summaryrefslogtreecommitdiff
path: root/src/libstrongswan
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan')
-rw-r--r--src/libstrongswan/Makefile.am57
-rw-r--r--src/libstrongswan/Makefile.in284
-rw-r--r--src/libstrongswan/asn1/asn1.c170
-rw-r--r--src/libstrongswan/asn1/asn1.h24
-rw-r--r--src/libstrongswan/asn1/asn1_parser.c6
-rw-r--r--src/libstrongswan/asn1/asn1_parser.h6
-rw-r--r--src/libstrongswan/asn1/oid.c562
-rw-r--r--src/libstrongswan/asn1/oid.h264
-rw-r--r--src/libstrongswan/asn1/oid.pl7
-rw-r--r--src/libstrongswan/asn1/oid.txt72
-rwxr-xr-xsrc/libstrongswan/asn1/pem.c49
-rwxr-xr-xsrc/libstrongswan/asn1/pem.h8
-rw-r--r--src/libstrongswan/chunk.c14
-rw-r--r--src/libstrongswan/chunk.h19
-rw-r--r--src/libstrongswan/credentials/builder.c2
-rw-r--r--src/libstrongswan/credentials/builder.h10
-rw-r--r--src/libstrongswan/credentials/certificates/ac.h2
-rw-r--r--src/libstrongswan/credentials/certificates/certificate.c14
-rw-r--r--src/libstrongswan/credentials/certificates/certificate.h12
-rw-r--r--src/libstrongswan/credentials/certificates/crl.c2
-rw-r--r--src/libstrongswan/credentials/certificates/crl.h2
-rw-r--r--src/libstrongswan/credentials/certificates/ocsp_request.h2
-rw-r--r--src/libstrongswan/credentials/certificates/ocsp_response.c2
-rw-r--r--src/libstrongswan/credentials/certificates/ocsp_response.h2
-rw-r--r--src/libstrongswan/credentials/certificates/x509.c2
-rw-r--r--src/libstrongswan/credentials/certificates/x509.h2
-rw-r--r--src/libstrongswan/credentials/credential_factory.c4
-rw-r--r--src/libstrongswan/credentials/credential_factory.h3
-rw-r--r--src/libstrongswan/credentials/keys/private_key.c2
-rw-r--r--src/libstrongswan/credentials/keys/private_key.h10
-rw-r--r--src/libstrongswan/credentials/keys/public_key.c45
-rw-r--r--src/libstrongswan/credentials/keys/public_key.h66
-rw-r--r--src/libstrongswan/credentials/keys/shared_key.c2
-rw-r--r--src/libstrongswan/crypto/crypters/crypter.c147
-rw-r--r--src/libstrongswan/crypto/crypters/crypter.h74
-rw-r--r--src/libstrongswan/crypto/crypto_factory.c178
-rw-r--r--src/libstrongswan/crypto/crypto_factory.h15
-rw-r--r--src/libstrongswan/crypto/crypto_tester.c629
-rw-r--r--src/libstrongswan/crypto/crypto_tester.h205
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.c28
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.h2
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.c8
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.h18
-rw-r--r--src/libstrongswan/crypto/pkcs9.c2
-rw-r--r--src/libstrongswan/crypto/pkcs9.h2
-rw-r--r--src/libstrongswan/crypto/prf_plus.c2
-rw-r--r--src/libstrongswan/crypto/prf_plus.h2
-rw-r--r--src/libstrongswan/crypto/prfs/prf.c11
-rw-r--r--src/libstrongswan/crypto/prfs/prf.h20
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.c270
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.h34
-rw-r--r--src/libstrongswan/crypto/proposal/proposal_keywords.txt118
-rw-r--r--src/libstrongswan/crypto/rngs/rng.c6
-rw-r--r--src/libstrongswan/crypto/rngs/rng.h10
-rw-r--r--src/libstrongswan/crypto/signers/signer.c21
-rw-r--r--src/libstrongswan/crypto/signers/signer.h35
-rw-r--r--src/libstrongswan/crypto/transform.c29
-rw-r--r--src/libstrongswan/crypto/transform.h47
-rw-r--r--src/libstrongswan/database/database_factory.c2
-rw-r--r--src/libstrongswan/debug.c2
-rw-r--r--src/libstrongswan/debug.h2
-rw-r--r--src/libstrongswan/enum.c2
-rw-r--r--src/libstrongswan/enum.h2
-rw-r--r--src/libstrongswan/fetcher/fetcher.h12
-rw-r--r--src/libstrongswan/fetcher/fetcher_manager.c6
-rw-r--r--src/libstrongswan/fips/Makefile.in17
-rw-r--r--src/libstrongswan/fips/fips.c2
-rw-r--r--src/libstrongswan/fips/fips.h2
-rw-r--r--src/libstrongswan/fips/fips_canister_end.c2
-rw-r--r--src/libstrongswan/fips/fips_canister_start.c2
-rw-r--r--src/libstrongswan/fips/fips_signer.c2
-rw-r--r--src/libstrongswan/library.c8
-rw-r--r--src/libstrongswan/library.h4
-rw-r--r--src/libstrongswan/pgp/pgp.c93
-rw-r--r--src/libstrongswan/pgp/pgp.h115
-rw-r--r--src/libstrongswan/plugins/aes/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/aes/aes_crypter.c4
-rw-r--r--src/libstrongswan/plugins/aes/aes_plugin.c2
-rw-r--r--src/libstrongswan/plugins/agent/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/agent/agent_plugin.c2
-rw-r--r--src/libstrongswan/plugins/agent/agent_private_key.c16
-rw-r--r--src/libstrongswan/plugins/blowfish/Makefile.am12
-rw-r--r--src/libstrongswan/plugins/blowfish/Makefile.in513
-rw-r--r--src/libstrongswan/plugins/blowfish/bf_enc.c306
-rw-r--r--src/libstrongswan/plugins/blowfish/bf_locl.h218
-rw-r--r--src/libstrongswan/plugins/blowfish/bf_pi.h325
-rw-r--r--src/libstrongswan/plugins/blowfish/bf_skey.c122
-rw-r--r--src/libstrongswan/plugins/blowfish/blowfish.h133
-rw-r--r--src/libstrongswan/plugins/blowfish/blowfish_crypter.c197
-rw-r--r--src/libstrongswan/plugins/blowfish/blowfish_crypter.h50
-rw-r--r--src/libstrongswan/plugins/blowfish/blowfish_plugin.c59
-rw-r--r--src/libstrongswan/plugins/blowfish/blowfish_plugin.h48
-rw-r--r--src/libstrongswan/plugins/curl/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/curl/curl_fetcher.c66
-rw-r--r--src/libstrongswan/plugins/curl/curl_plugin.c2
-rw-r--r--src/libstrongswan/plugins/des/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/des/des_crypter.c4
-rw-r--r--src/libstrongswan/plugins/des/des_plugin.c2
-rw-r--r--src/libstrongswan/plugins/fips_prf/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/fips_prf/fips_prf.c2
-rw-r--r--src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c2
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.am17
-rw-r--r--src/libstrongswan/plugins/gcrypt/Makefile.in522
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c252
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h49
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_dh.c564
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_dh.h48
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c151
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h47
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c212
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h47
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rng.c103
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rng.h47
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c734
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h47
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c512
-rw-r--r--src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h47
-rw-r--r--src/libstrongswan/plugins/gmp/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c6
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_plugin.c2
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c341
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c350
-rw-r--r--src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h2
-rw-r--r--src/libstrongswan/plugins/hmac/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/hmac/hmac.c2
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_plugin.c4
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_prf.c2
-rw-r--r--src/libstrongswan/plugins/hmac/hmac_signer.c6
-rw-r--r--src/libstrongswan/plugins/ldap/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/ldap/ldap_fetcher.c2
-rw-r--r--src/libstrongswan/plugins/ldap/ldap_plugin.c2
-rw-r--r--src/libstrongswan/plugins/md4/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/md4/md4_hasher.c2
-rw-r--r--src/libstrongswan/plugins/md4/md4_plugin.c2
-rw-r--r--src/libstrongswan/plugins/md5/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/md5/md5_hasher.c2
-rw-r--r--src/libstrongswan/plugins/md5/md5_plugin.c2
-rw-r--r--src/libstrongswan/plugins/mysql/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/mysql/mysql_database.c2
-rw-r--r--src/libstrongswan/plugins/mysql/mysql_plugin.c2
-rw-r--r--src/libstrongswan/plugins/openssl/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crypter.c10
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crypter.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_private_key.c101
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_private_key.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_public_key.c51
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_public_key.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_hasher.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_hasher.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.c4
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_plugin.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c167
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c127
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_util.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_util.h2
-rw-r--r--src/libstrongswan/plugins/padlock/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_aes_crypter.c2
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_plugin.c4
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_rng.c4
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_rng.h2
-rw-r--r--src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c2
-rw-r--r--src/libstrongswan/plugins/plugin_loader.c2
-rw-r--r--src/libstrongswan/plugins/pubkey/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_cert.c2
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_cert.h2
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_plugin.c2
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_public_key.c4
-rw-r--r--src/libstrongswan/plugins/pubkey/pubkey_public_key.h2
-rw-r--r--src/libstrongswan/plugins/random/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/random/random_plugin.c4
-rw-r--r--src/libstrongswan/plugins/random/random_rng.c4
-rw-r--r--src/libstrongswan/plugins/random/random_rng.h2
-rw-r--r--src/libstrongswan/plugins/sha1/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/sha1/sha1_hasher.c2
-rw-r--r--src/libstrongswan/plugins/sha1/sha1_plugin.c2
-rw-r--r--src/libstrongswan/plugins/sha1/sha1_prf.c2
-rw-r--r--src/libstrongswan/plugins/sha2/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/sha2/sha2_hasher.c2
-rw-r--r--src/libstrongswan/plugins/sha2/sha2_plugin.c2
-rw-r--r--src/libstrongswan/plugins/sqlite/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/sqlite/sqlite_database.c2
-rw-r--r--src/libstrongswan/plugins/sqlite/sqlite_plugin.c2
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.am33
-rw-r--r--src/libstrongswan/plugins/test_vectors/Makefile.in710
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors.h159
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c43
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/aes_cbc.c113
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/aes_xcbc.c129
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c46
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c91
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/cast.c28
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/des.c65
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/fips_prf.c30
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/idea.c44
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/md2.c63
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/md4.c63
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/md5.c63
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/md5_hmac.c112
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/null.c25
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c44
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/rng.c236
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c91
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/sha1.c51
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/sha1_hmac.c146
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/sha2.c136
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/sha2_hmac.c353
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c56
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c142
-rw-r--r--src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h47
-rw-r--r--src/libstrongswan/plugins/x509/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/x509/ietf_attr_list.h2
-rw-r--r--src/libstrongswan/plugins/x509/x509_ac.c33
-rw-r--r--src/libstrongswan/plugins/x509/x509_ac.h2
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.c122
-rw-r--r--src/libstrongswan/plugins/x509/x509_cert.h2
-rw-r--r--src/libstrongswan/plugins/x509/x509_crl.c34
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_request.c3
-rw-r--r--src/libstrongswan/plugins/x509/x509_ocsp_response.c38
-rw-r--r--src/libstrongswan/plugins/x509/x509_plugin.c2
-rw-r--r--src/libstrongswan/plugins/xcbc/Makefile.in17
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc.c2
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_plugin.c2
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_prf.c2
-rw-r--r--src/libstrongswan/plugins/xcbc/xcbc_signer.c2
-rw-r--r--src/libstrongswan/printf_hook.c20
-rw-r--r--src/libstrongswan/printf_hook.h7
-rw-r--r--src/libstrongswan/settings.c19
-rw-r--r--src/libstrongswan/settings.h4
-rw-r--r--src/libstrongswan/utils.c19
-rw-r--r--src/libstrongswan/utils.h33
-rw-r--r--src/libstrongswan/utils/backtrace.c4
-rw-r--r--src/libstrongswan/utils/enumerator.c4
-rw-r--r--src/libstrongswan/utils/enumerator.h4
-rw-r--r--src/libstrongswan/utils/hashtable.c2
-rw-r--r--src/libstrongswan/utils/hashtable.h2
-rw-r--r--src/libstrongswan/utils/host.c51
-rw-r--r--src/libstrongswan/utils/identification.c396
-rw-r--r--src/libstrongswan/utils/identification.h89
-rw-r--r--src/libstrongswan/utils/iterator.h2
-rw-r--r--src/libstrongswan/utils/leak_detective.c7
-rw-r--r--src/libstrongswan/utils/lexparser.c2
-rw-r--r--src/libstrongswan/utils/lexparser.h2
-rw-r--r--src/libstrongswan/utils/linked_list.c2
-rw-r--r--src/libstrongswan/utils/linked_list.h3
-rw-r--r--src/libstrongswan/utils/mutex.c10
-rw-r--r--src/libstrongswan/utils/mutex.h2
-rw-r--r--src/libstrongswan/utils/optionsfrom.c2
-rw-r--r--src/libstrongswan/utils/optionsfrom.h2
254 files changed, 13208 insertions, 1858 deletions
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 1d0f837ef..212b9547d 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -22,12 +22,15 @@ asn1/pem.c asn1/pem.h \
crypto/crypters/crypter.c crypto/crypters/crypter.h \
crypto/hashers/hasher.h crypto/hashers/hasher.c \
crypto/pkcs9.c crypto/pkcs9.h \
+crypto/proposal/proposal_keywords.c crypto/proposal/proposal_keywords.h \
crypto/prfs/prf.c crypto/prfs/prf.h \
crypto/rngs/rng.c crypto/rngs/rng.h \
crypto/prf_plus.h crypto/prf_plus.c \
crypto/signers/signer.c crypto/signers/signer.h \
-crypto/diffie_hellman.c crypto/diffie_hellman.h \
crypto/crypto_factory.c crypto/crypto_factory.h \
+crypto/crypto_tester.c crypto/crypto_tester.h \
+crypto/diffie_hellman.c crypto/diffie_hellman.h \
+crypto/transform.c crypto/transform.h \
credentials/credential_factory.c credentials/credential_factory.h \
credentials/builder.c credentials/builder.h \
credentials/keys/private_key.c credentials/keys/private_key.h \
@@ -39,8 +42,9 @@ credentials/certificates/ac.h \
credentials/certificates/crl.h credentials/certificates/crl.c \
credentials/certificates/ocsp_request.h \
credentials/certificates/ocsp_response.h credentials/certificates/ocsp_response.c \
-fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \
database/database.h database/database_factory.h database/database_factory.c \
+fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \
+pgp/pgp.c pgp/pgp.h \
utils.h utils.c \
utils/host.c utils/host.h \
utils/identification.c utils/identification.h \
@@ -54,15 +58,17 @@ utils/mutex.c utils/mutex.h \
utils/backtrace.c utils/backtrace.h \
plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h
-libstrongswan_la_LIBADD = -lpthread -ldl
+libstrongswan_la_LIBADD = -lpthread $(DLLIB)
INCLUDES = -I$(top_srcdir)/src/libstrongswan
-AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \
- -DIPSEC_PLUGINDIR=\"${plugindir}\"
+AM_CFLAGS = \
+-DIPSEC_DIR=\"${ipsecdir}\" \
+-DIPSEC_PLUGINDIR=\"${plugindir}\"
if USE_LEAK_DETECTIVE
AM_CFLAGS += -DLEAK_DETECTIVE
- libstrongswan_la_SOURCES += utils/leak_detective.c utils/leak_detective.h
+ libstrongswan_la_SOURCES += \
+ utils/leak_detective.c utils/leak_detective.h
endif
if USE_LOCK_PROFILER
@@ -78,15 +84,28 @@ if USE_VSTR
libstrongswan_la_LIBADD += -lvstr
endif
-EXTRA_DIST = asn1/oid.txt asn1/oid.pl
-BUILT_SOURCES = asn1/oid.c asn1/oid.h
-MAINTAINERCLEANFILES = asn1/oid.c asn1/oid.h
+EXTRA_DIST = \
+asn1/oid.txt asn1/oid.pl \
+crypto/proposal/proposal_keywords.txt
+
+BUILT_SOURCES = \
+$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
+$(srcdir)/crypto/proposal/proposal_keywords.c
+
+MAINTAINERCLEANFILES = \
+$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
+$(srcdir)/crypto/proposal/proposal_keywords.c
-asn1/oid.c : asn1/oid.pl asn1/oid.txt
- (cd `dirname $<` && $(PERL) `basename $<`)
+$(srcdir)/asn1/oid.c : $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
+ (cd $(srcdir)/asn1/ && $(PERL) oid.pl)
-asn1/oid.h : asn1/oid.pl asn1/oid.txt
- (cd `dirname $<` && $(PERL) `basename $<`)
+$(srcdir)/asn1/oid.h : $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
+ (cd $(srcdir)/asn1/ && $(PERL) oid.pl)
+
+$(srcdir)/crypto/proposal/proposal_keywords.c: $(srcdir)/crypto/proposal/proposal_keywords.txt \
+ $(srcdir)/crypto/proposal/proposal_keywords.h
+ $(GPERF) -N proposal_get_token -m 10 -C -G -c -t -D < \
+ $(srcdir)/crypto/proposal/proposal_keywords.txt > $@
# build plugins with their own Makefile
@@ -102,6 +121,10 @@ if USE_DES
SUBDIRS += plugins/des
endif
+if USE_BLOWFISH
+ SUBDIRS += plugins/blowfish
+endif
+
if USE_MD4
SUBDIRS += plugins/md4
endif
@@ -170,10 +193,18 @@ if USE_OPENSSL
SUBDIRS += plugins/openssl
endif
+if USE_GCRYPT
+ SUBDIRS += plugins/gcrypt
+endif
+
if USE_AGENT
SUBDIRS += plugins/agent
endif
+if USE_TEST_VECTORS
+ SUBDIRS += plugins/test_vectors
+endif
+
if USE_INTEGRITY_TEST
SUBDIRS += fips
endif
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index ed13138e4..dd25f0526 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -33,30 +33,35 @@ POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
@USE_LEAK_DETECTIVE_TRUE@am__append_1 = -DLEAK_DETECTIVE
-@USE_LEAK_DETECTIVE_TRUE@am__append_2 = utils/leak_detective.c utils/leak_detective.h
+@USE_LEAK_DETECTIVE_TRUE@am__append_2 = \
+@USE_LEAK_DETECTIVE_TRUE@ utils/leak_detective.c utils/leak_detective.h
+
@USE_LOCK_PROFILER_TRUE@am__append_3 = -DLOCK_PROFILER
@USE_VSTR_TRUE@am__append_4 = -lvstr
@USE_AES_TRUE@am__append_5 = plugins/aes
@USE_DES_TRUE@am__append_6 = plugins/des
-@USE_MD4_TRUE@am__append_7 = plugins/md4
-@USE_MD5_TRUE@am__append_8 = plugins/md5
-@USE_SHA1_TRUE@am__append_9 = plugins/sha1
-@USE_SHA2_TRUE@am__append_10 = plugins/sha2
-@USE_FIPS_PRF_TRUE@am__append_11 = plugins/fips_prf
-@USE_GMP_TRUE@am__append_12 = plugins/gmp
-@USE_RANDOM_TRUE@am__append_13 = plugins/random
-@USE_HMAC_TRUE@am__append_14 = plugins/hmac
-@USE_XCBC_TRUE@am__append_15 = plugins/xcbc
-@USE_X509_TRUE@am__append_16 = plugins/x509
-@USE_PUBKEY_TRUE@am__append_17 = plugins/pubkey
-@USE_CURL_TRUE@am__append_18 = plugins/curl
-@USE_LDAP_TRUE@am__append_19 = plugins/ldap
-@USE_MYSQL_TRUE@am__append_20 = plugins/mysql
-@USE_SQLITE_TRUE@am__append_21 = plugins/sqlite
-@USE_PADLOCK_TRUE@am__append_22 = plugins/padlock
-@USE_OPENSSL_TRUE@am__append_23 = plugins/openssl
-@USE_AGENT_TRUE@am__append_24 = plugins/agent
-@USE_INTEGRITY_TEST_TRUE@am__append_25 = fips
+@USE_BLOWFISH_TRUE@am__append_7 = plugins/blowfish
+@USE_MD4_TRUE@am__append_8 = plugins/md4
+@USE_MD5_TRUE@am__append_9 = plugins/md5
+@USE_SHA1_TRUE@am__append_10 = plugins/sha1
+@USE_SHA2_TRUE@am__append_11 = plugins/sha2
+@USE_FIPS_PRF_TRUE@am__append_12 = plugins/fips_prf
+@USE_GMP_TRUE@am__append_13 = plugins/gmp
+@USE_RANDOM_TRUE@am__append_14 = plugins/random
+@USE_HMAC_TRUE@am__append_15 = plugins/hmac
+@USE_XCBC_TRUE@am__append_16 = plugins/xcbc
+@USE_X509_TRUE@am__append_17 = plugins/x509
+@USE_PUBKEY_TRUE@am__append_18 = plugins/pubkey
+@USE_CURL_TRUE@am__append_19 = plugins/curl
+@USE_LDAP_TRUE@am__append_20 = plugins/ldap
+@USE_MYSQL_TRUE@am__append_21 = plugins/mysql
+@USE_SQLITE_TRUE@am__append_22 = plugins/sqlite
+@USE_PADLOCK_TRUE@am__append_23 = plugins/padlock
+@USE_OPENSSL_TRUE@am__append_24 = plugins/openssl
+@USE_GCRYPT_TRUE@am__append_25 = plugins/gcrypt
+@USE_AGENT_TRUE@am__append_26 = plugins/agent
+@USE_TEST_VECTORS_TRUE@am__append_27 = plugins/test_vectors
+@USE_INTEGRITY_TEST_TRUE@am__append_28 = fips
subdir = src/libstrongswan
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -75,7 +80,8 @@ am__installdirs = "$(DESTDIR)$(libdir)"
libLTLIBRARIES_INSTALL = $(INSTALL)
LTLIBRARIES = $(lib_LTLIBRARIES)
am__DEPENDENCIES_1 =
-libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
+libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \
chunk.h debug.c debug.h enum.c enum.h settings.h settings.c \
printf_hook.c printf_hook.h asn1/asn1.c asn1/asn1.h \
@@ -83,11 +89,14 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \
asn1/pem.c asn1/pem.h crypto/crypters/crypter.c \
crypto/crypters/crypter.h crypto/hashers/hasher.h \
crypto/hashers/hasher.c crypto/pkcs9.c crypto/pkcs9.h \
- crypto/prfs/prf.c crypto/prfs/prf.h crypto/rngs/rng.c \
- crypto/rngs/rng.h crypto/prf_plus.h crypto/prf_plus.c \
- crypto/signers/signer.c crypto/signers/signer.h \
- crypto/diffie_hellman.c crypto/diffie_hellman.h \
- crypto/crypto_factory.c crypto/crypto_factory.h \
+ crypto/proposal/proposal_keywords.c \
+ crypto/proposal/proposal_keywords.h crypto/prfs/prf.c \
+ crypto/prfs/prf.h crypto/rngs/rng.c crypto/rngs/rng.h \
+ crypto/prf_plus.h crypto/prf_plus.c crypto/signers/signer.c \
+ crypto/signers/signer.h crypto/crypto_factory.c \
+ crypto/crypto_factory.h crypto/crypto_tester.c \
+ crypto/crypto_tester.h crypto/diffie_hellman.c \
+ crypto/diffie_hellman.h crypto/transform.c crypto/transform.h \
credentials/credential_factory.c \
credentials/credential_factory.h credentials/builder.c \
credentials/builder.h credentials/keys/private_key.c \
@@ -101,18 +110,19 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \
credentials/certificates/crl.h credentials/certificates/crl.c \
credentials/certificates/ocsp_request.h \
credentials/certificates/ocsp_response.h \
- credentials/certificates/ocsp_response.c fetcher/fetcher.h \
- fetcher/fetcher_manager.h fetcher/fetcher_manager.c \
- database/database.h database/database_factory.h \
- database/database_factory.c utils.h utils.c utils/host.c \
- utils/host.h utils/identification.c utils/identification.h \
- utils/iterator.h utils/lexparser.c utils/lexparser.h \
- utils/linked_list.c utils/linked_list.h utils/hashtable.c \
- utils/hashtable.h utils/enumerator.c utils/enumerator.h \
- utils/optionsfrom.c utils/optionsfrom.h utils/mutex.c \
- utils/mutex.h utils/backtrace.c utils/backtrace.h \
- plugins/plugin_loader.c plugins/plugin_loader.h \
- plugins/plugin.h utils/leak_detective.c utils/leak_detective.h \
+ credentials/certificates/ocsp_response.c database/database.h \
+ database/database_factory.h database/database_factory.c \
+ fetcher/fetcher.h fetcher/fetcher_manager.h \
+ fetcher/fetcher_manager.c pgp/pgp.c pgp/pgp.h utils.h utils.c \
+ utils/host.c utils/host.h utils/identification.c \
+ utils/identification.h utils/iterator.h utils/lexparser.c \
+ utils/lexparser.h utils/linked_list.c utils/linked_list.h \
+ utils/hashtable.c utils/hashtable.h utils/enumerator.c \
+ utils/enumerator.h utils/optionsfrom.c utils/optionsfrom.h \
+ utils/mutex.c utils/mutex.h utils/backtrace.c \
+ utils/backtrace.h plugins/plugin_loader.c \
+ plugins/plugin_loader.h plugins/plugin.h \
+ utils/leak_detective.c utils/leak_detective.h \
fips/fips_canister_start.c fips/fips.c fips/fips.h \
fips/fips_canister_end.c
@USE_LEAK_DETECTIVE_TRUE@am__objects_1 = leak_detective.lo
@@ -120,39 +130,44 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \
@USE_INTEGRITY_TEST_FALSE@ chunk.lo debug.lo enum.lo \
@USE_INTEGRITY_TEST_FALSE@ settings.lo printf_hook.lo asn1.lo \
@USE_INTEGRITY_TEST_FALSE@ asn1_parser.lo oid.lo pem.lo \
-@USE_INTEGRITY_TEST_FALSE@ crypter.lo hasher.lo pkcs9.lo prf.lo \
-@USE_INTEGRITY_TEST_FALSE@ rng.lo prf_plus.lo signer.lo \
-@USE_INTEGRITY_TEST_FALSE@ diffie_hellman.lo crypto_factory.lo \
+@USE_INTEGRITY_TEST_FALSE@ crypter.lo hasher.lo pkcs9.lo \
+@USE_INTEGRITY_TEST_FALSE@ proposal_keywords.lo prf.lo rng.lo \
+@USE_INTEGRITY_TEST_FALSE@ prf_plus.lo signer.lo \
+@USE_INTEGRITY_TEST_FALSE@ crypto_factory.lo crypto_tester.lo \
+@USE_INTEGRITY_TEST_FALSE@ diffie_hellman.lo transform.lo \
@USE_INTEGRITY_TEST_FALSE@ credential_factory.lo builder.lo \
@USE_INTEGRITY_TEST_FALSE@ private_key.lo public_key.lo \
@USE_INTEGRITY_TEST_FALSE@ shared_key.lo certificate.lo x509.lo \
@USE_INTEGRITY_TEST_FALSE@ crl.lo ocsp_response.lo \
-@USE_INTEGRITY_TEST_FALSE@ fetcher_manager.lo \
-@USE_INTEGRITY_TEST_FALSE@ database_factory.lo utils.lo host.lo \
-@USE_INTEGRITY_TEST_FALSE@ identification.lo lexparser.lo \
-@USE_INTEGRITY_TEST_FALSE@ linked_list.lo hashtable.lo \
-@USE_INTEGRITY_TEST_FALSE@ enumerator.lo optionsfrom.lo \
-@USE_INTEGRITY_TEST_FALSE@ mutex.lo backtrace.lo \
+@USE_INTEGRITY_TEST_FALSE@ database_factory.lo \
+@USE_INTEGRITY_TEST_FALSE@ fetcher_manager.lo pgp.lo utils.lo \
+@USE_INTEGRITY_TEST_FALSE@ host.lo identification.lo \
+@USE_INTEGRITY_TEST_FALSE@ lexparser.lo linked_list.lo \
+@USE_INTEGRITY_TEST_FALSE@ hashtable.lo enumerator.lo \
+@USE_INTEGRITY_TEST_FALSE@ optionsfrom.lo mutex.lo backtrace.lo \
@USE_INTEGRITY_TEST_FALSE@ plugin_loader.lo $(am__objects_1)
@USE_INTEGRITY_TEST_TRUE@am_libstrongswan_la_OBJECTS = \
