaded, &feature))
+ {
+ if (plugin_feature_matches(&features[i], feature))
+ {
+ found = TRUE;
+ break;
+ }
+ }
+ loaded->destroy(loaded);
+ }
+ entries->destroy(entries);
+
+ if (!found && (features[i].kind != FEATURE_SDEPEND || soft))
+ {
+ if (report)
+ {
+ char *provide, *depend, *name;
+
+ name = entry->plugin->get_name(entry->plugin);
+ provide = plugin_feature_get_string(&features[0]);
+ depend = plugin_feature_get_string(&features[i]);
+ DBG2(DBG_LIB, "feature %s in '%s' plugin has unsatisfied "
+ "dependency: %s", provide, name, depend);
+ free(provide);
+ free(depend);
+ }
+ return FALSE;
+ }
+ }
+ return TRUE;
+}
+
+/**
+ * Check if a given feature is still required as dependency
+ */
+static bool dependency_required(private_plugin_loader_t *this,
+ plugin_feature_t *dep)
+{
+ enumerator_t *enumerator;
+ plugin_feature_t *features;
+ plugin_entry_t *entry;
+ int count, i;
+
+ enumerator = this->plugins->create_enumerator(this->plugins);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (!entry->plugin->get_features)
+ { /* features not supported */
+ continue;
+ }
+ count = entry->plugin->get_features(entry->plugin, &features);
+ for (i = 0; i < count; i++)
+ {
+ if (feature_loaded(this, entry, &features[i]))
+ {
+ while (++i < count && (features[i].kind == FEATURE_DEPENDS ||
+ features[i].kind == FEATURE_SDEPEND))
+ {
+ if (plugin_feature_matches(&features[i], dep))
+ {
+ enumerator->destroy(enumerator);
+ return TRUE;
+ }
+ }
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+ return FALSE;
+}
+
+/**
+ * Load plugin features in correct order
+ */
+static int load_features(private_plugin_loader_t *this, bool soft, bool report)
+{
+ enumerator_t *enumerator;
+ plugin_feature_t *feature, *reg;
+ plugin_entry_t *entry;
+ int count, i, loaded = 0;
+
+ enumerator = this->plugins->create_enumerator(this->plugins);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (!entry->plugin->get_features)
+ { /* feature interface not supported */
+ continue;
+ }
+ reg = NULL;
+ count = entry->plugin->get_features(entry->plugin, &feature);
+ for (i = 0; i < count; i++)
+ {
+ switch (feature->kind)
+ {
+ case FEATURE_PROVIDE:
+ if (!feature_loaded(this, entry, feature) &&
+ !feature_failed(this, entry, feature) &&
+ dependencies_satisfied(this, entry, soft, report,
+ feature, count - i))
+ {
+ if (plugin_feature_load(entry->plugin, feature, reg))
+ {
+ entry->loaded->insert_last(entry->loaded, feature);
+ loaded++;
+ }
+ else
+ {
+ entry->failed->insert_last(entry->failed, feature);
+ }
+ }
+ break;
+ case FEATURE_REGISTER:
+ case FEATURE_CALLBACK:
+ reg = feature;
+ break;
+ default:
+ break;
+ }
+ feature++;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return loaded;
+}
+
+/**
+ * Try to unload plugin features on which is not depended anymore
+ */
+static int unload_features(private_plugin_loader_t *this, plugin_entry_t *entry)
+{
+ plugin_feature_t *feature, *reg = NULL;
+ int count, i, unloaded = 0;
+
+ count = entry->plugin->get_features(entry->plugin, &feature);
+ for (i = 0; i < count; i++)
+ {
+ switch (feature->kind)
+ {
+ case FEATURE_PROVIDE:
+ if (feature_loaded(this, entry, feature) &&
+ !dependency_required(this, feature) &&
+ plugin_feature_unload(entry->plugin, feature, reg))
+ {
+ entry->loaded->remove(entry->loaded, feature, NULL);
+ unloaded++;
+ }
+ break;
+ case FEATURE_REGISTER:
+ case FEATURE_CALLBACK:
+ reg = feature;
+ break;
+ default:
+ break;
+ }
+ feature++;
+ }
+ return unloaded;
+}
+
+/**
+ * Remove plugins that we were not able to load any features from.
+ */
+static void purge_plugins(private_plugin_loader_t *this)
+{
+ enumerator_t *enumerator;
+ plugin_entry_t *entry;
+
+ enumerator = this->plugins->create_enumerator(this->plugins);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (!entry->plugin->get_features)
+ { /* feature interface not supported */
+ continue;
+ }
+ if (!entry->loaded->get_count(entry->loaded))
+ {
+ this->plugins->remove_at(this->plugins, enumerator);
+ plugin_entry_destroy(entry);
+ }
+ }
+ enumerator->destroy(enumerator);
+}
+
METHOD(plugin_loader_t, load_plugins, bool,
private_plugin_loader_t *this, char *path, char *list)
{
@@ -176,8 +506,8 @@ METHOD(plugin_loader_t, load_plugins, bool,
enumerator = enumerator_create_token(list, " ", " ");
while (!critical_failed && enumerator->enumerate(enumerator, &token))
{
- plugin_t *plugin;
bool critical = FALSE;
+ char file[PATH_MAX];
int len;
token = strdup(token);
@@ -192,42 +522,86 @@ METHOD(plugin_loader_t, load_plugins, bool,
free(token);
continue;
}
- plugin = load_plugin(this, path, token);
- if (plugin)
+ if (snprintf(file, sizeof(file), "%s/libstrongswan-%s.so",
+ path, token) >= sizeof(file))
{
- this->plugins->insert_last(this->plugins, plugin);
+ return FALSE;
}
- else
+ if (!load_plugin(this, token, file) && critical)
{
- if (critical)
- {
- critical_failed = TRUE;
- DBG1(DBG_LIB, "loading critical plugin '%s' failed", token);
- }
+ critical_failed = TRUE;
+ DBG1(DBG_LIB, "loading critical plugin '%s' failed", token);
}
free(token);
+ /* TODO: we currently load features after each plugin is loaded. This
+ * will not be necessary once we have features support in all plugins.
+ */
+ while (load_features(this, TRUE, FALSE))
+ {
+ /* try load new features until we don't get new ones */
+ }
}
enumerator->destroy(enumerator);
+ if (!critical_failed)
+ {
+ while (load_features(this, FALSE, FALSE))
+ {
+ /* enforce loading features, ignoring soft dependencies */
+ }
+ /* report missing dependencies */
+ load_features(this, FALSE, TRUE);
+ /* unload plugins that we were not able to load any features for */
+ purge_plugins(this);
+ }
+ if (!critical_failed)
+ {
+ free(this->loaded_plugins);
+ this->loaded_plugins = loaded_plugins_list(this);
+ }
return !critical_failed;
}
METHOD(plugin_loader_t, unload, void,
private_plugin_loader_t *this)
{
- plugin_t *plugin;
+ enumerator_t *enumerator;
+ plugin_entry_t *entry;
+ linked_list_t *list;
- /* unload plugins in reverse order */
- while (this->plugins->remove_last(this->plugins,
- (void**)&plugin) == SUCCESS)
+ /* unload plugins in reverse order, for those not supporting features */
+ list = linked_list_create();
+ while (this->plugins->remove_last(this->plugins, (void**)&entry) == SUCCESS)
{
- plugin->destroy(plugin);
+ list->insert_last(list, entry);
}
-}
-
-METHOD(plugin_loader_t, create_plugin_enumerator, enumerator_t*,
- private_plugin_loader_t *this)
-{
- return this->plugins->create_enumerator(this->plugins);
+ while (list->remove_last(list, (void**)&entry) == SUCCESS)
+ {
+ this->plugins->insert_first(this->plugins, entry);
+ }
+ list->destroy(list);
+ while (this->plugins->get_count(this->plugins))
+ {
+ enumerator = this->plugins->create_enumerator(this->plugins);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ if (entry->plugin->get_features)
+ { /* supports features */
+ while (unload_features(this, entry));
+ }
+ if (entry->loaded->get_count(entry->loaded) == 0)
+ {
+ if (lib->leak_detective)
+ { /* keep handle to report leaks properly */
+ entry->handle = NULL;
+ }
+ this->plugins->remove_at(this->plugins, enumerator);
+ plugin_entry_destroy(entry);
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+ free(this->loaded_plugins);
+ this->loaded_plugins = NULL;
}
/**
@@ -240,11 +614,11 @@ static u_int reload_by_name(private_plugin_loader_t *this, char *name)
plugin_t *plugin;
enumerator = create_plugin_enumerator(this);
- while (enumerator->enumerate(enumerator, &plugin))
+ while (enumerator->enumerate(enumerator, &plugin, NULL))
{
if (name == NULL || streq(name, plugin->get_name(plugin)))
{
- if (plugin->reload(plugin))
+ if (plugin->reload && plugin->reload(plugin))
{
DBG2(DBG_LIB, "reloaded configuration of '%s' plugin",
plugin->get_name(plugin));
@@ -276,10 +650,18 @@ METHOD(plugin_loader_t, reload, u_int,
return reloaded;
}
+METHOD(plugin_loader_t, loaded_plugins, char*,
+ private_plugin_loader_t *this)
+{
+ return this->loaded_plugins ?: "";
+}
+
METHOD(plugin_loader_t, destroy, void,
private_plugin_loader_t *this)
{
- this->plugins->destroy_offset(this->plugins, offsetof(plugin_t, destroy));
+ unload(this);
+ this->plugins->destroy(this->plugins);
+ free(this->loaded_plugins);
free(this);
}
@@ -296,6 +678,7 @@ plugin_loader_t *plugin_loader_create()
.reload = _reload,
.unload = _unload,
.create_plugin_enumerator = _create_plugin_enumerator,
+ .loaded_plugins = _loaded_plugins,
.destroy = _destroy,
},
.plugins = linked_list_create(),
diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h
index e03da4543..7fd07044d 100644
--- a/src/libstrongswan/plugins/plugin_loader.h
+++ b/src/libstrongswan/plugins/plugin_loader.h
@@ -1,4 +1,5 @@
/*
+ * Copyright (C) 2012 Tobias Brunner
* Copyright (C) 2007 Martin Willi
* Hochschule fuer Technik Rapperswil
*
@@ -15,7 +16,7 @@
/**
* @defgroup plugin_loader plugin_loader
- * @{ @ingroup plugin
+ * @{ @ingroup plugins
*/
#ifndef PLUGIN_LOADER_H_
@@ -59,11 +60,24 @@ struct plugin_loader_t {
/**
* Create an enumerator over all loaded plugins.
*
- * @return enumerator over plugin_t*
+ * In addition to the plugin, the enumerator returns a list of pointers to
+ * plugin features currently loaded (if the argument is not NULL).
+ * This list is to be read only.
+ *
+ * @return enumerator over plugin_t*, linked_list_t*
*/
enumerator_t* (*create_plugin_enumerator)(plugin_loader_t *this);
/**
+ * Get a simple list the names of all loaded plugins.
+ *
+ * The function returns internal data, do not free.
+ *
+ * @return list of the names of all loaded plugins
+ */
+ char* (*loaded_plugins)(plugin_loader_t *this);
+
+ /**
* Unload loaded plugins, destroy plugin_loader instance.
*/
void (*destroy)(plugin_loader_t *this);
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index 97fba22fc..0de048791 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -193,6 +193,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -201,6 +204,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -217,11 +221,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -265,6 +271,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
index c50189a8b..67240fe0c 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
@@ -15,6 +15,8 @@
#include "pubkey_cert.h"
+#include <time.h>
+
#include <debug.h>
typedef struct private_pubkey_cert_t private_pubkey_cert_t;
@@ -45,40 +47,41 @@ struct private_pubkey_cert_t {
identification_t *subject;
/**
+ * key inception time
+ */
+ time_t notBefore;
+
+ /**
+ * key expiration time
+ */
+ time_t notAfter;
+
+ /**
* reference count
*/
refcount_t ref;
};
-/**
- * Implementation of certificate_t.get_type
- */
-static certificate_type_t get_type(private_pubkey_cert_t *this)
+METHOD(certificate_t, get_type, certificate_type_t,
+ private_pubkey_cert_t *this)
{
return CERT_TRUSTED_PUBKEY;
}
-/**
- * Implementation of certificate_t.get_subject
- */
-static identification_t* get_subject(private_pubkey_cert_t *this)
+METHOD(certificate_t, get_subject, identification_t*,
+ private_pubkey_cert_t *this)
{
return this->subject;
}
-/**
- * Implementation of certificate_t.get_issuer
- */
-static identification_t* get_issuer(private_pubkey_cert_t *this)
+METHOD(certificate_t, get_issuer, identification_t*,
+ private_pubkey_cert_t *this)
{
return this->issuer;
}
-/**
- * Implementation of certificate_t.has_subject.
- */
-static id_match_t has_subject(private_pubkey_cert_t *this,
- identification_t *subject)
+METHOD(certificate_t, has_subject, id_match_t,
+ private_pubkey_cert_t *this, identification_t *subject)
{
if (subject->get_type(subject) == ID_KEY_ID)
{
@@ -94,22 +97,18 @@ static id_match_t has_subject(private_pubkey_cert_t *this,
}
}
}
- return ID_MATCH_NONE;
+
+ return this->subject->matches(this->subject, subject);
}
-/**
- * Implementation of certificate_t.has_subject.
- */
-static id_match_t has_issuer(private_pubkey_cert_t *this,
- identification_t *issuer)
+METHOD(certificate_t, has_issuer, id_match_t,
+ private_pubkey_cert_t *this, identification_t *issuer)
{
return ID_MATCH_NONE;
}
-/**
- * Implementation of certificate_t.equals.
- */
-static bool equals(private_pubkey_cert_t *this, certificate_t *other)
+METHOD(certificate_t, equals, bool,
+ private_pubkey_cert_t *this, certificate_t *other)
{
public_key_t *other_key;
@@ -126,62 +125,52 @@ static bool equals(private_pubkey_cert_t *this, certificate_t *other)
return FALSE;
}
-/**
- * Implementation of certificate_t.issued_by
- */
-static bool issued_by(private_pubkey_cert_t *this, certificate_t *issuer)
+METHOD(certificate_t, issued_by, bool,
+ private_pubkey_cert_t *this, certificate_t *issuer)
{
return equals(this, issuer);
}
-/**
- * Implementation of certificate_t.get_public_key
- */
-static public_key_t* get_public_key(private_pubkey_cert_t *this)
+METHOD(certificate_t, get_public_key, public_key_t*,
+ private_pubkey_cert_t *this)
{
this->key->get_ref(this->key);
return this->key;
}
-/**
- * Implementation of certificate_t.get_validity.
