summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan/plugins')
-rw-r--r--src/libstrongswan/plugins/aes/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/aes/aes_crypter.c109
-rw-r--r--src/libstrongswan/plugins/aes/aes_crypter.h4
-rw-r--r--src/libstrongswan/plugins/aes/aes_plugin.c18
-rw-r--r--src/libstrongswan/plugins/agent/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/agent/agent_plugin.c18
-rw-r--r--src/libstrongswan/plugins/agent/agent_private_key.c103
-rw-r--r--src/libstrongswan/plugins/agent/agent_private_key.h2
-rw-r--r--src/libstrongswan/plugins/blowfish/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/blowfish/blowfish_crypter.c78
-rw-r--r--src/libstrongswan/plugins/blowfish/blowfish_crypter.h4
-rw-r--r--src/libstrongswan/plugins/blowfish/blowfish_plugin.c18
-rw-r--r--src/libstrongswan/plugins/ccm/Makefile.am16
-rw-r--r--src/libstrongswan/plugins/ccm/Makefile.in600
-rw-r--r--src/libstrongswan/plugins/ccm/ccm_aead.c397
-rw-r--r--src/libstrongswan/plugins/ccm/ccm_aead.h51
-rw-r--r--src/libstrongswan/plugins/ccm/ccm_plugin.c69
-rw-r--r--src/libstrongswan/plugins/ccm/ccm_plugin.h42
-rw-r--r--src/libstrongswan/plugins/ctr/Makefile.am16
-rw-r--r--src/libstrongswan/plugins/ctr/Makefile.in600
-rw-r--r--src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c173
-rw-r--r--src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h54
-rw-r--r--src/libstrongswan/plugins/ctr/ctr_plugin.c65
-rw-r--r--src/libstrongswan/plugins/ctr/ctr_plugin.h42
-rw-r--r--src/libstrongswan/plugins/curl/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/curl/curl_fetcher.c10
-rw-r--r--src/libstrongswan/plugins/des/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/des/des_crypter.c114
-rw-r--r--src/libstrongswan/plugins/des/des_crypter.h4
-rw-r--r--src/libstrongswan/plugins/des/des_plugin.c16
-rw-r--r--src/libstrongswan/plugins/dnskey/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/dnskey/dnskey_plugin.c4
-rw-r--r--src/libstrongswan/plugins/fips_prf/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/gcm/Makefile.am16
-rw-r--r--src/libstrongswan/plugins/gcm/Makefile.in600
-rw-r--r--src/libstrongswan/plugins/gcm/gcm_aead.c425
-rw-r--r--src/libstrongswan/plugins/gcm/gcm_aead.h51
-rw-r--r--src/libstrongswan/plugins/gcm/gcm_plugin.c63
-rw-r--r--src/libstrongswan/plugins/gcm/gcm_plugin.h42
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c136
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h2
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_dh.c113
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_dh.h11
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c50
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h2
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c32
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rng.c37
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c116
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h2
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c98
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h2
-rw-r--r--src/libstrongswan/plugins/gmp/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c106
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h11
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_plugin.c27
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c127
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h2
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c111
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h2
-rw-r--r--src/libstrongswan/plugins/hmac/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/hmac/hmac.c58
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_plugin.c20
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_prf.c77
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_prf.h4
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_signer.c108
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_signer.h7
-rw-r--r--src/libstrongswan/plugins/ldap/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/md4/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/md5/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/mysql/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/openssl/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crl.c17
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crypter.c174
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crypter.h4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c72
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h5
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c59
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_private_key.c114
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_private_key.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_public_key.c104
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_public_key.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_hasher.c50
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_hasher.h4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.c72
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c229
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c123
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_sha1_prf.c16
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_x509.c57
-rw-r--r--src/libstrongswan/plugins/padlock/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_aes_crypter.c79
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_aes_crypter.h4
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_plugin.c18
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_rng.c46
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c55
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h2
-rw-r--r--src/libstrongswan/plugins/pem/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/pem/pem_builder.c93
-rw-r--r--src/libstrongswan/plugins/pem/pem_plugin.c38
-rw-r--r--src/libstrongswan/plugins/pgp/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_builder.c2
-rw-r--r--src/libstrongswan/plugins/pgp/pgp_plugin.c10
-rw-r--r--src/libstrongswan/plugins/pkcs1/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c6
-rw-r--r--src/libstrongswan/plugins/pkcs11/Makefile.am21
-rw-r--r--src/libstrongswan/plugins/pkcs11/Makefile.in614
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11.h1357
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_creds.c249
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_creds.h68
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c323
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h47
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_library.c869
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_library.h110
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_manager.c407
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_manager.h78
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c176
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h42
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c600
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h63
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c473
-rw-r--r--src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h49
-rw-r--r--src/libstrongswan/plugins/plugin_loader.c6
-rw-r--r--src/libstrongswan/plugins/pubkey/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_plugin.c2
-rw-r--r--src/libstrongswan/plugins/random/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/revocation/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/revocation/revocation_plugin.c6
-rw-r--r--src/libstrongswan/plugins/sha1/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/sha2/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/sqlite/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.am5
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.in74
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors.h41
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c157
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c148
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c139
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c148
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c58
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c16
-rw-r--r--src/libstrongswan/plugins/x509/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c52
-rw-r--r--src/libstrongswan/plugins/x509/x509_pkcs10.c2
-rw-r--r--src/libstrongswan/plugins/x509/x509_plugin.c20
-rw-r--r--src/libstrongswan/plugins/xcbc/Makefile.in20
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc.c110
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_plugin.c28
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_prf.c61
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_prf.h4
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_signer.c77
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_signer.h4
152 files changed, 12003 insertions, 1787 deletions
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index 9859b75cf..99a520852 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -195,14 +198,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -242,7 +255,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c
index 10d48cf67..f13e33492 100644
--- a/src/libstrongswan/plugins/aes/aes_crypter.c
+++ b/src/libstrongswan/plugins/aes/aes_crypter.c
@@ -1331,11 +1331,8 @@ static void decrypt_block(const private_aes_crypter_t *this, const unsigned char
state_out(out_blk, b0);
}
-/**
- * Implementation of crypter_t.decrypt.
- */
-static void decrypt(private_aes_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *decrypted)
+METHOD(crypter_t, decrypt, void,
+ private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
int pos;
const u_int32_t *iv_i;
@@ -1376,12 +1373,8 @@ static void decrypt(private_aes_crypter_t *this, chunk_t data, chunk_t iv,
}
}
-
-/**
- * Implementation of crypter_t.decrypt.
- */
-static void encrypt (private_aes_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *encrypted)
+METHOD(crypter_t, encrypt, void,
+ private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
int pos;
const u_int32_t *iv_i;
@@ -1417,26 +1410,26 @@ static void encrypt (private_aes_crypter_t *this, chunk_t data, chunk_t iv,
}
}
-/**
- * Implementation of crypter_t.get_block_size.
- */
-static size_t get_block_size (private_aes_crypter_t *this)
+METHOD(crypter_t, get_block_size, size_t,
+ private_aes_crypter_t *this)
{
return AES_BLOCK_SIZE;
}
-/**
- * Implementation of crypter_t.get_key_size.
- */
-static size_t get_key_size (private_aes_crypter_t *this)
+METHOD(crypter_t, get_iv_size, size_t,
+ private_aes_crypter_t *this)
+{
+ return AES_BLOCK_SIZE;
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_aes_crypter_t *this)
{
return this->key_size;
}
-/**
- * Implementation of crypter_t.set_key.
- */
-static void set_key (private_aes_crypter_t *this, chunk_t key)
+METHOD(crypter_t, set_key, void,
+ private_aes_crypter_t *this, chunk_t key)
{
u_int32_t *kf, *kt, rci, f = 0;
u_int8_t *in_key = key.ptr;
@@ -1498,8 +1491,8 @@ static void set_key (private_aes_crypter_t *this, chunk_t key)
}
if(!f)
- {
- u_int32_t i;
+ {
+ u_int32_t i;
kt = this->aes_d_key + nc * this->aes_Nrnd;
kf = this->aes_e_key;
@@ -1517,15 +1510,13 @@ static void set_key (private_aes_crypter_t *this, chunk_t key)
cpy(kt, kf);
#endif
kt -= 2 * nc;
- }
+ }
cpy(kt, kf);
- }
+ }
}
-/**
- * Implementation of crypter_t.destroy and aes_crypter_t.destroy.
- */
-static void destroy (private_aes_crypter_t *this)
+METHOD(crypter_t, destroy, void,
+ private_aes_crypter_t *this)
{
free(this);
}
@@ -1541,36 +1532,38 @@ aes_crypter_t *aes_crypter_create(encryption_algorithm_t algo, size_t key_size)
{
return NULL;
}
-
- this = malloc_thing(private_aes_crypter_t);
+ switch (key_size)
+ {
+ case 0:
+ key_size = 16;
+ break;
+ case 32:
+ case 24:
+ case 16:
+ break;
+ default:
+ return NULL;
+ }
#if !defined(FIXED_TABLES)
if(!tab_gen) { gen_tabs(); tab_gen = 1; }
#endif
- this->key_size = key_size;
- switch(key_size)
- {
- case 32: /* bytes */
- this->aes_Nkey = 8;
- break;
- case 24: /* bytes */
- this->aes_Nkey = 6;
- break;
- case 16: /* bytes */
- this->aes_Nkey = 4;
- break;
- default:
- free(this);
- return NULL;
- }
-
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
- this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
- this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
- this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
-
- return &(this->public);
+ INIT(this,
+ .public = {
+ .crypter = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .key_size = key_size,
+ .aes_Nkey = key_size / 4,
+ );
+
+ return &this->public;
}
diff --git a/src/libstrongswan/plugins/aes/aes_crypter.h b/src/libstrongswan/plugins/aes/aes_crypter.h
index 061d72fd6..473772f04 100644
--- a/src/libstrongswan/plugins/aes/aes_crypter.h
+++ b/src/libstrongswan/plugins/aes/aes_crypter.h
@@ -32,9 +32,9 @@ typedef struct aes_crypter_t aes_crypter_t;
struct aes_crypter_t {
/**
- * The crypter_t interface.
+ * Implements crypter_t interface.
*/
- crypter_t crypter_interface;
+ crypter_t crypter;
};
/**
diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c
index 1e920f8cc..22b47e334 100644
--- a/src/libstrongswan/plugins/aes/aes_plugin.c
+++ b/src/libstrongswan/plugins/aes/aes_plugin.c
@@ -31,10 +31,8 @@ struct private_aes_plugin_t {
aes_plugin_t public;
};
-/**
- * Implementation of aes_plugin_t.destroy
- */
-static void destroy(private_aes_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_aes_plugin_t *this)
{
lib->crypto->remove_crypter(lib->crypto,
(crypter_constructor_t)aes_crypter_create);
@@ -46,9 +44,15 @@ static void destroy(private_aes_plugin_t *this)
*/
plugin_t *aes_plugin_create()
{
- private_aes_plugin_t *this = malloc_thing(private_aes_plugin_t);
-
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ private_aes_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
(crypter_constructor_t)aes_crypter_create);
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index c95e7b778..9f65f4ffb 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -197,14 +200,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -244,7 +257,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c
index d40b437bb..bd3c1ac75 100644
--- a/src/libstrongswan/plugins/agent/agent_plugin.c
+++ b/src/libstrongswan/plugins/agent/agent_plugin.c
@@ -31,10 +31,8 @@ struct private_agent_plugin_t {
agent_plugin_t public;
};
-/**
- * Implementation of agent_plugin_t.agenttroy
- */
-static void destroy(private_agent_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_agent_plugin_t *this)
{
lib->creds->remove_builder(lib->creds,
(builder_function_t)agent_private_key_open);
@@ -46,11 +44,17 @@ static void destroy(private_agent_plugin_t *this)
*/
plugin_t *agent_plugin_create()
{
- private_agent_plugin_t *this = malloc_thing(private_agent_plugin_t);
+ private_agent_plugin_t *this;
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
(builder_function_t)agent_private_key_open);
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c
index 51ddbecc6..0864f4118 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.c
+++ b/src/libstrongswan/plugins/agent/agent_private_key.c
@@ -205,7 +205,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey)
{
break;;
}
- if (pubkey && !private_key_belongs_to(&this->public.interface, pubkey))
+ if (pubkey && !private_key_belongs_to(&this->public.key, pubkey))
{
continue;
}
@@ -221,11 +221,9 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey)
return FALSE;
}
-/**
- * Implementation of agent_private_key.destroy.
- */
-static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+METHOD(private_key_t, sign, bool,
+ private_agent_private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *signature)
{
u_int32_t len, flags;
char buf[2048];
@@ -294,36 +292,28 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
return TRUE;
}
-/**
- * Implementation of agent_private_key.destroy.
- */
-static key_type_t get_type(private_agent_private_key_t *this)
+METHOD(private_key_t, get_type, key_type_t,
+ private_agent_private_key_t *this)
{
return KEY_RSA;
}
-/**
- * Implementation of agent_private_key.destroy.
- */
-static bool decrypt(private_agent_private_key_t *this,
- chunk_t crypto, chunk_t *plain)
+METHOD(private_key_t, decrypt, bool,
+ private_agent_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "private key decryption not supported by ssh-agent");
return FALSE;
}
-/**
- * Implementation of agent_private_key.destroy.
- */
-static size_t get_keysize(private_agent_private_key_t *this)
+METHOD(private_key_t, get_keysize, int,
+ private_agent_private_key_t *this)
{
- return this->key_size;
+ return this->key_size * 8;
}
-/**
- * Implementation of agent_private_key.get_public_key.
- */
-static public_key_t* get_public_key(private_agent_private_key_t *this)
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_agent_private_key_t *this)
{
chunk_t key, n, e;
@@ -336,20 +326,15 @@ static public_key_t* get_public_key(private_agent_private_key_t *this)
BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, BUILD_END);
}
-/**
- * Implementation of private_key_t.get_encoding
- */
-static bool get_encoding(private_agent_private_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(private_key_t, get_encoding, bool,
+ private_agent_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
return FALSE;
}
-/**
- * Implementation of private_key_t.get_fingerprint
- */
-static bool get_fingerprint(private_agent_private_key_t *this,
- cred_encoding_type_t type, chunk_t *fp)
+METHOD(private_key_t, get_fingerprint, bool,
+ private_agent_private_key_t *this, cred_encoding_type_t type, chunk_t *fp)
{
chunk_t n, e, key;
@@ -366,19 +351,15 @@ static bool get_fingerprint(private_agent_private_key_t *this,
CRED_PART_RSA_MODULUS, n, CRED_PART_RSA_PUB_EXP, e, CRED_PART_END);
}
-/**
- * Implementation of agent_private_key.get_ref.
- */
-static private_agent_private_key_t* get_ref(private_agent_private_key_t *this)
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_agent_private_key_t *this)
{
ref_get(&this->ref);
- return this;
+ return &this->public.key;
}
-/**
- * Implementation of agent_private_key.destroy.
- */
-static void destroy(private_agent_private_key_t *this)
+METHOD(private_key_t, destroy, void,
+ private_agent_private_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -420,20 +401,25 @@ agent_private_key_t *agent_private_key_open(key_type_t type, va_list args)
return FALSE;
}
- this = malloc_thing(private_agent_private_key_t);
-
- this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
- this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
- this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
- this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
- this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
- this->public.interface.belongs_to = private_key_belongs_to;
- this->public.interface.equals = private_key_equals;
- this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .belongs_to = private_key_belongs_to,
+ .equals = private_key_equals,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
this->socket = open_connection(path);
if (this->socket < 0)
@@ -441,9 +427,6 @@ agent_private_key_t *agent_private_key_open(key_type_t type, va_list args)
free(this);
return NULL;
}
- this->key = chunk_empty;
- this->ref = 1;
-
if (!read_key(this, pubkey))
{
destroy(this);
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.h b/src/libstrongswan/plugins/agent/agent_private_key.h
index 3d9500c1a..0623f2bb9 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.h
+++ b/src/libstrongswan/plugins/agent/agent_private_key.h
@@ -34,7 +34,7 @@ struct agent_private_key_t {
/**
* Implements private_key_t interface
*/
- private_key_t interface;
+ private_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index 6a82ce94a..d310843ac 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -168,6 +169,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -199,14 +202,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -221,24 +227,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -246,7 +259,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
index fb856ed37..784c07eaf 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
@@ -68,8 +68,6 @@ typedef struct private_blowfish_crypter_t private_blowfish_crypter_t;
/**
* Class implementing the Blowfish symmetric encryption algorithm.
- *
- * @ingroup crypters
*/
struct private_blowfish_crypter_t {
@@ -89,11 +87,9 @@ struct private_blowfish_crypter_t {
u_int32_t key_size;
};
-/**
- * Implementation of crypter_t.decrypt.
- */
-static void decrypt(private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *decrypted)
+METHOD(crypter_t, decrypt, void,
+ private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
+ chunk_t *decrypted)
{
u_int8_t *in, *out;
@@ -114,11 +110,9 @@ static void decrypt(private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
free(iv.ptr);
}
-/**
- * Implementation of crypter_t.decrypt.
- */
-static void encrypt (private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *encrypted)
+METHOD(crypter_t, encrypt, void,
+ private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
+ chunk_t *encrypted)
{
u_int8_t *in, *out;
@@ -139,34 +133,32 @@ static void encrypt (private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
free(iv.ptr);
}
-/**
- * Implementation of crypter_t.get_block_size.
- */
-static size_t get_block_size (private_blowfish_crypter_t *this)
+METHOD(crypter_t, get_block_size, size_t,
+ private_blowfish_crypter_t *this)
{
return BLOWFISH_BLOCK_SIZE;
}
-/**
- * Implementation of crypter_t.get_key_size.
- */
-static size_t get_key_size (private_blowfish_crypter_t *this)
+METHOD(crypter_t, get_iv_size, size_t,
+ private_blowfish_crypter_t *this)
+{
+ return BLOWFISH_BLOCK_SIZE;
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_blowfish_crypter_t *this)
{
return this->key_size;
}
-/**
- * Implementation of crypter_t.set_key.
- */
-static void set_key (private_blowfish_crypter_t *this, chunk_t key)
+METHOD(crypter_t, set_key, void,
+ private_blowfish_crypter_t *this, chunk_t key)
{
BF_set_key(&this->schedule, key.len , key.ptr);
}
-/**
- * Implementation of crypter_t.destroy and blowfish_crypter_t.destroy.
- */
-static void destroy (private_blowfish_crypter_t *this)
+METHOD(crypter_t, destroy, void,
+ private_blowfish_crypter_t *this)
{
free(this);
}
@@ -174,7 +166,8 @@ static void destroy (private_blowfish_crypter_t *this)
/*
* Described in header
*/
-blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t key_size)
+blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo,
+ size_t key_size)
{
private_blowfish_crypter_t *this;
@@ -183,15 +176,20 @@ blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t
return NULL;
}
- this = malloc_thing(private_blowfish_crypter_t);
-
- this->key_size = key_size;
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
- this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
- this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
- this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
-
- return &(this->public);
+ INIT(this,
+ .public = {
+ .crypter = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .key_size = key_size ?: 16,
+ );
+
+ return &this->public;
}
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h
index 71cc09cd0..70dcae66e 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h
@@ -32,9 +32,9 @@ typedef struct blowfish_crypter_t blowfish_crypter_t;
struct blowfish_crypter_t {
/**
- * The crypter_t interface.
+ * Implements crypter_t interface.
*/
- crypter_t crypter_interface;
+ crypter_t crypter;
};
/**
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
index f9fb605b3..6ab093d7b 100644
--- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
@@ -32,10 +32,8 @@ struct private_blowfish_plugin_t {
blowfish_plugin_t public;
};
-/**
- * Implementation of blowfish_plugin_t.destroy
- */
-static void destroy(private_blowfish_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_blowfish_plugin_t *this)
{
lib->crypto->remove_crypter(lib->crypto,
(crypter_constructor_t)blowfish_crypter_create);
@@ -47,9 +45,15 @@ static void destroy(private_blowfish_plugin_t *this)
*/
plugin_t *blowfish_plugin_create()
{
- private_blowfish_plugin_t *this = malloc_thing(private_blowfish_plugin_t);
-
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ private_blowfish_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH,
(crypter_constructor_t)blowfish_crypter_create);
diff --git a/src/libstrongswan/plugins/ccm/Makefile.am b/src/libstrongswan/plugins/ccm/Makefile.am
new file mode 100644
index 000000000..bca1f0735
--- /dev/null
+++ b/src/libstrongswan/plugins/ccm/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-ccm.la
+else
+plugin_LTLIBRARIES = libstrongswan-ccm.la
+endif
+
+libstrongswan_ccm_la_SOURCES = \
+ ccm_plugin.h ccm_plugin.c \
+ ccm_aead.h ccm_aead.c
+
+libstrongswan_ccm_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
new file mode 100644
index 000000000..017d75c48
--- /dev/null
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -0,0 +1,600 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/ccm
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_ccm_la_LIBADD =
+am_libstrongswan_ccm_la_OBJECTS = ccm_plugin.lo ccm_aead.lo
+libstrongswan_ccm_la_OBJECTS = $(am_libstrongswan_ccm_la_OBJECTS)
+libstrongswan_ccm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_ccm_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_ccm_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_ccm_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_ccm_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_ccm_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ccm.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ccm.la
+libstrongswan_ccm_la_SOURCES = \
+ ccm_plugin.h ccm_plugin.c \
+ ccm_aead.h ccm_aead.c
+
+libstrongswan_ccm_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ccm/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/ccm/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-ccm.la: $(libstrongswan_ccm_la_OBJECTS) $(libstrongswan_ccm_la_DEPENDENCIES)
+ $(libstrongswan_ccm_la_LINK) $(am_libstrongswan_ccm_la_rpath) $(libstrongswan_ccm_la_OBJECTS) $(libstrongswan_ccm_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ccm_aead.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ccm_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.c b/src/libstrongswan/plugins/ccm/ccm_aead.c
new file mode 100644
index 000000000..7fee2b3c4
--- /dev/null
+++ b/src/libstrongswan/plugins/ccm/ccm_aead.c
@@ -0,0 +1,397 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ccm_aead.h"
+
+#define BLOCK_SIZE 16
+#define SALT_SIZE 3
+#define IV_SIZE 8
+#define NONCE_SIZE (SALT_SIZE + IV_SIZE) /* 11 */
+#define Q_SIZE (BLOCK_SIZE - NONCE_SIZE - 1) /* 4 */
+
+typedef struct private_ccm_aead_t private_ccm_aead_t;
+
+/**
+ * Private data of an ccm_aead_t object.
+ */
+struct private_ccm_aead_t {
+
+ /**
+ * Public ccm_aead_t interface.
+ */
+ ccm_aead_t public;
+
+ /**
+ * Underlying CBC crypter.
+ */
+ crypter_t *crypter;
+
+ /**
+ * Length of the integrity check value
+ */
+ size_t icv_size;
+
+ /**
+ * salt to add to nonce
+ */
+ u_char salt[SALT_SIZE];
+};
+
+/**
+ * First block with control information
+ */
+typedef struct __attribute__((packed)) {
+ BITFIELD4(u_int8_t,
+ /* size of p length field q, as q-1 */
+ q_len: 3,
+ /* size of our ICV t, as (t-2)/2 */
+ t_len: 3,
+ /* do we have associated data */
+ assoc: 1,
+ reserved: 1,
+ ) flags;
+ /* nonce value */
+ struct __attribute__((packed)) {
+ u_char salt[SALT_SIZE];
+ u_char iv[IV_SIZE];
+ } nonce;
+ /* lenght of plain text, q */
+ u_char q[Q_SIZE];
+} b0_t;
+
+/**
+ * Counter block
+ */
+typedef struct __attribute__((packed)) {
+ BITFIELD3(u_int8_t,
+ /* size of p length field q, as q-1 */
+ q_len: 3,
+ zero: 3,
+ reserved: 2,
+ ) flags;
+ /* nonce value */
+ struct __attribute__((packed)) {
+ u_char salt[SALT_SIZE];
+ u_char iv[IV_SIZE];
+ } nonce;
+ /* counter value */
+ u_char i[Q_SIZE];
+} ctr_t;
+
+/**
+ * Build the first block B0
+ */
+static void build_b0(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc,
+ chunk_t iv, char *out)
+{
+ b0_t *block = (b0_t*)out;
+
+ block->flags.reserved = 0;
+ block->flags.assoc = assoc.len ? 1 : 0;
+ block->flags.t_len = (this->icv_size - 2) / 2;
+ block->flags.q_len = Q_SIZE - 1;
+ memcpy(block->nonce.salt, this->salt, SALT_SIZE);
+ memcpy(block->nonce.iv, iv.ptr, IV_SIZE);
+ htoun32(block->q, plain.len);
+}
+
+/**
+ * Build a counter block for counter i
+ */
+static void build_ctr(private_ccm_aead_t *this, u_int32_t i, chunk_t iv,
+ char *out)
+{
+ ctr_t *ctr = (ctr_t*)out;
+
+ ctr->flags.reserved = 0;
+ ctr->flags.zero = 0;
+ ctr->flags.q_len = Q_SIZE - 1;
+ memcpy(ctr->nonce.salt, this->salt, SALT_SIZE);
+ memcpy(ctr->nonce.iv, iv.ptr, IV_SIZE);
+ htoun32(ctr->i, i);
+}
+
+/**
+ * En-/Decrypt data
+ */
+static void crypt_data(private_ccm_aead_t *this, chunk_t iv,
+ chunk_t in, chunk_t out)
+{
+ char ctr[BLOCK_SIZE];
+ char zero[BLOCK_SIZE];
+ char block[BLOCK_SIZE];
+
+ build_ctr(this, 1, iv, ctr);
+ memset(zero, 0, BLOCK_SIZE);
+
+ while (in.len > 0)
+ {
+ memcpy(block, ctr, BLOCK_SIZE);
+ this->crypter->encrypt(this->crypter, chunk_from_thing(block),
+ chunk_from_thing(zero), NULL);
+ chunk_increment(chunk_from_thing(ctr));
+
+ if (in.ptr != out.ptr)
+ {
+ memcpy(out.ptr, in.ptr, min(in.len, BLOCK_SIZE));
+ }
+ memxor(out.ptr, block, min(in.len, BLOCK_SIZE));
+ in = chunk_skip(in, BLOCK_SIZE);
+ out = chunk_skip(out, BLOCK_SIZE);
+ }
+}
+
+/**
+ * En-/Decrypt the ICV
+ */
+static void crypt_icv(private_ccm_aead_t *this, chunk_t iv, char *icv)
+{
+ char ctr[BLOCK_SIZE];
+ char zero[BLOCK_SIZE];
+
+ build_ctr(this, 0, iv, ctr);
+ memset(zero, 0, BLOCK_SIZE);
+
+ this->crypter->encrypt(this->crypter, chunk_from_thing(ctr),
+ chunk_from_thing(zero), NULL);
+ memxor(icv, ctr, this->icv_size);
+}
+
+/**
+ * Create the ICV
+ */
+static void create_icv(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc,
+ chunk_t iv, char *icv)
+{
+ char zero[BLOCK_SIZE];
+ chunk_t chunk;
+ char *pos;
+ int r, len;
+
+ memset(zero, 0, BLOCK_SIZE);
+
+ /* calculate number of blocks, including b0 */
+ r = 1;
+ if (assoc.len)
+ { /* assoc gets a 2 byte length header, gets padded to BLOCK_SIZE */
+ r += (2 + assoc.len + BLOCK_SIZE - 1) / BLOCK_SIZE;
+ }
+ /* plain text gets padded to BLOCK_SIZE */
+ r += (plain.len + BLOCK_SIZE - 1) / BLOCK_SIZE;
+
+ /* concatenate data to a new chunk */
+ chunk = chunk_alloc(r * BLOCK_SIZE);
+ /* write control block */
+ build_b0(this, plain, assoc, iv, chunk.ptr);
+ pos = chunk.ptr + BLOCK_SIZE;
+ /* append associated data, with length header */
+ if (assoc.len)
+ {
+ /* currently we support two byte headers only (up to 2^16-2^8 bytes) */
+ htoun16(pos, assoc.len);
+ memcpy(pos + 2, assoc.ptr, assoc.len);
+ pos += 2 + assoc.len;
+ /* padding */
+ len = (BLOCK_SIZE - ((2 + assoc.len) % BLOCK_SIZE)) % BLOCK_SIZE;
+ memset(pos, 0, len);
+ pos += len;
+ }
+ /* write plain data */
+ memcpy(pos, plain.ptr, plain.len);
+ pos += plain.len;
+ /* padding */
+ len = (BLOCK_SIZE - (plain.len % BLOCK_SIZE)) % BLOCK_SIZE;
+
+ memset(pos, 0, len);
+
+ /* encrypt inline with CBC, zero IV */
+ this->crypter->encrypt(this->crypter, chunk, chunk_from_thing(zero), NULL);
+ /* copy last icv_size bytes as ICV to output */
+ memcpy(icv, chunk.ptr + chunk.len - BLOCK_SIZE, this->icv_size);
+
+ /* encrypt the ICV value */
+ crypt_icv(this, iv, icv);
+
+ free(chunk.ptr);
+}
+
+/**
+ * Verify the ICV
+ */
+static bool verify_icv(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc,
+ chunk_t iv, char *icv)
+{
+ char buf[this->icv_size];
+
+ create_icv(this, plain, assoc, iv, buf);
+
+ return memeq(buf, icv, this->icv_size);
+}
+
+METHOD(aead_t, encrypt, void,
+ private_ccm_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv,
+ chunk_t *encrypted)
+{
+ if (encrypted)
+ {
+ *encrypted = chunk_alloc(plain.len + this->icv_size);
+ create_icv(this, plain, assoc, iv, encrypted->ptr + plain.len);
+ crypt_data(this, iv, plain, *encrypted);
+ }
+ else
+ {
+ create_icv(this, plain, assoc, iv, plain.ptr + plain.len);
+ crypt_data(this, iv, plain, plain);
+ }
+}
+
+METHOD(aead_t, decrypt, bool,
+ private_ccm_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv,
+ chunk_t *plain)
+{
+ if (encrypted.len < this->icv_size)
+ {
+ return FALSE;
+ }
+ encrypted.len -= this->icv_size;
+ if (plain)
+ {
+ *plain = chunk_alloc(encrypted.len);
+ crypt_data(this, iv, encrypted, *plain);
+ return verify_icv(this, *plain, assoc, iv,
+ encrypted.ptr + encrypted.len);
+ }
+ else
+ {
+ crypt_data(this, iv, encrypted, encrypted);
+ return verify_icv(this, encrypted, assoc, iv,
+ encrypted.ptr + encrypted.len);
+ }
+}
+
+METHOD(aead_t, get_block_size, size_t,
+ private_ccm_aead_t *this)
+{
+ return 1;
+}
+
+METHOD(aead_t, get_icv_size, size_t,
+ private_ccm_aead_t *this)
+{
+ return this->icv_size;
+}
+
+METHOD(aead_t, get_iv_size, size_t,
+ private_ccm_aead_t *this)
+{
+ return IV_SIZE;
+}
+
+METHOD(aead_t, get_key_size, size_t,
+ private_ccm_aead_t *this)
+{
+ return this->crypter->get_key_size(this->crypter) + SALT_SIZE;
+}
+
+METHOD(aead_t, set_key, void,
+ private_ccm_aead_t *this, chunk_t key)
+{
+ memcpy(this->salt, key.ptr + key.len - SALT_SIZE, SALT_SIZE);
+ key.len -= SALT_SIZE;
+ this->crypter->set_key(this->crypter, key);
+}
+
+METHOD(aead_t, destroy, void,
+ private_ccm_aead_t *this)
+{
+ this->crypter->destroy(this->crypter);
+ free(this);
+}
+
+/**
+ * See header
+ */
+ccm_aead_t *ccm_aead_create(encryption_algorithm_t algo, size_t key_size)
+{
+ private_ccm_aead_t *this;
+ size_t icv_size;
+
+ switch (key_size)
+ {
+ case 0:
+ key_size = 16;
+ break;
+ case 16:
+ case 24:
+ case 32:
+ break;
+ default:
+ return NULL;
+ }
+ switch (algo)
+ {
+ case ENCR_AES_CCM_ICV8:
+ algo = ENCR_AES_CBC;
+ icv_size = 8;
+ break;
+ case ENCR_AES_CCM_ICV12:
+ algo = ENCR_AES_CBC;
+ icv_size = 12;
+ break;
+ case ENCR_AES_CCM_ICV16:
+ algo = ENCR_AES_CBC;
+ icv_size = 16;
+ break;
+ case ENCR_CAMELLIA_CCM_ICV8:
+ algo = ENCR_CAMELLIA_CBC;
+ icv_size = 8;
+ break;
+ case ENCR_CAMELLIA_CCM_ICV12:
+ algo = ENCR_CAMELLIA_CBC;
+ icv_size = 12;
+ break;
+ case ENCR_CAMELLIA_CCM_ICV16:
+ algo = ENCR_CAMELLIA_CBC;
+ icv_size = 16;
+ break;
+ default:
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .aead = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_icv_size = _get_icv_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size),
+ .icv_size = icv_size,
+ );
+
+ if (!this->crypter)
+ {
+ free(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.h b/src/libstrongswan/plugins/ccm/ccm_aead.h
new file mode 100644
index 000000000..d5e302f94
--- /dev/null
+++ b/src/libstrongswan/plugins/ccm/ccm_aead.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ccm_aead ccm_aead
+ * @{ @ingroup ccm
+ */
+
+#ifndef CCM_AEAD_H_
+#define CCM_AEAD_H_
+
+#include <crypto/aead.h>
+
+typedef struct ccm_aead_t ccm_aead_t;
+
+/**
+ * Counter with Cipher Block Chaining-Message Authentication Code (CCM).
+ *
+ * Implements CCM as specified in NIST 800-38B, using AEAD semantics from
+ * RFC 5282, based on RFC4309.
+ */
+struct ccm_aead_t {
+
+ /**
+ * Implements aead_t interface.
+ */
+ aead_t aead;
+};
+
+/**
+ * Create a ccm_aead instance.
+ *
+ * @param key_size key size in bytes
+ * @param algo algorithm to implement, a CCM mode
+ * @return aead, NULL if not supported
+ */
+ccm_aead_t *ccm_aead_create(encryption_algorithm_t algo, size_t key_size);
+
+#endif /** CCM_AEAD_H_ @}*/
diff --git a/src/libstrongswan/plugins/ccm/ccm_plugin.c b/src/libstrongswan/plugins/ccm/ccm_plugin.c
new file mode 100644
index 000000000..5fc3b14d7
--- /dev/null
+++ b/src/libstrongswan/plugins/ccm/ccm_plugin.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ccm_plugin.h"
+
+#include <library.h>
+
+#include "ccm_aead.h"
+
+typedef struct private_ccm_plugin_t private_ccm_plugin_t;
+
+/**
+ * private data of ccm_plugin
+ */
+struct private_ccm_plugin_t {
+
+ /**
+ * public functions
+ */
+ ccm_plugin_t public;
+};
+
+METHOD(plugin_t, destroy, void,
+ private_ccm_plugin_t *this)
+{
+ lib->crypto->remove_aead(lib->crypto,
+ (aead_constructor_t)ccm_aead_create);
+
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *ccm_plugin_create()
+{
+ private_ccm_plugin_t *this;
+
+ INIT(this,
+ .public.plugin.destroy = _destroy,
+ );
+
+ lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV8,
+ (aead_constructor_t)ccm_aead_create);
+ lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV12,
+ (aead_constructor_t)ccm_aead_create);
+ lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV16,
+ (aead_constructor_t)ccm_aead_create);
+ lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV8,
+ (aead_constructor_t)ccm_aead_create);
+ lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV12,
+ (aead_constructor_t)ccm_aead_create);
+ lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16,
+ (aead_constructor_t)ccm_aead_create);
+
+ return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/ccm/ccm_plugin.h b/src/libstrongswan/plugins/ccm/ccm_plugin.h
new file mode 100644
index 000000000..9a3252012
--- /dev/null
+++ b/src/libstrongswan/plugins/ccm/ccm_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ccm ccm
+ * @ingroup plugins
+ *
+ * @defgroup ccm_plugin ccm_plugin
+ * @{ @ingroup ccm
+ */
+
+#ifndef CCM_PLUGIN_H_
+#define CCM_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct ccm_plugin_t ccm_plugin_t;
+
+/**
+ * Plugin providing CCM mode operation.
+ */
+struct ccm_plugin_t {
+
+ /**
+ * Implements plugin interface.
+ */
+ plugin_t plugin;
+};
+
+#endif /** CCM_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/ctr/Makefile.am b/src/libstrongswan/plugins/ctr/Makefile.am
new file mode 100644
index 000000000..893171aab
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-ctr.la
+else
+plugin_LTLIBRARIES = libstrongswan-ctr.la
+endif
+
+libstrongswan_ctr_la_SOURCES = \
+ ctr_plugin.h ctr_plugin.c \
+ ctr_ipsec_crypter.h ctr_ipsec_crypter.c
+
+libstrongswan_ctr_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
new file mode 100644
index 000000000..b51f57113
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -0,0 +1,600 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/ctr
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_ctr_la_LIBADD =
+am_libstrongswan_ctr_la_OBJECTS = ctr_plugin.lo ctr_ipsec_crypter.lo
+libstrongswan_ctr_la_OBJECTS = $(am_libstrongswan_ctr_la_OBJECTS)
+libstrongswan_ctr_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_ctr_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_ctr_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_ctr_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_ctr_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_ctr_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ctr.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ctr.la
+libstrongswan_ctr_la_SOURCES = \
+ ctr_plugin.h ctr_plugin.c \
+ ctr_ipsec_crypter.h ctr_ipsec_crypter.c
+
+libstrongswan_ctr_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ctr/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/ctr/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-ctr.la: $(libstrongswan_ctr_la_OBJECTS) $(libstrongswan_ctr_la_DEPENDENCIES)
+ $(libstrongswan_ctr_la_LINK) $(am_libstrongswan_ctr_la_rpath) $(libstrongswan_ctr_la_OBJECTS) $(libstrongswan_ctr_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ctr_ipsec_crypter.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ctr_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c
new file mode 100644
index 000000000..ddcae423b
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ctr_ipsec_crypter.h"
+
+typedef struct private_ctr_ipsec_crypter_t private_ctr_ipsec_crypter_t;
+
+/**
+ * Private data of an ctr_ipsec_crypter_t object.
+ */
+struct private_ctr_ipsec_crypter_t {
+
+ /**
+ * Public ctr_ipsec_crypter_t interface.
+ */
+ ctr_ipsec_crypter_t public;
+
+ /**
+ * Underlying CBC crypter
+ */
+ crypter_t *crypter;
+
+ /**
+ * counter state
+ */
+ struct {
+ char nonce[4];
+ char iv[8];
+ u_int32_t counter;
+ } __attribute__((packed)) state;
+};
+
+/**
+ * Do the CTR crypto operation
+ */
+static void crypt_ctr(private_ctr_ipsec_crypter_t *this,
+ chunk_t in, chunk_t out)
+{
+ size_t is, bs;
+ chunk_t state;
+
+ is = this->crypter->get_iv_size(this->crypter);
+ bs = sizeof(this->state);
+
+ this->state.counter = htonl(1);
+ state = chunk_create((char*)&this->state, bs);
+
+ while (in.len > 0)
+ {
+ char iv[is], block[bs];
+
+ memset(iv, 0, is);
+ memcpy(block, state.ptr, bs);
+ this->crypter->encrypt(this->crypter,
+ chunk_create(block, bs), chunk_create(iv, is), NULL);
+ chunk_increment(state);
+
+ if (in.ptr != out.ptr)
+ {
+ memcpy(out.ptr, in.ptr, min(in.len, bs));
+ }
+ memxor(out.ptr, block, min(in.len, bs));
+ in = chunk_skip(in, bs);
+ out = chunk_skip(out, bs);
+ }
+}
+
+METHOD(crypter_t, crypt, void,
+ private_ctr_ipsec_crypter_t *this, chunk_t in, chunk_t iv, chunk_t *out)
+{
+ memcpy(this->state.iv, iv.ptr, sizeof(this->state.iv));
+
+ if (out)
+ {
+ *out = chunk_alloc(in.len);
+ crypt_ctr(this, in, *out);
+ }
+ else
+ {
+ crypt_ctr(this, in, in);
+ }
+}
+
+METHOD(crypter_t, get_block_size, size_t,
+ private_ctr_ipsec_crypter_t *this)
+{
+ return 1;
+}
+
+METHOD(crypter_t, get_iv_size, size_t,
+ private_ctr_ipsec_crypter_t *this)
+{
+ return sizeof(this->state.iv);
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_ctr_ipsec_crypter_t *this)
+{
+ return this->crypter->get_key_size(this->crypter)
+ + sizeof(this->state.nonce);
+}
+
+METHOD(crypter_t, set_key, void,
+ private_ctr_ipsec_crypter_t *this, chunk_t key)
+{
+ memcpy(this->state.nonce, key.ptr + key.len - sizeof(this->state.nonce),
+ sizeof(this->state.nonce));
+ key.len -= sizeof(this->state.nonce);
+ this->crypter->set_key(this->crypter, key);
+}
+
+METHOD(crypter_t, destroy, void,
+ private_ctr_ipsec_crypter_t *this)
+{
+ this->crypter->destroy(this->crypter);
+ free(this);
+}
+
+/**
+ * See header
+ */
+ctr_ipsec_crypter_t *ctr_ipsec_crypter_create(encryption_algorithm_t algo,
+ size_t key_size)
+{
+ private_ctr_ipsec_crypter_t *this;
+
+ switch (algo)
+ {
+ case ENCR_AES_CTR:
+ algo = ENCR_AES_CBC;
+ break;
+ case ENCR_CAMELLIA_CTR:
+ algo = ENCR_CAMELLIA_CBC;
+ break;
+ default:
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .crypter = {
+ .encrypt = _crypt,
+ .decrypt = _crypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size),
+ );
+
+ if (!this->crypter)
+ {
+ free(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h
new file mode 100644
index 000000000..db21aec3b
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.h
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ctr_ipsec_crypter ctr_ipsec_crypter
+ * @{ @ingroup ctr
+ */
+
+#ifndef CTR_IPSEC_CRYPTER_H_
+#define CTR_IPSEC_CRYPTER_H_
+
+#include <crypto/crypters/crypter.h>
+
+typedef struct ctr_ipsec_crypter_t ctr_ipsec_crypter_t;
+
+/**
+ * Counter Mode wrapper for encryption algorithms, IPsec variant (RFC3686).
+ */
+struct ctr_ipsec_crypter_t {
+
+ /**
+ * Implements crypter_t interface.
+ */
+ crypter_t crypter;
+};
+
+/**
+ * Create a ctr_ipsec_crypter instance.
+ */
+ctr_ipsec_crypter_t *ctr_ipsec_crypter_create();
+
+/**
+ * Create a ctr_ipsec_crypter instance.
+ *
+ * @param key_size key size in bytes
+ * @param algo algorithm to implement, a counter mode
+ * @return crypter, NULL if not supported
+ */
+ctr_ipsec_crypter_t *ctr_ipsec_crypter_create(encryption_algorithm_t algo,
+ size_t key_size);
+
+#endif /** CTR_IPSEC_CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/plugins/ctr/ctr_plugin.c b/src/libstrongswan/plugins/ctr/ctr_plugin.c
new file mode 100644
index 000000000..5e47f23ec
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/ctr_plugin.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ctr_plugin.h"
+
+#include <library.h>
+
+#include "ctr_ipsec_crypter.h"
+
+typedef struct private_ctr_plugin_t private_ctr_plugin_t;
+
+/**
+ * private data of ctr_plugin
+ */
+struct private_ctr_plugin_t {
+
+ /**
+ * public functions
+ */
+ ctr_plugin_t public;
+};
+
+METHOD(plugin_t, destroy, void,
+ private_ctr_plugin_t *this)
+{
+ lib->crypto->remove_crypter(lib->crypto,
+ (crypter_constructor_t)ctr_ipsec_crypter_create);
+
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *ctr_plugin_create()
+{
+ private_ctr_plugin_t *this;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
+
+ lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR,
+ (crypter_constructor_t)ctr_ipsec_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR,
+ (crypter_constructor_t)ctr_ipsec_crypter_create);
+
+ return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/ctr/ctr_plugin.h b/src/libstrongswan/plugins/ctr/ctr_plugin.h
new file mode 100644
index 000000000..7b2f901dc
--- /dev/null
+++ b/src/libstrongswan/plugins/ctr/ctr_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ctr ctr
+ * @ingroup plugins
+ *
+ * @defgroup ctr_plugin ctr_plugin
+ * @{ @ingroup ctr
+ */
+
+#ifndef CTR_PLUGIN_H_
+#define CTR_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct ctr_plugin_t ctr_plugin_t;
+
+/**
+ * Plugin providing CTR mode operation of symmetric encryption algorithms.
+ */
+struct ctr_plugin_t {
+
+ /**
+ * Implements plugin interface.
+ */
+ plugin_t plugin;
+};
+
+#endif /** CTR_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index fc3b0ab1a..9cc99063c 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -195,14 +198,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -242,7 +255,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c
index 2341c9052..4835f6461 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.c
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.c
@@ -166,10 +166,12 @@ curl_fetcher_t *curl_fetcher_create()
private_curl_fetcher_t *this;
INIT(this,
- .public.interface = {
- .fetch = _fetch,
- .set_option = _set_option,
- .destroy = _destroy,
+ .public = {
+ .interface = {
+ .fetch = _fetch,
+ .set_option = _set_option,
+ .destroy = _destroy,
+ },
},
.curl = curl_easy_init(),
);
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index 319baa04c..0e8fa7315 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -195,14 +198,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -242,7 +255,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c
index 142e79613..7d9fbe852 100644
--- a/src/libstrongswan/plugins/des/des_crypter.c
+++ b/src/libstrongswan/plugins/des/des_crypter.c
@@ -1416,11 +1416,8 @@ static void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, long len
tin[0]=tin[1]=0;
}
-/**
- * Implementation of crypter_t.decrypt for DES.
- */
-static void decrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *decrypted)
+METHOD(crypter_t, decrypt, void,
+ private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
des_cblock ivb;
u_int8_t *out;
@@ -1437,11 +1434,8 @@ static void decrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv,
}
-/**
- * Implementation of crypter_t.decrypt for DES.
- */
-static void encrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *encrypted)
+METHOD(crypter_t, encrypt, void,
+ private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
des_cblock ivb;
u_int8_t *out;
@@ -1457,11 +1451,8 @@ static void encrypt(private_des_crypter_t *this, chunk_t data, chunk_t iv,
data.len, this->ks, &ivb, DES_ENCRYPT);
}
-/**
- * Implementation of crypter_t.decrypt for DES (ECB).
- */
-static void decrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *decrypted)
+METHOD(crypter_t, decrypt_ecb, void,
+ private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
u_int8_t *out;
@@ -1475,11 +1466,8 @@ static void decrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv,
data.len, this->ks, DES_DECRYPT);
}
-/**
- * Implementation of crypter_t.decrypt for DES (ECB).
- */
-static void encrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *encrypted)
+METHOD(crypter_t, encrypt_ecb, void,
+ private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
u_int8_t *out;
@@ -1493,11 +1481,8 @@ static void encrypt_ecb(private_des_crypter_t *this, chunk_t data, chunk_t iv,
data.len, this->ks, DES_ENCRYPT);
}
-/**
- * Implementation of crypter_t.decrypt for 3DES.
- */
-static void decrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *decrypted)
+METHOD(crypter_t, decrypt3, void,
+ private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted)
{
des_cblock ivb;
u_int8_t *out;
@@ -1514,11 +1499,8 @@ static void decrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv,
&ivb, DES_DECRYPT);
}
-/**
- * Implementation of crypter_t.decrypt for 3DES.
- */
-static void encrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv,
- chunk_t *encrypted)
+METHOD(crypter_t, encrypt3, void,
+ private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted)
{
des_cblock ivb;
u_int8_t *out;
@@ -1535,44 +1517,40 @@ static void encrypt3(private_des_crypter_t *this, chunk_t data, chunk_t iv,
&ivb, DES_ENCRYPT);
}
-/**
- * Implementation of crypter_t.get_block_size.
- */
-static size_t get_block_size (private_des_crypter_t *this)
+METHOD(crypter_t, get_block_size, size_t,
+ private_des_crypter_t *this)
{
return sizeof(des_cblock);
}
-/**
- * Implementation of crypter_t.get_key_size.
- */
-static size_t get_key_size (private_des_crypter_t *this)
+METHOD(crypter_t, get_iv_size, size_t,
+ private_des_crypter_t *this)
+{
+ return sizeof(des_cblock);
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_des_crypter_t *this)
{
return this->key_size;
}
-/**
- * Implementation of crypter_t.set_key for DES.
- */
-static void set_key(private_des_crypter_t *this, chunk_t key)
+METHOD(crypter_t, set_key, void,
+ private_des_crypter_t *this, chunk_t key)
{
des_set_key((des_cblock*)(key.ptr), &this->ks);
}
-/**
- * Implementation of crypter_t.set_key for 3DES.
- */
-static void set_key3(private_des_crypter_t *this, chunk_t key)
+METHOD(crypter_t, set_key3, void,
+ private_des_crypter_t *this, chunk_t key)
{
des_set_key((des_cblock*)(key.ptr) + 0, &this->ks3[0]);
des_set_key((des_cblock*)(key.ptr) + 1, &this->ks3[1]);
des_set_key((des_cblock*)(key.ptr) + 2, &this->ks3[2]);
}
-/**
- * Implementation of crypter_t.destroy and des_crypter_t.destroy.
- */
-static void destroy(private_des_crypter_t *this)
+METHOD(crypter_t, destroy, void,
+ private_des_crypter_t *this)
{
free(this);
}
@@ -1582,33 +1560,39 @@ static void destroy(private_des_crypter_t *this)
*/
des_crypter_t *des_crypter_create(encryption_algorithm_t algo)
{
- private_des_crypter_t *this = malloc_thing(private_des_crypter_t);
-
- /* functions of crypter_t interface */
- this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
- this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
- this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
+ private_des_crypter_t *this;
+
+ INIT(this,
+ .public = {
+ .crypter = {
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .destroy = _destroy,
+ },
+ },
+ );
/* use functions depending on algorithm */
switch (algo)
{
case ENCR_DES:
this->key_size = sizeof(des_cblock);
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
+ this->public.crypter.set_key = _set_key;
+ this->public.crypter.encrypt = _encrypt;
+ this->public.crypter.decrypt = _decrypt;
break;
case ENCR_3DES:
this->key_size = 3 * sizeof(des_cblock);
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key3;
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt3;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt3;
+ this->public.crypter.set_key = _set_key3;
+ this->public.crypter.encrypt = _encrypt3;
+ this->public.crypter.decrypt = _decrypt3;
break;
case ENCR_DES_ECB:
this->key_size = sizeof(des_cblock);
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt_ecb;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt_ecb;
+ this->public.crypter.set_key = _set_key;
+ this->public.crypter.encrypt = _encrypt_ecb;
+ this->public.crypter.decrypt = _decrypt_ecb;
break;
default:
free(this);
diff --git a/src/libstrongswan/plugins/des/des_crypter.h b/src/libstrongswan/plugins/des/des_crypter.h
index cffbd4ce3..07215d0c5 100644
--- a/src/libstrongswan/plugins/des/des_crypter.h
+++ b/src/libstrongswan/plugins/des/des_crypter.h
@@ -32,9 +32,9 @@ typedef struct des_crypter_t des_crypter_t;
struct des_crypter_t {
/**
- * The crypter_t interface.
+ * Implements crypter_t interface.
*/
- crypter_t crypter_interface;
+ crypter_t crypter;
};
/**
diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c
index afc82e8d4..43b457ce2 100644
--- a/src/libstrongswan/plugins/des/des_plugin.c
+++ b/src/libstrongswan/plugins/des/des_plugin.c
@@ -31,10 +31,8 @@ struct private_des_plugin_t {
des_plugin_t public;
};
-/**
- * Implementation of des_plugin_t.destroy
- */
-static void destroy(private_des_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_des_plugin_t *this)
{
lib->crypto->remove_crypter(lib->crypto,
(crypter_constructor_t)des_crypter_create);
@@ -46,9 +44,15 @@ static void destroy(private_des_plugin_t *this)
*/
plugin_t *des_plugin_create()
{
- private_des_plugin_t *this = malloc_thing(private_des_plugin_t);
+ private_des_plugin_t *this;
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
lib->crypto->add_crypter(lib->crypto, ENCR_3DES,
(crypter_constructor_t)des_crypter_create);
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index 73f81f4db..7f4529211 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -167,6 +168,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -198,14 +201,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -220,24 +226,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -245,7 +258,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
index 125047b05..bc0ee30ae 100644
--- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
+++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c
@@ -50,9 +50,9 @@ plugin_t *dnskey_plugin_create()
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
(builder_function_t)dnskey_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE,
(builder_function_t)dnskey_public_key_load);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index 4ed8276c4..7e2a1ccdf 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -167,6 +168,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -198,14 +201,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -220,24 +226,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -245,7 +258,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/gcm/Makefile.am b/src/libstrongswan/plugins/gcm/Makefile.am
new file mode 100644
index 000000000..ec733fbcc
--- /dev/null
+++ b/src/libstrongswan/plugins/gcm/Makefile.am
@@ -0,0 +1,16 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-gcm.la
+else
+plugin_LTLIBRARIES = libstrongswan-gcm.la
+endif
+
+libstrongswan_gcm_la_SOURCES = \
+ gcm_plugin.h gcm_plugin.c \
+ gcm_aead.h gcm_aead.c
+
+libstrongswan_gcm_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
new file mode 100644
index 000000000..a4de9ea77
--- /dev/null
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -0,0 +1,600 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/gcm
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_gcm_la_LIBADD =
+am_libstrongswan_gcm_la_OBJECTS = gcm_plugin.lo gcm_aead.lo
+libstrongswan_gcm_la_OBJECTS = $(am_libstrongswan_gcm_la_OBJECTS)
+libstrongswan_gcm_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_gcm_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_gcm_la_rpath = -rpath $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_gcm_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_gcm_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_gcm_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-gcm.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-gcm.la
+libstrongswan_gcm_la_SOURCES = \
+ gcm_plugin.h gcm_plugin.c \
+ gcm_aead.h gcm_aead.c
+
+libstrongswan_gcm_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcm/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcm/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-gcm.la: $(libstrongswan_gcm_la_OBJECTS) $(libstrongswan_gcm_la_DEPENDENCIES)
+ $(libstrongswan_gcm_la_LINK) $(am_libstrongswan_gcm_la_rpath) $(libstrongswan_gcm_la_OBJECTS) $(libstrongswan_gcm_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcm_aead.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcm_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.c b/src/libstrongswan/plugins/gcm/gcm_aead.c
new file mode 100644
index 000000000..0d7d91dbf
--- /dev/null
+++ b/src/libstrongswan/plugins/gcm/gcm_aead.c
@@ -0,0 +1,425 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "gcm_aead.h"
+
+#include <limits.h>
+
+#define BLOCK_SIZE 16
+#define NONCE_SIZE 12
+#define IV_SIZE 8
+#define SALT_SIZE (NONCE_SIZE - IV_SIZE)
+
+typedef struct private_gcm_aead_t private_gcm_aead_t;
+
+/**
+ * Private data of an gcm_aead_t object.