@USE_INTEGRITY_TEST_TRUE@ fips_canister_start.lo fips.lo \
@USE_INTEGRITY_TEST_TRUE@ library.lo chunk.lo debug.lo enum.lo \
@USE_INTEGRITY_TEST_TRUE@ settings.lo printf_hook.lo asn1.lo \
@USE_INTEGRITY_TEST_TRUE@ asn1_parser.lo oid.lo pem.lo \
-@USE_INTEGRITY_TEST_TRUE@ crypter.lo hasher.lo pkcs9.lo prf.lo \
-@USE_INTEGRITY_TEST_TRUE@ rng.lo prf_plus.lo signer.lo \
-@USE_INTEGRITY_TEST_TRUE@ diffie_hellman.lo crypto_factory.lo \
+@USE_INTEGRITY_TEST_TRUE@ crypter.lo hasher.lo pkcs9.lo \
+@USE_INTEGRITY_TEST_TRUE@ proposal_keywords.lo prf.lo rng.lo \
+@USE_INTEGRITY_TEST_TRUE@ prf_plus.lo signer.lo \
+@USE_INTEGRITY_TEST_TRUE@ crypto_factory.lo crypto_tester.lo \
+@USE_INTEGRITY_TEST_TRUE@ diffie_hellman.lo transform.lo \
@USE_INTEGRITY_TEST_TRUE@ credential_factory.lo builder.lo \
@USE_INTEGRITY_TEST_TRUE@ private_key.lo public_key.lo \
@USE_INTEGRITY_TEST_TRUE@ shared_key.lo certificate.lo x509.lo \
@USE_INTEGRITY_TEST_TRUE@ crl.lo ocsp_response.lo \
-@USE_INTEGRITY_TEST_TRUE@ fetcher_manager.lo \
-@USE_INTEGRITY_TEST_TRUE@ database_factory.lo utils.lo host.lo \
-@USE_INTEGRITY_TEST_TRUE@ identification.lo lexparser.lo \
-@USE_INTEGRITY_TEST_TRUE@ linked_list.lo hashtable.lo \
-@USE_INTEGRITY_TEST_TRUE@ enumerator.lo optionsfrom.lo mutex.lo \
-@USE_INTEGRITY_TEST_TRUE@ backtrace.lo plugin_loader.lo \
-@USE_INTEGRITY_TEST_TRUE@ $(am__objects_1) fips_canister_end.lo
+@USE_INTEGRITY_TEST_TRUE@ database_factory.lo \
+@USE_INTEGRITY_TEST_TRUE@ fetcher_manager.lo pgp.lo utils.lo \
+@USE_INTEGRITY_TEST_TRUE@ host.lo identification.lo \
+@USE_INTEGRITY_TEST_TRUE@ lexparser.lo linked_list.lo \
+@USE_INTEGRITY_TEST_TRUE@ hashtable.lo enumerator.lo \
+@USE_INTEGRITY_TEST_TRUE@ optionsfrom.lo mutex.lo backtrace.lo \
+@USE_INTEGRITY_TEST_TRUE@ plugin_loader.lo $(am__objects_1) \
+@USE_INTEGRITY_TEST_TRUE@ fips_canister_end.lo
libstrongswan_la_OBJECTS = $(am_libstrongswan_la_OBJECTS)
DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
@@ -179,12 +194,12 @@ RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
ETAGS = etags
CTAGS = ctags
-DIST_SUBDIRS = . plugins/aes plugins/des plugins/md4 plugins/md5 \
- plugins/sha1 plugins/sha2 plugins/fips_prf plugins/gmp \
- plugins/random plugins/hmac plugins/xcbc plugins/x509 \
- plugins/pubkey plugins/curl plugins/ldap plugins/mysql \
- plugins/sqlite plugins/padlock plugins/openssl plugins/agent \
- fips
+DIST_SUBDIRS = . plugins/aes plugins/des plugins/blowfish plugins/md4 \
+ plugins/md5 plugins/sha1 plugins/sha2 plugins/fips_prf \
+ plugins/gmp plugins/random plugins/hmac plugins/xcbc \
+ plugins/x509 plugins/pubkey plugins/curl plugins/ldap \
+ plugins/mysql plugins/sqlite plugins/padlock plugins/openssl \
+ plugins/gcrypt plugins/agent plugins/test_vectors fips
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
@@ -201,6 +216,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -223,6 +239,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -234,6 +253,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -247,6 +267,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -307,6 +329,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -318,6 +341,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -336,15 +360,21 @@ lib_LTLIBRARIES = libstrongswan.la
@USE_INTEGRITY_TEST_FALSE@ crypto/hashers/hasher.h \
@USE_INTEGRITY_TEST_FALSE@ crypto/hashers/hasher.c \
@USE_INTEGRITY_TEST_FALSE@ crypto/pkcs9.c crypto/pkcs9.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/proposal/proposal_keywords.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/proposal/proposal_keywords.h \
@USE_INTEGRITY_TEST_FALSE@ crypto/prfs/prf.c crypto/prfs/prf.h \
@USE_INTEGRITY_TEST_FALSE@ crypto/rngs/rng.c crypto/rngs/rng.h \
@USE_INTEGRITY_TEST_FALSE@ crypto/prf_plus.h crypto/prf_plus.c \
@USE_INTEGRITY_TEST_FALSE@ crypto/signers/signer.c \
@USE_INTEGRITY_TEST_FALSE@ crypto/signers/signer.h \
-@USE_INTEGRITY_TEST_FALSE@ crypto/diffie_hellman.c \
-@USE_INTEGRITY_TEST_FALSE@ crypto/diffie_hellman.h \
@USE_INTEGRITY_TEST_FALSE@ crypto/crypto_factory.c \
@USE_INTEGRITY_TEST_FALSE@ crypto/crypto_factory.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/crypto_tester.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/crypto_tester.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/diffie_hellman.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/diffie_hellman.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/transform.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/transform.h \
@USE_INTEGRITY_TEST_FALSE@ credentials/credential_factory.c \
@USE_INTEGRITY_TEST_FALSE@ credentials/credential_factory.h \
@USE_INTEGRITY_TEST_FALSE@ credentials/builder.c \
@@ -365,13 +395,14 @@ lib_LTLIBRARIES = libstrongswan.la
@USE_INTEGRITY_TEST_FALSE@ credentials/certificates/ocsp_request.h \
@USE_INTEGRITY_TEST_FALSE@ credentials/certificates/ocsp_response.h \
@USE_INTEGRITY_TEST_FALSE@ credentials/certificates/ocsp_response.c \
-@USE_INTEGRITY_TEST_FALSE@ fetcher/fetcher.h \
-@USE_INTEGRITY_TEST_FALSE@ fetcher/fetcher_manager.h \
-@USE_INTEGRITY_TEST_FALSE@ fetcher/fetcher_manager.c \
@USE_INTEGRITY_TEST_FALSE@ database/database.h \
@USE_INTEGRITY_TEST_FALSE@ database/database_factory.h \
-@USE_INTEGRITY_TEST_FALSE@ database/database_factory.c utils.h \
-@USE_INTEGRITY_TEST_FALSE@ utils.c utils/host.c utils/host.h \
+@USE_INTEGRITY_TEST_FALSE@ database/database_factory.c \
+@USE_INTEGRITY_TEST_FALSE@ fetcher/fetcher.h \
+@USE_INTEGRITY_TEST_FALSE@ fetcher/fetcher_manager.h \
+@USE_INTEGRITY_TEST_FALSE@ fetcher/fetcher_manager.c pgp/pgp.c \
+@USE_INTEGRITY_TEST_FALSE@ pgp/pgp.h utils.h utils.c \
+@USE_INTEGRITY_TEST_FALSE@ utils/host.c utils/host.h \
@USE_INTEGRITY_TEST_FALSE@ utils/identification.c \
@USE_INTEGRITY_TEST_FALSE@ utils/identification.h \
@USE_INTEGRITY_TEST_FALSE@ utils/iterator.h utils/lexparser.c \
@@ -402,15 +433,20 @@ lib_LTLIBRARIES = libstrongswan.la
@USE_INTEGRITY_TEST_TRUE@ crypto/hashers/hasher.h \
@USE_INTEGRITY_TEST_TRUE@ crypto/hashers/hasher.c \
@USE_INTEGRITY_TEST_TRUE@ crypto/pkcs9.c crypto/pkcs9.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/proposal/proposal_keywords.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/proposal/proposal_keywords.h \
@USE_INTEGRITY_TEST_TRUE@ crypto/prfs/prf.c crypto/prfs/prf.h \
@USE_INTEGRITY_TEST_TRUE@ crypto/rngs/rng.c crypto/rngs/rng.h \
@USE_INTEGRITY_TEST_TRUE@ crypto/prf_plus.h crypto/prf_plus.c \
@USE_INTEGRITY_TEST_TRUE@ crypto/signers/signer.c \
@USE_INTEGRITY_TEST_TRUE@ crypto/signers/signer.h \
-@USE_INTEGRITY_TEST_TRUE@ crypto/diffie_hellman.c \
-@USE_INTEGRITY_TEST_TRUE@ crypto/diffie_hellman.h \
@USE_INTEGRITY_TEST_TRUE@ crypto/crypto_factory.c \
@USE_INTEGRITY_TEST_TRUE@ crypto/crypto_factory.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/crypto_tester.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/crypto_tester.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/diffie_hellman.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/diffie_hellman.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/transform.c crypto/transform.h \
@USE_INTEGRITY_TEST_TRUE@ credentials/credential_factory.c \
@USE_INTEGRITY_TEST_TRUE@ credentials/credential_factory.h \
@USE_INTEGRITY_TEST_TRUE@ credentials/builder.c \
@@ -431,13 +467,14 @@ lib_LTLIBRARIES = libstrongswan.la
@USE_INTEGRITY_TEST_TRUE@ credentials/certificates/ocsp_request.h \
@USE_INTEGRITY_TEST_TRUE@ credentials/certificates/ocsp_response.h \
@USE_INTEGRITY_TEST_TRUE@ credentials/certificates/ocsp_response.c \
-@USE_INTEGRITY_TEST_TRUE@ fetcher/fetcher.h \
-@USE_INTEGRITY_TEST_TRUE@ fetcher/fetcher_manager.h \
-@USE_INTEGRITY_TEST_TRUE@ fetcher/fetcher_manager.c \
@USE_INTEGRITY_TEST_TRUE@ database/database.h \
@USE_INTEGRITY_TEST_TRUE@ database/database_factory.h \
-@USE_INTEGRITY_TEST_TRUE@ database/database_factory.c utils.h \
-@USE_INTEGRITY_TEST_TRUE@ utils.c utils/host.c utils/host.h \
+@USE_INTEGRITY_TEST_TRUE@ database/database_factory.c \
+@USE_INTEGRITY_TEST_TRUE@ fetcher/fetcher.h \
+@USE_INTEGRITY_TEST_TRUE@ fetcher/fetcher_manager.h \
+@USE_INTEGRITY_TEST_TRUE@ fetcher/fetcher_manager.c pgp/pgp.c \
+@USE_INTEGRITY_TEST_TRUE@ pgp/pgp.h utils.h utils.c \
+@USE_INTEGRITY_TEST_TRUE@ utils/host.c utils/host.h \
@USE_INTEGRITY_TEST_TRUE@ utils/identification.c \
@USE_INTEGRITY_TEST_TRUE@ utils/identification.h \
@USE_INTEGRITY_TEST_TRUE@ utils/iterator.h utils/lexparser.c \
@@ -453,14 +490,23 @@ lib_LTLIBRARIES = libstrongswan.la
@USE_INTEGRITY_TEST_TRUE@ plugins/plugin_loader.h \
@USE_INTEGRITY_TEST_TRUE@ plugins/plugin.h $(am__append_2) \
@USE_INTEGRITY_TEST_TRUE@ fips/fips_canister_end.c
-libstrongswan_la_LIBADD = -lpthread -ldl $(am__append_4)
+libstrongswan_la_LIBADD = -lpthread $(DLLIB) $(am__append_4)
INCLUDES = -I$(top_srcdir)/src/libstrongswan
AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \
-DIPSEC_PLUGINDIR=\"${plugindir}\" $(am__append_1) \
$(am__append_3)
-EXTRA_DIST = asn1/oid.txt asn1/oid.pl
-BUILT_SOURCES = asn1/oid.c asn1/oid.h
-MAINTAINERCLEANFILES = asn1/oid.c asn1/oid.h
+EXTRA_DIST = \
+asn1/oid.txt asn1/oid.pl \
+crypto/proposal/proposal_keywords.txt
+
+BUILT_SOURCES = \
+$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
+$(srcdir)/crypto/proposal/proposal_keywords.c
+
+MAINTAINERCLEANFILES = \
+$(srcdir)/asn1/oid.c $(srcdir)/asn1/oid.h \
+$(srcdir)/crypto/proposal/proposal_keywords.c
+
# build plugins with their own Makefile
#######################################
@@ -470,7 +516,8 @@ SUBDIRS = . $(am__append_5) $(am__append_6) $(am__append_7) \
$(am__append_14) $(am__append_15) $(am__append_16) \
$(am__append_17) $(am__append_18) $(am__append_19) \
$(am__append_20) $(am__append_21) $(am__append_22) \
- $(am__append_23) $(am__append_24) $(am__append_25)
+ $(am__append_23) $(am__append_24) $(am__append_25) \
+ $(am__append_26) $(am__append_27) $(am__append_28)
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-recursive
@@ -480,8 +527,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -551,6 +598,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crl.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypter.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto_factory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto_tester.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/database_factory.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/debug.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/diffie_hellman.Plo@am__quote@
@@ -573,17 +621,20 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/oid.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/optionsfrom.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs9.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plugin_loader.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prf.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prf_plus.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/printf_hook.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/private_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proposal_keywords.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/public_key.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rng.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/settings.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shared_key.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/signer.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@
@@ -657,6 +708,13 @@ pkcs9.lo: crypto/pkcs9.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pkcs9.lo `test -f 'crypto/pkcs9.c' || echo '$(srcdir)/'`crypto/pkcs9.c
+proposal_keywords.lo: crypto/proposal/proposal_keywords.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT proposal_keywords.lo -MD -MP -MF $(DEPDIR)/proposal_keywords.Tpo -c -o proposal_keywords.lo `test -f 'crypto/proposal/proposal_keywords.c' || echo '$(srcdir)/'`crypto/proposal/proposal_keywords.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/proposal_keywords.Tpo $(DEPDIR)/proposal_keywords.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/proposal/proposal_keywords.c' object='proposal_keywords.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o proposal_keywords.lo `test -f 'crypto/proposal/proposal_keywords.c' || echo '$(srcdir)/'`crypto/proposal/proposal_keywords.c
+
prf.lo: crypto/prfs/prf.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT prf.lo -MD -MP -MF $(DEPDIR)/prf.Tpo -c -o prf.lo `test -f 'crypto/prfs/prf.c' || echo '$(srcdir)/'`crypto/prfs/prf.c
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/prf.Tpo $(DEPDIR)/prf.Plo
@@ -685,6 +743,20 @@ signer.lo: crypto/signers/signer.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o signer.lo `test -f 'crypto/signers/signer.c' || echo '$(srcdir)/'`crypto/signers/signer.c
+crypto_factory.lo: crypto/crypto_factory.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypto_factory.lo -MD -MP -MF $(DEPDIR)/crypto_factory.Tpo -c -o crypto_factory.lo `test -f 'crypto/crypto_factory.c' || echo '$(srcdir)/'`crypto/crypto_factory.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/crypto_factory.Tpo $(DEPDIR)/crypto_factory.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/crypto_factory.c' object='crypto_factory.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypto_factory.lo `test -f 'crypto/crypto_factory.c' || echo '$(srcdir)/'`crypto/crypto_factory.c
+
+crypto_tester.lo: crypto/crypto_tester.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypto_tester.lo -MD -MP -MF $(DEPDIR)/crypto_tester.Tpo -c -o crypto_tester.lo `test -f 'crypto/crypto_tester.c' || echo '$(srcdir)/'`crypto/crypto_tester.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/crypto_tester.Tpo $(DEPDIR)/crypto_tester.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/crypto_tester.c' object='crypto_tester.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypto_tester.lo `test -f 'crypto/crypto_tester.c' || echo '$(srcdir)/'`crypto/crypto_tester.c
+
diffie_hellman.lo: crypto/diffie_hellman.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT diffie_hellman.lo -MD -MP -MF $(DEPDIR)/diffie_hellman.Tpo -c -o diffie_hellman.lo `test -f 'crypto/diffie_hellman.c' || echo '$(srcdir)/'`crypto/diffie_hellman.c
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/diffie_hellman.Tpo $(DEPDIR)/diffie_hellman.Plo
@@ -692,12 +764,12 @@ diffie_hellman.lo: crypto/diffie_hellman.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o diffie_hellman.lo `test -f 'crypto/diffie_hellman.c' || echo '$(srcdir)/'`crypto/diffie_hellman.c
-crypto_factory.lo: crypto/crypto_factory.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypto_factory.lo -MD -MP -MF $(DEPDIR)/crypto_factory.Tpo -c -o crypto_factory.lo `test -f 'crypto/crypto_factory.c' || echo '$(srcdir)/'`crypto/crypto_factory.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/crypto_factory.Tpo $(DEPDIR)/crypto_factory.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/crypto_factory.c' object='crypto_factory.lo' libtool=yes @AMDEPBACKSLASH@
+transform.lo: crypto/transform.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT transform.lo -MD -MP -MF $(DEPDIR)/transform.Tpo -c -o transform.lo `test -f 'crypto/transform.c' || echo '$(srcdir)/'`crypto/transform.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/transform.Tpo $(DEPDIR)/transform.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/transform.c' object='transform.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypto_factory.lo `test -f 'crypto/crypto_factory.c' || echo '$(srcdir)/'`crypto/crypto_factory.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o transform.lo `test -f 'crypto/transform.c' || echo '$(srcdir)/'`crypto/transform.c
credential_factory.lo: credentials/credential_factory.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT credential_factory.lo -MD -MP -MF $(DEPDIR)/credential_factory.Tpo -c -o credential_factory.lo `test -f 'credentials/credential_factory.c' || echo '$(srcdir)/'`credentials/credential_factory.c
@@ -762,6 +834,13 @@ ocsp_response.lo: credentials/certificates/ocsp_response.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp_response.lo `test -f 'credentials/certificates/ocsp_response.c' || echo '$(srcdir)/'`credentials/certificates/ocsp_response.c
+database_factory.lo: database/database_factory.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT database_factory.lo -MD -MP -MF $(DEPDIR)/database_factory.Tpo -c -o database_factory.lo `test -f 'database/database_factory.c' || echo '$(srcdir)/'`database/database_factory.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/database_factory.Tpo $(DEPDIR)/database_factory.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='database/database_factory.c' object='database_factory.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o database_factory.lo `test -f 'database/database_factory.c' || echo '$(srcdir)/'`database/database_factory.c
+
fetcher_manager.lo: fetcher/fetcher_manager.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fetcher_manager.lo -MD -MP -MF $(DEPDIR)/fetcher_manager.Tpo -c -o fetcher_manager.lo `test -f 'fetcher/fetcher_manager.c' || echo '$(srcdir)/'`fetcher/fetcher_manager.c
@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/fetcher_manager.Tpo $(DEPDIR)/fetcher_manager.Plo
@@ -769,12 +848,12 @@ fetcher_manager.lo: fetcher/fetcher_manager.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fetcher_manager.lo `test -f 'fetcher/fetcher_manager.c' || echo '$(srcdir)/'`fetcher/fetcher_manager.c
-database_factory.lo: database/database_factory.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT database_factory.lo -MD -MP -MF $(DEPDIR)/database_factory.Tpo -c -o database_factory.lo `test -f 'database/database_factory.c' || echo '$(srcdir)/'`database/database_factory.c
-@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/database_factory.Tpo $(DEPDIR)/database_factory.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='database/database_factory.c' object='database_factory.lo' libtool=yes @AMDEPBACKSLASH@
+pgp.lo: pgp/pgp.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pgp.lo -MD -MP -MF $(DEPDIR)/pgp.Tpo -c -o pgp.lo `test -f 'pgp/pgp.c' || echo '$(srcdir)/'`pgp/pgp.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/pgp.Tpo $(DEPDIR)/pgp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pgp/pgp.c' object='pgp.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o database_factory.lo `test -f 'database/database_factory.c' || echo '$(srcdir)/'`database/database_factory.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pgp.lo `test -f 'pgp/pgp.c' || echo '$(srcdir)/'`pgp/pgp.c
host.lo: utils/host.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT host.lo -MD -MP -MF $(DEPDIR)/host.Tpo -c -o host.lo `test -f 'utils/host.c' || echo '$(srcdir)/'`utils/host.c
@@ -955,7 +1034,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
@@ -1168,11 +1247,16 @@ uninstall-am: uninstall-libLTLIBRARIES
uninstall-libLTLIBRARIES
-asn1/oid.c : asn1/oid.pl asn1/oid.txt
- (cd `dirname $<` && $(PERL) `basename $<`)
+$(srcdir)/asn1/oid.c : $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
+ (cd $(srcdir)/asn1/ && $(PERL) oid.pl)
+
+$(srcdir)/asn1/oid.h : $(srcdir)/asn1/oid.pl $(srcdir)/asn1/oid.txt
+ (cd $(srcdir)/asn1/ && $(PERL) oid.pl)
-asn1/oid.h : asn1/oid.pl asn1/oid.txt
- (cd `dirname $<` && $(PERL) `basename $<`)
+$(srcdir)/crypto/proposal/proposal_keywords.c: $(srcdir)/crypto/proposal/proposal_keywords.txt \
+ $(srcdir)/crypto/proposal/proposal_keywords.h
+ $(GPERF) -N proposal_get_token -m 10 -C -G -c -t -D < \
+ $(srcdir)/crypto/proposal/proposal_keywords.txt > $@
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 8b9762777..d2078cbbc 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -13,15 +13,14 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: asn1.c 5041 2009-03-27 08:58:48Z andreas $
*/
#include <stdio.h>
#include <string.h>
#include <time.h>
+#include <pthread.h>
-#include <library.h>
+#include <utils.h>
#include <debug.h>
#include "oid.h"
@@ -209,9 +208,13 @@ int asn1_known_oid(chunk_t object)
else
{
if (oid_names[oid].next)
+ {
oid = oid_names[oid].next;
+ }
else
+ {
return OID_UNKNOWN;
+ }
}
}
return -1;
@@ -220,7 +223,39 @@ int asn1_known_oid(chunk_t object)
/*
* Defined in header.
*/
-u_int asn1_length(chunk_t *blob)
+chunk_t asn1_build_known_oid(int n)
+{
+ chunk_t oid;
+ int i;
+
+ if (n < 0 || n >= OID_MAX)
+ {
+ return chunk_empty;
+ }
+
+ i = oid_names[n].level + 1;
+ oid = chunk_alloc(2 + i);
+ oid.ptr[0] = ASN1_OID;
+ oid.ptr[1] = i;
+
+ do
+ {
+ if (oid_names[n].level >= i)
+ {
+ n--;
+ continue;
+ }
+ oid.ptr[--i + 2] = oid_names[n--].octet;
+ }
+ while (i > 0);
+
+ return oid;
+}
+
+/*
+ * Defined in header.
+ */
+size_t asn1_length(chunk_t *blob)
{
u_char n;
size_t len;
@@ -261,18 +296,28 @@ u_int asn1_length(chunk_t *blob)
len = 256*len + *blob->ptr++;
blob->len--;
}
+ if (len > blob->len)
+ {
+ DBG2("length is larger than remaining blob size");
+ return ASN1_INVALID_LENGTH;
+ }
return len;
}
#define TIME_MAX 0x7fffffff
+static const int days[] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 };
+static const int tm_leap_1970 = 477;
+
/**
* Converts ASN.1 UTCTIME or GENERALIZEDTIME into calender time
*/
time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
{
- struct tm t;
- time_t tc, tz_offset;
+ int tm_year, tm_mon, tm_day, tm_days, tm_hour, tm_min, tm_sec;
+ int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap;
+ int tz_hour, tz_min, tz_offset;
+ time_t tm_secs;
u_char *eot = NULL;
if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL)
@@ -281,16 +326,18 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
}
else if ((eot = memchr(utctime->ptr, '+', utctime->len)) != NULL)
{
- int tz_hour, tz_min;
-
- sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
+ if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
+ {
+ return 0; /* error in positive timezone offset format */
+ }
tz_offset = 3600*tz_hour + 60*tz_min; /* positive time zone offset */
}
else if ((eot = memchr(utctime->ptr, '-', utctime->len)) != NULL)
{
- int tz_hour, tz_min;
-
- sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
+ if (sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min) != 2)
+ {
+ return 0; /* error in negative timezone offset format */
+ }
tz_offset = -3600*tz_hour - 60*tz_min; /* negative time zone offset */
}
else
@@ -303,45 +350,65 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type)
const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
"%4d%2d%2d%2d%2d";
- sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday,
- &t.tm_hour, &t.tm_min);
+ if (sscanf(utctime->ptr, format, &tm_year, &tm_mon, &tm_day,
+ &tm_hour, &tm_min) != 5)
+ {
+ return 0; /* error in [yy]yymmddhhmm time format */
+ }
}
/* is there a seconds field? */
if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14))
{
- sscanf(eot-2, "%2d", &t.tm_sec);
+ if (sscanf(eot-2, "%2d", &tm_sec) != 1)
+ {
+ return 0; /* error in ss seconds field format */
+ }
}
else
{
- t.tm_sec = 0;
+ tm_sec = 0;
}
- /* representation of year */
- if (t.tm_year >= 1900)
+ /* representation of two-digit years */
+ if (type == ASN1_UTCTIME)
{
- t.tm_year -= 1900;
+ tm_year += (tm_year < 50) ? 2000 : 1900;
}
- else if (t.tm_year >= 100)
+
+ /* prevent large 32 bit integer overflows */
+ if (sizeof(time_t) == 4 && tm_year > 2038)
{
- return 0;
+ return TIME_MAX;
}
- else if (t.tm_year < 50)
+
+ /* representation of months as 0..11*/
+ if (tm_mon < 1 || tm_mon > 12)
{
- t.tm_year += 100;
+ return 0; /* error in month format */
}
+ tm_mon--;
- /* representation of month 0..11*/
- t.tm_mon--;
-
- /* set daylight saving time to off */
- t.tm_isdst = 0;
-
- /* convert to time_t */
- tc = mktime(&t);
+ /* representation of days as 0..30 */
+ tm_day--;
- /* if no conversion overflow occurred, compensate timezone */
- return (tc == -1) ? TIME_MAX : (tc - timezone - tz_offset);
+ /* number of leap years between last year and 1970? */
+ tm_leap_4 = (tm_year - 1) / 4;
+ tm_leap_100 = tm_leap_4 / 25;
+ tm_leap_400 = tm_leap_100 / 4;
+ tm_leap = tm_leap_4 - tm_leap_100 + tm_leap_400 - tm_leap_1970;
+
+ /* if date later then February, is the current year a leap year? */
+ if (tm_mon > 1 && (tm_year % 4 == 0) &&
+ (tm_year % 100 != 0 || tm_year % 400 == 0))
+ {
+ tm_leap++;
+ }
+ tm_days = 365 * (tm_year - 1970) + days[tm_mon] + tm_day + tm_leap;
+ tm_secs = 60 * (60 * (24 * tm_days + tm_hour) + tm_min) + tm_sec - tz_offset;
+
+ /* has a 32 bit overflow occurred? */
+ return (tm_secs < 0) ? TIME_MAX : tm_secs;
}
/**
@@ -626,7 +693,7 @@ chunk_t asn1_simple_object(asn1_t tag, chunk_t content)
}
/**
- * Build an ASN.1 BITSTRING object
+ * Build an ASN.1 BIT_STRING object
*/
chunk_t asn1_bitstring(const char *mode, chunk_t content)
{
@@ -643,6 +710,41 @@ chunk_t asn1_bitstring(const char *mode, chunk_t content)
}
/**
+ * Build an ASN.1 INTEGER object
+ */
+chunk_t asn1_integer(const char *mode, chunk_t content)
+{
+ chunk_t object;
+ size_t len;
+ u_char *pos;
+
+ if (content.len == 0 || (content.len == 1 && *content.ptr == 0x00))
+ {
+ /* a zero ASN.1 integer does not have a value field */
+ len = 0;
+ }
+ else
+ {
+ /* ASN.1 integers must be positive numbers in two's complement */
+ len = content.len + ((*content.ptr & 0x80) ? 1 : 0);
+ }
+ pos = asn1_build_object(&object, ASN1_INTEGER, len);
+ if (len > content.len)
+ {
+ *pos++ = 0x00;
+ }
+ if (len)
+ {
+ memcpy(pos, content.ptr, content.len);
+ }
+ if (*mode == 'm')
+ {
+ free(content.ptr);
+ }
+ return object;
+}
+
+/**
* Build an ASN.1 object from a variable number of individual chunks.