- */
-static bool get_validity(private_pubkey_cert_t *this, time_t *when,
- time_t *not_before, time_t *not_after)
+METHOD(certificate_t, get_validity, bool,
+ private_pubkey_cert_t *this, time_t *when, time_t *not_before,
+ time_t *not_after)
{
+ time_t t = when ? *when : time(NULL);
+
if (not_before)
{
- *not_before = 0;
+ *not_before = this->notBefore;
}
if (not_after)
{
- *not_after = ~0;
+ *not_after = this->notAfter;
}
- return TRUE;
+ return ((this->notBefore == UNDEFINED_TIME || t >= this->notBefore) &&
+ (this->notAfter == UNDEFINED_TIME || t <= this->notAfter));
}
-/**
- * Implementation of certificate_t.get_encoding.
- */
-static bool get_encoding(private_pubkey_cert_t *this, cred_encoding_type_t type,
- chunk_t *encoding)
+METHOD(certificate_t, get_encoding, bool,
+ private_pubkey_cert_t *this, cred_encoding_type_t type, chunk_t *encoding)
{
- return this->key->get_encoding(this->key, PUBKEY_ASN1_DER, encoding);
+ return this->key->get_encoding(this->key, type, encoding);
}
-/**
- * Implementation of certificate_t.get_ref
- */
-static private_pubkey_cert_t* get_ref(private_pubkey_cert_t *this)
+METHOD(certificate_t, get_ref, certificate_t*,
+ private_pubkey_cert_t *this)
{
ref_get(&this->ref);
- return this;
+ return &this->public.interface;
}
-/**
- * Implementation of pubkey_cert_t.destroy
- */
-static void destroy(private_pubkey_cert_t *this)
+METHOD(certificate_t, destroy, void,
+ private_pubkey_cert_t *this)
{
if (ref_put(&this->ref))
{
@@ -195,28 +184,42 @@ static void destroy(private_pubkey_cert_t *this)
/*
* see header file
*/
-static pubkey_cert_t *pubkey_cert_create(public_key_t *key)
+static pubkey_cert_t *pubkey_cert_create(public_key_t *key,
+ time_t notBefore, time_t notAfter,
+ identification_t *subject)
{
- private_pubkey_cert_t *this = malloc_thing(private_pubkey_cert_t);
+ private_pubkey_cert_t *this;
chunk_t fingerprint;
- this->public.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type;
- this->public.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject;
- this->public.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer;
- this->public.interface.has_subject = (id_match_t (*)(certificate_t*, identification_t *subject))has_subject;
- this->public.interface.has_issuer = (id_match_t (*)(certificate_t*, identification_t *issuer))has_issuer;
- this->public.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
- this->public.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
- this->public.interface.get_validity = (bool (*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
- this->public.interface.get_encoding = (bool (*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
- this->public.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals;
- this->public.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
- this->public.interface.destroy = (void (*)(certificate_t *this))destroy;
-
- this->ref = 1;
- this->key = key;
- this->issuer = identification_create_from_encoding(ID_ANY, chunk_empty);
- if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &fingerprint))
+ INIT(this,
+ .public = {
+ .interface = {
+ .get_type = _get_type,
+ .get_subject = _get_subject,
+ .get_issuer = _get_issuer,
+ .has_subject = _has_subject,
+ .has_issuer = _has_issuer,
+ .issued_by = _issued_by,
+ .get_public_key = _get_public_key,
+ .get_validity = _get_validity,
+ .get_encoding = _get_encoding,
+ .equals = _equals,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ .key = key,
+ .notBefore = notBefore,
+ .notAfter = notAfter,
+ .issuer = identification_create_from_encoding(ID_ANY, chunk_empty),
+ );
+
+ if (subject)
+ {
+ this->subject = subject->clone(subject);
+ }
+ else if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &fingerprint))
{
this->subject = identification_create_from_encoding(ID_KEY_ID, fingerprint);
}
@@ -235,6 +238,8 @@ pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args)
{
public_key_t *key = NULL;
chunk_t blob = chunk_empty;
+ identification_t *subject = NULL;
+ time_t notBefore = UNDEFINED_TIME, notAfter = UNDEFINED_TIME;
while (TRUE)
{
@@ -246,6 +251,15 @@ pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args)
case BUILD_PUBLIC_KEY:
key = va_arg(args, public_key_t*);
continue;
+ case BUILD_NOT_BEFORE_TIME:
+ notBefore = va_arg(args, time_t);
+ continue;
+ case BUILD_NOT_AFTER_TIME:
+ notAfter = va_arg(args, time_t);
+ continue;
+ case BUILD_SUBJECT:
+ subject = va_arg(args, identification_t*);
+ continue;
case BUILD_END:
break;
default:
@@ -264,7 +278,7 @@ pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args)
}
if (key)
{
- return pubkey_cert_create(key);
+ return pubkey_cert_create(key, notBefore, notAfter, subject);
}
return NULL;
}
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
index ae6607e5a..92bfc2e63 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
@@ -37,11 +37,19 @@ METHOD(plugin_t, get_name, char*,
return "pubkey";
}
+METHOD(plugin_t, get_features, int,
+ private_pubkey_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(CERT_ENCODE, pubkey_cert_wrap, FALSE),
+ PLUGIN_PROVIDE(CERT_ENCODE, CERT_TRUSTED_PUBKEY),
+ };
+ *features = f;
+ return countof(f);
+}
METHOD(plugin_t, destroy, void,
private_pubkey_plugin_t *this)
{
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)pubkey_cert_wrap);
free(this);
}
@@ -56,15 +64,12 @@ plugin_t *pubkey_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, FALSE,
- (builder_function_t)pubkey_cert_wrap);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index 761d2c96e..9b549b071 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -193,6 +193,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -201,6 +204,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -217,11 +221,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -265,6 +271,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c
index 00202a5a6..7f81e2622 100644
--- a/src/libstrongswan/plugins/random/random_plugin.c
+++ b/src/libstrongswan/plugins/random/random_plugin.c
@@ -37,11 +37,21 @@ METHOD(plugin_t, get_name, char*,
return "random";
}
+METHOD(plugin_t, get_features, int,
+ private_random_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(RNG, random_rng_create),
+ PLUGIN_PROVIDE(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(RNG, RNG_TRUE),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_random_plugin_t *this)
{
- lib->crypto->remove_rng(lib->crypto,
- (rng_constructor_t)random_rng_create);
free(this);
}
@@ -56,17 +66,12 @@ plugin_t *random_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->crypto->add_rng(lib->crypto, RNG_STRONG, get_name(this),
- (rng_constructor_t)random_rng_create);
- lib->crypto->add_rng(lib->crypto, RNG_TRUE, get_name(this),
- (rng_constructor_t)random_rng_create);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in
index e8856b7d7..a78762c82 100644
--- a/src/libstrongswan/plugins/revocation/Makefile.in
+++ b/src/libstrongswan/plugins/revocation/Makefile.in
@@ -195,6 +195,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -203,6 +206,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -219,11 +223,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -267,6 +273,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c
index def169275..34f347d1a 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@@ -404,7 +404,15 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best,
{
DBG1(DBG_CFG, "certificate was revoked on %T, reason: %N",
&revocation, TRUE, crl_reason_names, reason);
- *valid = VALIDATION_REVOKED;
+ if (reason != CRL_REASON_CERTIFICATE_HOLD)
+ {
+ *valid = VALIDATION_REVOKED;
+ }
+ else
+ {
+ /* if the cert is on hold, a newer CRL might not contain it */
+ *valid = VALIDATION_ON_HOLD;
+ }
enumerator->destroy(enumerator);
DESTROY_IF(best);
return cand;
@@ -681,6 +689,7 @@ METHOD(cert_validator_t, validate, bool,
DBG1(DBG_CFG, "certificate status is good");
return TRUE;
case VALIDATION_REVOKED:
+ case VALIDATION_ON_HOLD:
/* has already been logged */
return FALSE;
case VALIDATION_SKIPPED:
@@ -700,6 +709,7 @@ METHOD(cert_validator_t, validate, bool,
DBG1(DBG_CFG, "certificate status is good");
return TRUE;
case VALIDATION_REVOKED:
+ case VALIDATION_ON_HOLD:
/* has already been logged */
return FALSE;
case VALIDATION_FAILED:
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index b4b275648..f59c7516d 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -200,6 +203,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -216,11 +220,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.c b/src/libstrongswan/plugins/sha1/sha1_hasher.c
index 85bc89f37..4d69ad5a4 100644
--- a/src/libstrongswan/plugins/sha1/sha1_hasher.c
+++ b/src/libstrongswan/plugins/sha1/sha1_hasher.c
@@ -175,10 +175,8 @@ static void SHA1Final(private_sha1_hasher_t *this, u_int8_t *digest)
}
}
-/**
- * Implementation of hasher_t.reset.
- */
-static void reset(private_sha1_hasher_t *this)
+METHOD(hasher_t, reset, void,
+ private_sha1_hasher_t *this)
{
this->state[0] = 0x67452301;
this->state[1] = 0xEFCDAB89;
@@ -189,10 +187,8 @@ static void reset(private_sha1_hasher_t *this)
this->count[1] = 0;
}
-/**
- * Implementation of hasher_t.get_hash.
- */
-static void get_hash(private_sha1_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
+METHOD(hasher_t, get_hash, void,
+ private_sha1_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
{
SHA1Update(this, chunk.ptr, chunk.len);
if (buffer != NULL)
@@ -202,10 +198,8 @@ static void get_hash(private_sha1_hasher_t *this, chunk_t chunk, u_int8_t *buffe
}
}
-/**
- * Implementation of hasher_t.allocate_hash.
- */
-static void allocate_hash(private_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash)
+METHOD(hasher_t, allocate_hash, void,
+ private_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
SHA1Update(this, chunk.ptr, chunk.len);
if (hash != NULL)
@@ -218,18 +212,14 @@ static void allocate_hash(private_sha1_hasher_t *this, chunk_t chunk, chunk_t *h
}
}
-/**
- * Implementation of hasher_t.get_hash_size.
- */
-static size_t get_hash_size(private_sha1_hasher_t *this)
+METHOD(hasher_t, get_hash_size, size_t,
+ private_sha1_hasher_t *this)
{
return HASH_SIZE_SHA1;
}
-/**
- * Implementation of hasher_t.destroy.
- */
-static void destroy(private_sha1_hasher_t *this)
+METHOD(hasher_t, destroy, void,
+ private_sha1_hasher_t *this)
{
free(this);
}
@@ -240,16 +230,23 @@ static void destroy(private_sha1_hasher_t *this)
sha1_hasher_t *sha1_hasher_create(hash_algorithm_t algo)
{
private_sha1_hasher_t *this;
+
if (algo != HASH_SHA1)
{
return NULL;
}
- this = malloc_thing(private_sha1_hasher_t);
- this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash;
- this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash;
- this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size;
- this->public.hasher_interface.reset = (void (*) (hasher_t*))reset;
- this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy;
+
+ INIT(this,
+ .public = {
+ .hasher_interface = {
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .get_hash_size = _get_hash_size,
+ .reset = _reset,
+ .destroy = _destroy,
+ },
+ },
+ );
/* initialize */
reset(this);
diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.c b/src/libstrongswan/plugins/sha1/sha1_plugin.c
index a9b84e790..66c80b292 100644
--- a/src/libstrongswan/plugins/sha1/sha1_plugin.c
+++ b/src/libstrongswan/plugins/sha1/sha1_plugin.c
@@ -38,13 +38,22 @@ METHOD(plugin_t, get_name, char*,
return "sha1";
}
+METHOD(plugin_t, get_features, int,
+ private_sha1_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(HASHER, sha1_hasher_create),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA1),
+ PLUGIN_REGISTER(PRF, sha1_prf_create),
+ PLUGIN_PROVIDE(PRF, PRF_KEYED_SHA1),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_sha1_plugin_t *this)
{
- lib->crypto->remove_hasher(lib->crypto,
- (hasher_constructor_t)sha1_hasher_create);
- lib->crypto->remove_prf(lib->crypto,
- (prf_constructor_t)sha1_prf_create);
free(this);
}
@@ -59,17 +68,12 @@ plugin_t *sha1_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this),
- (hasher_constructor_t)sha1_hasher_create);
- lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, get_name(this),
- (prf_constructor_t)sha1_prf_create);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.c b/src/libstrongswan/plugins/sha1/sha1_prf.c
index a68779d37..11f588c9d 100644
--- a/src/libstrongswan/plugins/sha1/sha1_prf.c
+++ b/src/libstrongswan/plugins/sha1/sha1_prf.c
@@ -59,10 +59,8 @@ struct private_sha1_prf_t {
*/
extern void SHA1Update(private_sha1_hasher_t* this, u_int8_t *data, u_int32_t len);
-/**
- * Implementation of prf_t.get_bytes.
- */
-static void get_bytes(private_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes)
+METHOD(prf_t, get_bytes, void,
+ private_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes)
{
u_int32_t *hash = (u_int32_t*)bytes;
@@ -75,35 +73,27 @@ static void get_bytes(private_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes)
hash[4] = htonl(this->hasher->state[4]);
}
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_block_size(private_sha1_prf_t *this)
+METHOD(prf_t, get_block_size, size_t,
+ private_sha1_prf_t *this)
{
return HASH_SIZE_SHA1;
}
-/**
- * Implementation of prf_t.allocate_bytes.
- */
-static void allocate_bytes(private_sha1_prf_t *this, chunk_t seed, chunk_t *chunk)
+METHOD(prf_t, allocate_bytes, void,
+ private_sha1_prf_t *this, chunk_t seed, chunk_t *chunk)
{
*chunk = chunk_alloc(HASH_SIZE_SHA1);
get_bytes(this, seed, chunk->ptr);
}
-/**
- * Implementation of prf_t.get_key_size.
- */
-static size_t get_key_size(private_sha1_prf_t *this)
+METHOD(prf_t, get_key_size, size_t,
+ private_sha1_prf_t *this)
{
return sizeof(this->hasher->state);
}
-/**
- * Implementation of prf_t.set_key.
- */
-static void set_key(private_sha1_prf_t *this, chunk_t key)
+METHOD(prf_t, set_key, void,
+ private_sha1_prf_t *this, chunk_t key)
{
int i, rounds;
u_int32_t *iv = (u_int32_t*)key.ptr;
@@ -116,10 +106,8 @@ static void set_key(private_sha1_prf_t *this, chunk_t key)
}
}
-/**
- * Implementation of prf_t.destroy.