+ */
+struct private_gcm_aead_t {
+
+ /**
+ * Public gcm_aead_t interface.
+ */
+ gcm_aead_t public;
+
+ /**
+ * Underlying CBC crypter.
+ */
+ crypter_t *crypter;
+
+ /**
+ * Size of the integrity check value
+ */
+ size_t icv_size;
+
+ /**
+ * Salt value
+ */
+ char salt[SALT_SIZE];
+
+ /**
+ * GHASH subkey H
+ */
+ char h[BLOCK_SIZE];
+};
+
+/**
+ * Find a suiteable word size and network order conversion functions
+ */
+#if ULONG_MAX == 18446744073709551615UL && defined(htobe64)
+# define htobeword htobe64
+# define bewordtoh be64toh
+# define SHIFT_WORD_TYPE u_int64_t
+#else
+# define htobeword htonl
+# define bewordtoh ntohl
+# define SHIFT_WORD_TYPE u_int32_t
+#endif
+
+/**
+ * Bitshift a block right by one bit
+ */
+static void sr_block(char *block)
+{
+ int i;
+ SHIFT_WORD_TYPE *word = (SHIFT_WORD_TYPE*)block;
+
+ for (i = 0; i < BLOCK_SIZE / sizeof(*word); i++)
+ {
+ word[i] = bewordtoh(word[i]);
+ }
+ for (i = BLOCK_SIZE / sizeof(*word) - 1; i >= 0; i--)
+ {
+ word[i] >>= 1;
+ if (i != 0)
+ {
+ word[i] |= word[i - 1] << (sizeof(*word) * 8 - 1);
+ }
+ }
+ for (i = 0; i < BLOCK_SIZE / sizeof(*word); i++)
+ {
+ word[i] = htobeword(word[i]);
+ }
+}
+
+/**
+ * Naive implementation of block multiplication in GF128, no tables
+ */
+static void mult_block(char *x, char *y, char *res)
+{
+ char z[BLOCK_SIZE], v[BLOCK_SIZE], r;
+ int bit, byte;
+
+ r = 0xE1;
+ memset(z, 0, BLOCK_SIZE);
+ memcpy(v, y, BLOCK_SIZE);
+
+ for (byte = 0; byte < BLOCK_SIZE; byte++)
+ {
+ for (bit = 7; bit >= 0; bit--)
+ {
+ if (x[byte] & (1 << bit))
+ {
+ memxor(z, v, BLOCK_SIZE);
+ }
+ if (v[BLOCK_SIZE - 1] & 0x01)
+ {
+ sr_block(v);
+ v[0] ^= r;
+ }
+ else
+ {
+ sr_block(v);
+ }
+ }
+ }
+ memcpy(res, z, BLOCK_SIZE);
+}
+
+/**
+ * GHASH function
+ */
+static void ghash(private_gcm_aead_t *this, chunk_t x, char *res)
+{
+ char y[BLOCK_SIZE];
+
+ memset(y, 0, BLOCK_SIZE);
+
+ while (x.len)
+ {
+ memxor(y, x.ptr, BLOCK_SIZE);
+ mult_block(y, this->h, y);
+ x = chunk_skip(x, BLOCK_SIZE);
+ }
+ memcpy(res, y, BLOCK_SIZE);
+}
+
+/**
+ * GCTR function, en-/decrypts x inline
+ */
+static void gctr(private_gcm_aead_t *this, char *icb, chunk_t x)
+{
+ char cb[BLOCK_SIZE], iv[BLOCK_SIZE], tmp[BLOCK_SIZE];
+
+ memset(iv, 0, BLOCK_SIZE);
+ memcpy(cb, icb, BLOCK_SIZE);
+
+ while (x.len)
+ {
+ memcpy(tmp, cb, BLOCK_SIZE);
+ this->crypter->encrypt(this->crypter, chunk_from_thing(tmp),
+ chunk_from_thing(iv), NULL);
+ memxor(x.ptr, tmp, min(BLOCK_SIZE, x.len));
+ chunk_increment(chunk_from_thing(cb));
+ x = chunk_skip(x, BLOCK_SIZE);
+ }
+}
+
+/**
+ * Generate the block J0
+ */
+static void create_j(private_gcm_aead_t *this, char *iv, char *j)
+{
+ memcpy(j, this->salt, SALT_SIZE);
+ memcpy(j + SALT_SIZE, iv, IV_SIZE);
+ htoun32(j + SALT_SIZE + IV_SIZE, 1);
+}
+
+/**
+ * Create GHASH subkey H
+ */
+static void create_h(private_gcm_aead_t *this, char *h)
+{
+ char zero[BLOCK_SIZE];
+
+ memset(zero, 0, BLOCK_SIZE);
+ memset(h, 0, BLOCK_SIZE);
+
+ this->crypter->encrypt(this->crypter, chunk_create(h, BLOCK_SIZE),
+ chunk_from_thing(zero), NULL);
+}
+
+/**
+ * Encrypt/decrypt
+ */
+static void crypt(private_gcm_aead_t *this, char *j, chunk_t in, chunk_t out)
+{
+ char icb[BLOCK_SIZE];
+
+ memcpy(icb, j, BLOCK_SIZE);
+ chunk_increment(chunk_from_thing(icb));
+
+ out.len = in.len;
+ if (in.ptr != out.ptr)
+ {
+ memcpy(out.ptr, in.ptr, in.len);
+ }
+ gctr(this, icb, out);
+}
+
+/**
+ * Create ICV
+ */
+static void create_icv(private_gcm_aead_t *this, chunk_t assoc, chunk_t crypt,
+ char *j, char *icv)
+{
+ size_t assoc_pad, crypt_pad;
+ chunk_t chunk;
+ char s[BLOCK_SIZE], *pos;
+
+ assoc_pad = (BLOCK_SIZE - (assoc.len % BLOCK_SIZE)) % BLOCK_SIZE;
+ crypt_pad = (BLOCK_SIZE - (crypt.len % BLOCK_SIZE)) % BLOCK_SIZE;
+
+ /* concatenate data to a new chunk */
+ chunk = chunk_alloc(assoc.len + assoc_pad +
+ crypt.len + crypt_pad + BLOCK_SIZE);
+ pos = chunk.ptr;
+ /* add associated data */
+ memcpy(pos, assoc.ptr, assoc.len);
+ pos += assoc.len;
+ memset(pos, 0, assoc_pad);
+ pos += assoc_pad;
+ /* add encrypted data */
+ memcpy(pos, crypt.ptr, crypt.len);
+ pos += crypt.len;
+ memset(pos, 0, crypt_pad);
+ pos += crypt_pad;
+ /* write associated len */
+ memset(pos, 0, 4);
+ pos += 4;
+ htoun32(pos, assoc.len * 8);
+ pos += 4;
+ /* write encrypted length */
+ memset(pos, 0, 4);
+ pos += 4;
+ htoun32(pos, crypt.len * 8);
+ pos += 4;
+
+ ghash(this, chunk, s);
+ free(chunk.ptr);
+ gctr(this, j, chunk_from_thing(s));
+
+ memcpy(icv, s, this->icv_size);
+}
+
+/**
+ * Verify the ICV value
+ */
+static bool verify_icv(private_gcm_aead_t *this, chunk_t assoc, chunk_t crypt,
+ char *j, char *icv)
+{
+ char tmp[this->icv_size];
+
+ create_icv(this, assoc, crypt, j, tmp);
+
+ return memeq(tmp, icv, this->icv_size);
+}
+
+METHOD(aead_t, encrypt, void,
+ private_gcm_aead_t *this, chunk_t plain, chunk_t assoc, chunk_t iv,
+ chunk_t *encrypted)
+{
+ char j[BLOCK_SIZE];
+
+ create_j(this, iv.ptr, j);
+
+ if (encrypted)
+ {
+ *encrypted = chunk_alloc(plain.len + this->icv_size);
+ crypt(this, j, plain, *encrypted);
+ create_icv(this, assoc,
+ chunk_create(encrypted->ptr, encrypted->len - this->icv_size),
+ j, encrypted->ptr + encrypted->len - this->icv_size);
+ }
+ else
+ {
+ crypt(this, j, plain, plain);
+ create_icv(this, assoc, plain, j, plain.ptr + plain.len);
+ }
+}
+
+METHOD(aead_t, decrypt, bool,
+ private_gcm_aead_t *this, chunk_t encrypted, chunk_t assoc, chunk_t iv,
+ chunk_t *plain)
+{
+ char j[BLOCK_SIZE];
+
+ if (encrypted.len < this->icv_size)
+ {
+ return FALSE;
+ }
+
+ create_j(this, iv.ptr, j);
+
+ encrypted.len -= this->icv_size;
+ if (!verify_icv(this, assoc, encrypted, j, encrypted.ptr + encrypted.len))
+ {
+ return FALSE;
+ }
+ if (plain)
+ {
+ *plain = chunk_alloc(encrypted.len);
+ crypt(this, j, encrypted, *plain);
+ }
+ else
+ {
+ crypt(this, j, encrypted, encrypted);
+ }
+ return TRUE;
+}
+
+METHOD(aead_t, get_block_size, size_t,
+ private_gcm_aead_t *this)
+{
+ return 1;
+}
+
+METHOD(aead_t, get_icv_size, size_t,
+ private_gcm_aead_t *this)
+{
+ return this->icv_size;
+}
+
+METHOD(aead_t, get_iv_size, size_t,
+ private_gcm_aead_t *this)
+{
+ return IV_SIZE;
+}
+
+METHOD(aead_t, get_key_size, size_t,
+ private_gcm_aead_t *this)
+{
+ return this->crypter->get_key_size(this->crypter) + SALT_SIZE;
+}
+
+METHOD(aead_t, set_key, void,
+ private_gcm_aead_t *this, chunk_t key)
+{
+ memcpy(this->salt, key.ptr + key.len - SALT_SIZE, SALT_SIZE);
+ key.len -= SALT_SIZE;
+ this->crypter->set_key(this->crypter, key);
+ create_h(this, this->h);
+}
+
+METHOD(aead_t, destroy, void,
+ private_gcm_aead_t *this)
+{
+ this->crypter->destroy(this->crypter);
+ free(this);
+}
+
+/**
+ * See header
+ */
+gcm_aead_t *gcm_aead_create(encryption_algorithm_t algo, size_t key_size)
+{
+ private_gcm_aead_t *this;
+ size_t icv_size;
+
+ switch (key_size)
+ {
+ case 0:
+ key_size = 16;
+ break;
+ case 16:
+ case 24:
+ case 32:
+ break;
+ default:
+ return NULL;
+ }
+ switch (algo)
+ {
+ case ENCR_AES_GCM_ICV8:
+ algo = ENCR_AES_CBC;
+ icv_size = 8;
+ break;
+ case ENCR_AES_GCM_ICV12:
+ algo = ENCR_AES_CBC;
+ icv_size = 12;
+ break;
+ case ENCR_AES_GCM_ICV16:
+ algo = ENCR_AES_CBC;
+ icv_size = 16;
+ break;
+ default:
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .aead = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_icv_size = _get_icv_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size),
+ .icv_size = icv_size,
+ );
+
+ if (!this->crypter)
+ {
+ free(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.h b/src/libstrongswan/plugins/gcm/gcm_aead.h
new file mode 100644
index 000000000..db4be2442
--- /dev/null
+++ b/src/libstrongswan/plugins/gcm/gcm_aead.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup gcm_aead gcm_aead
+ * @{ @ingroup gcm
+ */
+
+#ifndef GCM_AEAD_H_
+#define GCM_AEAD_H_
+
+#include <crypto/aead.h>
+
+typedef struct gcm_aead_t gcm_aead_t;
+
+/**
+ * Galois/Counter Mode (GCM).
+ *
+ * Implements GCM as specified in NIST 800-38D, using AEAD semantics from
+ * RFC 5282, based on RFC4106.
+ */
+struct gcm_aead_t {
+
+ /**
+ * Implements aead_t interface.
+ */
+ aead_t aead;
+};
+
+/**
+ * Create a gcm_aead instance.
+ *
+ * @param key_size key size in bytes
+ * @param algo algorithm to implement, a gcm mode
+ * @return aead, NULL if not supported
+ */
+gcm_aead_t *gcm_aead_create(encryption_algorithm_t algo, size_t key_size);
+
+#endif /** GCM_AEAD_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcm/gcm_plugin.c b/src/libstrongswan/plugins/gcm/gcm_plugin.c
new file mode 100644
index 000000000..061001b30
--- /dev/null
+++ b/src/libstrongswan/plugins/gcm/gcm_plugin.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "gcm_plugin.h"
+
+#include <library.h>
+
+#include "gcm_aead.h"
+
+typedef struct private_gcm_plugin_t private_gcm_plugin_t;
+
+/**
+ * private data of gcm_plugin
+ */
+struct private_gcm_plugin_t {
+
+ /**
+ * public functions
+ */
+ gcm_plugin_t public;
+};
+
+METHOD(plugin_t, destroy, void,
+ private_gcm_plugin_t *this)
+{
+ lib->crypto->remove_aead(lib->crypto,
+ (aead_constructor_t)gcm_aead_create);
+
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *gcm_plugin_create()
+{
+ private_gcm_plugin_t *this;
+
+ INIT(this,
+ .public.plugin.destroy = _destroy,
+ );
+
+ lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV8,
+ (aead_constructor_t)gcm_aead_create);
+ lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV12,
+ (aead_constructor_t)gcm_aead_create);
+ lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16,
+ (aead_constructor_t)gcm_aead_create);
+
+ return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/gcm/gcm_plugin.h b/src/libstrongswan/plugins/gcm/gcm_plugin.h
new file mode 100644
index 000000000..52676708e
--- /dev/null
+++ b/src/libstrongswan/plugins/gcm/gcm_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup gcm gcm
+ * @ingroup plugins
+ *
+ * @defgroup gcm_plugin gcm_plugin
+ * @{ @ingroup gcm
+ */
+
+#ifndef GCM_PLUGIN_H_
+#define GCM_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct gcm_plugin_t gcm_plugin_t;
+
+/**
+ * Plugin providing GCM mode operation.
+ */
+struct gcm_plugin_t {
+
+ /**
+ * Implements plugin interface.
+ */
+ plugin_t plugin;
+};
+
+#endif /** GCM_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index 09131c4be..00c49c487 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -168,6 +169,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -199,14 +202,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -221,24 +227,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -246,7 +259,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
index 5dbdde32c..599481911 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
@@ -40,15 +40,43 @@ struct private_gcrypt_crypter_t {
* gcrypt algorithm identifier
*/
int alg;
+
+ /**
+ * are we using counter mode?
+ */
+ bool ctr_mode;
+
+ /**
+ * counter state
+ */
+ struct {
+ char nonce[4];
+ char iv[8];
+ u_int32_t counter;
+ } __attribute__((packed)) ctr;
};
/**
- * Implementation of crypter_t.decrypt.
+ * Set the IV for en/decryption
*/
-static void decrypt(private_gcrypt_crypter_t *this, chunk_t data,
- chunk_t iv, chunk_t *dst)
+static void set_iv(private_gcrypt_crypter_t *this, chunk_t iv)
+{
+ if (this->ctr_mode)
+ {
+ memcpy(this->ctr.iv, iv.ptr, sizeof(this->ctr.iv));
+ this->ctr.counter = htonl(1);
+ gcry_cipher_setctr(this->h, &this->ctr, sizeof(this->ctr));
+ }
+ else
+ {
+ gcry_cipher_setiv(this->h, iv.ptr, iv.len);
+ }
+}
+
+METHOD(crypter_t, decrypt, void,
+ private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
- gcry_cipher_setiv(this->h, iv.ptr, iv.len);
+ set_iv(this, iv);
if (dst)
{
@@ -61,13 +89,10 @@ static void decrypt(private_gcrypt_crypter_t *this, chunk_t data,
}
}
-/**
- * Implementation of crypter_t.encrypt.
- */
-static void encrypt(private_gcrypt_crypter_t *this, chunk_t data,
- chunk_t iv, chunk_t *dst)
+METHOD(crypter_t, encrypt, void,
+ private_gcrypt_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
- gcry_cipher_setiv(this->h, iv.ptr, iv.len);
+ set_iv(this, iv);
if (dst)
{
@@ -80,40 +105,60 @@ static void encrypt(private_gcrypt_crypter_t *this, chunk_t data,
}
}
-/**
- * Implementation of crypter_t.get_block_size.
- */
-static size_t get_block_size(private_gcrypt_crypter_t *this)
+METHOD(crypter_t, get_block_size, size_t,
+ private_gcrypt_crypter_t *this)
{
size_t len = 0;
+ if (this->ctr_mode)
+ { /* counter mode does not need any padding */
+ return 1;
+ }
gcry_cipher_algo_info(this->alg, GCRYCTL_GET_BLKLEN, NULL, &len);
return len;
}
-/**
- * Implementation of crypter_t.get_key_size.
- */
-static size_t get_key_size(private_gcrypt_crypter_t *this)
+METHOD(crypter_t, get_iv_size, size_t,
+ private_gcrypt_crypter_t *this)
+{
+ size_t len = 0;
+
+ if (this->ctr_mode)
+ {
+ return sizeof(this->ctr.iv);
+ }
+ gcry_cipher_algo_info(this->alg, GCRYCTL_GET_BLKLEN, NULL, &len);
+ return len;
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_gcrypt_crypter_t *this)
{
size_t len = 0;
gcry_cipher_algo_info(this->alg, GCRYCTL_GET_KEYLEN, NULL, &len);
+ if (this->ctr_mode)
+ {
+ return len + sizeof(this->ctr.nonce);
+ }
return len;
}
-/**
- * Implementation of crypter_t.set_key.
- */
-static void set_key(private_gcrypt_crypter_t *this, chunk_t key)
+METHOD(crypter_t, set_key, void,
+ private_gcrypt_crypter_t *this, chunk_t key)
{
+ if (this->ctr_mode)
+ {
+ /* last 4 bytes are the nonce */
+ memcpy(this->ctr.nonce, key.ptr + key.len - sizeof(this->ctr.nonce),
+ sizeof(this->ctr.nonce));
+ key.len -= sizeof(this->ctr.nonce);
+ }
gcry_cipher_setkey(this->h, key.ptr, key.len);
}
-/**
- * Implementation of crypter_t.destroy.
- */
-static void destroy (private_gcrypt_crypter_t *this)
+METHOD(crypter_t, destroy, void,
+ private_gcrypt_crypter_t *this)
{
gcry_cipher_close(this->h);
free(this);
@@ -149,18 +194,19 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
gcrypt_alg = GCRY_CIPHER_CAST5;
break;
case ENCR_BLOWFISH:
- if (key_size != 16)
+ if (key_size != 16 && key_size != 0)
{ /* gcrypt currently supports 128 bit blowfish only */
return NULL;
}
gcrypt_alg = GCRY_CIPHER_BLOWFISH;
break;
- /* case ENCR_AES_CTR:
- mode = GCRY_CIPHER_MODE_CTR; */
+ case ENCR_AES_CTR:
+ mode = GCRY_CIPHER_MODE_CTR;
/* fall */
case ENCR_AES_CBC:
switch (key_size)
{
+ case 0:
case 16:
gcrypt_alg = GCRY_CIPHER_AES128;
break;
@@ -174,13 +220,14 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
return NULL;
}
break;
- /* case ENCR_CAMELLIA_CTR:
- mode = GCRY_CIPHER_MODE_CTR; */
+ case ENCR_CAMELLIA_CTR:
+ mode = GCRY_CIPHER_MODE_CTR;
/* fall */
case ENCR_CAMELLIA_CBC:
switch (key_size)
{
#ifdef HAVE_GCRY_CIPHER_CAMELLIA
+ case 0:
case 16:
gcrypt_alg = GCRY_CIPHER_CAMELLIA128;
break;
@@ -198,6 +245,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
case ENCR_SERPENT_CBC:
switch (key_size)
{
+ case 0:
case 16:
gcrypt_alg = GCRY_CIPHER_SERPENT128;
break;
@@ -214,6 +262,7 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
case ENCR_TWOFISH_CBC:
switch (key_size)
{
+ case 0:
case 16:
gcrypt_alg = GCRY_CIPHER_TWOFISH128;
break;
@@ -228,9 +277,22 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
return NULL;
}
- this = malloc_thing(private_gcrypt_crypter_t);
+ INIT(this,
+ .public = {
+ .crypter = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .alg = gcrypt_alg,
+ .ctr_mode = mode == GCRY_CIPHER_MODE_CTR,
+ );
- this->alg = gcrypt_alg;
err = gcry_cipher_open(&this->h, gcrypt_alg, mode, 0);
if (err)
{
@@ -239,14 +301,6 @@ gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
free(this);
return NULL;
}
-
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *))encrypt;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *))decrypt;
- this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *))get_block_size;
- this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *))get_key_size;
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t))set_key;
- this->public.crypter_interface.destroy = (void (*) (crypter_t *))destroy;
-
return &this->public;
}
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h
index ce0ead4a8..e565e28c7 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h
@@ -33,7 +33,7 @@ struct gcrypt_crypter_t {
/**
* The crypter_t interface.
*/
- crypter_t crypter_interface;
+ crypter_t crypter;
};
/**
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
index 08d6239ad..6c4665da2 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
@@ -73,10 +73,8 @@ struct private_gcrypt_dh_t {
size_t p_len;
};
-/**
- * Implementation of gcrypt_dh_t.set_other_public_value.
- */
-static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value)
+METHOD(diffie_hellman_t, set_other_public_value, void,
+ private_gcrypt_dh_t *this, chunk_t value)
{
gcry_mpi_t p_min_1;
gcry_error_t err;
@@ -134,18 +132,14 @@ static chunk_t export_mpi(gcry_mpi_t value, size_t len)
return chunk;
}
-/**
- * Implementation of gcrypt_dh_t.get_my_public_value.
- */
-static void get_my_public_value(private_gcrypt_dh_t *this, chunk_t *value)
+METHOD(diffie_hellman_t, get_my_public_value, void,
+ private_gcrypt_dh_t *this, chunk_t *value)
{
*value = export_mpi(this->ya, this->p_len);
}
-/**
- * Implementation of gcrypt_dh_t.get_shared_secret.
- */
-static status_t get_shared_secret(private_gcrypt_dh_t *this, chunk_t *secret)
+METHOD(diffie_hellman_t, get_shared_secret, status_t,
+ private_gcrypt_dh_t *this, chunk_t *secret)
{
if (!this->zz)
{
@@ -155,18 +149,14 @@ static status_t get_shared_secret(private_gcrypt_dh_t *this, chunk_t *secret)
return SUCCESS;
}
-/**
- * Implementation of gcrypt_dh_t.get_dh_group.
- */
-static diffie_hellman_group_t get_dh_group(private_gcrypt_dh_t *this)
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_gcrypt_dh_t *this)
{
return this->group;
}
-/**
- * Implementation of gcrypt_dh_t.destroy.
- */
-static void destroy(private_gcrypt_dh_t *this)
+METHOD(diffie_hellman_t, destroy, void,
+ private_gcrypt_dh_t *this)
{
gcry_mpi_release(this->p);
gcry_mpi_release(this->xa);
@@ -178,42 +168,37 @@ static void destroy(private_gcrypt_dh_t *this)
}
/*
- * Described in header.
+ * Generic internal constructor
*/
-gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
+gcrypt_dh_t *create_generic(diffie_hellman_group_t group, size_t exp_len,
+ chunk_t g, chunk_t p)
{
private_gcrypt_dh_t *this;
- diffie_hellman_params_t *params;
gcry_error_t err;
chunk_t random;
rng_t *rng;
- params = diffie_hellman_get_params(group);
- if (!params)
- {
- return NULL;
- }
-
- this = malloc_thing(private_gcrypt_dh_t);
-
- this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
- this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
- this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
- this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
- this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
-
- this->group = group;
- this->p_len = params->prime.len;
- err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG,
- params->prime.ptr, params->prime.len, NULL);
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ .group = group,
+ .p_len = p.len,
+ );
+ err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG, p.ptr, p.len, NULL);
if (err)
{
DBG1(DBG_LIB, "importing mpi modulus failed: %s", gpg_strerror(err));
free(this);
return NULL;
}
- err = gcry_mpi_scan(&this->g, GCRYMPI_FMT_USG,
- params->generator.ptr, params->generator.len, NULL);
+ err = gcry_mpi_scan(&this->g, GCRYMPI_FMT_USG, g.ptr, g.len, NULL);
if (err)
{
DBG1(DBG_LIB, "importing mpi generator failed: %s", gpg_strerror(err));
@@ -225,7 +210,7 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (rng)
{ /* prefer external randomizer */
- rng->allocate_bytes(rng, params->exp_len, &random);
+ rng->allocate_bytes(rng, exp_len, &random);
rng->destroy(rng);
err = gcry_mpi_scan(&this->xa, GCRYMPI_FMT_USG,
random.ptr, random.len, NULL);
@@ -241,21 +226,49 @@ gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
}
else
{ /* fallback to gcrypt internal randomizer, shouldn't ever happen */
- this->xa = gcry_mpi_new(params->exp_len * 8);
- gcry_mpi_randomize(this->xa, params->exp_len * 8, GCRY_STRONG_RANDOM);
+ this->xa = gcry_mpi_new(exp_len * 8);
+ gcry_mpi_randomize(this->xa, exp_len * 8, GCRY_STRONG_RANDOM);
}
- if (params->exp_len == this->p_len)
+ if (exp_len == this->p_len)
{
/* achieve bitsof(p)-1 by setting MSB to 0 */
- gcry_mpi_clear_bit(this->xa, params->exp_len * 8 - 1);
+ gcry_mpi_clear_bit(this->xa, exp_len * 8 - 1);
}
this->ya = gcry_mpi_new(this->p_len * 8);
- this->yb = NULL;
- this->zz = NULL;
gcry_mpi_powm(this->ya, this->g, this->xa, this->p);
return &this->public;
}
+
+/*
+ * Described in header.
+ */
+gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
+{
+
+ diffie_hellman_params_t *params;
+
+ params = diffie_hellman_get_params(group);
+ if (!params)
+ {
+ return NULL;
+ }
+ return create_generic(group, params->exp_len,
+ params->generator, params->prime);
+}
+
+/*
+ * Described in header.
+ */
+gcrypt_dh_t *gcrypt_dh_create_custom(diffie_hellman_group_t group,
+ chunk_t g, chunk_t p)
+{
+ if (group == MODP_CUSTOM)
+ {
+ return create_generic(group, p.len, g, p);
+ }
+ return NULL;
+}
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
index 95b68dcd0..a70958dc4 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
@@ -44,5 +44,16 @@ struct gcrypt_dh_t {
*/
gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group);
+/**
+ * Creates a new gcrypt_dh_t object for MODP_CUSTOM.
+ *
+ * @param group MODP_CUSTOM
+ * @param g generator
+ * @param p prime
+ * @return gcrypt_dh_t object, NULL if not supported
+ */
+gcrypt_dh_t *gcrypt_dh_create_custom(diffie_hellman_group_t group,
+ chunk_t g, chunk_t p);
+
#endif /** GCRYPT_DH_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
index 39609c16c..96c87614f 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
@@ -37,27 +37,20 @@ struct private_gcrypt_hasher_t {
gcry_md_hd_t hd;
};
-/**
- * Implementation of hasher_t.get_hash_size.
- */
-static size_t get_hash_size(private_gcrypt_hasher_t *this)
+METHOD(hasher_t, get_hash_size, size_t,
+ private_gcrypt_hasher_t *this)
{
return gcry_md_get_algo_dlen(gcry_md_get_algo(this->hd));
}
-/**
- * Implementation of hasher_t.reset.
- */
-static void reset(private_gcrypt_hasher_t *this)
+METHOD(hasher_t, reset, void,
+ private_gcrypt_hasher_t *this)
{
gcry_md_reset(this->hd);
}
-/**
- * Implementation of hasher_t.get_hash.
- */
-static void get_hash(private_gcrypt_hasher_t *this, chunk_t chunk,
- u_int8_t *hash)
+METHOD(hasher_t, get_hash, void,
+ private_gcrypt_hasher_t *this, chunk_t chunk, u_int8_t *hash)
{
gcry_md_write(this->hd, chunk.ptr, chunk.len);
if (hash)
@@ -67,11 +60,8 @@ static void get_hash(private_gcrypt_hasher_t *this, chunk_t chunk,
}
}
-/**
- * Implementation of hasher_t.allocate_hash.
- */
-static void allocate_hash(private_gcrypt_hasher_t *this, chunk_t chunk,
- chunk_t *hash)
+METHOD(hasher_t, allocate_hash, void,
+ private_gcrypt_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
@@ -84,10 +74,8 @@ static void allocate_hash(private_gcrypt_hasher_t *this, chunk_t chunk,
}
}
-/**
- * Implementation of hasher_t.destroy.
- */
-static void destroy (private_gcrypt_hasher_t *this)
+METHOD(hasher_t, destroy, void,
+ private_gcrypt_hasher_t *this)
{
gcry_md_close(this->hd);
free(this);
@@ -132,7 +120,17 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo)
return NULL;
}
- this = malloc_thing(private_gcrypt_hasher_t);
+ INIT(this,
+ .public = {
+ .hasher = {
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .get_hash_size = _get_hash_size,
+ .reset = _reset,
+ .destroy = _destroy,
+ },
+ },
+ );
err = gcry_md_open(&this->hd, gcrypt_alg, 0);
if (err)
@@ -143,12 +141,6 @@ gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo)
return NULL;
}
- this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash;
- this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash;
- this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size;
- this->public.hasher_interface.reset = (void (*) (hasher_t*))reset;
- this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy;
-
return &this->public;
}
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h
index 708ccaafb..a7542bcdd 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h
@@ -33,7 +33,7 @@ struct gcrypt_hasher_t {
/**
* The hasher_t interface.
*/
- hasher_t hasher_interface;
+ hasher_t hasher;
};
/**
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
index 039036b2c..590add5c8 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -93,10 +93,8 @@ static struct gcry_thread_cbs thread_functions = {
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
-/**
- * Implementation of gcrypt_plugin_t.destroy
- */
-static void destroy(private_gcrypt_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_gcrypt_plugin_t *this)
{
lib->crypto->remove_hasher(lib->crypto,
(hasher_constructor_t)gcrypt_hasher_create);
@@ -106,6 +104,8 @@ static void destroy(private_gcrypt_plugin_t *this)
(rng_constructor_t)gcrypt_rng_create);
lib->crypto->remove_dh(lib->crypto,
(dh_constructor_t)gcrypt_dh_create);
+ lib->crypto->remove_dh(lib->crypto,
+ (dh_constructor_t)gcrypt_dh_create_custom);
lib->creds->remove_builder(lib->creds,
(builder_function_t)gcrypt_rsa_private_key_gen);
lib->creds->remove_builder(lib->creds,
@@ -139,9 +139,13 @@ plugin_t *gcrypt_plugin_create()
}
gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
- this = malloc_thing(private_gcrypt_plugin_t);
-
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
/* hashers */
lib->crypto->add_hasher(lib->crypto, HASH_SHA1,
@@ -172,8 +176,14 @@ plugin_t *gcrypt_plugin_create()
(crypter_constructor_t)gcrypt_crypter_create);
lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
(crypter_constructor_t)gcrypt_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR,
+ (crypter_constructor_t)gcrypt_crypter_create);
+#ifdef HAVE_GCRY_CIPHER_CAMELLIA
lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC,
(crypter_constructor_t)gcrypt_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR,
+ (crypter_constructor_t)gcrypt_crypter_create);
+#endif /* HAVE_GCRY_CIPHER_CAMELLIA */
lib->crypto->add_crypter(lib->crypto, ENCR_SERPENT_CBC,
(crypter_constructor_t)gcrypt_crypter_create);
lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC,
@@ -210,13 +220,15 @@ plugin_t *gcrypt_plugin_create()
(dh_constructor_t)gcrypt_dh_create);
lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
(dh_constructor_t)gcrypt_dh_create);
+ lib->crypto->add_dh(lib->crypto, MODP_CUSTOM,
+ (dh_constructor_t)gcrypt_dh_create_custom);
/* RSA */
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
(builder_function_t)gcrypt_rsa_private_key_gen);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE,
(builder_function_t)gcrypt_rsa_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE,
(builder_function_t)gcrypt_rsa_public_key_load);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
index d0d252572..d29755de9 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
@@ -35,11 +35,8 @@ struct private_gcrypt_rng_t {
rng_quality_t quality;
};
-/**
- * Implementation of gcrypt_rng_t.get_bytes.
- */
-static void get_bytes(private_gcrypt_rng_t *this, size_t bytes,
- u_int8_t *buffer)
+METHOD(rng_t, get_bytes, void,
+ private_gcrypt_rng_t *this, size_t bytes, u_int8_t *buffer)
{
switch (this->quality)
{
@@ -55,20 +52,15 @@ static void get_bytes(private_gcrypt_rng_t *this, size_t bytes,
}
}
-/**
- * Implementation of gcrypt_rng_t.allocate_bytes.
- */
-static void allocate_bytes(private_gcrypt_rng_t *this, size_t bytes,
- chunk_t *chunk)
+METHOD(rng_t, allocate_bytes, void,
+ private_gcrypt_rng_t *this, size_t bytes, chunk_t *chunk)
{
*chunk = chunk_alloc(bytes);
get_bytes(this, chunk->len, chunk->ptr);
}
-/**
- * Implementation of gcrypt_rng_t.destroy.
- */
-static void destroy(private_gcrypt_rng_t *this)
+METHOD(rng_t, destroy, void,
+ private_gcrypt_rng_t *this)
{
free(this);
}
@@ -90,13 +82,16 @@ gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality)
return NULL;
}
- this = malloc_thing(private_gcrypt_rng_t);
-
- this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes;
- this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes;
- this->public.rng.destroy = (void (*) (rng_t *))destroy;
-
- this->quality = quality;
+ INIT(this,
+ .public = {
+ .rng = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .destroy = _destroy,
+ },
+ },
+ .quality = quality,
+ );
return &this->public;
}
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index b8e86aba0..38ce2cd6c 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -192,19 +192,15 @@ static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this,
return !!signature->len;
}
-/**
- * Implementation of gcrypt_rsa_private_key.destroy.
- */
-static key_type_t get_type(private_gcrypt_rsa_private_key_t *this)
+METHOD(private_key_t, get_type, key_type_t,
+ private_gcrypt_rsa_private_key_t *this)
{
return KEY_RSA;
}
-/**
- * Implementation of gcrypt_rsa_private_key.destroy.
- */
-static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *sig)
+METHOD(private_key_t, sign, bool,
+ private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *sig)
{
switch (scheme)
{
@@ -229,17 +225,21 @@ static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t sche
}
}
-/**
- * Implementation of gcrypt_rsa_private_key.destroy.
- */
-static bool decrypt(private_gcrypt_rsa_private_key_t *this,
- chunk_t encrypted, chunk_t *plain)
+METHOD(private_key_t, decrypt, bool,
+ private_gcrypt_rsa_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t encrypted, chunk_t *plain)
{
gcry_error_t err;
gcry_sexp_t in, out;
chunk_t padded;
u_char *pos = NULL;;
+ if (scheme != ENCRYPT_RSA_PKCS1)
+ {
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
err = gcry_sexp_build(&in, NULL, "(enc-val(flags)(rsa(a %b)))",
encrypted.len, encrypted.ptr);
if (err)
@@ -277,18 +277,14 @@ static bool decrypt(private_gcrypt_rsa_private_key_t *this,
return TRUE;
}
-/**
- * Implementation of gcrypt_rsa_private_key.get_keysize.
- */
-static size_t get_keysize(private_gcrypt_rsa_private_key_t *this)
+METHOD(private_key_t, get_keysize, int,
+ private_gcrypt_rsa_private_key_t *this)
{
- return gcry_pk_get_nbits(this->key) / 8;
+ return gcry_pk_get_nbits(this->key);
}
-/**
- * Implementation of gcrypt_rsa_private_key.get_public_key.
- */
-static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this)
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_gcrypt_rsa_private_key_t *this)
{
chunk_t n, e;
public_key_t *public;
@@ -304,11 +300,9 @@ static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this)
return public;
}
-/**
- * Implementation of private_key_t.get_encoding
- */
-static bool get_encoding(private_gcrypt_rsa_private_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(private_key_t, get_encoding, bool,
+ private_gcrypt_rsa_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
chunk_t cn, ce, cp, cq, cd, cu, cexp1 = chunk_empty, cexp2 = chunk_empty;
gcry_mpi_t p = NULL, q = NULL, d = NULL, exp1, exp2;
@@ -385,11 +379,9 @@ static bool get_encoding(private_gcrypt_rsa_private_key_t *this,
return success;
}
-/**
- * Implementation of private_key_t.get_fingerprint
- */
-static bool get_fingerprint(private_gcrypt_rsa_private_key_t *this,
- cred_encoding_type_t type, chunk_t *fp)
+METHOD(private_key_t, get_fingerprint, bool,
+ private_gcrypt_rsa_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *fp)
{
chunk_t n, e;
bool success;
@@ -409,19 +401,15 @@ static bool get_fingerprint(private_gcrypt_rsa_private_key_t *this,
return success;
}
-/**
- * Implementation of gcrypt_rsa_private_key.get_ref.
- */
-static private_key_t* get_ref(private_gcrypt_rsa_private_key_t *this)
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_gcrypt_rsa_private_key_t *this)
{
ref_get(&this->ref);
- return &this->public.interface;
+ return &this->public.key;
}
-/**
- * Implementation of gcrypt_rsa_private_key.destroy.
- */
-static void destroy(private_gcrypt_rsa_private_key_t *this)
+METHOD(private_key_t, destroy, void,
+ private_gcrypt_rsa_private_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -434,25 +422,29 @@ static void destroy(private_gcrypt_rsa_private_key_t *this)
/**
* Internal generic constructor
*/
-static private_gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_create_empty()
+static private_gcrypt_rsa_private_key_t *create_empty()
{
- private_gcrypt_rsa_private_key_t *this = malloc_thing(private_gcrypt_rsa_private_key_t);
-
- this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
- this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
- this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
- this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
- this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
- this->public.interface.equals = private_key_equals;
- this->public.interface.belongs_to = private_key_belongs_to;
- this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
-
- this->key = NULL;
- this->ref = 1;
+ private_gcrypt_rsa_private_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
return this;
}
@@ -493,7 +485,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_gen(key_type_t type,
DBG1(DBG_LIB, "building S-expression failed: %s", gpg_strerror(err));
return NULL;
}
- this = gcrypt_rsa_private_key_create_empty();
+ this = create_empty();
err = gcry_pk_genkey(&this->key, param);
gcry_sexp_release(param);
if (err)
@@ -552,7 +544,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type,
break;
}
- this = gcrypt_rsa_private_key_create_empty();
+ this = create_empty();
err = gcry_sexp_build(&this->key, NULL,
"(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))",
n.len, n.ptr, e.len, e.ptr, d.len, d.ptr,
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h
index 4c3605f4b..0f3d66b80 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h
@@ -34,7 +34,7 @@ struct gcrypt_rsa_private_key_t {
/**
* Implements private_key_t interface
*/
- private_key_t interface;
+ private_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
index 80a91b976..f8645da97 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
@@ -159,19 +159,15 @@ static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this,
return TRUE;
}
-/**
- * Implementation of public_key_t.get_type.
- */
-static key_type_t get_type(private_gcrypt_rsa_public_key_t *this)
+METHOD(public_key_t, get_type, key_type_t,
+ private_gcrypt_rsa_public_key_t *this)
{
return KEY_RSA;
}
-/**
- * Implementation of public_key_t.verify.
- */
-static bool verify(private_gcrypt_rsa_public_key_t *this,
- signature_scheme_t scheme, chunk_t data, chunk_t signature)
+METHOD(public_key_t, verify, bool,
+ private_gcrypt_rsa_public_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t signature)
{
switch (scheme)
{
@@ -196,15 +192,19 @@ static bool verify(private_gcrypt_rsa_public_key_t *this,
}
}
-/**
- * Implementation of public_key_t.encrypt.
- */
-static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain,
- chunk_t *encrypted)
+METHOD(public_key_t, encrypt_, bool,
+ private_gcrypt_rsa_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t plain, chunk_t *encrypted)
{
gcry_sexp_t in, out;
gcry_error_t err;
+ if (scheme != ENCRYPT_RSA_PKCS1)
+ {
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
/* "pkcs1" uses PKCS 1.5 (section 8.1) block type 2 encryption:
* 00 | 02 | RANDOM | 00 | DATA */
err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(value %b))",
@@ -228,19 +228,15 @@ static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain,
return !!encrypted->len;
}
-/**
- * Implementation of public_key_t.get_keysize.
- */
-static size_t get_keysize(private_gcrypt_rsa_public_key_t *this)
+METHOD(public_key_t, get_keysize, int,
+ private_gcrypt_rsa_public_key_t *this)
{
- return gcry_pk_get_nbits(this->key) / 8;
+ return gcry_pk_get_nbits(this->key);
}
-/**
- * Implementation of private_key_t.get_encoding
- */
-static bool get_encoding(private_gcrypt_rsa_public_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(public_key_t, get_encoding, bool,
+ private_gcrypt_rsa_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
chunk_t n, e;
bool success;
@@ -256,11 +252,9 @@ static bool get_encoding(private_gcrypt_rsa_public_key_t *this,
return success;
}
-/**
- * Implementation of private_key_t.get_fingerprint
- */
-static bool get_fingerprint(private_gcrypt_rsa_public_key_t *this,
- cred_encoding_type_t type, chunk_t *fp)
+METHOD(public_key_t, get_fingerprint, bool,
+ private_gcrypt_rsa_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *fp)
{
chunk_t n, e;
bool success;
@@ -280,19 +274,15 @@ static bool get_fingerprint(private_gcrypt_rsa_public_key_t *this,
return success;
}
-/**
- * Implementation of public_key_t.get_ref.
- */
-static public_key_t* get_ref(private_gcrypt_rsa_public_key_t *this)
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_gcrypt_rsa_public_key_t *this)
{
ref_get(&this->ref);
- return &this->public.interface;
+ return &this->public.key;
}
-/**
- * Implementation of gcrypt_rsa_public_key.destroy.
- */
-static void destroy(private_gcrypt_rsa_public_key_t *this)
+METHOD(public_key_t, destroy, void,
+ private_gcrypt_rsa_public_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -331,21 +321,23 @@ gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_load(key_type_t type,
break;
}
- this = malloc_thing(private_gcrypt_rsa_public_key_t);
-
- this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
- this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
- this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_;
- this->public.interface.equals = public_key_equals;
- this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
- this->public.interface.get_fingerprint = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(public_key_t *this))destroy;
-
- this->key = NULL;
- this->ref = 1;
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt_,
+ .equals = public_key_equals,
+ .get_keysize = _get_keysize,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
err = gcry_sexp_build(&this->key, NULL, "(public-key(rsa(n %b)(e %b)))",
n.len, n.ptr, e.len, e.ptr);
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h
index fa18c357b..ca0a284a2 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h
@@ -34,7 +34,7 @@ struct gcrypt_rsa_public_key_t {
/**
* Implements the public_key_t interface
*/
- public_key_t interface;
+ public_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index bd7100b27..b4ec1ed8d 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -196,14 +199,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -243,7 +256,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
index 4ee449890..e99502b27 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
@@ -85,10 +85,8 @@ struct private_gmp_diffie_hellman_t {
bool computed;
};
-/**
- * Implementation of gmp_diffie_hellman_t.set_other_public_value.
- */
-static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t value)
+METHOD(diffie_hellman_t, set_other_public_value, void,
+ private_gmp_diffie_hellman_t *this, chunk_t value)
{
mpz_t p_min_1;
@@ -146,10 +144,8 @@ static void set_other_public_value(private_gmp_diffie_hellman_t *this, chunk_t v
mpz_clear(p_min_1);
}
-/**
- * Implementation of gmp_diffie_hellman_t.get_my_public_value.
- */
-static void get_my_public_value(private_gmp_diffie_hellman_t *this,chunk_t *value)
+METHOD(diffie_hellman_t, get_my_public_value, void,
+ private_gmp_diffie_hellman_t *this,chunk_t *value)
{
value->len = this->p_len;
value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->ya);
@@ -159,10 +155,8 @@ static void get_my_public_value(private_gmp_diffie_hellman_t *this,chunk_t *valu
}
}
-/**
- * Implementation of gmp_diffie_hellman_t.get_shared_secret.
- */
-static status_t get_shared_secret(private_gmp_diffie_hellman_t *this, chunk_t *secret)
+METHOD(diffie_hellman_t, get_shared_secret, status_t,
+ private_gmp_diffie_hellman_t *this, chunk_t *secret)
{
if (!this->computed)
{
@@ -177,18 +171,14 @@ static status_t get_shared_secret(private_gmp_diffie_hellman_t *this, chunk_t *s
return SUCCESS;
}
-/**
- * Implementation of gmp_diffie_hellman_t.get_dh_group.
- */
-static diffie_hellman_group_t get_dh_group(private_gmp_diffie_hellman_t *this)
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_gmp_diffie_hellman_t *this)
{
return this->group;
}
-/**
- * Implementation of gmp_diffie_hellman_t.destroy.
- */
-static void destroy(private_gmp_diffie_hellman_t *this)
+METHOD(diffie_hellman_t, destroy, void,
+ private_gmp_diffie_hellman_t *this)
{
mpz_clear(this->p);
mpz_clear(this->xa);
@@ -199,44 +189,38 @@ static void destroy(private_gmp_diffie_hellman_t *this)
free(this);
}
-/*
- * Described in header.
+/**
+ * Generic internal constructor
*/
-gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
+static gmp_diffie_hellman_t *create_generic(diffie_hellman_group_t group,
+ size_t exp_len, chunk_t g, chunk_t p)
{
private_gmp_diffie_hellman_t *this;
- diffie_hellman_params_t *params;
- rng_t *rng;
chunk_t random;
+ rng_t *rng;
- params = diffie_hellman_get_params(group);
- if (!params)
- {
- return NULL;
- }
-
- this = malloc_thing(private_gmp_diffie_hellman_t);
-
- /* public functions */
- this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
- this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
- this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
- this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
- this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ .group = group,
+ .p_len = p.len,
+ );
- /* private variables */
- this->group = group;
mpz_init(this->p);
mpz_init(this->yb);
mpz_init(this->ya);
mpz_init(this->xa);
mpz_init(this->zz);
mpz_init(this->g);
-
- this->computed = FALSE;
- this->p_len = params->prime.len;
- mpz_import(this->p, params->prime.len, 1, 1, 1, 0, params->prime.ptr);
- mpz_import(this->g, params->generator.len, 1, 1, 1, 0, params->generator.ptr);
+ mpz_import(this->g, g.len, 1, 1, 1, 0, g.ptr);
+ mpz_import(this->p, p.len, 1, 1, 1, 0, p.ptr);
rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
if (!rng)
@@ -247,10 +231,10 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
return NULL;
}
- rng->allocate_bytes(rng, params->exp_len, &random);
+ rng->allocate_bytes(rng, exp_len, &random);
rng->destroy(rng);
- if (params->exp_len == this->p_len)
+ if (exp_len == this->p_len)
{
/* achieve bitsof(p)-1 by setting MSB to 0 */
*random.ptr &= 0x7F;
@@ -265,3 +249,29 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
return &this->public;
}
+/*
+ * Described in header.
+ */
+gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
+{
+ diffie_hellman_params_t *params;
+
+ params = diffie_hellman_get_params(group);
+ if (!params)
+ {
+ return NULL;
+ }
+ return create_generic(group, params->exp_len,
+ params->generator, params->prime);
+}
+
+
+gmp_diffie_hellman_t *gmp_diffie_hellman_create_custom(
+ diffie_hellman_group_t group, chunk_t g, chunk_t p)
+{
+ if (group == MODP_CUSTOM)
+ {
+ return create_generic(MODP_CUSTOM, p.len, g, p);
+ }
+ return NULL;
+}
diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
index 2a54eebb1..6d73c0863 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.h
@@ -45,5 +45,16 @@ struct gmp_diffie_hellman_t {
*/
gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group);
+/**
+ * Creates a new gmp_diffie_hellman_t object for MODP_CUSTOM.
+ *
+ * @param group MODP_CUSTOM
+ * @param g generator
+ * @param p prime
+ * @return gmp_diffie_hellman_t object, NULL if not supported
+ */
+gmp_diffie_hellman_t *gmp_diffie_hellman_create_custom(
+ diffie_hellman_group_t group, chunk_t g, chunk_t p);
+
#endif /** GMP_DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c
index fbce9732f..9b4fad3da 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.c
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c
@@ -33,13 +33,13 @@ struct private_gmp_plugin_t {
gmp_plugin_t public;
};
-/**
- * Implementation of gmp_plugin_t.gmptroy
- */
-static void destroy(private_gmp_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_gmp_plugin_t *this)
{
lib->crypto->remove_dh(lib->crypto,
(dh_constructor_t)gmp_diffie_hellman_create);
+ lib->crypto->remove_dh(lib->crypto,
+ (dh_constructor_t)gmp_diffie_hellman_create_custom);
lib->creds->remove_builder(lib->creds,
(builder_function_t)gmp_rsa_private_key_gen);
lib->creds->remove_builder(lib->creds,
@@ -54,9 +54,15 @@ static void destroy(private_gmp_plugin_t *this)
*/
plugin_t *gmp_plugin_create()
{
- private_gmp_plugin_t *this = malloc_thing(private_gmp_plugin_t);
+ private_gmp_plugin_t *this;
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
@@ -81,11 +87,14 @@ plugin_t *gmp_plugin_create()
lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
(dh_constructor_t)gmp_diffie_hellman_create);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->crypto->add_dh(lib->crypto, MODP_CUSTOM,
+ (dh_constructor_t)gmp_diffie_hellman_create_custom);
+
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
(builder_function_t)gmp_rsa_private_key_gen);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE,
(builder_function_t)gmp_rsa_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE,
(builder_function_t)gmp_rsa_public_key_load);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index cc9985320..1b6c20817 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -209,7 +209,7 @@ static chunk_t rsasp1(private_gmp_rsa_private_key_t *this, chunk_t data)
}
/**
- * Implementation of gmp_rsa_private_key_t.build_emsa_pkcs1_signature.
+ * Build a signature using the PKCS#1 EMSA scheme
*/
static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
hash_algorithm_t hash_algorithm,
@@ -250,7 +250,7 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
{
free(digestInfo.ptr);
DBG1(DBG_LIB, "unable to sign %d bytes using a %dbit key", data.len,
- this->k * 8);
+ mpz_sizeinbase(this->n, 2));
return FALSE;
}
@@ -280,19 +280,15 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
return TRUE;
}
-/**
- * Implementation of gmp_rsa_private_key.get_type.
- */
-static key_type_t get_type(private_gmp_rsa_private_key_t *this)
+METHOD(private_key_t, get_type, key_type_t,
+ private_gmp_rsa_private_key_t *this)
{
return KEY_RSA;
}
-/**
- * Implementation of gmp_rsa_private_key.sign.
- */
-static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+METHOD(private_key_t, sign, bool,
+ private_gmp_rsa_private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *signature)
{
switch (scheme)
{
@@ -317,15 +313,19 @@ static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme,
}
}
-/**
- * Implementation of gmp_rsa_private_key.decrypt.
- */
-static bool decrypt(private_gmp_rsa_private_key_t *this, chunk_t crypto,
- chunk_t *plain)
+METHOD(private_key_t, decrypt, bool,
+ private_gmp_rsa_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
{
chunk_t em, stripped;
bool success = FALSE;
+ if (scheme != ENCRYPT_RSA_PKCS1)
+ {
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
/* rsa decryption using PKCS#1 RSADP */
stripped = em = rsadp(this, crypto);
@@ -356,18 +356,14 @@ end:
return success;
}
-/**
- * Implementation of gmp_rsa_private_key.get_keysize.
- */
-static size_t get_keysize(private_gmp_rsa_private_key_t *this)
+METHOD(private_key_t, get_keysize, int,
+ private_gmp_rsa_private_key_t *this)
{
- return this->k;
+ return mpz_sizeinbase(this->n, 2);
}
-/**
- * Implementation of gmp_rsa_private_key.get_public_key.
- */
-static public_key_t* get_public_key(private_gmp_rsa_private_key_t *this)
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_gmp_rsa_private_key_t *this)
{
chunk_t n, e;
public_key_t *public;
@@ -383,27 +379,9 @@ static public_key_t* get_public_key(private_gmp_rsa_private_key_t *this)
return public;
}
-/**
- * Implementation of gmp_rsa_private_key.equals.
- */
-static bool equals(private_gmp_rsa_private_key_t *this, private_key_t *other)
-{
- return private_key_equals(&this->public.interface, other);
-}
-
-/**
- * Implementation of gmp_rsa_private_key.belongs_to.