* Depending on the mode, chunks either are moved ('m') or copied ('c').
*/
diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h
index 4ea89730c..6a2b594c0 100644
--- a/src/libstrongswan/asn1/asn1.h
+++ b/src/libstrongswan/asn1/asn1.h
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: asn1.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -27,7 +25,8 @@
#include <stdarg.h>
-#include <library.h>
+#include <utils.h>
+#include <chunk.h>
/**
* Definition of some primitive ASN1 types
@@ -107,13 +106,21 @@ chunk_t asn1_algorithmIdentifier(int oid);
int asn1_known_oid(chunk_t object);
/**
+ * Converts a known OID index to an ASN.1 OID
+ *
+ * @param n index into the oid_names[] table
+ * @return allocated OID chunk, chunk_empty if index out of range
+ */
+chunk_t asn1_build_known_oid(int n);
+
+/**
* Returns the length of an ASN.1 object
* The blob pointer is advanced past the tag length fields
*
* @param blob pointer to an ASN.1 coded blob
* @return length of ASN.1 object
*/
-u_int asn1_length(chunk_t *blob);
+size_t asn1_length(chunk_t *blob);
/**
* Parses an ASN.1 algorithmIdentifier object
@@ -221,6 +228,15 @@ chunk_t asn1_simple_object(asn1_t tag, chunk_t content);
chunk_t asn1_bitstring(const char *mode, chunk_t content);
/**
+ * Build an ASN.1 INTEGER object
+ *
+ * @param mode 'c' for copy or 'm' for move
+ * @param content content of the INTEGER
+ * @return chunk containing the ASN.1 coded INTEGER
+ */
+chunk_t asn1_integer(const char *mode, chunk_t content);
+
+/**
* Build an ASN.1 object from a variable number of individual chunks
*
* @param type ASN.1 type to be created
diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c
index 7a2028fc3..bc4c0b50f 100644
--- a/src/libstrongswan/asn1/asn1_parser.c
+++ b/src/libstrongswan/asn1/asn1_parser.c
@@ -13,15 +13,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: asn1_parser.c 3894 2008-04-28 18:44:21Z andreas $
*/
#include <stdio.h>
#include <string.h>
#include <time.h>
-#include <library.h>
+#include <utils.h>
#include <debug.h>
#include "asn1.h"
@@ -160,7 +158,7 @@ static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object)
blob1->len = asn1_length(blob);
- if (blob1->len == ASN1_INVALID_LENGTH || blob->len < blob1->len)
+ if (blob1->len == ASN1_INVALID_LENGTH)
{
DBG1("L%d - %s: length of ASN.1 object invalid or too large",
level, obj.name);
diff --git a/src/libstrongswan/asn1/asn1_parser.h b/src/libstrongswan/asn1/asn1_parser.h
index bcc966e04..b2f4133a1 100644
--- a/src/libstrongswan/asn1/asn1_parser.h
+++ b/src/libstrongswan/asn1/asn1_parser.h
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: asn1_parser.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -27,7 +25,9 @@
#include <stdarg.h>
-#include <library.h>
+#include <utils.h>
+#include <chunk.h>
+#include <asn1/asn1.h>
/**
* Definition of ASN.1 flags
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index f9eb26d1d..53657b514 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -10,270 +10,300 @@
#include "oid.h"
const oid_t oid_names[] = {
- {0x02, 7, 1, "ITU-T Administration" }, /* 0 */
- { 0x82, 0, 1, "" }, /* 1 */
- { 0x06, 0, 1, "Germany ITU-T member" }, /* 2 */
- { 0x01, 0, 1, "Deutsche Telekom AG" }, /* 3 */
- { 0x0A, 0, 1, "" }, /* 4 */
- { 0x07, 0, 1, "" }, /* 5 */
- { 0x14, 0, 0, "ND" }, /* 6 */
- {0x09, 18, 1, "data" }, /* 7 */
- { 0x92, 0, 1, "" }, /* 8 */
- { 0x26, 0, 1, "" }, /* 9 */
- { 0x89, 0, 1, "" }, /* 10 */
- { 0x93, 0, 1, "" }, /* 11 */
- { 0xF2, 0, 1, "" }, /* 12 */
- { 0x2C, 0, 1, "" }, /* 13 */
- { 0x64, 0, 1, "pilot" }, /* 14 */
- { 0x01, 0, 1, "pilotAttributeType" }, /* 15 */
- { 0x01, 17, 0, "UID" }, /* 16 */
- { 0x19, 0, 0, "DC" }, /* 17 */
- {0x55, 52, 1, "X.500" }, /* 18 */
- { 0x04, 36, 1, "X.509" }, /* 19 */
- { 0x03, 21, 0, "CN" }, /* 20 */
- { 0x04, 22, 0, "S" }, /* 21 */
- { 0x05, 23, 0, "SN" }, /* 22 */
- { 0x06, 24, 0, "C" }, /* 23 */
- { 0x07, 25, 0, "L" }, /* 24 */
- { 0x08, 26, 0, "ST" }, /* 25 */
- { 0x0A, 27, 0, "O" }, /* 26 */
- { 0x0B, 28, 0, "OU" }, /* 27 */
- { 0x0C, 29, 0, "T" }, /* 28 */
- { 0x0D, 30, 0, "D" }, /* 29 */
- { 0x24, 31, 0, "userCertificate" }, /* 30 */
- { 0x29, 32, 0, "N" }, /* 31 */
- { 0x2A, 33, 0, "G" }, /* 32 */
- { 0x2B, 34, 0, "I" }, /* 33 */
- { 0x2D, 35, 0, "ID" }, /* 34 */
- { 0x48, 0, 0, "role" }, /* 35 */
- { 0x1D, 0, 1, "id-ce" }, /* 36 */
- { 0x09, 38, 0, "subjectDirectoryAttrs" }, /* 37 */
- { 0x0E, 39, 0, "subjectKeyIdentifier" }, /* 38 */
- { 0x0F, 40, 0, "keyUsage" }, /* 39 */
- { 0x10, 41, 0, "privateKeyUsagePeriod" }, /* 40 */
- { 0x11, 42, 0, "subjectAltName" }, /* 41 */
- { 0x12, 43, 0, "issuerAltName" }, /* 42 */
- { 0x13, 44, 0, "basicConstraints" }, /* 43 */
- { 0x14, 45, 0, "crlNumber" }, /* 44 */
- { 0x15, 46, 0, "reasonCode" }, /* 45 */
- { 0x1F, 47, 0, "crlDistributionPoints" }, /* 46 */
- { 0x20, 48, 0, "certificatePolicies" }, /* 47 */
- { 0x23, 49, 0, "authorityKeyIdentifier" }, /* 48 */
- { 0x25, 50, 0, "extendedKeyUsage" }, /* 49 */
- { 0x37, 51, 0, "targetInformation" }, /* 50 */
- { 0x38, 0, 0, "noRevAvail" }, /* 51 */
- {0x2A, 131, 1, "" }, /* 52 */
- { 0x86, 0, 1, "" }, /* 53 */
- { 0x48, 0, 1, "" }, /* 54 */
- { 0x86, 95, 1, "" }, /* 55 */
- { 0xF6, 61, 1, "" }, /* 56 */
- { 0x7D, 0, 1, "NortelNetworks" }, /* 57 */
- { 0x07, 0, 1, "Entrust" }, /* 58 */
- { 0x41, 0, 1, "nsn-ce" }, /* 59 */
- { 0x00, 0, 0, "entrustVersInfo" }, /* 60 */
- { 0xF7, 0, 1, "" }, /* 61 */
- { 0x0D, 0, 1, "RSADSI" }, /* 62 */
- { 0x01, 90, 1, "PKCS" }, /* 63 */
- { 0x01, 72, 1, "PKCS-1" }, /* 64 */
- { 0x01, 66, 0, "rsaEncryption" }, /* 65 */
- { 0x02, 67, 0, "md2WithRSAEncryption" }, /* 66 */
- { 0x04, 68, 0, "md5WithRSAEncryption" }, /* 67 */
- { 0x05, 69, 0, "sha-1WithRSAEncryption" }, /* 68 */
- { 0x0B, 70, 0, "sha256WithRSAEncryption" }, /* 69 */
- { 0x0C, 71, 0, "sha384WithRSAEncryption" }, /* 70 */
- { 0x0D, 0, 0, "sha512WithRSAEncryption" }, /* 71 */
- { 0x07, 79, 1, "PKCS-7" }, /* 72 */
- { 0x01, 74, 0, "data" }, /* 73 */
- { 0x02, 75, 0, "signedData" }, /* 74 */
- { 0x03, 76, 0, "envelopedData" }, /* 75 */
- { 0x04, 77, 0, "signedAndEnvelopedData" }, /* 76 */
- { 0x05, 78, 0, "digestedData" }, /* 77 */
- { 0x06, 0, 0, "encryptedData" }, /* 78 */
- { 0x09, 0, 1, "PKCS-9" }, /* 79 */
- { 0x01, 81, 0, "E" }, /* 80 */
- { 0x02, 82, 0, "unstructuredName" }, /* 81 */
- { 0x03, 83, 0, "contentType" }, /* 82 */
- { 0x04, 84, 0, "messageDigest" }, /* 83 */
- { 0x05, 85, 0, "signingTime" }, /* 84 */
- { 0x06, 86, 0, "counterSignature" }, /* 85 */
- { 0x07, 87, 0, "challengePassword" }, /* 86 */
- { 0x08, 88, 0, "unstructuredAddress" }, /* 87 */
- { 0x0E, 89, 0, "extensionRequest" }, /* 88 */
- { 0x0F, 0, 0, "S/MIME Capabilities" }, /* 89 */
- { 0x02, 93, 1, "digestAlgorithm" }, /* 90 */
- { 0x02, 92, 0, "md2" }, /* 91 */
- { 0x05, 0, 0, "md5" }, /* 92 */
- { 0x03, 0, 1, "encryptionAlgorithm" }, /* 93 */
- { 0x07, 0, 0, "3des-ede-cbc" }, /* 94 */
- { 0xCE, 0, 1, "" }, /* 95 */
- { 0x3D, 0, 1, "ansi-X9-62" }, /* 96 */
- { 0x02, 99, 1, "id-publicKeyType" }, /* 97 */
- { 0x01, 0, 0, "id-ecPublicKey" }, /* 98 */
- { 0x03, 129, 1, "ellipticCurve" }, /* 99 */
- { 0x00, 121, 1, "c-TwoCurve" }, /* 100 */
- { 0x01, 102, 0, "c2pnb163v1" }, /* 101 */
- { 0x02, 103, 0, "c2pnb163v2" }, /* 102 */
- { 0x03, 104, 0, "c2pnb163v3" }, /* 103 */
- { 0x04, 105, 0, "c2pnb176w1" }, /* 104 */
- { 0x05, 106, 0, "c2tnb191v1" }, /* 105 */
- { 0x06, 107, 0, "c2tnb191v2" }, /* 106 */
- { 0x07, 108, 0, "c2tnb191v3" }, /* 107 */
- { 0x08, 109, 0, "c2onb191v4" }, /* 108 */
- { 0x09, 110, 0, "c2onb191v5" }, /* 109 */
- { 0x0A, 111, 0, "c2pnb208w1" }, /* 110 */
- { 0x0B, 112, 0, "c2tnb239v1" }, /* 111 */
- { 0x0C, 113, 0, "c2tnb239v2" }, /* 112 */
- { 0x0D, 114, 0, "c2tnb239v3" }, /* 113 */
- { 0x0E, 115, 0, "c2onb239v4" }, /* 114 */
- { 0x0F, 116, 0, "c2onb239v5" }, /* 115 */
- { 0x10, 117, 0, "c2pnb272w1" }, /* 116 */
- { 0x11, 118, 0, "c2pnb304w1" }, /* 117 */
- { 0x12, 119, 0, "c2tnb359v1" }, /* 118 */
- { 0x13, 120, 0, "c2pnb368w1" }, /* 119 */
- { 0x14, 0, 0, "c2tnb431r1" }, /* 120 */
- { 0x01, 0, 1, "primeCurve" }, /* 121 */
- { 0x01, 123, 0, "prime192v1" }, /* 122 */
- { 0x02, 124, 0, "prime192v2" }, /* 123 */
- { 0x03, 125, 0, "prime192v3" }, /* 124 */
- { 0x04, 126, 0, "prime239v1" }, /* 125 */
- { 0x05, 127, 0, "prime239v2" }, /* 126 */
- { 0x06, 128, 0, "prime239v3" }, /* 127 */
- { 0x07, 0, 0, "prime256v1" }, /* 128 */
- { 0x04, 0, 1, "id-ecSigType" }, /* 129 */
- { 0x01, 0, 0, "ecdsa-with-SHA1" }, /* 130 */
- {0x2B, 231, 1, "" }, /* 131 */
- { 0x06, 184, 1, "dod" }, /* 132 */
- { 0x01, 0, 1, "internet" }, /* 133 */
- { 0x04, 152, 1, "private" }, /* 134 */
- { 0x01, 0, 1, "enterprise" }, /* 135 */
- { 0x82, 145, 1, "" }, /* 136 */
- { 0x37, 0, 1, "Microsoft" }, /* 137 */
- { 0x0A, 142, 1, "" }, /* 138 */
- { 0x03, 0, 1, "" }, /* 139 */
- { 0x03, 141, 0, "msSGC" }, /* 140 */
- { 0x04, 0, 0, "msEncryptingFileSystem" }, /* 141 */
- { 0x14, 0, 1, "msEnrollmentInfrastructure"}, /* 142 */
- { 0x02, 0, 1, "msCertificateTypeExtension"}, /* 143 */
- { 0x02, 0, 0, "msSmartcardLogon" }, /* 144 */
- { 0x89, 0, 1, "" }, /* 145 */
- { 0x31, 0, 1, "" }, /* 146 */
- { 0x01, 0, 1, "" }, /* 147 */
- { 0x01, 0, 1, "" }, /* 148 */
- { 0x02, 0, 1, "" }, /* 149 */
- { 0x02, 151, 0, "" }, /* 150 */
- { 0x4B, 0, 0, "TCGID" }, /* 151 */
- { 0x05, 0, 1, "security" }, /* 152 */
- { 0x05, 0, 1, "mechanisms" }, /* 153 */
- { 0x07, 0, 1, "id-pkix" }, /* 154 */
- { 0x01, 157, 1, "id-pe" }, /* 155 */
- { 0x01, 0, 0, "authorityInfoAccess" }, /* 156 */
- { 0x03, 167, 1, "id-kp" }, /* 157 */
- { 0x01, 159, 0, "serverAuth" }, /* 158 */
- { 0x02, 160, 0, "clientAuth" }, /* 159 */
- { 0x03, 161, 0, "codeSigning" }, /* 160 */
- { 0x04, 162, 0, "emailProtection" }, /* 161 */
- { 0x05, 163, 0, "ipsecEndSystem" }, /* 162 */
- { 0x06, 164, 0, "ipsecTunnel" }, /* 163 */
- { 0x07, 165, 0, "ipsecUser" }, /* 164 */
- { 0x08, 166, 0, "timeStamping" }, /* 165 */
- { 0x09, 0, 0, "ocspSigning" }, /* 166 */
- { 0x08, 169, 1, "id-otherNames" }, /* 167 */
- { 0x05, 0, 0, "xmppAddr" }, /* 168 */
- { 0x0A, 174, 1, "id-aca" }, /* 169 */
- { 0x01, 171, 0, "authenticationInfo" }, /* 170 */
- { 0x02, 172, 0, "accessIdentity" }, /* 171 */
- { 0x03, 173, 0, "chargingIdentity" }, /* 172 */
- { 0x04, 0, 0, "group" }, /* 173 */
- { 0x30, 0, 1, "id-ad" }, /* 174 */
- { 0x01, 183, 1, "ocsp" }, /* 175 */
- { 0x01, 177, 0, "basic" }, /* 176 */
- { 0x02, 178, 0, "nonce" }, /* 177 */
- { 0x03, 179, 0, "crl" }, /* 178 */
- { 0x04, 180, 0, "response" }, /* 179 */
- { 0x05, 181, 0, "noCheck" }, /* 180 */
- { 0x06, 182, 0, "archiveCutoff" }, /* 181 */
- { 0x07, 0, 0, "serviceLocator" }, /* 182 */
- { 0x02, 0, 0, "caIssuers" }, /* 183 */
- { 0x0E, 190, 1, "oiw" }, /* 184 */
- { 0x03, 0, 1, "secsig" }, /* 185 */
- { 0x02, 0, 1, "algorithms" }, /* 186 */
- { 0x07, 188, 0, "des-cbc" }, /* 187 */
- { 0x1A, 189, 0, "sha-1" }, /* 188 */
- { 0x1D, 0, 0, "sha-1WithRSASignature" }, /* 189 */
- { 0x24, 197, 1, "TeleTrusT" }, /* 190 */
- { 0x03, 0, 1, "algorithm" }, /* 191 */
- { 0x03, 0, 1, "signatureAlgorithm" }, /* 192 */
- { 0x01, 0, 1, "rsaSignature" }, /* 193 */
- { 0x02, 195, 0, "rsaSigWithripemd160" }, /* 194 */
- { 0x03, 196, 0, "rsaSigWithripemd128" }, /* 195 */
- { 0x04, 0, 0, "rsaSigWithripemd256" }, /* 196 */
- { 0x81, 0, 1, "" }, /* 197 */
- { 0x04, 0, 1, "Certicom" }, /* 198 */
- { 0x00, 0, 1, "curve" }, /* 199 */
- { 0x01, 201, 0, "sect163k1" }, /* 200 */
- { 0x02, 202, 0, "sect163r1" }, /* 201 */
- { 0x03, 203, 0, "sect239k1" }, /* 202 */
- { 0x04, 204, 0, "sect113r1" }, /* 203 */
- { 0x05, 205, 0, "sect113r2" }, /* 204 */
- { 0x06, 206, 0, "secp112r1" }, /* 205 */
- { 0x07, 207, 0, "secp112r2" }, /* 206 */
- { 0x08, 208, 0, "secp160r1" }, /* 207 */
- { 0x09, 209, 0, "secp160k1" }, /* 208 */
- { 0x0A, 210, 0, "secp256k1" }, /* 209 */
- { 0x0F, 211, 0, "sect163r2" }, /* 210 */
- { 0x10, 212, 0, "sect283k1" }, /* 211 */
- { 0x11, 213, 0, "sect283r1" }, /* 212 */
- { 0x16, 214, 0, "sect131r1" }, /* 213 */
- { 0x17, 215, 0, "sect131r2" }, /* 214 */
- { 0x18, 216, 0, "sect193r1" }, /* 215 */
- { 0x19, 217, 0, "sect193r2" }, /* 216 */
- { 0x1A, 218, 0, "sect233k1" }, /* 217 */
- { 0x1B, 219, 0, "sect233r1" }, /* 218 */
- { 0x1C, 220, 0, "secp128r1" }, /* 219 */
- { 0x1D, 221, 0, "secp128r2" }, /* 220 */
- { 0x1E, 222, 0, "secp160r2" }, /* 221 */
- { 0x1F, 223, 0, "secp192k1" }, /* 222 */
- { 0x20, 224, 0, "secp224k1" }, /* 223 */
- { 0x21, 225, 0, "secp224r1" }, /* 224 */
- { 0x22, 226, 0, "secp384r1" }, /* 225 */
- { 0x23, 227, 0, "secp521r1" }, /* 226 */
- { 0x24, 228, 0, "sect409k1" }, /* 227 */
- { 0x25, 229, 0, "sect409r1" }, /* 228 */
- { 0x26, 230, 0, "sect571k1" }, /* 229 */
- { 0x27, 0, 0, "sect571r1" }, /* 230 */
- {0x60, 0, 1, "" }, /* 231 */
- { 0x86, 0, 1, "" }, /* 232 */
- { 0x48, 0, 1, "" }, /* 233 */
- { 0x01, 0, 1, "organization" }, /* 234 */
- { 0x65, 242, 1, "gov" }, /* 235 */
- { 0x03, 0, 1, "csor" }, /* 236 */
- { 0x04, 0, 1, "nistalgorithm" }, /* 237 */
- { 0x02, 0, 1, "hashalgs" }, /* 238 */
- { 0x01, 240, 0, "id-SHA-256" }, /* 239 */
- { 0x02, 241, 0, "id-SHA-384" }, /* 240 */
- { 0x03, 0, 0, "id-SHA-512" }, /* 241 */
- { 0x86, 0, 1, "" }, /* 242 */
- { 0xf8, 0, 1, "" }, /* 243 */
- { 0x42, 256, 1, "netscape" }, /* 244 */
- { 0x01, 251, 1, "" }, /* 245 */
- { 0x01, 247, 0, "nsCertType" }, /* 246 */
- { 0x03, 248, 0, "nsRevocationUrl" }, /* 247 */
- { 0x04, 249, 0, "nsCaRevocationUrl" }, /* 248 */
- { 0x08, 250, 0, "nsCaPolicyUrl" }, /* 249 */
- { 0x0d, 0, 0, "nsComment" }, /* 250 */
- { 0x03, 254, 1, "directory" }, /* 251 */
- { 0x01, 0, 1, "" }, /* 252 */
- { 0x03, 0, 0, "employeeNumber" }, /* 253 */
- { 0x04, 0, 1, "policy" }, /* 254 */
- { 0x01, 0, 0, "nsSGC" }, /* 255 */
- { 0x45, 0, 1, "verisign" }, /* 256 */
- { 0x01, 0, 1, "pki" }, /* 257 */
- { 0x09, 0, 1, "attributes" }, /* 258 */
- { 0x02, 260, 0, "messageType" }, /* 259 */
- { 0x03, 261, 0, "pkiStatus" }, /* 260 */
- { 0x04, 262, 0, "failInfo" }, /* 261 */
- { 0x05, 263, 0, "senderNonce" }, /* 262 */
- { 0x06, 264, 0, "recipientNonce" }, /* 263 */
- { 0x07, 265, 0, "transID" }, /* 264 */
- { 0x08, 0, 0, "extensionReq" } /* 265 */
+ {0x02, 7, 1, 0, "ITU-T Administration" }, /* 0 */
+ { 0x82, 0, 1, 1, "" }, /* 1 */
+ { 0x06, 0, 1, 2, "Germany ITU-T member" }, /* 2 */
+ { 0x01, 0, 1, 3, "Deutsche Telekom AG" }, /* 3 */
+ { 0x0A, 0, 1, 4, "" }, /* 4 */
+ { 0x07, 0, 1, 5, "" }, /* 5 */
+ { 0x14, 0, 0, 6, "ND" }, /* 6 */
+ {0x09, 18, 1, 0, "data" }, /* 7 */
+ { 0x92, 0, 1, 1, "" }, /* 8 */
+ { 0x26, 0, 1, 2, "" }, /* 9 */
+ { 0x89, 0, 1, 3, "" }, /* 10 */
+ { 0x93, 0, 1, 4, "" }, /* 11 */
+ { 0xF2, 0, 1, 5, "" }, /* 12 */
+ { 0x2C, 0, 1, 6, "" }, /* 13 */
+ { 0x64, 0, 1, 7, "pilot" }, /* 14 */
+ { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */
+ { 0x01, 17, 0, 9, "UID" }, /* 16 */
+ { 0x19, 0, 0, 9, "DC" }, /* 17 */
+ {0x55, 52, 1, 0, "X.500" }, /* 18 */
+ { 0x04, 36, 1, 1, "X.509" }, /* 19 */
+ { 0x03, 21, 0, 2, "CN" }, /* 20 */
+ { 0x04, 22, 0, 2, "S" }, /* 21 */
+ { 0x05, 23, 0, 2, "SN" }, /* 22 */
+ { 0x06, 24, 0, 2, "C" }, /* 23 */
+ { 0x07, 25, 0, 2, "L" }, /* 24 */
+ { 0x08, 26, 0, 2, "ST" }, /* 25 */
+ { 0x0A, 27, 0, 2, "O" }, /* 26 */
+ { 0x0B, 28, 0, 2, "OU" }, /* 27 */
+ { 0x0C, 29, 0, 2, "T" }, /* 28 */
+ { 0x0D, 30, 0, 2, "D" }, /* 29 */
+ { 0x24, 31, 0, 2, "userCertificate" }, /* 30 */
+ { 0x29, 32, 0, 2, "N" }, /* 31 */
+ { 0x2A, 33, 0, 2, "G" }, /* 32 */
+ { 0x2B, 34, 0, 2, "I" }, /* 33 */
+ { 0x2D, 35, 0, 2, "ID" }, /* 34 */
+ { 0x48, 0, 0, 2, "role" }, /* 35 */
+ { 0x1D, 0, 1, 1, "id-ce" }, /* 36 */
+ { 0x09, 38, 0, 2, "subjectDirectoryAttrs" }, /* 37 */
+ { 0x0E, 39, 0, 2, "subjectKeyIdentifier" }, /* 38 */
+ { 0x0F, 40, 0, 2, "keyUsage" }, /* 39 */
+ { 0x10, 41, 0, 2, "privateKeyUsagePeriod" }, /* 40 */
+ { 0x11, 42, 0, 2, "subjectAltName" }, /* 41 */
+ { 0x12, 43, 0, 2, "issuerAltName" }, /* 42 */
+ { 0x13, 44, 0, 2, "basicConstraints" }, /* 43 */
+ { 0x14, 45, 0, 2, "crlNumber" }, /* 44 */
+ { 0x15, 46, 0, 2, "reasonCode" }, /* 45 */
+ { 0x1F, 47, 0, 2, "crlDistributionPoints" }, /* 46 */
+ { 0x20, 48, 0, 2, "certificatePolicies" }, /* 47 */
+ { 0x23, 49, 0, 2, "authorityKeyIdentifier" }, /* 48 */
+ { 0x25, 50, 0, 2, "extendedKeyUsage" }, /* 49 */
+ { 0x37, 51, 0, 2, "targetInformation" }, /* 50 */
+ { 0x38, 0, 0, 2, "noRevAvail" }, /* 51 */
+ {0x2A, 143, 1, 0, "" }, /* 52 */
+ { 0x83, 65, 1, 1, "" }, /* 53 */
+ { 0x08, 0, 1, 2, "jp" }, /* 54 */
+ { 0x8C, 0, 1, 3, "" }, /* 55 */
+ { 0x9A, 0, 1, 4, "" }, /* 56 */
+ { 0x4B, 0, 1, 5, "" }, /* 57 */
+ { 0x3D, 0, 1, 6, "" }, /* 58 */
+ { 0x01, 0, 1, 7, "security" }, /* 59 */
+ { 0x01, 0, 1, 8, "algorithm" }, /* 60 */
+ { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 61 */
+ { 0x02, 63, 0, 10, "camellia128-cbc" }, /* 62 */
+ { 0x03, 64, 0, 10, "camellia192-cbc" }, /* 63 */
+ { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 64 */
+ { 0x86, 0, 1, 1, "" }, /* 65 */
+ { 0x48, 0, 1, 2, "us" }, /* 66 */
+ { 0x86, 107, 1, 3, "" }, /* 67 */
+ { 0xF6, 73, 1, 4, "" }, /* 68 */
+ { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 69 */
+ { 0x07, 0, 1, 6, "Entrust" }, /* 70 */
+ { 0x41, 0, 1, 7, "nsn-ce" }, /* 71 */
+ { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 72 */
+ { 0xF7, 0, 1, 4, "" }, /* 73 */
+ { 0x0D, 0, 1, 5, "RSADSI" }, /* 74 */
+ { 0x01, 102, 1, 6, "PKCS" }, /* 75 */
+ { 0x01, 84, 1, 7, "PKCS-1" }, /* 76 */
+ { 0x01, 78, 0, 8, "rsaEncryption" }, /* 77 */
+ { 0x02, 79, 0, 8, "md2WithRSAEncryption" }, /* 78 */
+ { 0x04, 80, 0, 8, "md5WithRSAEncryption" }, /* 79 */
+ { 0x05, 81, 0, 8, "sha-1WithRSAEncryption" }, /* 80 */
+ { 0x0B, 82, 0, 8, "sha256WithRSAEncryption" }, /* 81 */
+ { 0x0C, 83, 0, 8, "sha384WithRSAEncryption" }, /* 82 */
+ { 0x0D, 0, 0, 8, "sha512WithRSAEncryption" }, /* 83 */
+ { 0x07, 91, 1, 7, "PKCS-7" }, /* 84 */
+ { 0x01, 86, 0, 8, "data" }, /* 85 */
+ { 0x02, 87, 0, 8, "signedData" }, /* 86 */
+ { 0x03, 88, 0, 8, "envelopedData" }, /* 87 */
+ { 0x04, 89, 0, 8, "signedAndEnvelopedData" }, /* 88 */
+ { 0x05, 90, 0, 8, "digestedData" }, /* 89 */
+ { 0x06, 0, 0, 8, "encryptedData" }, /* 90 */
+ { 0x09, 0, 1, 7, "PKCS-9" }, /* 91 */
+ { 0x01, 93, 0, 8, "E" }, /* 92 */
+ { 0x02, 94, 0, 8, "unstructuredName" }, /* 93 */
+ { 0x03, 95, 0, 8, "contentType" }, /* 94 */
+ { 0x04, 96, 0, 8, "messageDigest" }, /* 95 */
+ { 0x05, 97, 0, 8, "signingTime" }, /* 96 */
+ { 0x06, 98, 0, 8, "counterSignature" }, /* 97 */
+ { 0x07, 99, 0, 8, "challengePassword" }, /* 98 */
+ { 0x08, 100, 0, 8, "unstructuredAddress" }, /* 99 */
+ { 0x0E, 101, 0, 8, "extensionRequest" }, /* 100 */
+ { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 101 */
+ { 0x02, 105, 1, 6, "digestAlgorithm" }, /* 102 */
+ { 0x02, 104, 0, 7, "md2" }, /* 103 */
+ { 0x05, 0, 0, 7, "md5" }, /* 104 */
+ { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 105 */
+ { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 106 */
+ { 0xCE, 0, 1, 3, "" }, /* 107 */
+ { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 108 */