- */
-static void destroy(private_sha1_prf_t *this)
+METHOD(prf_t, destroy, void,
+ private_sha1_prf_t *this)
{
this->hasher->public.hasher_interface.destroy(&this->hasher->public.hasher_interface);
free(this);
@@ -131,19 +119,25 @@ static void destroy(private_sha1_prf_t *this)
sha1_prf_t *sha1_prf_create(pseudo_random_function_t algo)
{
private_sha1_prf_t *this;
+
if (algo != PRF_KEYED_SHA1)
{
return NULL;
}
- this = malloc_thing(private_sha1_prf_t);
- this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes;
- this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes;
- this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size;
- this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size;
- this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key;
- this->public.prf_interface.destroy = (void (*) (prf_t *))destroy;
-
- this->hasher = (private_sha1_hasher_t*)sha1_hasher_create(HASH_SHA1);
+
+ INIT(this,
+ .public = {
+ .prf_interface = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .get_block_size = _get_block_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .hasher = (private_sha1_hasher_t*)sha1_hasher_create(HASH_SHA1),
+ );
return &this->public;
}
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index bdc235555..c99f30e43 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -199,6 +202,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -215,11 +219,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.c b/src/libstrongswan/plugins/sha2/sha2_hasher.c
index d407fad1b..60fe4bd20 100644
--- a/src/libstrongswan/plugins/sha2/sha2_hasher.c
+++ b/src/libstrongswan/plugins/sha2/sha2_hasher.c
@@ -426,71 +426,90 @@ static void sha512_final(private_sha512_hasher_t *ctx)
} while(++j < 8);
}
-/**
- * Implementation of hasher_t.get_hash for SHA224.
- */
-static void get_hash224(private_sha256_hasher_t *this,
- chunk_t chunk, u_int8_t *buffer)
+METHOD(hasher_t, reset224, void,
+ private_sha256_hasher_t *this)
+{
+ memcpy(&this->sha_H[0], &sha224_hashInit[0], sizeof(this->sha_H));
+ this->sha_blocks = 0;
+ this->sha_bufCnt = 0;
+}
+
+METHOD(hasher_t, reset256, void,
+ private_sha256_hasher_t *this)
+{
+ memcpy(&this->sha_H[0], &sha256_hashInit[0], sizeof(this->sha_H));
+ this->sha_blocks = 0;
+ this->sha_bufCnt = 0;
+}
+
+METHOD(hasher_t, reset384, void,
+ private_sha512_hasher_t *this)
+{
+ memcpy(&this->sha_H[0], &sha384_hashInit[0], sizeof(this->sha_H));
+ this->sha_blocks = 0;
+ this->sha_blocksMSB = 0;
+ this->sha_bufCnt = 0;
+}
+
+METHOD(hasher_t, reset512, void,
+ private_sha512_hasher_t *this)
+{
+ memcpy(&this->sha_H[0], &sha512_hashInit[0], sizeof(this->sha_H));
+ this->sha_blocks = 0;
+ this->sha_blocksMSB = 0;
+ this->sha_bufCnt = 0;
+}
+
+METHOD(hasher_t, get_hash224, void,
+ private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
{
sha256_write(this, chunk.ptr, chunk.len);
if (buffer != NULL)
{
sha256_final(this);
memcpy(buffer, this->sha_out, HASH_SIZE_SHA224);
- this->public.hasher_interface.reset(&(this->public.hasher_interface));
+ reset224(this);
}
}
-/**
- * Implementation of hasher_t.get_hash for SHA256.
- */
-static void get_hash256(private_sha256_hasher_t *this,
- chunk_t chunk, u_int8_t *buffer)
+METHOD(hasher_t, get_hash256, void,
+ private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
{
sha256_write(this, chunk.ptr, chunk.len);
if (buffer != NULL)
{
sha256_final(this);
memcpy(buffer, this->sha_out, HASH_SIZE_SHA256);
- this->public.hasher_interface.reset(&(this->public.hasher_interface));
+ reset256(this);
}
}
-/**
- * Implementation of hasher_t.get_hash for SHA384.
- */
-static void get_hash384(private_sha512_hasher_t *this,
- chunk_t chunk, u_int8_t *buffer)
+METHOD(hasher_t, get_hash384, void,
+ private_sha512_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
{
sha512_write(this, chunk.ptr, chunk.len);
if (buffer != NULL)
{
sha512_final(this);
memcpy(buffer, this->sha_out, HASH_SIZE_SHA384);
- this->public.hasher_interface.reset(&(this->public.hasher_interface));
+ reset384(this);
}
}
-/**
- * Implementation of hasher_t.get_hash for SHA512.
- */
-static void get_hash512(private_sha512_hasher_t *this,
- chunk_t chunk, u_int8_t *buffer)
+METHOD(hasher_t, get_hash512, void,
+ private_sha512_hasher_t *this, chunk_t chunk, u_int8_t *buffer)
{
sha512_write(this, chunk.ptr, chunk.len);
if (buffer != NULL)
{
sha512_final(this);
memcpy(buffer, this->sha_out, HASH_SIZE_SHA512);
- this->public.hasher_interface.reset(&(this->public.hasher_interface));
+ reset512(this);
}
}
-/**
- * Implementation of hasher_t.allocate_hash for SHA224.
- */
-static void allocate_hash224(private_sha256_hasher_t *this,
- chunk_t chunk, chunk_t *hash)
+METHOD(hasher_t, allocate_hash224, void,
+ private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
@@ -500,16 +519,13 @@ static void allocate_hash224(private_sha256_hasher_t *this,
sha256_final(this);
allocated_hash = chunk_alloc(HASH_SIZE_SHA224);
memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA224);
- this->public.hasher_interface.reset(&(this->public.hasher_interface));
+ reset224(this);
*hash = allocated_hash;
}
}
-/**
- * Implementation of hasher_t.allocate_hash for SHA256.
- */
-static void allocate_hash256(private_sha256_hasher_t *this,
- chunk_t chunk, chunk_t *hash)
+METHOD(hasher_t, allocate_hash256, void,
+ private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
@@ -519,16 +535,13 @@ static void allocate_hash256(private_sha256_hasher_t *this,
sha256_final(this);
allocated_hash = chunk_alloc(HASH_SIZE_SHA256);
memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA256);
- this->public.hasher_interface.reset(&(this->public.hasher_interface));
+ reset256(this);
*hash = allocated_hash;
}
}
-/**
- * Implementation of hasher_t.allocate_hash for SHA384.
- */
-static void allocate_hash384(private_sha512_hasher_t *this,
- chunk_t chunk, chunk_t *hash)
+METHOD(hasher_t, allocate_hash384, void,
+ private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
@@ -538,16 +551,13 @@ static void allocate_hash384(private_sha512_hasher_t *this,
sha512_final(this);
allocated_hash = chunk_alloc(HASH_SIZE_SHA384);
memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA384);
- this->public.hasher_interface.reset(&(this->public.hasher_interface));
+ reset384(this);
*hash = allocated_hash;
}
}
-/**
- * Implementation of hasher_t.allocate_hash for SHA512.
- */
-static void allocate_hash512(private_sha512_hasher_t *this,
- chunk_t chunk, chunk_t *hash)
+METHOD(hasher_t, allocate_hash512, void,
+ private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
chunk_t allocated_hash;
@@ -557,89 +567,37 @@ static void allocate_hash512(private_sha512_hasher_t *this,
sha512_final(this);
allocated_hash = chunk_alloc(HASH_SIZE_SHA512);
memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA512);
- this->public.hasher_interface.reset(&(this->public.hasher_interface));
+ reset512(this);
*hash = allocated_hash;
}
}
-/**
- * Implementation of hasher_t.get_hash_size for SHA224.
- */
-static size_t get_hash_size224(private_sha256_hasher_t *this)
+METHOD(hasher_t, get_hash_size224, size_t,
+ private_sha256_hasher_t *this)
{
return HASH_SIZE_SHA224;
}
-/**
- * Implementation of hasher_t.get_hash_size for SHA256.
- */
-static size_t get_hash_size256(private_sha256_hasher_t *this)
+METHOD(hasher_t, get_hash_size256, size_t,
+ private_sha256_hasher_t *this)
{
return HASH_SIZE_SHA256;
}
-/**
- * Implementation of hasher_t.get_hash_size for SHA384.
- */
-static size_t get_hash_size384(private_sha512_hasher_t *this)
+METHOD(hasher_t, get_hash_size384, size_t,
+ private_sha512_hasher_t *this)
{
return HASH_SIZE_SHA384;
}
-/**
- * Implementation of hasher_t.get_hash_size for SHA512.
- */
-static size_t get_hash_size512(private_sha512_hasher_t *this)
+METHOD(hasher_t, get_hash_size512, size_t,
+ private_sha512_hasher_t *this)
{
return HASH_SIZE_SHA512;
}
-/**
- * Implementation of hasher_t.reset for SHA224
- */
-static void reset224(private_sha256_hasher_t *ctx)
-{
- memcpy(&ctx->sha_H[0], &sha224_hashInit[0], sizeof(ctx->sha_H));
- ctx->sha_blocks = 0;
- ctx->sha_bufCnt = 0;
-}
-
-/**
- * Implementation of hasher_t.reset for SHA256
- */
-static void reset256(private_sha256_hasher_t *ctx)
-{
- memcpy(&ctx->sha_H[0], &sha256_hashInit[0], sizeof(ctx->sha_H));
- ctx->sha_blocks = 0;
- ctx->sha_bufCnt = 0;
-}
-
-/**
- * Implementation of hasher_t.reset for SHA384
- */
-static void reset384(private_sha512_hasher_t *ctx)
-{
- memcpy(&ctx->sha_H[0], &sha384_hashInit[0], sizeof(ctx->sha_H));
- ctx->sha_blocks = 0;
- ctx->sha_blocksMSB = 0;
- ctx->sha_bufCnt = 0;
-}
-
-/**
- * Implementation of hasher_t.reset for SHA512
- */
-static void reset512(private_sha512_hasher_t *ctx)
-{
- memcpy(&ctx->sha_H[0], &sha512_hashInit[0], sizeof(ctx->sha_H));
- ctx->sha_blocks = 0;
- ctx->sha_blocksMSB = 0;
- ctx->sha_bufCnt = 0;
-}
-
-/**
- * Implementation of hasher_t.destroy.