- */
-static bool belongs_to(private_gmp_rsa_private_key_t *this, public_key_t *public)
-{
- return private_key_belongs_to(&this->public.interface, public);
-}
-
-/**
- * Implementation of private_key_t.get_encoding
- */
-static bool get_encoding(private_gmp_rsa_private_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(private_key_t, get_encoding, bool,
+ private_gmp_rsa_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
chunk_t n, e, d, p, q, exp1, exp2, coeff;
bool success;
@@ -435,11 +413,8 @@ static bool get_encoding(private_gmp_rsa_private_key_t *this,
return success;
}
-/**
- * Implementation of private_key_t.get_fingerprint
- */
-static bool get_fingerprint(private_gmp_rsa_private_key_t *this,
- cred_encoding_type_t type, chunk_t *fp)
+METHOD(private_key_t, get_fingerprint, bool,
+ private_gmp_rsa_private_key_t *this, cred_encoding_type_t type, chunk_t *fp)
{
chunk_t n, e;
bool success;
@@ -459,19 +434,15 @@ static bool get_fingerprint(private_gmp_rsa_private_key_t *this,
return success;
}
-/**
- * Implementation of gmp_rsa_private_key.get_ref.
- */
-static private_gmp_rsa_private_key_t* get_ref(private_gmp_rsa_private_key_t *this)
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_gmp_rsa_private_key_t *this)
{
ref_get(&this->ref);
- return this;
+ return &this->public.key;
}
-/**
- * Implementation of gmp_rsa_private_key.destroy.
- */
-static void destroy(private_gmp_rsa_private_key_t *this)
+METHOD(private_key_t, destroy, void,
+ private_gmp_rsa_private_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -592,23 +563,27 @@ static status_t check(private_gmp_rsa_private_key_t *this)
*/
static private_gmp_rsa_private_key_t *gmp_rsa_private_key_create_empty(void)
{
- private_gmp_rsa_private_key_t *this = malloc_thing(private_gmp_rsa_private_key_t);
-
- this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type;
- this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign;
- this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt;
- this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize;
- this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key;
- this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals;
- this->public.interface.belongs_to = (bool (*) (private_key_t*, public_key_t*))belongs_to;
- this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref;
- this->public.interface.destroy = (void (*) (private_key_t*))destroy;
-
- this->ref = 1;
+ private_gmp_rsa_private_key_t *this;
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
return this;
}
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h
index db1fcf535..32e1f292c 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.h
@@ -34,7 +34,7 @@ struct gmp_rsa_private_key_t {
/**
* Implements private_key_t interface
*/
- private_key_t interface;
+ private_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index c114ae80d..a7ba80138 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -273,19 +273,15 @@ end:
return success;
}
-/**
- * Implementation of public_key_t.get_type.
- */
-static key_type_t get_type(private_gmp_rsa_public_key_t *this)
+METHOD(public_key_t, get_type, key_type_t,
+ private_gmp_rsa_public_key_t *this)
{
return KEY_RSA;
}
-/**
- * Implementation of public_key_t.verify.
- */
-static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t signature)
+METHOD(public_key_t, verify, bool,
+ private_gmp_rsa_public_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t signature)
{
switch (scheme)
{
@@ -312,24 +308,21 @@ static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme
#define MIN_PS_PADDING 8
-/**
- * Implementation of public_key_t.encrypt.
- */
-static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
- chunk_t *crypto)
+METHOD(public_key_t, encrypt_, bool,
+ private_gmp_rsa_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t plain, chunk_t *crypto)
{
chunk_t em;
u_char *pos;
int padding, i;
rng_t *rng;
- rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
- if (rng == NULL)
+ if (scheme != ENCRYPT_RSA_PKCS1)
{
- DBG1(DBG_LIB, "no random generator available");
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
return FALSE;
}
-
/* number of pseudo-random padding octets */
padding = this->k - plain.len - 3;
if (padding < MIN_PS_PADDING)
@@ -338,6 +331,12 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
MIN_PS_PADDING);
return FALSE;
}
+ rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+ if (rng == NULL)
+ {
+ DBG1(DBG_LIB, "no random generator available");
+ return FALSE;
+ }
/* padding according to PKCS#1 7.2.1 (RSAES-PKCS1-v1.5-ENCRYPT) */
DBG2(DBG_LIB, "padding %u bytes of data to the rsa modulus size of"
@@ -376,27 +375,15 @@ static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
return TRUE;
}
-/**
- * Implementation of gmp_rsa_public_key.equals.
- */
-static bool equals(private_gmp_rsa_public_key_t *this, public_key_t *other)
-{
- return public_key_equals(&this->public.interface, other);
-}
-
-/**
- * Implementation of public_key_t.get_keysize.
- */
-static size_t get_keysize(private_gmp_rsa_public_key_t *this)
+METHOD(public_key_t, get_keysize, int,
+ private_gmp_rsa_public_key_t *this)
{
- return this->k;
+ return mpz_sizeinbase(this->n, 2);
}
-/**
- * Implementation of public_key_t.get_encoding
- */
-static bool get_encoding(private_gmp_rsa_public_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(public_key_t, get_encoding, bool,
+ private_gmp_rsa_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
chunk_t n, e;
bool success;
@@ -412,11 +399,8 @@ static bool get_encoding(private_gmp_rsa_public_key_t *this,
return success;
}
-/**
- * Implementation of public_key_t.get_fingerprint
- */
-static bool get_fingerprint(private_gmp_rsa_public_key_t *this,
- cred_encoding_type_t type, chunk_t *fp)
+METHOD(public_key_t, get_fingerprint, bool,
+ private_gmp_rsa_public_key_t *this, cred_encoding_type_t type, chunk_t *fp)
{
chunk_t n, e;
bool success;
@@ -436,19 +420,15 @@ static bool get_fingerprint(private_gmp_rsa_public_key_t *this,
return success;
}
-/**
- * Implementation of public_key_t.get_ref.
- */
-static private_gmp_rsa_public_key_t* get_ref(private_gmp_rsa_public_key_t *this)
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_gmp_rsa_public_key_t *this)
{
ref_get(&this->ref);
- return this;
+ return &this->public.key;
}
-/**
- * Implementation of gmp_rsa_public_key.destroy.
- */
-static void destroy(private_gmp_rsa_public_key_t *this)
+METHOD(public_key_t, destroy, void,
+ private_gmp_rsa_public_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -490,20 +470,23 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_load(key_type_t type, va_list args)
return NULL;
}
- this = malloc_thing(private_gmp_rsa_public_key_t);
-
- this->public.interface.get_type = (key_type_t (*) (public_key_t*))get_type;
- this->public.interface.verify = (bool (*) (public_key_t*, signature_scheme_t, chunk_t, chunk_t))verify;
- this->public.interface.encrypt = (bool (*) (public_key_t*, chunk_t, chunk_t*))encrypt_;
- this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals;
- this->public.interface.get_keysize = (size_t (*) (public_key_t*))get_keysize;
- this->public.interface.get_fingerprint = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (public_key_t* (*) (public_key_t *this))get_ref;
- this->public.interface.destroy = (void (*) (public_key_t *this))destroy;
-
- this->ref = 1;
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt_,
+ .equals = public_key_equals,
+ .get_keysize = _get_keysize,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
mpz_init(this->n);
mpz_init(this->e);
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
index 807f0bb7c..14dd71e0b 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
@@ -35,7 +35,7 @@ struct gmp_rsa_public_key_t {
/**
* Implements the public_key_t interface
*/
- public_key_t interface;
+ public_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index b03ff44a6..42a7d3747 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -196,14 +199,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -243,7 +256,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c
index c1ab48899..c7b2739df 100644
--- a/src/libstrongswan/plugins/hmac/hmac.c
+++ b/src/libstrongswan/plugins/hmac/hmac.c
@@ -30,7 +30,7 @@ struct private_hmac_t {
/**
* Public hmac_t interface.
*/
- hmac_t hmac;
+ hmac_t public;
/**
* Block size, as in RFC.
@@ -53,10 +53,8 @@ struct private_hmac_t {
chunk_t ipaded_key;
};
-/**
- * Implementation of hmac_t.get_mac.
- */
-static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out)
+METHOD(hmac_t, get_mac, void,
+ private_hmac_t *this, chunk_t data, u_int8_t *out)
{
/* H(K XOR opad, H(K XOR ipad, text))
*
@@ -91,37 +89,31 @@ static void get_mac(private_hmac_t *this, chunk_t data, u_int8_t *out)
}
}
-/**
- * Implementation of hmac_t.allocate_mac.
- */
-static void allocate_mac(private_hmac_t *this, chunk_t data, chunk_t *out)
+METHOD(hmac_t, allocate_mac, void,
+ private_hmac_t *this, chunk_t data, chunk_t *out)
{
/* allocate space and use get_mac */
if (out == NULL)
{
/* append mode */
- this->hmac.get_mac(&(this->hmac), data, NULL);
+ get_mac(this, data, NULL);
}
else
{
out->len = this->h->get_hash_size(this->h);
out->ptr = malloc(out->len);
- this->hmac.get_mac(&(this->hmac), data, out->ptr);
+ get_mac(this, data, out->ptr);
}
}
-/**
- * Implementation of hmac_t.get_block_size.
- */
-static size_t get_block_size(private_hmac_t *this)
+METHOD(hmac_t, get_block_size, size_t,
+ private_hmac_t *this)
{
return this->h->get_hash_size(this->h);
}
-/**
- * Implementation of hmac_t.set_key.
- */
-static void set_key(private_hmac_t *this, chunk_t key)
+METHOD(hmac_t, set_key, void,
+ private_hmac_t *this, chunk_t key)
{
int i;
u_int8_t buffer[this->b];
@@ -151,10 +143,8 @@ static void set_key(private_hmac_t *this, chunk_t key)
this->h->get_hash(this->h, this->ipaded_key, NULL);
}
-/**
- * Implementation of hmac_t.destroy.
- */
-static void destroy(private_hmac_t *this)
+METHOD(hmac_t, destroy, void,
+ private_hmac_t *this)
{
this->h->destroy(this->h);
free(this->opaded_key.ptr);
@@ -167,14 +157,17 @@ static void destroy(private_hmac_t *this)
*/
hmac_t *hmac_create(hash_algorithm_t hash_algorithm)
{
- private_hmac_t *this = malloc_thing(private_hmac_t);
-
- /* set hmac_t methods */
- this->hmac.get_mac = (void (*)(hmac_t *,chunk_t,u_int8_t*))get_mac;
- this->hmac.allocate_mac = (void (*)(hmac_t *,chunk_t,chunk_t*))allocate_mac;
- this->hmac.get_block_size = (size_t (*)(hmac_t *))get_block_size;
- this->hmac.set_key = (void (*)(hmac_t *,chunk_t))set_key;
- this->hmac.destroy = (void (*)(hmac_t *))destroy;
+ private_hmac_t *this;
+
+ INIT(this,
+ .public = {
+ .get_mac = _get_mac,
+ .allocate_mac = _allocate_mac,
+ .get_block_size = _get_block_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ );
/* set b, according to hasher */
switch (hash_algorithm)
@@ -193,7 +186,6 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm)
return NULL;
}
- /* build the hasher */
this->h = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
if (this->h == NULL)
{
@@ -208,5 +200,5 @@ hmac_t *hmac_create(hash_algorithm_t hash_algorithm)
this->ipaded_key.ptr = malloc(this->b);
this->ipaded_key.len = this->b;
- return &(this->hmac);
+ return &this->public;
}
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c
index e6b9f7a74..73df4dc6c 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.c
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c
@@ -32,10 +32,8 @@ struct private_hmac_plugin_t {
hmac_plugin_t public;
};
-/**
- * Implementation of hmac_plugin_t.hmactroy
- */
-static void destroy(private_hmac_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_hmac_plugin_t *this)
{
lib->crypto->remove_prf(lib->crypto,
(prf_constructor_t)hmac_prf_create);
@@ -49,9 +47,15 @@ static void destroy(private_hmac_plugin_t *this)
*/
plugin_t *hmac_plugin_create()
{
- private_hmac_plugin_t *this = malloc_thing(private_hmac_plugin_t);
+ private_hmac_plugin_t *this;
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256,
(prf_constructor_t)hmac_prf_create);
@@ -72,12 +76,16 @@ plugin_t *hmac_plugin_create()
(signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128,
(signer_constructor_t)hmac_signer_create);
+ lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_256,
+ (signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96,
(signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128,
(signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192,
(signer_constructor_t)hmac_signer_create);
+ lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_384,
+ (signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256,
(signer_constructor_t)hmac_signer_create);
diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.c b/src/libstrongswan/plugins/hmac/hmac_prf.c
index cca6e9570..ca10612f9 100644
--- a/src/libstrongswan/plugins/hmac/hmac_prf.c
+++ b/src/libstrongswan/plugins/hmac/hmac_prf.c
@@ -36,51 +36,39 @@ struct private_hmac_prf_t {
hmac_t *hmac;
};
-/**
- * Implementation of prf_t.get_bytes.
- */
-static void get_bytes(private_hmac_prf_t *this, chunk_t seed, u_int8_t *buffer)
+METHOD(prf_t, get_bytes, void,
+ private_hmac_prf_t *this, chunk_t seed, u_int8_t *buffer)
{
this->hmac->get_mac(this->hmac, seed, buffer);
}
-/**
- * Implementation of prf_t.allocate_bytes.
- */
-static void allocate_bytes(private_hmac_prf_t *this, chunk_t seed, chunk_t *chunk)
+METHOD(prf_t, allocate_bytes, void,
+ private_hmac_prf_t *this, chunk_t seed, chunk_t *chunk)
{
this->hmac->allocate_mac(this->hmac, seed, chunk);
}
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_block_size(private_hmac_prf_t *this)
+METHOD(prf_t, get_block_size, size_t,
+ private_hmac_prf_t *this)
{
return this->hmac->get_block_size(this->hmac);
}
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_key_size(private_hmac_prf_t *this)
+METHOD(prf_t, get_key_size, size_t,
+ private_hmac_prf_t *this)
{
/* for HMAC prfs, IKEv2 uses block size as key size */
return this->hmac->get_block_size(this->hmac);
}
-/**
- * Implementation of prf_t.set_key.
- */
-static void set_key(private_hmac_prf_t *this, chunk_t key)
+METHOD(prf_t, set_key, void,
+ private_hmac_prf_t *this, chunk_t key)
{
this->hmac->set_key(this->hmac, key);
}
-/**
- * Implementation of prf_t.destroy.
- */
-static void destroy(private_hmac_prf_t *this)
+METHOD(prf_t, destroy, void,
+ private_hmac_prf_t *this)
{
this->hmac->destroy(this->hmac);
free(this);
@@ -92,44 +80,47 @@ static void destroy(private_hmac_prf_t *this)
hmac_prf_t *hmac_prf_create(pseudo_random_function_t algo)
{
private_hmac_prf_t *this;
- hash_algorithm_t hash;
+ hmac_t *hmac;
switch (algo)
{
case PRF_HMAC_SHA1:
- hash = HASH_SHA1;
+ hmac = hmac_create(HASH_SHA1);
break;
case PRF_HMAC_MD5:
- hash = HASH_MD5;
+ hmac = hmac_create(HASH_MD5);
break;
case PRF_HMAC_SHA2_256:
- hash = HASH_SHA256;
+ hmac = hmac_create(HASH_SHA256);
break;
case PRF_HMAC_SHA2_384:
- hash = HASH_SHA384;
+ hmac = hmac_create(HASH_SHA384);
break;
case PRF_HMAC_SHA2_512:
- hash = HASH_SHA512;
+ hmac = hmac_create(HASH_SHA512);
break;
default:
return NULL;
}
-
- this = malloc_thing(private_hmac_prf_t);
- this->hmac = hmac_create(hash);
- if (this->hmac == NULL)
+ if (hmac == NULL)
{
- free(this);
return NULL;
}
- this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes;
- this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes;
- this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size;
- this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size;
- this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key;
- this->public.prf_interface.destroy = (void (*) (prf_t *))destroy;
-
- return &(this->public);
+ INIT(this,
+ .public = {
+ .prf = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .get_block_size = _get_block_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .hmac = hmac,
+ );
+
+ return &this->public;
}
diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.h b/src/libstrongswan/plugins/hmac/hmac_prf.h
index 975b456f5..29d7269ae 100644
--- a/src/libstrongswan/plugins/hmac/hmac_prf.h
+++ b/src/libstrongswan/plugins/hmac/hmac_prf.h
@@ -35,9 +35,9 @@ typedef struct hmac_prf_t hmac_prf_t;
struct hmac_prf_t {
/**
- * Generic prf_t interface for this hmac_prf_t class.
+ * Implements prf_t interface.
*/
- prf_t prf_interface;
+ prf_t prf;
};
/**
diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.c b/src/libstrongswan/plugins/hmac/hmac_signer.c
index f82a8f3a1..511a3e3a5 100644
--- a/src/libstrongswan/plugins/hmac/hmac_signer.c
+++ b/src/libstrongswan/plugins/hmac/hmac_signer.c
@@ -41,11 +41,8 @@ struct private_hmac_signer_t {
size_t block_size;
};
-/**
- * Implementation of signer_t.get_signature.
- */
-static void get_signature(private_hmac_signer_t *this,
- chunk_t data, u_int8_t *buffer)
+METHOD(signer_t, get_signature, void,
+ private_hmac_signer_t *this, chunk_t data, u_int8_t *buffer)
{
if (buffer == NULL)
{ /* append mode */
@@ -60,11 +57,8 @@ static void get_signature(private_hmac_signer_t *this,
}
}
-/**
- * Implementation of signer_t.allocate_signature.
- */
-static void allocate_signature (private_hmac_signer_t *this,
- chunk_t data, chunk_t *chunk)
+METHOD(signer_t, allocate_signature, void,
+ private_hmac_signer_t *this, chunk_t data, chunk_t *chunk)
{
if (chunk == NULL)
{ /* append mode */
@@ -83,11 +77,8 @@ static void allocate_signature (private_hmac_signer_t *this,
}
}
-/**
- * Implementation of signer_t.verify_signature.
- */
-static bool verify_signature(private_hmac_signer_t *this,
- chunk_t data, chunk_t signature)
+METHOD(signer_t, verify_signature, bool,
+ private_hmac_signer_t *this, chunk_t data, chunk_t signature)
{
u_int8_t mac[this->hmac->get_block_size(this->hmac)];
@@ -100,38 +91,29 @@ static bool verify_signature(private_hmac_signer_t *this,
return memeq(signature.ptr, mac, this->block_size);
}
-/**
- * Implementation of signer_t.get_key_size.
- */
-static size_t get_key_size(private_hmac_signer_t *this)
+METHOD(signer_t, get_key_size, size_t,
+ private_hmac_signer_t *this)
{
return this->hmac->get_block_size(this->hmac);
}
-/**
- * Implementation of signer_t.get_block_size.
- */
-static size_t get_block_size(private_hmac_signer_t *this)
+METHOD(signer_t, get_block_size, size_t,
+ private_hmac_signer_t *this)
{
return this->block_size;
}
-/**
- * Implementation of signer_t.set_key.
- */
-static void set_key(private_hmac_signer_t *this, chunk_t key)
+METHOD(signer_t, set_key, void,
+ private_hmac_signer_t *this, chunk_t key)
{
this->hmac->set_key(this->hmac, key);
}
-/**
- * Implementation of signer_t.destroy.
- */
-static status_t destroy(private_hmac_signer_t *this)
+METHOD(signer_t, destroy, void,
+ private_hmac_signer_t *this)
{
this->hmac->destroy(this->hmac);
free(this);
- return SUCCESS;
}
/*
@@ -140,66 +122,76 @@ static status_t destroy(private_hmac_signer_t *this)
hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo)
{
private_hmac_signer_t *this;
+ hmac_t *hmac;
size_t trunc;
- hash_algorithm_t hash;
switch (algo)
{
case AUTH_HMAC_SHA1_96:
- hash = HASH_SHA1;
+ hmac = hmac_create(HASH_SHA1);
trunc = 12;
break;
case AUTH_HMAC_SHA1_128:
- hash = HASH_SHA1;
+ hmac = hmac_create(HASH_SHA1);
trunc = 16;
break;
case AUTH_HMAC_SHA1_160:
- hash = HASH_SHA1;
+ hmac = hmac_create(HASH_SHA1);
trunc = 20;
break;
case AUTH_HMAC_MD5_96:
- hash = HASH_MD5;
+ hmac = hmac_create(HASH_MD5);
trunc = 12;
break;
case AUTH_HMAC_MD5_128:
- hash = HASH_MD5;
+ hmac = hmac_create(HASH_MD5);
trunc = 16;
break;
case AUTH_HMAC_SHA2_256_128:
- hash = HASH_SHA256;
+ hmac = hmac_create(HASH_SHA256);
trunc = 16;
break;
case AUTH_HMAC_SHA2_384_192:
- hash = HASH_SHA384;
+ hmac = hmac_create(HASH_SHA384);
trunc = 24;
break;
case AUTH_HMAC_SHA2_512_256:
- hash = HASH_SHA512;
+ hmac = hmac_create(HASH_SHA512);
trunc = 32;
break;
+ case AUTH_HMAC_SHA2_256_256:
+ hmac = hmac_create(HASH_SHA256);
+ trunc = 32;
+ break;
+ case AUTH_HMAC_SHA2_384_384:
+ hmac = hmac_create(HASH_SHA384);
+ trunc = 48;
+ break;
default:
return NULL;
}
- this = malloc_thing(private_hmac_signer_t);
- this->hmac = hmac_create(hash);
- if (this->hmac == NULL)
+ if (hmac == NULL)
{
- free(this);
return NULL;
}
- /* prevent invalid truncation */
- this->block_size = min(trunc, this->hmac->get_block_size(this->hmac));
-
- /* interface functions */
- this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature;
- this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature;
- this->public.signer_interface.verify_signature = (bool (*) (signer_t*, chunk_t, chunk_t))verify_signature;
- this->public.signer_interface.get_key_size = (size_t (*) (signer_t*))get_key_size;
- this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size;
- this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key;
- this->public.signer_interface.destroy = (void (*) (signer_t*))destroy;
-
- return &(this->public);
+
+ INIT(this,
+ .public = {
+ .signer = {
+ .get_signature = _get_signature,
+ .allocate_signature = _allocate_signature,
+ .verify_signature = _verify_signature,
+ .get_key_size = _get_key_size,
+ .get_block_size = _get_block_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .block_size = min(trunc, hmac->get_block_size(hmac)),
+ .hmac = hmac,
+ );
+
+ return &this->public;
}
diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.h b/src/libstrongswan/plugins/hmac/hmac_signer.h
index 0de93440c..5e798683b 100644
--- a/src/libstrongswan/plugins/hmac/hmac_signer.h
+++ b/src/libstrongswan/plugins/hmac/hmac_signer.h
@@ -34,9 +34,9 @@ typedef struct hmac_signer_t hmac_signer_t;
struct hmac_signer_t {
/**
- * generic signer_t interface for this signer
+ * Implements signer_t interface.
*/
- signer_t signer_interface;
+ signer_t signer;
};
/**
@@ -44,8 +44,7 @@ struct hmac_signer_t {
*
* HMAC signatures are often truncated to shorten them to a more usable, but
* still secure enough length.
- * Block size must be equal or smaller then the hash algorithms
- * hash.
+ * Block size must be equal or smaller then the hash algorithms hash.
*
* @param algo algorithm to implement
* @return hmac_signer_t, NULL if not supported
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index b96fd5abf..65a135e76 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -195,14 +198,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -242,7 +255,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 874ee07a2..a78dad97c 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -195,14 +198,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -242,7 +255,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index cc32bca88..6de400e8e 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -195,14 +198,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -242,7 +255,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index 83c1188b6..7d4d42c14 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -197,14 +200,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -244,7 +257,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index de9df7271..a32418b16 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -171,6 +172,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -202,14 +205,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -224,24 +230,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -249,7 +262,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 5645d72d7..b9d97a901 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -416,10 +416,19 @@ static bool parse_authKeyIdentifier_ext(private_openssl_crl_t *this,
static bool parse_crlNumber_ext(private_openssl_crl_t *this,
X509_EXTENSION *ext)
{
- free(this->serial.ptr);
- this->serial = chunk_clone(
- openssl_asn1_str2chunk(X509_EXTENSION_get_data(ext)));
- return this->serial.len != 0;
+ chunk_t chunk;
+
+ chunk = openssl_asn1_str2chunk(X509_EXTENSION_get_data(ext));
+ /* quick and dirty INTEGER unwrap */
+ if (chunk.len > 1 && chunk.ptr[0] == V_ASN1_INTEGER &&
+ chunk.ptr[1] == chunk.len - 2)
+ {
+ chunk = chunk_skip(chunk, 2);
+ free(this->serial.ptr);
+ this->serial = chunk_clone(chunk);
+ return TRUE;
+ }
+ return FALSE;
}
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c
index a8923ab56..2ed07ff0c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c
@@ -41,85 +41,57 @@ struct private_openssl_crypter_t {
};
/**
- * Mapping from the algorithms defined in IKEv2 to
- * OpenSSL algorithm names and their key length
- */
-typedef struct {
- /**
- * Identifier specified in IKEv2
- */
- int ikev2_id;
-
- /**
- * Name of the algorithm, as used in OpenSSL
- */
- char *name;
-
- /**
- * Minimum valid key length in bytes
- */
- size_t key_size_min;
-
- /**
- * Maximum valid key length in bytes
- */
- size_t key_size_max;
-} openssl_algorithm_t;
-
-#define END_OF_LIST -1
-
-/**
- * Algorithms for encryption
- */
-static openssl_algorithm_t encryption_algs[] = {
-/* {ENCR_DES_IV64, "***", 0, 0}, */
- {ENCR_DES, "des", 8, 8}, /* 64 bits */
- {ENCR_3DES, "des3", 24, 24}, /* 192 bits */
- {ENCR_RC5, "rc5", 5, 255}, /* 40 to 2040 bits, RFC 2451 */
- {ENCR_IDEA, "idea", 16, 16}, /* 128 bits, RFC 2451 */
- {ENCR_CAST, "cast", 5, 16}, /* 40 to 128 bits, RFC 2451 */
- {ENCR_BLOWFISH, "blowfish", 5, 56}, /* 40 to 448 bits, RFC 2451 */
-/* {ENCR_3IDEA, "***", 0, 0}, */
-/* {ENCR_DES_IV32, "***", 0, 0}, */
-/* {ENCR_NULL, "***", 0, 0}, */ /* handled separately */
-/* {ENCR_AES_CBC, "***", 0, 0}, */ /* handled separately */
-/* {ENCR_CAMELLIA_CBC, "***", 0, 0}, */ /* handled separately */
-/* {ENCR_AES_CTR, "***", 0, 0}, */ /* disabled in evp.h */
- {END_OF_LIST, NULL, 0, 0},
-};
-
-/**
* Look up an OpenSSL algorithm name and validate its key size
*/
-static char* lookup_algorithm(openssl_algorithm_t *openssl_algo,
- u_int16_t ikev2_algo, size_t *key_size)
+static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size)
{
- while (openssl_algo->ikev2_id != END_OF_LIST)
+ struct {
+ /* identifier specified in IKEv2 */
+ int ikev2_id;
+ /* name of the algorithm, as used in OpenSSL */
+ char *name;
+ /* default key size in bytes */
+ size_t key_def;
+ /* minimum key size */
+ size_t key_min;
+ /* maximum key size */
+ size_t key_max;
+ } mappings[] = {
+ {ENCR_DES, "des", 8, 8, 8},
+ {ENCR_3DES, "des3", 24, 24, 24},
+ {ENCR_RC5, "rc5", 16, 5, 255},
+ {ENCR_IDEA, "idea", 16, 16, 16},
+ {ENCR_CAST, "cast", 16, 5, 16},
+ {ENCR_BLOWFISH, "blowfish", 16, 5, 56},
+ };
+ int i;
+
+ for (i = 0; i < countof(mappings); i++)
{
- if (ikev2_algo == openssl_algo->ikev2_id)
+ if (ikev2_algo == mappings[i].ikev2_id)
{
/* set the key size if it is not set */
- if (*key_size == 0 &&
- (openssl_algo->key_size_min == openssl_algo->key_size_max))
+ if (*key_size == 0)
{
- *key_size = openssl_algo->key_size_min;
+ *key_size = mappings[i].key_def;
}
-
/* validate key size */
- if (*key_size < openssl_algo->key_size_min ||
- *key_size > openssl_algo->key_size_max)
+ if (*key_size < mappings[i].key_min ||
+ *key_size > mappings[i].key_max)
{
return NULL;
}
- return openssl_algo->name;
+ return mappings[i].name;
}
- openssl_algo++;
}
return NULL;
}
-static void crypt(private_openssl_crypter_t *this, chunk_t data,
- chunk_t iv, chunk_t *dst, int enc)
+/**
+ * Do the actual en/decryption in an EVP context
+ */
+static void crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv,
+ chunk_t *dst, int enc)
{
int len;
u_char *out;
@@ -141,53 +113,44 @@ static void crypt(private_openssl_crypter_t *this, chunk_t data,
EVP_CIPHER_CTX_cleanup(&ctx);
}
-/**
- * Implementation of crypter_t.decrypt.
- */
-static void decrypt(private_openssl_crypter_t *this, chunk_t data,
- chunk_t iv, chunk_t *dst)
+METHOD(crypter_t, decrypt, void,
+ private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
crypt(this, data, iv, dst, 0);
}
-
-/**
- * Implementation of crypter_t.encrypt.
- */
-static void encrypt (private_openssl_crypter_t *this, chunk_t data,
- chunk_t iv, chunk_t *dst)
+METHOD(crypter_t, encrypt, void,
+ private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
crypt(this, data, iv, dst, 1);
}
-/**
- * Implementation of crypter_t.get_block_size.
- */
-static size_t get_block_size(private_openssl_crypter_t *this)
+METHOD(crypter_t, get_block_size, size_t,
+ private_openssl_crypter_t *this)
{
return this->cipher->block_size;
}
-/**
- * Implementation of crypter_t.get_key_size.
- */
-static size_t get_key_size(private_openssl_crypter_t *this)
+METHOD(crypter_t, get_iv_size, size_t,
+ private_openssl_crypter_t *this)
+{
+ return this->cipher->block_size;
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_openssl_crypter_t *this)
{
return this->key.len;
}
-/**
- * Implementation of crypter_t.set_key.
- */
-static void set_key(private_openssl_crypter_t *this, chunk_t key)
+METHOD(crypter_t, set_key, void,
+ private_openssl_crypter_t *this, chunk_t key)
{
memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len));
}
-/**
- * Implementation of crypter_t.destroy.
- */
-static void destroy (private_openssl_crypter_t *this)
+METHOD(crypter_t, destroy, void,
+ private_openssl_crypter_t *this)
{
free(this->key.ptr);
free(this);
@@ -201,16 +164,32 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
{
private_openssl_crypter_t *this;
- this = malloc_thing(private_openssl_crypter_t);
+ INIT(this,
+ .public = {
+ .crypter = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ );
switch (algo)
{
case ENCR_NULL:
this->cipher = EVP_enc_null();
+ key_size = 0;
break;
case ENCR_AES_CBC:
switch (key_size)
{
+ case 0:
+ key_size = 16;
+ /* FALL */
case 16: /* AES 128 */
this->cipher = EVP_get_cipherbyname("aes128");
break;
@@ -228,6 +207,9 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
case ENCR_CAMELLIA_CBC:
switch (key_size)
{
+ case 0:
+ key_size = 16;
+ /* FALL */
case 16: /* CAMELLIA 128 */
this->cipher = EVP_get_cipherbyname("camellia128");
break;
@@ -243,11 +225,14 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
}
break;
case ENCR_DES_ECB:
+ key_size = 8;
this->cipher = EVP_des_ecb();
break;
default:
{
- char* name = lookup_algorithm(encryption_algs, algo, &key_size);
+ char* name;
+
+ name = lookup_algorithm(algo, &key_size);
if (!name)
{
/* algo unavailable or key_size invalid */
@@ -268,12 +253,5 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
this->key = chunk_alloc(key_size);
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
- this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
- this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
- this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
-
return &this->public;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.h b/src/libstrongswan/plugins/openssl/openssl_crypter.h
index 7e30ae03c..b12e7a6ab 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.h
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.h
@@ -31,9 +31,9 @@ typedef struct openssl_crypter_t openssl_crypter_t;
struct openssl_crypter_t {
/**
- * The crypter_t interface.
+ * Implements crypter_t interface.
*/
- crypter_t crypter_interface;
+ crypter_t crypter;
};
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index 9a032c54f..b27aa3391 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -57,11 +57,8 @@ struct private_openssl_diffie_hellman_t {
bool computed;
};
-/**
- * Implementation of openssl_diffie_hellman_t.get_my_public_value.
- */
-static void get_my_public_value(private_openssl_diffie_hellman_t *this,
- chunk_t *value)
+METHOD(diffie_hellman_t, get_my_public_value, void,
+ private_openssl_diffie_hellman_t *this, chunk_t *value)
{
*value = chunk_alloc(DH_size(this->dh));
memset(value->ptr, 0, value->len);
@@ -69,11 +66,8 @@ static void get_my_public_value(private_openssl_diffie_hellman_t *this,
value->ptr + value->len - BN_num_bytes(this->dh->pub_key));
}
-/**
- * Implementation of openssl_diffie_hellman_t.get_shared_secret.
- */
-static status_t get_shared_secret(private_openssl_diffie_hellman_t *this,
- chunk_t *secret)
+METHOD(diffie_hellman_t, get_shared_secret, status_t,
+ private_openssl_diffie_hellman_t *this, chunk_t *secret)
{
if (!this->computed)
{
@@ -88,11 +82,8 @@ static status_t get_shared_secret(private_openssl_diffie_hellman_t *this,
}
-/**
- * Implementation of openssl_diffie_hellman_t.set_other_public_value.
- */
-static void set_other_public_value(private_openssl_diffie_hellman_t *this,
- chunk_t value)
+METHOD(diffie_hellman_t, set_other_public_value, void,
+ private_openssl_diffie_hellman_t *this, chunk_t value)
{
int len;
@@ -110,10 +101,8 @@ static void set_other_public_value(private_openssl_diffie_hellman_t *this,
this->computed = TRUE;
}
-/**
- * Implementation of openssl_diffie_hellman_t.get_dh_group.
- */
-static diffie_hellman_group_t get_dh_group(private_openssl_diffie_hellman_t *this)
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_openssl_diffie_hellman_t *this)
{
return this->group;
}
@@ -137,10 +126,8 @@ static status_t set_modulus(private_openssl_diffie_hellman_t *this)
return SUCCESS;
}
-/**
- * Implementation of openssl_diffie_hellman_t.destroy.
- */
-static void destroy(private_openssl_diffie_hellman_t *this)
+METHOD(diffie_hellman_t, destroy, void,
+ private_openssl_diffie_hellman_t *this)
{
BN_clear_free(this->pub_key);
DH_free(this->dh);
@@ -151,15 +138,22 @@ static void destroy(private_openssl_diffie_hellman_t *this)
/*
* Described in header.
*/
-openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group)
+openssl_diffie_hellman_t *openssl_diffie_hellman_create(
+ diffie_hellman_group_t group, chunk_t g, chunk_t p)
{
- private_openssl_diffie_hellman_t *this = malloc_thing(private_openssl_diffie_hellman_t);
-
- this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
- this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
- this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
- this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
- this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
+ private_openssl_diffie_hellman_t *this;
+
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ );
this->dh = DH_new();
if (!this->dh)
@@ -173,11 +167,19 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t g
this->pub_key = BN_new();
this->shared_secret = chunk_empty;
- /* find a modulus according to group */
- if (set_modulus(this) != SUCCESS)
+ if (group == MODP_CUSTOM)
{
- destroy(this);
- return NULL;
+ this->dh->p = BN_bin2bn(p.ptr, p.len, NULL);
+ this->dh->g = BN_bin2bn(g.ptr, g.len, NULL);
+ }
+ else
+ {
+ /* find a modulus according to group */
+ if (set_modulus(this) != SUCCESS)
+ {
+ destroy(this);
+ return NULL;
+ }
}
/* generate my public and private values */
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
index 6c4b4fe81..53dc59c78 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
@@ -40,9 +40,12 @@ struct openssl_diffie_hellman_t {
* Creates a new openssl_diffie_hellman_t object.
*
* @param group Diffie Hellman group number to use
+ * @param g custom generator, if MODP_CUSTOM
+ * @param p custom prime, if MODP_CUSTOM
* @return openssl_diffie_hellman_t object, NULL if not supported
*/
-openssl_diffie_hellman_t *openssl_diffie_hellman_create(diffie_hellman_group_t group);
+openssl_diffie_hellman_t *openssl_diffie_hellman_create(
+ diffie_hellman_group_t group, chunk_t g, chunk_t p);
#endif /** OPENSSL_DIFFIE_HELLMAN_H_ @}*/
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index a53e8aea0..32fc2bccd 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -165,7 +165,8 @@ error:
* of the Diffie-Hellman shared secret value is the same as that of the
* Diffie-Hellman public value."
*/
-static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this, chunk_t *shared_secret)
+static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this,
+ chunk_t *shared_secret)
{
const BIGNUM *priv_key;
EC_POINT *secret = NULL;
@@ -209,10 +210,8 @@ error:
return ret;
}
-/**
- * Implementation of openssl_ec_diffie_hellman_t.set_other_public_value.
- */
-static void set_other_public_value(private_openssl_ec_diffie_hellman_t *this, chunk_t value)
+METHOD(diffie_hellman_t, set_other_public_value, void,
+ private_openssl_ec_diffie_hellman_t *this, chunk_t value)
{
if (!chunk2ecp(this->ec_group, value, this->pub_key))
{
@@ -230,18 +229,14 @@ static void set_other_public_value(private_openssl_ec_diffie_hellman_t *this, ch
this->computed = TRUE;
}
-/**
- * Implementation of openssl_ec_diffie_hellman_t.get_my_public_value.
- */
-static void get_my_public_value(private_openssl_ec_diffie_hellman_t *this,chunk_t *value)
+METHOD(diffie_hellman_t, get_my_public_value, void,
+ private_openssl_ec_diffie_hellman_t *this,chunk_t *value)
{
ecp2chunk(this->ec_group, EC_KEY_get0_public_key(this->key), value, FALSE);
}
-/**
- * Implementation of openssl_ec_diffie_hellman_t.get_shared_secret.
- */
-static status_t get_shared_secret(private_openssl_ec_diffie_hellman_t *this, chunk_t *secret)
+METHOD(diffie_hellman_t, get_shared_secret, status_t,
+ private_openssl_ec_diffie_hellman_t *this, chunk_t *secret)
{
if (!this->computed)
{
@@ -251,18 +246,14 @@ static status_t get_shared_secret(private_openssl_ec_diffie_hellman_t *this, chu
return SUCCESS;
}
-/**
- * Implementation of openssl_ec_diffie_hellman_t.get_dh_group.
- */
-static diffie_hellman_group_t get_dh_group(private_openssl_ec_diffie_hellman_t *this)
+METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
+ private_openssl_ec_diffie_hellman_t *this)
{
return this->group;
}
-/**
- * Implementation of openssl_ec_diffie_hellman_t.destroy.
- */
-static void destroy(private_openssl_ec_diffie_hellman_t *this)
+METHOD(diffie_hellman_t, destroy, void,
+ private_openssl_ec_diffie_hellman_t *this)
{
EC_POINT_clear_free(this->pub_key);
EC_KEY_free(this->key);
@@ -275,13 +266,20 @@ static void destroy(private_openssl_ec_diffie_hellman_t *this)
*/
openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_group_t group)
{
- private_openssl_ec_diffie_hellman_t *this = malloc_thing(private_openssl_ec_diffie_hellman_t);
-
- this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
- this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
- this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
- this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
- this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
+ private_openssl_ec_diffie_hellman_t *this;
+
+ INIT(this,
+ .public = {
+ .dh = {
+ .get_shared_secret = _get_shared_secret,
+ .set_other_public_value = _set_other_public_value,
+ .get_my_public_value = _get_my_public_value,
+ .get_dh_group = _get_dh_group,
+ .destroy = _destroy,
+ },
+ },
+ .group = group,
+ );
switch (group)
{
@@ -328,11 +326,6 @@ openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_gro
return NULL;
}
- this->group = group;
- this->computed = FALSE;
-
- this->shared_secret = chunk_empty;
-
return &this->public;
}
#endif /* OPENSSL_NO_EC */
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index 281155913..f4c4759bf 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -138,11 +138,9 @@ static bool build_der_signature(private_openssl_ec_private_key_t *this,
return built;
}
-/**
- * Implementation of private_key_t.sign.
- */
-static bool sign(private_openssl_ec_private_key_t *this,
- signature_scheme_t scheme, chunk_t data, chunk_t *signature)
+METHOD(private_key_t, sign, bool,
+ private_openssl_ec_private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *signature)
{
switch (scheme)
{
@@ -172,36 +170,38 @@ static bool sign(private_openssl_ec_private_key_t *this,
}
}
-/**
- * Implementation of private_key_t.destroy.
- */
-static bool decrypt(private_openssl_ec_private_key_t *this,
- chunk_t crypto, chunk_t *plain)
+METHOD(private_key_t, decrypt, bool,
+ private_openssl_ec_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "EC private key decryption not implemented");
return FALSE;
}
-/**
- * Implementation of private_key_t.get_keysize.
- */
-static size_t get_keysize(private_openssl_ec_private_key_t *this)
+METHOD(private_key_t, get_keysize, int,
+ private_openssl_ec_private_key_t *this)
{
- return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
+ switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
+ {
+ case NID_X9_62_prime256v1:
+ return 256;
+ case NID_secp384r1:
+ return 384;
+ case NID_secp521r1:
+ return 521;
+ default:
+ return 0;
+ }
}
-/**
- * Implementation of private_key_t.get_type.
- */
-static key_type_t get_type(private_openssl_ec_private_key_t *this)
+METHOD(private_key_t, get_type, key_type_t,
+ private_openssl_ec_private_key_t *this)
{
return KEY_ECDSA;
}
-/**
- * Implementation of private_key_t.get_public_key.
- */
-static public_key_t* get_public_key(private_openssl_ec_private_key_t *this)
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_openssl_ec_private_key_t *this)
{
public_key_t *public;
chunk_t key;
@@ -217,20 +217,16 @@ static public_key_t* get_public_key(private_openssl_ec_private_key_t *this)
return public;
}
-/**
- * Implementation of private_key_t.get_fingerprint.
- */
-static bool get_fingerprint(private_openssl_ec_private_key_t *this,
- cred_encoding_type_t type, chunk_t *fingerprint)
+METHOD(private_key_t, get_fingerprint, bool,
+ private_openssl_ec_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
{
return openssl_ec_fingerprint(this->ec, type, fingerprint);
}
-/**
- * Implementation of private_key_t.get_encoding.
- */
-static bool get_encoding(private_openssl_ec_private_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(private_key_t, get_encoding, bool,
+ private_openssl_ec_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
u_char *p;
@@ -261,19 +257,15 @@ static bool get_encoding(private_openssl_ec_private_key_t *this,
}
}
-/**
- * Implementation of private_key_t.get_ref.
- */
-static private_key_t* get_ref(private_openssl_ec_private_key_t *this)
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_openssl_ec_private_key_t *this)
{
ref_get(&this->ref);
- return &this->public.interface;
+ return &this->public.key;
}
-/**
- * Implementation of private_key_t.destroy.
- */
-static void destroy(private_openssl_ec_private_key_t *this)
+METHOD(private_key_t, destroy, void,
+ private_openssl_ec_private_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -291,23 +283,27 @@ static void destroy(private_openssl_ec_private_key_t *this)
*/
static private_openssl_ec_private_key_t *create_empty(void)
{
- private_openssl_ec_private_key_t *this = malloc_thing(private_openssl_ec_private_key_t);
-
- this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
- this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
- this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
- this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
- this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
- this->public.interface.equals = private_key_equals;
- this->public.interface.belongs_to = private_key_belongs_to;
- this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
-
- this->ec = NULL;
- this->ref = 1;
+ private_openssl_ec_private_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
return this;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
index 720c63f90..f56c95aa1 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
@@ -34,7 +34,7 @@ struct openssl_ec_private_key_t {
/**
* Implements private_key_t interface
*/
- private_key_t interface;
+ private_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index def36c92f..7461695ad 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -130,19 +130,15 @@ static bool verify_der_signature(private_openssl_ec_public_key_t *this,
return valid;
}
-/**
- * Implementation of public_key_t.get_type.
- */
-static key_type_t get_type(private_openssl_ec_public_key_t *this)
+METHOD(public_key_t, get_type, key_type_t,
+ private_openssl_ec_public_key_t *this)
{
return KEY_ECDSA;
}
-/**
- * Implementation of public_key_t.verify.
- */
-static bool verify(private_openssl_ec_public_key_t *this,
- signature_scheme_t scheme, chunk_t data, chunk_t signature)
+METHOD(public_key_t, verify, bool,
+ private_openssl_ec_public_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t signature)
{
switch (scheme)
{
@@ -172,22 +168,28 @@ static bool verify(private_openssl_ec_public_key_t *this,
}
}
-/**
- * Implementation of public_key_t.get_keysize.
- */
-static bool encrypt_(private_openssl_ec_public_key_t *this,
- chunk_t crypto, chunk_t *plain)
+METHOD(public_key_t, encrypt, bool,
+ private_openssl_ec_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "EC public key encryption not implemented");
return FALSE;
}
-/**
- * Implementation of public_key_t.get_keysize.
- */
-static size_t get_keysize(private_openssl_ec_public_key_t *this)
+METHOD(public_key_t, get_keysize, int,
+ private_openssl_ec_public_key_t *this)
{
- return EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec));
+ switch (EC_GROUP_get_curve_name(EC_KEY_get0_group(this->ec)))
+ {
+ case NID_X9_62_prime256v1:
+ return 256;
+ case NID_secp384r1:
+ return 384;
+ case NID_secp521r1:
+ return 521;
+ default:
+ return 0;
+ }
}
/**
@@ -232,20 +234,16 @@ bool openssl_ec_fingerprint(EC_KEY *ec, cred_encoding_type_t type, chunk_t *fp)
return TRUE;
}
-/**
- * Implementation of private_key_t.get_fingerprint.
- */
-static bool get_fingerprint(private_openssl_ec_public_key_t *this,
- cred_encoding_type_t type, chunk_t *fingerprint)
+METHOD(public_key_t, get_fingerprint, bool,
+ private_openssl_ec_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
{
return openssl_ec_fingerprint(this->ec, type, fingerprint);
}
-/**
- * Implementation of private_key_t.get_encoding.
- */
-static bool get_encoding(private_openssl_ec_public_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(public_key_t, get_encoding, bool,
+ private_openssl_ec_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
u_char *p;
@@ -276,19 +274,15 @@ static bool get_encoding(private_openssl_ec_public_key_t *this,
}
}
-/**
- * Implementation of public_key_t.get_ref.
- */
-static public_key_t* get_ref(private_openssl_ec_public_key_t *this)
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_openssl_ec_public_key_t *this)
{
ref_get(&this->ref);
- return &this->public.interface;
+ return &this->public.key;
}
-/**
- * Implementation of openssl_ec_public_key.destroy.
- */
-static void destroy(private_openssl_ec_public_key_t *this)
+METHOD(public_key_t, destroy, void,
+ private_openssl_ec_public_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -306,21 +300,25 @@ static void destroy(private_openssl_ec_public_key_t *this)
*/
static private_openssl_ec_public_key_t *create_empty()
{
- private_openssl_ec_public_key_t *this = malloc_thing(private_openssl_ec_public_key_t);
-
- this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
- this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
- this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_;
- this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
- this->public.interface.equals = public_key_equals;
- this->public.interface.get_fingerprint = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(public_key_t *this))destroy;
-
- this->ec = NULL;
- this->ref = 1;
+ private_openssl_ec_public_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt,
+ .get_keysize = _get_keysize,
+ .equals = public_key_equals,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
return this;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
index 29d607d38..8094083a7 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
@@ -34,7 +34,7 @@ struct openssl_ec_public_key_t {
/**
* Implements the public_key_t interface
*/
- public_key_t interface;
+ public_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c
index 7556bc594..d81f4b21e 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hasher.c
+++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c
@@ -90,27 +90,20 @@ static char* lookup_algorithm(openssl_algorithm_t *openssl_algo,
return NULL;
}
-/**
- * Implementation of hasher_t.get_hash_size.
- */
-static size_t get_hash_size(private_openssl_hasher_t *this)
+METHOD(hasher_t, get_hash_size, size_t,
+ private_openssl_hasher_t *this)
{
return this->hasher->md_size;
}
-/**
- * Implementation of hasher_t.reset.
- */
-static void reset(private_openssl_hasher_t *this)
+METHOD(hasher_t, reset, void,
+ private_openssl_hasher_t *this)
{
EVP_DigestInit_ex(this->ctx, this->hasher, NULL);
}
-/**
- * Implementation of hasher_t.get_hash.
- */
-static void get_hash(private_openssl_hasher_t *this, chunk_t chunk,
- u_int8_t *hash)
+METHOD(hasher_t, get_hash, void,
+ private_openssl_hasher_t *this, chunk_t chunk, u_int8_t *hash)
{
EVP_DigestUpdate(this->ctx, chunk.ptr, chunk.len);
if (hash)
@@ -120,11 +113,8 @@ static void get_hash(private_openssl_hasher_t *this, chunk_t chunk,
}
}
-/**
- * Implementation of hasher_t.allocate_hash.
- */
-static void allocate_hash(private_openssl_hasher_t *this, chunk_t chunk,
- chunk_t *hash)
+METHOD(hasher_t, allocate_hash, void,
+ private_openssl_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
@@ -137,10 +127,8 @@ static void allocate_hash(private_openssl_hasher_t *this, chunk_t chunk,
}
}
-/**
- * Implementation of hasher_t.destroy.
- */
-static void destroy (private_openssl_hasher_t *this)
+METHOD(hasher_t, destroy, void,
+ private_openssl_hasher_t *this)
{
EVP_MD_CTX_destroy(this->ctx);
free(this);
@@ -160,7 +148,17 @@ openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo)
return NULL;
}
- this = malloc_thing(private_openssl_hasher_t);
+ INIT(this,
+ .public = {
+ .hasher = {
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .get_hash_size = _get_hash_size,
+ .reset = _reset,
+ .destroy = _destroy,
+ },
+ },
+ );
this->hasher = EVP_get_digestbyname(name);
if (!this->hasher)
@@ -170,12 +168,6 @@ openssl_hasher_t *openssl_hasher_create(hash_algorithm_t algo)
return NULL;
}
- this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash;
- this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash;
- this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size;
- this->public.hasher_interface.reset = (void (*) (hasher_t*))reset;
- this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy;
-
this->ctx = EVP_MD_CTX_create();
/* initialization */
diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.h b/src/libstrongswan/plugins/openssl/openssl_hasher.h
index fd7a043d1..b03f6891b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hasher.h
+++ b/src/libstrongswan/plugins/openssl/openssl_hasher.h
@@ -31,9 +31,9 @@ typedef struct openssl_hasher_t openssl_hasher_t;
struct openssl_hasher_t {
/**
- * The hasher_t interface.
+ * Implements hasher_t interface.
*/
- hasher_t hasher_interface;
+ hasher_t hasher;
};
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 31697dcb8..0ab4eda9c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -16,6 +16,7 @@
#include <openssl/evp.h>
#include <openssl/conf.h>
+#include <openssl/rand.h>
#include <openssl/crypto.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
@@ -24,6 +25,7 @@
#include "openssl_plugin.h"
#include <library.h>
+#include <debug.h>
#include <threading/thread.h>
#include <threading/mutex.h>
#include "openssl_util.h"
@@ -151,6 +153,31 @@ static void threading_init()
}
/**
+ * Seed the OpenSSL RNG, if required
+ */
+static bool seed_rng()
+{
+ rng_t *rng = NULL;
+ char buf[32];
+
+ while (RAND_status() != 1)
+ {
+ if (!rng)
+ {
+ rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+ if (!rng)
+ {
+ return FALSE;
+ }
+ }
+ rng->get_bytes(rng, sizeof(buf), buf);
+ RAND_seed(buf, sizeof(buf));
+ }
+ DESTROY_IF(rng);
+ return TRUE;
+}
+
+/**
* cleanup OpenSSL threading locks
*/
static void threading_cleanup()
@@ -166,10 +193,8 @@ static void threading_cleanup()
mutex = NULL;
}
-/**
- * Implementation of openssl_plugin_t.destroy
- */
-static void destroy(private_openssl_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_openssl_plugin_t *this)
{
lib->crypto->remove_crypter(lib->crypto,
(crypter_constructor_t)openssl_crypter_create);
@@ -218,9 +243,15 @@ static void destroy(private_openssl_plugin_t *this)
*/
plugin_t *openssl_plugin_create()
{
- private_openssl_plugin_t *this = malloc_thing(private_openssl_plugin_t);
+ private_openssl_plugin_t *this;
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
threading_init();
@@ -233,6 +264,13 @@ plugin_t *openssl_plugin_create()
ENGINE_register_all_complete();
#endif /* OPENSSL_NO_ENGINE */
+ if (!seed_rng())
+ {
+ DBG1(DBG_CFG, "no RNG found to seed OpenSSL");
+ destroy(this);
+ return NULL;
+ }
+
/* crypter */
lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
(crypter_constructor_t)openssl_crypter_create);
@@ -312,33 +350,35 @@ plugin_t *openssl_plugin_create()
(dh_constructor_t)openssl_diffie_hellman_create);
lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
(dh_constructor_t)openssl_diffie_hellman_create);
+ lib->crypto->add_dh(lib->crypto, MODP_CUSTOM,
+ (dh_constructor_t)openssl_diffie_hellman_create);
/* rsa */
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE,
(builder_function_t)openssl_rsa_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
(builder_function_t)openssl_rsa_private_key_gen);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
(builder_function_t)openssl_rsa_private_key_connect);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE,
(builder_function_t)openssl_rsa_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
(builder_function_t)openssl_rsa_public_key_load);
#ifndef OPENSSL_NO_EC
/* ecdsa */
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, TRUE,
(builder_function_t)openssl_ec_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, FALSE,
(builder_function_t)openssl_ec_private_key_gen);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, TRUE,
(builder_function_t)openssl_ec_public_key_load);
#endif /* OPENSSL_NO_EC */
/* X509 certificates */
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, TRUE,
(builder_function_t)openssl_x509_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, TRUE,
(builder_function_t)openssl_crl_load);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 5817ade9e..0b607c386 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -131,19 +131,16 @@ error:
return success;
}
-/**
- * Implementation of openssl_rsa_private_key.get_type.