+ { 0x02, 111, 1, 5, "id-publicKeyType" }, /* 109 */
+ { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 110 */
+ { 0x03, 141, 1, 5, "ellipticCurve" }, /* 111 */
+ { 0x00, 133, 1, 6, "c-TwoCurve" }, /* 112 */
+ { 0x01, 114, 0, 7, "c2pnb163v1" }, /* 113 */
+ { 0x02, 115, 0, 7, "c2pnb163v2" }, /* 114 */
+ { 0x03, 116, 0, 7, "c2pnb163v3" }, /* 115 */
+ { 0x04, 117, 0, 7, "c2pnb176w1" }, /* 116 */
+ { 0x05, 118, 0, 7, "c2tnb191v1" }, /* 117 */
+ { 0x06, 119, 0, 7, "c2tnb191v2" }, /* 118 */
+ { 0x07, 120, 0, 7, "c2tnb191v3" }, /* 119 */
+ { 0x08, 121, 0, 7, "c2onb191v4" }, /* 120 */
+ { 0x09, 122, 0, 7, "c2onb191v5" }, /* 121 */
+ { 0x0A, 123, 0, 7, "c2pnb208w1" }, /* 122 */
+ { 0x0B, 124, 0, 7, "c2tnb239v1" }, /* 123 */
+ { 0x0C, 125, 0, 7, "c2tnb239v2" }, /* 124 */
+ { 0x0D, 126, 0, 7, "c2tnb239v3" }, /* 125 */
+ { 0x0E, 127, 0, 7, "c2onb239v4" }, /* 126 */
+ { 0x0F, 128, 0, 7, "c2onb239v5" }, /* 127 */
+ { 0x10, 129, 0, 7, "c2pnb272w1" }, /* 128 */
+ { 0x11, 130, 0, 7, "c2pnb304w1" }, /* 129 */
+ { 0x12, 131, 0, 7, "c2tnb359v1" }, /* 130 */
+ { 0x13, 132, 0, 7, "c2pnb368w1" }, /* 131 */
+ { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 132 */
+ { 0x01, 0, 1, 6, "primeCurve" }, /* 133 */
+ { 0x01, 135, 0, 7, "prime192v1" }, /* 134 */
+ { 0x02, 136, 0, 7, "prime192v2" }, /* 135 */
+ { 0x03, 137, 0, 7, "prime192v3" }, /* 136 */
+ { 0x04, 138, 0, 7, "prime239v1" }, /* 137 */
+ { 0x05, 139, 0, 7, "prime239v2" }, /* 138 */
+ { 0x06, 140, 0, 7, "prime239v3" }, /* 139 */
+ { 0x07, 0, 0, 7, "prime256v1" }, /* 140 */
+ { 0x04, 0, 1, 5, "id-ecSigType" }, /* 141 */
+ { 0x01, 0, 0, 6, "ecdsa-with-SHA1" }, /* 142 */
+ {0x2B, 243, 1, 0, "" }, /* 143 */
+ { 0x06, 196, 1, 1, "dod" }, /* 144 */
+ { 0x01, 0, 1, 2, "internet" }, /* 145 */
+ { 0x04, 164, 1, 3, "private" }, /* 146 */
+ { 0x01, 0, 1, 4, "enterprise" }, /* 147 */
+ { 0x82, 157, 1, 5, "" }, /* 148 */
+ { 0x37, 0, 1, 6, "Microsoft" }, /* 149 */
+ { 0x0A, 154, 1, 7, "" }, /* 150 */
+ { 0x03, 0, 1, 8, "" }, /* 151 */
+ { 0x03, 153, 0, 9, "msSGC" }, /* 152 */
+ { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 153 */
+ { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 154 */
+ { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 155 */
+ { 0x02, 0, 0, 9, "msSmartcardLogon" }, /* 156 */
+ { 0x89, 0, 1, 5, "" }, /* 157 */
+ { 0x31, 0, 1, 6, "" }, /* 158 */
+ { 0x01, 0, 1, 7, "" }, /* 159 */
+ { 0x01, 0, 1, 8, "" }, /* 160 */
+ { 0x02, 0, 1, 9, "" }, /* 161 */
+ { 0x02, 163, 0, 10, "" }, /* 162 */
+ { 0x4B, 0, 0, 10, "TCGID" }, /* 163 */
+ { 0x05, 0, 1, 3, "security" }, /* 164 */
+ { 0x05, 0, 1, 4, "mechanisms" }, /* 165 */
+ { 0x07, 0, 1, 5, "id-pkix" }, /* 166 */
+ { 0x01, 169, 1, 6, "id-pe" }, /* 167 */
+ { 0x01, 0, 0, 7, "authorityInfoAccess" }, /* 168 */
+ { 0x03, 179, 1, 6, "id-kp" }, /* 169 */
+ { 0x01, 171, 0, 7, "serverAuth" }, /* 170 */
+ { 0x02, 172, 0, 7, "clientAuth" }, /* 171 */
+ { 0x03, 173, 0, 7, "codeSigning" }, /* 172 */
+ { 0x04, 174, 0, 7, "emailProtection" }, /* 173 */
+ { 0x05, 175, 0, 7, "ipsecEndSystem" }, /* 174 */
+ { 0x06, 176, 0, 7, "ipsecTunnel" }, /* 175 */
+ { 0x07, 177, 0, 7, "ipsecUser" }, /* 176 */
+ { 0x08, 178, 0, 7, "timeStamping" }, /* 177 */
+ { 0x09, 0, 0, 7, "ocspSigning" }, /* 178 */
+ { 0x08, 181, 1, 6, "id-otherNames" }, /* 179 */
+ { 0x05, 0, 0, 7, "xmppAddr" }, /* 180 */
+ { 0x0A, 186, 1, 6, "id-aca" }, /* 181 */
+ { 0x01, 183, 0, 7, "authenticationInfo" }, /* 182 */
+ { 0x02, 184, 0, 7, "accessIdentity" }, /* 183 */
+ { 0x03, 185, 0, 7, "chargingIdentity" }, /* 184 */
+ { 0x04, 0, 0, 7, "group" }, /* 185 */
+ { 0x30, 0, 1, 6, "id-ad" }, /* 186 */
+ { 0x01, 195, 1, 7, "ocsp" }, /* 187 */
+ { 0x01, 189, 0, 8, "basic" }, /* 188 */
+ { 0x02, 190, 0, 8, "nonce" }, /* 189 */
+ { 0x03, 191, 0, 8, "crl" }, /* 190 */
+ { 0x04, 192, 0, 8, "response" }, /* 191 */
+ { 0x05, 193, 0, 8, "noCheck" }, /* 192 */
+ { 0x06, 194, 0, 8, "archiveCutoff" }, /* 193 */
+ { 0x07, 0, 0, 8, "serviceLocator" }, /* 194 */
+ { 0x02, 0, 0, 7, "caIssuers" }, /* 195 */
+ { 0x0E, 202, 1, 1, "oiw" }, /* 196 */
+ { 0x03, 0, 1, 2, "secsig" }, /* 197 */
+ { 0x02, 0, 1, 3, "algorithms" }, /* 198 */
+ { 0x07, 200, 0, 4, "des-cbc" }, /* 199 */
+ { 0x1A, 201, 0, 4, "sha-1" }, /* 200 */
+ { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 201 */
+ { 0x24, 209, 1, 1, "TeleTrusT" }, /* 202 */
+ { 0x03, 0, 1, 2, "algorithm" }, /* 203 */
+ { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 204 */
+ { 0x01, 0, 1, 4, "rsaSignature" }, /* 205 */
+ { 0x02, 207, 0, 5, "rsaSigWithripemd160" }, /* 206 */
+ { 0x03, 208, 0, 5, "rsaSigWithripemd128" }, /* 207 */
+ { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 208 */
+ { 0x81, 0, 1, 1, "" }, /* 209 */
+ { 0x04, 0, 1, 2, "Certicom" }, /* 210 */
+ { 0x00, 0, 1, 3, "curve" }, /* 211 */
+ { 0x01, 213, 0, 4, "sect163k1" }, /* 212 */
+ { 0x02, 214, 0, 4, "sect163r1" }, /* 213 */
+ { 0x03, 215, 0, 4, "sect239k1" }, /* 214 */
+ { 0x04, 216, 0, 4, "sect113r1" }, /* 215 */
+ { 0x05, 217, 0, 4, "sect113r2" }, /* 216 */
+ { 0x06, 218, 0, 4, "secp112r1" }, /* 217 */
+ { 0x07, 219, 0, 4, "secp112r2" }, /* 218 */
+ { 0x08, 220, 0, 4, "secp160r1" }, /* 219 */
+ { 0x09, 221, 0, 4, "secp160k1" }, /* 220 */
+ { 0x0A, 222, 0, 4, "secp256k1" }, /* 221 */
+ { 0x0F, 223, 0, 4, "sect163r2" }, /* 222 */
+ { 0x10, 224, 0, 4, "sect283k1" }, /* 223 */
+ { 0x11, 225, 0, 4, "sect283r1" }, /* 224 */
+ { 0x16, 226, 0, 4, "sect131r1" }, /* 225 */
+ { 0x17, 227, 0, 4, "sect131r2" }, /* 226 */
+ { 0x18, 228, 0, 4, "sect193r1" }, /* 227 */
+ { 0x19, 229, 0, 4, "sect193r2" }, /* 228 */
+ { 0x1A, 230, 0, 4, "sect233k1" }, /* 229 */
+ { 0x1B, 231, 0, 4, "sect233r1" }, /* 230 */
+ { 0x1C, 232, 0, 4, "secp128r1" }, /* 231 */
+ { 0x1D, 233, 0, 4, "secp128r2" }, /* 232 */
+ { 0x1E, 234, 0, 4, "secp160r2" }, /* 233 */
+ { 0x1F, 235, 0, 4, "secp192k1" }, /* 234 */
+ { 0x20, 236, 0, 4, "secp224k1" }, /* 235 */
+ { 0x21, 237, 0, 4, "secp224r1" }, /* 236 */
+ { 0x22, 238, 0, 4, "secp384r1" }, /* 237 */
+ { 0x23, 239, 0, 4, "secp521r1" }, /* 238 */
+ { 0x24, 240, 0, 4, "sect409k1" }, /* 239 */
+ { 0x25, 241, 0, 4, "sect409r1" }, /* 240 */
+ { 0x26, 242, 0, 4, "sect571k1" }, /* 241 */
+ { 0x27, 0, 0, 4, "sect571r1" }, /* 242 */
+ {0x60, 0, 1, 0, "" }, /* 243 */
+ { 0x86, 0, 1, 1, "" }, /* 244 */
+ { 0x48, 0, 1, 2, "" }, /* 245 */
+ { 0x01, 289, 1, 3, "organization" }, /* 246 */
+ { 0x65, 265, 1, 4, "gov" }, /* 247 */
+ { 0x03, 0, 1, 5, "csor" }, /* 248 */
+ { 0x04, 0, 1, 6, "nistalgorithm" }, /* 249 */
+ { 0x01, 260, 1, 7, "aes" }, /* 250 */
+ { 0x02, 252, 0, 8, "id-aes128-CBC" }, /* 251 */
+ { 0x06, 253, 0, 8, "id-aes128-GCM" }, /* 252 */
+ { 0x07, 254, 0, 8, "id-aes128-CCM" }, /* 253 */
+ { 0x16, 255, 0, 8, "id-aes192-CBC" }, /* 254 */
+ { 0x1A, 256, 0, 8, "id-aes192-GCM" }, /* 255 */
+ { 0x1B, 257, 0, 8, "id-aes192-CCM" }, /* 256 */
+ { 0x2A, 258, 0, 8, "id-aes256-CBC" }, /* 257 */
+ { 0x2E, 259, 0, 8, "id-aes256-GCM" }, /* 258 */
+ { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 259 */
+ { 0x02, 0, 1, 7, "hashalgs" }, /* 260 */
+ { 0x01, 262, 0, 8, "id-SHA-256" }, /* 261 */
+ { 0x02, 263, 0, 8, "id-SHA-384" }, /* 262 */
+ { 0x03, 264, 0, 8, "id-SHA-512" }, /* 263 */
+ { 0x04, 0, 0, 8, "id-SHA-224" }, /* 264 */
+ { 0x86, 0, 1, 4, "" }, /* 265 */
+ { 0xf8, 0, 1, 5, "" }, /* 266 */
+ { 0x42, 279, 1, 6, "netscape" }, /* 267 */
+ { 0x01, 274, 1, 7, "" }, /* 268 */
+ { 0x01, 270, 0, 8, "nsCertType" }, /* 269 */
+ { 0x03, 271, 0, 8, "nsRevocationUrl" }, /* 270 */
+ { 0x04, 272, 0, 8, "nsCaRevocationUrl" }, /* 271 */
+ { 0x08, 273, 0, 8, "nsCaPolicyUrl" }, /* 272 */
+ { 0x0d, 0, 0, 8, "nsComment" }, /* 273 */
+ { 0x03, 277, 1, 7, "directory" }, /* 274 */
+ { 0x01, 0, 1, 8, "" }, /* 275 */
+ { 0x03, 0, 0, 9, "employeeNumber" }, /* 276 */
+ { 0x04, 0, 1, 7, "policy" }, /* 277 */
+ { 0x01, 0, 0, 8, "nsSGC" }, /* 278 */
+ { 0x45, 0, 1, 6, "verisign" }, /* 279 */
+ { 0x01, 0, 1, 7, "pki" }, /* 280 */
+ { 0x09, 0, 1, 8, "attributes" }, /* 281 */
+ { 0x02, 283, 0, 9, "messageType" }, /* 282 */
+ { 0x03, 284, 0, 9, "pkiStatus" }, /* 283 */
+ { 0x04, 285, 0, 9, "failInfo" }, /* 284 */
+ { 0x05, 286, 0, 9, "senderNonce" }, /* 285 */
+ { 0x06, 287, 0, 9, "recipientNonce" }, /* 286 */
+ { 0x07, 288, 0, 9, "transID" }, /* 287 */
+ { 0x08, 0, 0, 9, "extensionReq" }, /* 288 */
+ { 0x86, 0, 1, 3, "old-netscape" }, /* 289 */
+ { 0xF7, 0, 1, 4, "" }, /* 290 */
+ { 0x0D, 0, 1, 5, "" }, /* 291 */
+ { 0x01, 0, 1, 6, "" }, /* 292 */
+ { 0x09, 0, 1, 7, "" }, /* 293 */
+ { 0x01, 295, 0, 8, "emailAddress" }, /* 294 */
+ { 0x02, 0, 0, 8, "unstructuredName" } /* 295 */
};
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index 72049259a..477789b62 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -5,6 +5,8 @@
* Do not edit manually!
*/
+#include <sys/types.h>
+
#ifndef OID_H_
#define OID_H_
@@ -12,12 +14,31 @@ typedef struct {
u_char octet;
u_int next;
u_int down;
+ u_int level;
const u_char *name;
} oid_t;
extern const oid_t oid_names[];
#define OID_UNKNOWN -1
+#define OID_NAME_DISTINGUISHER 6
+#define OID_PILOT_USERID 16
+#define OID_PILOT_DOMAIN_COMPONENT 17
+#define OID_COMMON_NAME 20
+#define OID_SURNAME 21
+#define OID_SERIAL_NUMBER 22
+#define OID_COUNTRY 23
+#define OID_LOCALITY 24
+#define OID_STATE_OR_PROVINCE 25
+#define OID_ORGANIZATION 26
+#define OID_ORGANIZATION_UNIT 27
+#define OID_TITLE 28
+#define OID_DESCRIPTION 29
+#define OID_USER_CERTIFICATE 30
+#define OID_NAME 31
+#define OID_GIVEN_NAME 32
+#define OID_INITIALS 33
+#define OID_UNIQUE_IDENTIFIER 34
#define OID_ROLE 35
#define OID_SUBJECT_KEY_ID 38
#define OID_SUBJECT_ALT_NAME 41
@@ -29,117 +50,136 @@ extern const oid_t oid_names[];
#define OID_EXTENDED_KEY_USAGE 49
#define OID_TARGET_INFORMATION 50
#define OID_NO_REV_AVAIL 51
-#define OID_RSA_ENCRYPTION 65
-#define OID_MD2_WITH_RSA 66
-#define OID_MD5_WITH_RSA 67
-#define OID_SHA1_WITH_RSA 68
-#define OID_SHA256_WITH_RSA 69
-#define OID_SHA384_WITH_RSA 70
-#define OID_SHA512_WITH_RSA 71
-#define OID_PKCS7_DATA 73
-#define OID_PKCS7_SIGNED_DATA 74
-#define OID_PKCS7_ENVELOPED_DATA 75
-#define OID_PKCS7_SIGNED_ENVELOPED_DATA 76
-#define OID_PKCS7_DIGESTED_DATA 77
-#define OID_PKCS7_ENCRYPTED_DATA 78
-#define OID_PKCS9_EMAIL 80
-#define OID_PKCS9_CONTENT_TYPE 82
-#define OID_PKCS9_MESSAGE_DIGEST 83
-#define OID_PKCS9_SIGNING_TIME 84
-#define OID_MD2 91
-#define OID_MD5 92
-#define OID_3DES_EDE_CBC 94
-#define OID_EC_PUBLICKEY 98
-#define OID_C2PNB163V1 101
-#define OID_C2PNB163V2 102
-#define OID_C2PNB163V3 103
-#define OID_C2PNB176W1 104
-#define OID_C2PNB191V1 105
-#define OID_C2PNB191V2 106
-#define OID_C2PNB191V3 107
-#define OID_C2PNB191V4 108
-#define OID_C2PNB191V5 109
-#define OID_C2PNB208W1 110
-#define OID_C2PNB239V1 111
-#define OID_C2PNB239V2 112
-#define OID_C2PNB239V3 113
-#define OID_C2PNB239V4 114
-#define OID_C2PNB239V5 115
-#define OID_C2PNB272W1 116
-#define OID_C2PNB304W1 117
-#define OID_C2PNB359V1 118
-#define OID_C2PNB368W1 119
-#define OID_C2PNB431R1 120
-#define OID_PRIME192V1 122
-#define OID_PRIME192V2 123
-#define OID_PRIME192V3 124
-#define OID_PRIME239V1 125
-#define OID_PRIME239V2 126
-#define OID_PRIME239V3 127
-#define OID_PRIME256V1 128
-#define OID_ECDSA_WITH_SHA1 130
-#define OID_AUTHORITY_INFO_ACCESS 156
-#define OID_OCSP_SIGNING 166
-#define OID_XMPP_ADDR 168
-#define OID_AUTHENTICATION_INFO 170
-#define OID_ACCESS_IDENTITY 171
-#define OID_CHARGING_IDENTITY 172
-#define OID_GROUP 173
-#define OID_OCSP 175
-#define OID_BASIC 176
-#define OID_NONCE 177
-#define OID_CRL 178
-#define OID_RESPONSE 179
-#define OID_NO_CHECK 180
-#define OID_ARCHIVE_CUTOFF 181
-#define OID_SERVICE_LOCATOR 182
-#define OID_CA_ISSUERS 183
-#define OID_DES_CBC 187
-#define OID_SHA1 188
-#define OID_SHA1_WITH_RSA_OIW 189
-#define OID_SECT163K1 200
-#define OID_SECT163R1 201
-#define OID_SECT239K1 202
-#define OID_SECT113R1 203
-#define OID_SECT113R2 204
-#define OID_SECT112R1 205
-#define OID_SECT112R2 206
-#define OID_SECT160R1 207
-#define OID_SECT160K1 208
-#define OID_SECT256K1 209
-#define OID_SECT163R2 210
-#define OID_SECT283K1 211
-#define OID_SECT283R1 212
-#define OID_SECT131R1 213
-#define OID_SECT131R2 214
-#define OID_SECT193R1 215
-#define OID_SECT193R2 216
-#define OID_SECT233K1 217
-#define OID_SECT233R1 218
-#define OID_SECT128R1 219
-#define OID_SECT128R2 220
-#define OID_SECT160R2 221
-#define OID_SECT192K1 222
-#define OID_SECT224K1 223
-#define OID_SECT224R1 224
-#define OID_SECT384R1 225
-#define OID_SECT521R1 226
-#define OID_SECT409K1 227
-#define OID_SECT409R1 228
-#define OID_SECT571K1 229
-#define OID_SECT571R1 230
-#define OID_SHA256 239
-#define OID_SHA384 240
-#define OID_SHA512 241
-#define OID_NS_REVOCATION_URL 247
-#define OID_NS_CA_REVOCATION_URL 248
-#define OID_NS_CA_POLICY_URL 249
-#define OID_NS_COMMENT 250
-#define OID_PKI_MESSAGE_TYPE 259
-#define OID_PKI_STATUS 260
-#define OID_PKI_FAIL_INFO 261
-#define OID_PKI_SENDER_NONCE 262
-#define OID_PKI_RECIPIENT_NONCE 263
-#define OID_PKI_TRANS_ID 264
+#define OID_CAMELLIA128_CBC 62
+#define OID_CAMELLIA192_CBC 63
+#define OID_CAMELLIA256_CBC 64
+#define OID_RSA_ENCRYPTION 77
+#define OID_MD2_WITH_RSA 78
+#define OID_MD5_WITH_RSA 79
+#define OID_SHA1_WITH_RSA 80
+#define OID_SHA256_WITH_RSA 81
+#define OID_SHA384_WITH_RSA 82
+#define OID_SHA512_WITH_RSA 83
+#define OID_PKCS7_DATA 85
+#define OID_PKCS7_SIGNED_DATA 86
+#define OID_PKCS7_ENVELOPED_DATA 87
+#define OID_PKCS7_SIGNED_ENVELOPED_DATA 88
+#define OID_PKCS7_DIGESTED_DATA 89
+#define OID_PKCS7_ENCRYPTED_DATA 90
+#define OID_PKCS9_EMAIL 92
+#define OID_PKCS9_CONTENT_TYPE 94
+#define OID_PKCS9_MESSAGE_DIGEST 95
+#define OID_PKCS9_SIGNING_TIME 96
+#define OID_MD2 103
+#define OID_MD5 104
+#define OID_3DES_EDE_CBC 106
+#define OID_EC_PUBLICKEY 110
+#define OID_C2PNB163V1 113
+#define OID_C2PNB163V2 114
+#define OID_C2PNB163V3 115
+#define OID_C2PNB176W1 116
+#define OID_C2PNB191V1 117
+#define OID_C2PNB191V2 118
+#define OID_C2PNB191V3 119
+#define OID_C2PNB191V4 120
+#define OID_C2PNB191V5 121
+#define OID_C2PNB208W1 122
+#define OID_C2PNB239V1 123
+#define OID_C2PNB239V2 124
+#define OID_C2PNB239V3 125
+#define OID_C2PNB239V4 126
+#define OID_C2PNB239V5 127
+#define OID_C2PNB272W1 128
+#define OID_C2PNB304W1 129
+#define OID_C2PNB359V1 130
+#define OID_C2PNB368W1 131
+#define OID_C2PNB431R1 132
+#define OID_PRIME192V1 134
+#define OID_PRIME192V2 135
+#define OID_PRIME192V3 136
+#define OID_PRIME239V1 137
+#define OID_PRIME239V2 138
+#define OID_PRIME239V3 139
+#define OID_PRIME256V1 140
+#define OID_ECDSA_WITH_SHA1 142
+#define OID_TCGID 163
+#define OID_AUTHORITY_INFO_ACCESS 168
+#define OID_OCSP_SIGNING 178
+#define OID_XMPP_ADDR 180
+#define OID_AUTHENTICATION_INFO 182
+#define OID_ACCESS_IDENTITY 183
+#define OID_CHARGING_IDENTITY 184
+#define OID_GROUP 185
+#define OID_OCSP 187
+#define OID_BASIC 188
+#define OID_NONCE 189
+#define OID_CRL 190
+#define OID_RESPONSE 191
+#define OID_NO_CHECK 192
+#define OID_ARCHIVE_CUTOFF 193
+#define OID_SERVICE_LOCATOR 194
+#define OID_CA_ISSUERS 195
+#define OID_DES_CBC 199
+#define OID_SHA1 200
+#define OID_SHA1_WITH_RSA_OIW 201
+#define OID_SECT163K1 212
+#define OID_SECT163R1 213
+#define OID_SECT239K1 214
+#define OID_SECT113R1 215
+#define OID_SECT113R2 216
+#define OID_SECT112R1 217
+#define OID_SECT112R2 218
+#define OID_SECT160R1 219
+#define OID_SECT160K1 220
+#define OID_SECT256K1 221
+#define OID_SECT163R2 222
+#define OID_SECT283K1 223
+#define OID_SECT283R1 224
+#define OID_SECT131R1 225
+#define OID_SECT131R2 226
+#define OID_SECT193R1 227
+#define OID_SECT193R2 228
+#define OID_SECT233K1 229
+#define OID_SECT233R1 230
+#define OID_SECT128R1 231
+#define OID_SECT128R2 232
+#define OID_SECT160R2 233
+#define OID_SECT192K1 234
+#define OID_SECT224K1 235
+#define OID_SECT224R1 236
+#define OID_SECT384R1 237
+#define OID_SECT521R1 238
+#define OID_SECT409K1 239
+#define OID_SECT409R1 240
+#define OID_SECT571K1 241
+#define OID_SECT571R1 242
+#define OID_AES128_CBC 251
+#define OID_AES128_GCM 252
+#define OID_AES128_CCM 253
+#define OID_AES192_CBC 254
+#define OID_AES192_GCM 255
+#define OID_AES192_CCM 256
+#define OID_AES256_CBC 257
+#define OID_AES256_GCM 258
+#define OID_AES256_CCM 259
+#define OID_SHA256 261
+#define OID_SHA384 262
+#define OID_SHA512 263
+#define OID_SHA224 264
+#define OID_NS_REVOCATION_URL 270
+#define OID_NS_CA_REVOCATION_URL 271
+#define OID_NS_CA_POLICY_URL 272
+#define OID_NS_COMMENT 273
+#define OID_EMPLOYEE_NUMBER 276
+#define OID_PKI_MESSAGE_TYPE 282
+#define OID_PKI_STATUS 283
+#define OID_PKI_FAIL_INFO 284
+#define OID_PKI_SENDER_NONCE 285
+#define OID_PKI_RECIPIENT_NONCE 286
+#define OID_PKI_TRANS_ID 287
+#define OID_EMAIL_ADDRESS 294
+#define OID_UNSTRUCTURED_NAME 295
+
+#define OID_MAX 296
#endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.pl b/src/libstrongswan/asn1/oid.pl
index 373101cc0..ed26febc9 100644
--- a/src/libstrongswan/asn1/oid.pl
+++ b/src/libstrongswan/asn1/oid.pl
@@ -32,12 +32,14 @@ print OID_H "/* Object identifiers (OIDs) used by strongSwan\n",
" * ", $automatic, "\n",
" * ", $warning, "\n",
" */\n\n",
+ "#include <sys/types.h>\n\n",
"#ifndef OID_H_\n",
"#define OID_H_\n\n",
"typedef struct {\n",
" u_char octet;\n",
" u_int next;\n",
" u_int down;\n",
+ " u_int level;\n",
" const u_char *name;\n",
"} oid_t;\n",
"\n",
@@ -77,6 +79,8 @@ while ($line = <SRC>)
$counter++;
}
+printf OID_H "\n#define OID_MAX%s%d\n", "\t" x 8, $counter;
+
print OID_H "\n#endif /* OID_H_ */\n";
close SRC;
@@ -113,12 +117,13 @@ for ($c = 0; $c < $counter; $c++)
}
}
- printf OID_C " {%s%s,%s%3d, %d, %s%s}%s /* %3d */\n"
+ printf OID_C " {%s%s,%s%3d, %d, %2d, %s%s}%s /* %3d */\n"
,' ' x @order[$c]
, @octet[$c]
, ' ' x (1 + $max_order - @order[$c])
, @next[$c]
, @order[$c+1] > @order[$c]
+ , @order[$c] / 2
, @name[$c]
, ' ' x ($max_name - length(@name[$c]))
, $c != $counter-1 ? "," : " "
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index 6bb765787..1514f179f 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -4,7 +4,7 @@
0x01 "Deutsche Telekom AG"
0x0A ""
0x07 ""
- 0x14 "ND"
+ 0x14 "ND" OID_NAME_DISTINGUISHER
0x09 "data"
0x92 ""
0x26 ""
@@ -14,25 +14,25 @@
0x2C ""
0x64 "pilot"
0x01 "pilotAttributeType"
- 0x01 "UID"
- 0x19 "DC"
+ 0x01 "UID" OID_PILOT_USERID
+ 0x19 "DC" OID_PILOT_DOMAIN_COMPONENT
0x55 "X.500"
0x04 "X.509"
- 0x03 "CN"
- 0x04 "S"
- 0x05 "SN"
- 0x06 "C"
- 0x07 "L"
- 0x08 "ST"
- 0x0A "O"
- 0x0B "OU"
- 0x0C "T"
- 0x0D "D"
- 0x24 "userCertificate"
- 0x29 "N"
- 0x2A "G"
- 0x2B "I"
- 0x2D "ID"
+ 0x03 "CN" OID_COMMON_NAME
+ 0x04 "S" OID_SURNAME
+ 0x05 "SN" OID_SERIAL_NUMBER
+ 0x06 "C" OID_COUNTRY
+ 0x07 "L" OID_LOCALITY
+ 0x08 "ST" OID_STATE_OR_PROVINCE
+ 0x0A "O" OID_ORGANIZATION
+ 0x0B "OU" OID_ORGANIZATION_UNIT
+ 0x0C "T" OID_TITLE
+ 0x0D "D" OID_DESCRIPTION
+ 0x24 "userCertificate" OID_USER_CERTIFICATE
+ 0x29 "N" OID_NAME
+ 0x2A "G" OID_GIVEN_NAME
+ 0x2B "I" OID_INITIALS
+ 0x2D "ID" OID_UNIQUE_IDENTIFIER
0x48 "role" OID_ROLE
0x1D "id-ce"
0x09 "subjectDirectoryAttrs"
@@ -51,8 +51,20 @@