- */
-static void destroy(sha2_hasher_t *this)
+METHOD(hasher_t, destroy, void,
+ sha2_hasher_t *this)
{
free(this);
}
@@ -649,46 +607,81 @@ static void destroy(sha2_hasher_t *this)
*/
sha2_hasher_t *sha2_hasher_create(hash_algorithm_t algorithm)
{
- sha2_hasher_t *this;
-
switch (algorithm)
{
case HASH_SHA224:
- this = (sha2_hasher_t*)malloc_thing(private_sha256_hasher_t);
- this->hasher_interface.reset = (void(*)(hasher_t*))reset224;
- this->hasher_interface.get_hash_size = (size_t(*)(hasher_t*))get_hash_size224;
- this->hasher_interface.get_hash = (void(*)(hasher_t*,chunk_t,u_int8_t*))get_hash224;
- this->hasher_interface.allocate_hash = (void(*)(hasher_t*,chunk_t,chunk_t*))allocate_hash224;
- break;
+ {
+ private_sha256_hasher_t *this;
+
+ INIT(this,
+ .public = {
+ .hasher_interface = {
+ .reset = _reset224,
+ .get_hash_size = _get_hash_size224,
+ .get_hash = _get_hash224,
+ .allocate_hash = _allocate_hash224,
+ .destroy = _destroy,
+ },
+ },
+ );
+ reset224(this);
+ return &this->public;
+ }
case HASH_SHA256:
- this = (sha2_hasher_t*)malloc_thing(private_sha256_hasher_t);
- this->hasher_interface.reset = (void(*)(hasher_t*))reset256;
- this->hasher_interface.get_hash_size = (size_t(*)(hasher_t*))get_hash_size256;
- this->hasher_interface.get_hash = (void(*)(hasher_t*,chunk_t,u_int8_t*))get_hash256;
- this->hasher_interface.allocate_hash = (void(*)(hasher_t*,chunk_t,chunk_t*))allocate_hash256;
- break;
+ {
+ private_sha256_hasher_t *this;
+
+ INIT(this,
+ .public = {
+ .hasher_interface = {
+ .reset = _reset256,
+ .get_hash_size = _get_hash_size256,
+ .get_hash = _get_hash256,
+ .allocate_hash = _allocate_hash256,
+ .destroy = _destroy,
+ },
+ },
+ );
+ reset256(this);
+ return &this->public;
+ }
case HASH_SHA384:
- /* uses SHA512 data structure */
- this = (sha2_hasher_t*)malloc_thing(private_sha512_hasher_t);
- this->hasher_interface.reset = (void(*)(hasher_t*))reset384;
- this->hasher_interface.get_hash_size = (size_t(*)(hasher_t*))get_hash_size384;
- this->hasher_interface.get_hash = (void(*)(hasher_t*,chunk_t,u_int8_t*))get_hash384;
- this->hasher_interface.allocate_hash = (void(*)(hasher_t*,chunk_t,chunk_t*))allocate_hash384;
- break;
+ {
+ private_sha512_hasher_t *this;
+
+ INIT(this,
+ .public = {
+ .hasher_interface = {
+ .reset = _reset384,
+ .get_hash_size = _get_hash_size384,
+ .get_hash = _get_hash384,
+ .allocate_hash = _allocate_hash384,
+ .destroy = _destroy,
+ },
+ },
+ );
+ reset384(this);
+ return &this->public;
+ }
case HASH_SHA512:
- this = (sha2_hasher_t*)malloc_thing(private_sha512_hasher_t);
- this->hasher_interface.reset = (void(*)(hasher_t*))reset512;
- this->hasher_interface.get_hash_size = (size_t(*)(hasher_t*))get_hash_size512;
- this->hasher_interface.get_hash = (void(*)(hasher_t*,chunk_t,u_int8_t*))get_hash512;
- this->hasher_interface.allocate_hash = (void(*)(hasher_t*,chunk_t,chunk_t*))allocate_hash512;
- break;
+ {
+ private_sha512_hasher_t *this;
+
+ INIT(this,
+ .public = {
+ .hasher_interface = {
+ .reset = _reset512,
+ .get_hash_size = _get_hash_size512,
+ .get_hash = _get_hash512,
+ .allocate_hash = _allocate_hash512,
+ .destroy = _destroy,
+ },
+ },
+ );
+ reset512(this);
+ return &this->public;
+ }
default:
return NULL;
}
- this->hasher_interface.destroy = (void(*)(hasher_t*))destroy;
-
- /* initialize */
- this->hasher_interface.reset(&this->hasher_interface);
-
- return this;
}
diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.c b/src/libstrongswan/plugins/sha2/sha2_plugin.c
index 4ec03a268..94a7ccd61 100644
--- a/src/libstrongswan/plugins/sha2/sha2_plugin.c
+++ b/src/libstrongswan/plugins/sha2/sha2_plugin.c
@@ -37,11 +37,23 @@ METHOD(plugin_t, get_name, char*,
return "sha2";
}
+METHOD(plugin_t, get_features, int,
+ private_sha2_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(HASHER, sha2_hasher_create),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA224),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA256),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA384),
+ PLUGIN_PROVIDE(HASHER, HASH_SHA512),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_sha2_plugin_t *this)
{
- lib->crypto->remove_hasher(lib->crypto,
- (hasher_constructor_t)sha2_hasher_create);
free(this);
}
@@ -56,21 +68,12 @@ plugin_t *sha2_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA224, get_name(this),
- (hasher_constructor_t)sha2_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this),
- (hasher_constructor_t)sha2_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this),
- (hasher_constructor_t)sha2_hasher_create);
- lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this),
- (hasher_constructor_t)sha2_hasher_create);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in
index ec370d38c..ce4b07769 100644
--- a/src/libstrongswan/plugins/soup/Makefile.in
+++ b/src/libstrongswan/plugins/soup/Makefile.in
@@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -200,6 +203,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -216,11 +220,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/soup/soup_plugin.c b/src/libstrongswan/plugins/soup/soup_plugin.c
index 22c8762e0..b21b28b9f 100644
--- a/src/libstrongswan/plugins/soup/soup_plugin.c
+++ b/src/libstrongswan/plugins/soup/soup_plugin.c
@@ -40,11 +40,21 @@ METHOD(plugin_t, get_name, char*,
return "soup";
}
+METHOD(plugin_t, get_features, int,
+ private_soup_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(FETCHER, soup_fetcher_create),
+ PLUGIN_PROVIDE(FETCHER, "http://"),
+ PLUGIN_PROVIDE(FETCHER, "https://"),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_soup_plugin_t *this)
{
- lib->fetcher->remove_fetcher(lib->fetcher,
- (fetcher_constructor_t)soup_fetcher_create);
free(this);
}
@@ -65,16 +75,11 @@ plugin_t *soup_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->fetcher->add_fetcher(lib->fetcher,
- (fetcher_constructor_t)soup_fetcher_create, "http://");
- lib->fetcher->add_fetcher(lib->fetcher,
- (fetcher_constructor_t)soup_fetcher_create, "https://");
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index e2ec799a9..391827724 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -194,6 +194,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -202,6 +205,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -218,11 +222,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -266,6 +272,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
index d8c6a560c..f554a9e4f 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
+++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
@@ -37,11 +37,20 @@ METHOD(plugin_t, get_name, char*,
return "sqlite";
}
+METHOD(plugin_t, get_features, int,
+ private_sqlite_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(DATABASE, sqlite_database_create),
+ PLUGIN_PROVIDE(DATABASE, DB_SQLITE),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_sqlite_plugin_t *this)
{
- lib->db->remove_database(lib->db,
- (database_constructor_t)sqlite_database_create);
free(this);
}
@@ -56,15 +65,12 @@ plugin_t *sqlite_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->db->add_database(lib->db,
- (database_constructor_t)sqlite_database_create);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am
index 049301977..5280300a8 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.am
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.am
@@ -15,6 +15,7 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors/aes_cbc.c \
test_vectors/aes_ctr.c \
test_vectors/aes_xcbc.c \
+ test_vectors/aes_cmac.c \
test_vectors/aes_ccm.c \
test_vectors/aes_gcm.c \
test_vectors/blowfish.c \
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index 70cdfd600..7e0271b13 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -76,11 +76,12 @@ am__installdirs = "$(DESTDIR)$(plugindir)"
LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_test_vectors_la_LIBADD =
am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \
- 3des_cbc.lo aes_cbc.lo aes_ctr.lo aes_xcbc.lo aes_ccm.lo \
- aes_gcm.lo blowfish.lo camellia_cbc.lo camellia_ctr.lo \
- camellia_xcbc.lo cast.lo des.lo idea.lo null.lo rc5.lo \
- serpent_cbc.lo twofish_cbc.lo md2.lo md4.lo md5.lo md5_hmac.lo \
- sha1.lo sha1_hmac.lo sha2.lo sha2_hmac.lo fips_prf.lo rng.lo
+ 3des_cbc.lo aes_cbc.lo aes_ctr.lo aes_xcbc.lo aes_cmac.lo \
+ aes_ccm.lo aes_gcm.lo blowfish.lo camellia_cbc.lo \
+ camellia_ctr.lo camellia_xcbc.lo cast.lo des.lo idea.lo \
+ null.lo rc5.lo serpent_cbc.lo twofish_cbc.lo md2.lo md4.lo \
+ md5.lo md5_hmac.lo sha1.lo sha1_hmac.lo sha2.lo sha2_hmac.lo \
+ fips_prf.lo rng.lo
libstrongswan_test_vectors_la_OBJECTS = \
$(am_libstrongswan_test_vectors_la_OBJECTS)
libstrongswan_test_vectors_la_LINK = $(LIBTOOL) --tag=CC \
@@ -199,6 +200,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -207,6 +211,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -223,11 +228,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -271,6 +278,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
@@ -291,6 +299,7 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors/aes_cbc.c \
test_vectors/aes_ctr.c \
test_vectors/aes_xcbc.c \
+ test_vectors/aes_cmac.c \
test_vectors/aes_ccm.c \
test_vectors/aes_gcm.c \
test_vectors/blowfish.c \
@@ -402,6 +411,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/3des_cbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_cbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_ccm.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_cmac.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_ctr.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_gcm.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_xcbc.Plo@am__quote@
@@ -477,6 +487,13 @@ aes_xcbc.lo: test_vectors/aes_xcbc.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c
+aes_cmac.lo: test_vectors/aes_cmac.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_cmac.lo -MD -MP -MF $(DEPDIR)/aes_cmac.Tpo -c -o aes_cmac.lo `test -f 'test_vectors/aes_cmac.c' || echo '$(srcdir)/'`test_vectors/aes_cmac.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_cmac.Tpo $(DEPDIR)/aes_cmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_cmac.c' object='aes_cmac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_cmac.lo `test -f 'test_vectors/aes_cmac.c' || echo '$(srcdir)/'`test_vectors/aes_cmac.c
+
aes_ccm.lo: test_vectors/aes_ccm.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_ccm.lo -MD -MP -MF $(DEPDIR)/aes_ccm.Tpo -c -o aes_ccm.lo `test -f 'test_vectors/aes_ccm.c' || echo '$(srcdir)/'`test_vectors/aes_ccm.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_ccm.Tpo $(DEPDIR)/aes_ccm.Plo
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h
index ab4689c1c..40fb51da6 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors.h
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h
@@ -91,6 +91,10 @@ TEST_VECTOR_SIGNER(aes_xcbc_s2)
TEST_VECTOR_SIGNER(aes_xcbc_s3)
TEST_VECTOR_SIGNER(aes_xcbc_s4)
TEST_VECTOR_SIGNER(aes_xcbc_s5)
+TEST_VECTOR_SIGNER(aes_cmac_s1)
+TEST_VECTOR_SIGNER(aes_cmac_s2)
+TEST_VECTOR_SIGNER(aes_cmac_s3)
+TEST_VECTOR_SIGNER(aes_cmac_s4)
TEST_VECTOR_SIGNER(camellia_xcbc_s1)
TEST_VECTOR_SIGNER(md5_hmac_s1)
TEST_VECTOR_SIGNER(md5_hmac_s2)
@@ -156,6 +160,13 @@ TEST_VECTOR_PRF(aes_xcbc_p4)
TEST_VECTOR_PRF(aes_xcbc_p5)
TEST_VECTOR_PRF(aes_xcbc_p6)
TEST_VECTOR_PRF(aes_xcbc_p7)
+TEST_VECTOR_PRF(aes_cmac_p1)
+TEST_VECTOR_PRF(aes_cmac_p2)
+TEST_VECTOR_PRF(aes_cmac_p3)
+TEST_VECTOR_PRF(aes_cmac_p4)
+TEST_VECTOR_PRF(aes_cmac_p5)
+TEST_VECTOR_PRF(aes_cmac_p6)
+TEST_VECTOR_PRF(aes_cmac_p7)
TEST_VECTOR_PRF(camellia_xcbc_p1)
TEST_VECTOR_PRF(camellia_xcbc_p2)
TEST_VECTOR_PRF(camellia_xcbc_p3)
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c
new file mode 100644
index 000000000..cc4121424
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c
@@ -0,0 +1,141 @@
+/*
+ * Copyright (C) 2012 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * RFC 4493 Example #1: AES-CMAC with 0-byte input
+ */
+prf_test_vector_t aes_cmac_p1 = {
+ .alg = PRF_AES128_CMAC, .key_size = 16, .len = 0,
+ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+ .seed = "",
+ .out = "\xbb\x1d\x69\x29\xe9\x59\x37\x28\x7f\xa3\x7d\x12\x9b\x75\x67\x46"
+};
+
+/**
+ * RFC 4493 Example #2: AES-CMAC with 16-byte input
+ */
+prf_test_vector_t aes_cmac_p2 = {
+ .alg = PRF_AES128_CMAC, .key_size = 16, .len = 16,
+ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+ .seed = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
+ .out = "\x07\x0a\x16\xb4\x6b\x4d\x41\x44\xf7\x9b\xdd\x9d\xd0\x4a\x28\x7c"
+};
+
+/**
+ * RFC 4493 Example #3: AES-CMAC with 40-byte input
+ */
+prf_test_vector_t aes_cmac_p3 = {
+ .alg = PRF_AES128_CMAC, .key_size = 16, .len = 40,
+ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+ .seed = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11",
+ .out = "\xdf\xa6\x67\x47\xde\x9a\xe6\x30\x30\xca\x32\x61\x14\x97\xc8\x27"
+};
+
+/**
+ * RFC 4493 Example #4: AES-CMAC with 64-byte input
+ */
+prf_test_vector_t aes_cmac_p4 = {
+ .alg = PRF_AES128_CMAC, .key_size = 16, .len = 64,
+ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+ .seed = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .out = "\x51\xf0\xbe\xbf\x7e\x3b\x9d\x92\xfc\x49\x74\x17\x79\x36\x3c\xfe"
+};
+
+/**
+ * RFC 4615 Test Case #1: AES-CMAC with 20-byte input, 18-byte key
+ */
+prf_test_vector_t aes_cmac_p5 = {
+ .alg = PRF_AES128_CMAC, .key_size = 18, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\xed\xcb",
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .out = "\x84\xa3\x48\xa4\xa4\x5d\x23\x5b\xab\xff\xfc\x0d\x2b\x4d\xa0\x9a"
+};
+
+/**
+ * RFC 4615 Test Case #2: AES-CMAC with 20-byte input, 16-byte key
+ */
+prf_test_vector_t aes_cmac_p6 = {
+ .alg = PRF_AES128_CMAC, .key_size = 16, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .out = "\x98\x0a\xe8\x7b\x5f\x4c\x9c\x52\x14\xf5\xb6\xa8\x45\x5e\x4c\x2d"
+};
+
+/**
+ * RFC 4615 Test Case #3: AES-CMAC with 20-byte input, 10-byte key
+ */
+prf_test_vector_t aes_cmac_p7 = {
+ .alg = PRF_AES128_CMAC, .key_size = 10, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09",
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .out = "\x29\x0d\x9e\x11\x2e\xdb\x09\xee\x14\x1f\xcf\x64\xc0\xb7\x2f\x3d"
+};
+
+/**
+ * RFC 4494 Test Case #1: AES-CMAC-96 with 0-byte input
+ */
+signer_test_vector_t aes_cmac_s1 = {
+ .alg = AUTH_AES_CMAC_96, .len = 0,
+ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+ .data = "",
+ .mac = "\xbb\x1d\x69\x29\xe9\x59\x37\x28\x7f\xa3\x7d\x12"
+};
+
+
+/**
+ * RFC 4494 Test Case #2: AES-CMAC-96 with 16-byte input
+ */
+signer_test_vector_t aes_cmac_s2 = {
+ .alg = AUTH_AES_CMAC_96, .len = 16,
+ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+ .data = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
+ .mac = "\x07\x0a\x16\xb4\x6b\x4d\x41\x44\xf7\x9b\xdd\x9d"
+};
+
+/**
+ * RFC 4494 Test Case #3: AES-CMAC-96 with 40-byte input
+ */
+signer_test_vector_t aes_cmac_s3 = {
+ .alg = AUTH_AES_CMAC_96, .len = 40,
+ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+ .data = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11",
+ .mac = "\xdf\xa6\x67\x47\xde\x9a\xe6\x30\x30\xca\x32\x61"
+};
+
+/**
+ * RFC 4494 Test Case #4: AES-CMAC-96 with 64-byte input
+ */
+signer_test_vector_t aes_cmac_s4 = {
+ .alg = AUTH_AES_CMAC_96, .len = 64,
+ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+ .data = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .mac = "\x51\xf0\xbe\xbf\x7e\x3b\x9d\x92\xfc\x49\x74\x17"
+};
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 58cdf2c7c..8c05cb22d 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -193,6 +193,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -201,6 +204,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -217,11 +221,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -265,6 +271,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index ba0357cc4..a2cb589e0 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -179,11 +179,11 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi
if (has_directoryName)
{
- iterator_t *iterator = list->create_iterator(list, TRUE);
+ enumerator_t *enumerator = list->create_enumerator(list);
identification_t *directoryName;
bool first = TRUE;
- while (iterator->iterate(iterator, (void**)&directoryName))
+ while (enumerator->enumerate(enumerator, (void**)&directoryName))
{
if (first)
{
@@ -192,15 +192,15 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi
}
else
{
- DBG1(DBG_LIB, "more than one directory name - first selected");
+ DBG1(DBG_ASN, "more than one directory name - first selected");
directoryName->destroy(directoryName);
}
}
- iterator->destroy(iterator);
+ enumerator->destroy(enumerator);
}
else
{
- DBG1(DBG_LIB, "no directoryName found");
+ DBG1(DBG_ASN, "no directoryName found");
}
list->destroy(list);
@@ -359,10 +359,10 @@ static bool parse_certificate(private_x509_ac_t *this)
break;
case AC_OBJ_VERSION:
this->version = (object.len) ? (1 + (u_int)*object.ptr) : 1;
- DBG2(DBG_LIB, " v%d", this->version);
+ DBG2(DBG_ASN, " v%d", this->version);
if (this->version != 2)
{
- DBG1(DBG_LIB, "v%d attribute certificates are not "
+ DBG1(DBG_ASN, "v%d attribute certificates are not "
"supported", this->version);
goto end;
}
@@ -408,20 +408,20 @@ static bool parse_certificate(private_x509_ac_t *this)
switch (type)
{
case OID_AUTHENTICATION_INFO:
- DBG2(DBG_LIB, " need to parse authenticationInfo");
+ DBG2(DBG_ASN, " need to parse authenticationInfo");
break;
case OID_ACCESS_IDENTITY:
- DBG2(DBG_LIB, " need to parse accessIdentity");
+ DBG2(DBG_ASN, " need to parse accessIdentity");
break;
case OID_CHARGING_IDENTITY:
- DBG2(DBG_LIB, "-- > --");
+ DBG2(DBG_ASN, "-- > --");
this->charging = ietf_attributes_create_from_encoding(object);
- DBG2(DBG_LIB, "-- < --");
+ DBG2(DBG_ASN, "-- < --");
break;
case OID_GROUP:
- DBG2(DBG_LIB, "-- > --");
+ DBG2(DBG_ASN, "-- > --");
this->groups = ietf_attributes_create_from_encoding(object);
- DBG2(DBG_LIB, "-- < --");
+ DBG2(DBG_ASN, "-- < --");
break;
case OID_ROLE:
parse_roleSyntax(object, level);
@@ -436,21 +436,21 @@ static bool parse_certificate(private_x509_ac_t *this)
break;
case AC_OBJ_CRITICAL:
critical = object.len && *object.ptr;
- DBG2(DBG_LIB, " %s",(critical)?"TRUE":"FALSE");
+ DBG2(DBG_ASN, " %s",(critical)?"TRUE":"FALSE");
break;
case AC_OBJ_EXTN_VALUE:
{
switch (extn_oid)
{
case OID_CRL_DISTRIBUTION_POINTS:
- DBG2(DBG_LIB, " need to parse crlDistributionPoints");
+ DBG2(DBG_ASN, " need to parse crlDistributionPoints");
break;
case OID_AUTHORITY_KEY_ID:
this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object,
level, &this->authKeySerialNumber);
break;
case OID_TARGET_INFORMATION:
- DBG2(DBG_LIB, " need to parse targetInformation");
+ DBG2(DBG_ASN, " need to parse targetInformation");
break;
case OID_NO_REV_AVAIL:
this->noRevAvail = TRUE;
@@ -465,7 +465,7 @@ static bool parse_certificate(private_x509_ac_t *this)
NULL);
if (this->algorithm != sig_alg)
{
- DBG1(DBG_LIB, " signature algorithms do not agree");
+ DBG1(DBG_ASN, " signature algorithms do not agree");
success = FALSE;
goto end;
}
@@ -528,7 +528,7 @@ static chunk_t build_attr_cert_validity(private_x509_ac_t *this)
{
return asn1_wrap(ASN1_SEQUENCE, "mm",
asn1_from_time(&this->notBefore, ASN1_GENERALIZEDTIME),
- asn1_from_time(&this->notAfter, ASN1_GENERALIZEDTIME));
+ asn1_from_time(&this->notAfter, ASN1_GENERALIZEDTIME));
}
@@ -616,7 +616,6 @@ static chunk_t build_attr_cert_info(private_x509_ac_t *this)
build_extensions(this));
}
-
/**
* build an X.509 attribute certificate
*/
@@ -636,82 +635,62 @@ static chunk_t build_ac(private_x509_ac_t *this)
asn1_bitstring("m", signatureValue));
}
-/**
- * Implementation of ac_t.get_serial.