- */
-static key_type_t get_type(private_openssl_rsa_private_key_t *this)
+
+METHOD(private_key_t, get_type, key_type_t,
+ private_openssl_rsa_private_key_t *this)
{
return KEY_RSA;
}
-/**
- * Implementation of openssl_rsa_private_key.sign.
- */
-static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t *signature)
+METHOD(private_key_t, sign, bool,
+ private_openssl_rsa_private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *signature)
{
switch (scheme)
{
@@ -168,28 +165,47 @@ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t sch
}
}
-/**
- * Implementation of openssl_rsa_private_key.decrypt.
- */
-static bool decrypt(private_openssl_rsa_private_key_t *this,
- chunk_t crypto, chunk_t *plain)
+METHOD(private_key_t, decrypt, bool,
+ private_openssl_rsa_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypto, chunk_t *plain)
{
- DBG1(DBG_LIB, "RSA private key decryption not implemented");
- return FALSE;
+ int padding, len;
+ char *decrypted;
+
+ switch (scheme)
+ {
+ case ENCRYPT_RSA_PKCS1:
+ padding = RSA_PKCS1_PADDING;
+ break;
+ case ENCRYPT_RSA_OAEP_SHA1:
+ padding = RSA_PKCS1_OAEP_PADDING;
+ break;
+ default:
+ DBG1(DBG_LIB, "encryption scheme %N not supported via openssl",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
+ decrypted = malloc(RSA_size(this->rsa));
+ len = RSA_private_decrypt(crypto.len, crypto.ptr, decrypted,
+ this->rsa, padding);
+ if (len < 0)
+ {
+ DBG1(DBG_LIB, "RSA decryption failed");
+ free(decrypted);
+ return FALSE;
+ }
+ *plain = chunk_create(decrypted, len);
+ return TRUE;
}
-/**
- * Implementation of openssl_rsa_private_key.get_keysize.
- */
-static size_t get_keysize(private_openssl_rsa_private_key_t *this)
+METHOD(private_key_t, get_keysize, int,
+ private_openssl_rsa_private_key_t *this)
{
- return RSA_size(this->rsa);
+ return RSA_size(this->rsa) * 8;
}
-/**
- * Implementation of openssl_rsa_private_key.get_public_key.
- */
-static public_key_t* get_public_key(private_openssl_rsa_private_key_t *this)
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_openssl_rsa_private_key_t *this)
{
chunk_t enc;
public_key_t *key;
@@ -204,20 +220,16 @@ static public_key_t* get_public_key(private_openssl_rsa_private_key_t *this)
return key;
}
-/**
- * Implementation of public_key_t.get_fingerprint.
- */
-static bool get_fingerprint(private_openssl_rsa_private_key_t *this,
- cred_encoding_type_t type, chunk_t *fingerprint)
+METHOD(private_key_t, get_fingerprint, bool,
+ private_openssl_rsa_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
{
return openssl_rsa_fingerprint(this->rsa, type, fingerprint);
}
-/*
- * Implementation of public_key_t.get_encoding.
- */
-static bool get_encoding(private_openssl_rsa_private_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(private_key_t, get_encoding, bool,
+ private_openssl_rsa_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
u_char *p;
@@ -252,19 +264,15 @@ static bool get_encoding(private_openssl_rsa_private_key_t *this,
}
}
-/**
- * Implementation of openssl_rsa_private_key.get_ref.
- */
-static private_openssl_rsa_private_key_t* get_ref(private_openssl_rsa_private_key_t *this)
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_openssl_rsa_private_key_t *this)
{
ref_get(&this->ref);
- return this;
+ return &this->public.key;
}
-/**
- * Implementation of openssl_rsa_private_key.destroy.
- */
-static void destroy(private_openssl_rsa_private_key_t *this)
+METHOD(private_key_t, destroy, void,
+ private_openssl_rsa_private_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -280,25 +288,29 @@ static void destroy(private_openssl_rsa_private_key_t *this)
/**
* Internal generic constructor
*/
-static private_openssl_rsa_private_key_t *create_empty(void)
+static private_openssl_rsa_private_key_t *create_empty()
{
- private_openssl_rsa_private_key_t *this = malloc_thing(private_openssl_rsa_private_key_t);
-
- this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type;
- this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign;
- this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt;
- this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize;
- this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key;
- this->public.interface.equals = private_key_equals;
- this->public.interface.belongs_to = private_key_belongs_to;
- this->public.interface.get_fingerprint = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(private_key_t*, chunk_t fp))private_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(private_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref;
- this->public.interface.destroy = (void (*) (private_key_t*))destroy;
-
- this->engine = FALSE;
- this->ref = 1;
+ private_openssl_rsa_private_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
return this;
}
@@ -444,6 +456,48 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type,
}
/**
+ * Login to engine with a PIN specified for a keyid
+ */
+static bool login(ENGINE *engine, chunk_t keyid)
+{
+ enumerator_t *enumerator;
+ shared_key_t *shared;
+ identification_t *id;
+ chunk_t key;
+ char pin[64];
+ bool found = FALSE, success = FALSE;
+
+ id = identification_create_from_encoding(ID_KEY_ID, keyid);
+ enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
+ SHARED_PIN, id, NULL);
+ while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
+ {
+ found = TRUE;
+ key = shared->get_key(shared);
+ if (snprintf(pin, sizeof(pin), "%.*s", key.len, key.ptr) >= sizeof(pin))
+ {
+ continue;
+ }
+ if (ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0))
+ {
+ success = TRUE;
+ break;
+ }
+ else
+ {
+ DBG1(DBG_CFG, "setting PIN on engine failed");
+ }
+ }
+ enumerator->destroy(enumerator);
+ id->destroy(id);
+ if (!found)
+ {
+ DBG1(DBG_CFG, "no PIN found for %#B", &keyid);
+ }
+ return success;
+}
+
+/**
* See header.
*/
openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
@@ -451,20 +505,25 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
{
#ifndef OPENSSL_NO_ENGINE
private_openssl_rsa_private_key_t *this;
- char *keyid = NULL, *pin = NULL;
+ char *engine_id = NULL;
+ char keyname[64];
+ chunk_t keyid = chunk_empty;;
EVP_PKEY *key;
- char *engine_id;
ENGINE *engine;
+ int slot = -1;
while (TRUE)
{
switch (va_arg(args, builder_part_t))
{
- case BUILD_SMARTCARD_KEYID:
- keyid = va_arg(args, char*);
+ case BUILD_PKCS11_KEYID:
+ keyid = va_arg(args, chunk_t);
continue;
- case BUILD_SMARTCARD_PIN:
- pin = va_arg(args, char*);
+ case BUILD_PKCS11_SLOT:
+ slot = va_arg(args, int);
+ continue;
+ case BUILD_PKCS11_MODULE:
+ engine_id = va_arg(args, char*);
continue;
case BUILD_END:
break;
@@ -473,17 +532,31 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
}
break;
}
- if (!keyid || !pin)
+ if (!keyid.len || keyid.len > 40)
{
return NULL;
}
- engine_id = lib->settings->get_str(lib->settings,
+ memset(keyname, 0, sizeof(keyname));
+ if (slot != -1)
+ {
+ snprintf(keyname, sizeof(keyname), "%d:", slot);
+ }
+ if (sizeof(keyname) - strlen(keyname) <= keyid.len * 4 / 3 + 1)
+ {
+ return NULL;
+ }
+ chunk_to_hex(keyid, keyname + strlen(keyname), FALSE);
+
+ if (!engine_id)
+ {
+ engine_id = lib->settings->get_str(lib->settings,
"libstrongswan.plugins.openssl.engine_id", "pkcs11");
+ }
engine = ENGINE_by_id(engine_id);
if (!engine)
{
- DBG1(DBG_LIB, "engine '%s' is not available", engine_id);
+ DBG2(DBG_LIB, "engine '%s' is not available", engine_id);
return NULL;
}
if (!ENGINE_init(engine))
@@ -492,18 +565,17 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
ENGINE_free(engine);
return NULL;
}
- if (!ENGINE_ctrl_cmd_string(engine, "PIN", pin, 0))
+ if (!login(engine, keyid))
{
- DBG1(DBG_LIB, "failed to set PIN on engine '%s'", engine_id);
+ DBG1(DBG_LIB, "login to engine '%s' failed", engine_id);
ENGINE_free(engine);
return NULL;
}
-
- key = ENGINE_load_private_key(engine, keyid, NULL, NULL);
+ key = ENGINE_load_private_key(engine, keyname, NULL, NULL);
if (!key)
{
DBG1(DBG_LIB, "failed to load private key with ID '%s' from "
- "engine '%s'", keyid, engine_id);
+ "engine '%s'", keyname, engine_id);
ENGINE_free(engine);
return NULL;
}
@@ -512,6 +584,11 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type,
this = create_empty();
this->rsa = EVP_PKEY_get1_RSA(key);
this->engine = TRUE;
+ if (!this->rsa)
+ {
+ destroy(this);
+ return NULL;
+ }
return &this->public;
#else /* OPENSSL_NO_ENGINE */
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
index 079dfa46a..60889d651 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
@@ -34,7 +34,7 @@ struct openssl_rsa_private_key_t {
/**
* Implements private_key_t interface
*/
- private_key_t interface;
+ private_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index 6ac61a65c..422e31521 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -114,19 +114,15 @@ error:
return valid;
}
-/**
- * Implementation of public_key_t.get_type.
- */
-static key_type_t get_type(private_openssl_rsa_public_key_t *this)
+METHOD(public_key_t, get_type, key_type_t,
+ private_openssl_rsa_public_key_t *this)
{
return KEY_RSA;
}
-/**
- * Implementation of public_key_t.verify.
- */
-static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t scheme,
- chunk_t data, chunk_t signature)
+METHOD(public_key_t, verify, bool,
+ private_openssl_rsa_public_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t signature)
{
switch (scheme)
{
@@ -151,22 +147,43 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc
}
}
-/**
- * Implementation of public_key_t.get_keysize.
- */
-static bool encrypt_(private_openssl_rsa_public_key_t *this,
- chunk_t crypto, chunk_t *plain)
+METHOD(public_key_t, encrypt, bool,
+ private_openssl_rsa_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t plain, chunk_t *crypto)
{
- DBG1(DBG_LIB, "RSA public key encryption not implemented");
- return FALSE;
+ int padding, len;
+ char *encrypted;
+
+ switch (scheme)
+ {
+ case ENCRYPT_RSA_PKCS1:
+ padding = RSA_PKCS1_PADDING;
+ break;
+ case ENCRYPT_RSA_OAEP_SHA1:
+ padding = RSA_PKCS1_OAEP_PADDING;
+ break;
+ default:
+ DBG1(DBG_LIB, "decryption scheme %N not supported via openssl",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
+ encrypted = malloc(RSA_size(this->rsa));
+ len = RSA_public_encrypt(plain.len, plain.ptr, encrypted,
+ this->rsa, padding);
+ if (len < 0)
+ {
+ DBG1(DBG_LIB, "RSA decryption failed");
+ free(encrypted);
+ return FALSE;
+ }
+ *crypto = chunk_create(encrypted, len);
+ return TRUE;
}
-/**
- * Implementation of public_key_t.get_keysize.
- */
-static size_t get_keysize(private_openssl_rsa_public_key_t *this)
+METHOD(public_key_t, get_keysize, int,
+ private_openssl_rsa_public_key_t *this)
{
- return RSA_size(this->rsa);
+ return RSA_size(this->rsa) * 8;
}
/**
@@ -211,20 +228,16 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp)
return TRUE;
}
-/**
- * Implementation of public_key_t.get_fingerprint.
- */
-static bool get_fingerprint(private_openssl_rsa_public_key_t *this,
- cred_encoding_type_t type, chunk_t *fingerprint)
+METHOD(public_key_t, get_fingerprint, bool,
+ private_openssl_rsa_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
{
return openssl_rsa_fingerprint(this->rsa, type, fingerprint);
}
-/*
- * Implementation of public_key_t.get_encoding.
- */
-static bool get_encoding(private_openssl_rsa_public_key_t *this,
- cred_encoding_type_t type, chunk_t *encoding)
+METHOD(public_key_t, get_encoding, bool,
+ private_openssl_rsa_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
{
u_char *p;
@@ -262,19 +275,15 @@ static bool get_encoding(private_openssl_rsa_public_key_t *this,
}
}
-/**
- * Implementation of public_key_t.get_ref.
- */
-static public_key_t* get_ref(private_openssl_rsa_public_key_t *this)
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_openssl_rsa_public_key_t *this)
{
ref_get(&this->ref);
- return &this->public.interface;
+ return &this->public.key;
}
-/**
- * Implementation of openssl_rsa_public_key.destroy.
- */
-static void destroy(private_openssl_rsa_public_key_t *this)
+METHOD(public_key_t, destroy, void,
+ private_openssl_rsa_public_key_t *this)
{
if (ref_put(&this->ref))
{
@@ -292,21 +301,25 @@ static void destroy(private_openssl_rsa_public_key_t *this)
*/
static private_openssl_rsa_public_key_t *create_empty()
{
- private_openssl_rsa_public_key_t *this = malloc_thing(private_openssl_rsa_public_key_t);
-
- this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
- this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
- this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_;
- this->public.interface.equals = public_key_equals;
- this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
- this->public.interface.get_fingerprint = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *fp))get_fingerprint;
- this->public.interface.has_fingerprint = (bool(*)(public_key_t*, chunk_t fp))public_key_has_fingerprint;
- this->public.interface.get_encoding = (bool(*)(public_key_t*, cred_encoding_type_t type, chunk_t *encoding))get_encoding;
- this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(public_key_t *this))destroy;
-
- this->rsa = NULL;
- this->ref = 1;
+ private_openssl_rsa_public_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt,
+ .equals = public_key_equals,
+ .get_keysize = _get_keysize,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
return this;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
index 620aa51ce..021257d3c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
@@ -33,7 +33,7 @@ struct openssl_rsa_public_key_t {
/**
* Implements the public_key_t interface
*/
- public_key_t interface;
+ public_key_t key;
};
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
index b65388010..20f2fa984 100644
--- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
+++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
@@ -124,13 +124,15 @@ openssl_sha1_prf_t *openssl_sha1_prf_create(pseudo_random_function_t algo)
}
INIT(this,
- .public.prf = {
- .get_block_size = _get_block_size,
- .get_bytes = _get_bytes,
- .allocate_bytes = _allocate_bytes,
- .get_key_size = _get_key_size,
- .set_key = _set_key,
- .destroy = _destroy,
+ .public = {
+ .prf = {
+ .get_block_size = _get_block_size,
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
},
);
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 1c9bb699e..aa39bc93d 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -187,6 +187,15 @@ static identification_t *general_name2id(GENERAL_NAME *name)
}
case GEN_DIRNAME :
return openssl_x509_name2id(name->d.directoryName);
+ case GEN_OTHERNAME:
+ if (OBJ_obj2nid(name->d.otherName->type_id) == NID_ms_upn &&
+ name->d.otherName->value->type == V_ASN1_UTF8STRING)
+ {
+ return identification_create_from_encoding(ID_RFC822_ADDR,
+ openssl_asn1_str2chunk(
+ name->d.otherName->value->value.utf8string));
+ }
+ return NULL;
default:
return NULL;
}
@@ -286,10 +295,23 @@ METHOD(certificate_t, has_subject, id_match_t,
identification_t *current;
enumerator_t *enumerator;
id_match_t match, best;
+ chunk_t encoding;
if (subject->get_type(subject) == ID_KEY_ID)
{
- if (chunk_equals(this->hash, subject->get_encoding(subject)))
+ encoding = subject->get_encoding(subject);
+
+ if (chunk_equals(this->hash, encoding))
+ {
+ return ID_MATCH_PERFECT;
+ }
+ if (this->subjectKeyIdentifier.len &&
+ chunk_equals(this->subjectKeyIdentifier, encoding))
+ {
+ return ID_MATCH_PERFECT;
+ }
+ if (this->pubkey &&
+ this->pubkey->has_fingerprint(this->pubkey, encoding))
{
return ID_MATCH_PERFECT;
}
@@ -756,6 +778,38 @@ static bool parse_extensions(private_openssl_x509_t *this)
}
/**
+ * Parse ExtendedKeyUsage
+ */
+static void parse_extKeyUsage(private_openssl_x509_t *this)
+{
+ EXTENDED_KEY_USAGE *usage;
+ int i;
+
+ usage = X509_get_ext_d2i(this->x509, NID_ext_key_usage, NULL, NULL);
+ if (usage)
+ {
+ for (i = 0; i < sk_ASN1_OBJECT_num(usage); i++)
+ {
+ switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(usage, i)))
+ {
+ case NID_server_auth:
+ this->flags |= X509_SERVER_AUTH;
+ break;
+ case NID_client_auth:
+ this->flags |= X509_CLIENT_AUTH;
+ break;
+ case NID_OCSP_sign:
+ this->flags |= X509_OCSP_SIGNER;
+ break;
+ default:
+ break;
+ }
+ }
+ sk_ASN1_OBJECT_pop_free(usage, ASN1_OBJECT_free);
+ }
+}
+
+/**
* Parse a DER encoded x509 certificate
*/
static bool parse_certificate(private_openssl_x509_t *this)
@@ -814,6 +868,7 @@ static bool parse_certificate(private_openssl_x509_t *this)
{
return TRUE;
}
+ parse_extKeyUsage(this);
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
if (!hasher)
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index adb8f08d1..46953f681 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -167,6 +168,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -198,14 +201,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -220,24 +226,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -245,7 +258,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
index 9edea4bd3..06c20292f 100644
--- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
+++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
@@ -78,8 +78,8 @@ static void padlock_crypt(void *key, void *ctrl, void *src, void *dst,
: "eax", "ecx", "edx", "esi", "edi");
}
-/*
- * Implementation of crypter_t.crypt
+/**
+ * Do encryption/decryption operation using Padlock control word
*/
static void crypt(private_padlock_aes_crypter_t *this, char *iv,
chunk_t src, chunk_t *dst, bool enc)
@@ -107,53 +107,44 @@ static void crypt(private_padlock_aes_crypter_t *this, char *iv,
src.len / AES_BLOCK_SIZE, iv_aligned);
}
-/**
- * Implementation of crypter_t.decrypt.
- */
-static void decrypt(private_padlock_aes_crypter_t *this, chunk_t data,
- chunk_t iv, chunk_t *dst)
+METHOD(crypter_t, decrypt, void,
+ private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
crypt(this, iv.ptr, data, dst, TRUE);
}
-
-/**
- * Implementation of crypter_t.encrypt.
- */
-static void encrypt (private_padlock_aes_crypter_t *this, chunk_t data,
- chunk_t iv, chunk_t *dst)
+METHOD(crypter_t, encrypt, void,
+ private_padlock_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst)
{
crypt(this, iv.ptr, data, dst, FALSE);
}
-/**
- * Implementation of crypter_t.get_block_size.
- */
-static size_t get_block_size(private_padlock_aes_crypter_t *this)
+METHOD(crypter_t, get_block_size, size_t,
+ private_padlock_aes_crypter_t *this)
{
return AES_BLOCK_SIZE;
}
-/**
- * Implementation of crypter_t.get_key_size.
- */
-static size_t get_key_size(private_padlock_aes_crypter_t *this)
+METHOD(crypter_t, get_iv_size, size_t,
+ private_padlock_aes_crypter_t *this)
+{
+ return AES_BLOCK_SIZE;
+}
+
+METHOD(crypter_t, get_key_size, size_t,
+ private_padlock_aes_crypter_t *this)
{
return this->key.len;
}
-/**
- * Implementation of crypter_t.set_key.
- */
-static void set_key(private_padlock_aes_crypter_t *this, chunk_t key)
+METHOD(crypter_t, set_key, void,
+ private_padlock_aes_crypter_t *this, chunk_t key)
{
memcpy(this->key.ptr, key.ptr, min(key.len, this->key.len));
}
-/**
- * Implementation of crypter_t.destroy and aes_crypter_t.destroy.
- */
-static void destroy (private_padlock_aes_crypter_t *this)
+METHOD(crypter_t, destroy, void,
+ private_padlock_aes_crypter_t *this)
{
free(this->key.ptr);
free(this);
@@ -171,29 +162,33 @@ padlock_aes_crypter_t *padlock_aes_crypter_create(encryption_algorithm_t algo,
{
return NULL;
}
-
- this = malloc_thing(private_padlock_aes_crypter_t);
-
switch (key_size)
{
+ case 0:
+ key_size = 16;
+ /* FALL */
case 16: /* AES 128 */
break;
case 24: /* AES-192 */
case 32: /* AES-256 */
/* These need an expanded key, currently not supported, FALL */
default:
- free(this);
return NULL;
}
- this->key = chunk_alloc(key_size);
-
- this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
- this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
- this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
- this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
- this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
- this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
-
+ INIT(this,
+ .public = {
+ .crypter = {
+ .encrypt = _encrypt,
+ .decrypt = _decrypt,
+ .get_block_size = _get_block_size,
+ .get_iv_size = _get_iv_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .key = chunk_alloc(key_size),
+ );
return &this->public;
}
diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h
index d4c7a7577..1c804860c 100644
--- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h
+++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.h
@@ -32,9 +32,9 @@ typedef struct padlock_aes_crypter_t padlock_aes_crypter_t;
struct padlock_aes_crypter_t {
/**
- * The crypter_t interface.
+ * Implements crypter_t interface.
*/
- crypter_t crypter_interface;
+ crypter_t crypter;
};
/**
diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c
index c9606ae15..027c53c7b 100644
--- a/src/libstrongswan/plugins/padlock/padlock_plugin.c
+++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c
@@ -101,10 +101,8 @@ static padlock_feature_t get_padlock_features()
return 0;
}
-/**
- * Implementation of aes_plugin_t.destroy
- */
-static void destroy(private_padlock_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_padlock_plugin_t *this)
{
if (this->features & PADLOCK_RNG_ENABLED)
{
@@ -133,11 +131,17 @@ static void destroy(private_padlock_plugin_t *this)
*/
plugin_t *padlock_plugin_create()
{
- private_padlock_plugin_t *this = malloc_thing(private_padlock_plugin_t);
+ private_padlock_plugin_t *this;
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ .features = get_padlock_features(),
+ );
- this->features = get_padlock_features();
if (!this->features)
{
free(this);
diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.c b/src/libstrongswan/plugins/padlock/padlock_rng.c
index 8ff46081b..3d805df9d 100644
--- a/src/libstrongswan/plugins/padlock/padlock_rng.c
+++ b/src/libstrongswan/plugins/padlock/padlock_rng.c
@@ -53,15 +53,15 @@ struct private_padlock_rng_t {
*/
static void rng(char *buf, int len, int quality)
{
- while (len > 0)
+ while (len > 0)
{
int status;
/* run XSTORE until we have all bytes needed. We do not use REP, as
* this should not be performance critical and it's easier this way. */
asm volatile (
- ".byte 0x0F,0xA7,0xC0 \n\t"
- : "=D"(buf), "=a"(status)
+ ".byte 0x0F,0xA7,0xC0 \n\t"
+ : "=D"(buf), "=a"(status)
: "d"(quality), "D"(buf));
/* bits[0..4] of status word contains the number of bytes read */
@@ -69,11 +69,8 @@ static void rng(char *buf, int len, int quality)
}
}
-/**
- * Implementation of padlock_rng_t.allocate_bytes.
- */
-static void allocate_bytes(private_padlock_rng_t *this, size_t bytes,
- chunk_t *chunk)
+METHOD(rng_t, allocate_bytes, void,
+ private_padlock_rng_t *this, size_t bytes, chunk_t *chunk)
{
chunk->len = bytes;
/* padlock requires some additional bytes */
@@ -82,11 +79,8 @@ static void allocate_bytes(private_padlock_rng_t *this, size_t bytes,
rng(chunk->ptr, chunk->len, this->quality);
}
-/**
- * Implementation of padlock_rng_t.get_bytes.
- */
-static void get_bytes(private_padlock_rng_t *this, size_t bytes,
- u_int8_t *buffer)
+METHOD(rng_t, get_bytes, void,
+ private_padlock_rng_t *this, size_t bytes, u_int8_t *buffer)
{
chunk_t chunk;
@@ -96,10 +90,8 @@ static void get_bytes(private_padlock_rng_t *this, size_t bytes,
chunk_clear(&chunk);
}
-/**
- * Implementation of padlock_rng_t.destroy.
- */
-static void destroy(private_padlock_rng_t *this)
+METHOD(rng_t, destroy, void,
+ private_padlock_rng_t *this)
{
free(this);
}
@@ -109,11 +101,17 @@ static void destroy(private_padlock_rng_t *this)
*/
padlock_rng_t *padlock_rng_create(rng_quality_t quality)
{
- private_padlock_rng_t *this = malloc_thing(private_padlock_rng_t);
-
- this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes;
- this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes;
- this->public.rng.destroy = (void (*) (rng_t *))destroy;
+ private_padlock_rng_t *this;
+
+ INIT(this,
+ .public = {
+ .rng = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .destroy = _destroy,
+ },
+ },
+ );
/* map RNG quality to Padlock quality factor */
switch (quality)
@@ -127,8 +125,10 @@ padlock_rng_t *padlock_rng_create(rng_quality_t quality)
case RNG_TRUE:
this->quality = PADLOCK_QF3;
break;
+ default:
+ free(this);
+ return NULL;
}
-
return &this->public;
}
diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
index 60b516675..66a077353 100644
--- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
+++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
@@ -83,19 +83,14 @@ static void append_data(private_padlock_sha1_hasher_t *this, chunk_t data)
this->data.len += data.len;
}
-/**
- * Implementation of hasher_t.reset.
- */
-static void reset(private_padlock_sha1_hasher_t *this)
+METHOD(hasher_t, reset, void,
+ private_padlock_sha1_hasher_t *this)
{
chunk_free(&this->data);
}
-/**
- * Implementation of hasher_t.get_hash.
- */
-static void get_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk,
- u_int8_t *hash)
+METHOD(hasher_t, get_hash, void,
+ private_padlock_sha1_hasher_t *this, chunk_t chunk, u_int8_t *hash)
{
if (hash)
{
@@ -116,11 +111,8 @@ static void get_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk,
}
}
-/**
- * Implementation of hasher_t.allocate_hash.
- */
-static void allocate_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk,
- chunk_t *hash)
+METHOD(hasher_t, allocate_hash, void,
+ private_padlock_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash)
{
if (hash)
{
@@ -133,18 +125,14 @@ static void allocate_hash(private_padlock_sha1_hasher_t *this, chunk_t chunk,
}
}
-/**
- * Implementation of hasher_t.get_hash_size.
- */
-static size_t get_hash_size(private_padlock_sha1_hasher_t *this)
+METHOD(hasher_t, get_hash_size, size_t,
+ private_padlock_sha1_hasher_t *this)
{
return HASH_SIZE_SHA1;
}
-/**
- * Implementation of hasher_t.destroy.
- */
-static void destroy(private_padlock_sha1_hasher_t *this)
+METHOD(hasher_t, destroy, void,
+ private_padlock_sha1_hasher_t *this)
{
free(this->data.ptr);
free(this);
@@ -161,15 +149,16 @@ padlock_sha1_hasher_t *padlock_sha1_hasher_create(hash_algorithm_t algo)
{
return NULL;
}
-
- this = malloc_thing(private_padlock_sha1_hasher_t);
- this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash;
- this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash;
- this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size;
- this->public.hasher_interface.reset = (void (*) (hasher_t*))reset;
- this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy;
-
- this->data = chunk_empty;
-
- return &(this->public);
+ INIT(this,
+ .public = {
+ .hasher = {
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .get_hash_size = _get_hash_size,
+ .reset = _reset,
+ .destroy = _destroy,
+ },
+ },
+ );
+ return &this->public;
}
diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h
index 740bdfe98..2d2b2b45d 100644
--- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h
+++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.h
@@ -34,7 +34,7 @@ struct padlock_sha1_hasher_t {
/**
* Implements hasher_t interface.
*/
- hasher_t hasher_interface;
+ hasher_t hasher;
};
/**
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index e19a66fa5..cf5acdd1c 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -196,14 +199,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -243,7 +256,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index a15c3f258..b760adda9 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -127,8 +127,8 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
}
crypter->set_key(crypter, key);
- if (iv.len != crypter->get_block_size(crypter) ||
- blob->len % iv.len)
+ if (iv.len != crypter->get_iv_size(crypter) ||
+ blob->len % crypter->get_block_size(crypter))
{
crypter->destroy(crypter);
DBG1(DBG_LIB, " data size is not multiple of block size");
@@ -167,8 +167,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg,
/**
* Converts a PEM encoded file into its binary form (RFC 1421, RFC 934)
*/
-static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data,
- bool *pgp)
+static status_t pem_to_bin(chunk_t *blob, bool *pgp)
{
typedef enum {
PEM_PRE = 0,
@@ -187,9 +186,10 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data
chunk_t dst = *blob;
chunk_t line = chunk_empty;
chunk_t iv = chunk_empty;
- chunk_t passphrase;
- int try = 0;
u_char iv_buf[HASH_SIZE_MD5];
+ status_t status = NOT_FOUND;
+ enumerator_t *enumerator;
+ shared_key_t *shared;
dst.len = 0;
iv.ptr = iv_buf;
@@ -326,36 +326,35 @@ static status_t pem_to_bin(chunk_t *blob, chunk_t(*cb)(void*,int), void *cb_data
{
return SUCCESS;
}
- if (!cb)
- {
- DBG1(DBG_LIB, " missing passphrase");
- return INVALID_ARG;
- }
- while (TRUE)
+
+ enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
+ SHARED_PRIVATE_KEY_PASS, NULL, NULL);
+ while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
- passphrase = cb(cb_data, ++try);
- if (!passphrase.len || !passphrase.ptr)
+ chunk_t passphrase, chunk;
+
+ passphrase = shared->get_key(shared);
+ chunk = chunk_clone(*blob);
+ status = pem_decrypt(&chunk, alg, key_size, iv, passphrase);
+ if (status == SUCCESS)
{
- return INVALID_ARG;
+ memcpy(blob->ptr, chunk.ptr, chunk.len);
+ blob->len = chunk.len;
}
- switch (pem_decrypt(blob, alg, key_size, iv, passphrase))
- {
- case INVALID_ARG:
- /* bad passphrase, retry */
- continue;
- case SUCCESS:
- return SUCCESS;
- default:
- return FAILED;
+ free(chunk.ptr);
+ if (status != INVALID_ARG)
+ { /* try again only if passphrase invalid */
+ break;
}
}
+ enumerator->destroy(enumerator);
+ return status;
}
/**
* load the credential from a blob
*/
static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
- chunk_t(*cb)(void*,int), void *cb_data,
x509_flag_t flags)
{
void *cred = NULL;
@@ -364,7 +363,7 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
blob = chunk_clone(blob);
if (!is_asn1(blob))
{
- if (pem_to_bin(&blob, cb, cb_data, &pgp) != SUCCESS)
+ if (pem_to_bin(&blob, &pgp) != SUCCESS)
{
chunk_clear(&blob);
return NULL;
@@ -394,7 +393,6 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype,
* load the credential from a file
*/
static void *load_from_file(char *file, credential_type_t type, int subtype,
- chunk_t(*cb)(void*,int), void *cb_data,
x509_flag_t flags)
{
void *cred = NULL;
@@ -425,8 +423,7 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
return NULL;
}
- cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype,
- cb, cb_data, flags);
+ cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype, flags);
munmap(addr, sb.st_size);
close(fd);
@@ -437,7 +434,6 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
* load the credential from a file descriptor
*/
static void *load_from_fd(int fd, credential_type_t type, int subtype,
- chunk_t(*cb)(void*,int), void *cb_data,
x509_flag_t flags)
{
char buf[8096];
@@ -464,20 +460,7 @@ static void *load_from_fd(int fd, credential_type_t type, int subtype,
return NULL;
}
}
- return load_from_blob(chunk_create(buf, total), type, subtype,
- cb, cb_data, flags);
-}
-
-/**
- * passphrase callback to use if passphrase given
- */
-static chunk_t given_passphrase_cb(chunk_t *passphrase, int try)
-{
- if (try > 1)
- { /* try only once for given passphrases */
- return chunk_empty;
- }
- return *passphrase;
+ return load_from_blob(chunk_create(buf, total), type, subtype, flags);
}
/**
@@ -487,9 +470,7 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
{
char *file = NULL;
int fd = -1;
- chunk_t pem = chunk_empty, passphrase = chunk_empty;
- chunk_t (*cb)(void *data, int try) = NULL;
- void *cb_data = NULL;
+ chunk_t pem = chunk_empty;
int flags = 0;
while (TRUE)
@@ -505,18 +486,6 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
case BUILD_BLOB_PEM:
pem = va_arg(args, chunk_t);
continue;
- case BUILD_PASSPHRASE:
- passphrase = va_arg(args, chunk_t);
- if (passphrase.len && passphrase.ptr)
- {
- cb = (void*)given_passphrase_cb;
- cb_data = &passphrase;
- }
- continue;
- case BUILD_PASSPHRASE_CALLBACK:
- cb = va_arg(args, chunk_t(*)(void*,int));
- cb_data = va_arg(args, void*);
- continue;
case BUILD_X509_FLAG:
flags = va_arg(args, int);
continue;
@@ -530,15 +499,15 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
if (pem.len)
{
- return load_from_blob(pem, type, subtype, cb, cb_data, flags);
+ return load_from_blob(pem, type, subtype, flags);
}
if (file)
{
- return load_from_file(file, type, subtype, cb, cb_data, flags);
+ return load_from_file(file, type, subtype, flags);
}
if (fd != -1)
{
- return load_from_fd(fd, type, subtype, cb, cb_data, flags);
+ return load_from_fd(fd, type, subtype, flags);
}
return NULL;
}
diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c
index 810901b7a..83efb155b 100644
--- a/src/libstrongswan/plugins/pem/pem_plugin.c
+++ b/src/libstrongswan/plugins/pem/pem_plugin.c
@@ -57,49 +57,49 @@ plugin_t *pem_plugin_create()
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
/* register private key PEM decoding builders */
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
(builder_function_t)pem_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
(builder_function_t)pem_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, FALSE,
(builder_function_t)pem_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_DSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_DSA, FALSE,
(builder_function_t)pem_private_key_load);
/* register public key PEM decoding builders */
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
(builder_function_t)pem_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE,
(builder_function_t)pem_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, FALSE,
(builder_function_t)pem_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_DSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_DSA, FALSE,
(builder_function_t)pem_public_key_load);
/* register certificate PEM decoding builders */
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_ANY,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_ANY, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE,
(builder_function_t)pem_certificate_load);
/* register pluto specific certificate formats */
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT, FALSE,
(builder_function_t)pem_certificate_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL, FALSE,
(builder_function_t)pem_certificate_load);
/* register PEM encoder */
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index a5bc5eb39..0098147a9 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -196,14 +199,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -243,7 +256,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c
index 84c9bfddd..440e70a18 100644
--- a/src/libstrongswan/plugins/pgp/pgp_builder.c
+++ b/src/libstrongswan/plugins/pgp/pgp_builder.c
@@ -129,7 +129,7 @@ static bool sign_not_allowed(private_key_t *this, signature_scheme_t scheme,
/**
* Implementation of private_key_t.decrypt for signature-only keys
*/
-static bool decrypt_not_allowed(private_key_t *this,
+static bool decrypt_not_allowed(private_key_t *this, encryption_scheme_t scheme,
chunk_t crypto, chunk_t *plain)
{
DBG1(DBG_LIB, "decryption failed - signature only key");
diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c
index 3ed1faf01..41e0a5df6 100644
--- a/src/libstrongswan/plugins/pgp/pgp_plugin.c
+++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c
@@ -60,16 +60,16 @@ plugin_t *pgp_plugin_create()
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
(builder_function_t)pgp_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE,
(builder_function_t)pgp_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
(builder_function_t)pgp_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
(builder_function_t)pgp_private_key_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE,
(builder_function_t)pgp_cert_load);
lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode);
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index 947f52d82..8b41499a7 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -197,14 +200,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -244,7 +257,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
index 35ec2d2bf..d3afb5c67 100644
--- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
+++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c
@@ -56,11 +56,11 @@ plugin_t *pkcs1_plugin_create()
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE,
(builder_function_t)pkcs1_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE,
(builder_function_t)pkcs1_public_key_load);
- lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE,
(builder_function_t)pkcs1_private_key_load);
lib->encoding->add_encoder(lib->encoding, pkcs1_encoder_encode);
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.am b/src/libstrongswan/plugins/pkcs11/Makefile.am
new file mode 100644
index 000000000..199039d95
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.am
@@ -0,0 +1,21 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+if MONOLITHIC
+noinst_LTLIBRARIES = libstrongswan-pkcs11.la
+else
+plugin_LTLIBRARIES = libstrongswan-pkcs11.la
+endif
+
+libstrongswan_pkcs11_la_SOURCES = \
+ pkcs11_plugin.h pkcs11_plugin.c pkcs11.h \
+ pkcs11_library.h pkcs11_library.c \
+ pkcs11_creds.h pkcs11_creds.c \
+ pkcs11_private_key.h pkcs11_private_key.c \
+ pkcs11_public_key.h pkcs11_public_key.c \
+ pkcs11_hasher.h pkcs11_hasher.c \
+ pkcs11_manager.h pkcs11_manager.c
+
+libstrongswan_pkcs11_la_LDFLAGS = -module -avoid-version
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in
new file mode 100644
index 000000000..c27310910
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.in
@@ -0,0 +1,614 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/pkcs11
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
+ $(top_srcdir)/m4/config/ltoptions.m4 \
+ $(top_srcdir)/m4/config/ltsugar.m4 \
+ $(top_srcdir)/m4/config/ltversion.m4 \
+ $(top_srcdir)/m4/config/lt~obsolete.m4 \
+ $(top_srcdir)/m4/macros/with.m4 \
+ $(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(plugindir)"
+LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
+libstrongswan_pkcs11_la_LIBADD =
+am_libstrongswan_pkcs11_la_OBJECTS = pkcs11_plugin.lo \
+ pkcs11_library.lo pkcs11_creds.lo pkcs11_private_key.lo \
+ pkcs11_public_key.lo pkcs11_hasher.lo pkcs11_manager.lo
+libstrongswan_pkcs11_la_OBJECTS = \
+ $(am_libstrongswan_pkcs11_la_OBJECTS)
+libstrongswan_pkcs11_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_pkcs11_la_LDFLAGS) $(LDFLAGS) -o $@
+@MONOLITHIC_FALSE@am_libstrongswan_pkcs11_la_rpath = -rpath \
+@MONOLITHIC_FALSE@ $(plugindir)
+@MONOLITHIC_TRUE@am_libstrongswan_pkcs11_la_rpath =
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_pkcs11_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_pkcs11_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+BTLIB = @BTLIB@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+MYSQLCFLAG = @MYSQLCFLAG@
+MYSQLCONFIG = @MYSQLCONFIG@
+MYSQLLIB = @MYSQLLIB@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PTHREADLIB = @PTHREADLIB@
+RANLIB = @RANLIB@
+RTLIB = @RTLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+c_plugins = @c_plugins@
+datadir = @datadir@
+datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
+default_pkcs11 = @default_pkcs11@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
+ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
+ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
+libdir = @libdir@
+libexecdir = @libexecdir@
+linux_headers = @linux_headers@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
+mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+nm_ca_dir = @nm_ca_dir@
+oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
+pdfdir = @pdfdir@
+piddir = @piddir@
+pki_plugins = @pki_plugins@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+random_device = @random_device@
+resolv_conf = @resolv_conf@
+routing_table = @routing_table@
+routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
+sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+urandom_device = @urandom_device@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -rdynamic
+@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pkcs11.la
+@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pkcs11.la
+libstrongswan_pkcs11_la_SOURCES = \
+ pkcs11_plugin.h pkcs11_plugin.c pkcs11.h \
+ pkcs11_library.h pkcs11_library.c \
+ pkcs11_creds.h pkcs11_creds.c \
+ pkcs11_private_key.h pkcs11_private_key.c \
+ pkcs11_public_key.h pkcs11_public_key.c \
+ pkcs11_hasher.h pkcs11_hasher.c \
+ pkcs11_manager.h pkcs11_manager.c
+
+libstrongswan_pkcs11_la_LDFLAGS = -module -avoid-version
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs11/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs11/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \
+ }
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-pkcs11.la: $(libstrongswan_pkcs11_la_OBJECTS) $(libstrongswan_pkcs11_la_DEPENDENCIES)
+ $(libstrongswan_pkcs11_la_LINK) $(am_libstrongswan_pkcs11_la_rpath) $(libstrongswan_pkcs11_la_OBJECTS) $(libstrongswan_pkcs11_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_creds.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_hasher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_library.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_manager.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_private_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_public_key.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ clean-pluginLTLIBRARIES mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \
+ ctags distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-pluginLTLIBRARIES install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-pluginLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11.h b/src/libstrongswan/plugins/pkcs11/pkcs11.h
new file mode 100644
index 000000000..2e6a1e3ed
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11.h
@@ -0,0 +1,1357 @@
+/* pkcs11.h
+ Copyright 2006, 2007 g10 Code GmbH
+ Copyright 2006 Andreas Jellinghaus
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+ the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. */
+
+/* Please submit changes back to the Scute project at
+ http://www.scute.org/ (or send them to marcus@g10code.com), so that
+ they can be picked up by other projects from there as well. */
+
+/* This file is a modified implementation of the PKCS #11 standard by
+ RSA Security Inc. It is mostly a drop-in replacement, with the
+ following change:
+
+ This header file does not require any macro definitions by the user
+ (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros
+ for you (if useful, some are missing, let me know if you need
+ more).
+
+ There is an additional API available that does comply better to the
+ GNU coding standard. It can be switched on by defining
+ CRYPTOKI_GNU before including this header file. For this, the
+ following changes are made to the specification:
+
+ All structure types are changed to a "struct ck_foo" where CK_FOO
+ is the type name in PKCS #11.
+
+ All non-structure types are changed to ck_foo_t where CK_FOO is the
+ lowercase version of the type name in PKCS #11. The basic types
+ (CK_ULONG et al.) are removed without substitute.
+
+ All members of structures are modified in the following way: Type
+ indication prefixes are removed, and underscore characters are
+ inserted before words. Then the result is lowercased.
+
+ Note that function names are still in the original case, as they
+ need for ABI compatibility.
+
+ CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use
+ <stdbool.h>.