0x37 "targetInformation" OID_TARGET_INFORMATION
0x38 "noRevAvail" OID_NO_REV_AVAIL
0x2A ""
+ 0x83 ""
+ 0x08 "jp"
+ 0x8C ""
+ 0x9A ""
+ 0x4B ""
+ 0x3D ""
+ 0x01 "security"
+ 0x01 "algorithm"
+ 0x01 "symm-encryption-alg"
+ 0x02 "camellia128-cbc" OID_CAMELLIA128_CBC
+ 0x03 "camellia192-cbc" OID_CAMELLIA192_CBC
+ 0x04 "camellia256-cbc" OID_CAMELLIA256_CBC
0x86 ""
- 0x48 ""
+ 0x48 "us"
0x86 ""
0xF6 ""
0x7D "NortelNetworks"
@@ -149,7 +161,7 @@
0x01 ""
0x02 ""
0x02 ""
- 0x4B "TCGID"
+ 0x4B "TCGID" OID_TCGID
0x05 "security"
0x05 "mechanisms"
0x07 "id-pkix"
@@ -236,10 +248,21 @@
0x65 "gov"
0x03 "csor"
0x04 "nistalgorithm"
+ 0x01 "aes"
+ 0x02 "id-aes128-CBC" OID_AES128_CBC
+ 0x06 "id-aes128-GCM" OID_AES128_GCM
+ 0x07 "id-aes128-CCM" OID_AES128_CCM
+ 0x16 "id-aes192-CBC" OID_AES192_CBC
+ 0x1A "id-aes192-GCM" OID_AES192_GCM
+ 0x1B "id-aes192-CCM" OID_AES192_CCM
+ 0x2A "id-aes256-CBC" OID_AES256_CBC
+ 0x2E "id-aes256-GCM" OID_AES256_GCM
+ 0x2F "id-aes256-CCM" OID_AES256_CCM
0x02 "hashalgs"
0x01 "id-SHA-256" OID_SHA256
0x02 "id-SHA-384" OID_SHA384
0x03 "id-SHA-512" OID_SHA512
+ 0x04 "id-SHA-224" OID_SHA224
0x86 ""
0xf8 ""
0x42 "netscape"
@@ -251,7 +274,7 @@
0x0d "nsComment" OID_NS_COMMENT
0x03 "directory"
0x01 ""
- 0x03 "employeeNumber"
+ 0x03 "employeeNumber" OID_EMPLOYEE_NUMBER
0x04 "policy"
0x01 "nsSGC"
0x45 "verisign"
@@ -264,3 +287,10 @@
0x06 "recipientNonce" OID_PKI_RECIPIENT_NONCE
0x07 "transID" OID_PKI_TRANS_ID
0x08 "extensionReq"
+ 0x86 "old-netscape"
+ 0xF7 ""
+ 0x0D ""
+ 0x01 ""
+ 0x09 ""
+ 0x01 "emailAddress" OID_EMAIL_ADDRESS
+ 0x02 "unstructuredName" OID_UNSTRUCTURED_NAME
diff --git a/src/libstrongswan/asn1/pem.c b/src/libstrongswan/asn1/pem.c
index d3176b6bc..059795548 100755
--- a/src/libstrongswan/asn1/pem.c
+++ b/src/libstrongswan/asn1/pem.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: pem.c 4029 2008-06-03 12:14:02Z martin $
*/
#include <stdio.h>
@@ -84,8 +82,8 @@ static bool find_boundary(const char* tag, chunk_t *line)
/*
* decrypts a passphrase protected encrypted data block
*/
-static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_size,
- chunk_t *iv, chunk_t *passphrase)
+static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_size,
+ chunk_t *iv, chunk_t passphrase)
{
hasher_t *hasher;
crypter_t *crypter;
@@ -95,10 +93,10 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
chunk_t key = {alloca(key_size), key_size};
u_int8_t padding, *last_padding_pos, *first_padding_pos;
- if (passphrase == NULL || passphrase->len == 0)
+ if (passphrase.len == 0)
{
DBG1(" missing passphrase");
- return FALSE;
+ return INVALID_ARG;
}
/* build key from passphrase and IV */
@@ -106,18 +104,18 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
if (hasher == NULL)
{
DBG1(" MD5 hash algorithm not available");
- return FALSE;
+ return NOT_SUPPORTED;
}
hash.len = hasher->get_hash_size(hasher);
hash.ptr = alloca(hash.len);
- hasher->get_hash(hasher, *passphrase, NULL);
+ hasher->get_hash(hasher, passphrase, NULL);
hasher->get_hash(hasher, salt, hash.ptr);
memcpy(key.ptr, hash.ptr, hash.len);
if (key.len > hash.len)
{
hasher->get_hash(hasher, hash, NULL);
- hasher->get_hash(hasher, *passphrase, NULL);
+ hasher->get_hash(hasher, passphrase, NULL);
hasher->get_hash(hasher, salt, hash.ptr);
memcpy(key.ptr + hash.len, hash.ptr, key.len - hash.len);
}
@@ -129,7 +127,7 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
{
DBG1(" %N encryption algorithm not available",
encryption_algorithm_names, alg);
- return FALSE;
+ return NOT_SUPPORTED;
}
crypter->set_key(crypter, key);
@@ -138,7 +136,7 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
{
crypter->destroy(crypter);
DBG1(" data size is not multiple of block size");
- return FALSE;
+ return PARSE_ERROR;
}
crypter->decrypt(crypter, *blob, *iv, &decrypted);
crypter->destroy(crypter);
@@ -156,12 +154,12 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
if (*last_padding_pos != padding)
{
DBG1(" invalid passphrase");
- return FALSE;
+ return INVALID_ARG;
}
}
/* remove padding */
blob->len -= padding;
- return TRUE;
+ return SUCCESS;
}
/* Converts a PEM encoded file into its binary form
@@ -169,7 +167,7 @@ static bool pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_si
* RFC 1421 Privacy Enhancement for Electronic Mail, February 1993
* RFC 934 Message Encapsulation, January 1985
*/
-bool pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
+status_t pem_to_bin(chunk_t *blob, chunk_t passphrase, bool *pgp)
{
typedef enum {
PEM_PRE = 0,
@@ -239,17 +237,21 @@ bool pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
DBG2(" %.*s", (int)line.len, line.ptr);
ugh = extract_parameter_value(&name, &value, &line);
if (ugh != NULL)
+ {
continue;
-
+ }
if (match("Proc-Type", &name) && *value.ptr == '4')
+ {
encrypted = TRUE;
+ }
else if (match("DEK-Info", &name))
{
chunk_t dek;
if (!extract_token(&dek, ',', &value))
+ {
dek = value;
-
+ }
if (match("DES-EDE3-CBC", &dek))
{
alg = ENCR_3DES;
@@ -274,7 +276,7 @@ bool pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
{
DBG1(" encryption algorithm '%.s' not supported",
dek.len, dek.ptr);
- return FALSE;
+ return NOT_SUPPORTED;
}
eat_whitespace(&value);
iv = chunk_from_hex(value, iv.ptr);
@@ -317,11 +319,11 @@ bool pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp)
if (state != PEM_POST)
{
DBG1(" file coded in unknown format, discarded");
- return FALSE;
+ return PARSE_ERROR;
}
if (!encrypted)
{
- return TRUE;
+ return SUCCESS;
}
return pem_decrypt(blob, alg, key_size, &iv, passphrase);
@@ -337,7 +339,9 @@ bool pem_asn1_load_file(char *filename, chunk_t *passphrase,
if (fd)
{
+ chunk_t pass = chunk_empty;
int bytes;
+
fseek(fd, 0, SEEK_END );
blob->len = ftell(fd);
rewind(fd);
@@ -356,10 +360,13 @@ bool pem_asn1_load_file(char *filename, chunk_t *passphrase,
}
if (passphrase != NULL)
- DBG4(" passphrase:", passphrase->ptr, passphrase->len);
+ {
+ pass = *passphrase;
+ DBG4(" passphrase: %#B", passphrase);
+ }
/* try PEM format */
- if (pem_to_bin(blob, passphrase, pgp))
+ if (pem_to_bin(blob, pass, pgp) == SUCCESS)
{
if (*pgp)
{
diff --git a/src/libstrongswan/asn1/pem.h b/src/libstrongswan/asn1/pem.h
index 4b76fbe80..7385330d7 100755
--- a/src/libstrongswan/asn1/pem.h
+++ b/src/libstrongswan/asn1/pem.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: pem.h 4011 2008-05-23 19:18:08Z andreas $
*/
#ifndef PEM_H_
@@ -23,9 +21,9 @@
#include <library.h>
-bool pem_to_bin(chunk_t *blob, chunk_t *passphrase, bool *pgp);
+status_t pem_to_bin(chunk_t *blob, chunk_t passphrase, bool *pgp);
-bool pem_asn1_load_file(char *filename, chunk_t *passphrase,
- chunk_t *blob, bool *pgp);
+bool pem_asn1_load_file(char *filename, chunk_t *passphrase, chunk_t *blob,
+ bool *pgp);
#endif /*PEM_H_ @} */
diff --git a/src/libstrongswan/chunk.c b/src/libstrongswan/chunk.c
index 331ef4436..c9c181f87 100644
--- a/src/libstrongswan/chunk.c
+++ b/src/libstrongswan/chunk.c
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: chunk.c 4936 2009-03-12 18:07:32Z tobias $
*/
#include <stdio.h>
@@ -208,7 +206,7 @@ void chunk_split(chunk_t chunk, const char *mode, ...)
/**
* Described in header.
*/
-bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force)
+bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force)
{
mode_t oldmask;
FILE *fd;
@@ -216,7 +214,7 @@ bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force)
if (!force && access(path, F_OK) == 0)
{
- DBG1(" file '%s' already exists", path);
+ DBG1(" %s file '%s' already exists", label, path);
return FALSE;
}
oldmask = umask(mask);
@@ -225,18 +223,20 @@ bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force)
{
if (fwrite(chunk.ptr, sizeof(u_char), chunk.len, fd) == chunk.len)
{
+ DBG1(" written %s file '%s' (%d bytes)",
+ label, path, chunk.len);
good = TRUE;
}
else
{
- DBG1(" writing to file '%s' failed: %s", path, strerror(errno));
+ DBG1(" writing %s file '%s' failed: %s",
+ label, path, strerror(errno));
}
fclose(fd);
- return TRUE;
}
else
{
- DBG1(" could not open file '%s': %s", path, strerror(errno));
+ DBG1(" could not open %s file '%s': %s", label, path, strerror(errno));
}
umask(oldmask);
return good;
diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h
index 125b86b12..3d8c360c5 100644
--- a/src/libstrongswan/chunk.h
+++ b/src/libstrongswan/chunk.h
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: chunk.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -41,7 +39,7 @@ struct chunk_t {
size_t len;
};
-#include <library.h>
+#include <utils.h>
/**
* A { NULL, 0 }-chunk handy for initialization.
@@ -86,8 +84,14 @@ void chunk_split(chunk_t chunk, const char *mode, ...);
/**
* Write the binary contents of a chunk_t to a file
- */
-bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force);
+ *
+ * @param path path where file is written to
+ * @param label label specifying file type
+ * @param mask file mode creation mask
+ * @param force overwrite existing file by force
+ * @return TRUE if write operation was successful
+ */
+bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force);
/**
* Convert a chunk of data to hex encoding.
@@ -95,7 +99,6 @@ bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force);
* The resulting string is '\\0' terminated, but the chunk does not include
* the '\\0'. If buf is supplied, it must hold at least (chunk.len * 2 + 1).
*
- * @param chunk data to convert
* @param buf buffer to write to, NULL to malloc
* @param uppercase TRUE to use uppercase letters
* @return chunk of encoded data
@@ -181,12 +184,12 @@ static inline void chunk_clear(chunk_t *chunk)
/**
* Clone a chunk on heap
*/
-#define chunk_clone(chunk) chunk_create_clone((chunk).len ? malloc(chunk.len) : NULL, chunk)
+#define chunk_clone(chunk) chunk_create_clone((chunk).len ? malloc((chunk).len) : NULL, chunk)
/**
* Clone a chunk on stack
*/
-#define chunk_clonea(chunk) chunk_create_clone(alloca(chunk.len), chunk)
+#define chunk_clonea(chunk) chunk_create_clone(alloca((chunk).len), chunk)
/**
* Concatenate chunks into a chunk on heap
diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index 0bca198f1..701cbcde3 100644
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -20,6 +20,8 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
"BUILD_AGENT_SOCKET",
"BUILD_BLOB_ASN1_DER",
"BUILD_BLOB_ASN1_PEM",
+ "BUILD_BLOB_PGP",
+ "BUILD_BLOB_RFC_3110",
"BUILD_KEY_SIZE",
"BUILD_SIGNING_KEY",
"BUILD_SIGNING_CERT",
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 4b3fb1ae4..01ccf2a5c 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -38,14 +38,18 @@ typedef builder_t* (*builder_constructor_t)(int subtype);
* Parts to build credentials from.
*/
enum builder_part_t {
- /** path to a file containing an ASN1 blob, char* */
+ /** path to a file containing an ASN.1 blob, char* */
BUILD_FROM_FILE,
/** unix socket of a ssh/pgp agent, char* */
BUILD_AGENT_SOCKET,
- /** DER encoded ASN1 blob, chunk_t */
+ /** DER encoded ASN.1 blob, chunk_t */
BUILD_BLOB_ASN1_DER,
- /** PEM encoded ASN1 blob, null terminated char* */
+ /** PEM encoded ASN.1 blob, null terminated char* */
BUILD_BLOB_ASN1_PEM,
+ /** OpenPGP key blob, chunk_t */
+ BUILD_BLOB_PGP,
+ /** RFC 3110 DNS public key blob, chunk_t */
+ BUILD_BLOB_RFC_3110,
/** key size in bits, as used for key generation, u_int */
BUILD_KEY_SIZE,
/** private key to use for signing, private_key_t* */
diff --git a/src/libstrongswan/credentials/certificates/ac.h b/src/libstrongswan/credentials/certificates/ac.h
index 39ab8fe71..fb99b4756 100644
--- a/src/libstrongswan/credentials/certificates/ac.h
+++ b/src/libstrongswan/credentials/certificates/ac.h
@@ -14,8 +14,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: ac.h 3300 2007-10-12 21:53:18Z andreas $
*/
/**
diff --git a/src/libstrongswan/credentials/certificates/certificate.c b/src/libstrongswan/credentials/certificates/certificate.c
index c5bc9a68d..041e2f1db 100644
--- a/src/libstrongswan/credentials/certificates/certificate.c
+++ b/src/libstrongswan/credentials/certificates/certificate.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: certificate.c 3664 2008-03-26 15:21:50Z martin $
*/
#include "certificate.h"
@@ -31,11 +29,11 @@ ENUM(certificate_type_names, CERT_ANY, CERT_PGP,
"PGP",
);
-ENUM(cert_validation_names, VALIDATION_GOOD, VALIDATION_SKIPPED,
- "VALIDATION_GOOD",
- "VALIDATION_STALE",
- "VALIDATION_REVOKED",
- "VALIDATION_FAILED",
- "VALIDATION_SKIPPED",
+ENUM(cert_validation_names, VALIDATION_GOOD, VALIDATION_REVOKED,
+ "GOOD",
+ "SKIPPED",
+ "STALE",
+ "FAILED",
+ "REVOKED",
);
diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h
index 1fb151d9f..81fce5508 100644
--- a/src/libstrongswan/credentials/certificates/certificate.h
+++ b/src/libstrongswan/credentials/certificates/certificate.h
@@ -58,18 +58,20 @@ extern enum_name_t *certificate_type_names;
/**
* Result of a certificate validation.
+ *
+ * Order of values is relevant, sorted from good to bad.
*/
enum cert_validation_t {
/** certificate has been validated successfully */
- VALIDATION_GOOD,
+ VALIDATION_GOOD = 0,
+ /** validation has been skipped due to missing validation information */
+ VALIDATION_SKIPPED,
/** certificate has been validated, but check based on stale information */
VALIDATION_STALE,
- /** certificate has been revoked */
- VALIDATION_REVOKED,
/** validation failed due to a processing error */
VALIDATION_FAILED,
- /** validation has been skipped due to missing validation information */
- VALIDATION_SKIPPED,
+ /** certificate has been revoked */
+ VALIDATION_REVOKED,
};
/**
diff --git a/src/libstrongswan/credentials/certificates/crl.c b/src/libstrongswan/credentials/certificates/crl.c
index 1fdc095c1..0d6654075 100644
--- a/src/libstrongswan/credentials/certificates/crl.c
+++ b/src/libstrongswan/credentials/certificates/crl.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: crl.c 3656 2008-03-25 22:28:27Z andreas $
*/
#include "crl.h"
diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h
index 0c0493940..3fef0d710 100644
--- a/src/libstrongswan/credentials/certificates/crl.h
+++ b/src/libstrongswan/credentials/certificates/crl.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: crl.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/credentials/certificates/ocsp_request.h b/src/libstrongswan/credentials/certificates/ocsp_request.h
index 25ecb8d35..0b1871309 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_request.h
+++ b/src/libstrongswan/credentials/certificates/ocsp_request.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
/**
diff --git a/src/libstrongswan/credentials/certificates/ocsp_response.c b/src/libstrongswan/credentials/certificates/ocsp_response.c
index 02e12f761..c4a39e28d 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_response.c
+++ b/src/libstrongswan/credentials/certificates/ocsp_response.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "ocsp_response.h"
diff --git a/src/libstrongswan/credentials/certificates/ocsp_response.h b/src/libstrongswan/credentials/certificates/ocsp_response.h
index 3c9794956..a70f3eee4 100644
--- a/src/libstrongswan/credentials/certificates/ocsp_response.h
+++ b/src/libstrongswan/credentials/certificates/ocsp_response.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
/**
diff --git a/src/libstrongswan/credentials/certificates/x509.c b/src/libstrongswan/credentials/certificates/x509.c
index 15d223e3e..5d53f0c68 100644
--- a/src/libstrongswan/credentials/certificates/x509.c
+++ b/src/libstrongswan/credentials/certificates/x509.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509.c 3656 2008-03-25 22:28:27Z andreas $
*/
#include "x509.h"
diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h
index 704f11522..eedab78f7 100644
--- a/src/libstrongswan/credentials/certificates/x509.h
+++ b/src/libstrongswan/credentials/certificates/x509.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/credentials/credential_factory.c b/src/libstrongswan/credentials/credential_factory.c
index 5ae6980be..2e9a541d4 100644
--- a/src/libstrongswan/credentials/credential_factory.c
+++ b/src/libstrongswan/credentials/credential_factory.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: credential_factory.c 4777 2008-12-09 15:57:51Z martin $
*/
#include "credential_factory.h"
@@ -158,6 +156,8 @@ static void* create(private_credential_factory_t *this, credential_type_t type,
case BUILD_END:
break;
case BUILD_BLOB_ASN1_DER:
+ case BUILD_BLOB_PGP:
+ case BUILD_BLOB_RFC_3110:
case BUILD_SERIAL:
builder->add(builder, part, va_arg(args, chunk_t));
continue;
diff --git a/src/libstrongswan/credentials/credential_factory.h b/src/libstrongswan/credentials/credential_factory.h
index 42fb2df6d..5057a7aae 100644
--- a/src/libstrongswan/credentials/credential_factory.h
+++ b/src/libstrongswan/credentials/credential_factory.h
@@ -24,9 +24,6 @@
typedef struct credential_factory_t credential_factory_t;
typedef enum credential_type_t credential_type_t;
-#include <credentials/keys/private_key.h>
-#include <credentials/keys/public_key.h>
-#include <credentials/certificates/certificate.h>
#include <credentials/builder.h>
/**
diff --git a/src/libstrongswan/credentials/keys/private_key.c b/src/libstrongswan/credentials/keys/private_key.c
index 018cab1c0..0a01d0385 100644
--- a/src/libstrongswan/credentials/keys/private_key.c
+++ b/src/libstrongswan/credentials/keys/private_key.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: private_key.c 3488 2008-02-21 15:10:02Z martin $
*/
#include "private_key.h"
diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h
index 219926af1..f38af8ff4 100644
--- a/src/libstrongswan/credentials/keys/private_key.h
+++ b/src/libstrongswan/credentials/keys/private_key.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: private_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -82,6 +80,14 @@ struct private_key_t {
public_key_t* (*get_public_key)(private_key_t *this);
/**
+ * Check if two private keys are equal.
+ *
+ * @param other other private key
+ * @return TRUE, if equality
+ */
+ bool (*equals) (private_key_t *this, private_key_t *other);
+
+ /**
* Check if a private key belongs to a public key.
*
* @param public public key
diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c
index 80b9f03c3..c94c27f0a 100644
--- a/src/libstrongswan/credentials/keys/public_key.c
+++ b/src/libstrongswan/credentials/keys/public_key.c
@@ -11,27 +11,60 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: public_key.c 4051 2008-06-10 09:08:27Z tobias $
*/
+#include <asn1/oid.h>
+
#include "public_key.h"
-ENUM(key_type_names, KEY_RSA, KEY_ECDSA,
+ENUM(key_type_names, KEY_RSA, KEY_DSA,
"RSA",
- "ECDSA"
+ "ECDSA",
+ "DSA"
);
-ENUM(signature_scheme_names, SIGN_DEFAULT, SIGN_ECDSA_521,
- "DEFAULT",
+ENUM(signature_scheme_names, SIGN_UNKNOWN, SIGN_ECDSA_521,
+ "UNKNOWN",
+ "RSA_EMSA_PKCS1_NULL",
"RSA_EMSA_PKCS1_MD5",
"RSA_EMSA_PKCS1_SHA1",
"RSA_EMSA_PKCS1_SHA256",
"RSA_EMSA_PKCS1_SHA384",
"RSA_EMSA_PKCS1_SHA512",
+ "ECDSA_WITH_NULL",
"ECDSA_WITH_SHA1",
"ECDSA-256",
"ECDSA-384",
"ECDSA-521",
);
+/*
+ * Defined in header.