- */
-static chunk_t get_serial(private_x509_ac_t *this)
+METHOD(ac_t, get_serial, chunk_t,
+ private_x509_ac_t *this)
{
return this->serialNumber;
}
-/**
- * Implementation of ac_t.get_holderSerial.
- */
-static chunk_t get_holderSerial(private_x509_ac_t *this)
+METHOD(ac_t, get_holderSerial, chunk_t,
+ private_x509_ac_t *this)
{
return this->holderSerial;
}
-/**
- * Implementation of ac_t.get_holderIssuer.
- */
-static identification_t* get_holderIssuer(private_x509_ac_t *this)
+METHOD(ac_t, get_holderIssuer, identification_t*,
+ private_x509_ac_t *this)
{
return this->holderIssuer;
}
-/**
- * Implementation of ac_t.get_authKeyIdentifier.
- */
-static chunk_t get_authKeyIdentifier(private_x509_ac_t *this)
+METHOD(ac_t, get_authKeyIdentifier, chunk_t,
+ private_x509_ac_t *this)
{
return this->authKeyIdentifier;
}
-/**
- * Implementation of certificate_t.get_groups.
- */
-static ietf_attributes_t* get_groups(private_x509_ac_t *this)
+METHOD(ac_t, get_groups, ietf_attributes_t*,
+ private_x509_ac_t *this)
{
return this->groups ? this->groups->get_ref(this->groups) : NULL;
}
-/**
- * Implementation of certificate_t.get_type
- */
-static certificate_type_t get_type(private_x509_ac_t *this)
+METHOD(certificate_t, get_type, certificate_type_t,
+ private_x509_ac_t *this)
{
return CERT_X509_AC;
}
-/**
- * Implementation of certificate_t.get_subject
- */
-static identification_t* get_subject(private_x509_ac_t *this)
+METHOD(certificate_t, get_subject, identification_t*,
+ private_x509_ac_t *this)
{
return this->entityName;
}
-/**
- * Implementation of certificate_t.get_issuer
- */
-static identification_t* get_issuer(private_x509_ac_t *this)
+METHOD(certificate_t, get_issuer, identification_t*,
+ private_x509_ac_t *this)
{
return this->issuerName;
}
-/**
- * Implementation of certificate_t.has_subject.
- */
-static id_match_t has_subject(private_x509_ac_t *this, identification_t *subject)
+METHOD(certificate_t, has_subject, id_match_t,
+ private_x509_ac_t *this, identification_t *subject)
{
return ID_MATCH_NONE;
}
-/**
- * Implementation of certificate_t.has_issuer.
- */
-static id_match_t has_issuer(private_x509_ac_t *this, identification_t *issuer)
+METHOD(certificate_t, has_issuer, id_match_t,
+ private_x509_ac_t *this, identification_t *issuer)
{
if (issuer->get_type(issuer) == ID_KEY_ID && this->authKeyIdentifier.ptr &&
chunk_equals(this->authKeyIdentifier, issuer->get_encoding(issuer)))
@@ -721,10 +700,8 @@ static id_match_t has_issuer(private_x509_ac_t *this, identification_t *issuer)
return this->issuerName->matches(this->issuerName, issuer);
}
-/**
- * Implementation of certificate_t.issued_by
- */
-static bool issued_by(private_x509_ac_t *this, certificate_t *issuer)
+METHOD(certificate_t, issued_by, bool,
+ private_x509_ac_t *this, certificate_t *issuer)
{
public_key_t *key;
signature_scheme_t scheme;
@@ -776,28 +753,21 @@ static bool issued_by(private_x509_ac_t *this, certificate_t *issuer)
return valid;
}
-/**
- * Implementation of certificate_t.get_public_key.
- */
-static public_key_t* get_public_key(private_x509_ac_t *this)
+METHOD(certificate_t, get_public_key, public_key_t*,
+ private_x509_ac_t *this)
{
return NULL;
}
-/**
- * Implementation of certificate_t.get_ref.
- */
-static private_x509_ac_t* get_ref(private_x509_ac_t *this)
+METHOD(certificate_t, get_ref, certificate_t*,
+ private_x509_ac_t *this)
{
ref_get(&this->ref);
- return this;
+ return &this->public.interface.certificate;
}
-/**
- * Implementation of certificate_t.get_validity.
- */
-static bool get_validity(private_x509_ac_t *this, time_t *when,
- time_t *not_before, time_t *not_after)
+METHOD(certificate_t, get_validity, bool,
+ private_x509_ac_t *this, time_t *when, time_t *not_before, time_t *not_after)
{
time_t t = when ? *when : time(NULL);
@@ -812,11 +782,8 @@ static bool get_validity(private_x509_ac_t *this, time_t *when,
return (t >= this->notBefore && t <= this->notAfter);
}
-/**
- * Implementation of certificate_t.get_encoding.
- */
-static bool get_encoding(private_x509_ac_t *this, cred_encoding_type_t type,
- chunk_t *encoding)
+METHOD(certificate_t, get_encoding, bool,
+ private_x509_ac_t *this, cred_encoding_type_t type, chunk_t *encoding)
{
if (type == CERT_ASN1_DER)
{
@@ -827,10 +794,8 @@ static bool get_encoding(private_x509_ac_t *this, cred_encoding_type_t type,
CRED_PART_X509_AC_ASN1_DER, this->encoding, CRED_PART_END);
}
-/**
- * Implementation of certificate_t.equals.
- */
-static bool equals(private_x509_ac_t *this, certificate_t *other)
+METHOD(certificate_t, equals, bool,
+ private_x509_ac_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
@@ -852,10 +817,8 @@ static bool equals(private_x509_ac_t *this, certificate_t *other)
return equal;
}
-/**
- * Implementation of x509_ac_t.destroy
- */
-static void destroy(private_x509_ac_t *this)
+METHOD(certificate_t, destroy, void,
+ private_x509_ac_t *this)
{
if (ref_put(&this->ref))
{
@@ -879,41 +842,34 @@ static void destroy(private_x509_ac_t *this)
*/
static private_x509_ac_t *create_empty(void)
{
- private_x509_ac_t *this = malloc_thing(private_x509_ac_t);
-
- /* public functions */
- this->public.interface.get_serial = (chunk_t (*)(ac_t*))get_serial;
- this->public.interface.get_holderSerial = (chunk_t (*)(ac_t*))get_holderSerial;
- this->public.interface.get_holderIssuer = (identification_t* (*)(ac_t*))get_holderIssuer;
- this->public.interface.get_authKeyIdentifier = (chunk_t (*)(ac_t*))get_authKeyIdentifier;
- this->public.interface.get_groups = (ietf_attributes_t* (*)(ac_t*))get_groups;
- this->public.interface.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type;
- this->public.interface.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_subject;
- this->public.interface.certificate.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer;
- this->public.interface.certificate.has_subject = (id_match_t(*)(certificate_t*, identification_t *subject))has_subject;
- this->public.interface.certificate.has_issuer = (id_match_t(*)(certificate_t*, identification_t *issuer))has_issuer;
- this->public.interface.certificate.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
- this->public.interface.certificate.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
- this->public.interface.certificate.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
- this->public.interface.certificate.get_encoding = (bool(*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
- this->public.interface.certificate.equals = (bool(*)(certificate_t*, certificate_t *other))equals;
- this->public.interface.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
- this->public.interface.certificate.destroy = (void (*)(certificate_t *this))destroy;
-
- /* initialize */
- this->encoding = chunk_empty;
- this->serialNumber = chunk_empty;
- this->holderSerial = chunk_empty;
- this->authKeyIdentifier = chunk_empty;
- this->holderIssuer = NULL;
- this->entityName = NULL;
- this->issuerName = NULL;
- this->holderCert = NULL;
- this->signerCert = NULL;
- this->signerKey = NULL;
- this->charging = NULL;
- this->groups = NULL;
- this->ref = 1;
+ private_x509_ac_t *this;
+
+ INIT(this,
+ .public = {
+ .interface = {
+ .certificate = {
+ .get_type = _get_type,
+ .get_subject = _get_subject,
+ .get_issuer = _get_issuer,
+ .has_subject = _has_subject,
+ .has_issuer = _has_issuer,
+ .issued_by = _issued_by,
+ .get_public_key = _get_public_key,
+ .get_validity = _get_validity,
+ .get_encoding = _get_encoding,
+ .equals = _equals,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_serial = _get_serial,
+ .get_holderSerial = _get_holderSerial,
+ .get_holderIssuer = _get_holderIssuer,
+ .get_authKeyIdentifier = _get_authKeyIdentifier,
+ .get_groups = _get_groups,
+ },
+ },
+ .ref = 1,
+ );
return this;
}
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 8b228a2b6..4859f4310 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -275,8 +275,8 @@ static const asn1Object_t basicConstraintsObjects[] = {
{ 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
{ 1, "CA", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 1 */
{ 1, "pathLenConstraint", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 2 */
- { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
- { 0, "exit", ASN1_EOC, ASN1_EXIT }
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define BASIC_CONSTRAINTS_CA 1
#define BASIC_CONSTRAINTS_PATH_LEN 2
@@ -301,7 +301,7 @@ static void parse_basicConstraints(chunk_t blob, int level0,
{
case BASIC_CONSTRAINTS_CA:
isCA = object.len && *object.ptr;
- DBG2(DBG_LIB, " %s", isCA ? "TRUE" : "FALSE");
+ DBG2(DBG_ASN, " %s", isCA ? "TRUE" : "FALSE");
if (isCA)
{
this->flags |= X509_CA;
@@ -394,7 +394,7 @@ static const asn1Object_t generalNameObjects[] = {
{ 0, "otherName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_BODY }, /* 0 */
{ 0, "end choice", ASN1_EOC, ASN1_END }, /* 1 */
{ 0, "rfc822Name", ASN1_CONTEXT_S_1, ASN1_OPT|ASN1_BODY }, /* 2 */
- { 0, "end choice", ASN1_EOC, ASN1_END }, /* 3 */
+ { 0, "end choice", ASN1_EOC, ASN1_END }, /* 3 */
{ 0, "dnsName", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 4 */
{ 0, "end choice", ASN1_EOC, ASN1_END }, /* 5 */
{ 0, "x400Address", ASN1_CONTEXT_S_3, ASN1_OPT|ASN1_BODY }, /* 6 */
@@ -482,7 +482,7 @@ static identification_t *parse_generalName(chunk_t blob, int level0)
if (id_type != ID_ANY)
{
gn = identification_create_from_encoding(id_type, object);
- DBG2(DBG_LIB, " '%Y'", gn);
+ DBG2(DBG_ASN, " '%Y'", gn);
goto end;
}
}
@@ -536,14 +536,14 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis
* ASN.1 definition of a authorityKeyIdentifier extension
*/
static const asn1Object_t authKeyIdentifierObjects[] = {
- { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
{ 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT|ASN1_BODY }, /* 1 */
- { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
{ 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_OBJ }, /* 3 */
- { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */
{ 1, "authorityCertSerialNumber", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 5 */
- { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */
- { 0, "exit", ASN1_EOC, ASN1_EXIT }
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
};
#define AUTH_KEY_ID_KEY_ID 1
#define AUTH_KEY_ID_CERT_ISSUER 3
@@ -638,7 +638,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0,
/* parsing went wrong - abort */
goto end;
}
- DBG2(DBG_LIB, " '%Y'", id);
+ DBG2(DBG_ASN, " '%Y'", id);
if (accessMethod == OID_OCSP &&
asprintf(&uri, "%Y", id) > 0)
{
@@ -1107,10 +1107,10 @@ static void parse_policyConstraints(chunk_t blob, int level0,
static const asn1Object_t ipAddrBlocksObjects[] = {
{ 0, "ipAddrBlocks", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */
{ 1, "ipAddressFamily", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */
- { 2, "addressFamily", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */
+ { 2, "addressFamily", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */
{ 2, "inherit", ASN1_NULL, ASN1_OPT|ASN1_NONE }, /* 3 */
{ 2, "end choice", ASN1_EOC, ASN1_END }, /* 4 */
- { 2, "addressesOrRanges", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 5 */
+ { 2, "addressesOrRanges", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 5 */
{ 3, "addressPrefix", ASN1_BIT_STRING, ASN1_OPT|ASN1_BODY }, /* 6 */
{ 3, "end choice", ASN1_EOC, ASN1_END }, /* 7 */
{ 3, "addressRange", ASN1_SEQUENCE, ASN1_OPT|ASN1_NONE }, /* 8 */
@@ -1134,36 +1134,36 @@ static bool check_address_object(ts_type_t ts_type, chunk_t object)
case TS_IPV4_ADDR_RANGE:
if (object.len > 5)
{
- DBG1(DBG_LIB, "IPv4 address object is larger than 5 octets");
+ DBG1(DBG_ASN, "IPv4 address object is larger than 5 octets");
return FALSE;
}
break;
case TS_IPV6_ADDR_RANGE:
if (object.len > 17)
{
- DBG1(DBG_LIB, "IPv6 address object is larger than 17 octets");
+ DBG1(DBG_ASN, "IPv6 address object is larger than 17 octets");
return FALSE;
}
break;
default:
- DBG1(DBG_LIB, "unknown address family");
+ DBG1(DBG_ASN, "unknown address family");
return FALSE;
}
if (object.len == 0)
{
- DBG1(DBG_LIB, "An ASN.1 bit string must contain at least the "
+ DBG1(DBG_ASN, "An ASN.1 bit string must contain at least the "
"initial octet");
return FALSE;
}
if (object.len == 1 && object.ptr[0] != 0)
{
- DBG1(DBG_LIB, "An empty ASN.1 bit string must contain a zero "
+ DBG1(DBG_ASN, "An empty ASN.1 bit string must contain a zero "
"initial octet");
return FALSE;
}
if (object.ptr[0] > 7)
{
- DBG1(DBG_LIB, "number of unused bits is too large");
+ DBG1(DBG_ASN, "number of unused bits is too large");
return FALSE;
}
return TRUE;
@@ -1201,11 +1201,11 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
{
break;
}
- DBG2(DBG_LIB, " %N", ts_type_name, ts_type);
+ DBG2(DBG_ASN, " %N", ts_type_name, ts_type);
}
break;
case IP_ADDR_BLOCKS_INHERIT:
- DBG1(DBG_LIB, "inherit choice is not supported");
+ DBG1(DBG_ASN, "inherit choice is not supported");
break;
case IP_ADDR_BLOCKS_PREFIX:
if (!check_address_object(ts_type, object))
@@ -1214,7 +1214,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
}
ts = traffic_selector_create_from_rfc3779_format(ts_type,
object, object);
- DBG2(DBG_LIB, " %R", ts);
+ DBG2(DBG_ASN, " %R", ts);
this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts);
break;
case IP_ADDR_BLOCKS_MIN:
@@ -1231,7 +1231,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
}
ts = traffic_selector_create_from_rfc3779_format(ts_type,
min_object, object);
- DBG2(DBG_LIB, " %R", ts);
+ DBG2(DBG_ASN, " %R", ts);
this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts);
break;
default:
@@ -1280,7 +1280,7 @@ static const asn1Object_t certObjects[] = {
#define X509_OBJ_VERSION 3
#define X509_OBJ_SERIAL_NUMBER 4
#define X509_OBJ_SIG_ALG 5
-#define X509_OBJ_ISSUER 6
+#define X509_OBJ_ISSUER 6
#define X509_OBJ_NOT_BEFORE 8
#define X509_OBJ_NOT_AFTER 9
#define X509_OBJ_SUBJECT 10
@@ -1320,12 +1320,12 @@ static bool parse_certificate(private_x509_cert_t *this)
this->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
if (this->version < 1 || this->version > 3)
{
- DBG1(DBG_LIB, "X.509v%d not supported", this->version);
+ DBG1(DBG_ASN, "X.509v%d not supported", this->version);
goto end;
}
else
{
- DBG2(DBG_LIB, " X.509v%d", this->version);
+ DBG2(DBG_ASN, " X.509v%d", this->version);
}
break;
case X509_OBJ_SERIAL_NUMBER:
@@ -1336,7 +1336,7 @@ static bool parse_certificate(private_x509_cert_t *this)
break;
case X509_OBJ_ISSUER:
this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(DBG_LIB, " '%Y'", this->issuer);
+ DBG2(DBG_ASN, " '%Y'", this->issuer);
break;
case X509_OBJ_NOT_BEFORE:
this->notBefore = asn1_parse_time(object, level);
@@ -1346,13 +1346,13 @@ static bool parse_certificate(private_x509_cert_t *this)
break;
case X509_OBJ_SUBJECT:
this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(DBG_LIB, " '%Y'", this->subject);
+ DBG2(DBG_ASN, " '%Y'", this->subject);
break;
case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO:
- DBG2(DBG_LIB, "-- > --");
+ DBG2(DBG_ASN, "-- > --");
this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END);
- DBG2(DBG_LIB, "-- < --");
+ DBG2(DBG_ASN, "-- < --");
if (this->public_key == NULL)
{
goto end;
@@ -1361,7 +1361,7 @@ static bool parse_certificate(private_x509_cert_t *this)
case X509_OBJ_OPTIONAL_EXTENSIONS:
if (this->version != 3)
{
- DBG1(DBG_LIB, "Only X.509v3 certificates have extensions");
+ DBG1(DBG_ASN, "Only X.509v3 certificates have extensions");
goto end;
}
break;
@@ -1370,7 +1370,7 @@ static bool parse_certificate(private_x509_cert_t *this)
break;
case X509_OBJ_CRITICAL:
critical = object.len && *object.ptr;
- DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE");
+ DBG2(DBG_ASN, " %s", critical ? "TRUE" : "FALSE");
break;
case X509_OBJ_EXTN_VALUE:
{
@@ -1445,7 +1445,7 @@ static bool parse_certificate(private_x509_cert_t *this)
if (critical && lib->settings->get_bool(lib->settings,
"libstrongswan.x509.enforce_critical", TRUE))
{
- DBG1(DBG_LIB, "critical '%s' extension not supported",
+ DBG1(DBG_ASN, "critical '%s' extension not supported",
(extn_oid == OID_UNKNOWN) ? "unknown" :
(char*)oid_names[extn_oid].name);
goto end;
@@ -1458,7 +1458,7 @@ static bool parse_certificate(private_x509_cert_t *this)
this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL);
if (this->algorithm != sig_alg)
{
- DBG1(DBG_LIB, " signature algorithms do not agree");
+ DBG1(DBG_ASN, " signature algorithms do not agree");
goto end;
}
break;
@@ -1488,8 +1488,8 @@ end:
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (hasher == NULL)
{
- DBG1(DBG_LIB, " unable to create hash of certificate, SHA1 not supported");
- return NULL;
+ DBG1(DBG_ASN, " unable to create hash of certificate, SHA1 not supported");
+ return FALSE;
}
hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash);
hasher->destroy(hasher);
@@ -1706,7 +1706,7 @@ METHOD(x509_t, get_subjectKeyIdentifier, chunk_t,
chunk_t fingerprint;
if (this->public_key->get_fingerprint(this->public_key,
- KEYID_PUBKEY_SHA1, &fingerprint))
+ KEYID_PUBKEY_SHA1, &fingerprint))
{
return fingerprint;
}
@@ -1901,7 +1901,7 @@ chunk_t build_generalName(identification_t *id)
context = ASN1_CONTEXT_S_7;
break;
default:
- DBG1(DBG_LIB, "encoding %N as generalName not supported",
+ DBG1(DBG_ASN, "encoding %N as generalName not supported",
id_type_names, id->get_type(id));
return chunk_empty;
}
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index 758505ab5..7bcca16a3 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -242,14 +242,14 @@ static bool parse(private_x509_crl_t *this)
break;
case CRL_OBJ_VERSION:
this->version = (object.len) ? (1+(u_int)*object.ptr) : 1;
- DBG2(DBG_LIB, " v%d", this->version);
+ DBG2(DBG_ASN, " v%d", this->version);
break;
case CRL_OBJ_SIG_ALG:
sig_alg = asn1_parse_algorithmIdentifier(object, level, NULL);
break;
case CRL_OBJ_ISSUER:
this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(DBG_LIB, " '%Y'", this->issuer);
+ DBG2(DBG_ASN, " '%Y'", this->issuer);
break;
case CRL_OBJ_THIS_UPDATE:
this->thisUpdate = asn1_parse_time(object, level);
@@ -274,7 +274,7 @@ static bool parse(private_x509_crl_t *this)
case CRL_OBJ_CRL_ENTRY_CRITICAL:
case CRL_OBJ_CRITICAL:
critical = object.len && *object.ptr;
- DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE");
+ DBG2(DBG_ASN, " %s", critical ? "TRUE" : "FALSE");
break;
case CRL_OBJ_CRL_ENTRY_EXTN_VALUE:
case CRL_OBJ_EXTN_VALUE:
@@ -291,7 +291,7 @@ static bool parse(private_x509_crl_t *this)
{
revoked->reason = *object.ptr;
}
- DBG2(DBG_LIB, " '%N'", crl_reason_names,
+ DBG2(DBG_ASN, " '%N'", crl_reason_names,
revoked->reason);
}
break;
@@ -324,7 +324,7 @@ static bool parse(private_x509_crl_t *this)
if (critical && lib->settings->get_bool(lib->settings,
"libstrongswan.x509.enforce_critical", TRUE))
{
- DBG1(DBG_LIB, "critical '%s' extension not supported",
+ DBG1(DBG_ASN, "critical '%s' extension not supported",
(extn_oid == OID_UNKNOWN) ? "unknown" :
(char*)oid_names[extn_oid].name);
goto end;
@@ -338,7 +338,7 @@ static bool parse(private_x509_crl_t *this)
this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL);
if (this->algorithm != sig_alg)
{
- DBG1(DBG_LIB, " signature algorithms do not agree");
+ DBG1(DBG_ASN, " signature algorithms do not agree");
goto end;
}
break;
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index ea02cbab5..33d0aa792 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -304,18 +304,14 @@ static chunk_t build_OCSPRequest(private_x509_ocsp_request_t *this)
}
-/**
- * Implementation of certificate_t.get_type
- */
-static certificate_type_t get_type(private_x509_ocsp_request_t *this)
+METHOD(certificate_t, get_type, certificate_type_t,
+ private_x509_ocsp_request_t *this)
{
return CERT_X509_OCSP_REQUEST;
}
-/**
- * Implementation of certificate_t.get_subject
- */
-static identification_t* get_subject(private_x509_ocsp_request_t *this)
+METHOD(certificate_t, get_subject, identification_t*,
+ private_x509_ocsp_request_t *this)
{
certificate_t *ca = (certificate_t*)this->ca;
@@ -330,21 +326,16 @@ static identification_t* get_subject(private_x509_ocsp_request_t *this)
return ca->get_subject(ca);
}
-/**
- * Implementation of certificate_t.get_issuer
- */
-static identification_t* get_issuer(private_x509_ocsp_request_t *this)
+METHOD(certificate_t, get_issuer, identification_t*,
+ private_x509_ocsp_request_t *this)
{
certificate_t *ca = (certificate_t*)this->ca;
return ca->get_subject(ca);
}
-/**
- * Implementation of certificate_t.has_subject.
- */
-static id_match_t has_subject(private_x509_ocsp_request_t *this,
- identification_t *subject)
+METHOD(certificate_t, has_subject, id_match_t,
+ private_x509_ocsp_request_t *this, identification_t *subject)
{
certificate_t *current;
enumerator_t *enumerator;
@@ -363,10 +354,8 @@ static id_match_t has_subject(private_x509_ocsp_request_t *this,
return best;
}
-/**
- * Implementation of certificate_t.has_subject.
- */
-static id_match_t has_issuer(private_x509_ocsp_request_t *this,
+METHOD(certificate_t, has_issuer, id_match_t,
+ private_x509_ocsp_request_t *this,
identification_t *issuer)
{
certificate_t *ca = (certificate_t*)this->ca;
@@ -374,28 +363,22 @@ static id_match_t has_issuer(private_x509_ocsp_request_t *this,
return ca->has_subject(ca, issuer);
}
-/**
- * Implementation of certificate_t.issued_by
- */
-static bool issued_by(private_x509_ocsp_request_t *this, certificate_t *issuer)
+METHOD(certificate_t, issued_by, bool,
+ private_x509_ocsp_request_t *this, certificate_t *issuer)
{
DBG1(DBG_LIB, "OCSP request validation not implemented!");
return FALSE;
}
-/**
- * Implementation of certificate_t.get_public_key
- */
-static public_key_t* get_public_key(private_x509_ocsp_request_t *this)
+METHOD(certificate_t, get_public_key, public_key_t*,
+ private_x509_ocsp_request_t *this)
{
return NULL;
}
-/**
- * Implementation of x509_cert_t.get_validity.