+
+ If CRYPTOKI_COMPAT is defined before including this header file,
+ then none of the API changes above take place, and the API is the
+ one defined by the PKCS #11 standard. */
+
+#ifndef PKCS11_H
+#define PKCS11_H 1
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+/* The version of cryptoki we implement. The revision is changed with
+ each modification of this file. If you do not use the "official"
+ version of this file, please consider deleting the revision macro
+ (you may use a macro with a different name to keep track of your
+ versions). */
+#define CRYPTOKI_VERSION_MAJOR 2
+#define CRYPTOKI_VERSION_MINOR 20
+#define CRYPTOKI_VERSION_REVISION 6
+
+
+/* Compatibility interface is default, unless CRYPTOKI_GNU is
+ given. */
+#ifndef CRYPTOKI_GNU
+#ifndef CRYPTOKI_COMPAT
+#define CRYPTOKI_COMPAT 1
+#endif
+#endif
+
+/* System dependencies. */
+
+#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
+
+/* There is a matching pop below. */
+#pragma pack(push, cryptoki, 1)
+
+#ifdef CRYPTOKI_EXPORTS
+#define CK_SPEC __declspec(dllexport)
+#else
+#define CK_SPEC __declspec(dllimport)
+#endif
+
+#else
+
+#define CK_SPEC
+
+#endif
+
+
+#ifdef CRYPTOKI_COMPAT
+ /* If we are in compatibility mode, switch all exposed names to the
+ PKCS #11 variant. There are corresponding #undefs below. */
+
+#define ck_flags_t CK_FLAGS
+#define ck_version _CK_VERSION
+
+#define ck_info _CK_INFO
+#define cryptoki_version cryptokiVersion
+#define manufacturer_id manufacturerID
+#define library_description libraryDescription
+#define library_version libraryVersion
+
+#define ck_notification_t CK_NOTIFICATION
+#define ck_slot_id_t CK_SLOT_ID
+
+#define ck_slot_info _CK_SLOT_INFO
+#define slot_description slotDescription
+#define hardware_version hardwareVersion
+#define firmware_version firmwareVersion
+
+#define ck_token_info _CK_TOKEN_INFO
+#define serial_number serialNumber
+#define max_session_count ulMaxSessionCount
+#define session_count ulSessionCount
+#define max_rw_session_count ulMaxRwSessionCount
+#define rw_session_count ulRwSessionCount
+#define max_pin_len ulMaxPinLen
+#define min_pin_len ulMinPinLen
+#define total_public_memory ulTotalPublicMemory
+#define free_public_memory ulFreePublicMemory
+#define total_private_memory ulTotalPrivateMemory
+#define free_private_memory ulFreePrivateMemory
+#define utc_time utcTime
+
+#define ck_session_handle_t CK_SESSION_HANDLE
+#define ck_user_type_t CK_USER_TYPE
+#define ck_state_t CK_STATE
+
+#define ck_session_info _CK_SESSION_INFO
+#define slot_id slotID
+#define device_error ulDeviceError
+
+#define ck_object_handle_t CK_OBJECT_HANDLE
+#define ck_object_class_t CK_OBJECT_CLASS
+#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE
+#define ck_key_type_t CK_KEY_TYPE
+#define ck_certificate_type_t CK_CERTIFICATE_TYPE
+#define ck_attribute_type_t CK_ATTRIBUTE_TYPE
+
+#define ck_attribute _CK_ATTRIBUTE
+#define value pValue
+#define value_len ulValueLen
+
+#define ck_date _CK_DATE
+
+#define ck_mechanism_type_t CK_MECHANISM_TYPE
+
+#define ck_mechanism _CK_MECHANISM
+#define parameter pParameter
+#define parameter_len ulParameterLen
+
+#define ck_mechanism_info _CK_MECHANISM_INFO
+#define min_key_size ulMinKeySize
+#define max_key_size ulMaxKeySize
+
+#define ck_rv_t CK_RV
+#define ck_notify_t CK_NOTIFY
+
+#define ck_function_list _CK_FUNCTION_LIST
+
+#define ck_createmutex_t CK_CREATEMUTEX
+#define ck_destroymutex_t CK_DESTROYMUTEX
+#define ck_lockmutex_t CK_LOCKMUTEX
+#define ck_unlockmutex_t CK_UNLOCKMUTEX
+
+#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS
+#define create_mutex CreateMutex
+#define destroy_mutex DestroyMutex
+#define lock_mutex LockMutex
+#define unlock_mutex UnlockMutex
+#define reserved pReserved
+
+#endif /* CRYPTOKI_COMPAT */
+
+
+
+typedef unsigned long ck_flags_t;
+
+struct ck_version
+{
+ unsigned char major;
+ unsigned char minor;
+};
+
+
+struct ck_info
+{
+ struct ck_version cryptoki_version;
+ unsigned char manufacturer_id[32];
+ ck_flags_t flags;
+ unsigned char library_description[32];
+ struct ck_version library_version;
+};
+
+
+typedef unsigned long ck_notification_t;
+
+#define CKN_SURRENDER (0)
+
+
+typedef unsigned long ck_slot_id_t;
+
+
+struct ck_slot_info
+{
+ unsigned char slot_description[64];
+ unsigned char manufacturer_id[32];
+ ck_flags_t flags;
+ struct ck_version hardware_version;
+ struct ck_version firmware_version;
+};
+
+
+#define CKF_TOKEN_PRESENT (1 << 0)
+#define CKF_REMOVABLE_DEVICE (1 << 1)
+#define CKF_HW_SLOT (1 << 2)
+#define CKF_ARRAY_ATTRIBUTE (1 << 30)
+
+
+struct ck_token_info
+{
+ unsigned char label[32];
+ unsigned char manufacturer_id[32];
+ unsigned char model[16];
+ unsigned char serial_number[16];
+ ck_flags_t flags;
+ unsigned long max_session_count;
+ unsigned long session_count;
+ unsigned long max_rw_session_count;
+ unsigned long rw_session_count;
+ unsigned long max_pin_len;
+ unsigned long min_pin_len;
+ unsigned long total_public_memory;
+ unsigned long free_public_memory;
+ unsigned long total_private_memory;
+ unsigned long free_private_memory;
+ struct ck_version hardware_version;
+ struct ck_version firmware_version;
+ unsigned char utc_time[16];
+};
+
+
+#define CKF_RNG (1 << 0)
+#define CKF_WRITE_PROTECTED (1 << 1)
+#define CKF_LOGIN_REQUIRED (1 << 2)
+#define CKF_USER_PIN_INITIALIZED (1 << 3)
+#define CKF_RESTORE_KEY_NOT_NEEDED (1 << 5)
+#define CKF_CLOCK_ON_TOKEN (1 << 6)
+#define CKF_PROTECTED_AUTHENTICATION_PATH (1 << 8)
+#define CKF_DUAL_CRYPTO_OPERATIONS (1 << 9)
+#define CKF_TOKEN_INITIALIZED (1 << 10)
+#define CKF_SECONDARY_AUTHENTICATION (1 << 11)
+#define CKF_USER_PIN_COUNT_LOW (1 << 16)
+#define CKF_USER_PIN_FINAL_TRY (1 << 17)
+#define CKF_USER_PIN_LOCKED (1 << 18)
+#define CKF_USER_PIN_TO_BE_CHANGED (1 << 19)
+#define CKF_SO_PIN_COUNT_LOW (1 << 20)
+#define CKF_SO_PIN_FINAL_TRY (1 << 21)
+#define CKF_SO_PIN_LOCKED (1 << 22)
+#define CKF_SO_PIN_TO_BE_CHANGED (1 << 23)
+
+#define CK_UNAVAILABLE_INFORMATION ((unsigned long) -1)
+#define CK_EFFECTIVELY_INFINITE (0)
+
+
+typedef unsigned long ck_session_handle_t;
+
+#define CK_INVALID_HANDLE (0)
+
+
+typedef unsigned long ck_user_type_t;
+
+#define CKU_SO (0)
+#define CKU_USER (1)
+#define CKU_CONTEXT_SPECIFIC (2)
+
+
+typedef unsigned long ck_state_t;
+
+#define CKS_RO_PUBLIC_SESSION (0)
+#define CKS_RO_USER_FUNCTIONS (1)
+#define CKS_RW_PUBLIC_SESSION (2)
+#define CKS_RW_USER_FUNCTIONS (3)
+#define CKS_RW_SO_FUNCTIONS (4)
+
+
+struct ck_session_info
+{
+ ck_slot_id_t slot_id;
+ ck_state_t state;
+ ck_flags_t flags;
+ unsigned long device_error;
+};
+
+#define CKF_RW_SESSION (1 << 1)
+#define CKF_SERIAL_SESSION (1 << 2)
+
+
+typedef unsigned long ck_object_handle_t;
+
+
+typedef unsigned long ck_object_class_t;
+
+#define CKO_DATA (0)
+#define CKO_CERTIFICATE (1)
+#define CKO_PUBLIC_KEY (2)
+#define CKO_PRIVATE_KEY (3)
+#define CKO_SECRET_KEY (4)
+#define CKO_HW_FEATURE (5)
+#define CKO_DOMAIN_PARAMETERS (6)
+#define CKO_MECHANISM (7)
+#define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_hw_feature_type_t;
+
+#define CKH_MONOTONIC_COUNTER (1)
+#define CKH_CLOCK (2)
+#define CKH_USER_INTERFACE (3)
+#define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_key_type_t;
+
+#define CKK_RSA (0)
+#define CKK_DSA (1)
+#define CKK_DH (2)
+#define CKK_ECDSA (3)
+#define CKK_EC (3)
+#define CKK_X9_42_DH (4)
+#define CKK_KEA (5)
+#define CKK_GENERIC_SECRET (0x10)
+#define CKK_RC2 (0x11)
+#define CKK_RC4 (0x12)
+#define CKK_DES (0x13)
+#define CKK_DES2 (0x14)
+#define CKK_DES3 (0x15)
+#define CKK_CAST (0x16)
+#define CKK_CAST3 (0x17)
+#define CKK_CAST128 (0x18)
+#define CKK_RC5 (0x19)
+#define CKK_IDEA (0x1a)
+#define CKK_SKIPJACK (0x1b)
+#define CKK_BATON (0x1c)
+#define CKK_JUNIPER (0x1d)
+#define CKK_CDMF (0x1e)
+#define CKK_AES (0x1f)
+#define CKK_BLOWFISH (0x20)
+#define CKK_TWOFISH (0x21)
+#define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_certificate_type_t;
+
+#define CKC_X_509 (0)
+#define CKC_X_509_ATTR_CERT (1)
+#define CKC_WTLS (2)
+#define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+typedef unsigned long ck_attribute_type_t;
+
+#define CKA_CLASS (0)
+#define CKA_TOKEN (1)
+#define CKA_PRIVATE (2)
+#define CKA_LABEL (3)
+#define CKA_APPLICATION (0x10)
+#define CKA_VALUE (0x11)
+#define CKA_OBJECT_ID (0x12)
+#define CKA_CERTIFICATE_TYPE (0x80)
+#define CKA_ISSUER (0x81)
+#define CKA_SERIAL_NUMBER (0x82)
+#define CKA_AC_ISSUER (0x83)
+#define CKA_OWNER (0x84)
+#define CKA_ATTR_TYPES (0x85)
+#define CKA_TRUSTED (0x86)
+#define CKA_CERTIFICATE_CATEGORY (0x87)
+#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88)
+#define CKA_URL (0x89)
+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8a)
+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8b)
+#define CKA_CHECK_VALUE (0x90)
+#define CKA_KEY_TYPE (0x100)
+#define CKA_SUBJECT (0x101)
+#define CKA_ID (0x102)
+#define CKA_SENSITIVE (0x103)
+#define CKA_ENCRYPT (0x104)
+#define CKA_DECRYPT (0x105)
+#define CKA_WRAP (0x106)
+#define CKA_UNWRAP (0x107)
+#define CKA_SIGN (0x108)
+#define CKA_SIGN_RECOVER (0x109)
+#define CKA_VERIFY (0x10a)
+#define CKA_VERIFY_RECOVER (0x10b)
+#define CKA_DERIVE (0x10c)
+#define CKA_START_DATE (0x110)
+#define CKA_END_DATE (0x111)
+#define CKA_MODULUS (0x120)
+#define CKA_MODULUS_BITS (0x121)
+#define CKA_PUBLIC_EXPONENT (0x122)
+#define CKA_PRIVATE_EXPONENT (0x123)
+#define CKA_PRIME_1 (0x124)
+#define CKA_PRIME_2 (0x125)
+#define CKA_EXPONENT_1 (0x126)
+#define CKA_EXPONENT_2 (0x127)
+#define CKA_COEFFICIENT (0x128)
+#define CKA_PRIME (0x130)
+#define CKA_SUBPRIME (0x131)
+#define CKA_BASE (0x132)
+#define CKA_PRIME_BITS (0x133)
+#define CKA_SUB_PRIME_BITS (0x134)
+#define CKA_VALUE_BITS (0x160)
+#define CKA_VALUE_LEN (0x161)
+#define CKA_EXTRACTABLE (0x162)
+#define CKA_LOCAL (0x163)
+#define CKA_NEVER_EXTRACTABLE (0x164)
+#define CKA_ALWAYS_SENSITIVE (0x165)
+#define CKA_KEY_GEN_MECHANISM (0x166)
+#define CKA_MODIFIABLE (0x170)
+#define CKA_ECDSA_PARAMS (0x180)
+#define CKA_EC_PARAMS (0x180)
+#define CKA_EC_POINT (0x181)
+#define CKA_SECONDARY_AUTH (0x200)
+#define CKA_AUTH_PIN_FLAGS (0x201)
+#define CKA_ALWAYS_AUTHENTICATE (0x202)
+#define CKA_WRAP_WITH_TRUSTED (0x210)
+#define CKA_HW_FEATURE_TYPE (0x300)
+#define CKA_RESET_ON_INIT (0x301)
+#define CKA_HAS_RESET (0x302)
+#define CKA_PIXEL_X (0x400)
+#define CKA_PIXEL_Y (0x401)
+#define CKA_RESOLUTION (0x402)
+#define CKA_CHAR_ROWS (0x403)
+#define CKA_CHAR_COLUMNS (0x404)
+#define CKA_COLOR (0x405)
+#define CKA_BITS_PER_PIXEL (0x406)
+#define CKA_CHAR_SETS (0x480)
+#define CKA_ENCODING_METHODS (0x481)
+#define CKA_MIME_TYPES (0x482)
+#define CKA_MECHANISM_TYPE (0x500)
+#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501)
+#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502)
+#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503)
+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211)
+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212)
+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600)
+#define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+struct ck_attribute
+{
+ ck_attribute_type_t type;
+ void *value;
+ unsigned long value_len;
+};
+
+
+struct ck_date
+{
+ unsigned char year[4];
+ unsigned char month[2];
+ unsigned char day[2];
+};
+
+
+typedef unsigned long ck_mechanism_type_t;
+
+#define CKM_RSA_PKCS_KEY_PAIR_GEN (0)
+#define CKM_RSA_PKCS (1)
+#define CKM_RSA_9796 (2)
+#define CKM_RSA_X_509 (3)
+#define CKM_MD2_RSA_PKCS (4)
+#define CKM_MD5_RSA_PKCS (5)
+#define CKM_SHA1_RSA_PKCS (6)
+#define CKM_RIPEMD128_RSA_PKCS (7)
+#define CKM_RIPEMD160_RSA_PKCS (8)
+#define CKM_RSA_PKCS_OAEP (9)
+#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xa)
+#define CKM_RSA_X9_31 (0xb)
+#define CKM_SHA1_RSA_X9_31 (0xc)
+#define CKM_RSA_PKCS_PSS (0xd)
+#define CKM_SHA1_RSA_PKCS_PSS (0xe)
+#define CKM_DSA_KEY_PAIR_GEN (0x10)
+#define CKM_DSA (0x11)
+#define CKM_DSA_SHA1 (0x12)
+#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20)
+#define CKM_DH_PKCS_DERIVE (0x21)
+#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30)
+#define CKM_X9_42_DH_DERIVE (0x31)
+#define CKM_X9_42_DH_HYBRID_DERIVE (0x32)
+#define CKM_X9_42_MQV_DERIVE (0x33)
+#define CKM_SHA256_RSA_PKCS (0x40)
+#define CKM_SHA384_RSA_PKCS (0x41)
+#define CKM_SHA512_RSA_PKCS (0x42)
+#define CKM_SHA256_RSA_PKCS_PSS (0x43)
+#define CKM_SHA384_RSA_PKCS_PSS (0x44)
+#define CKM_SHA512_RSA_PKCS_PSS (0x45)
+#define CKM_RC2_KEY_GEN (0x100)
+#define CKM_RC2_ECB (0x101)
+#define CKM_RC2_CBC (0x102)
+#define CKM_RC2_MAC (0x103)
+#define CKM_RC2_MAC_GENERAL (0x104)
+#define CKM_RC2_CBC_PAD (0x105)
+#define CKM_RC4_KEY_GEN (0x110)
+#define CKM_RC4 (0x111)
+#define CKM_DES_KEY_GEN (0x120)
+#define CKM_DES_ECB (0x121)
+#define CKM_DES_CBC (0x122)
+#define CKM_DES_MAC (0x123)
+#define CKM_DES_MAC_GENERAL (0x124)
+#define CKM_DES_CBC_PAD (0x125)
+#define CKM_DES2_KEY_GEN (0x130)
+#define CKM_DES3_KEY_GEN (0x131)
+#define CKM_DES3_ECB (0x132)
+#define CKM_DES3_CBC (0x133)
+#define CKM_DES3_MAC (0x134)
+#define CKM_DES3_MAC_GENERAL (0x135)
+#define CKM_DES3_CBC_PAD (0x136)
+#define CKM_CDMF_KEY_GEN (0x140)
+#define CKM_CDMF_ECB (0x141)
+#define CKM_CDMF_CBC (0x142)
+#define CKM_CDMF_MAC (0x143)
+#define CKM_CDMF_MAC_GENERAL (0x144)
+#define CKM_CDMF_CBC_PAD (0x145)
+#define CKM_MD2 (0x200)
+#define CKM_MD2_HMAC (0x201)
+#define CKM_MD2_HMAC_GENERAL (0x202)
+#define CKM_MD5 (0x210)
+#define CKM_MD5_HMAC (0x211)
+#define CKM_MD5_HMAC_GENERAL (0x212)
+#define CKM_SHA_1 (0x220)
+#define CKM_SHA_1_HMAC (0x221)
+#define CKM_SHA_1_HMAC_GENERAL (0x222)
+#define CKM_RIPEMD128 (0x230)
+#define CKM_RIPEMD128_HMAC (0x231)
+#define CKM_RIPEMD128_HMAC_GENERAL (0x232)
+#define CKM_RIPEMD160 (0x240)
+#define CKM_RIPEMD160_HMAC (0x241)
+#define CKM_RIPEMD160_HMAC_GENERAL (0x242)
+#define CKM_SHA256 (0x250)
+#define CKM_SHA256_HMAC (0x251)
+#define CKM_SHA256_HMAC_GENERAL (0x252)
+#define CKM_SHA384 (0x260)
+#define CKM_SHA384_HMAC (0x261)
+#define CKM_SHA384_HMAC_GENERAL (0x262)
+#define CKM_SHA512 (0x270)
+#define CKM_SHA512_HMAC (0x271)
+#define CKM_SHA512_HMAC_GENERAL (0x272)
+#define CKM_CAST_KEY_GEN (0x300)
+#define CKM_CAST_ECB (0x301)
+#define CKM_CAST_CBC (0x302)
+#define CKM_CAST_MAC (0x303)
+#define CKM_CAST_MAC_GENERAL (0x304)
+#define CKM_CAST_CBC_PAD (0x305)
+#define CKM_CAST3_KEY_GEN (0x310)
+#define CKM_CAST3_ECB (0x311)
+#define CKM_CAST3_CBC (0x312)
+#define CKM_CAST3_MAC (0x313)
+#define CKM_CAST3_MAC_GENERAL (0x314)
+#define CKM_CAST3_CBC_PAD (0x315)
+#define CKM_CAST5_KEY_GEN (0x320)
+#define CKM_CAST128_KEY_GEN (0x320)
+#define CKM_CAST5_ECB (0x321)
+#define CKM_CAST128_ECB (0x321)
+#define CKM_CAST5_CBC (0x322)
+#define CKM_CAST128_CBC (0x322)
+#define CKM_CAST5_MAC (0x323)
+#define CKM_CAST128_MAC (0x323)
+#define CKM_CAST5_MAC_GENERAL (0x324)
+#define CKM_CAST128_MAC_GENERAL (0x324)
+#define CKM_CAST5_CBC_PAD (0x325)
+#define CKM_CAST128_CBC_PAD (0x325)
+#define CKM_RC5_KEY_GEN (0x330)
+#define CKM_RC5_ECB (0x331)
+#define CKM_RC5_CBC (0x332)
+#define CKM_RC5_MAC (0x333)
+#define CKM_RC5_MAC_GENERAL (0x334)
+#define CKM_RC5_CBC_PAD (0x335)
+#define CKM_IDEA_KEY_GEN (0x340)
+#define CKM_IDEA_ECB (0x341)
+#define CKM_IDEA_CBC (0x342)
+#define CKM_IDEA_MAC (0x343)
+#define CKM_IDEA_MAC_GENERAL (0x344)
+#define CKM_IDEA_CBC_PAD (0x345)
+#define CKM_GENERIC_SECRET_KEY_GEN (0x350)
+#define CKM_CONCATENATE_BASE_AND_KEY (0x360)
+#define CKM_CONCATENATE_BASE_AND_DATA (0x362)
+#define CKM_CONCATENATE_DATA_AND_BASE (0x363)
+#define CKM_XOR_BASE_AND_DATA (0x364)
+#define CKM_EXTRACT_KEY_FROM_KEY (0x365)
+#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370)
+#define CKM_SSL3_MASTER_KEY_DERIVE (0x371)
+#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372)
+#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373)
+#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374)
+#define CKM_TLS_MASTER_KEY_DERIVE (0x375)
+#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376)
+#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377)
+#define CKM_SSL3_MD5_MAC (0x380)
+#define CKM_SSL3_SHA1_MAC (0x381)
+#define CKM_MD5_KEY_DERIVATION (0x390)
+#define CKM_MD2_KEY_DERIVATION (0x391)
+#define CKM_SHA1_KEY_DERIVATION (0x392)
+#define CKM_PBE_MD2_DES_CBC (0x3a0)
+#define CKM_PBE_MD5_DES_CBC (0x3a1)
+#define CKM_PBE_MD5_CAST_CBC (0x3a2)
+#define CKM_PBE_MD5_CAST3_CBC (0x3a3)
+#define CKM_PBE_MD5_CAST5_CBC (0x3a4)
+#define CKM_PBE_MD5_CAST128_CBC (0x3a4)
+#define CKM_PBE_SHA1_CAST5_CBC (0x3a5)
+#define CKM_PBE_SHA1_CAST128_CBC (0x3a5)
+#define CKM_PBE_SHA1_RC4_128 (0x3a6)
+#define CKM_PBE_SHA1_RC4_40 (0x3a7)
+#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8)
+#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9)
+#define CKM_PBE_SHA1_RC2_128_CBC (0x3aa)
+#define CKM_PBE_SHA1_RC2_40_CBC (0x3ab)
+#define CKM_PKCS5_PBKD2 (0x3b0)
+#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0)
+#define CKM_KEY_WRAP_LYNKS (0x400)
+#define CKM_KEY_WRAP_SET_OAEP (0x401)
+#define CKM_SKIPJACK_KEY_GEN (0x1000)
+#define CKM_SKIPJACK_ECB64 (0x1001)
+#define CKM_SKIPJACK_CBC64 (0x1002)
+#define CKM_SKIPJACK_OFB64 (0x1003)
+#define CKM_SKIPJACK_CFB64 (0x1004)
+#define CKM_SKIPJACK_CFB32 (0x1005)
+#define CKM_SKIPJACK_CFB16 (0x1006)
+#define CKM_SKIPJACK_CFB8 (0x1007)
+#define CKM_SKIPJACK_WRAP (0x1008)
+#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009)
+#define CKM_SKIPJACK_RELAYX (0x100a)
+#define CKM_KEA_KEY_PAIR_GEN (0x1010)
+#define CKM_KEA_KEY_DERIVE (0x1011)
+#define CKM_FORTEZZA_TIMESTAMP (0x1020)
+#define CKM_BATON_KEY_GEN (0x1030)
+#define CKM_BATON_ECB128 (0x1031)
+#define CKM_BATON_ECB96 (0x1032)
+#define CKM_BATON_CBC128 (0x1033)
+#define CKM_BATON_COUNTER (0x1034)
+#define CKM_BATON_SHUFFLE (0x1035)
+#define CKM_BATON_WRAP (0x1036)
+#define CKM_ECDSA_KEY_PAIR_GEN (0x1040)
+#define CKM_EC_KEY_PAIR_GEN (0x1040)
+#define CKM_ECDSA (0x1041)
+#define CKM_ECDSA_SHA1 (0x1042)
+#define CKM_ECDH1_DERIVE (0x1050)
+#define CKM_ECDH1_COFACTOR_DERIVE (0x1051)
+#define CKM_ECMQV_DERIVE (0x1052)
+#define CKM_JUNIPER_KEY_GEN (0x1060)
+#define CKM_JUNIPER_ECB128 (0x1061)
+#define CKM_JUNIPER_CBC128 (0x1062)
+#define CKM_JUNIPER_COUNTER (0x1063)
+#define CKM_JUNIPER_SHUFFLE (0x1064)
+#define CKM_JUNIPER_WRAP (0x1065)
+#define CKM_FASTHASH (0x1070)
+#define CKM_AES_KEY_GEN (0x1080)
+#define CKM_AES_ECB (0x1081)
+#define CKM_AES_CBC (0x1082)
+#define CKM_AES_MAC (0x1083)
+#define CKM_AES_MAC_GENERAL (0x1084)
+#define CKM_AES_CBC_PAD (0x1085)
+#define CKM_DSA_PARAMETER_GEN (0x2000)
+#define CKM_DH_PKCS_PARAMETER_GEN (0x2001)
+#define CKM_X9_42_DH_PARAMETER_GEN (0x2002)
+#define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+struct ck_mechanism
+{
+ ck_mechanism_type_t mechanism;
+ void *parameter;
+ unsigned long parameter_len;
+};
+
+
+struct ck_mechanism_info
+{
+ unsigned long min_key_size;
+ unsigned long max_key_size;
+ ck_flags_t flags;
+};
+
+#define CKF_HW (1 << 0)
+#define CKF_ENCRYPT (1 << 8)
+#define CKF_DECRYPT (1 << 9)
+#define CKF_DIGEST (1 << 10)
+#define CKF_SIGN (1 << 11)
+#define CKF_SIGN_RECOVER (1 << 12)
+#define CKF_VERIFY (1 << 13)
+#define CKF_VERIFY_RECOVER (1 << 14)
+#define CKF_GENERATE (1 << 15)
+#define CKF_GENERATE_KEY_PAIR (1 << 16)
+#define CKF_WRAP (1 << 17)
+#define CKF_UNWRAP (1 << 18)
+#define CKF_DERIVE (1 << 19)
+#define CKF_EXTENSION ((unsigned long) (1 << 31))
+
+
+/* Flags for C_WaitForSlotEvent. */
+#define CKF_DONT_BLOCK (1)
+
+
+typedef unsigned long ck_rv_t;
+
+
+typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
+ ck_notification_t event, void *application);
+
+/* Forward reference. */
+struct ck_function_list;
+
+#define _CK_DECLARE_FUNCTION(name, args) \
+typedef ck_rv_t (*CK_ ## name) args; \
+ck_rv_t CK_SPEC name args
+
+_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args));
+_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved));
+_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info));
+_CK_DECLARE_FUNCTION (C_GetFunctionList,
+ (struct ck_function_list **function_list));
+
+_CK_DECLARE_FUNCTION (C_GetSlotList,
+ (unsigned char token_present, ck_slot_id_t *slot_list,
+ unsigned long *count));
+_CK_DECLARE_FUNCTION (C_GetSlotInfo,
+ (ck_slot_id_t slot_id, struct ck_slot_info *info));
+_CK_DECLARE_FUNCTION (C_GetTokenInfo,
+ (ck_slot_id_t slot_id, struct ck_token_info *info));
+_CK_DECLARE_FUNCTION (C_WaitForSlotEvent,
+ (ck_flags_t flags, ck_slot_id_t *slot, void *reserved));
+_CK_DECLARE_FUNCTION (C_GetMechanismList,
+ (ck_slot_id_t slot_id,
+ ck_mechanism_type_t *mechanism_list,
+ unsigned long *count));
+_CK_DECLARE_FUNCTION (C_GetMechanismInfo,
+ (ck_slot_id_t slot_id, ck_mechanism_type_t type,
+ struct ck_mechanism_info *info));
+_CK_DECLARE_FUNCTION (C_InitToken,
+ (ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label));
+_CK_DECLARE_FUNCTION (C_InitPIN,
+ (ck_session_handle_t session, unsigned char *pin,
+ unsigned long pin_len));
+_CK_DECLARE_FUNCTION (C_SetPIN,
+ (ck_session_handle_t session, unsigned char *old_pin,
+ unsigned long old_len, unsigned char *new_pin,
+ unsigned long new_len));
+
+_CK_DECLARE_FUNCTION (C_OpenSession,
+ (ck_slot_id_t slot_id, ck_flags_t flags,
+ void *application, ck_notify_t notify,
+ ck_session_handle_t *session));
+_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session));
+_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id));
+_CK_DECLARE_FUNCTION (C_GetSessionInfo,
+ (ck_session_handle_t session,
+ struct ck_session_info *info));
+_CK_DECLARE_FUNCTION (C_GetOperationState,
+ (ck_session_handle_t session,
+ unsigned char *operation_state,
+ unsigned long *operation_state_len));
+_CK_DECLARE_FUNCTION (C_SetOperationState,
+ (ck_session_handle_t session,
+ unsigned char *operation_state,
+ unsigned long operation_state_len,
+ ck_object_handle_t encryption_key,
+ ck_object_handle_t authentiation_key));
+_CK_DECLARE_FUNCTION (C_Login,
+ (ck_session_handle_t session, ck_user_type_t user_type,
+ unsigned char *pin, unsigned long pin_len));
+_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session));
+
+_CK_DECLARE_FUNCTION (C_CreateObject,
+ (ck_session_handle_t session,
+ struct ck_attribute *templ,
+ unsigned long count, ck_object_handle_t *object));
+_CK_DECLARE_FUNCTION (C_CopyObject,
+ (ck_session_handle_t session, ck_object_handle_t object,
+ struct ck_attribute *templ, unsigned long count,
+ ck_object_handle_t *new_object));
+_CK_DECLARE_FUNCTION (C_DestroyObject,
+ (ck_session_handle_t session,
+ ck_object_handle_t object));
+_CK_DECLARE_FUNCTION (C_GetObjectSize,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ unsigned long *size));
+_CK_DECLARE_FUNCTION (C_GetAttributeValue,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count));
+_CK_DECLARE_FUNCTION (C_SetAttributeValue,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count));
+_CK_DECLARE_FUNCTION (C_FindObjectsInit,
+ (ck_session_handle_t session,
+ struct ck_attribute *templ,
+ unsigned long count));
+_CK_DECLARE_FUNCTION (C_FindObjects,
+ (ck_session_handle_t session,
+ ck_object_handle_t *object,
+ unsigned long max_object_count,
+ unsigned long *object_count));
+_CK_DECLARE_FUNCTION (C_FindObjectsFinal,
+ (ck_session_handle_t session));
+
+_CK_DECLARE_FUNCTION (C_EncryptInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Encrypt,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *encrypted_data,
+ unsigned long *encrypted_data_len));
+_CK_DECLARE_FUNCTION (C_EncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_EncryptFinal,
+ (ck_session_handle_t session,
+ unsigned char *last_encrypted_part,
+ unsigned long *last_encrypted_part_len));
+
+_CK_DECLARE_FUNCTION (C_DecryptInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Decrypt,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len));
+_CK_DECLARE_FUNCTION (C_DecryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len));
+_CK_DECLARE_FUNCTION (C_DecryptFinal,
+ (ck_session_handle_t session,
+ unsigned char *last_part,
+ unsigned long *last_part_len));
+
+_CK_DECLARE_FUNCTION (C_DigestInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism));
+_CK_DECLARE_FUNCTION (C_Digest,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *digest,
+ unsigned long *digest_len));
+_CK_DECLARE_FUNCTION (C_DigestUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_DigestKey,
+ (ck_session_handle_t session, ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_DigestFinal,
+ (ck_session_handle_t session,
+ unsigned char *digest,
+ unsigned long *digest_len));
+
+_CK_DECLARE_FUNCTION (C_SignInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Sign,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len));
+_CK_DECLARE_FUNCTION (C_SignUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_SignFinal,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long *signature_len));
+_CK_DECLARE_FUNCTION (C_SignRecoverInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_SignRecover,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len));
+
+_CK_DECLARE_FUNCTION (C_VerifyInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_Verify,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long signature_len));
+_CK_DECLARE_FUNCTION (C_VerifyUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+_CK_DECLARE_FUNCTION (C_VerifyFinal,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long signature_len));
+_CK_DECLARE_FUNCTION (C_VerifyRecoverInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key));
+_CK_DECLARE_FUNCTION (C_VerifyRecover,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long signature_len,
+ unsigned char *data,
+ unsigned long *data_len));
+
+_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len));
+_CK_DECLARE_FUNCTION (C_SignEncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len));
+
+_CK_DECLARE_FUNCTION (C_GenerateKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ struct ck_attribute *templ,
+ unsigned long count,
+ ck_object_handle_t *key));
+_CK_DECLARE_FUNCTION (C_GenerateKeyPair,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ struct ck_attribute *public_key_template,
+ unsigned long public_key_attribute_count,
+ struct ck_attribute *private_key_template,
+ unsigned long private_key_attribute_count,
+ ck_object_handle_t *public_key,
+ ck_object_handle_t *private_key));
+_CK_DECLARE_FUNCTION (C_WrapKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t wrapping_key,
+ ck_object_handle_t key,
+ unsigned char *wrapped_key,
+ unsigned long *wrapped_key_len));
+_CK_DECLARE_FUNCTION (C_UnwrapKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t unwrapping_key,
+ unsigned char *wrapped_key,
+ unsigned long wrapped_key_len,
+ struct ck_attribute *templ,
+ unsigned long attribute_count,
+ ck_object_handle_t *key));
+_CK_DECLARE_FUNCTION (C_DeriveKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t base_key,
+ struct ck_attribute *templ,
+ unsigned long attribute_count,
+ ck_object_handle_t *key));
+
+_CK_DECLARE_FUNCTION (C_SeedRandom,
+ (ck_session_handle_t session, unsigned char *seed,
+ unsigned long seed_len));
+_CK_DECLARE_FUNCTION (C_GenerateRandom,
+ (ck_session_handle_t session,
+ unsigned char *random_data,
+ unsigned long random_len));
+
+_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
+_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));
+
+
+struct ck_function_list
+{
+ struct ck_version version;
+ CK_C_Initialize C_Initialize;
+ CK_C_Finalize C_Finalize;
+ CK_C_GetInfo C_GetInfo;
+ CK_C_GetFunctionList C_GetFunctionList;
+ CK_C_GetSlotList C_GetSlotList;
+ CK_C_GetSlotInfo C_GetSlotInfo;
+ CK_C_GetTokenInfo C_GetTokenInfo;
+ CK_C_GetMechanismList C_GetMechanismList;
+ CK_C_GetMechanismInfo C_GetMechanismInfo;
+ CK_C_InitToken C_InitToken;
+ CK_C_InitPIN C_InitPIN;
+ CK_C_SetPIN C_SetPIN;
+ CK_C_OpenSession C_OpenSession;
+ CK_C_CloseSession C_CloseSession;
+ CK_C_CloseAllSessions C_CloseAllSessions;
+ CK_C_GetSessionInfo C_GetSessionInfo;
+ CK_C_GetOperationState C_GetOperationState;
+ CK_C_SetOperationState C_SetOperationState;
+ CK_C_Login C_Login;
+ CK_C_Logout C_Logout;
+ CK_C_CreateObject C_CreateObject;
+ CK_C_CopyObject C_CopyObject;
+ CK_C_DestroyObject C_DestroyObject;
+ CK_C_GetObjectSize C_GetObjectSize;
+ CK_C_GetAttributeValue C_GetAttributeValue;
+ CK_C_SetAttributeValue C_SetAttributeValue;
+ CK_C_FindObjectsInit C_FindObjectsInit;
+ CK_C_FindObjects C_FindObjects;
+ CK_C_FindObjectsFinal C_FindObjectsFinal;
+ CK_C_EncryptInit C_EncryptInit;
+ CK_C_Encrypt C_Encrypt;
+ CK_C_EncryptUpdate C_EncryptUpdate;
+ CK_C_EncryptFinal C_EncryptFinal;
+ CK_C_DecryptInit C_DecryptInit;
+ CK_C_Decrypt C_Decrypt;
+ CK_C_DecryptUpdate C_DecryptUpdate;
+ CK_C_DecryptFinal C_DecryptFinal;
+ CK_C_DigestInit C_DigestInit;
+ CK_C_Digest C_Digest;
+ CK_C_DigestUpdate C_DigestUpdate;
+ CK_C_DigestKey C_DigestKey;
+ CK_C_DigestFinal C_DigestFinal;
+ CK_C_SignInit C_SignInit;
+ CK_C_Sign C_Sign;
+ CK_C_SignUpdate C_SignUpdate;
+ CK_C_SignFinal C_SignFinal;
+ CK_C_SignRecoverInit C_SignRecoverInit;
+ CK_C_SignRecover C_SignRecover;
+ CK_C_VerifyInit C_VerifyInit;
+ CK_C_Verify C_Verify;
+ CK_C_VerifyUpdate C_VerifyUpdate;
+ CK_C_VerifyFinal C_VerifyFinal;
+ CK_C_VerifyRecoverInit C_VerifyRecoverInit;
+ CK_C_VerifyRecover C_VerifyRecover;
+ CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
+ CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
+ CK_C_SignEncryptUpdate C_SignEncryptUpdate;
+ CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
+ CK_C_GenerateKey C_GenerateKey;
+ CK_C_GenerateKeyPair C_GenerateKeyPair;
+ CK_C_WrapKey C_WrapKey;
+ CK_C_UnwrapKey C_UnwrapKey;
+ CK_C_DeriveKey C_DeriveKey;
+ CK_C_SeedRandom C_SeedRandom;
+ CK_C_GenerateRandom C_GenerateRandom;
+ CK_C_GetFunctionStatus C_GetFunctionStatus;
+ CK_C_CancelFunction C_CancelFunction;
+ CK_C_WaitForSlotEvent C_WaitForSlotEvent;
+};
+
+
+typedef ck_rv_t (*ck_createmutex_t) (void **mutex);
+typedef ck_rv_t (*ck_destroymutex_t) (void *mutex);
+typedef ck_rv_t (*ck_lockmutex_t) (void *mutex);
+typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex);
+
+
+struct ck_c_initialize_args
+{
+ ck_createmutex_t create_mutex;
+ ck_destroymutex_t destroy_mutex;
+ ck_lockmutex_t lock_mutex;
+ ck_unlockmutex_t unlock_mutex;
+ ck_flags_t flags;
+ void *reserved;
+};
+
+
+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0)
+#define CKF_OS_LOCKING_OK (1 << 1)
+
+#define CKR_OK (0)
+#define CKR_CANCEL (1)
+#define CKR_HOST_MEMORY (2)
+#define CKR_SLOT_ID_INVALID (3)
+#define CKR_GENERAL_ERROR (5)
+#define CKR_FUNCTION_FAILED (6)
+#define CKR_ARGUMENTS_BAD (7)
+#define CKR_NO_EVENT (8)
+#define CKR_NEED_TO_CREATE_THREADS (9)
+#define CKR_CANT_LOCK (0xa)
+#define CKR_ATTRIBUTE_READ_ONLY (0x10)
+#define CKR_ATTRIBUTE_SENSITIVE (0x11)
+#define CKR_ATTRIBUTE_TYPE_INVALID (0x12)
+#define CKR_ATTRIBUTE_VALUE_INVALID (0x13)
+#define CKR_DATA_INVALID (0x20)
+#define CKR_DATA_LEN_RANGE (0x21)
+#define CKR_DEVICE_ERROR (0x30)
+#define CKR_DEVICE_MEMORY (0x31)
+#define CKR_DEVICE_REMOVED (0x32)
+#define CKR_ENCRYPTED_DATA_INVALID (0x40)
+#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41)
+#define CKR_FUNCTION_CANCELED (0x50)
+#define CKR_FUNCTION_NOT_PARALLEL (0x51)
+#define CKR_FUNCTION_NOT_SUPPORTED (0x54)
+#define CKR_KEY_HANDLE_INVALID (0x60)
+#define CKR_KEY_SIZE_RANGE (0x62)
+#define CKR_KEY_TYPE_INCONSISTENT (0x63)
+#define CKR_KEY_NOT_NEEDED (0x64)
+#define CKR_KEY_CHANGED (0x65)
+#define CKR_KEY_NEEDED (0x66)
+#define CKR_KEY_INDIGESTIBLE (0x67)
+#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68)
+#define CKR_KEY_NOT_WRAPPABLE (0x69)
+#define CKR_KEY_UNEXTRACTABLE (0x6a)
+#define CKR_MECHANISM_INVALID (0x70)
+#define CKR_MECHANISM_PARAM_INVALID (0x71)
+#define CKR_OBJECT_HANDLE_INVALID (0x82)
+#define CKR_OPERATION_ACTIVE (0x90)
+#define CKR_OPERATION_NOT_INITIALIZED (0x91)
+#define CKR_PIN_INCORRECT (0xa0)
+#define CKR_PIN_INVALID (0xa1)
+#define CKR_PIN_LEN_RANGE (0xa2)
+#define CKR_PIN_EXPIRED (0xa3)
+#define CKR_PIN_LOCKED (0xa4)
+#define CKR_SESSION_CLOSED (0xb0)
+#define CKR_SESSION_COUNT (0xb1)
+#define CKR_SESSION_HANDLE_INVALID (0xb3)
+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4)
+#define CKR_SESSION_READ_ONLY (0xb5)
+#define CKR_SESSION_EXISTS (0xb6)
+#define CKR_SESSION_READ_ONLY_EXISTS (0xb7)
+#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8)
+#define CKR_SIGNATURE_INVALID (0xc0)
+#define CKR_SIGNATURE_LEN_RANGE (0xc1)
+#define CKR_TEMPLATE_INCOMPLETE (0xd0)
+#define CKR_TEMPLATE_INCONSISTENT (0xd1)
+#define CKR_TOKEN_NOT_PRESENT (0xe0)
+#define CKR_TOKEN_NOT_RECOGNIZED (0xe1)
+#define CKR_TOKEN_WRITE_PROTECTED (0xe2)
+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0)
+#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1)
+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2)
+#define CKR_USER_ALREADY_LOGGED_IN (0x100)
+#define CKR_USER_NOT_LOGGED_IN (0x101)
+#define CKR_USER_PIN_NOT_INITIALIZED (0x102)
+#define CKR_USER_TYPE_INVALID (0x103)
+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104)
+#define CKR_USER_TOO_MANY_TYPES (0x105)
+#define CKR_WRAPPED_KEY_INVALID (0x110)
+#define CKR_WRAPPED_KEY_LEN_RANGE (0x112)
+#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113)
+#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114)
+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115)
+#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120)
+#define CKR_RANDOM_NO_RNG (0x121)
+#define CKR_DOMAIN_PARAMS_INVALID (0x130)
+#define CKR_BUFFER_TOO_SMALL (0x150)
+#define CKR_SAVED_STATE_INVALID (0x160)
+#define CKR_INFORMATION_SENSITIVE (0x170)
+#define CKR_STATE_UNSAVEABLE (0x180)
+#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190)
+#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191)
+#define CKR_MUTEX_BAD (0x1a0)
+#define CKR_MUTEX_NOT_LOCKED (0x1a1)
+#define CKR_FUNCTION_REJECTED (0x200)
+#define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+
+/* Compatibility layer. */
+
+#ifdef CRYPTOKI_COMPAT
+
+#undef CK_DEFINE_FUNCTION
+#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name
+
+/* For NULL. */
+#include <stddef.h>
+
+typedef unsigned char CK_BYTE;
+typedef unsigned char CK_CHAR;
+typedef unsigned char CK_UTF8CHAR;
+typedef unsigned char CK_BBOOL;
+typedef unsigned long int CK_ULONG;
+typedef long int CK_LONG;
+typedef CK_BYTE *CK_BYTE_PTR;
+typedef CK_CHAR *CK_CHAR_PTR;
+typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR;
+typedef CK_ULONG *CK_ULONG_PTR;
+typedef void *CK_VOID_PTR;
+typedef void **CK_VOID_PTR_PTR;
+#define CK_FALSE 0
+#define CK_TRUE 1
+#ifndef CK_DISABLE_TRUE_FALSE
+#ifndef FALSE
+#define FALSE 0
+#endif
+#ifndef TRUE
+#define TRUE 1
+#endif
+#endif
+
+typedef struct ck_version CK_VERSION;
+typedef struct ck_version *CK_VERSION_PTR;
+
+typedef struct ck_info CK_INFO;
+typedef struct ck_info *CK_INFO_PTR;
+
+typedef ck_slot_id_t *CK_SLOT_ID_PTR;
+
+typedef struct ck_slot_info CK_SLOT_INFO;
+typedef struct ck_slot_info *CK_SLOT_INFO_PTR;
+
+typedef struct ck_token_info CK_TOKEN_INFO;
+typedef struct ck_token_info *CK_TOKEN_INFO_PTR;
+
+typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR;
+
+typedef struct ck_session_info CK_SESSION_INFO;
+typedef struct ck_session_info *CK_SESSION_INFO_PTR;
+
+typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR;
+
+typedef ck_object_class_t *CK_OBJECT_CLASS_PTR;
+
+typedef struct ck_attribute CK_ATTRIBUTE;
+typedef struct ck_attribute *CK_ATTRIBUTE_PTR;
+
+typedef struct ck_date CK_DATE;
+typedef struct ck_date *CK_DATE_PTR;
+
+typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;
+
+typedef struct ck_mechanism CK_MECHANISM;
+typedef struct ck_mechanism *CK_MECHANISM_PTR;
+
+typedef struct ck_mechanism_info CK_MECHANISM_INFO;
+typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;
+
+typedef struct ck_function_list CK_FUNCTION_LIST;
+typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
+typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
+
+typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
+typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
+
+#define NULL_PTR NULL
+
+/* Delete the helper macros defined at the top of the file. */
+#undef ck_flags_t
+#undef ck_version
+
+#undef ck_info
+#undef cryptoki_version
+#undef manufacturer_id
+#undef library_description
+#undef library_version
+
+#undef ck_notification_t
+#undef ck_slot_id_t
+
+#undef ck_slot_info
+#undef slot_description
+#undef hardware_version
+#undef firmware_version
+
+#undef ck_token_info
+#undef serial_number
+#undef max_session_count
+#undef session_count
+#undef max_rw_session_count
+#undef rw_session_count
+#undef max_pin_len
+#undef min_pin_len
+#undef total_public_memory
+#undef free_public_memory
+#undef total_private_memory
+#undef free_private_memory
+#undef utc_time
+
+#undef ck_session_handle_t
+#undef ck_user_type_t
+#undef ck_state_t
+
+#undef ck_session_info
+#undef slot_id
+#undef device_error
+
+#undef ck_object_handle_t
+#undef ck_object_class_t
+#undef ck_hw_feature_type_t
+#undef ck_key_type_t
+#undef ck_certificate_type_t
+#undef ck_attribute_type_t
+
+#undef ck_attribute
+#undef value
+#undef value_len
+
+#undef ck_date
+
+#undef ck_mechanism_type_t
+
+#undef ck_mechanism
+#undef parameter
+#undef parameter_len
+
+#undef ck_mechanism_info
+#undef min_key_size
+#undef max_key_size
+
+#undef ck_rv_t
+#undef ck_notify_t
+
+#undef ck_function_list
+
+#undef ck_createmutex_t
+#undef ck_destroymutex_t
+#undef ck_lockmutex_t
+#undef ck_unlockmutex_t
+
+#undef ck_c_initialize_args
+#undef create_mutex
+#undef destroy_mutex
+#undef lock_mutex
+#undef unlock_mutex
+#undef reserved
+
+#endif /* CRYPTOKI_COMPAT */
+
+
+/* System dependencies. */
+#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32)
+#pragma pack(pop, cryptoki)
+#endif
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* PKCS11_H */
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c
new file mode 100644
index 000000000..1b1448c6a
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c
@@ -0,0 +1,249 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_creds.h"
+
+#include <debug.h>
+#include <utils/linked_list.h>
+
+typedef struct private_pkcs11_creds_t private_pkcs11_creds_t;
+
+/**
+ * Private data of an pkcs11_creds_t object.
+ */
+struct private_pkcs11_creds_t {
+
+ /**
+ * Public pkcs11_creds_t interface.
+ */
+ pkcs11_creds_t public;
+
+ /**
+ * PKCS# library
+ */
+ pkcs11_library_t *lib;
+
+ /**
+ * Token slot
+ */
+ CK_SLOT_ID slot;
+
+ /**
+ * List of trusted certificates
+ */
+ linked_list_t *trusted;
+
+ /**
+ * List of untrusted certificates
+ */
+ linked_list_t *untrusted;
+};
+
+/**
+ * Find certificates, optionally trusted
+ */
+static void find_certificates(private_pkcs11_creds_t *this,
+ CK_SESSION_HANDLE session, CK_BBOOL trusted)
+{
+ CK_OBJECT_CLASS class = CKO_CERTIFICATE;
+ CK_CERTIFICATE_TYPE type = CKC_X_509;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_CERTIFICATE_TYPE, &type, sizeof(type)},
+ {CKA_TRUSTED, &trusted, sizeof(trusted)},
+ };
+ CK_OBJECT_HANDLE object;
+ CK_ATTRIBUTE attr[] = {
+ {CKA_VALUE, NULL, 0},
+ {CKA_LABEL, NULL, 0},
+ };
+ enumerator_t *enumerator;
+ linked_list_t *raw;
+ certificate_t *cert;
+ struct {
+ chunk_t value;
+ chunk_t label;
+ } *entry;
+
+ raw = linked_list_create();
+ enumerator = this->lib->create_object_enumerator(this->lib,
+ session, tmpl, countof(tmpl), attr, countof(attr));
+ while (enumerator->enumerate(enumerator, &object))
+ {
+ entry = malloc(sizeof(*entry));
+ entry->value = chunk_clone(
+ chunk_create(attr[0].pValue, attr[0].ulValueLen));
+ entry->label = chunk_clone(
+ chunk_create(attr[1].pValue, attr[1].ulValueLen));
+ raw->insert_last(raw, entry);
+ }
+ enumerator->destroy(enumerator);
+
+ while (raw->remove_first(raw, (void**)&entry) == SUCCESS)
+ {
+ cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ BUILD_BLOB_ASN1_DER, entry->value,
+ BUILD_END);
+ if (cert)
+ {
+ DBG1(DBG_CFG, " loaded %strusted cert '%.*s'",
+ trusted ? "" : "un", entry->label.len, entry->label.ptr);
+ /* trusted certificates are also returned as untrusted */
+ this->untrusted->insert_last(this->untrusted, cert);
+ if (trusted)
+ {
+ this->trusted->insert_last(this->trusted, cert->get_ref(cert));
+ }
+ }
+ else
+ {
+ DBG1(DBG_CFG, " loading cert '%.*s' failed",
+ entry->label.len, entry->label.ptr);
+ }
+ free(entry->value.ptr);
+ free(entry->label.ptr);
+ free(entry);
+ }
+ raw->destroy(raw);
+}
+
+/**
+ * Load in the certificates from the token
+ */
+static bool load_certificates(private_pkcs11_creds_t *this)
+{
+ CK_SESSION_HANDLE session;
+ CK_RV rv;
+
+ rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION,
+ NULL, NULL, &session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening session failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+
+ find_certificates(this, session, CK_TRUE);
+ find_certificates(this, session, CK_FALSE);
+
+ this->lib->f->C_CloseSession(session);
+ return TRUE;
+}
+
+/**
+ * filter function for certs enumerator
+ */
+static bool certs_filter(identification_t *id,
+ certificate_t **in, certificate_t **out)
+{
+ public_key_t *public;
+ certificate_t *cert = *in;
+
+ if (id == NULL || cert->has_subject(cert, id))
+ {
+ *out = *in;
+ return TRUE;
+ }
+ public = cert->get_public_key(cert);
+ if (public)
+ {
+ if (public->has_fingerprint(public, id->get_encoding(id)))
+ {
+ public->destroy(public);
+ *out = *in;
+ return TRUE;
+ }
+ public->destroy(public);
+ }
+ return FALSE;
+}
+
+METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
+ private_pkcs11_creds_t *this, certificate_type_t cert, key_type_t key,
+ identification_t *id, bool trusted)
+{
+ enumerator_t *inner;
+
+ if (cert != CERT_X509 && cert != CERT_ANY)
+ {
+ return NULL;
+ }
+ if (trusted)
+ {
+ inner = this->trusted->create_enumerator(this->trusted);
+ }
+ else
+ {
+ inner = this->untrusted->create_enumerator(this->untrusted);
+ }
+ return enumerator_create_filter(inner, (void*)certs_filter, id, NULL);
+}
+
+METHOD(pkcs11_creds_t, get_library, pkcs11_library_t*,
+ private_pkcs11_creds_t *this)
+{
+ return this->lib;
+}
+
+METHOD(pkcs11_creds_t, get_slot, CK_SLOT_ID,
+ private_pkcs11_creds_t *this)
+{
+ return this->slot;
+}
+
+METHOD(pkcs11_creds_t, destroy, void,
+ private_pkcs11_creds_t *this)
+{
+ this->trusted->destroy_offset(this->trusted,
+ offsetof(certificate_t, destroy));
+ this->untrusted->destroy_offset(this->untrusted,
+ offsetof(certificate_t, destroy));
+ free(this);
+}
+
+/**
+ * See header
+ */
+pkcs11_creds_t *pkcs11_creds_create(pkcs11_library_t *p11, CK_SLOT_ID slot)
+{
+ private_pkcs11_creds_t *this;
+
+ INIT(this,
+ .public = {
+ .set = {
+ .create_shared_enumerator = (void*)enumerator_create_empty,
+ .create_private_enumerator = (void*)enumerator_create_empty,
+ .create_cert_enumerator = _create_cert_enumerator,
+ .create_cdp_enumerator = (void*)enumerator_create_empty,
+ .cache_cert = (void*)nop,
+ },
+ .get_library = _get_library,
+ .get_slot = _get_slot,
+ .destroy = _destroy,
+ },
+ .lib = p11,
+ .slot = slot,
+ .trusted = linked_list_create(),
+ .untrusted = linked_list_create(),
+ );
+
+ if (!load_certificates(this))
+ {
+ destroy(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.h b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.h
new file mode 100644
index 000000000..c40a8dea6
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11_creds pkcs11_creds
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_CREDS_H_
+#define PKCS11_CREDS_H_
+
+typedef struct pkcs11_creds_t pkcs11_creds_t;
+
+#include "pkcs11_library.h"
+
+#include <credentials/credential_manager.h>
+
+/**
+ * Credential set on top on a PKCS#11 token.
+ */
+struct pkcs11_creds_t {
+
+ /**
+ * Implements credential_set_t.
+ */
+ credential_set_t set;
+
+ /**
+ * Get the PKCS#11 library this set uses.
+ *
+ * @return library
+ */
+ pkcs11_library_t* (*get_library)(pkcs11_creds_t *this);
+
+ /**
+ * Get the slot of the token this set uses.
+ *
+ * @return slot
+ */
+ CK_SLOT_ID (*get_slot)(pkcs11_creds_t *this);
+
+ /**
+ * Destroy a pkcs11_creds_t.
+ */
+ void (*destroy)(pkcs11_creds_t *this);
+};
+
+/**
+ * Create a pkcs11_creds instance.
+ *
+ * @param p11 loaded PKCS#11 library
+ * @param slot slot of the token we hand out credentials
+ */
+pkcs11_creds_t *pkcs11_creds_create(pkcs11_library_t *p11, CK_SLOT_ID slot);
+
+#endif /** PKCS11_CREDS_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
new file mode 100644
index 000000000..6d327be40
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c
@@ -0,0 +1,323 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_hasher.h"
+
+#include <unistd.h>
+
+#include <debug.h>
+#include <threading/mutex.h>
+
+#include "pkcs11_manager.h"
+
+typedef struct private_pkcs11_hasher_t private_pkcs11_hasher_t;
+
+/**
+ * Private data of an pkcs11_hasher_t object.
+ */
+struct private_pkcs11_hasher_t {
+
+ /**
+ * Public pkcs11_hasher_t interface.
+ */
+ pkcs11_hasher_t public;
+
+ /**
+ * PKCS#11 library
+ */
+ pkcs11_library_t *lib;
+
+ /**
+ * Mechanism for this hasher
+ */
+ CK_MECHANISM_PTR mech;
+
+ /**
+ * Token session
+ */
+ CK_SESSION_HANDLE session;
+
+ /**
+ * size of the hash
+ */
+ size_t size;
+
+ /**
+ * Mutex to lock the tokens hashing engine
+ */
+ mutex_t *mutex;
+
+ /**
+ * do we have an initialized state?
+ */
+ bool have_state;
+
+ /**
+ * state buffer
+ */
+ CK_BYTE_PTR state;
+
+ /**
+ * Length of the state buffer
+ */
+ CK_ULONG state_len;
+};
+
+METHOD(hasher_t, get_hash_size, size_t,
+ private_pkcs11_hasher_t *this)
+{
+ return this->size;
+}
+
+/**
+ * Save the Operation state to host memory
+ */
+static void save_state(private_pkcs11_hasher_t *this)
+{
+ CK_RV rv;
+
+ while (TRUE)
+ {
+ if (!this->state)
+ {
+ rv = this->lib->f->C_GetOperationState(this->session, NULL,
+ &this->state_len);
+ if (rv != CKR_OK)
+ {
+ break;
+ }
+ this->state = malloc(this->state_len);
+ }
+ rv = this->lib->f->C_GetOperationState(this->session, this->state,
+ &this->state_len);
+ switch (rv)
+ {
+ case CKR_BUFFER_TOO_SMALL:
+ free(this->state);
+ this->state = NULL;
+ continue;
+ case CKR_OK:
+ this->have_state = TRUE;
+ return;
+ default:
+ break;
+ }
+ break;
+ }
+ DBG1(DBG_CFG, "C_GetOperationState() failed: %N", ck_rv_names, rv);
+ abort();
+}
+
+/**
+ * Load the Operation state from host memory
+ */
+static void load_state(private_pkcs11_hasher_t *this)
+{
+ CK_RV rv;
+
+ rv = this->lib->f->C_SetOperationState(this->session, this->state,
+ this->state_len, CK_INVALID_HANDLE, CK_INVALID_HANDLE);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_SetOperationState() failed: %N", ck_rv_names, rv);
+ abort();
+ }
+ this->have_state = FALSE;
+}
+
+METHOD(hasher_t, reset, void,
+ private_pkcs11_hasher_t *this)
+{
+ this->have_state = FALSE;
+}
+
+METHOD(hasher_t, get_hash, void,
+ private_pkcs11_hasher_t *this, chunk_t chunk, u_int8_t *hash)
+{
+ CK_RV rv;
+ CK_ULONG len;
+
+ this->mutex->lock(this->mutex);
+ if (this->have_state)
+ {
+ load_state(this);
+ }
+ else
+ {
+ rv = this->lib->f->C_DigestInit(this->session, this->mech);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_DigestInit() failed: %N", ck_rv_names, rv);
+ abort();
+ }
+ }
+ if (chunk.len)
+ {
+ rv = this->lib->f->C_DigestUpdate(this->session, chunk.ptr, chunk.len);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_DigestUpdate() failed: %N", ck_rv_names, rv);
+ abort();
+ }
+ }
+ if (hash)
+ {
+ len = this->size;
+ rv = this->lib->f->C_DigestFinal(this->session,
+ hash, &len);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_DigestFinal() failed: %N", ck_rv_names, rv);
+ abort();
+ }
+ }
+ else
+ {
+ save_state(this);
+ }
+ this->mutex->unlock(this->mutex);
+}
+
+METHOD(hasher_t, allocate_hash, void,
+ private_pkcs11_hasher_t *this, chunk_t chunk, chunk_t *hash)
+{
+ if (hash)
+ {
+ *hash = chunk_alloc(this->size);
+ get_hash(this, chunk, hash->ptr);
+ }
+ else
+ {
+ get_hash(this, chunk, NULL);
+ }
+}
+
+METHOD(hasher_t, destroy, void,
+ private_pkcs11_hasher_t *this)
+{
+ this->lib->f->C_CloseSession(this->session);
+ this->mutex->destroy(this->mutex);
+ free(this);
+}
+
+/**
+ * Get the Cryptoki mechanism for a hash algorithm
+ */
+static CK_MECHANISM_PTR algo_to_mechanism(hash_algorithm_t algo, size_t *size)
+{
+ static struct {
+ hash_algorithm_t algo;
+ CK_MECHANISM mechanism;
+ size_t size;
+ } mappings[] = {
+ {HASH_MD2, {CKM_MD2, NULL, 0}, HASH_SIZE_MD2},
+ {HASH_MD5, {CKM_MD5, NULL, 0}, HASH_SIZE_MD5},
+ {HASH_SHA1, {CKM_SHA_1, NULL, 0}, HASH_SIZE_SHA1},
+ {HASH_SHA256, {CKM_SHA256, NULL, 0}, HASH_SIZE_SHA256},
+ {HASH_SHA384, {CKM_SHA384, NULL, 0}, HASH_SIZE_SHA384},
+ {HASH_SHA512, {CKM_SHA512, NULL, 0}, HASH_SIZE_SHA512},
+ };
+ int i;
+
+ for (i = 0; i < countof(mappings); i++)
+ {
+ if (mappings[i].algo == algo)
+ {
+ *size = mappings[i].size;
+ return &mappings[i].mechanism;
+ }
+ }
+ return NULL;
+}
+
+/**
+ * Find a token we can use for a hash algorithm
+ */
+static pkcs11_library_t* find_token(hash_algorithm_t algo,
+ CK_SESSION_HANDLE *session, CK_MECHANISM_PTR *mout, size_t *size)
+{
+ enumerator_t *tokens, *mechs;
+ pkcs11_manager_t *manager;
+ pkcs11_library_t *current, *found = NULL;
+ CK_MECHANISM_TYPE type;
+ CK_MECHANISM_PTR mech;
+ CK_SLOT_ID slot;
+
+ mech = algo_to_mechanism(algo, size);
+ if (!mech)
+ {
+ return NULL;
+ }
+ manager = pkcs11_manager_get();
+ if (!manager)
+ {
+ return NULL;
+ }
+ tokens = manager->create_token_enumerator(manager);
+ while (tokens->enumerate(tokens, &current, &slot))
+ {
+ mechs = current->create_mechanism_enumerator(current, slot);
+ while (mechs->enumerate(mechs, &type, NULL))
+ {
+ if (type == mech->mechanism)
+ {
+ if (current->f->C_OpenSession(slot, CKF_SERIAL_SESSION,
+ NULL, NULL, session) == CKR_OK)
+ {
+ found = current;
+ *mout = mech;
+ break;
+ }
+ }
+ }
+ mechs->destroy(mechs);
+ if (found)
+ {
+ break;
+ }
+ }
+ tokens->destroy(tokens);
+ return found;
+}
+
+/**
+ * See header
+ */
+pkcs11_hasher_t *pkcs11_hasher_create(hash_algorithm_t algo)
+{
+ private_pkcs11_hasher_t *this;
+
+ INIT(this,
+ .public = {
+ .hasher = {
+ .get_hash_size = _get_hash_size,
+ .reset = _reset,
+ .get_hash = _get_hash,
+ .allocate_hash = _allocate_hash,
+ .destroy = _destroy,
+ },
+ },
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ );
+
+ this->lib = find_token(algo, &this->session, &this->mech, &this->size);
+ if (!this->lib)
+ {
+ free(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h
new file mode 100644
index 000000000..9c55d463e
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11_hasher pkcs11_hasher
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_HASHER_H_
+#define PKCS11_HASHER_H_
+
+#include <crypto/hashers/hasher.h>
+
+typedef struct pkcs11_hasher_t pkcs11_hasher_t;
+
+/**
+ * Hash implementation using a PKCS#11 token.
+ */
+struct pkcs11_hasher_t {
+
+ /**
+ * Implements hasher_t interface.
+ */
+ hasher_t hasher;
+};
+
+/**
+ * Creates a PKCS#11 based hasher.