+ */
+signature_scheme_t signature_scheme_from_oid(int oid)
+{
+ switch (oid)
+ {
+ case OID_MD5_WITH_RSA:
+ case OID_MD5:
+ return SIGN_RSA_EMSA_PKCS1_MD5;
+ case OID_SHA1_WITH_RSA:
+ case OID_SHA1:
+ return SIGN_RSA_EMSA_PKCS1_SHA1;
+ case OID_SHA256_WITH_RSA:
+ case OID_SHA256:
+ return SIGN_RSA_EMSA_PKCS1_SHA256;
+ case OID_SHA384_WITH_RSA:
+ case OID_SHA384:
+ return SIGN_RSA_EMSA_PKCS1_SHA384;
+ case OID_SHA512_WITH_RSA:
+ case OID_SHA512:
+ return SIGN_RSA_EMSA_PKCS1_SHA512;
+ case OID_ECDSA_WITH_SHA1:
+ case OID_EC_PUBLICKEY:
+ return SIGN_ECDSA_WITH_SHA1;
+ default:
+ return SIGN_UNKNOWN;
+ }
+}
+
diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h
index 65bb5f64d..c58531b73 100644
--- a/src/libstrongswan/credentials/keys/public_key.h
+++ b/src/libstrongswan/credentials/keys/public_key.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: public_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -36,12 +34,14 @@ typedef enum signature_scheme_t signature_scheme_t;
*/
enum key_type_t {
/** key type wildcard */
- KEY_ANY,
+ KEY_ANY = 0,
/** RSA crypto system as in PKCS#1 */
- KEY_RSA,
+ KEY_RSA = 1,
/** ECDSA as in ANSI X9.62 */
- KEY_ECDSA,
- /** DSS, ElGamal, ... */
+ KEY_ECDSA = 2,
+ /** DSA */
+ KEY_DSA = 3,
+ /** ElGamal, ... */
};
/**
@@ -52,29 +52,35 @@ extern enum_name_t *key_type_names;
/**
* Signature scheme for signature creation
*
- * EMSA-PKCS1 signatures are from the PKCS#1 standard. They include
- * the ASN1-OID of the used hash algorithm.
+ * EMSA-PKCS1 signatures are defined in PKCS#1 standard.
+ * A prepended ASN.1 encoded digestInfo field contains the
+ * OID of the used hash algorithm. The ASN.1 type of the PKCS#7
+ * variants is OCTET_STRING instead of the default BIT_STRING.
*/
enum signature_scheme_t {
- /** default scheme of that underlying crypto system */
- SIGN_DEFAULT,
- /** EMSA-PKCS1 with MD5 */
+ /** Unknown signature scheme */
+ SIGN_UNKNOWN,
+ /** EMSA-PKCS1_v1.5 signature over digest without digestInfo */
+ SIGN_RSA_EMSA_PKCS1_NULL,
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and MD5 */
SIGN_RSA_EMSA_PKCS1_MD5,
- /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA1 as hash. */
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-1 */
SIGN_RSA_EMSA_PKCS1_SHA1,
- /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA256 as hash. */
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-256 */
SIGN_RSA_EMSA_PKCS1_SHA256,
- /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA384 as hash. */
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-384 */
SIGN_RSA_EMSA_PKCS1_SHA384,
- /** EMSA-PKCS1 signature as in PKCS#1 standard using SHA512 as hash. */
+ /** EMSA-PKCS1_v1.5 signature as in PKCS#1 using RSA and SHA-512 */
SIGN_RSA_EMSA_PKCS1_SHA512,
- /** ECDSA using SHA-1 as hash. */
+ /** ECDSA over precomputed digest */
+ SIGN_ECDSA_WITH_NULL,
+ /** ECDSA with SHA-1 */
SIGN_ECDSA_WITH_SHA1,
- /** ECDSA with SHA-256 on the P-256 curve as in RFC 4754 */
+ /** ECDSA on the P-256 curve with SHA-256 as in RFC 4754 */
SIGN_ECDSA_256,
- /** ECDSA with SHA-384 on the P-384 curve as in RFC 4754 */
+ /** ECDSA on the P-384 curve with SHA-384 as in RFC 4754 */
SIGN_ECDSA_384,
- /** ECDSA with SHA-512 on the P-521 curve as in RFC 4754 */
+ /** ECDSA on the P-521 curve with SHA-512 as in RFC 4754 */
SIGN_ECDSA_521,
};
@@ -109,13 +115,21 @@ struct public_key_t {
/**
* Encrypt a chunk of data.
*
- * @param crypto chunk containing plaintext data
- * @param plain where to allocate encrypted data
+ * @param plain chunk containing plaintext data
+ * @param crypto where to allocate encrypted data
* @return TRUE if data successfully encrypted
*/
- bool (*encrypt)(public_key_t *this, chunk_t crypto, chunk_t *plain);
+ bool (*encrypt)(public_key_t *this, chunk_t plain, chunk_t *crypto);
/**
+ * Check if two public keys are equal.
+ *
+ * @param other other public key
+ * @return TRUE, if equality
+ */
+ bool (*equals)(public_key_t *this, public_key_t *other);
+
+ /**
* Get the strength of the key in bytes.
*
* @return strength of the key in bytes
@@ -152,4 +166,12 @@ struct public_key_t {
void (*destroy)(public_key_t *this);
};
+/**
+ * Conversion of ASN.1 signature or hash OID to signature scheme.
+ *
+ * @param oid ASN.1 OID
+ * @return signature_scheme, SIGN_UNKNOWN if OID is unsupported
+ */
+signature_scheme_t signature_scheme_from_oid(int oid);
+
#endif /** PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c
index f55b52c3a..c6f141446 100644
--- a/src/libstrongswan/credentials/keys/shared_key.c
+++ b/src/libstrongswan/credentials/keys/shared_key.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: shared_key.c 3600 2008-03-14 15:11:29Z martin $
*/
#include "shared_key.h"
diff --git a/src/libstrongswan/crypto/crypters/crypter.c b/src/libstrongswan/crypto/crypters/crypter.c
index 13ba9c6e2..ebd35a8a0 100644
--- a/src/libstrongswan/crypto/crypters/crypter.c
+++ b/src/libstrongswan/crypto/crypters/crypter.c
@@ -12,22 +12,20 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: crypter.c 4880 2009-02-18 19:45:46Z tobias $
*/
+#include <asn1/oid.h>
+
#include "crypter.h"
-ENUM_BEGIN(encryption_algorithm_names, ENCR_UNDEFINED, ENCR_UNDEFINED,
- "UNDEFINED");
-ENUM_NEXT(encryption_algorithm_names, ENCR_DES_IV64, ENCR_DES_IV32, ENCR_UNDEFINED,
+ENUM_BEGIN(encryption_algorithm_names, ENCR_DES_IV64, ENCR_DES_IV32,
"DES_IV64",
- "DES",
- "3DES",
- "RC5",
- "IDEA",
- "CAST",
- "BLOWFISH",
+ "DES_CBC",
+ "3DES_CBC",
+ "RC5_CBC",
+ "IDEA_CBC",
+ "CAST_CBC",
+ "BLOWFISH_CBC",
"3IDEA",
"DES_IV32");
ENUM_NEXT(encryption_algorithm_names, ENCR_NULL, ENCR_AES_CCM_ICV16, ENCR_DES_IV32,
@@ -37,11 +35,128 @@ ENUM_NEXT(encryption_algorithm_names, ENCR_NULL, ENCR_AES_CCM_ICV16, ENCR_DES_IV
"AES_CCM_8",
"AES_CCM_12",
"AES_CCM_16");
-ENUM_NEXT(encryption_algorithm_names, ENCR_AES_GCM_ICV8, ENCR_AES_GCM_ICV16, ENCR_AES_CCM_ICV16,
+ENUM_NEXT(encryption_algorithm_names, ENCR_AES_GCM_ICV8, ENCR_NULL_AUTH_AES_GMAC, ENCR_AES_CCM_ICV16,
"AES_GCM_8",
"AES_GCM_12",
- "AES_GCM_16");
-ENUM_NEXT(encryption_algorithm_names, ENCR_DES_ECB, ENCR_DES_ECB, ENCR_AES_GCM_ICV16,
- "DES_ECB");
-ENUM_END(encryption_algorithm_names, ENCR_DES_ECB);
+ "AES_GCM_16",
+ "NULL_AES_GMAC");
+ENUM_NEXT(encryption_algorithm_names, ENCR_CAMELLIA_CBC, ENCR_CAMELLIA_CCM_ICV16, ENCR_NULL_AUTH_AES_GMAC,
+ "CAMELLIA_CBC",
+ "CAMELLIA_CTR",
+ "CAMELLIA_CCM_8",
+ "CAMELLIA_CCM_12",
+ "CAMELLIA_CCM_16");
+ENUM_NEXT(encryption_algorithm_names, ENCR_UNDEFINED, ENCR_TWOFISH_CBC, ENCR_CAMELLIA_CCM_ICV16,
+ "UNDEFINED",
+ "DES_ECB",
+ "SERPENT_CBC",
+ "TWOFISH_CBC");
+ENUM_END(encryption_algorithm_names, ENCR_TWOFISH_CBC);
+
+/*
+ * Described in header.
+ */
+encryption_algorithm_t encryption_algorithm_from_oid(int oid, size_t *key_size)
+{
+ encryption_algorithm_t alg;
+ size_t alg_key_size;
+
+ switch (oid)
+ {
+ case OID_DES_CBC:
+ alg = ENCR_DES;
+ alg_key_size = 0;
+ break;
+ case OID_3DES_EDE_CBC:
+ alg = ENCR_3DES;
+ alg_key_size = 0;
+ break;
+ case OID_AES128_CBC:
+ alg = ENCR_AES_CBC;
+ alg_key_size = 128;
+ break;
+ case OID_AES192_CBC:
+ alg = ENCR_AES_CBC;
+ alg_key_size = 192;
+ break;
+ case OID_AES256_CBC:
+ alg = ENCR_AES_CBC;
+ alg_key_size = 256;
+ break;
+ case OID_CAMELLIA128_CBC:
+ alg = ENCR_CAMELLIA_CBC;
+ alg_key_size = 128;
+ break;
+ case OID_CAMELLIA192_CBC:
+ alg = ENCR_CAMELLIA_CBC;
+ alg_key_size = 192;
+ break;
+ case OID_CAMELLIA256_CBC:
+ alg = ENCR_CAMELLIA_CBC;
+ alg_key_size = 256;
+ break;
+ default:
+ alg = ENCR_UNDEFINED;
+ alg_key_size = 0;
+ }
+ if (key_size)
+ {
+ *key_size = alg_key_size;
+ }
+ return alg;
+}
+
+/*
+ * Described in header.
+ */
+int encryption_algorithm_to_oid(encryption_algorithm_t alg, size_t key_size)
+{
+ int oid;
+
+ switch(alg)
+ {
+ case ENCR_DES:
+ oid = OID_DES_CBC;
+ break;
+ case ENCR_3DES:
+ oid = OID_3DES_EDE_CBC;
+ break;
+ case ENCR_AES_CBC:
+ switch (key_size)
+ {
+ case 128:
+ oid = OID_AES128_CBC;
+ break;
+ case 192:
+ oid = OID_AES192_CBC;
+ break;
+ case 256:
+ oid = OID_AES256_CBC;
+ break;
+ default:
+ oid = OID_UNKNOWN;
+ }
+ break;
+ case ENCR_CAMELLIA_CBC:
+ switch (key_size)
+ {
+ case 128:
+ oid = OID_CAMELLIA128_CBC;
+ break;
+ case 192:
+ oid = OID_CAMELLIA192_CBC;
+ break;
+ case 256:
+ oid = OID_CAMELLIA256_CBC;
+ break;
+ default:
+ oid = OID_UNKNOWN;
+ }
+ break;
+ default:
+ oid = OID_UNKNOWN;
+ }
+ return oid;
+}
+
diff --git a/src/libstrongswan/crypto/crypters/crypter.h b/src/libstrongswan/crypto/crypters/crypter.h
index d61d98f95..2879e24c0 100644
--- a/src/libstrongswan/crypto/crypters/crypter.h
+++ b/src/libstrongswan/crypto/crypters/crypter.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: crypter.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -33,28 +31,42 @@ typedef struct crypter_t crypter_t;
* Encryption algorithm, as in IKEv2 RFC 3.3.2.
*/
enum encryption_algorithm_t {
- ENCR_UNDEFINED = 1024,
- ENCR_DES_IV64 = 1,
- ENCR_DES = 2,
- ENCR_3DES = 3,
- ENCR_RC5 = 4,
- ENCR_IDEA = 5,
- ENCR_CAST = 6,
- ENCR_BLOWFISH = 7,
- ENCR_3IDEA = 8,
- ENCR_DES_IV32 = 9,
- ENCR_NULL = 11,
- ENCR_AES_CBC = 12,
- ENCR_AES_CTR = 13,
- ENCR_AES_CCM_ICV8 = 14,
- ENCR_AES_CCM_ICV12 = 15,
- ENCR_AES_CCM_ICV16 = 16,
- ENCR_AES_GCM_ICV8 = 18,
- ENCR_AES_GCM_ICV12 = 19,
- ENCR_AES_GCM_ICV16 = 20,
- ENCR_DES_ECB = 1025
+ ENCR_DES_IV64 = 1,
+ ENCR_DES = 2,
+ ENCR_3DES = 3,
+ ENCR_RC5 = 4,
+ ENCR_IDEA = 5,
+ ENCR_CAST = 6,
+ ENCR_BLOWFISH = 7,
+ ENCR_3IDEA = 8,
+ ENCR_DES_IV32 = 9,
+ ENCR_NULL = 11,
+ ENCR_AES_CBC = 12,
+ ENCR_AES_CTR = 13,
+ ENCR_AES_CCM_ICV8 = 14,
+ ENCR_AES_CCM_ICV12 = 15,
+ ENCR_AES_CCM_ICV16 = 16,
+ ENCR_AES_GCM_ICV8 = 18,
+ ENCR_AES_GCM_ICV12 = 19,
+ ENCR_AES_GCM_ICV16 = 20,
+ ENCR_NULL_AUTH_AES_GMAC = 21,
+ ENCR_CAMELLIA_CBC = 23,
+ ENCR_CAMELLIA_CTR = 24,
+ ENCR_CAMELLIA_CCM_ICV8 = 25,
+ ENCR_CAMELLIA_CCM_ICV12 = 26,
+ ENCR_CAMELLIA_CCM_ICV16 = 27,
+ ENCR_UNDEFINED = 1024,
+ ENCR_DES_ECB = 1025,
+ ENCR_SERPENT_CBC = 1026,
+ ENCR_TWOFISH_CBC = 1027
};
+#define DES_BLOCK_SIZE 8
+#define BLOWFISH_BLOCK_SIZE 8
+#define AES_BLOCK_SIZE 16
+#define SERPENT_BLOCK_SIZE 16
+#define TWOFISH_BLOCK_SIZE 16
+
/**
* enum name for encryption_algorithm_t.
*/
@@ -122,4 +134,22 @@ struct crypter_t {
void (*destroy) (crypter_t *this);
};
+/**
+ * Conversion of ASN.1 OID to encryption algorithm.
+ *
+ * @param oid ASN.1 OID
+ * @param key_size returns size of encryption key in bits
+ * @return encryption algorithm, ENCR_UNDEFINED if OID unsupported
+ */
+encryption_algorithm_t encryption_algorithm_from_oid(int oid, size_t *key_size);
+
+/**
+ * Conversion of encryption algorithm to ASN.1 OID.
+ *
+ * @param alg encryption algorithm
+ * @param key_size size of encryption key in bits
+ * @return ASN.1 OID, OID_UNKNOWN if OID is unknown
+ */
+int encryption_algorithm_to_oid(encryption_algorithm_t alg, size_t key_size);
+
#endif /** CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c
index dcc881f1d..fea8d0793 100644
--- a/src/libstrongswan/crypto/crypto_factory.c
+++ b/src/libstrongswan/crypto/crypto_factory.c
@@ -11,14 +11,14 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: crypto_factory.c 4592 2008-11-05 16:21:57Z martin $
*/
#include "crypto_factory.h"
-#include <utils/linked_list.h>
+#include <debug.h>
#include <utils/mutex.h>
+#include <utils/linked_list.h>
+#include <crypto/crypto_tester.h>
typedef struct entry_t entry_t;
struct entry_t {
@@ -78,6 +78,21 @@ struct private_crypto_factory_t {
linked_list_t *dhs;
/**
+ * test manager to test crypto algorithms
+ */
+ crypto_tester_t *tester;
+
+ /**
+ * whether to test algorithms during registration
+ */
+ bool test_on_add;
+
+ /**
+ * whether to test algorithms on each crypto primitive construction
+ */
+ bool test_on_create;
+
+ /**
* rwlock to lock access to modules
*/
rwlock_t *lock;
@@ -92,13 +107,19 @@ static crypter_t* create_crypter(private_crypto_factory_t *this,
enumerator_t *enumerator;
entry_t *entry;
crypter_t *crypter = NULL;
-
+
this->lock->read_lock(this->lock);
enumerator = this->crypters->create_enumerator(this->crypters);
while (enumerator->enumerate(enumerator, &entry))
{
if (entry->algo == algo)
{
+ if (this->test_on_create &&
+ !this->tester->test_crypter(this->tester, algo, key_size,
+ entry->create_crypter))
+ {
+ continue;
+ }
crypter = entry->create_crypter(algo, key_size);
if (crypter)
{
@@ -120,13 +141,19 @@ static signer_t* create_signer(private_crypto_factory_t *this,
enumerator_t *enumerator;
entry_t *entry;
signer_t *signer = NULL;
-
+
this->lock->read_lock(this->lock);
enumerator = this->signers->create_enumerator(this->signers);
while (enumerator->enumerate(enumerator, &entry))
{
if (entry->algo == algo)
{
+ if (this->test_on_create &&
+ !this->tester->test_signer(this->tester, algo,
+ entry->create_signer))
+ {
+ continue;
+ }
signer = entry->create_signer(algo);
if (signer)
{
@@ -136,7 +163,7 @@ static signer_t* create_signer(private_crypto_factory_t *this,
}
enumerator->destroy(enumerator);
this->lock->unlock(this->lock);
-
+
return signer;
}
@@ -156,6 +183,12 @@ static hasher_t* create_hasher(private_crypto_factory_t *this,
{
if (algo == HASH_PREFERRED || entry->algo == algo)
{
+ if (this->test_on_create && algo != HASH_PREFERRED &&
+ !this->tester->test_hasher(this->tester, algo,
+ entry->create_hasher))
+ {
+ continue;
+ }
hasher = entry->create_hasher(entry->algo);
if (hasher)
{
@@ -184,6 +217,11 @@ static prf_t* create_prf(private_crypto_factory_t *this,
{
if (entry->algo == algo)
{
+ if (this->test_on_create &&
+ !this->tester->test_prf(this->tester, algo, entry->create_prf))
+ {
+ continue;
+ }
prf = entry->create_prf(algo);
if (prf)
{
@@ -205,13 +243,18 @@ static rng_t* create_rng(private_crypto_factory_t *this, rng_quality_t quality)
entry_t *entry;
u_int diff = ~0;
rng_constructor_t constr = NULL;
-
+
this->lock->read_lock(this->lock);
enumerator = this->rngs->create_enumerator(this->rngs);
while (enumerator->enumerate(enumerator, &entry))
{ /* find the best matching quality, but at least as good as requested */
if (entry->algo >= quality && diff > entry->algo - quality)
{
+ if (this->test_on_create &&
+ !this->tester->test_rng(this->tester, quality, entry->create_rng))
+ {
+ continue;
+ }
diff = entry->algo - quality;
constr = entry->create_rng;
if (diff == 0)
@@ -264,13 +307,17 @@ static void add_crypter(private_crypto_factory_t *this,
encryption_algorithm_t algo,
crypter_constructor_t create)
{
- entry_t *entry = malloc_thing(entry_t);
-
- entry->algo = algo;
- entry->create_crypter = create;
- this->lock->write_lock(this->lock);
- this->crypters->insert_last(this->crypters, entry);
- this->lock->unlock(this->lock);
+ if (!this->test_on_add ||
+ this->tester->test_crypter(this->tester, algo, 0, create))
+ {
+ entry_t *entry = malloc_thing(entry_t);
+
+ entry->algo = algo;
+ entry->create_crypter = create;
+ this->lock->write_lock(this->lock);
+ this->crypters->insert_last(this->crypters, entry);
+ this->lock->unlock(this->lock);
+ }
}
/**
@@ -302,13 +349,17 @@ static void remove_crypter(private_crypto_factory_t *this,
static void add_signer(private_crypto_factory_t *this,
integrity_algorithm_t algo, signer_constructor_t create)
{
- entry_t *entry = malloc_thing(entry_t);
-
- entry->algo = algo;
- entry->create_signer = create;
- this->lock->write_lock(this->lock);
- this->signers->insert_last(this->signers, entry);
- this->lock->unlock(this->lock);
+ if (!this->test_on_add ||
+ this->tester->test_signer(this->tester, algo, create))
+ {
+ entry_t *entry = malloc_thing(entry_t);
+
+ entry->algo = algo;
+ entry->create_signer = create;
+ this->lock->write_lock(this->lock);
+ this->signers->insert_last(this->signers, entry);
+ this->lock->unlock(this->lock);
+ }
}
/**
@@ -340,13 +391,17 @@ static void remove_signer(private_crypto_factory_t *this,
static void add_hasher(private_crypto_factory_t *this, hash_algorithm_t algo,
hasher_constructor_t create)
{
- entry_t *entry = malloc_thing(entry_t);
-
- entry->algo = algo;
- entry->create_hasher = create;
- this->lock->write_lock(this->lock);
- this->hashers->insert_last(this->hashers, entry);
- this->lock->unlock(this->lock);
+ if (!this->test_on_add ||
+ this->tester->test_hasher(this->tester, algo, create))
+ {
+ entry_t *entry = malloc_thing(entry_t);
+
+ entry->algo = algo;
+ entry->create_hasher = create;
+ this->lock->write_lock(this->lock);
+ this->hashers->insert_last(this->hashers, entry);
+ this->lock->unlock(this->lock);
+ }
}
/**
@@ -378,13 +433,17 @@ static void remove_hasher(private_crypto_factory_t *this,
static void add_prf(private_crypto_factory_t *this,
pseudo_random_function_t algo, prf_constructor_t create)
{
- entry_t *entry = malloc_thing(entry_t);
-
- entry->algo = algo;
- entry->create_prf = create;
- this->lock->write_lock(this->lock);
- this->prfs->insert_last(this->prfs, entry);
- this->lock->unlock(this->lock);
+ if (!this->test_on_add ||
+ this->tester->test_prf(this->tester, algo, create))
+ {
+ entry_t *entry = malloc_thing(entry_t);
+
+ entry->algo = algo;
+ entry->create_prf = create;
+ this->lock->write_lock(this->lock);
+ this->prfs->insert_last(this->prfs, entry);
+ this->lock->unlock(this->lock);
+ }
}
/**
@@ -415,13 +474,17 @@ static void remove_prf(private_crypto_factory_t *this, prf_constructor_t create)
static void add_rng(private_crypto_factory_t *this, rng_quality_t quality,
rng_constructor_t create)
{
- entry_t *entry = malloc_thing(entry_t);
-
- entry->algo = quality;
- entry->create_rng = create;
- this->lock->write_lock(this->lock);
- this->rngs->insert_last(this->rngs, entry);
- this->lock->unlock(this->lock);
+ if (!this->test_on_add ||
+ this->tester->test_rng(this->tester, quality, create))
+ {
+ entry_t *entry = malloc_thing(entry_t);
+
+ entry->algo = quality;
+ entry->create_rng = create;
+ this->lock->write_lock(this->lock);
+ this->rngs->insert_last(this->rngs, entry);
+ this->lock->unlock(this->lock);
+ }
}
/**
@@ -605,6 +668,30 @@ static enumerator_t* create_dh_enumerator(private_crypto_factory_t *this)
}
/**
+ * Implementation of crypto_factory_t.add_test_vector
+ */
+static void add_test_vector(private_crypto_factory_t *this,
+ transform_type_t type, void *vector)
+{
+ switch (type)
+ {
+ case ENCRYPTION_ALGORITHM:
+ return this->tester->add_crypter_vector(this->tester, vector);
+ case INTEGRITY_ALGORITHM:
+ return this->tester->add_signer_vector(this->tester, vector);
+ case HASH_ALGORITHM:
+ return this->tester->add_hasher_vector(this->tester, vector);
+ case PSEUDO_RANDOM_FUNCTION:
+ return this->tester->add_prf_vector(this->tester, vector);
+ case RANDOM_NUMBER_GENERATOR:
+ return this->tester->add_rng_vector(this->tester, vector);
+ default:
+ DBG1("%N test vectors not supported, ignored",
+ transform_type_names, type);
+ }
+}
+
+/**
* Implementation of crypto_factory_t.destroy
*/
static void destroy(private_crypto_factory_t *this)
@@ -615,6 +702,7 @@ static void destroy(private_crypto_factory_t *this)
this->prfs->destroy_function(this->prfs, free);
this->rngs->destroy_function(this->rngs, free);
this->dhs->destroy_function(this->dhs, free);
+ this->tester->destroy(this->tester);
this->lock->destroy(this->lock);
free(this);
}
@@ -649,6 +737,7 @@ crypto_factory_t *crypto_factory_create()
this->public.create_hasher_enumerator = (enumerator_t*(*)(crypto_factory_t*))create_hasher_enumerator;
this->public.create_prf_enumerator = (enumerator_t*(*)(crypto_factory_t*))create_prf_enumerator;
this->public.create_dh_enumerator = (enumerator_t*(*)(crypto_factory_t*))create_dh_enumerator;
+ this->public.add_test_vector = (void(*)(crypto_factory_t*, transform_type_t type, ...))add_test_vector;
this->public.destroy = (void(*)(crypto_factory_t*))destroy;
this->crypters = linked_list_create();
@@ -658,6 +747,11 @@ crypto_factory_t *crypto_factory_create()
this->rngs = linked_list_create();
this->dhs = linked_list_create();
this->lock = rwlock_create(RWLOCK_DEFAULT);
+ this->tester = crypto_tester_create();
+ this->test_on_add = lib->settings->get_bool(lib->settings,
+ "libstrongswan.crypto_test.on_add", FALSE);
+ this->test_on_create = lib->settings->get_bool(lib->settings,
+ "libstrongswan.crypto_test.on_create", FALSE);
return &this->public;
}
diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h
index e2d2de71a..f1ebcf90a 100644
--- a/src/libstrongswan/crypto/crypto_factory.h
+++ b/src/libstrongswan/crypto/crypto_factory.h
@@ -30,6 +30,7 @@ typedef struct crypto_factory_t crypto_factory_t;
#include <crypto/prfs/prf.h>
#include <crypto/rngs/rng.h>
#include <crypto/diffie_hellman.h>
+#include <crypto/transform.h>
/**
* Constructor function for crypters
@@ -257,9 +258,17 @@ struct crypto_factory_t {
enumerator_t* (*create_dh_enumerator)(crypto_factory_t *this);
/**
- * Destroy a crypto_factory instance.