- */
-static bool get_validity(private_x509_ocsp_request_t *this, time_t *when,
- time_t *not_before, time_t *not_after)
+METHOD(certificate_t, get_validity, bool,
+ private_x509_ocsp_request_t *this, time_t *when, time_t *not_before,
+ time_t *not_after)
{
certificate_t *cert;
@@ -410,11 +393,9 @@ static bool get_validity(private_x509_ocsp_request_t *this, time_t *when,
return cert->get_validity(cert, when, not_before, not_after);
}
-/**
- * Implementation of certificate_t.get_encoding.
- */
-static bool get_encoding(private_x509_ocsp_request_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(certificate_t, get_encoding, bool,
+ private_x509_ocsp_request_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
if (type == CERT_ASN1_DER)
{
@@ -425,10 +406,8 @@ static bool get_encoding(private_x509_ocsp_request_t *this,
CRED_PART_X509_OCSP_REQ_ASN1_DER, this->encoding, CRED_PART_END);
}
-/**
- * Implementation of certificate_t.equals.
- */
-static bool equals(private_x509_ocsp_request_t *this, certificate_t *other)
+METHOD(certificate_t, equals, bool,
+ private_x509_ocsp_request_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
@@ -454,19 +433,15 @@ static bool equals(private_x509_ocsp_request_t *this, certificate_t *other)
return equal;
}
-/**
- * Implementation of certificate_t.asdf
- */
-static private_x509_ocsp_request_t* get_ref(private_x509_ocsp_request_t *this)
+METHOD(certificate_t, get_ref, certificate_t*,
+ private_x509_ocsp_request_t *this)
{
ref_get(&this->ref);
- return this;
+ return &this->public.interface.interface;
}
-/**
- * Implementation of x509_ocsp_request_t.destroy
- */
-static void destroy(private_x509_ocsp_request_t *this)
+METHOD(certificate_t, destroy, void,
+ private_x509_ocsp_request_t *this)
{
if (ref_put(&this->ref))
{
@@ -486,29 +461,30 @@ static void destroy(private_x509_ocsp_request_t *this)
*/
static private_x509_ocsp_request_t *create_empty()
{
- private_x509_ocsp_request_t *this = malloc_thing(private_x509_ocsp_request_t);
-
- this->public.interface.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type;
- this->public.interface.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject;
- this->public.interface.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer;
- this->public.interface.interface.has_subject = (id_match_t(*)(certificate_t*, identification_t *subject))has_subject;
- this->public.interface.interface.has_issuer = (id_match_t(*)(certificate_t*, identification_t *issuer))has_issuer;
- this->public.interface.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
- this->public.interface.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
- this->public.interface.interface.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
- this->public.interface.interface.get_encoding = (bool(*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
- this->public.interface.interface.equals = (bool(*)(certificate_t*, certificate_t *other))equals;
- this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
- this->public.interface.interface.destroy = (void (*)(certificate_t *this))destroy;
-
- this->ca = NULL;
- this->requestor = NULL;
- this->cert = NULL;
- this->key = NULL;
- this->nonce = chunk_empty;
- this->encoding = chunk_empty;
- this->candidates = linked_list_create();
- this->ref = 1;
+ private_x509_ocsp_request_t *this;
+
+ INIT(this,
+ .public = {
+ .interface = {
+ .interface = {
+ .get_type = _get_type,
+ .get_subject = _get_subject,
+ .get_issuer = _get_issuer,
+ .has_subject = _has_subject,
+ .has_issuer = _has_issuer,
+ .issued_by = _issued_by,
+ .get_public_key = _get_public_key,
+ .get_validity = _get_validity,
+ .get_encoding = _get_encoding,
+ .equals = _equals,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ },
+ .candidates = linked_list_create(),
+ .ref = 1,
+ );
return this;
}
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
index 4cbe3f718..7dfef3993 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -148,14 +148,10 @@ static const chunk_t ASN1_response_content = chunk_from_chars(
0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01
);
-/**
- * Implementaiton of ocsp_response_t.get_status
- */
-static cert_validation_t get_status(private_x509_ocsp_response_t *this,
- x509_t *subject, x509_t *issuer,
- time_t *revocation_time,
- crl_reason_t *revocation_reason,
- time_t *this_update, time_t *next_update)
+METHOD(ocsp_response_t, get_status, cert_validation_t,
+ private_x509_ocsp_response_t *this, x509_t *subject, x509_t *issuer,
+ time_t *revocation_time, crl_reason_t *revocation_reason,
+ time_t *this_update, time_t *next_update)
{
enumerator_t *enumerator;
single_response_t *response;
@@ -236,10 +232,8 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this,
return status;
}
-/**
- * Implementation of ocsp_response_t.create_cert_enumerator.
- */
-static enumerator_t* create_cert_enumerator(private_x509_ocsp_response_t *this)
+METHOD(ocsp_response_t, create_cert_enumerator, enumerator_t*,
+ private_x509_ocsp_response_t *this)
{
return this->certs->create_enumerator(this->certs);
}
@@ -379,6 +373,10 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this,
}
this->responses->insert_last(this->responses, response);
}
+ else
+ {
+ free(response);
+ }
return success;
}
@@ -509,7 +507,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
if (version != OCSP_BASIC_RESPONSE_VERSION)
{
- DBG1(DBG_LIB, " ocsp ResponseData version %d not "
+ DBG1(DBG_ASN, " ocsp ResponseData version %d not "
"supported", version);
goto end;
}
@@ -518,12 +516,12 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
case BASIC_RESPONSE_ID_BY_NAME:
this->responderId = identification_create_from_encoding(
ID_DER_ASN1_DN, object);
- DBG2(DBG_LIB, " '%Y'", this->responderId);
+ DBG2(DBG_ASN, " '%Y'", this->responderId);
break;
case BASIC_RESPONSE_ID_BY_KEY:
this->responderId = identification_create_from_encoding(
ID_KEY_ID, object);
- DBG2(DBG_LIB, " '%Y'", this->responderId);
+ DBG2(DBG_ASN, " '%Y'", this->responderId);
break;
case BASIC_RESPONSE_PRODUCED_AT:
this->producedAt = asn1_to_time(&object, ASN1_GENERALIZEDTIME);
@@ -537,7 +535,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
break;
case BASIC_RESPONSE_CRITICAL:
critical = object.len && *object.ptr;
- DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE");
+ DBG2(DBG_ASN, " %s", critical ? "TRUE" : "FALSE");
break;
case BASIC_RESPONSE_EXT_VALUE:
if (extn_oid == OID_NONCE)
@@ -653,35 +651,26 @@ end:
return success;
}
-/**
- * Implementation of certificate_t.get_type
- */
-static certificate_type_t get_type(private_x509_ocsp_response_t *this)
+METHOD(certificate_t, get_type, certificate_type_t,
+ private_x509_ocsp_response_t *this)
{
return CERT_X509_OCSP_RESPONSE;
}
-/**
- * Implementation of certificate_t.get_issuer
- */
-static identification_t* get_issuer(private_x509_ocsp_response_t *this)
+METHOD(certificate_t, get_issuer, identification_t*,
+ private_x509_ocsp_response_t *this)
{
return this->responderId;
}
-/**
- * Implementation of certificate_t.has_subject.
- */
-static id_match_t has_issuer(private_x509_ocsp_response_t *this,
- identification_t *issuer)
+METHOD(certificate_t, has_issuer, id_match_t,
+ private_x509_ocsp_response_t *this, identification_t *issuer)
{
return this->responderId->matches(this->responderId, issuer);
}
-/**
- * Implementation of certificate_t.issued_by
- */
-static bool issued_by(private_x509_ocsp_response_t *this, certificate_t *issuer)
+METHOD(certificate_t, issued_by, bool,
+ private_x509_ocsp_response_t *this, certificate_t *issuer)
{
public_key_t *key;
signature_scheme_t scheme;
@@ -736,19 +725,15 @@ static bool issued_by(private_x509_ocsp_response_t *this, certificate_t *issuer)
return valid;
}
-/**
- * Implementation of certificate_t.get_public_key
- */
-static public_key_t* get_public_key(private_x509_ocsp_response_t *this)
+METHOD(certificate_t, get_public_key, public_key_t*,
+ private_x509_ocsp_response_t *this)
{
return NULL;
}
-/**
- * Implementation of certificate_t.get_validity.
- */
-static bool get_validity(private_x509_ocsp_response_t *this, time_t *when,
- time_t *not_before, time_t *not_after)
+METHOD(certificate_t, get_validity, bool,
+ private_x509_ocsp_response_t *this, time_t *when,
+ time_t *not_before, time_t *not_after)
{
time_t t = when ? *when : time(NULL);
@@ -763,11 +748,9 @@ static bool get_validity(private_x509_ocsp_response_t *this, time_t *when,
return (t < this->usableUntil);
}
-/**
- * Implementation of certificate_t.get_encoding.
- */
-static bool get_encoding(private_x509_ocsp_response_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(certificate_t, get_encoding, bool,
+ private_x509_ocsp_response_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
if (type == CERT_ASN1_DER)
{
@@ -778,10 +761,8 @@ static bool get_encoding(private_x509_ocsp_response_t *this,
CRED_PART_X509_OCSP_RES_ASN1_DER, this->encoding, CRED_PART_END);
}
-/**
- * Implementation of certificate_t.equals.
- */
-static bool equals(private_x509_ocsp_response_t *this, certificate_t *other)
+METHOD(certificate_t, equals, bool,
+ private_x509_ocsp_response_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
@@ -807,19 +788,15 @@ static bool equals(private_x509_ocsp_response_t *this, certificate_t *other)
return equal;
}
-/**
- * Implementation of certificate_t.get_ref
- */
-static private_x509_ocsp_response_t* get_ref(private_x509_ocsp_response_t *this)
+METHOD(certificate_t, get_ref, certificate_t*,
+ private_x509_ocsp_response_t *this)
{
ref_get(&this->ref);
- return this;
+ return &this->public.interface.certificate;
}
-/**
- * Implements ocsp_t.destroy.
- */
-static void destroy(private_x509_ocsp_response_t *this)
+METHOD(certificate_t, destroy, void,
+ private_x509_ocsp_response_t *this)
{
if (ref_put(&this->ref))
{
@@ -838,34 +815,35 @@ static x509_ocsp_response_t *load(chunk_t blob)
{
private_x509_ocsp_response_t *this;
- this = malloc_thing(private_x509_ocsp_response_t);
-
- this->public.interface.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type;
- this->public.interface.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_issuer;
- this->public.interface.certificate.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer;
- this->public.interface.certificate.has_subject = (id_match_t(*)(certificate_t*, identification_t *subject))has_issuer;
- this->public.interface.certificate.has_issuer = (id_match_t(*)(certificate_t*, identification_t *issuer))has_issuer;
- this->public.interface.certificate.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
- this->public.interface.certificate.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
- this->public.interface.certificate.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
- this->public.interface.certificate.get_encoding = (bool(*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
- this->public.interface.certificate.equals = (bool(*)(certificate_t*, certificate_t *other))equals;
- this->public.interface.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
- this->public.interface.certificate.destroy = (void (*)(certificate_t *this))destroy;
- this->public.interface.get_status = (cert_validation_t(*)(ocsp_response_t*, x509_t *subject, x509_t *issuer, time_t *revocation_time,crl_reason_t *revocation_reason,time_t *this_update, time_t *next_update))get_status;
- this->public.interface.create_cert_enumerator = (enumerator_t*(*)(ocsp_response_t*))create_cert_enumerator;
-
- this->ref = 1;
- this->encoding = chunk_clone(blob);
- this->tbsResponseData = chunk_empty;
- this->responderId = NULL;
- this->producedAt = UNDEFINED_TIME;
- this->usableUntil = UNDEFINED_TIME;
- this->responses = linked_list_create();
- this->nonce = chunk_empty;
- this->signatureAlgorithm = OID_UNKNOWN;
- this->signature = chunk_empty;
- this->certs = linked_list_create();
+ INIT(this,
+ .public = {
+ .interface = {
+ .certificate = {
+ .get_type = _get_type,
+ .get_subject = _get_issuer,
+ .get_issuer = _get_issuer,
+ .has_subject = _has_issuer,
+ .has_issuer = _has_issuer,
+ .issued_by = _issued_by,
+ .get_public_key = _get_public_key,
+ .get_validity = _get_validity,
+ .get_encoding = _get_encoding,
+ .equals = _equals,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_status = _get_status,
+ .create_cert_enumerator = _create_cert_enumerator,
+ },
+ },
+ .ref = 1,
+ .encoding = chunk_clone(blob),
+ .producedAt = UNDEFINED_TIME,
+ .usableUntil = UNDEFINED_TIME,
+ .responses = linked_list_create(),
+ .signatureAlgorithm = OID_UNKNOWN,
+ .certs = linked_list_create(),
+ );
if (!parse_OCSPResponse(this))
{
diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c
index 7b488484e..ca08db2c6 100644
--- a/src/libstrongswan/plugins/x509/x509_pkcs10.c
+++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c
@@ -104,34 +104,26 @@ struct private_x509_pkcs10_t {
extern void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list);
extern chunk_t x509_build_subjectAltNames(linked_list_t *list);
-/**
- * Implementation of certificate_t.get_type.
- */
-static certificate_type_t get_type(private_x509_pkcs10_t *this)
+METHOD(certificate_t, get_type, certificate_type_t,
+ private_x509_pkcs10_t *this)
{
return CERT_PKCS10_REQUEST;
}
-/**
- * Implementation of certificate_t.get_subject and get_issuer.
- */
-static identification_t* get_subject(private_x509_pkcs10_t *this)
+METHOD(certificate_t, get_subject, identification_t*,
+ private_x509_pkcs10_t *this)
{
return this->subject;
}
-/**
- * Implementation of certificate_t.has_subject and has_issuer.
- */
-static id_match_t has_subject(private_x509_pkcs10_t *this, identification_t *subject)
+METHOD(certificate_t, has_subject, id_match_t,
+ private_x509_pkcs10_t *this, identification_t *subject)
{
return this->subject->matches(this->subject, subject);
}
-/**
- * Implementation of certificate_t.issued_by.
- */
-static bool issued_by(private_x509_pkcs10_t *this, certificate_t *issuer)
+METHOD(certificate_t, issued_by, bool,
+ private_x509_pkcs10_t *this, certificate_t *issuer)
{
public_key_t *key;
signature_scheme_t scheme;
@@ -162,20 +154,16 @@ static bool issued_by(private_x509_pkcs10_t *this, certificate_t *issuer)
this->signature);
}
-/**
- * Implementation of certificate_t.get_public_key.