+ *
+ * @param algo hash algorithm
+ * @return hasher, NULL if not supported
+ */
+pkcs11_hasher_t *pkcs11_hasher_create(hash_algorithm_t algo);
+
+#endif /** PKCS11_HASHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
new file mode 100644
index 000000000..9fb1b7769
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
@@ -0,0 +1,869 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_library.h"
+
+#include <dlfcn.h>
+
+#include <library.h>
+#include <debug.h>
+#include <threading/mutex.h>
+#include <utils/linked_list.h>
+
+typedef struct private_pkcs11_library_t private_pkcs11_library_t;
+
+
+ENUM_BEGIN(ck_rv_names, CKR_OK, CKR_CANT_LOCK,
+ "OK",
+ "CANCEL",
+ "HOST_MEMORY",
+ "SLOT_ID_INVALID",
+ "(0x04)",
+ "GENERAL_ERROR",
+ "FUNCTION_FAILED",
+ "ARGUMENTS_BAD",
+ "NO_EVENT",
+ "NEED_TO_CREATE_THREADS",
+ "CANT_LOCK");
+ENUM_NEXT(ck_rv_names, CKR_ATTRIBUTE_READ_ONLY, CKR_ATTRIBUTE_VALUE_INVALID,
+ CKR_CANT_LOCK,
+ "ATTRIBUTE_READ_ONLY",
+ "ATTRIBUTE_SENSITIVE",
+ "ATTRIBUTE_TYPE_INVALID",
+ "ATTRIBUTE_VALUE_INVALID");
+ENUM_NEXT(ck_rv_names, CKR_DATA_INVALID, CKR_DATA_LEN_RANGE,
+ CKR_ATTRIBUTE_VALUE_INVALID,
+ "DATA_INVALID"
+ "DATA_LEN_RANGE");
+ENUM_NEXT(ck_rv_names, CKR_DEVICE_ERROR, CKR_DEVICE_REMOVED,
+ CKR_DATA_LEN_RANGE,
+ "DEVICE_ERROR",
+ "DEVICE_MEMORY",
+ "DEVICE_REMOVED");
+ENUM_NEXT(ck_rv_names, CKR_ENCRYPTED_DATA_INVALID, CKR_ENCRYPTED_DATA_LEN_RANGE,
+ CKR_DEVICE_REMOVED,
+ "ENCRYPTED_DATA_INVALID",
+ "ENCRYPTED_DATA_LEN_RANGE");
+ENUM_NEXT(ck_rv_names, CKR_FUNCTION_CANCELED, CKR_FUNCTION_NOT_SUPPORTED,
+ CKR_ENCRYPTED_DATA_LEN_RANGE,
+ "FUNCTION_CANCELED",
+ "FUNCTION_NOT_PARALLEL",
+ "(0x52)",
+ "(0x53)",
+ "FUNCTION_NOT_SUPPORTED");
+ENUM_NEXT(ck_rv_names, CKR_KEY_HANDLE_INVALID, CKR_KEY_UNEXTRACTABLE,
+ CKR_FUNCTION_NOT_SUPPORTED,
+ "KEY_HANDLE_INVALID",
+ "(0x61)",
+ "KEY_SIZE_RANGE",
+ "KEY_TYPE_INCONSISTENT",
+ "KEY_NOT_NEEDED",
+ "KEY_CHANGED",
+ "KEY_NEEDED",
+ "KEY_INDIGESTIBLE",
+ "KEY_FUNCTION_NOT_PERMITTED",
+ "KEY_NOT_WRAPPABLE",
+ "KEY_UNEXTRACTABLE");
+ENUM_NEXT(ck_rv_names, CKR_MECHANISM_INVALID, CKR_MECHANISM_PARAM_INVALID,
+ CKR_KEY_UNEXTRACTABLE,
+ "MECHANISM_INVALID",
+ "MECHANISM_PARAM_INVALID");
+ENUM_NEXT(ck_rv_names, CKR_OBJECT_HANDLE_INVALID, CKR_OBJECT_HANDLE_INVALID,
+ CKR_MECHANISM_PARAM_INVALID,
+ "OBJECT_HANDLE_INVALID");
+ENUM_NEXT(ck_rv_names, CKR_OPERATION_ACTIVE, CKR_OPERATION_NOT_INITIALIZED,
+ CKR_OBJECT_HANDLE_INVALID,
+ "OPERATION_ACTIVE",
+ "OPERATION_NOT_INITIALIZED");
+ENUM_NEXT(ck_rv_names, CKR_PIN_INCORRECT, CKR_PIN_LOCKED,
+ CKR_OPERATION_NOT_INITIALIZED,
+ "PIN_INCORRECT",
+ "PIN_INVALID",
+ "PIN_LEN_RANGE",
+ "PIN_EXPIRED",
+ "PIN_LOCKED");
+ENUM_NEXT(ck_rv_names, CKR_SESSION_CLOSED, CKR_SESSION_READ_WRITE_SO_EXISTS,
+ CKR_PIN_LOCKED,
+ "SESSION_CLOSED",
+ "SESSION_COUNT",
+ "(0xb2)",
+ "SESSION_HANDLE_INVALID",
+ "SESSION_PARALLEL_NOT_SUPPORTED",
+ "SESSION_READ_ONLY",
+ "SESSION_EXISTS",
+ "SESSION_READ_ONLY_EXISTS",
+ "SESSION_READ_WRITE_SO_EXISTS");
+ENUM_NEXT(ck_rv_names, CKR_SIGNATURE_INVALID, CKR_SIGNATURE_LEN_RANGE,
+ CKR_SESSION_READ_WRITE_SO_EXISTS,
+ "SIGNATURE_INVALID",
+ "SIGNATURE_LEN_RANGE");
+ENUM_NEXT(ck_rv_names, CKR_TEMPLATE_INCOMPLETE, CKR_TEMPLATE_INCONSISTENT,
+ CKR_SIGNATURE_LEN_RANGE,
+ "TEMPLATE_INCOMPLETE",
+ "TEMPLATE_INCONSISTENT",
+);
+ENUM_NEXT(ck_rv_names, CKR_TOKEN_NOT_PRESENT, CKR_TOKEN_WRITE_PROTECTED,
+ CKR_TEMPLATE_INCONSISTENT,
+ "TOKEN_NOT_PRESENT",
+ "TOKEN_NOT_RECOGNIZED",
+ "TOKEN_WRITE_PROTECTED");
+ENUM_NEXT(ck_rv_names, CKR_UNWRAPPING_KEY_HANDLE_INVALID, CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT,
+ CKR_TOKEN_WRITE_PROTECTED,
+ "UNWRAPPING_KEY_HANDLE_INVALID",
+ "UNWRAPPING_KEY_SIZE_RANGE",
+ "UNWRAPPING_KEY_TYPE_INCONSISTENT");
+ENUM_NEXT(ck_rv_names, CKR_USER_ALREADY_LOGGED_IN, CKR_USER_TOO_MANY_TYPES,
+ CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT,
+ "USER_ALREADY_LOGGED_IN",
+ "USER_NOT_LOGGED_IN",
+ "USER_PIN_NOT_INITIALIZED",
+ "USER_TYPE_INVALID",
+ "USER_ANOTHER_ALREADY_LOGGED_IN",
+ "USER_TOO_MANY_TYPES");
+ENUM_NEXT(ck_rv_names, CKR_WRAPPED_KEY_INVALID, CKR_WRAPPING_KEY_TYPE_INCONSISTENT,
+ CKR_USER_TOO_MANY_TYPES,
+ "WRAPPED_KEY_INVALID",
+ "(0x111)",
+ "WRAPPED_KEY_LEN_RANGE",
+ "WRAPPING_KEY_HANDLE_INVALID",
+ "WRAPPING_KEY_SIZE_RANGE",
+ "WRAPPING_KEY_TYPE_INCONSISTENT");
+ENUM_NEXT(ck_rv_names, CKR_RANDOM_SEED_NOT_SUPPORTED, CKR_RANDOM_NO_RNG,
+ CKR_WRAPPING_KEY_TYPE_INCONSISTENT,
+ "RANDOM_SEED_NOT_SUPPORTED",
+ "RANDOM_NO_RNG");
+ENUM_NEXT(ck_rv_names, CKR_DOMAIN_PARAMS_INVALID, CKR_DOMAIN_PARAMS_INVALID,
+ CKR_RANDOM_NO_RNG,
+ "DOMAIN_PARAMS_INVALID");
+ENUM_NEXT(ck_rv_names, CKR_BUFFER_TOO_SMALL, CKR_BUFFER_TOO_SMALL,
+ CKR_DOMAIN_PARAMS_INVALID,
+ "BUFFER_TOO_SMALL");
+ENUM_NEXT(ck_rv_names, CKR_SAVED_STATE_INVALID, CKR_SAVED_STATE_INVALID,
+ CKR_BUFFER_TOO_SMALL,
+ "SAVED_STATE_INVALID");
+ENUM_NEXT(ck_rv_names, CKR_INFORMATION_SENSITIVE, CKR_INFORMATION_SENSITIVE,
+ CKR_SAVED_STATE_INVALID,
+ "INFORMATION_SENSITIVE");
+ENUM_NEXT(ck_rv_names, CKR_STATE_UNSAVEABLE, CKR_STATE_UNSAVEABLE,
+ CKR_INFORMATION_SENSITIVE,
+ "STATE_UNSAVEABLE");
+ENUM_NEXT(ck_rv_names, CKR_CRYPTOKI_NOT_INITIALIZED, CKR_CRYPTOKI_ALREADY_INITIALIZED,
+ CKR_STATE_UNSAVEABLE,
+ "CRYPTOKI_NOT_INITIALIZED",
+ "CRYPTOKI_ALREADY_INITIALIZED");
+ENUM_NEXT(ck_rv_names, CKR_MUTEX_BAD, CKR_MUTEX_NOT_LOCKED,
+ CKR_CRYPTOKI_ALREADY_INITIALIZED,
+ "MUTEX_BAD",
+ "MUTEX_NOT_LOCKED");
+ENUM_NEXT(ck_rv_names, CKR_FUNCTION_REJECTED, CKR_FUNCTION_REJECTED,
+ CKR_MUTEX_NOT_LOCKED,
+ "FUNCTION_REJECTED");
+ENUM_END(ck_rv_names, CKR_FUNCTION_REJECTED);
+
+
+ENUM_BEGIN(ck_mech_names, CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_DSA_SHA1,
+ "RSA_PKCS_KEY_PAIR_GEN",
+ "RSA_PKCS",
+ "RSA_9796",
+ "RSA_X_509",
+ "MD2_RSA_PKCS",
+ "MD5_RSA_PKCS",
+ "SHA1_RSA_PKCS",
+ "RIPEMD128_RSA_PKCS",
+ "RIPEMD160_RSA_PKCS",
+ "RSA_PKCS_OAEP",
+ "RSA_X9_31_KEY_PAIR_GEN",
+ "RSA_X9_31",
+ "SHA1_RSA_X9_31",
+ "RSA_PKCS_PSS",
+ "SHA1_RSA_PKCS_PSS",
+ "(0xf)",
+ "DSA_KEY_PAIR_GEN",
+ "DSA",
+ "DSA_SHA1");
+ENUM_NEXT(ck_mech_names, CKM_DH_PKCS_KEY_PAIR_GEN, CKM_DH_PKCS_DERIVE,
+ CKM_DSA_SHA1,
+ "DH_PKCS_KEY_PAIR_GEN",
+ "DH_PKCS_DERIVE");
+ENUM_NEXT(ck_mech_names, CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_MQV_DERIVE,
+ CKM_DH_PKCS_DERIVE,
+ "X9_42_DH_KEY_PAIR_GEN",
+ "X9_42_DH_DERIVE",
+ "X9_42_DH_HYBRID_DERIVE",
+ "X9_42_MQV_DERIVE");
+ENUM_NEXT(ck_mech_names, CKM_SHA256_RSA_PKCS, CKM_SHA512_RSA_PKCS_PSS,
+ CKM_X9_42_MQV_DERIVE,
+ "SHA256_RSA_PKCS",
+ "SHA384_RSA_PKCS",
+ "SHA512_RSA_PKCS",
+ "SHA256_RSA_PKCS_PSS",
+ "SHA384_RSA_PKCS_PSS",
+ "SHA512_RSA_PKCS_PSS");
+ENUM_NEXT(ck_mech_names, CKM_RC2_KEY_GEN, CKM_RC2_CBC_PAD,
+ CKM_SHA512_RSA_PKCS_PSS,
+ "RC2_KEY_GEN",
+ "RC2_ECB",
+ "RC2_CBC",
+ "RC2_MAC",
+ "RC2_MAC_GENERAL",
+ "RC2_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_RC4_KEY_GEN, CKM_RC4,
+ CKM_RC2_CBC_PAD,
+ "RC4_KEY_GEN",
+ "RC4");
+ENUM_NEXT(ck_mech_names, CKM_DES_KEY_GEN, CKM_DES_CBC_PAD,
+ CKM_RC4,
+ "DES_KEY_GEN",
+ "DES_ECB",
+ "DES_CBC",
+ "DES_MAC",
+ "DES_MAC_GENERAL",
+ "DES_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_DES2_KEY_GEN, CKM_DES3_CBC_PAD,
+ CKM_DES_CBC_PAD,
+ "DES2_KEY_GEN",
+ "DES3_KEY_GEN",
+ "DES3_ECB",
+ "DES3_CBC",
+ "DES3_MAC",
+ "DES3_MAC_GENERAL",
+ "DES3_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_CDMF_KEY_GEN, CKM_CDMF_CBC_PAD,
+ CKM_DES3_CBC_PAD,
+ "CDMF_KEY_GEN",
+ "CDMF_ECB",
+ "CDMF_CBC",
+ "CDMF_MAC",
+ "CDMF_MAC_GENERAL",
+ "CDMF_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_MD2, CKM_MD2_HMAC_GENERAL,
+ CKM_CDMF_CBC_PAD,
+ "MD2",
+ "MD2_HMAC",
+ "MD2_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_MD5, CKM_MD5_HMAC_GENERAL,
+ CKM_MD2_HMAC_GENERAL,
+ "MD5",
+ "MD5_HMAC",
+ "MD5_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_SHA_1, CKM_SHA_1_HMAC_GENERAL,
+ CKM_MD5_HMAC_GENERAL,
+ "SHA_1",
+ "SHA_1_HMAC",
+ "SHA_1_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_RIPEMD128, CKM_RIPEMD128_HMAC_GENERAL,
+ CKM_SHA_1_HMAC_GENERAL,
+ "RIPEMD128",
+ "RIPEMD128_HMAC",
+ "RIPEMD128_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_RIPEMD160, CKM_RIPEMD160_HMAC_GENERAL,
+ CKM_RIPEMD128_HMAC_GENERAL,
+ "RIPEMD160",
+ "RIPEMD160_HMAC",
+ "RIPEMD160_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_SHA256, CKM_SHA256_HMAC_GENERAL,
+ CKM_RIPEMD160_HMAC_GENERAL,
+ "SHA256",
+ "SHA256_HMAC",
+ "SHA256_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_SHA384, CKM_SHA384_HMAC_GENERAL,
+ CKM_SHA256_HMAC_GENERAL,
+ "SHA384",
+ "SHA384_HMAC",
+ "SHA384_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_SHA512, CKM_SHA512_HMAC_GENERAL,
+ CKM_SHA384_HMAC_GENERAL ,
+ "SHA512",
+ "SHA512_HMAC",
+ "SHA512_HMAC_GENERAL");
+ENUM_NEXT(ck_mech_names, CKM_CAST_KEY_GEN, CKM_CAST_CBC_PAD,
+ CKM_SHA512_HMAC_GENERAL,
+ "CAST_KEY_GEN",
+ "CAST_ECB",
+ "CAST_CBC",
+ "CAST_MAC",
+ "CAST_MAC_GENERAL",
+ "CAST_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_CAST3_KEY_GEN, CKM_CAST3_CBC_PAD,
+ CKM_CAST_CBC_PAD,
+ "CAST3_KEY_GEN",
+ "CAST3_ECB",
+ "CAST3_CBC",
+ "CAST3_MAC",
+ "CAST3_MAC_GENERAL",
+ "CAST3_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_CAST128_KEY_GEN, CKM_CAST128_CBC_PAD,
+ CKM_CAST3_CBC_PAD,
+ "CAST128_KEY_GEN",
+ "CAST128_ECB",
+ "CAST128_CBC",
+ "CAST128_MAC",
+ "CAST128_MAC_GENERAL",
+ "CAST128_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_RC5_KEY_GEN, CKM_RC5_CBC_PAD,
+ CKM_CAST128_CBC_PAD,
+ "RC5_KEY_GEN",
+ "RC5_ECB",
+ "RC5_CBC",
+ "RC5_MAC",
+ "RC5_MAC_GENERAL",
+ "RC5_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_IDEA_KEY_GEN, CKM_IDEA_CBC_PAD,
+ CKM_RC5_CBC_PAD,
+ "IDEA_KEY_GEN",
+ "IDEA_ECB",
+ "IDEA_CBC",
+ "IDEA_MAC",
+ "IDEA_MAC_GENERAL",
+ "IDEA_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_GENERIC_SECRET_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN,
+ CKM_IDEA_CBC_PAD,
+ "GENERIC_SECRET_KEY_GEN");
+ENUM_NEXT(ck_mech_names, CKM_CONCATENATE_BASE_AND_KEY, CKM_EXTRACT_KEY_FROM_KEY,
+ CKM_GENERIC_SECRET_KEY_GEN,
+ "CONCATENATE_BASE_AND_KEY",
+ "(0x361)",
+ "CONCATENATE_BASE_AND_DATA",
+ "CONCATENATE_DATA_AND_BASE",
+ "XOR_BASE_AND_DATA",
+ "EXTRACT_KEY_FROM_KEY");
+ENUM_NEXT(ck_mech_names, CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_MASTER_KEY_DERIVE_DH,
+ CKM_EXTRACT_KEY_FROM_KEY,
+ "SSL3_PRE_MASTER_KEY_GEN",
+ "SSL3_MASTER_KEY_DERIVE",
+ "SSL3_KEY_AND_MAC_DERIVE",
+ "SSL3_MASTER_KEY_DERIVE_DH",
+ "TLS_PRE_MASTER_KEY_GEN",
+ "TLS_MASTER_KEY_DERIVE",
+ "TLS_KEY_AND_MAC_DERIVE",
+ "TLS_MASTER_KEY_DERIVE_DH");
+ENUM_NEXT(ck_mech_names, CKM_SSL3_MD5_MAC, CKM_SSL3_SHA1_MAC,
+ CKM_TLS_MASTER_KEY_DERIVE_DH,
+ "SSL3_MD5_MAC",
+ "SSL3_SHA1_MAC");
+ENUM_NEXT(ck_mech_names, CKM_MD5_KEY_DERIVATION, CKM_SHA1_KEY_DERIVATION,
+ CKM_SSL3_SHA1_MAC,
+ "MD5_KEY_DERIVATION",
+ "MD2_KEY_DERIVATION",
+ "SHA1_KEY_DERIVATION");
+ENUM_NEXT(ck_mech_names, CKM_PBE_MD2_DES_CBC, CKM_PBE_SHA1_RC2_40_CBC,
+ CKM_SHA1_KEY_DERIVATION,
+ "PBE_MD2_DES_CBC",
+ "PBE_MD5_DES_CBC",
+ "PBE_MD5_CAST_CBC",
+ "PBE_MD5_CAST3_CBC",
+ "PBE_MD5_CAST128_CBC",
+ "PBE_SHA1_CAST128_CBC",
+ "PBE_SHA1_RC4_128",
+ "PBE_SHA1_RC4_40",
+ "PBE_SHA1_DES3_EDE_CBC",
+ "PBE_SHA1_DES2_EDE_CBC",
+ "PBE_SHA1_RC2_128_CBC",
+ "PBE_SHA1_RC2_40_CBC");
+ENUM_NEXT(ck_mech_names, CKM_PKCS5_PBKD2, CKM_PKCS5_PBKD2,
+ CKM_PBE_SHA1_RC2_40_CBC,
+ "PKCS5_PBKD2");
+ENUM_NEXT(ck_mech_names, CKM_PBA_SHA1_WITH_SHA1_HMAC, CKM_PBA_SHA1_WITH_SHA1_HMAC,
+ CKM_PKCS5_PBKD2,
+ "PBA_SHA1_WITH_SHA1_HMAC");
+ENUM_NEXT(ck_mech_names, CKM_KEY_WRAP_LYNKS, CKM_KEY_WRAP_SET_OAEP,
+ CKM_PBA_SHA1_WITH_SHA1_HMAC,
+ "KEY_WRAP_LYNKS",
+ "KEY_WRAP_SET_OAEP");
+ENUM_NEXT(ck_mech_names, CKM_SKIPJACK_KEY_GEN, CKM_SKIPJACK_RELAYX,
+ CKM_KEY_WRAP_SET_OAEP,
+ "SKIPJACK_KEY_GEN",
+ "SKIPJACK_ECB64",
+ "SKIPJACK_CBC64",
+ "SKIPJACK_OFB64",
+ "SKIPJACK_CFB64",
+ "SKIPJACK_CFB32",
+ "SKIPJACK_CFB16",
+ "SKIPJACK_CFB8",
+ "SKIPJACK_WRAP",
+ "SKIPJACK_PRIVATE_WRAP",
+ "SKIPJACK_RELAYX");
+ENUM_NEXT(ck_mech_names, CKM_KEA_KEY_PAIR_GEN, CKM_KEA_KEY_DERIVE,
+ CKM_SKIPJACK_RELAYX,
+ "KEA_KEY_PAIR_GEN",
+ "KEA_KEY_DERIVE");
+ENUM_NEXT(ck_mech_names, CKM_FORTEZZA_TIMESTAMP, CKM_FORTEZZA_TIMESTAMP,
+ CKM_KEA_KEY_DERIVE,
+ "FORTEZZA_TIMESTAMP");
+ENUM_NEXT(ck_mech_names, CKM_BATON_KEY_GEN, CKM_BATON_WRAP,
+ CKM_FORTEZZA_TIMESTAMP,
+ "BATON_KEY_GEN",
+ "BATON_ECB128",
+ "BATON_ECB96",
+ "BATON_CBC128",
+ "BATON_COUNTER",
+ "BATON_SHUFFLE",
+ "BATON_WRAP");
+ENUM_NEXT(ck_mech_names, CKM_ECDSA_KEY_PAIR_GEN, CKM_ECDSA_SHA1,
+ CKM_BATON_WRAP,
+ "ECDSA_KEY_PAIR_GEN",
+ "ECDSA",
+ "ECDSA_SHA1");
+ENUM_NEXT(ck_mech_names, CKM_ECDH1_DERIVE, CKM_ECMQV_DERIVE,
+ CKM_ECDSA_SHA1,
+ "ECDH1_DERIVE",
+ "ECDH1_COFACTOR_DERIVE",
+ "ECMQV_DERIVE");
+ENUM_NEXT(ck_mech_names, CKM_JUNIPER_KEY_GEN, CKM_JUNIPER_WRAP,
+ CKM_ECMQV_DERIVE,
+ "JUNIPER_KEY_GEN",
+ "JUNIPER_ECB128",
+ "JUNIPER_CBC128",
+ "JUNIPER_COUNTER",
+ "JUNIPER_SHUFFLE",
+ "JUNIPER_WRAP");
+ENUM_NEXT(ck_mech_names, CKM_FASTHASH, CKM_FASTHASH,
+ CKM_JUNIPER_WRAP,
+ "FASTHASH");
+ENUM_NEXT(ck_mech_names, CKM_AES_KEY_GEN, CKM_AES_CBC_PAD,
+ CKM_FASTHASH,
+ "AES_KEY_GEN",
+ "AES_ECB",
+ "AES_CBC",
+ "AES_MAC",
+ "AES_MAC_GENERAL",
+ "AES_CBC_PAD");
+ENUM_NEXT(ck_mech_names, CKM_DSA_PARAMETER_GEN, CKM_X9_42_DH_PARAMETER_GEN,
+ CKM_AES_CBC_PAD,
+ "DSA_PARAMETER_GEN",
+ "DH_PKCS_PARAMETER_GEN",
+ "X9_42_DH_PARAMETER_GEN");
+ENUM_END(ck_mech_names, CKM_X9_42_DH_PARAMETER_GEN);
+
+/**
+ * Private data of an pkcs11_library_t object.
+ */
+struct private_pkcs11_library_t {
+
+ /**
+ * Public pkcs11_library_t interface.
+ */
+ pkcs11_library_t public;
+
+ /**
+ * dlopen() handle
+ */
+ void *handle;
+
+ /**
+ * Name as passed to the constructor
+ */
+ char *name;
+};
+
+METHOD(pkcs11_library_t, get_name, char*,
+ private_pkcs11_library_t *this)
+{
+ return this->name;
+}
+
+/**
+ * Object enumerator
+ */
+typedef struct {
+ /* implements enumerator_t */
+ enumerator_t public;
+ /* session */
+ CK_SESSION_HANDLE session;
+ /* pkcs11 library */
+ pkcs11_library_t *lib;
+ /* attributes to retreive */
+ CK_ATTRIBUTE_PTR attr;
+ /* number of attributes */
+ CK_ULONG count;
+ /* currently allocated attributes, to free */
+ linked_list_t *freelist;
+} object_enumerator_t;
+
+/**
+ * Free contents of attributes in a list
+ */
+static void free_attrs(object_enumerator_t *this)
+{
+ CK_ATTRIBUTE_PTR attr;
+
+ while (this->freelist->remove_last(this->freelist, (void**)&attr) == SUCCESS)
+ {
+ free(attr->pValue);
+ attr->pValue = NULL;
+ attr->ulValueLen = 0;
+ }
+}
+
+/**
+ * Get attributes for a given object during enumeration
+ */
+static bool get_attributes(object_enumerator_t *this, CK_OBJECT_HANDLE object)
+{
+ CK_RV rv;
+ int i;
+
+ free_attrs(this);
+
+ /* get length of objects first */
+ rv = this->lib->f->C_GetAttributeValue(this->session, object,
+ this->attr, this->count);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetAttributeValue(NULL) error: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ /* allocate required chunks */
+ for (i = 0; i < this->count; i++)
+ {
+ if (this->attr[i].pValue == NULL &&
+ this->attr[i].ulValueLen != 0 && this->attr[i].ulValueLen != -1)
+ {
+ this->attr[i].pValue = malloc(this->attr[i].ulValueLen);
+ this->freelist->insert_last(this->freelist, &this->attr[i]);
+ }
+ }
+ /* get the data */
+ rv = this->lib->f->C_GetAttributeValue(this->session, object,
+ this->attr, this->count);
+ if (rv != CKR_OK)
+ {
+ free_attrs(this);
+ DBG1(DBG_CFG, "C_GetAttributeValue(NULL) error: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(enumerator_t, object_enumerate, bool,
+ object_enumerator_t *this, CK_OBJECT_HANDLE *out)
+{
+ CK_OBJECT_HANDLE object;
+ CK_ULONG found;
+ CK_RV rv;
+
+ rv = this->lib->f->C_FindObjects(this->session, &object, 1, &found);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_FindObjects() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ if (found)
+ {
+ if (this->attr)
+ {
+ if (!get_attributes(this, object))
+ {
+ return FALSE;
+ }
+ }
+ *out = object;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+METHOD(enumerator_t, object_destroy, void,
+ object_enumerator_t *this)
+{
+ this->lib->f->C_FindObjectsFinal(this->session);
+ free_attrs(this);
+ this->freelist->destroy(this->freelist);
+ free(this);
+}
+
+METHOD(pkcs11_library_t, create_object_enumerator, enumerator_t*,
+ private_pkcs11_library_t *this, CK_SESSION_HANDLE session,
+ CK_ATTRIBUTE_PTR tmpl, CK_ULONG tcount,
+ CK_ATTRIBUTE_PTR attr, CK_ULONG acount)
+{
+ object_enumerator_t *enumerator;
+ CK_RV rv;
+
+ rv = this->public.f->C_FindObjectsInit(session, tmpl, tcount);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_FindObjectsInit() failed: %N", ck_rv_names, rv);
+ return enumerator_create_empty();
+ }
+
+ INIT(enumerator,
+ .public = {
+ .enumerate = (void*)_object_enumerate,
+ .destroy = _object_destroy,
+ },
+ .session = session,
+ .lib = &this->public,
+ .attr = attr,
+ .count = acount,
+ .freelist = linked_list_create(),
+ );
+ return &enumerator->public;
+}
+
+/**
+ * Enumerator over mechanisms
+ */
+typedef struct {
+ /* implements enumerator_t */
+ enumerator_t public;
+ /* PKCS#11 library */
+ pkcs11_library_t *lib;
+ /* slot of token */
+ CK_SLOT_ID slot;
+ /* mechanism type list */
+ CK_MECHANISM_TYPE_PTR mechs;
+ /* number of mechanism types */
+ CK_ULONG count;
+ /* current mechanism */
+ CK_ULONG current;
+} mechanism_enumerator_t;
+
+METHOD(enumerator_t, enumerate_mech, bool,
+ mechanism_enumerator_t *this, CK_MECHANISM_TYPE* type,
+ CK_MECHANISM_INFO *info)
+{
+ CK_RV rv;
+
+ if (this->current >= this->count)
+ {
+ return FALSE;
+ }
+ if (info)
+ {
+ rv = this->lib->f->C_GetMechanismInfo(this->slot,
+ this->mechs[this->current], info);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetMechanismInfo() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ }
+ *type = this->mechs[this->current++];
+ return TRUE;
+}
+
+METHOD(enumerator_t, destroy_mech, void,
+ mechanism_enumerator_t *this)
+{
+ free(this->mechs);
+ free(this);
+}
+
+METHOD(pkcs11_library_t, create_mechanism_enumerator, enumerator_t*,
+ private_pkcs11_library_t *this, CK_SLOT_ID slot)
+{
+ mechanism_enumerator_t *enumerator;
+ CK_RV rv;
+
+ INIT(enumerator,
+ .public = {
+ .enumerate = (void*)_enumerate_mech,
+ .destroy = _destroy_mech,
+ },
+ .lib = &this->public,
+ .slot = slot,
+ );
+
+ rv = enumerator->lib->f->C_GetMechanismList(slot, NULL, &enumerator->count);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetMechanismList() failed: %N", ck_rv_names, rv);
+ free(enumerator);
+ return enumerator_create_empty();
+ }
+ enumerator->mechs = malloc(sizeof(CK_MECHANISM_TYPE) * enumerator->count);
+ enumerator->lib->f->C_GetMechanismList(slot, enumerator->mechs,
+ &enumerator->count);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetMechanismList() failed: %N", ck_rv_names, rv);
+ destroy_mech(enumerator);
+ return enumerator_create_empty();
+ }
+ return &enumerator->public;
+}
+
+METHOD(pkcs11_library_t, destroy, void,
+ private_pkcs11_library_t *this)
+{
+ this->public.f->C_Finalize(NULL);
+ dlclose(this->handle);
+ free(this);
+}
+
+/**
+ * See header
+ */
+void pkcs11_library_trim(char *str, int len)
+{
+ int i;
+
+ str[len - 1] = '\0';
+ for (i = len - 2; i > 0; i--)
+ {
+ if (str[i] == ' ')
+ {
+ str[i] = '\0';
+ continue;
+ }
+ break;
+ }
+}
+
+/**
+ * Mutex creation callback
+ */
+static CK_RV CreateMutex(CK_VOID_PTR_PTR data)
+{
+ *data = mutex_create(MUTEX_TYPE_DEFAULT);
+ return CKR_OK;
+}
+
+/**
+ * Mutex destruction callback
+ */
+static CK_RV DestroyMutex(CK_VOID_PTR data)
+{
+ mutex_t *mutex = (mutex_t*)data;
+
+ mutex->destroy(mutex);
+ return CKR_OK;
+}
+
+/**
+ * Mutex lock callback
+ */
+static CK_RV LockMutex(CK_VOID_PTR data)
+{
+ mutex_t *mutex = (mutex_t*)data;
+
+ mutex->lock(mutex);
+ return CKR_OK;
+}
+
+/**
+ * Mutex unlock callback
+ */
+static CK_RV UnlockMutex(CK_VOID_PTR data)
+{
+ mutex_t *mutex = (mutex_t*)data;
+
+ mutex->unlock(mutex);
+ return CKR_OK;
+}
+
+/**
+ * Initialize a PKCS#11 library
+ */
+static bool initialize(private_pkcs11_library_t *this, char *name, char *file)
+{
+ CK_C_GetFunctionList pC_GetFunctionList;
+ CK_INFO info;
+ CK_RV rv;
+ CK_C_INITIALIZE_ARGS args = {
+ .CreateMutex = CreateMutex,
+ .DestroyMutex = DestroyMutex,
+ .LockMutex = LockMutex,
+ .UnlockMutex = UnlockMutex,
+ };
+
+ pC_GetFunctionList = dlsym(this->handle, "C_GetFunctionList");
+ if (!pC_GetFunctionList)
+ {
+ DBG1(DBG_CFG, "C_GetFunctionList not found for '%s': %s", name, dlerror());
+ return FALSE;
+ }
+ rv = pC_GetFunctionList(&this->public.f);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetFunctionList() error for '%s': %N",
+ name, ck_rv_names, rv);
+ return FALSE;
+ }
+
+ rv = this->public.f->C_Initialize(&args);
+ if (rv == CKR_CANT_LOCK)
+ { /* try OS locking */
+ memset(&args, 0, sizeof(args));
+ args.flags = CKF_OS_LOCKING_OK;
+ rv = this->public.f->C_Initialize(&args);
+ }
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_Initialize() error for '%s': %N",
+ name, ck_rv_names, rv);
+ return FALSE;
+ }
+ rv = this->public.f->C_GetInfo(&info);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetInfo() error for '%s': %N",
+ name, ck_rv_names, rv);
+ this->public.f->C_Finalize(NULL);
+ return FALSE;
+ }
+
+ pkcs11_library_trim(info.manufacturerID,
+ strnlen(info.manufacturerID, sizeof(info.manufacturerID)));
+ pkcs11_library_trim(info.libraryDescription,
+ strnlen(info.libraryDescription, sizeof(info.libraryDescription)));
+
+ DBG1(DBG_CFG, "loaded PKCS#11 v%d.%d library '%s' (%s)",
+ info.cryptokiVersion.major, info.cryptokiVersion.minor, name, file);
+ DBG1(DBG_CFG, " %s: %s v%d.%d",
+ info.manufacturerID, info.libraryDescription,
+ info.libraryVersion.major, info.libraryVersion.minor);
+ if (args.flags & CKF_OS_LOCKING_OK)
+ {
+ DBG1(DBG_CFG, " uses OS locking functions");
+ }
+ return TRUE;
+}
+
+/**
+ * See header
+ */
+pkcs11_library_t *pkcs11_library_create(char *name, char *file)
+{
+ private_pkcs11_library_t *this;
+
+ INIT(this,
+ .public = {
+ .get_name = _get_name,
+ .create_object_enumerator = _create_object_enumerator,
+ .create_mechanism_enumerator = _create_mechanism_enumerator,
+ .destroy = _destroy,
+ },
+ .name = name,
+ .handle = dlopen(file, RTLD_LAZY),
+ );
+
+ if (!this->handle)
+ {
+ DBG1(DBG_CFG, "opening PKCS#11 library failed: %s", dlerror());
+ free(this);
+ return NULL;
+ }
+
+ if (!initialize(this, name, file))
+ {
+ dlclose(this->handle);
+ free(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h
new file mode 100644
index 000000000..1457d24d4
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h
@@ -0,0 +1,110 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11_library pkcs11_library
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_LIBRARY_H_
+#define PKCS11_LIBRARY_H_
+
+typedef struct pkcs11_library_t pkcs11_library_t;
+
+#include "pkcs11.h"
+
+#include <enum.h>
+#include <utils/enumerator.h>
+
+/**
+ * A loaded and initialized PKCS#11 library.
+ */
+struct pkcs11_library_t {
+
+ /**
+ * PKCS#11 function list, as returned by C_GetFunctionList
+ */
+ CK_FUNCTION_LIST_PTR f;
+
+ /**
+ * Get the name this instance was created with.
+ *
+ * @return name, as passed to constructor
+ */
+ char* (*get_name)(pkcs11_library_t *this);
+
+ /**
+ * Create an enumerator over CK_OBJECT_HANDLE using a search template.
+ *
+ * An optional attribute array is automatically filled in with the
+ * objects associated attributes. If the value of an output attribute
+ * is NULL, the value gets allocated/freed during enumeration.
+ *
+ * @param session session to use
+ * @param tmpl search template
+ * @param tcount number of attributes in the search template
+ * @param attr attributes to read from object
+ * @param acount number of attributes to read
+ */
+ enumerator_t* (*create_object_enumerator)(pkcs11_library_t *this,
+ CK_SESSION_HANDLE session, CK_ATTRIBUTE_PTR tmpl, CK_ULONG tcount,
+ CK_ATTRIBUTE_PTR attr, CK_ULONG acount);
+
+ /**
+ * Create an enumerator over supported mechanisms of a token.
+ *
+ * The resulting enumerator enumerates over the mechanism type, and if
+ * a non-NULL pointer is given, over the mechanism info details.
+ *
+ * @param slot slot of the token
+ * @return enumerator over (CK_MECHANISM_TYPE, CK_MECHANISM_INFO)
+ */
+ enumerator_t* (*create_mechanism_enumerator)(pkcs11_library_t *this,
+ CK_SLOT_ID slot);
+
+ /**
+ * Destroy a pkcs11_library_t.
+ */
+ void (*destroy)(pkcs11_library_t *this);
+};
+
+/**
+ * Enum names for CK_RV return values
+ */
+extern enum_name_t *ck_rv_names;
+
+/**
+ * Enum names for CK_MECHANISM_TYPE values
+ */
+extern enum_name_t *ck_mech_names;
+
+/**
+ * Trim/null terminate a string returned by the varius PKCS#11 functions.
+ *
+ * @param str string to trim
+ * @param len max length of the string
+ */
+void pkcs11_library_trim(char *str, int len);
+
+/**
+ * Create a pkcs11_library instance.
+ *
+ * @param name an arbitrary name, for debugging
+ * @param file pkcs11 library file to dlopen()
+ * @return library abstraction
+ */
+pkcs11_library_t *pkcs11_library_create(char *name, char *file);
+
+#endif /** PKCS11_LIBRARY_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
new file mode 100644
index 000000000..0c27600a6
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c
@@ -0,0 +1,407 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_manager.h"
+
+#include <debug.h>
+#include <utils/linked_list.h>
+#include <threading/thread.h>
+
+#include "pkcs11_library.h"
+
+#include <processing/jobs/callback_job.h>
+
+typedef struct private_pkcs11_manager_t private_pkcs11_manager_t;
+
+/**
+ * Private data of an pkcs11_manager_t object.
+ */
+struct private_pkcs11_manager_t {
+
+ /**
+ * Public pkcs11_manager_t interface.
+ */
+ pkcs11_manager_t public;
+
+ /**
+ * List of loaded libraries, as lib_entry_t
+ */
+ linked_list_t *libs;
+
+ /**
+ * Slot event callback function
+ */
+ pkcs11_manager_token_event_t cb;
+
+ /**
+ * Slot event user data
+ */
+ void *data;
+};
+
+/**
+ * Entry for a loaded library
+ */
+typedef struct {
+ /* back reference to this */
+ private_pkcs11_manager_t *this;
+ /* associated library path */
+ char *path;
+ /* loaded library */
+ pkcs11_library_t *lib;
+ /* event dispatcher job */
+ callback_job_t *job;
+} lib_entry_t;
+
+/**
+ * Destroy a lib_entry_t
+ */
+static void lib_entry_destroy(lib_entry_t *entry)
+{
+ if (entry->job)
+ {
+ entry->job->cancel(entry->job);
+ }
+ entry->lib->destroy(entry->lib);
+ free(entry);
+}
+
+/**
+ * Print supported mechanisms of a token in a slot
+ */
+static void print_mechs(lib_entry_t *entry, CK_SLOT_ID slot)
+{
+ enumerator_t *enumerator;
+ CK_MECHANISM_TYPE type;
+ CK_MECHANISM_INFO info;
+
+ enumerator = entry->lib->create_mechanism_enumerator(entry->lib, slot);
+ while (enumerator->enumerate(enumerator, &type, &info))
+ {
+ DBG2(DBG_CFG, " %N %lu-%lu [ %s%s%s%s%s%s%s%s%s%s%s%s%s]",
+ ck_mech_names, type,
+ info.ulMinKeySize, info.ulMaxKeySize,
+ info.flags & CKF_HW ? "HW " : "",
+ info.flags & CKF_ENCRYPT ? "ENCR " : "",
+ info.flags & CKF_DECRYPT ? "DECR " : "",
+ info.flags & CKF_DIGEST ? "DGST " : "",
+ info.flags & CKF_SIGN ? "SIGN " : "",
+ info.flags & CKF_SIGN_RECOVER ? "SIGN_RCVR " : "",
+ info.flags & CKF_VERIFY ? "VRFY " : "",
+ info.flags & CKF_VERIFY_RECOVER ? "VRFY_RCVR " : "",
+ info.flags & CKF_GENERATE ? "GEN " : "",
+ info.flags & CKF_GENERATE_KEY_PAIR ? "GEN_KEY_PAIR " : "",
+ info.flags & CKF_WRAP ? "WRAP " : "",
+ info.flags & CKF_UNWRAP ? "UNWRAP " : "",
+ info.flags & CKF_DERIVE ? "DERIVE " : "");
+ }
+ enumerator->destroy(enumerator);
+}
+
+/**
+ * Handle a token
+ */
+static void handle_token(lib_entry_t *entry, CK_SLOT_ID slot)
+{
+ CK_TOKEN_INFO info;
+ CK_RV rv;
+
+ rv = entry->lib->f->C_GetTokenInfo(slot, &info);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetTokenInfo failed: %N", ck_rv_names, rv);
+ return;
+ }
+ pkcs11_library_trim(info.label, sizeof(info.label));
+ pkcs11_library_trim(info.manufacturerID, sizeof(info.manufacturerID));
+ pkcs11_library_trim(info.model, sizeof(info.model));
+ DBG1(DBG_CFG, " %s (%s: %s)",
+ info.label, info.manufacturerID, info.model);
+
+ print_mechs(entry, slot);
+}
+
+/**
+ * Handle slot changes
+ */
+static void handle_slot(lib_entry_t *entry, CK_SLOT_ID slot, bool hot)
+{
+ CK_SLOT_INFO info;
+ CK_RV rv;
+
+ rv = entry->lib->f->C_GetSlotInfo(slot, &info);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetSlotInfo failed: %N", ck_rv_names, rv);
+ return;
+ }
+
+ pkcs11_library_trim(info.slotDescription, sizeof(info.slotDescription));
+ if (info.flags & CKF_TOKEN_PRESENT)
+ {
+ DBG1(DBG_CFG, " found token in slot '%s':%lu (%s)",
+ entry->lib->get_name(entry->lib), slot, info.slotDescription);
+ handle_token(entry, slot);
+ if (hot)
+ {
+ entry->this->cb(entry->this->data, entry->lib, slot, TRUE);
+ }
+ }
+ else
+ {
+ DBG1(DBG_CFG, "token removed from slot '%s':%lu (%s)",
+ entry->lib->get_name(entry->lib), slot, info.slotDescription);
+ if (hot)
+ {
+ entry->this->cb(entry->this->data, entry->lib, slot, FALSE);
+ }
+ }
+}
+
+/**
+ * Dispatch slot events
+ */
+static job_requeue_t dispatch_slot_events(lib_entry_t *entry)
+{
+ CK_SLOT_ID slot;
+ CK_RV rv;
+ bool old;
+
+ old = thread_cancelability(TRUE);
+ rv = entry->lib->f->C_WaitForSlotEvent(0, &slot, NULL);
+ thread_cancelability(old);
+ if (rv == CKR_FUNCTION_NOT_SUPPORTED || rv == CKR_NO_EVENT)
+ {
+ DBG1(DBG_CFG, "module '%s' does not support hot-plugging, cancelled",
+ entry->lib->get_name(entry->lib));
+ return JOB_REQUEUE_NONE;
+ }
+ if (rv == CKR_CRYPTOKI_NOT_INITIALIZED)
+ { /* C_Finalize called, abort */
+ return JOB_REQUEUE_NONE;
+ }
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "error in C_WaitForSlotEvent: %N", ck_rv_names, rv);
+ }
+ handle_slot(entry, slot, TRUE);
+
+ return JOB_REQUEUE_DIRECT;
+}
+
+/**
+ * End dispatching, unset job
+ */
+static void end_dispatch(lib_entry_t *entry)
+{
+ entry->job = NULL;
+}
+
+/**
+ * Get the slot list of a library
+ */
+static CK_SLOT_ID_PTR get_slot_list(pkcs11_library_t *p11, CK_ULONG *out)
+{
+ CK_SLOT_ID_PTR slots;
+ CK_ULONG count;
+ CK_RV rv;
+
+ rv = p11->f->C_GetSlotList(TRUE, NULL, &count);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetSlotList() failed: %N", ck_rv_names, rv);
+ return NULL;
+ }
+ if (count == 0)
+ {
+ return NULL;
+ }
+ slots = malloc(sizeof(CK_SLOT_ID) * count);
+ rv = p11->f->C_GetSlotList(TRUE, slots, &count);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetSlotList() failed: %N", ck_rv_names, rv);
+ free(slots);
+ return NULL;
+ }
+ *out = count;
+ return slots;
+}
+
+/**
+ * Query the slots for tokens
+ */
+static void query_slots(lib_entry_t *entry)
+{
+ CK_ULONG count;
+ CK_SLOT_ID_PTR slots;
+ int i;
+
+ slots = get_slot_list(entry->lib, &count);
+ if (slots)
+ {
+ for (i = 0; i < count; i++)
+ {
+ handle_slot(entry, slots[i], FALSE);
+ }
+ free(slots);
+ }
+}
+
+/**
+ * Token enumerator
+ */
+typedef struct {
+ /* implements enumerator */
+ enumerator_t public;
+ /* inner enumerator over PKCS#11 libraries */
+ enumerator_t *inner;
+ /* active library entry */
+ lib_entry_t *entry;
+ /* slot list with tokens */
+ CK_SLOT_ID_PTR slots;
+ /* number of slots */
+ CK_ULONG count;
+ /* current slot */
+ int current;
+} token_enumerator_t;
+
+METHOD(enumerator_t, enumerate_token, bool,
+ token_enumerator_t *this, pkcs11_library_t **out, CK_SLOT_ID *slot)
+{
+ if (this->current >= this->count)
+ {
+ free(this->slots);
+ this->slots = NULL;
+ this->current = 0;
+ }
+ while (!this->slots)
+ {
+ if (!this->inner->enumerate(this->inner, &this->entry))
+ {
+ return FALSE;
+ }
+ this->slots = get_slot_list(this->entry->lib, &this->count);
+ }
+ *out = this->entry->lib;
+ *slot = this->slots[this->current++];
+ return TRUE;
+}
+
+METHOD(enumerator_t, destroy_token, void,
+ token_enumerator_t *this)
+{
+ this->inner->destroy(this->inner);
+ free(this->slots);
+ free(this);
+}
+
+METHOD(pkcs11_manager_t, create_token_enumerator, enumerator_t*,
+ private_pkcs11_manager_t *this)
+{
+ token_enumerator_t *enumerator;
+
+ INIT(enumerator,
+ .public = {
+ .enumerate = (void*)_enumerate_token,
+ .destroy = _destroy_token,
+ },
+ .inner = this->libs->create_enumerator(this->libs),
+ );
+ return &enumerator->public;
+}
+
+/**
+ * Singleton instance
+ */
+static private_pkcs11_manager_t *singleton = NULL;
+
+METHOD(pkcs11_manager_t, destroy, void,
+ private_pkcs11_manager_t *this)
+{
+ this->libs->destroy_function(this->libs, (void*)lib_entry_destroy);
+ free(this);
+ singleton = NULL;
+}
+
+/**
+ * See header
+ */
+pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb,
+ void *data)
+{
+ private_pkcs11_manager_t *this;
+ enumerator_t *enumerator;
+ lib_entry_t *entry;
+ char *module;
+
+ INIT(this,
+ .public = {
+ .create_token_enumerator = _create_token_enumerator,
+ .destroy = _destroy,
+ },
+ .libs = linked_list_create(),
+ .cb = cb,
+ .data = data,
+ );
+
+ enumerator = lib->settings->create_section_enumerator(lib->settings,
+ "libstrongswan.plugins.pkcs11.modules");
+ while (enumerator->enumerate(enumerator, &module))
+ {
+ INIT(entry,
+ .this = this,
+ );
+
+ entry->path = lib->settings->get_str(lib->settings,
+ "libstrongswan.plugins.pkcs11.modules.%s.path", NULL, module);
+ if (!entry->path)
+ {
+ DBG1(DBG_CFG, "PKCS11 module '%s' misses library path", module);
+ free(entry);
+ continue;
+ }
+ entry->lib = pkcs11_library_create(module, entry->path);
+ if (!entry->lib)
+ {
+ free(entry);
+ continue;
+ }
+ this->libs->insert_last(this->libs, entry);
+ }
+ enumerator->destroy(enumerator);
+
+ singleton = this;
+
+ enumerator = this->libs->create_enumerator(this->libs);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ query_slots(entry);
+ entry->job = callback_job_create((void*)dispatch_slot_events,
+ entry, (void*)end_dispatch, NULL);
+ lib->processor->queue_job(lib->processor, (job_t*)entry->job);
+ }
+ enumerator->destroy(enumerator);
+
+ return &this->public;
+}
+
+/**
+ * See header
+ */
+pkcs11_manager_t *pkcs11_manager_get()
+{
+ return (pkcs11_manager_t*)singleton;
+}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h
new file mode 100644
index 000000000..b80d67324
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11_manager pkcs11_manager
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_MANAGER_H_
+#define PKCS11_MANAGER_H_
+
+typedef struct pkcs11_manager_t pkcs11_manager_t;
+
+#include <library.h>
+
+#include "pkcs11_library.h"
+
+/**
+ * Token event callback function.
+ *
+ * @param data user supplied data, as passed to pkcs11_manager_create()
+ * @param p11 loaded PKCS#11 library token belongs to
+ * @param slot slot number the event occured in
+ * @param add TRUE if token was added to the slot, FALSE if removed
+ */
+typedef void (*pkcs11_manager_token_event_t)(void *data, pkcs11_library_t *p11,
+ CK_SLOT_ID slot, bool add);
+
+
+/**
+ * Manages multiple PKCS#11 libraries with hot pluggable slots
+ */
+struct pkcs11_manager_t {
+
+ /**
+ * Create an enumerator over all tokens.
+ *
+ * @return enumerator over (pkcs11_library_t*,CK_SLOT_ID)
+ */
+ enumerator_t* (*create_token_enumerator)(pkcs11_manager_t *this);
+
+ /**
+ * Destroy a pkcs11_manager_t.
+ */
+ void (*destroy)(pkcs11_manager_t *this);
+};
+
+/**
+ * Create a pkcs11_manager instance.
+ *
+ * @param cb token event callback function
+ * @param data user data to pass to token event callback
+ * @return instance
+ */
+pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb,
+ void *data);
+
+
+/**
+ * Get the singleton instance of the manager
+ *
+ * @return instance, NULL if none available
+ */
+pkcs11_manager_t *pkcs11_manager_get();
+
+#endif /** PKCS11_MANAGER_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
new file mode 100644
index 000000000..ace405c23
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c
@@ -0,0 +1,176 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_plugin.h"
+
+#include <library.h>
+#include <debug.h>
+#include <utils/linked_list.h>
+#include <threading/mutex.h>
+
+#include "pkcs11_manager.h"
+#include "pkcs11_creds.h"
+#include "pkcs11_private_key.h"
+#include "pkcs11_public_key.h"
+#include "pkcs11_hasher.h"
+
+typedef struct private_pkcs11_plugin_t private_pkcs11_plugin_t;
+
+/**
+ * private data of pkcs11_plugin
+ */
+struct private_pkcs11_plugin_t {
+
+ /**
+ * public functions
+ */
+ pkcs11_plugin_t public;
+
+ /**
+ * PKCS#11 library/slot manager
+ */
+ pkcs11_manager_t *manager;
+
+ /**
+ * List of credential sets, pkcs11_creds_t
+ */
+ linked_list_t *creds;
+
+ /**
+ * mutex to lock list
+ */
+ mutex_t *mutex;
+};
+
+/**
+ * Token event callback function
+ */
+static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11,
+ CK_SLOT_ID slot, bool add)
+{
+ enumerator_t *enumerator;
+ pkcs11_creds_t *creds, *found = NULL;;
+
+ if (add)
+ {
+ creds = pkcs11_creds_create(p11, slot);
+ if (creds)
+ {
+ this->mutex->lock(this->mutex);
+ this->creds->insert_last(this->creds, creds);
+ this->mutex->unlock(this->mutex);
+ lib->credmgr->add_set(lib->credmgr, &creds->set);
+ }
+ }
+ else
+ {
+ this->mutex->lock(this->mutex);
+ enumerator = this->creds->create_enumerator(this->creds);
+ while (enumerator->enumerate(enumerator, &creds))
+ {
+ if (creds->get_library(creds) == p11 &&
+ creds->get_slot(creds) == slot)
+ {
+ found = creds;
+ this->creds->remove_at(this->creds, enumerator);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ this->mutex->unlock(this->mutex);
+
+ if (found)
+ {
+ lib->credmgr->remove_set(lib->credmgr, &found->set);
+ found->destroy(found);
+ /* flush the cache after a token is gone */
+ lib->credmgr->flush_cache(lib->credmgr, CERT_X509);
+ }
+ }
+}
+
+METHOD(plugin_t, destroy, void,
+ private_pkcs11_plugin_t *this)
+{
+ pkcs11_creds_t *creds;
+
+ lib->creds->remove_builder(lib->creds,
+ (builder_function_t)pkcs11_private_key_connect);
+ while (this->creds->remove_last(this->creds, (void**)&creds) == SUCCESS)
+ {
+ lib->credmgr->remove_set(lib->credmgr, &creds->set);
+ creds->destroy(creds);
+ }
+ lib->crypto->remove_hasher(lib->crypto,
+ (hasher_constructor_t)pkcs11_hasher_create);
+ this->creds->destroy(this->creds);
+ this->manager->destroy(this->manager);
+ this->mutex->destroy(this->mutex);
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *pkcs11_plugin_create()
+{
+ private_pkcs11_plugin_t *this;
+ enumerator_t *enumerator;
+ pkcs11_library_t *p11;
+ CK_SLOT_ID slot;
+
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ .creds = linked_list_create(),
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ );
+
+ this->manager = pkcs11_manager_create((void*)token_event_cb, this);
+
+ if (lib->settings->get_bool(lib->settings,
+ "libstrongswan.plugins.pkcs11.use_hasher", FALSE))
+ {
+ lib->crypto->add_hasher(lib->crypto, HASH_MD2,
+ (hasher_constructor_t)pkcs11_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_MD5,
+ (hasher_constructor_t)pkcs11_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_SHA1,
+ (hasher_constructor_t)pkcs11_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_SHA256,
+ (hasher_constructor_t)pkcs11_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_SHA384,
+ (hasher_constructor_t)pkcs11_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_SHA512,
+ (hasher_constructor_t)pkcs11_hasher_create);
+ }
+
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE,
+ (builder_function_t)pkcs11_private_key_connect);
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE,
+ (builder_function_t)pkcs11_public_key_load);
+
+ enumerator = this->manager->create_token_enumerator(this->manager);
+ while (enumerator->enumerate(enumerator, &p11, &slot))
+ {
+ token_event_cb(this, p11, slot, TRUE);
+ }
+ enumerator->destroy(enumerator);
+
+ return &this->public.plugin;
+}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h
new file mode 100644
index 000000000..432e2173a
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11 pkcs11
+ * @ingroup plugins
+ *
+ * @defgroup pkcs11_plugin pkcs11_plugin
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_PLUGIN_H_
+#define PKCS11_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct pkcs11_plugin_t pkcs11_plugin_t;
+
+/**
+ * Plugin providing PKCS#11 token support.