- */
- void (*destroy)(crypto_factory_t *this);
+ * Add a test vector to the crypto factory.
+ *
+ * @param type type of the test vector
+ * @param ... pointer to a test vector, defined in crypto_tester.h
+ */
+ void (*add_test_vector)(crypto_factory_t *this, transform_type_t type, ...);
+
+ /**
+ * Destroy a crypto_factory instance.
+ */
+ void (*destroy)(crypto_factory_t *this);
};
/**
diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c
new file mode 100644
index 000000000..b0b5aa969
--- /dev/null
+++ b/src/libstrongswan/crypto/crypto_tester.c
@@ -0,0 +1,629 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "crypto_tester.h"
+
+#include <debug.h>
+#include <utils/linked_list.h>
+
+typedef struct private_crypto_tester_t private_crypto_tester_t;
+
+/**
+ * Private data of an crypto_tester_t object.
+ */
+struct private_crypto_tester_t {
+
+ /**
+ * Public crypto_tester_t interface.
+ */
+ crypto_tester_t public;
+
+ /**
+ * List of crypter test vectors
+ */
+ linked_list_t *crypter;
+
+ /**
+ * List of signer test vectors
+ */
+ linked_list_t *signer;
+
+ /**
+ * List of hasher test vectors
+ */
+ linked_list_t *hasher;
+
+ /**
+ * List of PRF test vectors
+ */
+ linked_list_t *prf;
+
+ /**
+ * List of RNG test vectors
+ */
+ linked_list_t *rng;
+
+ /**
+ * Is a test vector required to pass a test?
+ */
+ bool required;
+
+ /**
+ * should we run RNG_TRUE tests? Enough entropy?
+ */
+ bool rng_true;
+};
+
+/**
+ * Implementation of crypto_tester_t.test_crypter
+ */
+static bool test_crypter(private_crypto_tester_t *this,
+ encryption_algorithm_t alg, size_t key_size, crypter_constructor_t create)
+{
+ enumerator_t *enumerator;
+ crypter_test_vector_t *vector;
+ bool failed = FALSE;
+ u_int tested = 0;
+
+ enumerator = this->crypter->create_enumerator(this->crypter);
+ while (enumerator->enumerate(enumerator, &vector))
+ {
+ crypter_t *crypter;
+ chunk_t key, plain, cipher, iv;
+
+ if (vector->alg != alg)
+ {
+ continue;
+ }
+ if (key_size && key_size != vector->key_size)
+ { /* test only vectors with a specific key size, if key size given */
+ continue;
+ }
+ crypter = create(alg, vector->key_size);
+ if (!crypter)
+ { /* key size not supported... */
+ continue;
+ }
+
+ failed = FALSE;
+ tested++;
+
+ key = chunk_create(vector->key, crypter->get_key_size(crypter));
+ crypter->set_key(crypter, key);
+ iv = chunk_create(vector->iv, crypter->get_block_size(crypter));
+
+ /* allocated encryption */
+ plain = chunk_create(vector->plain, vector->len);
+ crypter->encrypt(crypter, plain, iv, &cipher);
+ if (!memeq(vector->cipher, cipher.ptr, cipher.len))
+ {
+ failed = TRUE;
+ }
+ /* inline decryption */
+ crypter->decrypt(crypter, cipher, iv, NULL);
+ if (!memeq(vector->plain, cipher.ptr, cipher.len))
+ {
+ failed = TRUE;
+ }
+ free(cipher.ptr);
+ /* allocated decryption */
+ cipher = chunk_create(vector->cipher, vector->len);
+ crypter->decrypt(crypter, cipher, iv, &plain);
+ if (!memeq(vector->plain, plain.ptr, plain.len))
+ {
+ failed = TRUE;
+ }
+ /* inline encryption */
+ crypter->encrypt(crypter, plain, iv, NULL);
+ if (!memeq(vector->cipher, plain.ptr, plain.len))
+ {
+ failed = TRUE;
+ }
+ free(plain.ptr);
+
+ crypter->destroy(crypter);
+ if (failed)
+ {
+ DBG1("disabled %N: test vector %d failed",
+ encryption_algorithm_names, alg, tested);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!tested)
+ {
+ DBG1("%s %N: no test vectors found",
+ this->required ? "disabled" : "enabled ",
+ encryption_algorithm_names, alg);
+ return !this->required;
+ }
+ if (!failed)
+ {
+ DBG1("enabled %N: successfully passed %d test vectors",
+ encryption_algorithm_names, alg, tested);
+ }
+ return !failed;
+}
+
+/**
+ * Implementation of crypto_tester_t.test_signer
+ */
+static bool test_signer(private_crypto_tester_t *this,
+ integrity_algorithm_t alg, signer_constructor_t create)
+{
+ enumerator_t *enumerator;
+ signer_test_vector_t *vector;
+ bool failed = FALSE;
+ u_int tested = 0;
+
+ enumerator = this->signer->create_enumerator(this->signer);
+ while (enumerator->enumerate(enumerator, &vector))
+ {
+ signer_t *signer;
+ chunk_t key, data, mac;
+
+ if (vector->alg != alg)
+ {
+ continue;
+ }
+
+ tested++;
+ signer = create(alg);
+ if (!signer)
+ {
+ DBG1("disabled %N: creating instance failed",
+ integrity_algorithm_names, alg);
+ failed = TRUE;
+ break;
+ }
+
+ failed = FALSE;
+
+ key = chunk_create(vector->key, signer->get_key_size(signer));
+ signer->set_key(signer, key);
+
+ /* allocated signature */
+ data = chunk_create(vector->data, vector->len);
+ signer->allocate_signature(signer, data, &mac);
+ if (mac.len != signer->get_block_size(signer))
+ {
+ failed = TRUE;
+ }
+ if (!memeq(vector->mac, mac.ptr, mac.len))
+ {
+ failed = TRUE;
+ }
+ /* signature to existing buffer */
+ memset(mac.ptr, 0, mac.len);
+ signer->get_signature(signer, data, mac.ptr);
+ if (!memeq(vector->mac, mac.ptr, mac.len))
+ {
+ failed = TRUE;
+ }
+ /* signature verification, good case */
+ if (!signer->verify_signature(signer, data, mac))
+ {
+ failed = TRUE;
+ }
+ /* signature verification, bad case */
+ *(mac.ptr + mac.len - 1) += 1;
+ if (signer->verify_signature(signer, data, mac))
+ {
+ failed = TRUE;
+ }
+ /* signature to existing buffer, using append mode */
+ if (data.len > 2)
+ {
+ memset(mac.ptr, 0, mac.len);
+ signer->allocate_signature(signer, chunk_create(data.ptr, 1), NULL);
+ signer->get_signature(signer, chunk_create(data.ptr + 1, 1), NULL);
+ signer->get_signature(signer, chunk_skip(data, 2), mac.ptr);
+ if (!memeq(vector->mac, mac.ptr, mac.len))
+ {
+ failed = TRUE;
+ }
+ }
+ free(mac.ptr);
+
+ signer->destroy(signer);
+ if (failed)
+ {
+ DBG1("disabled %N: test vector %d failed",
+ integrity_algorithm_names, alg, tested);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!tested)
+ {
+ DBG1("%s %N: no test vectors found",
+ this->required ? "disabled" : "enabled ",
+ integrity_algorithm_names, alg);
+ return !this->required;
+ }
+ if (!failed)
+ {
+ DBG1("enabled %N: successfully passed %d test vectors",
+ integrity_algorithm_names, alg, tested);
+ }
+ return !failed;
+}
+
+/**
+ * Implementation of hasher_t.test_hasher
+ */
+static bool test_hasher(private_crypto_tester_t *this, hash_algorithm_t alg,
+ hasher_constructor_t create)
+{
+ enumerator_t *enumerator;
+ hasher_test_vector_t *vector;
+ bool failed = FALSE;
+ u_int tested = 0;
+
+ enumerator = this->hasher->create_enumerator(this->hasher);
+ while (enumerator->enumerate(enumerator, &vector))
+ {
+ hasher_t *hasher;
+ chunk_t data, hash;
+
+ if (vector->alg != alg)
+ {
+ continue;
+ }
+
+ tested++;
+ hasher = create(alg);
+ if (!hasher)
+ {
+ DBG1("disabled %N: creating instance failed",
+ hash_algorithm_names, alg);
+ failed = TRUE;
+ break;
+ }
+
+ failed = FALSE;
+
+ /* allocated hash */
+ data = chunk_create(vector->data, vector->len);
+ hasher->allocate_hash(hasher, data, &hash);
+ if (hash.len != hasher->get_hash_size(hasher))
+ {
+ failed = TRUE;
+ }
+ if (!memeq(vector->hash, hash.ptr, hash.len))
+ {
+ failed = TRUE;
+ }
+ /* hash to existing buffer */
+ memset(hash.ptr, 0, hash.len);
+ hasher->get_hash(hasher, data, hash.ptr);
+ if (!memeq(vector->hash, hash.ptr, hash.len))
+ {
+ failed = TRUE;
+ }
+ /* hasher to existing buffer, using append mode */
+ if (data.len > 2)
+ {
+ memset(hash.ptr, 0, hash.len);
+ hasher->allocate_hash(hasher, chunk_create(data.ptr, 1), NULL);
+ hasher->get_hash(hasher, chunk_create(data.ptr + 1, 1), NULL);
+ hasher->get_hash(hasher, chunk_skip(data, 2), hash.ptr);
+ if (!memeq(vector->hash, hash.ptr, hash.len))
+ {
+ failed = TRUE;
+ }
+ }
+ free(hash.ptr);
+
+ hasher->destroy(hasher);
+ if (failed)
+ {
+ DBG1("disabled %N: test vector %d failed",
+ hash_algorithm_names, alg), tested;
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!tested)
+ {
+ DBG1("%s %N: no test vectors found",
+ this->required ? "disabled" : "enabled ",
+ hash_algorithm_names, alg);
+ return !this->required;
+ }
+ if (!failed)
+ {
+ DBG1("enabled %N: successfully passed %d test vectors",
+ hash_algorithm_names, alg, tested);
+ }
+ return !failed;
+}
+
+/**
+ * Implementation of crypto_tester_t.test_prf
+ */
+static bool test_prf(private_crypto_tester_t *this,
+ pseudo_random_function_t alg, prf_constructor_t create)
+{
+ enumerator_t *enumerator;
+ prf_test_vector_t *vector;
+ bool failed = FALSE;
+ u_int tested = 0;
+
+ enumerator = this->prf->create_enumerator(this->prf);
+ while (enumerator->enumerate(enumerator, &vector))
+ {
+ prf_t *prf;
+ chunk_t key, seed, out;
+
+ if (vector->alg != alg)
+ {
+ continue;
+ }
+
+ tested++;
+ prf = create(alg);
+ if (!prf)
+ {
+ DBG1("disabled %N: creating instance failed",
+ pseudo_random_function_names, alg);
+ failed = TRUE;
+ break;
+ }
+
+ failed = FALSE;
+
+ key = chunk_create(vector->key, vector->key_size);
+ prf->set_key(prf, key);
+
+ /* allocated bytes */
+ seed = chunk_create(vector->seed, vector->len);
+ prf->allocate_bytes(prf, seed, &out);
+ if (out.len != prf->get_block_size(prf))
+ {
+ failed = TRUE;
+ }
+ if (!memeq(vector->out, out.ptr, out.len))
+ {
+ failed = TRUE;
+ }
+ /* bytes to existing buffer */
+ memset(out.ptr, 0, out.len);
+ if (vector->stateful)
+ {
+ prf->set_key(prf, key);
+ }
+ prf->get_bytes(prf, seed, out.ptr);
+ if (!memeq(vector->out, out.ptr, out.len))
+ {
+ failed = TRUE;
+ }
+ /* bytes to existing buffer, using append mode */
+ if (seed.len > 2)
+ {
+ memset(out.ptr, 0, out.len);
+ if (vector->stateful)
+ {
+ prf->set_key(prf, key);
+ }
+ prf->allocate_bytes(prf, chunk_create(seed.ptr, 1), NULL);
+ prf->get_bytes(prf, chunk_create(seed.ptr + 1, 1), NULL);
+ prf->get_bytes(prf, chunk_skip(seed, 2), out.ptr);
+ if (!memeq(vector->out, out.ptr, out.len))
+ {
+ failed = TRUE;
+ }
+ }
+ free(out.ptr);
+
+ prf->destroy(prf);
+ if (failed)
+ {
+ DBG1("disabled %N: test vector %d failed",
+ pseudo_random_function_names, alg, tested);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!tested)
+ {
+ DBG1("%s %N: no test vectors found",
+ this->required ? "disabled" : "enabled ",
+ pseudo_random_function_names, alg);
+ return !this->required;
+ }
+ if (!failed)
+ {
+ DBG1("enabled %N: successfully passed %d test vectors",
+ pseudo_random_function_names, alg, tested);
+ }
+ return !failed;
+}
+
+/**
+ * Implementation of crypto_tester_t.test_rng
+ */
+static bool test_rng(private_crypto_tester_t *this, rng_quality_t quality,
+ rng_constructor_t create)
+{
+ enumerator_t *enumerator;
+ rng_test_vector_t *vector;
+ bool failed = FALSE;
+ u_int tested = 0;
+
+ if (!this->rng_true && quality == RNG_TRUE)
+ {
+ DBG1("enabled %N: skipping test (disabled by config)",
+ rng_quality_names, quality);
+ return TRUE;
+ }
+
+ enumerator = this->rng->create_enumerator(this->rng);
+ while (enumerator->enumerate(enumerator, &vector))
+ {
+ rng_t *rng;
+ chunk_t data;
+
+ if (vector->quality != quality)
+ {
+ continue;
+ }
+
+ tested++;
+ rng = create(quality);
+ if (!rng)
+ {
+ DBG1("disabled %N: creating instance failed",
+ rng_quality_names, quality);
+ failed = TRUE;
+ break;
+ }
+
+ failed = FALSE;
+
+ /* allocated bytes */
+ rng->allocate_bytes(rng, vector->len, &data);
+ if (data.len != vector->len)
+ {
+ failed = TRUE;
+ }
+ if (!vector->test(vector->user, data))
+ {
+ failed = TRUE;
+ }
+ /* bytes to existing buffer */
+ memset(data.ptr, 0, data.len);
+ rng->get_bytes(rng, vector->len, data.ptr);
+ if (!vector->test(vector->user, data))
+ {
+ failed = TRUE;
+ }
+ free(data.ptr);
+
+ rng->destroy(rng);
+ if (failed)
+ {
+ DBG1("disabled %N: test vector %d failed",
+ rng_quality_names, quality, tested);
+ break;
+ }
+ }
+ enumerator->destroy(enumerator);
+ if (!tested)
+ {
+ DBG1("%s %N: no test vectors found",
+ this->required ? ", disabled" : "enabled ",
+ rng_quality_names, quality);
+ return !this->required;
+ }
+ if (!failed)
+ {
+ DBG1("enabled %N: successfully passed %d test vectors",
+ rng_quality_names, quality, tested);
+ }
+ return !failed;
+}
+
+/**
+ * Implementation of crypter_tester_t.add_crypter_vector
+ */
+static void add_crypter_vector(private_crypto_tester_t *this,
+ crypter_test_vector_t *vector)
+{
+ this->crypter->insert_last(this->crypter, vector);
+}
+
+/**
+ * Implementation of crypter_tester_t.add_signer_vector
+ */
+static void add_signer_vector(private_crypto_tester_t *this,
+ signer_test_vector_t *vector)
+{
+ this->signer->insert_last(this->signer, vector);
+}
+
+/**
+ * Implementation of crypter_tester_t.add_hasher_vector
+ */
+static void add_hasher_vector(private_crypto_tester_t *this,
+ hasher_test_vector_t *vector)
+{
+ this->hasher->insert_last(this->hasher, vector);
+}
+
+/**
+ * Implementation of crypter_tester_t.add_prf_vector
+ */
+static void add_prf_vector(private_crypto_tester_t *this,
+ prf_test_vector_t *vector)
+{
+ this->prf->insert_last(this->prf, vector);
+}
+
+/**
+ * Implementation of crypter_tester_t.add_rng_vector
+ */
+static void add_rng_vector(private_crypto_tester_t *this,
+ rng_test_vector_t *vector)
+{
+ this->rng->insert_last(this->rng, vector);
+}
+
+/**
+ * Implementation of crypto_tester_t.destroy.
+ */
+static void destroy(private_crypto_tester_t *this)
+{
+ this->crypter->destroy(this->crypter);
+ this->signer->destroy(this->signer);
+ this->hasher->destroy(this->hasher);
+ this->prf->destroy(this->prf);
+ this->rng->destroy(this->rng);
+ free(this);
+}
+
+/**
+ * See header
+ */
+crypto_tester_t *crypto_tester_create()
+{
+ private_crypto_tester_t *this = malloc_thing(private_crypto_tester_t);
+
+ this->public.test_crypter = (bool(*)(crypto_tester_t*, encryption_algorithm_t alg,size_t key_size, crypter_constructor_t create))test_crypter;
+ this->public.test_signer = (bool(*)(crypto_tester_t*, integrity_algorithm_t alg, signer_constructor_t create))test_signer;
+ this->public.test_hasher = (bool(*)(crypto_tester_t*, hash_algorithm_t alg, hasher_constructor_t create))test_hasher;
+ this->public.test_prf = (bool(*)(crypto_tester_t*, pseudo_random_function_t alg, prf_constructor_t create))test_prf;
+ this->public.test_rng = (bool(*)(crypto_tester_t*, rng_quality_t quality, rng_constructor_t create))test_rng;
+ this->public.add_crypter_vector = (void(*)(crypto_tester_t*, crypter_test_vector_t *vector))add_crypter_vector;
+ this->public.add_signer_vector = (void(*)(crypto_tester_t*, signer_test_vector_t *vector))add_signer_vector;
+ this->public.add_hasher_vector = (void(*)(crypto_tester_t*, hasher_test_vector_t *vector))add_hasher_vector;
+ this->public.add_prf_vector = (void(*)(crypto_tester_t*, prf_test_vector_t *vector))add_prf_vector;
+ this->public.add_rng_vector = (void(*)(crypto_tester_t*, rng_test_vector_t *vector))add_rng_vector;
+ this->public.destroy = (void(*)(crypto_tester_t*))destroy;
+
+ this->crypter = linked_list_create();
+ this->signer = linked_list_create();
+ this->hasher = linked_list_create();
+ this->prf = linked_list_create();
+ this->rng = linked_list_create();
+
+ this->required = lib->settings->get_bool(lib->settings,
+ "libstrongswan.crypto_test.required", FALSE);
+ this->rng_true = lib->settings->get_bool(lib->settings,
+ "libstrongswan.crypto_test.rng_true", FALSE);
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h
new file mode 100644
index 000000000..d2929f33d
--- /dev/null
+++ b/src/libstrongswan/crypto/crypto_tester.h
@@ -0,0 +1,205 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup crypto_tester crypto_tester
+ * @{ @ingroup crypto
+ */
+
+#ifndef CRYPTO_TESTER_H_
+#define CRYPTO_TESTER_H_
+
+typedef struct crypto_tester_t crypto_tester_t;
+
+#include <crypto/crypto_factory.h>
+
+typedef struct crypter_test_vector_t crypter_test_vector_t;
+typedef struct signer_test_vector_t signer_test_vector_t;
+typedef struct hasher_test_vector_t hasher_test_vector_t;
+typedef struct prf_test_vector_t prf_test_vector_t;
+typedef struct rng_test_vector_t rng_test_vector_t;
+
+struct crypter_test_vector_t {
+ /** encryption algorithm this vector tests */
+ encryption_algorithm_t alg;
+ /** key length to use, in bytes */
+ size_t key_size;
+ /** encryption key of test vector */
+ u_char *key;
+ /** initialization vector, using crypters blocksize bytes */
+ u_char *iv;
+ /** length of plain and cipher text */
+ size_t len;
+ /** plain text */
+ u_char *plain;
+ /** cipher text */
+ u_char *cipher;
+};
+
+struct signer_test_vector_t {
+ /** signer algorithm this test vector tests */
+ pseudo_random_function_t alg;
+ /** key to use, with a length the algorithm expects */
+ u_char *key;
+ /** size of the input data */
+ size_t len;
+ /** input data */
+ u_char *data;
+ /** expected output, with ouput size of the tested algorithm */
+ u_char *mac;
+};
+
+struct hasher_test_vector_t {
+ /** hash algorithm this test vector tests */
+ hash_algorithm_t alg;
+ /** length of the input data */
+ size_t len;
+ /** input data */
+ u_char *data;
+ /** expected hash, with hash size of the tested algorithm */
+ u_char *hash;
+};
+
+struct prf_test_vector_t {
+ /** prf algorithm this test vector tests */
+ pseudo_random_function_t alg;
+ /** is this PRF stateful? */
+ bool stateful;
+ /** key length to use, in bytes */
+ size_t key_size;
+ /** key to use */
+ u_char *key;
+ /** size of the seed data */
+ size_t len;
+ /** seed data */
+ u_char *seed;
+ /** expected output, with block size of the tested algorithm */
+ u_char *out;
+};
+
+/**
+ * Test vector for a RNG.
+ *
+ * Contains a callback function to analyze the output of a RNG,
+ */
+struct rng_test_vector_t {
+ /** quality of random data this test vector tests */
+ rng_quality_t quality;
+ /** callback function to test RNG output, returns TRUE if data ok */
+ bool (*test)(void *user, chunk_t data);
+ /** number of bytes the function requests */
+ size_t len;
+ /** user data passed back to the test() function on invocation */
+ void *user;
+};
+
+/**
+ * Cryptographic primitive testing framework.
+ */
+struct crypto_tester_t {
+
+ /**
+ * Test a crypter algorithm, optionally using a specified key size.
+ *
+ * @param alg algorithm to test
+ * @param key_size key size to test, 0 for all
+ * @param create constructor function for the crypter
+ * @return TRUE if test passed
+ */
+ bool (*test_crypter)(crypto_tester_t *this, encryption_algorithm_t alg,
+ size_t key_size, crypter_constructor_t create);
+ /**
+ * Test a signer algorithm.
+ *
+ * @param alg algorithm to test
+ * @param create constructor function for the signer
+ * @return TRUE if test passed
+ */
+ bool (*test_signer)(crypto_tester_t *this, integrity_algorithm_t alg,
+ signer_constructor_t create);
+ /**
+ * Test a hasher algorithm.
+ *
+ * @param alg algorithm to test
+ * @param create constructor function for the hasher
+ * @return TRUE if test passed
+ */
+ bool (*test_hasher)(crypto_tester_t *this, hash_algorithm_t alg,
+ hasher_constructor_t create);
+ /**
+ * Test a PRF algorithm.
+ *
+ * @param alg algorithm to test
+ * @param create constructor function for the PRF
+ * @return TRUE if test passed
+ */
+ bool (*test_prf)(crypto_tester_t *this, pseudo_random_function_t alg,
+ prf_constructor_t create);
+ /**
+ * Test a RNG implementation.
+ *
+ * @param alg algorithm to test
+ * @param create constructor function for the RNG
+ * @return TRUE if test passed
+ */
+ bool (*test_rng)(crypto_tester_t *this, rng_quality_t quality,
+ rng_constructor_t create);
+ /**
+ * Add a test vector to test a crypter.
+ *
+ * @param vector pointer to test vector
+ */
+ void (*add_crypter_vector)(crypto_tester_t *this,
+ crypter_test_vector_t *vector);
+ /**
+ * Add a test vector to test a signer.
+ *
+ * @param vector pointer to test vector
+ */
+ void (*add_signer_vector)(crypto_tester_t *this,
+ signer_test_vector_t *vector);
+ /**
+ * Add a test vector to test a hasher.
+ *
+ * @param vector pointer to test vector
+ */
+ void (*add_hasher_vector)(crypto_tester_t *this,
+ hasher_test_vector_t *vector);
+ /**
+ * Add a test vector to test a PRF.
+ *
+ * @param vector pointer to test vector
+ */
+ void (*add_prf_vector)(crypto_tester_t *this, prf_test_vector_t *vector);
+
+ /**
+ * Add a test vector to test a RNG.
+ *
+ * @param vector pointer to test vector
+ */
+ void (*add_rng_vector)(crypto_tester_t *this, rng_test_vector_t *vector);
+
+ /**
+ * Destroy a crypto_tester_t.
+ */
+ void (*destroy)(crypto_tester_t *this);
+};
+
+/**
+ * Create a crypto_tester instance.