- */
-static public_key_t* get_public_key(private_x509_pkcs10_t *this)
+METHOD(certificate_t, get_public_key, public_key_t*,
+ private_x509_pkcs10_t *this)
{
this->public_key->get_ref(this->public_key);
return this->public_key;
}
-/**
- * Implementation of certificate_t.get_validity.
- */
-static bool get_validity(private_x509_pkcs10_t *this, time_t *when,
- time_t *not_before, time_t *not_after)
+METHOD(certificate_t, get_validity, bool,
+ private_x509_pkcs10_t *this, time_t *when, time_t *not_before,
+ time_t *not_after)
{
if (not_before)
{
@@ -188,11 +176,8 @@ static bool get_validity(private_x509_pkcs10_t *this, time_t *when,
return TRUE;
}
-/**
- * Implementation of certificate_t.get_encoding.
- */
-static bool get_encoding(private_x509_pkcs10_t *this, cred_encoding_type_t type,
- chunk_t *encoding)
+METHOD(certificate_t, get_encoding, bool,
+ private_x509_pkcs10_t *this, cred_encoding_type_t type, chunk_t *encoding)
{
if (type == CERT_ASN1_DER)
{
@@ -203,10 +188,8 @@ static bool get_encoding(private_x509_pkcs10_t *this, cred_encoding_type_t type,
CRED_PART_PKCS10_ASN1_DER, this->encoding, CRED_PART_END);
}
-/**
- * Implementation of certificate_t.equals.
- */
-static bool equals(private_x509_pkcs10_t *this, certificate_t *other)
+METHOD(certificate_t, equals, bool,
+ private_x509_pkcs10_t *this, certificate_t *other)
{
chunk_t encoding;
bool equal;
@@ -232,27 +215,21 @@ static bool equals(private_x509_pkcs10_t *this, certificate_t *other)
return equal;
}
-/**
- * Implementation of certificate_t.get_ref
- */
-static private_x509_pkcs10_t* get_ref(private_x509_pkcs10_t *this)
+METHOD(certificate_t, get_ref, certificate_t*,
+ private_x509_pkcs10_t *this)
{
ref_get(&this->ref);
- return this;
+ return &this->public.interface.interface;
}
-/**
- * Implementation of certificate_t.get_challengePassword.
- */
-static chunk_t get_challengePassword(private_x509_pkcs10_t *this)
+METHOD(pkcs10_t, get_challengePassword, chunk_t,
+ private_x509_pkcs10_t *this)
{
return this->challengePassword;
}
-/**
- * Implementation of pkcs10_t.create_subjectAltName_enumerator.
- */
-static enumerator_t* create_subjectAltName_enumerator(private_x509_pkcs10_t *this)
+METHOD(pkcs10_t, create_subjectAltName_enumerator, enumerator_t*,
+ private_x509_pkcs10_t *this)
{
return this->subjectAltNames->create_enumerator(this->subjectAltNames);
}
@@ -299,7 +276,7 @@ static bool parse_extension_request(private_x509_pkcs10_t *this, chunk_t blob, i
break;
case PKCS10_EXTN_CRITICAL:
critical = object.len && *object.ptr;
- DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE");
+ DBG2(DBG_ASN, " %s", critical ? "TRUE" : "FALSE");
break;
case PKCS10_EXTN_VALUE:
{
@@ -332,25 +309,25 @@ static bool parse_challengePassword(private_x509_pkcs10_t *this, chunk_t blob, i
if (blob.len < 2)
{
- DBG1(DBG_LIB, "L%d - challengePassword: ASN.1 object smaller "
+ DBG1(DBG_ASN, "L%d - challengePassword: ASN.1 object smaller "
"than 2 octets", level);
return FALSE;
}
tag = *blob.ptr;
if (tag < ASN1_UTF8STRING || tag > ASN1_IA5STRING)
{
- DBG1(DBG_LIB, "L%d - challengePassword: ASN.1 object is not "
+ DBG1(DBG_ASN, "L%d - challengePassword: ASN.1 object is not "
"a character string", level);
return FALSE;
}
if (asn1_length(&blob) == ASN1_INVALID_LENGTH)
{
- DBG1(DBG_LIB, "L%d - challengePassword: ASN.1 object has an "
+ DBG1(DBG_ASN, "L%d - challengePassword: ASN.1 object has an "
"invalid length", level);
return FALSE;
}
- DBG2(DBG_LIB, "L%d - challengePassword:", level);
- DBG4(DBG_LIB, " '%.*s'", blob.len, blob.ptr);
+ DBG2(DBG_ASN, "L%d - challengePassword:", level);
+ DBG4(DBG_ASN, " '%.*s'", blob.len, blob.ptr);
return TRUE;
}
@@ -408,14 +385,14 @@ static bool parse_certificate_request(private_x509_pkcs10_t *this)
case PKCS10_VERSION:
if (object.len > 0 && *object.ptr != 0)
{
- DBG1(DBG_LIB, "PKCS#10 certificate request format is "
+ DBG1(DBG_ASN, "PKCS#10 certificate request format is "
"not version 1");
goto end;
}
break;
case PKCS10_SUBJECT:
this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(DBG_LIB, " '%Y'", this->subject);
+ DBG2(DBG_ASN, " '%Y'", this->subject);
break;
case PKCS10_SUBJECT_PUBLIC_KEY_INFO:
this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
@@ -477,10 +454,8 @@ end:
return success;
}
-/**
- * Implementation of certificate_t.destroy
- */
-static void destroy(private_x509_pkcs10_t *this)
+METHOD(certificate_t, destroy, void,
+ private_x509_pkcs10_t *this)
{
if (ref_put(&this->ref))
{
@@ -504,33 +479,32 @@ static void destroy(private_x509_pkcs10_t *this)
*/
static private_x509_pkcs10_t* create_empty(void)
{
- private_x509_pkcs10_t *this = malloc_thing(private_x509_pkcs10_t);
-
- this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type;
- this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject;
- this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_subject;
- this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject;
- this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_subject;
- this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
- this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
- this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
- this->public.interface.interface.get_encoding = (bool (*) (certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding;
- this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
- this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;
- this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy;
- this->public.interface.get_challengePassword = (chunk_t (*)(pkcs10_t*))get_challengePassword;
- this->public.interface.create_subjectAltName_enumerator = (enumerator_t* (*)(pkcs10_t*))create_subjectAltName_enumerator;
-
- this->encoding = chunk_empty;
- this->certificationRequestInfo = chunk_empty;
- this->subject = NULL;
- this->public_key = NULL;
- this->subjectAltNames = linked_list_create();
- this->challengePassword = chunk_empty;
- this->signature = chunk_empty;
- this->ref = 1;
- this->self_signed = FALSE;
- this->parsed = FALSE;
+ private_x509_pkcs10_t *this;
+
+ INIT(this,
+ .public = {
+ .interface = {
+ .interface = {
+ .get_type = _get_type,
+ .get_subject = _get_subject,
+ .get_issuer = _get_subject,
+ .has_subject = _has_subject,
+ .has_issuer = _has_subject,
+ .issued_by = _issued_by,
+ .get_public_key = _get_public_key,
+ .get_validity = _get_validity,
+ .get_encoding = _get_encoding,
+ .equals = _equals,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_challengePassword = _get_challengePassword,
+ .create_subjectAltName_enumerator = _create_subjectAltName_enumerator,
+ },
+ },
+ .subjectAltNames = linked_list_create(),
+ .ref = 1,
+ );
return this;
}
diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c
index bfeb74b0e..ed6fbfd91 100644
--- a/src/libstrongswan/plugins/x509/x509_plugin.c
+++ b/src/libstrongswan/plugins/x509/x509_plugin.c
@@ -42,29 +42,46 @@ METHOD(plugin_t, get_name, char*,
return "x509";
}
+METHOD(plugin_t, get_features, int,
+ private_x509_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(CERT_ENCODE, x509_cert_gen, FALSE),
+ PLUGIN_PROVIDE(CERT_ENCODE, CERT_X509),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+ PLUGIN_REGISTER(CERT_DECODE, x509_cert_load, TRUE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_X509),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+
+ PLUGIN_REGISTER(CERT_ENCODE, x509_ac_gen, FALSE),
+ PLUGIN_PROVIDE(CERT_ENCODE, CERT_X509_AC),
+ PLUGIN_REGISTER(CERT_DECODE, x509_ac_load, TRUE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_AC),
+
+ PLUGIN_REGISTER(CERT_ENCODE, x509_crl_gen, FALSE),
+ PLUGIN_PROVIDE(CERT_ENCODE, CERT_X509_CRL),
+ PLUGIN_REGISTER(CERT_DECODE, x509_crl_load, TRUE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_CRL),
+
+ PLUGIN_REGISTER(CERT_ENCODE, x509_ocsp_request_gen, FALSE),
+ PLUGIN_PROVIDE(CERT_ENCODE, CERT_X509_OCSP_REQUEST),
+ PLUGIN_DEPENDS(HASHER, HASH_SHA1),
+ PLUGIN_DEPENDS(RNG, RNG_WEAK),
+ PLUGIN_REGISTER(CERT_DECODE, x509_ocsp_response_load, TRUE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_OCSP_RESPONSE),
+
+ PLUGIN_REGISTER(CERT_ENCODE, x509_pkcs10_gen, FALSE),
+ PLUGIN_PROVIDE(CERT_ENCODE, CERT_PKCS10_REQUEST),
+ PLUGIN_REGISTER(CERT_DECODE, x509_pkcs10_load, TRUE),
+ PLUGIN_PROVIDE(CERT_DECODE, CERT_PKCS10_REQUEST),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_x509_plugin_t *this)
{
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)x509_cert_gen);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)x509_cert_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)x509_ac_gen);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)x509_ac_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)x509_crl_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)x509_crl_gen);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)x509_ocsp_request_gen);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)x509_ocsp_response_load);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)x509_pkcs10_gen);
- lib->creds->remove_builder(lib->creds,
- (builder_function_t)x509_pkcs10_load);
free(this);
}
@@ -79,33 +96,12 @@ plugin_t *x509_plugin_create()
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, FALSE,
- (builder_function_t)x509_cert_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, TRUE,
- (builder_function_t)x509_cert_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, FALSE,
- (builder_function_t)x509_ac_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, TRUE,
- (builder_function_t)x509_ac_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, TRUE,
- (builder_function_t)x509_crl_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, FALSE,
- (builder_function_t)x509_crl_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, FALSE,
- (builder_function_t)x509_ocsp_request_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, TRUE,
- (builder_function_t)x509_ocsp_response_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, FALSE,
- (builder_function_t)x509_pkcs10_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, TRUE,
- (builder_function_t)x509_pkcs10_load);
-
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 35f868de4..ae23ce730 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
+attest_plugins = @attest_plugins@
+axis2c_CFLAGS = @axis2c_CFLAGS@
+axis2c_LIBS = @axis2c_LIBS@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -200,6 +203,7 @@ build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
c_plugins = @c_plugins@
+clearsilver_LIBS = @clearsilver_LIBS@
datadir = @datadir@
datarootdir = @datarootdir@
dbusservicedir = @dbusservicedir@
@@ -216,11 +220,13 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
+imcvdir = @imcvdir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
ipsecdir = @ipsecdir@
ipsecgroup = @ipsecgroup@
+ipseclibdir = @ipseclibdir@
ipsecuser = @ipsecuser@
libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
@@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@
soup_CFLAGS = @soup_CFLAGS@
soup_LIBS = @soup_LIBS@
srcdir = @srcdir@
+starter_plugins = @starter_plugins@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
systemdsystemunitdir = @systemdsystemunitdir@
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c
index 8ddde962c..53629abe5 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc.c
@@ -3,13 +3,13 @@
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General xcbc License as published by the
+ * under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General xcbc License
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.h b/src/libstrongswan/plugins/xcbc/xcbc.h
index f28e0b8e0..5d5eb04fb 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc.h
@@ -28,7 +28,7 @@ typedef struct xcbc_t xcbc_t;
/**
* Message authentication using CBC crypter.
*
- * This class implements the message authenticaion algorithm
+ * This class implements the message authentication algorithm
* described in RFC3566.
*/
struct xcbc_t {
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
index 0fcb093c8..3c3b9d12a 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
@@ -38,13 +38,28 @@ METHOD(plugin_t, get_name, char*,
return "xcbc";
}
+METHOD(plugin_t, get_features, int,
+ private_xcbc_plugin_t *this, plugin_feature_t *features[])
+{
+ static plugin_feature_t f[] = {
+ PLUGIN_REGISTER(PRF, xcbc_prf_create),
+ PLUGIN_PROVIDE(PRF, PRF_AES128_XCBC),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+ PLUGIN_PROVIDE(PRF, PRF_CAMELLIA128_XCBC),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 16),
+ PLUGIN_REGISTER(SIGNER, xcbc_signer_create),
+ PLUGIN_PROVIDE(SIGNER, AUTH_CAMELLIA_XCBC_96),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 16),
+ PLUGIN_PROVIDE(SIGNER, AUTH_AES_XCBC_96),
+ PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16),
+ };
+ *features = f;
+ return countof(f);
+}
+
METHOD(plugin_t, destroy, void,
private_xcbc_plugin_t *this)
{
- lib->crypto->remove_prf(lib->crypto,
- (prf_constructor_t)xcbc_prf_create);
- lib->crypto->remove_signer(lib->crypto,
- (signer_constructor_t)xcbc_signer_create);
free(this);
}
@@ -54,36 +69,17 @@ METHOD(plugin_t, destroy, void,
plugin_t *xcbc_plugin_create()
{
private_xcbc_plugin_t *this;
- crypter_t *crypter;
INIT(this,
.public = {
.plugin = {
.get_name = _get_name,
- .reload = (void*)return_false,
+ .get_features = _get_features,
.destroy = _destroy,
},
},
);
- crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16);
- if (crypter)
- {
- crypter->destroy(crypter);
- lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, get_name(this),
- (prf_constructor_t)xcbc_prf_create);
- lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, get_name(this),
- (signer_constructor_t)xcbc_signer_create);
- }
- crypter = lib->crypto->create_crypter(lib->crypto, ENCR_CAMELLIA_CBC, 16);
- if (crypter)
- {
- crypter->destroy(crypter);
- lib->crypto->add_prf(lib->crypto, PRF_CAMELLIA128_XCBC, get_name(this),
- (prf_constructor_t)xcbc_prf_create);
- lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96, get_name(this),
- (signer_constructor_t)xcbc_signer_create);
- }
return &this->public.plugin;
}