+ */
+struct pkcs11_plugin_t {
+
+ /**
+ * Implements plugin interface,
+ */
+ plugin_t plugin;
+};
+
+#endif /** PKCS11_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
new file mode 100644
index 000000000..cabca3f54
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c
@@ -0,0 +1,600 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_private_key.h"
+
+#include "pkcs11_library.h"
+#include "pkcs11_manager.h"
+
+#include <debug.h>
+#include <threading/mutex.h>
+
+typedef struct private_pkcs11_private_key_t private_pkcs11_private_key_t;
+
+/**
+ * Private data of an pkcs11_private_key_t object.
+ */
+struct private_pkcs11_private_key_t {
+
+ /**
+ * Public pkcs11_private_key_t interface.
+ */
+ pkcs11_private_key_t public;
+
+ /**
+ * PKCS#11 module
+ */
+ pkcs11_library_t *lib;
+
+ /**
+ * Token session
+ */
+ CK_SESSION_HANDLE session;
+
+ /**
+ * Mutex to lock session
+ */
+ mutex_t *mutex;
+
+ /**
+ * Key object on the token
+ */
+ CK_OBJECT_HANDLE object;
+
+ /**
+ * Key requires reauthentication for each signature/decryption
+ */
+ CK_BBOOL reauth;
+
+ /**
+ * Keyid of the key we use
+ */
+ identification_t *keyid;
+
+ /**
+ * Associated public key
+ */
+ public_key_t *pubkey;
+
+ /**
+ * References to this key
+ */
+ refcount_t ref;
+};
+
+METHOD(private_key_t, get_type, key_type_t,
+ private_pkcs11_private_key_t *this)
+{
+ return this->pubkey->get_type(this->pubkey);
+}
+
+METHOD(private_key_t, get_keysize, int,
+ private_pkcs11_private_key_t *this)
+{
+ return this->pubkey->get_keysize(this->pubkey);
+}
+
+/**
+ * See header.
+ */
+CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme)
+{
+ static struct {
+ signature_scheme_t scheme;
+ CK_MECHANISM mechanism;
+ } mappings[] = {
+ {SIGN_RSA_EMSA_PKCS1_NULL, {CKM_RSA_PKCS, NULL, 0}},
+ {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0}},
+ {SIGN_RSA_EMSA_PKCS1_SHA256, {CKM_SHA256_RSA_PKCS, NULL, 0}},
+ {SIGN_RSA_EMSA_PKCS1_SHA384, {CKM_SHA384_RSA_PKCS, NULL, 0}},
+ {SIGN_RSA_EMSA_PKCS1_SHA512, {CKM_SHA512_RSA_PKCS, NULL, 0}},
+ {SIGN_RSA_EMSA_PKCS1_MD5, {CKM_MD5_RSA_PKCS, NULL, 0}},
+ };
+ int i;
+
+ for (i = 0; i < countof(mappings); i++)
+ {
+ if (mappings[i].scheme == scheme)
+ {
+ return &mappings[i].mechanism;
+ }
+ }
+ return NULL;
+}
+
+/**
+ * See header.
+ */
+CK_MECHANISM_PTR pkcs11_encryption_scheme_to_mech(encryption_scheme_t scheme)
+{
+ static struct {
+ encryption_scheme_t scheme;
+ CK_MECHANISM mechanism;
+ } mappings[] = {
+ {ENCRYPT_RSA_PKCS1, {CKM_RSA_PKCS, NULL, 0}},
+ {ENCRYPT_RSA_OAEP_SHA1, {CKM_RSA_PKCS_OAEP, NULL, 0}},
+ };
+ int i;
+
+ for (i = 0; i < countof(mappings); i++)
+ {
+ if (mappings[i].scheme == scheme)
+ {
+ return &mappings[i].mechanism;
+ }
+ }
+ return NULL;
+}
+
+/**
+ * Reauthenticate to do a signature
+ */
+static bool reauth(private_pkcs11_private_key_t *this)
+{
+ enumerator_t *enumerator;
+ shared_key_t *shared;
+ chunk_t pin;
+ CK_RV rv;
+ bool found = FALSE, success = FALSE;
+
+ enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
+ SHARED_PIN, this->keyid, NULL);
+ while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
+ {
+ found = TRUE;
+ pin = shared->get_key(shared);
+ rv = this->lib->f->C_Login(this->session, CKU_CONTEXT_SPECIFIC,
+ pin.ptr, pin.len);
+ if (rv == CKR_OK)
+ {
+ success = TRUE;
+ break;
+ }
+ DBG1(DBG_CFG, "reauthentication login failed: %N", ck_rv_names, rv);
+ }
+ enumerator->destroy(enumerator);
+
+ if (!found)
+ {
+ DBG1(DBG_CFG, "private key requires reauthentication, but no PIN found");
+ return FALSE;
+ }
+ return success;
+}
+
+METHOD(private_key_t, sign, bool,
+ private_pkcs11_private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *signature)
+{
+ CK_MECHANISM_PTR mechanism;
+ CK_BYTE_PTR buf;
+ CK_ULONG len;
+ CK_RV rv;
+
+ mechanism = pkcs11_signature_scheme_to_mech(scheme);
+ if (!mechanism)
+ {
+ DBG1(DBG_LIB, "signature scheme %N not supported",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+ this->mutex->lock(this->mutex);
+ rv = this->lib->f->C_SignInit(this->session, mechanism, this->object);
+ if (this->reauth && !reauth(this))
+ {
+ return FALSE;
+ }
+ if (rv != CKR_OK)
+ {
+ this->mutex->unlock(this->mutex);
+ DBG1(DBG_LIB, "C_SignInit() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ len = (get_keysize(this) + 7) / 8;
+ buf = malloc(len);
+ rv = this->lib->f->C_Sign(this->session, data.ptr, data.len, buf, &len);
+ this->mutex->unlock(this->mutex);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_LIB, "C_Sign() failed: %N", ck_rv_names, rv);
+ free(buf);
+ return FALSE;
+ }
+ *signature = chunk_create(buf, len);
+ return TRUE;
+}
+
+METHOD(private_key_t, decrypt, bool,
+ private_pkcs11_private_key_t *this, encryption_scheme_t scheme,
+ chunk_t crypt, chunk_t *plain)
+{
+ CK_MECHANISM_PTR mechanism;
+ CK_BYTE_PTR buf;
+ CK_ULONG len;
+ CK_RV rv;
+
+ mechanism = pkcs11_encryption_scheme_to_mech(scheme);
+ if (!mechanism)
+ {
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
+ this->mutex->lock(this->mutex);
+ rv = this->lib->f->C_DecryptInit(this->session, mechanism, this->object);
+ if (this->reauth && !reauth(this))
+ {
+ return FALSE;
+ }
+ if (rv != CKR_OK)
+ {
+ this->mutex->unlock(this->mutex);
+ DBG1(DBG_LIB, "C_DecryptInit() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ len = (get_keysize(this) + 7) / 8;
+ buf = malloc(len);
+ rv = this->lib->f->C_Decrypt(this->session, crypt.ptr, crypt.len, buf, &len);
+ this->mutex->unlock(this->mutex);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_LIB, "C_Decrypt() failed: %N", ck_rv_names, rv);
+ free(buf);
+ return FALSE;
+ }
+ *plain = chunk_create(buf, len);
+ return TRUE;
+}
+
+METHOD(private_key_t, get_public_key, public_key_t*,
+ private_pkcs11_private_key_t *this)
+{
+ return this->pubkey->get_ref(this->pubkey);
+}
+
+METHOD(private_key_t, get_fingerprint, bool,
+ private_pkcs11_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *fingerprint)
+{
+ return this->pubkey->get_fingerprint(this->pubkey, type, fingerprint);
+}
+
+METHOD(private_key_t, get_encoding, bool,
+ private_pkcs11_private_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ return FALSE;
+}
+
+METHOD(private_key_t, get_ref, private_key_t*,
+ private_pkcs11_private_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.key;
+}
+
+METHOD(private_key_t, destroy, void,
+ private_pkcs11_private_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ if (this->pubkey)
+ {
+ this->pubkey->destroy(this->pubkey);
+ }
+ this->mutex->destroy(this->mutex);
+ this->keyid->destroy(this->keyid);
+ this->lib->f->C_CloseSession(this->session);
+ free(this);
+ }
+}
+
+/**
+ * Find the PKCS#11 library by its friendly name
+ */
+static pkcs11_library_t* find_lib(char *module)
+{
+ pkcs11_manager_t *manager;
+ enumerator_t *enumerator;
+ pkcs11_library_t *p11, *found = NULL;
+ CK_SLOT_ID slot;
+
+ manager = pkcs11_manager_get();
+ if (!manager)
+ {
+ return NULL;
+ }
+ enumerator = manager->create_token_enumerator(manager);
+ while (enumerator->enumerate(enumerator, &p11, &slot))
+ {
+ if (streq(module, p11->get_name(p11)))
+ {
+ found = p11;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return found;
+}
+
+/**
+ * Find the PKCS#11 lib having a keyid, and optionally a slot
+ */
+static pkcs11_library_t* find_lib_by_keyid(chunk_t keyid, int *slot)
+{
+ pkcs11_manager_t *manager;
+ enumerator_t *enumerator;
+ pkcs11_library_t *p11, *found = NULL;
+ CK_SLOT_ID current;
+
+ manager = pkcs11_manager_get();
+ if (!manager)
+ {
+ return NULL;
+ }
+ enumerator = manager->create_token_enumerator(manager);
+ while (enumerator->enumerate(enumerator, &p11, &current))
+ {
+ if (*slot == -1 || *slot == current)
+ {
+ /* we look for a public key, it is usually readable without login */
+ CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_ID, keyid.ptr, keyid.len},
+ };
+ CK_OBJECT_HANDLE object;
+ CK_SESSION_HANDLE session;
+ CK_RV rv;
+ enumerator_t *keys;
+
+ rv = p11->f->C_OpenSession(current, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N",
+ ck_rv_names, rv);
+ continue;
+ }
+ keys = p11->create_object_enumerator(p11, session,
+ tmpl, countof(tmpl), NULL, 0);
+ if (keys->enumerate(keys, &object))
+ {
+ DBG1(DBG_CFG, "found key on PKCS#11 token '%s':%d",
+ p11->get_name(p11), current);
+ found = p11;
+ *slot = current;
+ }
+ keys->destroy(keys);
+ p11->f->C_CloseSession(session);
+ if (found)
+ {
+ break;
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+ return found;
+}
+
+/**
+ * Find the key on the token
+ */
+static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid)
+{
+ CK_OBJECT_CLASS class = CKO_PRIVATE_KEY;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_ID, keyid.ptr, keyid.len},
+ };
+ CK_OBJECT_HANDLE object;
+ CK_KEY_TYPE type;
+ CK_BBOOL reauth;
+ CK_ATTRIBUTE attr[] = {
+ {CKA_KEY_TYPE, &type, sizeof(type)},
+ {CKA_ALWAYS_AUTHENTICATE, &reauth, sizeof(reauth)},
+ {CKA_MODULUS, NULL, 0},
+ {CKA_PUBLIC_EXPONENT, NULL, 0},
+ };
+ enumerator_t *enumerator;
+ chunk_t modulus, pubexp;
+
+ enumerator = this->lib->create_object_enumerator(this->lib,
+ this->session, tmpl, countof(tmpl), attr, countof(attr));
+ if (enumerator->enumerate(enumerator, &object))
+ {
+ switch (type)
+ {
+ case CKK_RSA:
+ if (attr[2].ulValueLen == -1 || attr[3].ulValueLen == -1)
+ {
+ DBG1(DBG_CFG, "reading modulus/exponent from PKCS#1 failed");
+ break;
+ }
+ modulus = chunk_create(attr[2].pValue, attr[2].ulValueLen);
+ pubexp = chunk_create(attr[3].pValue, attr[3].ulValueLen);
+ this->pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
+ KEY_RSA, BUILD_RSA_MODULUS, modulus,
+ BUILD_RSA_PUB_EXP, pubexp, BUILD_END);
+ if (!this->pubkey)
+ {
+ DBG1(DBG_CFG, "extracting public key from PKCS#11 RSA "
+ "private key failed");
+ }
+ this->reauth = reauth;
+ this->object = object;
+ break;
+ default:
+ DBG1(DBG_CFG, "PKCS#11 key type %d not supported", type);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return this->pubkey != NULL;
+}
+
+/**
+ * Find a PIN and try to log in
+ */
+static bool login(private_pkcs11_private_key_t *this, int slot)
+{
+ enumerator_t *enumerator;
+ shared_key_t *shared;
+ chunk_t pin;
+ CK_RV rv;
+ CK_SESSION_INFO info;
+ bool found = FALSE, success = FALSE;
+
+ rv = this->lib->f->C_GetSessionInfo(this->session, &info);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "C_GetSessionInfo failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ if (info.state != CKS_RO_PUBLIC_SESSION &&
+ info.state != CKS_RW_PUBLIC_SESSION)
+ { /* already logged in with another session, skip */
+ return TRUE;
+ }
+
+ enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr,
+ SHARED_PIN, this->keyid, NULL);
+ while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
+ {
+ found = TRUE;
+ pin = shared->get_key(shared);
+ rv = this->lib->f->C_Login(this->session, CKU_USER, pin.ptr, pin.len);
+ if (rv == CKR_OK)
+ {
+ success = TRUE;
+ break;
+ }
+ DBG1(DBG_CFG, "login to '%s':%d failed: %N",
+ this->lib->get_name(this->lib), slot, ck_rv_names, rv);
+ }
+ enumerator->destroy(enumerator);
+
+ if (!found)
+ {
+ DBG1(DBG_CFG, "no PIN found for PKCS#11 key %Y", this->keyid);
+ return FALSE;
+ }
+ return success;
+}
+
+/**
+ * See header.
+ */
+pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args)
+{
+ private_pkcs11_private_key_t *this;
+ char *module = NULL;
+ chunk_t keyid = chunk_empty;
+ int slot = -1;
+ CK_RV rv;
+
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_PKCS11_KEYID:
+ keyid = va_arg(args, chunk_t);
+ continue;
+ case BUILD_PKCS11_SLOT:
+ slot = va_arg(args, int);
+ continue;
+ case BUILD_PKCS11_MODULE:
+ module = va_arg(args, char*);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+ if (!keyid.len)
+ {
+ return NULL;
+ }
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .sign = _sign,
+ .decrypt = _decrypt,
+ .get_keysize = _get_keysize,
+ .get_public_key = _get_public_key,
+ .equals = private_key_equals,
+ .belongs_to = private_key_belongs_to,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = private_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .ref = 1,
+ );
+
+ if (module && slot != -1)
+ {
+ this->lib = find_lib(module);
+ if (!this->lib)
+ {
+ DBG1(DBG_CFG, "PKCS#11 module '%s' not found", module);
+ free(this);
+ return NULL;
+ }
+ }
+ else
+ {
+ this->lib = find_lib_by_keyid(keyid, &slot);
+ if (!this->lib)
+ {
+ DBG1(DBG_CFG, "no PKCS#11 module found having a keyid %#B", &keyid);
+ free(this);
+ return NULL;
+ }
+ }
+
+ rv = this->lib->f->C_OpenSession(slot, CKF_SERIAL_SESSION,
+ NULL, NULL, &this->session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening private key session on '%s':%d failed: %N",
+ module, slot, ck_rv_names, rv);
+ free(this);
+ return NULL;
+ }
+
+ this->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
+ this->keyid = identification_create_from_encoding(ID_KEY_ID, keyid);
+
+ if (!login(this, slot))
+ {
+ destroy(this);
+ return NULL;
+ }
+
+ if (!find_key(this, keyid))
+ {
+ destroy(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h
new file mode 100644
index 000000000..428913f0a
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11_private_key pkcs11_private_key
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_PRIVATE_KEY_H_
+#define PKCS11_PRIVATE_KEY_H_
+
+typedef struct pkcs11_private_key_t pkcs11_private_key_t;
+
+#include <credentials/builder.h>
+#include <credentials/keys/private_key.h>
+
+#include "pkcs11.h"
+
+/**
+ * Private Key implementation on top of PKCS#11.
+ */
+struct pkcs11_private_key_t {
+
+ /**
+ * Implements private_key_t interface.
+ */
+ private_key_t key;
+};
+
+/**
+ * Open a private key on a PKCS#11 device.
+ *
+ * Accepts the BUILD_SMARTCARD_KEYID and the BUILD_SMARTCARD_PIN arguments.
+ *
+ * @param type type of the key
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args);
+
+/**
+ * Get the Cryptoki mechanism for a signature scheme.
+ */
+CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme);
+
+/**
+ * Get the Cryptoki mechanism for a encryption scheme.
+ */
+CK_MECHANISM_PTR pkcs11_encryption_scheme_to_mech(encryption_scheme_t scheme);
+
+#endif /** PKCS11_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
new file mode 100644
index 000000000..8d32d9a3f
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c
@@ -0,0 +1,473 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pkcs11_public_key.h"
+
+#include "pkcs11.h"
+#include "pkcs11_private_key.h"
+#include "pkcs11_manager.h"
+
+#include <debug.h>
+#include <threading/mutex.h>
+
+typedef struct private_pkcs11_public_key_t private_pkcs11_public_key_t;
+
+/**
+ * Private data of an pkcs11_public_key_t object.
+ */
+struct private_pkcs11_public_key_t {
+
+ /**
+ * Public pkcs11_public_key_t interface.
+ */
+ pkcs11_public_key_t public;
+
+ /**
+ * Type of the key
+ */
+ key_type_t type;
+
+ /**
+ * Key size in bytes
+ */
+ size_t k;
+
+ /**
+ * PKCS#11 library this key uses
+ */
+ pkcs11_library_t *lib;
+
+ /**
+ * Slot the token is in
+ */
+ CK_SLOT_ID slot;
+
+ /**
+ * Session we use
+ */
+ CK_SESSION_HANDLE session;
+
+ /**
+ * Object handle to the key
+ */
+ CK_OBJECT_HANDLE object;
+
+ /**
+ * Mutex to lock session
+ */
+ mutex_t *mutex;
+
+ /**
+ * References to this key
+ */
+ refcount_t ref;
+};
+
+METHOD(public_key_t, get_type, key_type_t,
+ private_pkcs11_public_key_t *this)
+{
+ return this->type;
+}
+
+METHOD(public_key_t, get_keysize, int,
+ private_pkcs11_public_key_t *this)
+{
+ return this->k * 8;
+}
+
+METHOD(public_key_t, verify, bool,
+ private_pkcs11_public_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t sig)
+{
+ CK_MECHANISM_PTR mechanism;
+ CK_RV rv;
+
+ mechanism = pkcs11_signature_scheme_to_mech(scheme);
+ if (!mechanism)
+ {
+ DBG1(DBG_LIB, "signature scheme %N not supported",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+ if (sig.len && sig.ptr[0] == 0)
+ { /* trim leading zero byte in sig */
+ sig = chunk_skip(sig, 1);
+ }
+ this->mutex->lock(this->mutex);
+ rv = this->lib->f->C_VerifyInit(this->session, mechanism, this->object);
+ if (rv != CKR_OK)
+ {
+ this->mutex->unlock(this->mutex);
+ DBG1(DBG_LIB, "C_VerifyInit() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ rv = this->lib->f->C_Verify(this->session, data.ptr, data.len,
+ sig.ptr, sig.len);
+ this->mutex->unlock(this->mutex);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_LIB, "C_Verify() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ return TRUE;
+}
+
+METHOD(public_key_t, encrypt, bool,
+ private_pkcs11_public_key_t *this, encryption_scheme_t scheme,
+ chunk_t plain, chunk_t *crypt)
+{
+ CK_MECHANISM_PTR mechanism;
+ CK_BYTE_PTR buf;
+ CK_ULONG len;
+ CK_RV rv;
+
+ mechanism = pkcs11_encryption_scheme_to_mech(scheme);
+ if (!mechanism)
+ {
+ DBG1(DBG_LIB, "encryption scheme %N not supported",
+ encryption_scheme_names, scheme);
+ return FALSE;
+ }
+ this->mutex->lock(this->mutex);
+ rv = this->lib->f->C_EncryptInit(this->session, mechanism, this->object);
+ if (rv != CKR_OK)
+ {
+ this->mutex->unlock(this->mutex);
+ DBG1(DBG_LIB, "C_EncryptInit() failed: %N", ck_rv_names, rv);
+ return FALSE;
+ }
+ len = (get_keysize(this) + 7) / 8;
+ buf = malloc(len);
+ rv = this->lib->f->C_Encrypt(this->session, plain.ptr, plain.len, buf, &len);
+ this->mutex->unlock(this->mutex);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_LIB, "C_Encrypt() failed: %N", ck_rv_names, rv);
+ free(buf);
+ return FALSE;
+ }
+ *crypt = chunk_create(buf, len);
+ return TRUE;
+}
+
+/**
+ * Encode RSA key using a given encoding type
+ */
+static bool encode_rsa(private_pkcs11_public_key_t *this,
+ cred_encoding_type_t type, void *cache, chunk_t *encoding)
+{
+ CK_RV rv;
+ bool success = FALSE;
+ chunk_t n, e;
+ CK_ATTRIBUTE attr[] = {
+ {CKA_MODULUS, NULL, 0},
+ {CKA_PUBLIC_EXPONENT, NULL, 0},
+ };
+
+ rv = this->lib->f->C_GetAttributeValue(this->session, this->object,
+ attr, countof(attr));
+ if (rv != CKR_OK ||
+ attr[0].ulValueLen == 0 || attr[0].ulValueLen == -1 ||
+ attr[1].ulValueLen == 0 || attr[1].ulValueLen == -1)
+ {
+ return FALSE;
+ }
+ attr[0].pValue = malloc(attr[0].ulValueLen);
+ attr[1].pValue = malloc(attr[1].ulValueLen);
+ rv = this->lib->f->C_GetAttributeValue(this->session, this->object,
+ attr, countof(attr));
+ if (rv == CKR_OK)
+ {
+ n = chunk_create(attr[0].pValue, attr[0].ulValueLen);
+ e = chunk_create(attr[1].pValue, attr[1].ulValueLen);
+ success = lib->encoding->encode(lib->encoding, type, cache, encoding,
+ CRED_PART_RSA_MODULUS, n, CRED_PART_RSA_PUB_EXP, e, CRED_PART_END);
+ }
+ free(attr[0].pValue);
+ free(attr[1].pValue);
+ return success;
+}
+
+METHOD(public_key_t, get_encoding, bool,
+ private_pkcs11_public_key_t *this, cred_encoding_type_t type,
+ chunk_t *encoding)
+{
+ switch (this->type)
+ {
+ case KEY_RSA:
+ return encode_rsa(this, type, NULL, encoding);
+ default:
+ return FALSE;
+ }
+}
+
+METHOD(public_key_t, get_fingerprint, bool,
+ private_pkcs11_public_key_t *this, cred_encoding_type_t type, chunk_t *fp)
+{
+ if (lib->encoding->get_cache(lib->encoding, type, this, fp))
+ {
+ return TRUE;
+ }
+ switch (this->type)
+ {
+ case KEY_RSA:
+ return encode_rsa(this, type, this, fp);
+ default:
+ return FALSE;
+ }
+}
+
+METHOD(public_key_t, get_ref, public_key_t*,
+ private_pkcs11_public_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.key;
+}
+
+METHOD(public_key_t, destroy, void,
+ private_pkcs11_public_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ lib->encoding->clear_cache(lib->encoding, this);
+ this->lib->f->C_CloseSession(this->session);
+ this->mutex->destroy(this->mutex);
+ free(this);
+ }
+}
+
+/**
+ * Create an empty PKCS#11 public key
+ */
+static private_pkcs11_public_key_t *create(key_type_t type, size_t k,
+ pkcs11_library_t *p11, CK_SLOT_ID slot,
+ CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object)
+{
+ private_pkcs11_public_key_t *this;
+
+ INIT(this,
+ .public = {
+ .key = {
+ .get_type = _get_type,
+ .verify = _verify,
+ .encrypt = _encrypt,
+ .equals = public_key_equals,
+ .get_keysize = _get_keysize,
+ .get_fingerprint = _get_fingerprint,
+ .has_fingerprint = public_key_has_fingerprint,
+ .get_encoding = _get_encoding,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ },
+ .type = type,
+ .k = k,
+ .lib = p11,
+ .slot = slot,
+ .session = session,
+ .object = object,
+ .mutex = mutex_create(MUTEX_TYPE_DEFAULT),
+ .ref = 1,
+ );
+
+ return this;
+}
+
+/**
+ * Find a key object, including PKCS11 library and slot
+ */
+static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e)
+{
+ private_pkcs11_public_key_t *this = NULL;
+ pkcs11_manager_t *manager;
+ enumerator_t *enumerator, *keys;
+ pkcs11_library_t *p11;
+ CK_SLOT_ID slot;
+
+ manager = pkcs11_manager_get();
+ if (!manager)
+ {
+ return NULL;
+ }
+
+ enumerator = manager->create_token_enumerator(manager);
+ while (enumerator->enumerate(enumerator, &p11, &slot))
+ {
+ CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
+ CK_KEY_TYPE type = CKK_RSA;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_KEY_TYPE, &type, sizeof(type)},
+ {CKA_MODULUS, n.ptr, n.len},
+ {CKA_PUBLIC_EXPONENT, e.ptr, e.len},
+ };
+ CK_OBJECT_HANDLE object;
+ CK_SESSION_HANDLE session;
+ CK_RV rv;
+
+ rv = p11->f->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv);
+ continue;
+ }
+ keys = p11->create_object_enumerator(p11, session,
+ tmpl, countof(tmpl), NULL, 0);
+ if (keys->enumerate(keys, &object))
+ {
+ this = create(KEY_RSA, n.len, p11, slot, session, object);
+ keys->destroy(keys);
+ break;
+ }
+ keys->destroy(keys);
+ p11->f->C_CloseSession(session);
+ }
+ enumerator->destroy(enumerator);
+ return this;
+}
+
+/**
+ * Create a key object in a suitable token session
+ */
+static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e)
+{
+ private_pkcs11_public_key_t *this = NULL;
+ pkcs11_manager_t *manager;
+ enumerator_t *enumerator, *mechs;
+ pkcs11_library_t *p11;
+ CK_SLOT_ID slot;
+
+ manager = pkcs11_manager_get();
+ if (!manager)
+ {
+ return NULL;
+ }
+
+ enumerator = manager->create_token_enumerator(manager);
+ while (enumerator->enumerate(enumerator, &p11, &slot))
+ {
+ CK_MECHANISM_TYPE mech;
+ CK_MECHANISM_INFO info;
+ CK_OBJECT_CLASS class = CKO_PUBLIC_KEY;
+ CK_KEY_TYPE type = CKK_RSA;
+ CK_ATTRIBUTE tmpl[] = {
+ {CKA_CLASS, &class, sizeof(class)},
+ {CKA_KEY_TYPE, &type, sizeof(type)},
+ {CKA_MODULUS, n.ptr, n.len},
+ {CKA_PUBLIC_EXPONENT, e.ptr, e.len}
+ };
+ CK_OBJECT_HANDLE object;
+ CK_SESSION_HANDLE session;
+ CK_RV rv;
+
+ mechs = p11->create_mechanism_enumerator(p11, slot);
+ while (mechs->enumerate(mechs, &mech, &info))
+ {
+ if (!(info.flags & CKF_VERIFY))
+ {
+ continue;
+ }
+ switch (mech)
+ {
+ case CKM_RSA_PKCS:
+ case CKM_SHA1_RSA_PKCS:
+ case CKM_SHA256_RSA_PKCS:
+ case CKM_SHA384_RSA_PKCS:
+ case CKM_SHA512_RSA_PKCS:
+ case CKM_MD5_RSA_PKCS:
+ break;
+ default:
+ continue;
+ }
+ rv = p11->f->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL,
+ &session);
+ if (rv != CKR_OK)
+ {
+ DBG1(DBG_CFG, "opening PKCS#11 session failed: %N",
+ ck_rv_names, rv);
+ continue;
+ }
+ rv = p11->f->C_CreateObject(session, tmpl, countof(tmpl), &object);
+ if (rv == CKR_OK)
+ {
+ this = create(KEY_RSA, n.len, p11, slot, session, object);
+ DBG2(DBG_CFG, "created RSA public key on token '%s':%d ",
+ p11->get_name(p11), slot);
+ break;
+ }
+ else
+ {
+ DBG1(DBG_CFG, "creating RSA public key on token '%s':%d "
+ "failed: %N", p11->get_name(p11), slot, ck_rv_names, rv);
+ p11->f->C_CloseSession(session);
+ }
+ }
+ mechs->destroy(mechs);
+ if (this)
+ {
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ return this;
+}
+
+/**
+ * See header
+ */
+pkcs11_public_key_t *pkcs11_public_key_load(key_type_t type, va_list args)
+{
+ private_pkcs11_public_key_t *this;
+ chunk_t n, e;
+
+ n = e = chunk_empty;
+ while (TRUE)
+ {
+ switch (va_arg(args, builder_part_t))
+ {
+ case BUILD_RSA_MODULUS:
+ n = va_arg(args, chunk_t);
+ continue;
+ case BUILD_RSA_PUB_EXP:
+ e = va_arg(args, chunk_t);
+ continue;
+ case BUILD_END:
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ }
+ if (type == KEY_RSA && e.ptr && n.ptr)
+ {
+ if (n.len && n.ptr[0] == 0)
+ { /* trim leading zero byte in modulus */
+ n = chunk_skip(n, 1);
+ }
+ this = find_rsa_key(n, e);
+ if (this)
+ {
+ return &this->public;
+ }
+ this = create_rsa_key(n, e);
+ if (this)
+ {
+ return &this->public;
+ }
+ }
+ return NULL;
+}
+
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h
new file mode 100644
index 000000000..4fd94620e
--- /dev/null
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pkcs11_public_key pkcs11_public_key
+ * @{ @ingroup pkcs11
+ */
+
+#ifndef PKCS11_PUBLIC_KEY_H_
+#define PKCS11_PUBLIC_KEY_H_
+
+typedef struct pkcs11_public_key_t pkcs11_public_key_t;
+
+#include <credentials/builder.h>
+#include <credentials/keys/private_key.h>
+
+/**
+ * PKCS#11 based public key implementation.
+ */
+struct pkcs11_public_key_t {
+
+ /**
+ * Implements public_key_t.
+ */
+ public_key_t key;
+};
+
+/**
+ * Create a public key in a PKCS#11 session.
+ *
+ * @param type type of the key
+ * @param args builder_part_t argument list
+ * @return loaded key, NULL on failure
+ */
+pkcs11_public_key_t *pkcs11_public_key_load(key_type_t type, va_list args);
+
+#endif /** PKCS11_PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c
index 336d0bc02..e1427bf15 100644
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@@ -189,7 +189,6 @@ static bool load(private_plugin_loader_t *this, char *path, char *list)
plugin = load_plugin(this, path, token);
if (plugin)
{
- /* insert in front to destroy them in reverse order */
this->plugins->insert_last(this->plugins, plugin);
this->names->insert_last(this->names, token);
}
@@ -215,12 +214,13 @@ static void unload(private_plugin_loader_t *this)
plugin_t *plugin;
char *name;
- while (this->plugins->remove_first(this->plugins,
+ /* unload plugins in reverse order */
+ while (this->plugins->remove_last(this->plugins,
(void**)&plugin) == SUCCESS)
{
plugin->destroy(plugin);
}
- while (this->names->remove_first(this->names, (void**)&name) == SUCCESS)
+ while (this->names->remove_last(this->names, (void**)&name) == SUCCESS)
{
free(name);
}
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index 4dc5985cd..495223855 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -197,14 +200,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -244,7 +257,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
index b0eabc9ee..6f41ada2a 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
@@ -50,7 +50,7 @@ plugin_t *pubkey_plugin_create()
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, FALSE,
(builder_function_t)pubkey_cert_wrap);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index af929080d..efd24c761 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -197,14 +200,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -244,7 +257,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in
index 871566e65..16a9d21c5 100644
--- a/src/libstrongswan/plugins/revocation/Makefile.in
+++ b/src/libstrongswan/plugins/revocation/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -168,6 +169,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -199,14 +202,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -221,24 +227,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -246,7 +259,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/revocation/revocation_plugin.c b/src/libstrongswan/plugins/revocation/revocation_plugin.c
index d352a9583..02393b907 100644
--- a/src/libstrongswan/plugins/revocation/revocation_plugin.c
+++ b/src/libstrongswan/plugins/revocation/revocation_plugin.c
@@ -52,7 +52,11 @@ plugin_t *revocation_plugin_create()
private_revocation_plugin_t *this;
INIT(this,
- .public.plugin.destroy = _destroy,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
.validator = revocation_validator_create(),
);
lib->credmgr->add_validator(lib->credmgr, &this->validator->validator);
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index 703764e5e..1036bedfc 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -196,14 +199,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -243,7 +256,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index 5e490f2e5..579e6f9b0 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -164,6 +165,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -195,14 +198,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -217,24 +223,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -242,7 +255,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index 6d81d0d81..9c9b57f98 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -167,6 +168,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -198,14 +201,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -220,24 +226,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -245,7 +258,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am
index 6d3b05d19..049301977 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.am
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.am
@@ -13,9 +13,14 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors_plugin.h test_vectors_plugin.c test_vectors.h \
test_vectors/3des_cbc.c \
test_vectors/aes_cbc.c \
+ test_vectors/aes_ctr.c \
test_vectors/aes_xcbc.c \
+ test_vectors/aes_ccm.c \
+ test_vectors/aes_gcm.c \
test_vectors/blowfish.c \
test_vectors/camellia_cbc.c \
+ test_vectors/camellia_ctr.c \
+ test_vectors/camellia_xcbc.c \
test_vectors/cast.c \
test_vectors/des.c \
test_vectors/idea.c \
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index 20a6db81e..9be3f825a 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -75,10 +76,11 @@ am__installdirs = "$(DESTDIR)$(plugindir)"
LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES)
libstrongswan_test_vectors_la_LIBADD =
am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \
- 3des_cbc.lo aes_cbc.lo aes_xcbc.lo blowfish.lo camellia_cbc.lo \
- cast.lo des.lo idea.lo null.lo rc5.lo serpent_cbc.lo \
- twofish_cbc.lo md2.lo md4.lo md5.lo md5_hmac.lo sha1.lo \
- sha1_hmac.lo sha2.lo sha2_hmac.lo fips_prf.lo rng.lo
+ 3des_cbc.lo aes_cbc.lo aes_ctr.lo aes_xcbc.lo aes_ccm.lo \
+ aes_gcm.lo blowfish.lo camellia_cbc.lo camellia_ctr.lo \
+ camellia_xcbc.lo cast.lo des.lo idea.lo null.lo rc5.lo \
+ serpent_cbc.lo twofish_cbc.lo md2.lo md4.lo md5.lo md5_hmac.lo \
+ sha1.lo sha1_hmac.lo sha2.lo sha2_hmac.lo fips_prf.lo rng.lo
libstrongswan_test_vectors_la_OBJECTS = \
$(am_libstrongswan_test_vectors_la_OBJECTS)
libstrongswan_test_vectors_la_LINK = $(LIBTOOL) --tag=CC \
@@ -171,6 +173,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -202,14 +206,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -224,24 +231,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -249,7 +263,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
@@ -269,9 +286,14 @@ libstrongswan_test_vectors_la_SOURCES = \
test_vectors_plugin.h test_vectors_plugin.c test_vectors.h \
test_vectors/3des_cbc.c \
test_vectors/aes_cbc.c \
+ test_vectors/aes_ctr.c \
test_vectors/aes_xcbc.c \
+ test_vectors/aes_ccm.c \
+ test_vectors/aes_gcm.c \
test_vectors/blowfish.c \
test_vectors/camellia_cbc.c \
+ test_vectors/camellia_ctr.c \
+ test_vectors/camellia_xcbc.c \
test_vectors/cast.c \
test_vectors/des.c \
test_vectors/idea.c \
@@ -376,9 +398,14 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/3des_cbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_cbc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_ccm.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_ctr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_gcm.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_xcbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/blowfish.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/camellia_cbc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/camellia_ctr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/camellia_xcbc.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cast.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/des.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fips_prf.Plo@am__quote@
@@ -433,6 +460,13 @@ aes_cbc.lo: test_vectors/aes_cbc.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_cbc.lo `test -f 'test_vectors/aes_cbc.c' || echo '$(srcdir)/'`test_vectors/aes_cbc.c
+aes_ctr.lo: test_vectors/aes_ctr.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_ctr.lo -MD -MP -MF $(DEPDIR)/aes_ctr.Tpo -c -o aes_ctr.lo `test -f 'test_vectors/aes_ctr.c' || echo '$(srcdir)/'`test_vectors/aes_ctr.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_ctr.Tpo $(DEPDIR)/aes_ctr.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_ctr.c' object='aes_ctr.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_ctr.lo `test -f 'test_vectors/aes_ctr.c' || echo '$(srcdir)/'`test_vectors/aes_ctr.c
+
aes_xcbc.lo: test_vectors/aes_xcbc.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_xcbc.lo -MD -MP -MF $(DEPDIR)/aes_xcbc.Tpo -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_xcbc.Tpo $(DEPDIR)/aes_xcbc.Plo
@@ -440,6 +474,20 @@ aes_xcbc.lo: test_vectors/aes_xcbc.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c
+aes_ccm.lo: test_vectors/aes_ccm.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_ccm.lo -MD -MP -MF $(DEPDIR)/aes_ccm.Tpo -c -o aes_ccm.lo `test -f 'test_vectors/aes_ccm.c' || echo '$(srcdir)/'`test_vectors/aes_ccm.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_ccm.Tpo $(DEPDIR)/aes_ccm.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_ccm.c' object='aes_ccm.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_ccm.lo `test -f 'test_vectors/aes_ccm.c' || echo '$(srcdir)/'`test_vectors/aes_ccm.c
+
+aes_gcm.lo: test_vectors/aes_gcm.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_gcm.lo -MD -MP -MF $(DEPDIR)/aes_gcm.Tpo -c -o aes_gcm.lo `test -f 'test_vectors/aes_gcm.c' || echo '$(srcdir)/'`test_vectors/aes_gcm.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_gcm.Tpo $(DEPDIR)/aes_gcm.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_gcm.c' object='aes_gcm.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_gcm.lo `test -f 'test_vectors/aes_gcm.c' || echo '$(srcdir)/'`test_vectors/aes_gcm.c
+
blowfish.lo: test_vectors/blowfish.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT blowfish.lo -MD -MP -MF $(DEPDIR)/blowfish.Tpo -c -o blowfish.lo `test -f 'test_vectors/blowfish.c' || echo '$(srcdir)/'`test_vectors/blowfish.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/blowfish.Tpo $(DEPDIR)/blowfish.Plo
@@ -454,6 +502,20 @@ camellia_cbc.lo: test_vectors/camellia_cbc.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o camellia_cbc.lo `test -f 'test_vectors/camellia_cbc.c' || echo '$(srcdir)/'`test_vectors/camellia_cbc.c
+camellia_ctr.lo: test_vectors/camellia_ctr.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT camellia_ctr.lo -MD -MP -MF $(DEPDIR)/camellia_ctr.Tpo -c -o camellia_ctr.lo `test -f 'test_vectors/camellia_ctr.c' || echo '$(srcdir)/'`test_vectors/camellia_ctr.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/camellia_ctr.Tpo $(DEPDIR)/camellia_ctr.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/camellia_ctr.c' object='camellia_ctr.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o camellia_ctr.lo `test -f 'test_vectors/camellia_ctr.c' || echo '$(srcdir)/'`test_vectors/camellia_ctr.c
+
+camellia_xcbc.lo: test_vectors/camellia_xcbc.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT camellia_xcbc.lo -MD -MP -MF $(DEPDIR)/camellia_xcbc.Tpo -c -o camellia_xcbc.lo `test -f 'test_vectors/camellia_xcbc.c' || echo '$(srcdir)/'`test_vectors/camellia_xcbc.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/camellia_xcbc.Tpo $(DEPDIR)/camellia_xcbc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/camellia_xcbc.c' object='camellia_xcbc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o camellia_xcbc.lo `test -f 'test_vectors/camellia_xcbc.c' || echo '$(srcdir)/'`test_vectors/camellia_xcbc.c
+
cast.lo: test_vectors/cast.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cast.lo -MD -MP -MF $(DEPDIR)/cast.Tpo -c -o cast.lo `test -f 'test_vectors/cast.c' || echo '$(srcdir)/'`test_vectors/cast.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/cast.Tpo $(DEPDIR)/cast.Plo
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h
index b182dd829..ab4689c1c 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors.h
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h
@@ -19,6 +19,15 @@ TEST_VECTOR_CRYPTER(aes_cbc3)
TEST_VECTOR_CRYPTER(aes_cbc4)
TEST_VECTOR_CRYPTER(aes_cbc5)
TEST_VECTOR_CRYPTER(aes_cbc6)
+TEST_VECTOR_CRYPTER(aes_ctr1)
+TEST_VECTOR_CRYPTER(aes_ctr2)
+TEST_VECTOR_CRYPTER(aes_ctr3)
+TEST_VECTOR_CRYPTER(aes_ctr4)
+TEST_VECTOR_CRYPTER(aes_ctr5)
+TEST_VECTOR_CRYPTER(aes_ctr6)
+TEST_VECTOR_CRYPTER(aes_ctr7)
+TEST_VECTOR_CRYPTER(aes_ctr8)
+TEST_VECTOR_CRYPTER(aes_ctr9)
TEST_VECTOR_CRYPTER(blowfish1)
TEST_VECTOR_CRYPTER(blowfish2)
TEST_VECTOR_CRYPTER(camellia_cbc1)
@@ -27,6 +36,15 @@ TEST_VECTOR_CRYPTER(camellia_cbc3)
TEST_VECTOR_CRYPTER(camellia_cbc4)
TEST_VECTOR_CRYPTER(camellia_cbc5)
TEST_VECTOR_CRYPTER(camellia_cbc6)
+TEST_VECTOR_CRYPTER(camellia_ctr1)
+TEST_VECTOR_CRYPTER(camellia_ctr2)
+TEST_VECTOR_CRYPTER(camellia_ctr3)
+TEST_VECTOR_CRYPTER(camellia_ctr4)
+TEST_VECTOR_CRYPTER(camellia_ctr5)
+TEST_VECTOR_CRYPTER(camellia_ctr6)
+TEST_VECTOR_CRYPTER(camellia_ctr7)
+TEST_VECTOR_CRYPTER(camellia_ctr8)
+TEST_VECTOR_CRYPTER(camellia_ctr9)
TEST_VECTOR_CRYPTER(cast1)
TEST_VECTOR_CRYPTER(des_cbc1)
TEST_VECTOR_CRYPTER(des_cbc2)
@@ -49,11 +67,31 @@ TEST_VECTOR_CRYPTER(twofish_cbc1)
TEST_VECTOR_CRYPTER(twofish_cbc2)
TEST_VECTOR_CRYPTER(twofish_cbc3)
+TEST_VECTOR_AEAD(aes_ccm1)
+TEST_VECTOR_AEAD(aes_ccm2)
+TEST_VECTOR_AEAD(aes_ccm3)
+TEST_VECTOR_AEAD(aes_ccm4)
+TEST_VECTOR_AEAD(aes_ccm5)
+TEST_VECTOR_AEAD(aes_ccm6)
+TEST_VECTOR_AEAD(aes_ccm7)
+TEST_VECTOR_AEAD(aes_ccm8)
+TEST_VECTOR_AEAD(aes_ccm9)
+TEST_VECTOR_AEAD(aes_ccm10)
+TEST_VECTOR_AEAD(aes_ccm11)
+TEST_VECTOR_AEAD(aes_gcm1)
+TEST_VECTOR_AEAD(aes_gcm2)
+TEST_VECTOR_AEAD(aes_gcm3)
+TEST_VECTOR_AEAD(aes_gcm4)
+TEST_VECTOR_AEAD(aes_gcm5)
+TEST_VECTOR_AEAD(aes_gcm6)
+TEST_VECTOR_AEAD(aes_gcm7)
+
TEST_VECTOR_SIGNER(aes_xcbc_s1)
TEST_VECTOR_SIGNER(aes_xcbc_s2)
TEST_VECTOR_SIGNER(aes_xcbc_s3)
TEST_VECTOR_SIGNER(aes_xcbc_s4)
TEST_VECTOR_SIGNER(aes_xcbc_s5)
+TEST_VECTOR_SIGNER(camellia_xcbc_s1)
TEST_VECTOR_SIGNER(md5_hmac_s1)
TEST_VECTOR_SIGNER(md5_hmac_s2)
TEST_VECTOR_SIGNER(md5_hmac_s3)
@@ -118,6 +156,9 @@ TEST_VECTOR_PRF(aes_xcbc_p4)
TEST_VECTOR_PRF(aes_xcbc_p5)
TEST_VECTOR_PRF(aes_xcbc_p6)
TEST_VECTOR_PRF(aes_xcbc_p7)
+TEST_VECTOR_PRF(camellia_xcbc_p1)
+TEST_VECTOR_PRF(camellia_xcbc_p2)
+TEST_VECTOR_PRF(camellia_xcbc_p3)
TEST_VECTOR_PRF(md5_hmac_p1)
TEST_VECTOR_PRF(md5_hmac_p2)
TEST_VECTOR_PRF(md5_hmac_p3)
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c
new file mode 100644
index 000000000..8de180ad5
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ccm.c
@@ -0,0 +1,157 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * Test vectors with 11 bytes nonces are hard to find, neither RFC3610 nor
+ * NIST 800-38C has one. These vectors are taken from the Linux kernel,
+ * originally from "fips cavs fax files on hand at Red Hat".
+ */
+aead_test_vector_t aes_ccm1 = {
+ .alg = ENCR_AES_CCM_ICV16, .key_size = 16, .len = 32, .alen = 0,
+ .key = "\x83\xac\x54\x66\xc2\xeb\xe5\x05\x2e\x01\xd1\xfc\x5d\x82\x66\x2e"
+ "\x96\xac\x59",
+ .iv = "\x30\x07\xa1\xe2\xa2\xc7\x55\x24",
+ .plain = "\x19\xc8\x81\xf6\xe9\x86\xff\x93\x0b\x78\x67\xe5\xbb\xb7\xfc\x6e"
+ "\x83\x77\xb3\xa6\x0c\x8c\x9f\x9c\x35\x2e\xad\xe0\x62\xf9\x91\xa1",
+ .cipher = "\xab\x6f\xe1\x69\x1d\x19\x99\xa8\x92\xa0\xc4\x6f\x7e\xe2\x8b\xb1"
+ "\x70\xbb\x8c\xa6\x4c\x6e\x97\x8a\x57\x2b\xbe\x5d\x98\xa6\xb1\x32"
+ "\xda\x24\xea\xd9\xa1\x39\x98\xfd\xa4\xbe\xd9\xf2\x1a\x6d\x22\xa8",
+};
+
+aead_test_vector_t aes_ccm2 = {
+ .alg = ENCR_AES_CCM_ICV16, .key_size = 16, .len = 32, .alen = 32,
+ .key = "\x1e\x2c\x7e\x01\x41\x9a\xef\xc0\x0d\x58\x96\x6e\x5c\xa2\x4b\xd3"
+ "\x4f\xa3\x19",
+ .iv = "\xd3\x01\x5a\xd8\x30\x60\x15\x56",
+ .adata = "\xda\xe6\x28\x9c\x45\x2d\xfd\x63\x5e\xda\x4c\xb6\xe6\xfc\xf9\xb7"
+ "\x0c\x56\xcb\xe4\xe0\x05\x7a\xe1\x0a\x63\x09\x78\xbc\x2c\x55\xde",
+ .plain = "\x87\xa3\x36\xfd\x96\xb3\x93\x78\xa9\x28\x63\xba\x12\xa3\x14\x85"
+ "\x57\x1e\x06\xc9\x7b\x21\xef\x76\x7f\x38\x7e\x8e\x29\xa4\x3e\x7e",
+ .cipher = "\x8a\x1e\x11\xf0\x02\x6b\xe2\x19\xfc\x70\xc4\x6d\x8e\xb7\x99\xab"
+ "\xc5\x4b\xa2\xac\xd3\xf3\x48\xff\x3b\xb5\xce\x53\xef\xde\xbb\x02"
+ "\xa9\x86\x15\x6c\x13\xfe\xda\x0a\x22\xb8\x29\x3d\xd8\x39\x9a\x23",
+};
+
+aead_test_vector_t aes_ccm3 = {
+ .alg = ENCR_AES_CCM_ICV16, .key_size = 24, .len = 0, .alen = 32,
+ .key = "\xf4\x6b\xc2\x75\x62\xfe\xb4\xe1\xa3\xf0\xff\xdd\x4e\x4b\x12\x75"
+ "\x53\x14\x73\x66\x8d\x88\xf6\x80\xa0\x20\x35",
+ .iv = "\x26\xf2\x21\x8d\x50\x20\xda\xe2",
+ .adata = "\x5b\x9e\x13\x67\x02\x5e\xef\xc1\x6c\xf9\xd7\x1e\x52\x8f\x7a\x47"
+ "\xe9\xd4\xcf\x20\x14\x6e\xf0\x2d\xd8\x9e\x2b\x56\x10\x23\x56\xe7",
+ .cipher = "\x36\xea\x7a\x70\x08\xdc\x6a\xbc\xad\x0c\x7a\x63\xf6\x61\xfd\x9b",
+};
+
+aead_test_vector_t aes_ccm4 = {
+ .alg = ENCR_AES_CCM_ICV16, .key_size = 24, .len = 32, .alen = 32,
+ .key = "\x56\xdf\x5c\x8f\x26\x3f\x0e\x42\xef\x7a\xd3\xce\xfc\x84\x60\x62"
+ "\xca\xb4\x40\xaf\x5f\xc9\xc9\x01\xd6\x3c\x8c",
+ .iv = "\x86\x84\xb6\xcd\xef\x09\x2e\x94",
+ .adata = "\x02\x65\x78\x3c\xe9\x21\x30\x91\xb1\xb9\xda\x76\x9a\x78\x6d\x95"
+ "\xf2\x88\x32\xa3\xf2\x50\xcb\x4c\xe3\x00\x73\x69\x84\x69\x87\x79",
+ .plain = "\x9f\xd2\x02\x4b\x52\x49\x31\x3c\x43\x69\x3a\x2d\x8e\x70\xad\x7e"
+ "\xe0\xe5\x46\x09\x80\x89\x13\xb2\x8c\x8b\xd9\x3f\x86\xfb\xb5\x6b",
+ .cipher = "\x39\xdf\x7c\x3c\x5a\x29\xb9\x62\x5d\x51\xc2\x16\xd8\xbd\x06\x9f"
+ "\x9b\x6a\x09\x70\xc1\x51\x83\xc2\x66\x88\x1d\x4f\x9a\xda\xe0\x1e"
+ "\xc7\x79\x11\x58\xe5\x6b\x20\x40\x7a\xea\x46\x42\x8b\xe4\x6f\xe1",
+};
+
+aead_test_vector_t aes_ccm5 = {
+ .alg = ENCR_AES_CCM_ICV8, .key_size = 32, .len = 32, .alen = 32,
+ .key = "\xe0\x8d\x99\x71\x60\xd7\x97\x1a\xbd\x01\x99\xd5\x8a\xdf\x71\x3a"
+ "\xd3\xdf\x24\x4b\x5e\x3d\x4b\x4e\x30\x7a\xb9\xd8\x53\x0a\x5e\x2b"
+ "\x1e\x29\x91",
+ .iv = "\xad\x8e\xc1\x53\x0a\xcf\x2d\xbe",
+ .adata = "\x19\xb6\x1f\x57\xc4\xf3\xf0\x8b\x78\x2b\x94\x02\x29\x0f\x42\x27"
+ "\x6b\x75\xcb\x98\x34\x08\x7e\x79\xe4\x3e\x49\x0d\x84\x8b\x22\x87",
+ .plain = "\xe1\xd9\xd8\x13\xeb\x3a\x75\x3f\x9d\xbd\x5f\x66\xbe\xdc\xbb\x66"
+ "\xbf\x17\x99\x62\x4a\x39\x27\x1f\x1d\xdc\x24\xae\x19\x2f\x98\x4c",
+ .cipher = "\x19\xb8\x61\x33\x45\x2b\x43\x96\x6f\x51\xd0\x20\x30\x7d\x9b\xc6"
+ "\x26\x3d\xf8\xc9\x65\x16\xa8\x9f\xf0\x62\x17\x34\xf2\x1e\x8d\x75"
+ "\x4e\x13\xcc\xc0\xc3\x2a\x54\x2d",
+};
+
+aead_test_vector_t aes_ccm6 = {
+ .alg = ENCR_AES_CCM_ICV12, .key_size = 32, .len = 32, .alen = 32,
+ .key = "\x7c\xc8\x18\x3b\x8d\x99\xe0\x7c\x45\x41\xb8\xbd\x5c\xa7\xc2\x32"
+ "\x8a\xb8\x02\x59\xa4\xfe\xa9\x2c\x09\x75\x9a\x9b\x3c\x9b\x27\x39"
+ "\xf9\xd9\x4e",
+ .iv = "\x63\xb5\x3d\x9d\x43\xf6\x1e\x50",
+ .adata = "\x57\xf5\x6b\x8b\x57\x5c\x3d\x3b\x13\x02\x01\x0c\x83\x4c\x96\x35"
+ "\x8e\xd6\x39\xcf\x7d\x14\x9b\x94\xb0\x39\x36\xe6\x8f\x57\xe0\x13",
+ .plain = "\x3b\x6c\x29\x36\xb6\xef\x07\xa6\x83\x72\x07\x4f\xcf\xfa\x66\x89"
+ "\x5f\xca\xb1\xba\xd5\x8f\x2c\x27\x30\xdb\x75\x09\x93\xd4\x65\xe4",
+ .cipher = "\xb0\x88\x5a\x33\xaa\xe5\xc7\x1d\x85\x23\xc7\xc6\x2f\xf4\x1e\x3d"
+ "\xcc\x63\x44\x25\x07\x78\x4f\x9e\x96\xb8\x88\xeb\xbc\x48\x1f\x06"
+ "\x39\xaf\x39\xac\xd8\x4a\x80\x39\x7b\x72\x8a\xf7",
+};
+
+aead_test_vector_t aes_ccm7 = {
+ .alg = ENCR_AES_CCM_ICV16, .key_size = 32, .len = 32, .alen = 32,
+ .key = "\xab\xd0\xe9\x33\x07\x26\xe5\x83\x8c\x76\x95\xd4\xb6\xdc\xf3\x46"
+ "\xf9\x8f\xad\xe3\x02\x13\x83\x77\x3f\xb0\xf1\xa1\xa1\x22\x0f\x2b"
+ "\x24\xa7\x8b",
+ .iv = "\x07\xcb\xcc\x0e\xe6\x33\xbf\xf5",
+ .adata = "\xd4\xdb\x30\x1d\x03\xfe\xfd\x5f\x87\xd4\x8c\xb6\xb6\xf1\x7a\x5d"
+ "\xab\x90\x65\x8d\x8e\xca\x4d\x4f\x16\x0c\x40\x90\x4b\xc7\x36\x73",
+ .plain = "\xf5\xc6\x7d\x48\xc1\xb7\xe6\x92\x97\x5a\xca\xc4\xa9\x6d\xf9\x3d"
+ "\x6c\xde\xbc\xf1\x90\xea\x6a\xb2\x35\x86\x36\xaf\x5c\xfe\x4b\x3a",
+ .cipher = "\x83\x6f\x40\x87\x72\xcf\xc1\x13\xef\xbb\x80\x21\x04\x6c\x58\x09"
+ "\x07\x1b\xfc\xdf\xc0\x3f\x5b\xc7\xe0\x79\xa8\x6e\x71\x7c\x3f\xcf"
+ "\x5c\xda\xb2\x33\xe5\x13\xe2\x0d\x74\xd1\xef\xb5\x0f\x3a\xb5\xf8",
+};
+
+aead_test_vector_t aes_ccm8 = {
+ .alg = ENCR_AES_CCM_ICV8, .key_size = 16, .len = 0, .alen = 0,
+ .key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1\xff\x80\x2e\x48\x7d\x82\xf8\xb9"
+ "\xaf\x94\x87",
+ .iv = "\x78\x35\x82\x81\x7f\x88\x94\x68",
+ .cipher = "\x41\x3c\xb8\x87\x73\xcb\xf3\xf3",
+};
+
+aead_test_vector_t aes_ccm9 = {
+ .alg = ENCR_AES_CCM_ICV8, .key_size = 24, .len = 0, .alen = 32,
+ .key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3"
+ "\xa4\x48\x93\x39\x26\x71\x4a\xc6\xee\x49\x83",
+ .iv = "\xe9\xa9\xff\xe9\x57\xba\xfd\x9e",
+ .adata = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1\x58\x7c\xf2\x5c\x6d\x39\x0a\x64"
+ "\xa4\xf0\x13\x05\xd1\x77\x99\x67\x11\xc4\xc6\xdb\x00\x56\x36\x61",
+ .cipher = "\x71\x99\xfa\xf4\x44\x12\x68\x9b",
+};
+
+aead_test_vector_t aes_ccm10 = {
+ .alg = ENCR_AES_CCM_ICV8, .key_size = 32, .len = 0, .alen = 0,
+ .key = "\xa4\x4b\x54\x29\x0a\xb8\x6d\x01\x5b\x80\x2a\xcf\x25\xc4\xb7\x5c"
+ "\x20\x2c\xad\x30\xc2\x2b\x41\xfb\x0e\x85\xbc\x33\xad\x0f\x2b\xff"
+ "\xee\x49\x83",
+ .iv = "\xe9\xa9\xff\xe9\x57\xba\xfd\x9e",
+ .cipher = "\x1f\xb8\x8f\xa3\xdd\x54\x00\xf2",
+};
+
+aead_test_vector_t aes_ccm11 = {
+ .alg = ENCR_AES_CCM_ICV8, .key_size = 24, .len = 32, .alen = 32,
+ .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7\x96\xe5\xc5\x68\xaa\x95\x35\xe0"
+ "\x29\xa0\xba\x9e\x48\x78\xd1\xba\xee\x49\x83",
+ .iv = "\xe9\xa9\xff\xe9\x57\xba\xfd\x9e",
+ .adata = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1\x58\x7c\xf2\x5c\x6d\x39\x0a\x64"
+ "\xa4\xf0\x13\x05\xd1\x77\x99\x67\x11\xc4\xc6\xdb\x00\x56\x36\x61",
+ .plain = "\x85\x34\x66\x42\xc8\x92\x0f\x36\x58\xe0\x6b\x91\x3c\x98\x5c\xbb"
+ "\x0a\x85\xcc\x02\xad\x7a\x96\xe9\x65\x43\xa4\xc3\x0f\xdc\x55\x81",
+ .cipher = "\xfb\xe5\x5d\x34\xbe\xe5\xe8\xe7\x5a\xef\x2f\xbf\x1f\x7f\xd4\xb2"
+ "\x66\xca\x61\x1e\x96\x7a\x61\xb3\x1c\x16\x45\x52\xba\x04\x9c\x9f"
+ "\xb1\xd2\x40\xbc\x52\x7c\x6f\xb1",
+};
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c
new file mode 100644
index 000000000..1e5126a70
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_ctr.c
@@ -0,0 +1,148 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * Test 1 of RFC3686
+ */
+crypter_test_vector_t aes_ctr1 = {
+ .alg = ENCR_AES_CTR, .key_size = 16, .len = 16,
+ .key = "\xae\x68\x52\xf8\x12\x10\x67\xcc\x4b\xf7\xa5\x76\x55\x77\xf3\x9e"
+ "\x00\x00\x00\x30",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "Single block msg",
+ .cipher = "\xe4\x09\x5d\x4f\xb7\xa7\xb3\x79\x2d\x61\x75\xa3\x26\x13\x11\xb8"
+};
+
+/**
+ * Test 2 of RFC3686
+ */
+crypter_test_vector_t aes_ctr2 = {
+ .alg = ENCR_AES_CTR, .key_size = 16, .len = 32,
+ .key = "\x7e\x24\x06\x78\x17\xfa\xe0\xd7\x43\xd6\xce\x1f\x32\x53\x91\x63"
+ "\x00\x6c\xb6\xdb",
+ .iv = "\xc0\x54\x3b\x59\xda\x48\xd9\x0b",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .cipher = "\x51\x04\xa1\x06\x16\x8a\x72\xd9\x79\x0d\x41\xee\x8e\xda\xd3\x88"
+ "\xeb\x2e\x1e\xfc\x46\xda\x57\xc8\xfc\xe6\x30\xdf\x91\x41\xbe\x28"
+};
+
+/**
+ * Test 3 of RFC3686
+ */
+crypter_test_vector_t aes_ctr3 = {
+ .alg = ENCR_AES_CTR, .key_size = 16, .len = 36,
+ .key = "\x76\x91\xbe\x03\x5e\x50\x20\xa8\xac\x6e\x61\x85\x29\xf9\xa0\xdc"
+ "\x00\xe0\x01\x7b",
+ .iv = "\x27\x77\x7f\x3f\x4a\x17\x86\xf0",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23",
+ .cipher = "\xc1\xcf\x48\xa8\x9f\x2f\xfd\xd9\xcf\x46\x52\xe9\xef\xdb\x72\xd7"
+ "\x45\x40\xa4\x2b\xde\x6d\x78\x36\xd5\x9a\x5c\xea\xae\xf3\x10\x53"
+ "\x25\xb2\x07\x2f",
+};
+
+/**
+ * Test 4 of RFC3686
+ */
+crypter_test_vector_t aes_ctr4 = {
+ .alg = ENCR_AES_CTR, .key_size = 24, .len = 16,
+ .key = "\x16\xaf\x5b\x14\x5f\xc9\xf5\x79\xc1\x75\xf9\x3e\x3b\xfb\x0e\xed"
+ "\x86\x3d\x06\xcc\xfd\xb7\x85\x15"
+ "\x00\x00\x00\x48",
+ .iv = "\x36\x73\x3c\x14\x7d\x6d\x93\xcb",
+ .plain = "Single block msg",
+ .cipher = "\x4b\x55\x38\x4f\xe2\x59\xc9\xc8\x4e\x79\x35\xa0\x03\xcb\xe9\x28",
+};
+
+/**
+ * Test 5 of RFC3686
+ */
+crypter_test_vector_t aes_ctr5 = {
+ .alg = ENCR_AES_CTR, .key_size = 24, .len = 32,
+ .key = "\x7c\x5c\xb2\x40\x1b\x3d\xc3\x3c\x19\xe7\x34\x08\x19\xe0\xf6\x9c"
+ "\x67\x8c\x3d\xb8\xe6\xf6\xa9\x1a"
+ "\x00\x96\xb0\x3b",
+ .iv = "\x02\x0c\x6e\xad\xc2\xcb\x50\x0d",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .cipher = "\x45\x32\x43\xfc\x60\x9b\x23\x32\x7e\xdf\xaa\xfa\x71\x31\xcd\x9f"
+ "\x84\x90\x70\x1c\x5a\xd4\xa7\x9c\xfc\x1f\xe0\xff\x42\xf4\xfb\x00",
+};
+
+/**
+ * Test 6 of RFC3686
+ */
+crypter_test_vector_t aes_ctr6 = {
+ .alg = ENCR_AES_CTR, .key_size = 24, .len = 36,
+ .key = "\x02\xbf\x39\x1e\xe8\xec\xb1\x59\xb9\x59\x61\x7b\x09\x65\x27\x9b"
+ "\xf5\x9b\x60\xa7\x86\xd3\xe0\xfe"
+ "\x00\x07\xbd\xfd",
+ .iv = "\x5c\xbd\x60\x27\x8d\xcc\x09\x12",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23",
+ .cipher = "\x96\x89\x3f\xc5\x5e\x5c\x72\x2f\x54\x0b\x7d\xd1\xdd\xf7\xe7\x58"
+ "\xd2\x88\xbc\x95\xc6\x91\x65\x88\x45\x36\xc8\x11\x66\x2f\x21\x88"
+ "\xab\xee\x09\x35",
+};
+
+/**
+ * Test 7 of RFC3686
+ */
+crypter_test_vector_t aes_ctr7 = {
+ .alg = ENCR_AES_CTR, .key_size = 32, .len = 16,
+ .key = "\x77\x6b\xef\xf2\x85\x1d\xb0\x6f\x4c\x8a\x05\x42\xc8\x69\x6f\x6c"
+ "\x6a\x81\xaf\x1e\xec\x96\xb4\xd3\x7f\xc1\xd6\x89\xe6\xc1\xc1\x04"
+ "\x00\x00\x00\x60",
+ .iv = "\xdb\x56\x72\xc9\x7a\xa8\xf0\xb2",
+ .plain = "Single block msg",
+ .cipher = "\x14\x5a\xd0\x1d\xbf\x82\x4e\xc7\x56\x08\x63\xdc\x71\xe3\xe0\xc0",
+};
+
+/**
+ * Test 8 of RFC3686
+ */
+crypter_test_vector_t aes_ctr8 = {
+ .alg = ENCR_AES_CTR, .key_size = 32, .len = 32,
+ .key = "\xf6\xd6\x6d\x6b\xd5\x2d\x59\xbb\x07\x96\x36\x58\x79\xef\xf8\x86"
+ "\xc6\x6d\xd5\x1a\x5b\x6a\x99\x74\x4b\x50\x59\x0c\x87\xa2\x38\x84"
+ "\x00\xfa\xac\x24",
+ .iv = "\xc1\x58\x5e\xf1\x5a\x43\xd8\x75",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .cipher = "\xf0\x5e\x23\x1b\x38\x94\x61\x2c\x49\xee\x00\x0b\x80\x4e\xb2\xa9"
+ "\xb8\x30\x6b\x50\x8f\x83\x9d\x6a\x55\x30\x83\x1d\x93\x44\xaf\x1c",
+};
+
+/**
+ * Test 9 of RFC3686
+ */
+crypter_test_vector_t aes_ctr9 = {
+ .alg = ENCR_AES_CTR, .key_size = 32, .len = 36,
+ .key = "\xff\x7a\x61\x7c\xe6\x91\x48\xe4\xf1\x72\x6e\x2f\x43\x58\x1d\xe2"
+ "\xaa\x62\xd9\xf8\x05\x53\x2e\xdf\xf1\xee\xd6\x87\xfb\x54\x15\x3d"
+ "\x00\x1c\xc5\xb7",
+ .iv = "\x51\xa5\x1d\x70\xa1\xc1\x11\x48",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23",
+ .cipher = "\xeb\x6c\x52\x82\x1d\x0b\xbb\xf7\xce\x75\x94\x46\x2a\xca\x4f\xaa"
+ "\xb4\x07\xdf\x86\x65\x69\xfd\x07\xf4\x8c\xc0\xb5\x83\xd6\x07\x1f"
+ "\x1e\xc0\xe6\xb8",
+};
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c
new file mode 100644
index 000000000..7534633e1
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_gcm.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * From the Linux kernel, those with an IV. Originally from
+ * McGrew & Viega - http://citeseer.ist.psu.edu/656989.html
+ */
+aead_test_vector_t aes_gcm1 = {
+ .alg = ENCR_AES_GCM_ICV8, .key_size = 16, .len = 64, .alen = 0,
+ .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xca\xfe\xba\xbe",
+ .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
+ .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
+ "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
+ "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
+ "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85"
+ "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6",
+};
+
+aead_test_vector_t aes_gcm2 = {
+ .alg = ENCR_AES_GCM_ICV12, .key_size = 16, .len = 64, .alen = 0,
+ .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xca\xfe\xba\xbe",
+ .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
+ .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
+ "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
+ "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
+ "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85"
+ "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6\x2c\xf3\x5a\xbd",
+};
+
+aead_test_vector_t aes_gcm3 = {
+ .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .len = 64, .alen = 0,
+ .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xca\xfe\xba\xbe",
+ .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
+ .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
+ "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
+ "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
+ "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x47\x3f\x59\x85"
+ "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6\x2c\xf3\x5a\xbd\x2b\xa6\xfa\xb4",
+};
+
+aead_test_vector_t aes_gcm4 = {
+ .alg = ENCR_AES_GCM_ICV16, .key_size = 16, .len = 60, .alen = 20,
+ .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xca\xfe\xba\xbe",
+ .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39",
+ .adata = "\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef"
+ "\xab\xad\xda\xd2",
+ .cipher = "\x42\x83\x1e\xc2\x21\x77\x74\x24\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
+ "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
+ "\x21\xd5\x14\xb2\x54\x66\x93\x1c\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
+ "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97\x3d\x58\xe0\x91\x5b\xc9\x4f\xbc"
+ "\x32\x21\xa5\xdb\x94\xfa\xe9\x5a\xe7\x12\x1a\x47",
+};
+
+aead_test_vector_t aes_gcm5 = {
+ .alg = ENCR_AES_GCM_ICV16, .key_size = 24, .len = 64, .alen = 0,
+ .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xfe\xff\xe9\x92\x86\x65\x73\x1c\xca\xfe\xba\xbe",
+ .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
+ .cipher = "\x39\x80\xca\x0b\x3c\x00\xe8\x41\xeb\x06\xfa\xc4\x87\x2a\x27\x57"
+ "\x85\x9e\x1c\xea\xa6\xef\xd9\x84\x62\x85\x93\xb4\x0c\xa1\xe1\x9c"
+ "\x7d\x77\x3d\x00\xc1\x44\xc5\x25\xac\x61\x9d\x18\xc8\x4a\x3f\x47"
+ "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9\xcc\xda\x27\x10\xac\xad\xe2\x56"
+ "\x99\x24\xa7\xc8\x58\x73\x36\xbf\xb1\x18\x02\x4d\xb8\x67\x4a\x14",
+};
+
+aead_test_vector_t aes_gcm6 = {
+ .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .len = 64, .alen = 0,
+ .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xca\xfe\xba\xbe",
+ .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
+ .cipher = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07\xf4\x7f\x37\xa3\x2a\x84\x42\x7d"
+ "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9\x75\x98\xa2\xbd\x25\x55\xd1\xaa"
+ "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d\xa7\xb0\x8b\x10\x56\x82\x88\x38"
+ "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a\xbc\xc9\xf6\x62\x89\x80\x15\xad"
+ "\xb0\x94\xda\xc5\xd9\x34\x71\xbd\xec\x1a\x50\x22\x70\xe3\xcc\x6c",
+};
+
+aead_test_vector_t aes_gcm7 = {
+ .alg = ENCR_AES_GCM_ICV16, .key_size = 32, .len = 60, .alen = 20,
+ .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08"
+ "\xca\xfe\xba\xbe",
+ .iv = "\xfa\xce\xdb\xad\xde\xca\xf8\x88",
+ .adata = "\xfe\xed\xfa\xce\xde\xad\xbe\xef\xfe\xed\xfa\xce\xde\xad\xbe\xef"
+ "\xab\xad\xda\xd2",
+ .plain = "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39",
+ .cipher = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07\xf4\x7f\x37\xa3\x2a\x84\x42\x7d"
+ "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9\x75\x98\xa2\xbd\x25\x55\xd1\xaa"
+ "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d\xa7\xb0\x8b\x10\x56\x82\x88\x38"
+ "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a\xbc\xc9\xf6\x62\x76\xfc\x6e\xce"
+ "\x0f\x4e\x17\x68\xcd\xdf\x88\x53\xbb\x2d\x55\x1b",
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c
new file mode 100644
index 000000000..241e6ca7a
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_ctr.c
@@ -0,0 +1,148 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * Test 1 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr1 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 16, .len = 16,
+ .key = "\xae\x68\x52\xf8\x12\x10\x67\xcc\x4b\xf7\xa5\x76\x55\x77\xf3\x9e"
+ "\x00\x00\x00\x30",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "Single block msg",
+ .cipher = "\xd0\x9d\xc2\x9a\x82\x14\x61\x9a\x20\x87\x7c\x76\xdb\x1f\x0b\x3f"
+};
+
+/**
+ * Test 2 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr2 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 16, .len = 32,
+ .key = "\x7e\x24\x06\x78\x17\xfa\xe0\xd7\x43\xd6\xce\x1f\x32\x53\x91\x63"
+ "\x00\x6c\xb6\xdb",
+ .iv = "\xc0\x54\x3b\x59\xda\x48\xd9\x0b",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .cipher = "\xdb\xf3\xc7\x8d\xc0\x83\x96\xd4\xda\x7c\x90\x77\x65\xbb\xcb\x44"
+ "\x2b\x8e\x8e\x0f\x31\xf0\xdc\xa7\x2c\x74\x17\xe3\x53\x60\xe0\x48"
+};
+
+/**
+ * Test 3 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr3 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 16, .len = 36,
+ .key = "\x76\x91\xbe\x03\x5e\x50\x20\xa8\xac\x6e\x61\x85\x29\xf9\xa0\xdc"
+ "\x00\xe0\x01\x7b",
+ .iv = "\x27\x77\x7f\x3f\x4a\x17\x86\xf0",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23",
+ .cipher = "\xb1\x9d\x1f\xcd\xcb\x75\xeb\x88\x2f\x84\x9c\xe2\x4d\x85\xcf\x73"
+ "\x9c\xe6\x4b\x2b\x5c\x9d\x73\xf1\x4f\x2d\x5d\x9d\xce\x98\x89\xcd"
+ "\xdf\x50\x86\x96",
+};
+
+/**
+ * Test 4 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr4 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 24, .len = 16,
+ .key = "\x16\xaf\x5b\x14\x5f\xc9\xf5\x79\xc1\x75\xf9\x3e\x3b\xfb\x0e\xed"
+ "\x86\x3d\x06\xcc\xfd\xb7\x85\x15"
+ "\x00\x00\x00\x48",
+ .iv = "\x36\x73\x3c\x14\x7d\x6d\x93\xcb",
+ .plain = "Single block msg",
+ .cipher = "\x23\x79\x39\x9e\x8a\x8d\x2b\x2b\x16\x70\x2f\xc7\x8b\x9e\x96\x96",
+};
+
+/**
+ * Test 5 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr5 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 24, .len = 32,
+ .key = "\x7c\x5c\xb2\x40\x1b\x3d\xc3\x3c\x19\xe7\x34\x08\x19\xe0\xf6\x9c"
+ "\x67\x8c\x3d\xb8\xe6\xf6\xa9\x1a"
+ "\x00\x96\xb0\x3b",
+ .iv = "\x02\x0c\x6e\xad\xc2\xcb\x50\x0d",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .cipher = "\x7d\xef\x34\xf7\xa5\xd0\xe4\x15\x67\x4b\x7f\xfc\xae\x67\xc7\x5d"
+ "\xd0\x18\xb8\x6f\xf2\x30\x51\xe0\x56\x39\x2a\x99\xf3\x5a\x4c\xed",
+};
+
+/**
+ * Test 6 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr6 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 24, .len = 36,
+ .key = "\x02\xbf\x39\x1e\xe8\xec\xb1\x59\xb9\x59\x61\x7b\x09\x65\x27\x9b"
+ "\xf5\x9b\x60\xa7\x86\xd3\xe0\xfe"
+ "\x00\x07\xbd\xfd",
+ .iv = "\x5c\xbd\x60\x27\x8d\xcc\x09\x12",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23",
+ .cipher = "\x57\x10\xe5\x56\xe1\x48\x7a\x20\xb5\xac\x0e\x73\xf1\x9e\x4e\x78"
+ "\x76\xf3\x7f\xdc\x91\xb1\xef\x4d\x4d\xad\xe8\xe6\x66\xa6\x4d\x0e"
+ "\xd5\x57\xab\x57",
+};
+
+/**
+ * Test 7 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr7 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 32, .len = 16,
+ .key = "\x77\x6b\xef\xf2\x85\x1d\xb0\x6f\x4c\x8a\x05\x42\xc8\x69\x6f\x6c"
+ "\x6a\x81\xaf\x1e\xec\x96\xb4\xd3\x7f\xc1\xd6\x89\xe6\xc1\xc1\x04"
+ "\x00\x00\x00\x60",
+ .iv = "\xdb\x56\x72\xc9\x7a\xa8\xf0\xb2",
+ .plain = "Single block msg",
+ .cipher = "\x34\x01\xf9\xc8\x24\x7e\xff\xce\xbd\x69\x94\x71\x4c\x1b\xbb\x11",
+};
+
+/**
+ * Test 8 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr8 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 32, .len = 32,
+ .key = "\xf6\xd6\x6d\x6b\xd5\x2d\x59\xbb\x07\x96\x36\x58\x79\xef\xf8\x86"
+ "\xc6\x6d\xd5\x1a\x5b\x6a\x99\x74\x4b\x50\x59\x0c\x87\xa2\x38\x84"
+ "\x00\xfa\xac\x24",
+ .iv = "\xc1\x58\x5e\xf1\x5a\x43\xd8\x75",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .cipher = "\xd6\xc3\x03\x92\x24\x6f\x78\x08\xa8\x3c\x2b\x22\xa8\x83\x9e\x45"
+ "\xe5\x1c\xd4\x8a\x1c\xdf\x40\x6e\xbc\x9c\xc2\xd3\xab\x83\x41\x08",
+};
+
+/**
+ * Test 9 of RFC5528
+ */
+crypter_test_vector_t camellia_ctr9 = {
+ .alg = ENCR_CAMELLIA_CTR, .key_size = 32, .len = 36,
+ .key = "\xff\x7a\x61\x7c\xe6\x91\x48\xe4\xf1\x72\x6e\x2f\x43\x58\x1d\xe2"
+ "\xaa\x62\xd9\xf8\x05\x53\x2e\xdf\xf1\xee\xd6\x87\xfb\x54\x15\x3d"
+ "\x00\x1c\xc5\xb7",
+ .iv = "\x51\xa5\x1d\x70\xa1\xc1\x11\x48",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23",
+ .cipher = "\xa4\xda\x23\xfc\xe6\xa5\xff\xaa\x6d\x64\xae\x9a\x06\x52\xa4\x2c"
+ "\xd1\x61\xa3\x4b\x65\xf9\x67\x9f\x75\xc0\x1f\x10\x1f\x71\x27\x6f"
+ "\x15\xef\x0d\x8d",
+};
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c
new file mode 100644
index 000000000..2a58b3732
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_xcbc.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2010 Martin Willi
+ * Copyright (C) 2010 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * draft-kanno-ipsecme-camellia-xcbc Test Case #1
+ */
+signer_test_vector_t camellia_xcbc_s1 = {
+ .alg = AUTH_CAMELLIA_XCBC_96, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .data = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .mac = "\x3d\x04\x2d\xd4\xe7\xbc\x79\x1c\xee\x32\x04\x15",
+};
+
+prf_test_vector_t camellia_xcbc_p1 = {
+ .alg = PRF_CAMELLIA128_XCBC, .key_size = 16, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .out = "\x3d\x04\x2d\xd4\xe7\xbc\x79\x1c\xee\x32\x04\x15\xc5\xe3\x26\xd6",
+};
+
+/**
+ * draft-kanno-ipsecme-camellia-xcbc Test Case #2
+ */
+prf_test_vector_t camellia_xcbc_p2 = {
+ .alg = PRF_CAMELLIA128_XCBC, .key_size = 10, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09",
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .out = "\xb9\x16\xb4\x23\x42\x0a\x90\x6c\xd7\xd7\xb6\x72\xa2\x4e\x97\x6f",
+};
+
+/**
+ * draft-kanno-ipsecme-camellia-xcbc Test #3
+ */
+prf_test_vector_t camellia_xcbc_p3 = {
+ .alg = PRF_CAMELLIA128_XCBC, .key_size = 18, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\xed\xcb",
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .out = "\xb9\x71\x46\x36\x9d\x31\x94\x0f\xf5\x7a\x0d\xdf\x22\x33\xc1\xd2",
+};
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
index 234d237f3..f3a254d8d 100644
--- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
@@ -20,6 +20,7 @@
/* define symbols of all test vectors */
#define TEST_VECTOR_CRYPTER(x) crypter_test_vector_t x;
+#define TEST_VECTOR_AEAD(x) aead_test_vector_t x;
#define TEST_VECTOR_SIGNER(x) signer_test_vector_t x;
#define TEST_VECTOR_HASHER(x) hasher_test_vector_t x;
#define TEST_VECTOR_PRF(x) prf_test_vector_t x;
@@ -28,12 +29,14 @@
#include "test_vectors.h"
#undef TEST_VECTOR_CRYPTER
+#undef TEST_VECTOR_AEAD
#undef TEST_VECTOR_SIGNER
#undef TEST_VECTOR_HASHER
#undef TEST_VECTOR_PRF
#undef TEST_VECTOR_RNG
#define TEST_VECTOR_CRYPTER(x)
+#define TEST_VECTOR_AEAD(x)
#define TEST_VECTOR_SIGNER(x)
#define TEST_VECTOR_HASHER(x)
#define TEST_VECTOR_PRF(x)
@@ -48,6 +51,14 @@ static crypter_test_vector_t *crypter[] = {
#undef TEST_VECTOR_CRYPTER
#define TEST_VECTOR_CRYPTER(x)
+#undef TEST_VECTOR_AEAD
+#define TEST_VECTOR_AEAD(x) &x,
+static aead_test_vector_t *aead[] = {
+#include "test_vectors.h"
+};
+#undef TEST_VECTOR_AEAD
+#define TEST_VECTOR_AEAD(x)
+
#undef TEST_VECTOR_SIGNER
#define TEST_VECTOR_SIGNER(x) &x,
static signer_test_vector_t *signer[] = {
@@ -116,6 +127,11 @@ plugin_t *test_vectors_plugin_create()
lib->crypto->add_test_vector(lib->crypto,
ENCRYPTION_ALGORITHM, crypter[i]);
}
+ for (i = 0; i < countof(aead); i++)
+ {
+ lib->crypto->add_test_vector(lib->crypto,
+ AEAD_ALGORITHM, aead[i]);
+ }
for (i = 0; i < countof(signer); i++)
{
lib->crypto->add_test_vector(lib->crypto,
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index f40427f3f..b1cc2f168 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -166,6 +167,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -197,14 +200,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -219,24 +225,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -244,7 +257,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 92b576aa5..559090aa0 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -260,7 +260,7 @@ static const asn1Object_t otherNameObjects[] = {
/**
* Extracts an otherName
*/
-static bool parse_otherName(chunk_t blob, int level0)
+static bool parse_otherName(chunk_t *blob, int level0, id_type_t *type)
{
asn1_parser_t *parser;
chunk_t object;
@@ -268,7 +268,7 @@ static bool parse_otherName(chunk_t blob, int level0)
int oid = OID_UNKNOWN;
bool success = FALSE;
- parser = asn1_parser_create(otherNameObjects, blob);
+ parser = asn1_parser_create(otherNameObjects, *blob);
parser->set_top_level(parser, level0);
while (parser->iterate(parser, &objectID, &object))
@@ -279,13 +279,27 @@ static bool parse_otherName(chunk_t blob, int level0)
oid = asn1_known_oid(object);
break;
case ON_OBJ_VALUE:
- if (oid == OID_XMPP_ADDR)
+ switch (oid)
{
- if (!asn1_parse_simple_object(&object, ASN1_UTF8STRING,
- parser->get_level(parser)+1, "xmppAddr"))
- {
- goto end;
- }
+ case OID_XMPP_ADDR:
+ if (!asn1_parse_simple_object(&object, ASN1_UTF8STRING,
+ parser->get_level(parser)+1, "xmppAddr"))
+ {
+ goto end;
+ }
+ break;
+ case OID_USER_PRINCIPAL_NAME:
+ if (asn1_parse_simple_object(&object, ASN1_UTF8STRING,
+ parser->get_level(parser)+1, "msUPN"))
+ { /* we handle UPNs as RFC822 addr */
+ *blob = object;
+ *type = ID_RFC822_ADDR;
+ }
+ else
+ {
+ goto end;
+ }
+ break;
}
break;
default:
@@ -379,7 +393,8 @@ static identification_t *parse_generalName(chunk_t blob, int level0)
}
break;
case GN_OBJ_OTHER_NAME:
- if (!parse_otherName(object, parser->get_level(parser)+1))
+ if (!parse_otherName(&object, parser->get_level(parser)+1,
+ &id_type))
{
goto end;
}
@@ -1091,15 +1106,28 @@ static id_match_t has_subject(private_x509_cert_t *this, identification_t *subje
identification_t *current;
enumerator_t *enumerator;
id_match_t match, best;
+ chunk_t encoding;
- if (this->encoding_hash.ptr && subject->get_type(subject) == ID_KEY_ID)
+ if (subject->get_type(subject) == ID_KEY_ID)
{
- if (chunk_equals(this->encoding_hash, subject->get_encoding(subject)))
+ encoding = subject->get_encoding(subject);
+
+ if (this->encoding_hash.len &&
+ chunk_equals(this->encoding_hash, encoding))
+ {
+ return ID_MATCH_PERFECT;
+ }
+ if (this->subjectKeyIdentifier.len &&
+ chunk_equals(this->subjectKeyIdentifier, encoding))
+ {
+ return ID_MATCH_PERFECT;
+ }
+ if (this->public_key &&
+ this->public_key->has_fingerprint(this->public_key, encoding))
{
return ID_MATCH_PERFECT;
}
}
-
best = this->subject->matches(this->subject, subject);
enumerator = this->subjectAltNames->create_enumerator(this->subjectAltNames);
while (enumerator->enumerate(enumerator, &current))
diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c
index bfb0ca621..7b488484e 100644
--- a/src/libstrongswan/plugins/x509/x509_pkcs10.c
+++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c
@@ -684,7 +684,7 @@ x509_pkcs10_t *x509_pkcs10_gen(certificate_type_t type, va_list args)
enumerator->destroy(enumerator);
continue;
}
- case BUILD_PASSPHRASE:
+ case BUILD_CHALLENGE_PWD:
cert->challengePassword = chunk_clone(va_arg(args, chunk_t));
continue;
case BUILD_DIGEST_ALG:
diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c
index 8391781e2..11a7f023c 100644
--- a/src/libstrongswan/plugins/x509/x509_plugin.c
+++ b/src/libstrongswan/plugins/x509/x509_plugin.c
@@ -73,25 +73,25 @@ plugin_t *x509_plugin_create()
this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, FALSE,
(builder_function_t)x509_cert_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, TRUE,
(builder_function_t)x509_cert_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, FALSE,
(builder_function_t)x509_ac_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, TRUE,
(builder_function_t)x509_ac_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, TRUE,
(builder_function_t)x509_crl_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, FALSE,
(builder_function_t)x509_crl_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, FALSE,
(builder_function_t)x509_ocsp_request_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, TRUE,
(builder_function_t)x509_ocsp_response_load);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, FALSE,
(builder_function_t)x509_pkcs10_gen);
- lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST,
+ lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, TRUE,
(builder_function_t)x509_pkcs10_load);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 69bba8d6f..e82e5246f 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -44,6 +44,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
$(top_srcdir)/m4/config/lt~obsolete.m4 \
$(top_srcdir)/m4/macros/with.m4 \
$(top_srcdir)/m4/macros/enable-disable.m4 \
+ $(top_srcdir)/m4/macros/add-plugin.m4 \
$(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
@@ -165,6 +166,8 @@ PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PTHREADLIB = @PTHREADLIB@
RANLIB = @RANLIB@
RTLIB = @RTLIB@
@@ -196,14 +199,17 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
+c_plugins = @c_plugins@
datadir = @datadir@
datarootdir = @datarootdir@
+dbusservicedir = @dbusservicedir@
default_pkcs11 = @default_pkcs11@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
gtk_CFLAGS = @gtk_CFLAGS@
gtk_LIBS = @gtk_LIBS@
+h_plugins = @h_plugins@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
@@ -218,24 +224,31 @@ ipsecgid = @ipsecgid@
ipsecgroup = @ipsecgroup@
ipsecuid = @ipsecuid@
ipsecuser = @ipsecuser@
+libcharon_plugins = @libcharon_plugins@
libdir = @libdir@
libexecdir = @libexecdir@
-libhydra_plugins = @libhydra_plugins@
-libstrongswan_plugins = @libstrongswan_plugins@
linux_headers = @linux_headers@
localedir = @localedir@
localstatedir = @localstatedir@
lt_ECHO = @lt_ECHO@
+maemo_CFLAGS = @maemo_CFLAGS@
+maemo_LIBS = @maemo_LIBS@
+manager_plugins = @manager_plugins@
mandir = @mandir@
+medsrv_plugins = @medsrv_plugins@
mkdir_p = @mkdir_p@
nm_CFLAGS = @nm_CFLAGS@
nm_LIBS = @nm_LIBS@
nm_ca_dir = @nm_ca_dir@
oldincludedir = @oldincludedir@
+openac_plugins = @openac_plugins@
+p_plugins = @p_plugins@
pdfdir = @pdfdir@
piddir = @piddir@
+pki_plugins = @pki_plugins@
plugindir = @plugindir@
pluto_plugins = @pluto_plugins@
+pool_plugins = @pool_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -243,7 +256,10 @@ random_device = @random_device@
resolv_conf = @resolv_conf@
routing_table = @routing_table@
routing_table_prio = @routing_table_prio@
+s_plugins = @s_plugins@
sbindir = @sbindir@
+scepclient_plugins = @scepclient_plugins@
+scripts_plugins = @scripts_plugins@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c
index b9f03eeac..be18d92b8 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc.c
@@ -27,10 +27,11 @@ typedef struct private_xcbc_t private_xcbc_t;
* The variable names are the same as in the RFC.
*/
struct private_xcbc_t {
+
/**
* Public xcbc_t interface.
*/
- xcbc_t xcbc;
+ xcbc_t public;
/**
* Block size, in bytes
@@ -135,9 +136,9 @@ static void final(private_xcbc_t *this, u_int8_t *out)
if (this->remaining_bytes == this->b && !this->zero)
{
/* a) If the blocksize of M[n] is 128 bits:
- * XOR M[n] with E[n-1] and Key K2, then encrypt the result with
- * Key K1, yielding E[n].
- */
+ * XOR M[n] with E[n-1] and Key K2, then encrypt the result with
+ * Key K1, yielding E[n].
+ */
memxor(this->e, this->remaining, this->b);
memxor(this->e, this->k2, this->b);
this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL);
@@ -147,20 +148,20 @@ static void final(private_xcbc_t *this, u_int8_t *out)
/* b) If the blocksize of M[n] is less than 128 bits:
*
* i) Pad M[n] with a single "1" bit, followed by the number of
- * "0" bits (possibly none) required to increase M[n]'s
- * blocksize to 128 bits.
- */
- if (this->remaining_bytes < this->b)
- {
- this->remaining[this->remaining_bytes] = 0x80;
- while (++this->remaining_bytes < this->b)
- {
- this->remaining[this->remaining_bytes] = 0x00;
- }
- }
- /* ii) XOR M[n] with E[n-1] and Key K3, then encrypt the result
- * with Key K1, yielding E[n].
- */
+ * "0" bits (possibly none) required to increase M[n]'s
+ * blocksize to 128 bits.
+ */
+ if (this->remaining_bytes < this->b)
+ {
+ this->remaining[this->remaining_bytes] = 0x80;
+ while (++this->remaining_bytes < this->b)
+ {
+ this->remaining[this->remaining_bytes] = 0x00;
+ }
+ }
+ /* ii) XOR M[n] with E[n-1] and Key K3, then encrypt the result
+ * with Key K1, yielding E[n].
+ */
memxor(this->e, this->remaining, this->b);
memxor(this->e, this->k3, this->b);
this->k1->encrypt(this->k1, chunk_create(this->e, this->b), iv, NULL);
@@ -174,10 +175,8 @@ static void final(private_xcbc_t *this, u_int8_t *out)
this->zero = TRUE;
}
-/**
- * Implementation of xcbc_t.get_mac.
- */
-static void get_mac(private_xcbc_t *this, chunk_t data, u_int8_t *out)
+METHOD(xcbc_t, get_mac, void,
+ private_xcbc_t *this, chunk_t data, u_int8_t *out)
{
/* update E, do not process last block */
update(this, data);
@@ -188,18 +187,14 @@ static void get_mac(private_xcbc_t *this, chunk_t data, u_int8_t *out)
}
}
-/**
- * Implementation of xcbc_t.get_block_size.
- */
-static size_t get_block_size(private_xcbc_t *this)
+METHOD(xcbc_t, get_block_size, size_t,
+ private_xcbc_t *this)
{
return this->b;
}
-/**
- * Implementation of xcbc_t.set_key.
- */
-static void set_key(private_xcbc_t *this, chunk_t key)
+METHOD(xcbc_t, set_key, void,
+ private_xcbc_t *this, chunk_t key)
{
chunk_t iv, k1, lengthened;
@@ -228,11 +223,11 @@ static void set_key(private_xcbc_t *this, chunk_t key)
/*
* (1) Derive 3 128-bit keys (K1, K2 and K3) from the 128-bit secret
- * key K, as follows:
- * K1 = 0x01010101010101010101010101010101 encrypted with Key K
- * K2 = 0x02020202020202020202020202020202 encrypted with Key K
- * K3 = 0x03030303030303030303030303030303 encrypted with Key K
- */
+ * key K, as follows:
+ * K1 = 0x01010101010101010101010101010101 encrypted with Key K
+ * K2 = 0x02020202020202020202020202020202 encrypted with Key K
+ * K3 = 0x03030303030303030303030303030303 encrypted with Key K
+ */
this->k1->set_key(this->k1, lengthened);
memset(this->k2, 0x02, this->b);
this->k1->encrypt(this->k1, chunk_create(this->k2, this->b), iv, NULL);
@@ -243,10 +238,8 @@ static void set_key(private_xcbc_t *this, chunk_t key)
this->k1->set_key(this->k1, k1);
}
-/**
- * Implementation of xcbc_t.destroy.
- */
-static void destroy(private_xcbc_t *this)
+METHOD(xcbc_t, destroy, void,
+ private_xcbc_t *this)
{
this->k1->destroy(this->k1);
free(this->k2);
@@ -263,35 +256,38 @@ xcbc_t *xcbc_create(encryption_algorithm_t algo, size_t key_size)
{
private_xcbc_t *this;
crypter_t *crypter;
+ u_int8_t b;
crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size);
if (!crypter)
{
return NULL;
}
+ b = crypter->get_block_size(crypter);
/* input and output of crypter must be equal for xcbc */
- if (crypter->get_block_size(crypter) != key_size)
+ if (b != key_size)
{
crypter->destroy(crypter);
return NULL;
}
- this = malloc_thing(private_xcbc_t);
- this->xcbc.get_mac = (void (*)(xcbc_t *,chunk_t,u_int8_t*))get_mac;
- this->xcbc.get_block_size = (size_t (*)(xcbc_t *))get_block_size;
- this->xcbc.set_key = (void (*)(xcbc_t *,chunk_t))set_key;
- this->xcbc.destroy = (void (*)(xcbc_t *))destroy;
-
- this->b = crypter->get_block_size(crypter);
- this->k1 = crypter;
- this->k2 = malloc(this->b);
- this->k3 = malloc(this->b);
- this->e = malloc(this->b);
- memset(this->e, 0, this->b);
- this->remaining = malloc(this->b);
- this->remaining_bytes = 0;
- this->zero = TRUE;
-
- return &this->xcbc;
+ INIT(this,
+ .public = {
+ .get_mac = _get_mac,
+ .get_block_size = _get_block_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ .b = b,
+ .k1 = crypter,
+ .k2 = malloc(b),
+ .k3 = malloc(b),
+ .e = malloc(b),
+ .remaining = malloc(b),
+ .zero = TRUE,
+ );
+ memset(this->e, 0, b);
+
+ return &this->public;
}
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
index 9d903bfaa..88156f383 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
@@ -32,15 +32,13 @@ struct private_xcbc_plugin_t {
xcbc_plugin_t public;
};
-/**
- * Implementation of xcbc_plugin_t.xcbctroy
- */
-static void destroy(private_xcbc_plugin_t *this)
+METHOD(plugin_t, destroy, void,
+ private_xcbc_plugin_t *this)
{
lib->crypto->remove_prf(lib->crypto,
- (prf_constructor_t)xcbc_prf_create);
+ (prf_constructor_t)xcbc_prf_create);
lib->crypto->remove_signer(lib->crypto,
- (signer_constructor_t)xcbc_signer_create);
+ (signer_constructor_t)xcbc_signer_create);
free(this);
}
@@ -49,14 +47,24 @@ static void destroy(private_xcbc_plugin_t *this)
*/
plugin_t *xcbc_plugin_create()
{
- private_xcbc_plugin_t *this = malloc_thing(private_xcbc_plugin_t);
+ private_xcbc_plugin_t *this;
- this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+ INIT(this,
+ .public = {
+ .plugin = {
+ .destroy = _destroy,
+ },
+ },
+ );
lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC,
- (prf_constructor_t)xcbc_prf_create);
+ (prf_constructor_t)xcbc_prf_create);
+ lib->crypto->add_prf(lib->crypto, PRF_CAMELLIA128_XCBC,
+ (prf_constructor_t)xcbc_prf_create);
lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96,
- (signer_constructor_t)xcbc_signer_create);
+ (signer_constructor_t)xcbc_signer_create);
+ lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96,
+ (signer_constructor_t)xcbc_signer_create);
return &this->public.plugin;
}
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.c b/src/libstrongswan/plugins/xcbc/xcbc_prf.c
index 2459dc616..ac9e1fda0 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_prf.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.c
@@ -35,18 +35,14 @@ struct private_xcbc_prf_t {
xcbc_t *xcbc;
};
-/**
- * Implementation of prf_t.get_bytes.
- */
-static void get_bytes(private_xcbc_prf_t *this, chunk_t seed, u_int8_t *buffer)
+METHOD(prf_t, get_bytes, void,
+ private_xcbc_prf_t *this, chunk_t seed, u_int8_t *buffer)
{
this->xcbc->get_mac(this->xcbc, seed, buffer);
}
-/**
- * Implementation of prf_t.allocate_bytes.
- */
-static void allocate_bytes(private_xcbc_prf_t *this, chunk_t seed, chunk_t *chunk)
+METHOD(prf_t, allocate_bytes, void,
+ private_xcbc_prf_t *this, chunk_t seed, chunk_t *chunk)
{
if (chunk)
{
@@ -59,35 +55,27 @@ static void allocate_bytes(private_xcbc_prf_t *this, chunk_t seed, chunk_t *chun
}
}
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_block_size(private_xcbc_prf_t *this)
+METHOD(prf_t, get_block_size, size_t,
+ private_xcbc_prf_t *this)
{
return this->xcbc->get_block_size(this->xcbc);
}
-/**
- * Implementation of prf_t.get_block_size.
- */
-static size_t get_key_size(private_xcbc_prf_t *this)
+METHOD(prf_t, get_key_size, size_t,
+ private_xcbc_prf_t *this)
{
/* in xcbc, block and key size are always equal */
return this->xcbc->get_block_size(this->xcbc);
}
-/**
- * Implementation of prf_t.set_key.
- */
-static void set_key(private_xcbc_prf_t *this, chunk_t key)
+METHOD(prf_t, set_key, void,
+ private_xcbc_prf_t *this, chunk_t key)
{
this->xcbc->set_key(this->xcbc, key);
}
-/**
- * Implementation of prf_t.destroy.
- */
-static void destroy(private_xcbc_prf_t *this)
+METHOD(prf_t, destroy, void,
+ private_xcbc_prf_t *this)
{
this->xcbc->destroy(this->xcbc);
free(this);
@@ -106,6 +94,9 @@ xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo)
case PRF_AES128_XCBC:
xcbc = xcbc_create(ENCR_AES_CBC, 16);
break;
+ case PRF_CAMELLIA128_XCBC:
+ xcbc = xcbc_create(ENCR_CAMELLIA_CBC, 16);
+ break;
default:
return NULL;
}
@@ -114,15 +105,19 @@ xcbc_prf_t *xcbc_prf_create(pseudo_random_function_t algo)
return NULL;
}
- this = malloc_thing(private_xcbc_prf_t);
- this->xcbc = xcbc;
-
- this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes;
- this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes;
- this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size;
- this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size;
- this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key;
- this->public.prf_interface.destroy = (void (*) (prf_t *))destroy;
+ INIT(this,
+ .public = {
+ .prf = {
+ .get_bytes = _get_bytes,
+ .allocate_bytes = _allocate_bytes,
+ .get_block_size = _get_block_size,
+ .get_key_size = _get_key_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .xcbc = xcbc,
+ );
return &this->public;
}
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.h b/src/libstrongswan/plugins/xcbc/xcbc_prf.h
index d2db9af41..294a853b4 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_prf.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.h
@@ -34,9 +34,9 @@ typedef struct xcbc_prf_t xcbc_prf_t;
struct xcbc_prf_t {
/**
- * Generic prf_t interface for this xcbc_prf_t class.
+ * Implements prf_t interface.
*/
- prf_t prf_interface;
+ prf_t prf;
};
/**
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.c b/src/libstrongswan/plugins/xcbc/xcbc_signer.c
index 1c98d39d7..ece592323 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_signer.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.c
@@ -41,11 +41,8 @@ struct private_xcbc_signer_t {
size_t block_size;
};
-/**
- * Implementation of signer_t.get_signature.
- */
-static void get_signature(private_xcbc_signer_t *this,
- chunk_t data, u_int8_t *buffer)
+METHOD(signer_t, get_signature, void,
+ private_xcbc_signer_t *this, chunk_t data, u_int8_t *buffer)
{
if (buffer == NULL)
{ /* append mode */
@@ -60,11 +57,8 @@ static void get_signature(private_xcbc_signer_t *this,
}
}
-/**
- * Implementation of signer_t.allocate_signature.
- */
-static void allocate_signature (private_xcbc_signer_t *this,
- chunk_t data, chunk_t *chunk)
+METHOD(signer_t, allocate_signature, void,
+ private_xcbc_signer_t *this, chunk_t data, chunk_t *chunk)
{
if (chunk == NULL)
{ /* append mode */
@@ -83,11 +77,8 @@ static void allocate_signature (private_xcbc_signer_t *this,
}
}
-/**
- * Implementation of signer_t.verify_signature.
- */
-static bool verify_signature(private_xcbc_signer_t *this,
- chunk_t data, chunk_t signature)
+METHOD(signer_t, verify_signature, bool,
+ private_xcbc_signer_t *this, chunk_t data, chunk_t signature)
{
u_int8_t mac[this->xcbc->get_block_size(this->xcbc)];
@@ -100,38 +91,29 @@ static bool verify_signature(private_xcbc_signer_t *this,
return memeq(signature.ptr, mac, this->block_size);
}
-/**
- * Implementation of signer_t.get_key_size.
- */
-static size_t get_key_size(private_xcbc_signer_t *this)
+METHOD(signer_t, get_key_size, size_t,
+ private_xcbc_signer_t *this)
{
return this->xcbc->get_block_size(this->xcbc);
}
-/**
- * Implementation of signer_t.get_block_size.
- */
-static size_t get_block_size(private_xcbc_signer_t *this)
+METHOD(signer_t, get_block_size, size_t,
+ private_xcbc_signer_t *this)
{
return this->block_size;
}
-/**
- * Implementation of signer_t.set_key.
- */
-static void set_key(private_xcbc_signer_t *this, chunk_t key)
+METHOD(signer_t, set_key, void,
+ private_xcbc_signer_t *this, chunk_t key)
{
this->xcbc->set_key(this->xcbc, key);
}
-/**
- * Implementation of signer_t.destroy.
- */
-static status_t destroy(private_xcbc_signer_t *this)
+METHOD(signer_t, destroy, void,
+ private_xcbc_signer_t *this)
{
this->xcbc->destroy(this->xcbc);
free(this);
- return SUCCESS;
}
/*
@@ -149,6 +131,10 @@ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo)
xcbc = xcbc_create(ENCR_AES_CBC, 16);
trunc = 12;
break;
+ case AUTH_CAMELLIA_XCBC_96:
+ xcbc = xcbc_create(ENCR_CAMELLIA_CBC, 16);
+ trunc = 12;
+ break;
default:
return NULL;
}
@@ -157,18 +143,21 @@ xcbc_signer_t *xcbc_signer_create(integrity_algorithm_t algo)
return NULL;
}
- this = malloc_thing(private_xcbc_signer_t);
- this->xcbc = xcbc;
- this->block_size = min(trunc, xcbc->get_block_size(xcbc));
-
- /* interface functions */
- this->public.signer_interface.get_signature = (void (*) (signer_t*, chunk_t, u_int8_t*))get_signature;
- this->public.signer_interface.allocate_signature = (void (*) (signer_t*, chunk_t, chunk_t*))allocate_signature;
- this->public.signer_interface.verify_signature = (bool (*) (signer_t*, chunk_t, chunk_t))verify_signature;
- this->public.signer_interface.get_key_size = (size_t (*) (signer_t*))get_key_size;
- this->public.signer_interface.get_block_size = (size_t (*) (signer_t*))get_block_size;
- this->public.signer_interface.set_key = (void (*) (signer_t*,chunk_t))set_key;
- this->public.signer_interface.destroy = (void (*) (signer_t*))destroy;
+ INIT(this,
+ .public = {
+ .signer = {
+ .get_signature = _get_signature,
+ .allocate_signature = _allocate_signature,
+ .verify_signature = _verify_signature,
+ .get_key_size = _get_key_size,
+ .get_block_size = _get_block_size,
+ .set_key = _set_key,
+ .destroy = _destroy,
+ },
+ },
+ .xcbc = xcbc,
+ .block_size = min(trunc, xcbc->get_block_size(xcbc)),
+ );
return &this->public;
}
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.h b/src/libstrongswan/plugins/xcbc/xcbc_signer.h
index 181cfe299..56b55f223 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_signer.h
+++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.h
@@ -31,9 +31,9 @@ typedef struct xcbc_signer_t xcbc_signer_t;
struct xcbc_signer_t {
/**
- * generic signer_t interface for this signer
+ * Implements signer_t interface.
*/
- signer_t signer_interface;
+ signer_t signer;
};
/**