+ */
+crypto_tester_t *crypto_tester_create();
+
+#endif /* CRYPTO_TESTER_ @}*/
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index 53c3a1632..18d532697 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -12,30 +12,28 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: diffie_hellman.c 4685 2008-11-22 16:14:55Z martin $
*/
#include "diffie_hellman.h"
ENUM_BEGIN(diffie_hellman_group_names, MODP_NONE, MODP_1024_BIT,
"MODP_NONE",
- "MODP_768_BIT",
- "MODP_1024_BIT");
+ "MODP_768",
+ "MODP_1024");
ENUM_NEXT(diffie_hellman_group_names, MODP_1536_BIT, MODP_1536_BIT, MODP_1024_BIT,
- "MODP_1536_BIT");
+ "MODP_1536");
ENUM_NEXT(diffie_hellman_group_names, MODP_2048_BIT, ECP_521_BIT, MODP_1536_BIT,
- "MODP_2048_BIT",
- "MODP_3072_BIT",
- "MODP_4096_BIT",
- "MODP_6144_BIT",
- "MODP_8192_BIT",
- "ECP_256_BIT",
- "ECP_384_BIT",
- "ECP_521_BIT");
+ "MODP_2048",
+ "MODP_3072",
+ "MODP_4096",
+ "MODP_6144",
+ "MODP_8192",
+ "ECP_256",
+ "ECP_384",
+ "ECP_521");
ENUM_NEXT(diffie_hellman_group_names, ECP_192_BIT, ECP_224_BIT, ECP_521_BIT,
- "ECP_192_BIT",
- "ECP_224_BIT");
+ "ECP_192",
+ "ECP_224");
ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_NULL, ECP_224_BIT,
"MODP_NULL");
ENUM_END(diffie_hellman_group_names, MODP_NULL);
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index 5aaba383e..a40a73526 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: diffie_hellman.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index cf507442d..c58c2ad42 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -13,24 +13,22 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: hasher.c 4880 2009-02-18 19:45:46Z tobias $
*/
#include "hasher.h"
#include <asn1/oid.h>
-ENUM(hash_algorithm_names, HASH_UNKNOWN, HASH_MD4,
+ENUM(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA512,
"HASH_UNKNOWN",
"HASH_PREFERRED",
"HASH_MD2",
+ "HASH_MD4",
"HASH_MD5",
"HASH_SHA1",
"HASH_SHA256",
"HASH_SHA384",
- "HASH_SHA512",
- "HASH_MD4"
+ "HASH_SHA512"
);
/*
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index 1db5c14cc..098739fa3 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -13,13 +13,11 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: hasher.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
- * @defgroup traffic_selector traffic_selector
- * @{ @ingroup config
+ * @defgroup hasher hasher
+ * @{ @ingroup crypto
*/
#ifndef HASHER_H_
@@ -39,12 +37,12 @@ enum hash_algorithm_t {
/** preferred hash function, general purpose */
HASH_PREFERRED = 1,
HASH_MD2 = 2,
- HASH_MD5 = 3,
- HASH_SHA1 = 4,
- HASH_SHA256 = 5,
- HASH_SHA384 = 6,
- HASH_SHA512 = 7,
- HASH_MD4 = 8,
+ HASH_MD4 = 3,
+ HASH_MD5 = 4,
+ HASH_SHA1 = 5,
+ HASH_SHA256 = 6,
+ HASH_SHA384 = 7,
+ HASH_SHA512 = 8
};
#define HASH_SIZE_MD2 16
diff --git a/src/libstrongswan/crypto/pkcs9.c b/src/libstrongswan/crypto/pkcs9.c
index 1c1b5a586..525ea9db5 100644
--- a/src/libstrongswan/crypto/pkcs9.c
+++ b/src/libstrongswan/crypto/pkcs9.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: pkcs9.c 3891 2008-04-28 16:00:52Z andreas $
*/
#include <library.h>
diff --git a/src/libstrongswan/crypto/pkcs9.h b/src/libstrongswan/crypto/pkcs9.h
index 698f3c172..80d915701 100644
--- a/src/libstrongswan/crypto/pkcs9.h
+++ b/src/libstrongswan/crypto/pkcs9.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: pkcs9.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c
index 3d37d4ef7..a4fc377ef 100644
--- a/src/libstrongswan/crypto/prf_plus.c
+++ b/src/libstrongswan/crypto/prf_plus.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: prf_plus.c 4524 2008-10-29 14:12:54Z martin $
*/
#include <string.h>
diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h
index 4c98e4ad1..2e5b66152 100644
--- a/src/libstrongswan/crypto/prf_plus.h
+++ b/src/libstrongswan/crypto/prf_plus.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: prf_plus.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/crypto/prfs/prf.c b/src/libstrongswan/crypto/prfs/prf.c
index 812f6278d..8681a5b97 100644
--- a/src/libstrongswan/crypto/prfs/prf.c
+++ b/src/libstrongswan/crypto/prfs/prf.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: prf.c 3619 2008-03-19 14:02:52Z martin $
*/
#include "prf.h"
@@ -23,13 +21,14 @@ ENUM_BEGIN(pseudo_random_function_names, PRF_UNDEFINED, PRF_KEYED_SHA1,
"PRF_FIPS_SHA1_160",
"PRF_FIPS_DES",
"PRF_KEYED_SHA1");
-ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_HMAC_SHA2_512, PRF_KEYED_SHA1,
+ENUM_NEXT(pseudo_random_function_names, PRF_HMAC_MD5, PRF_AES128_CMAC, PRF_KEYED_SHA1,
"PRF_HMAC_MD5",
"PRF_HMAC_SHA1",
"PRF_HMAC_TIGER",
- "PRF_AES128_CBC",
+ "PRF_AES128_XCBC",
"PRF_HMAC_SHA2_256",
"PRF_HMAC_SHA2_384",
- "PRF_HMAC_SHA2_512");
-ENUM_END(pseudo_random_function_names, PRF_HMAC_SHA2_512);
+ "PRF_HMAC_SHA2_512",
+ "PRF_AES128_CMAC");
+ENUM_END(pseudo_random_function_names, PRF_AES128_CMAC);
diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h
index e2b4f6fe0..f2a5afc45 100644
--- a/src/libstrongswan/crypto/prfs/prf.h
+++ b/src/libstrongswan/crypto/prfs/prf.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: prf.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -37,21 +35,25 @@ typedef struct prf_t prf_t;
*/
enum pseudo_random_function_t {
PRF_UNDEFINED = 1024,
- /** Implemented via hmac_prf_t. */
+ /** RFC2104 */
PRF_HMAC_MD5 = 1,
- /** Implemented via hmac_prf_t. */
+ /** RFC2104 */
PRF_HMAC_SHA1 = 2,
+ /** RFC2104 */
PRF_HMAC_TIGER = 3,
+ /** RFC4434 */
PRF_AES128_XCBC = 4,
- /** Implemented via hmac_prf_t. */
+ /** RFC4868 */
PRF_HMAC_SHA2_256 = 5,
- /** Implemented via hmac_prf_t. */
+ /** RFC4868. */
PRF_HMAC_SHA2_384 = 6,
- /** Implemented via hmac_prf_t. */
+ /** RFC4868 */
PRF_HMAC_SHA2_512 = 7,
- /** Implemented via fips_prf_t, other output sizes would be possible */
+ /** RFC4615 */
+ PRF_AES128_CMAC = 8,
+ /** FIPS 186-2-change1 */
PRF_FIPS_SHA1_160 = 1025,
- /** Could be implemented via fips_prf_t, uses fixed output size of 160bit */
+ /** FIPS 186-2-change1, uses fixed output size of 160bit */
PRF_FIPS_DES = 1026,
/**
* Keyed hash algorithm using SHA1, used in EAP-AKA:
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c
new file mode 100644
index 000000000..14321e070
--- /dev/null
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c
@@ -0,0 +1,270 @@
+/* C code produced by gperf version 3.0.3 */
+/* Command-line: /usr/bin/gperf -N proposal_get_token -m 10 -C -G -c -t -D */
+/* Computed positions: -k'1,5,7,10,$' */
+
+#if !((' ' == 32) && ('!' == 33) && ('"' == 34) && ('#' == 35) \
+ && ('%' == 37) && ('&' == 38) && ('\'' == 39) && ('(' == 40) \
+ && (')' == 41) && ('*' == 42) && ('+' == 43) && (',' == 44) \
+ && ('-' == 45) && ('.' == 46) && ('/' == 47) && ('0' == 48) \
+ && ('1' == 49) && ('2' == 50) && ('3' == 51) && ('4' == 52) \
+ && ('5' == 53) && ('6' == 54) && ('7' == 55) && ('8' == 56) \
+ && ('9' == 57) && (':' == 58) && (';' == 59) && ('<' == 60) \
+ && ('=' == 61) && ('>' == 62) && ('?' == 63) && ('A' == 65) \
+ && ('B' == 66) && ('C' == 67) && ('D' == 68) && ('E' == 69) \
+ && ('F' == 70) && ('G' == 71) && ('H' == 72) && ('I' == 73) \
+ && ('J' == 74) && ('K' == 75) && ('L' == 76) && ('M' == 77) \
+ && ('N' == 78) && ('O' == 79) && ('P' == 80) && ('Q' == 81) \
+ && ('R' == 82) && ('S' == 83) && ('T' == 84) && ('U' == 85) \
+ && ('V' == 86) && ('W' == 87) && ('X' == 88) && ('Y' == 89) \
+ && ('Z' == 90) && ('[' == 91) && ('\\' == 92) && (']' == 93) \
+ && ('^' == 94) && ('_' == 95) && ('a' == 97) && ('b' == 98) \
+ && ('c' == 99) && ('d' == 100) && ('e' == 101) && ('f' == 102) \
+ && ('g' == 103) && ('h' == 104) && ('i' == 105) && ('j' == 106) \
+ && ('k' == 107) && ('l' == 108) && ('m' == 109) && ('n' == 110) \
+ && ('o' == 111) && ('p' == 112) && ('q' == 113) && ('r' == 114) \
+ && ('s' == 115) && ('t' == 116) && ('u' == 117) && ('v' == 118) \
+ && ('w' == 119) && ('x' == 120) && ('y' == 121) && ('z' == 122) \
+ && ('{' == 123) && ('|' == 124) && ('}' == 125) && ('~' == 126))
+/* The character set is not based on ISO-646. */
+error "gperf generated tables don't work with this execution character set. Please report a bug to <bug-gnu-gperf@gnu.org>."
+#endif
+
+
+/* proposal keywords
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include <crypto/transform.h>
+#include <crypto/crypters/crypter.h>
+#include <crypto/signers/signer.h>
+#include <crypto/diffie_hellman.h>
+
+struct proposal_token {
+ char *name;
+ transform_type_t type;
+ u_int16_t algorithm;
+ u_int16_t keysize;
+};
+
+#define TOTAL_KEYWORDS 87
+#define MIN_WORD_LENGTH 3
+#define MAX_WORD_LENGTH 12
+#define MIN_HASH_VALUE 4
+#define MAX_HASH_VALUE 129
+/* maximum key range = 126, duplicates = 0 */
+
+#ifdef __GNUC__
+__inline
+#else
+#ifdef __cplusplus
+inline
+#endif
+#endif
+static unsigned int
+hash (str, len)
+ register const char *str;
+ register unsigned int len;
+{
+ static const unsigned char asso_values[] =
+ {
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 11,
+ 2, 15, 5, 27, 21, 8, 5, 0, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 39, 130, 24, 0, 1,
+ 8, 2, 50, 0, 9, 53, 130, 130, 0, 130,
+ 42, 0, 130, 130, 5, 9, 34, 4, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130, 130, 130, 130,
+ 130, 130, 130, 130, 130, 130, 130
+ };
+ register int hval = len;
+
+ switch (hval)
+ {
+ default:
+ hval += asso_values[(unsigned char)str[9]];
+ /*FALLTHROUGH*/
+ case 9:
+ case 8:
+ case 7:
+ hval += asso_values[(unsigned char)str[6]];
+ /*FALLTHROUGH*/
+ case 6:
+ case 5:
+ hval += asso_values[(unsigned char)str[4]];
+ /*FALLTHROUGH*/
+ case 4:
+ case 3:
+ case 2:
+ case 1:
+ hval += asso_values[(unsigned char)str[0]+1];
+ break;
+ }
+ return hval + asso_values[(unsigned char)str[len - 1]];
+}
+
+static const struct proposal_token wordlist[] =
+ {
+ {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0},
+ {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192},
+ {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0},
+ {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128},
+ {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0},
+ {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192},
+ {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128},
+ {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0},
+ {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
+ {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
+ {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
+ {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
+ {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
+ {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
+ {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
+ {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
+ {"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
+ {"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
+ {"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
+ {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192},
+ {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192},
+ {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128},
+ {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128},
+ {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128},
+ {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192},
+ {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192},
+ {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128},
+ {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128},
+ {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256},
+ {"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192},
+ {"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192},
+ {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128},
+ {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128},
+ {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
+ {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
+ {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
+ {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256},
+ {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
+ {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
+ {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0},
+ {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0},
+ {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256},
+ {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256},
+ {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0},
+ {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0},
+ {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0},
+ {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256},
+ {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256},
+ {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0},
+ {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0},
+ {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0},
+ {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0},
+ {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256},
+ {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256},
+ {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0},
+ {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192},
+ {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192},
+ {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0},
+ {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0},
+ {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128},
+ {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192},
+ {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0},
+ {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192},
+ {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128},
+ {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0},
+ {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0},
+ {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0},
+ {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128},
+ {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0},
+ {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0},
+ {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0},
+ {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128},
+ {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256},
+ {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256},
+ {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256},
+ {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256},
+ {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}
+ };
+
+static const short lookup[] =
+ {
+ -1, -1, -1, -1, 0, -1, -1, -1, 1, -1, 2, -1, 3, 4,
+ 5, 6, -1, 7, 8, -1, 9, 10, 11, 12, 13, 14, 15, 16,
+ 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, -1,
+ 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43,
+ 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57,
+ 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, -1,
+ 71, -1, 72, -1, 73, -1, 74, 75, 76, 77, 78, -1, -1, 79,
+ -1, -1, -1, -1, -1, -1, 80, -1, -1, -1, -1, -1, -1, 81,
+ -1, -1, -1, -1, -1, -1, 82, 83, 84, -1, 85, -1, -1, -1,
+ -1, -1, -1, 86
+ };
+
+#ifdef __GNUC__
+__inline
+#ifdef __GNUC_STDC_INLINE__
+__attribute__ ((__gnu_inline__))
+#endif
+#endif
+const struct proposal_token *
+proposal_get_token (str, len)
+ register const char *str;
+ register unsigned int len;
+{
+ if (len <= MAX_WORD_LENGTH && len >= MIN_WORD_LENGTH)
+ {
+ register int key = hash (str, len);
+
+ if (key <= MAX_HASH_VALUE && key >= 0)
+ {
+ register int index = lookup[key];
+
+ if (index >= 0)
+ {
+ register const char *s = wordlist[index].name;
+
+ if (*str == *s && !strncmp (str + 1, s + 1, len - 1) && s[len] == '\0')
+ return &wordlist[index];
+ }
+ }
+ }
+ return 0;
+}
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h
new file mode 100644
index 000000000..86cb7ef09
--- /dev/null
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h
@@ -0,0 +1,34 @@
+/* proposal keywords
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef _PROPOSAL_KEYWORDS_H_
+#define _PROPOSAL_KEYWORDS_H_
+
+#include <crypto/transform.h>
+
+typedef struct proposal_token proposal_token_t;
+
+struct proposal_token {
+ char *name;
+ transform_type_t type;
+ u_int16_t algorithm;
+ u_int16_t keysize;
+};
+
+extern const proposal_token_t* proposal_get_token(register const char *str,
+ register unsigned int len);
+
+#endif /* _PROPOSAL_KEYWORDS_H_ */
+
diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
new file mode 100644
index 000000000..511fdd50a
--- /dev/null
+++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt
@@ -0,0 +1,118 @@
+%{
+/* proposal keywords
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include <crypto/transform.h>
+#include <crypto/crypters/crypter.h>
+#include <crypto/signers/signer.h>
+#include <crypto/diffie_hellman.h>
+
+%}
+struct proposal_token {
+ char *name;
+ transform_type_t type;
+ u_int16_t algorithm;
+ u_int16_t keysize;
+};
+%%
+null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0
+des, ENCRYPTION_ALGORITHM, ENCR_DES, 0
+3des, ENCRYPTION_ALGORITHM, ENCR_3DES, 0
+aes, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128
+aes128, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128
+aes192, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192
+aes256, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256
+aes128ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128
+aes192ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192
+aes256ctr, ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256
+aes128ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128
+aes128ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128
+aes128ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128
+aes128ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128
+aes128ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128
+aes128ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128
+aes192ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192
+aes192ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192
+aes192ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192
+aes192ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192
+aes192ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192
+aes192ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192
+aes256ccm8, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256
+aes256ccm64, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256
+aes256ccm12, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256
+aes256ccm96, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256
+aes256ccm16, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256
+aes256ccm128, ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256
+aes128gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128
+aes128gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128
+aes128gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128
+aes128gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128
+aes128gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128
+aes128gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128
+aes192gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192
+aes192gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192
+aes192gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192
+aes192gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192
+aes192gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192
+aes192gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192
+aes256gcm8, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256
+aes256gcm64, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256
+aes256gcm12, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256
+aes256gcm96, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256
+aes256gcm16, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256
+aes256gcm128, ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256
+blowfish, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128
+blowfish128, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128
+blowfish192, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192
+blowfish256, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256
+camellia, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128
+camellia128, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128
+camellia192, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192
+camellia256, ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256
+cast128, ENCRYPTION_ALGORITHM, ENCR_CAST, 128
+serpent, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128
+serpent128, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128
+serpent192, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192
+serpent256, ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256
+twofish, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128
+twofish128, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128
+twofish192, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192
+twofish256, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256
+sha, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
+sha1, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0
+sha256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
+sha2_256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0
+sha384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0
+sha2_384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0
+sha512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0
+sha2_512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0
+md5, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0
+aesxcbc, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0
+modpnull, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0
+modp768, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0
+modp1024, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0
+modp1536, DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0
+modp2048, DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0
+modp3072, DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0
+modp4096, DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0
+modp6144, DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0
+modp8192, DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0
+ecp192, DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0
+ecp224, DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0
+ecp256, DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0
+ecp384, DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0
+ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0
diff --git a/src/libstrongswan/crypto/rngs/rng.c b/src/libstrongswan/crypto/rngs/rng.c
index 435e043e8..67fd76910 100644
--- a/src/libstrongswan/crypto/rngs/rng.c
+++ b/src/libstrongswan/crypto/rngs/rng.c
@@ -11,14 +11,12 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "rng.h"
-ENUM(rng_quality_names, RNG_WEAK, RNG_REAL,
+ENUM(rng_quality_names, RNG_WEAK, RNG_TRUE,
"RNG_WEAK",
"RNG_STRONG",
- "RNG_REAL",
+ "RNG_TRUE",
);
diff --git a/src/libstrongswan/crypto/rngs/rng.h b/src/libstrongswan/crypto/rngs/rng.h
index 1c4d204f3..89bc2f2de 100644
--- a/src/libstrongswan/crypto/rngs/rng.h
+++ b/src/libstrongswan/crypto/rngs/rng.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: rng.h 3619 2008-03-19 14:02:52Z martin $
*/
/**
@@ -36,8 +34,8 @@ enum rng_quality_t {
RNG_WEAK,
/** stronger randomness, usable for session keys */
RNG_STRONG,
- /** real random, key material */
- RNG_REAL,
+ /** true random key material */
+ RNG_TRUE,
};
/**
@@ -56,7 +54,7 @@ struct rng_t {
* @param len number of bytes to get
* @param buffer pointer where the generated bytes will be written
*/
- void (*get_bytes) (rng_t *this, u_int len, u_int8_t *buffer);
+ void (*get_bytes) (rng_t *this, size_t len, u_int8_t *buffer);
/**
* Generates random bytes and allocate space for them.
@@ -64,7 +62,7 @@ struct rng_t {
* @param len number of bytes to get
* @param chunk chunk which will hold generated bytes
*/
- void (*allocate_bytes) (rng_t *this, u_int len, chunk_t *chunk);
+ void (*allocate_bytes) (rng_t *this, size_t len, chunk_t *chunk);
/**
* Destroys a rng object.
diff --git a/src/libstrongswan/crypto/signers/signer.c b/src/libstrongswan/crypto/signers/signer.c
index 8412ff62e..1147e1f26 100644
--- a/src/libstrongswan/crypto/signers/signer.c
+++ b/src/libstrongswan/crypto/signers/signer.c
@@ -12,24 +12,27 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: signer.c 3589 2008-03-13 14:14:44Z martin $
*/
#include "signer.h"
ENUM_BEGIN(integrity_algorithm_names, AUTH_UNDEFINED, AUTH_HMAC_SHA1_128,
"UNDEFINED",
- "AUTH_HMAC_SHA1_128");
-ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_AES_XCBC_96, AUTH_HMAC_SHA1_128,
+ "HMAC_SHA1_128");
+ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_MD5_96, AUTH_HMAC_SHA2_512_256, AUTH_HMAC_SHA1_128,
"HMAC_MD5_96",
"HMAC_SHA1_96",
"DES_MAC",
"KPDK_MD5",
- "AES_XCBC_96");
-ENUM_NEXT(integrity_algorithm_names, AUTH_HMAC_SHA2_256_128, AUTH_HMAC_SHA2_512_256, AUTH_AES_XCBC_96,
- "AUTH_HMAC_SHA2_256_128",
- "AUTH_HMAC_SHA2_384_192",
- "AUTH_HMAC_SHA2_512_256");
+ "AES_XCBC_96",
+ "HMAC_MD5_128",
+ "HMAC_SHA1_160",
+ "AES_CMAC_96",
+ "AES_128_GMAC",
+ "AES_192_GMAC",
+ "AES_256_GMAC",
+ "HMAC_SHA2_256_128",
+ "HMAC_SHA2_384_192",
+ "HMAC_SHA2_512_256");
ENUM_END(integrity_algorithm_names, AUTH_HMAC_SHA2_512_256);
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index b2be2c030..0d9bfc5af 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: signer.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -36,23 +34,36 @@ typedef struct signer_t signer_t;
*/
enum integrity_algorithm_t {
AUTH_UNDEFINED = 1024,
- /** Implemented via hmac_signer_t */
+ /** RFC4306 */
AUTH_HMAC_MD5_96 = 1,
- /** Implemented via hmac_signer_t */
+ /** RFC4306 */
AUTH_HMAC_SHA1_96 = 2,
+ /** RFC4306 */
AUTH_DES_MAC = 3,
+ /** RFC1826 */
AUTH_KPDK_MD5 = 4,
+ /** RFC4306 */
AUTH_AES_XCBC_96 = 5,
- /** Implemented via hmac_signer_t */
+ /** RFC4595 */
+ AUTH_HMAC_MD5_128 = 6,
+ /** RFC4595 */
+ AUTH_HMAC_SHA1_160 = 7,
+ /** RFC4494 */
+ AUTH_AES_CMAC_96 = 8,
+ /** RFC4543 */
+ AUTH_AES_128_GMAC = 9,
+ /** RFC4543 */
+ AUTH_AES_192_GMAC = 10,
+ /** RFC4543 */
+ AUTH_AES_256_GMAC = 11,
+ /** RFC4868 */
AUTH_HMAC_SHA2_256_128 = 12,
- /** Implemented via hmac_signer_t */
+ /** RFC4868 */
AUTH_HMAC_SHA2_384_192 = 13,
- /** Implemented via hmac_signer_t */
+ /** RFC4868 */
AUTH_HMAC_SHA2_512_256 = 14,
- /** Implemented via hmac_signer_t */
+ /** private use */
AUTH_HMAC_SHA1_128 = 1025,
- /** Implemented via hmac_signer_t */
- AUTH_HMAC_MD5_128 = 1026,
};
/**
@@ -61,7 +72,7 @@ enum integrity_algorithm_t {
extern enum_name_t *integrity_algorithm_names;
/**
- * Generig interface for a symmetric signature algorithm.
+ * Generic interface for a symmetric signature algorithm.
*/
struct signer_t {
/**
diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c
new file mode 100644
index 000000000..af40f4de6
--- /dev/null
+++ b/src/libstrongswan/crypto/transform.c
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2006-2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/transform.h>
+
+ENUM_BEGIN(transform_type_names, UNDEFINED_TRANSFORM_TYPE, RANDOM_NUMBER_GENERATOR,
+ "UNDEFINED_TRANSFORM_TYPE",
+ "HASH_ALGORITHM",
+ "RANDOM_NUMBER_GENERATOR");
+ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, RANDOM_NUMBER_GENERATOR,
+ "ENCRYPTION_ALGORITHM",
+ "PSEUDO_RANDOM_FUNCTION",
+ "INTEGRITY_ALGORITHM",
+ "DIFFIE_HELLMAN_GROUP",
+ "EXTENDED_SEQUENCE_NUMBERS");
+ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS);
+
diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h
new file mode 100644
index 000000000..d11700a73
--- /dev/null
+++ b/src/libstrongswan/crypto/transform.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2006-2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup transforms transforms
+ * @{ @ingroup crypto
+ */
+
+#ifndef TRANSFORM_H_
+#define TRANSFORM_H_
+
+typedef enum transform_type_t transform_type_t;
+
+#include <library.h>
+
+/**
+ * Type of a transform, as in IKEv2 RFC 3.3.2.
+ */
+enum transform_type_t {
+ UNDEFINED_TRANSFORM_TYPE = 241,
+ HASH_ALGORITHM = 242,
+ RANDOM_NUMBER_GENERATOR = 243,
+ ENCRYPTION_ALGORITHM = 1,
+ PSEUDO_RANDOM_FUNCTION = 2,
+ INTEGRITY_ALGORITHM = 3,
+ DIFFIE_HELLMAN_GROUP = 4,
+ EXTENDED_SEQUENCE_NUMBERS = 5
+};
+
+/**
+ * enum names for transform_type_t.
+ */
+extern enum_name_t *transform_type_names;
+
+#endif /** TRANSFORM_H_ @}*/
diff --git a/src/libstrongswan/database/database_factory.c b/src/libstrongswan/database/database_factory.c
index 9ceb829c6..76e0a4e89 100644
--- a/src/libstrongswan/database/database_factory.c
+++ b/src/libstrongswan/database/database_factory.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: database_factory.c 3488 2008-02-21 15:10:02Z martin $
*/
#include "database_factory.h"
diff --git a/src/libstrongswan/debug.c b/src/libstrongswan/debug.c
index e20bef2da..b4a84cf76 100644
--- a/src/libstrongswan/debug.c
+++ b/src/libstrongswan/debug.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: debug.c 4058 2008-06-11 14:09:46Z martin $
*/
#include <stdarg.h>
diff --git a/src/libstrongswan/debug.h b/src/libstrongswan/debug.h
index 3b98f6837..1413ff54e 100644
--- a/src/libstrongswan/debug.h
+++ b/src/libstrongswan/debug.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: debug.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/enum.c b/src/libstrongswan/enum.c
index 32524d225..946a54deb 100644
--- a/src/libstrongswan/enum.c
+++ b/src/libstrongswan/enum.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: enum.c 4936 2009-03-12 18:07:32Z tobias $
*/
#include <stddef.h>
diff --git a/src/libstrongswan/enum.h b/src/libstrongswan/enum.h
index 877b3e6de..3f3ca1172 100644
--- a/src/libstrongswan/enum.h
+++ b/src/libstrongswan/enum.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: enum.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/fetcher/fetcher.h b/src/libstrongswan/fetcher/fetcher.h
index 9a7cc315e..70d14bf97 100644
--- a/src/libstrongswan/fetcher/fetcher.h
+++ b/src/libstrongswan/fetcher/fetcher.h
@@ -46,6 +46,18 @@ enum fetcher_option_t {
FETCH_REQUEST_TYPE,
/**
+ * HTTP header to be sent with with the fetch request.
+ * Additional argument is a char*.
+ */
+ FETCH_REQUEST_HEADER,
+
+ /**
+ * Use HTTP Version 1.0 instead of 1.1.
+ * No additional argument is needed.
+ */
+ FETCH_HTTP_VERSION_1_0,
+
+ /**
* Timeout to use for fetch, in seconds.
* Additional argument is u_int
*/
diff --git a/src/libstrongswan/fetcher/fetcher_manager.c b/src/libstrongswan/fetcher/fetcher_manager.c
index 5d58f224e..a30012bb1 100644
--- a/src/libstrongswan/fetcher/fetcher_manager.c
+++ b/src/libstrongswan/fetcher/fetcher_manager.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: fetcher_manager.c 4591 2008-11-05 16:12:54Z martin $
*/
#include "fetcher_manager.h"
@@ -101,8 +99,12 @@ static status_t fetch(private_fetcher_manager_t *this,
good = fetcher->set_option(fetcher, opt, va_arg(args, chunk_t));
continue;
case FETCH_REQUEST_TYPE:
+ case FETCH_REQUEST_HEADER:
good = fetcher->set_option(fetcher, opt, va_arg(args, char*));
continue;
+ case FETCH_HTTP_VERSION_1_0:
+ good = fetcher->set_option(fetcher, opt);
+ continue;
case FETCH_TIMEOUT:
good = fetcher->set_option(fetcher, opt, va_arg(args, u_int));
continue;
diff --git a/src/libstrongswan/fips/Makefile.in b/src/libstrongswan/fips/Makefile.in
index d1c3ed5b6..cdced9423 100644
--- a/src/libstrongswan/fips/Makefile.in
+++ b/src/libstrongswan/fips/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -79,6 +79,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -101,6 +102,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -112,6 +116,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -125,6 +130,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -185,6 +192,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -196,6 +204,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -217,8 +226,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -293,7 +302,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/fips/fips.c b/src/libstrongswan/fips/fips.c
index c268a7429..d2296e5e9 100644
--- a/src/libstrongswan/fips/fips.c
+++ b/src/libstrongswan/fips/fips.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: fips.c 3681 2008-03-28 10:21:04Z martin $
*/
#include <stdio.h>
diff --git a/src/libstrongswan/fips/fips.h b/src/libstrongswan/fips/fips.h
index 9b777be5f..aae18e3b2 100644
--- a/src/libstrongswan/fips/fips.h
+++ b/src/libstrongswan/fips/fips.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: fips.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/fips/fips_canister_end.c b/src/libstrongswan/fips/fips_canister_end.c
index 93f78e696..247d48927 100644
--- a/src/libstrongswan/fips/fips_canister_end.c
+++ b/src/libstrongswan/fips/fips_canister_end.c
@@ -2,8 +2,6 @@
* Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
* and usage in source and binary forms are granted according to the
* OpenSSL license.
- *
- * $Id: fips_canister_end.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stdio.h>
diff --git a/src/libstrongswan/fips/fips_canister_start.c b/src/libstrongswan/fips/fips_canister_start.c
index a15517ec1..4a5528a94 100644
--- a/src/libstrongswan/fips/fips_canister_start.c
+++ b/src/libstrongswan/fips/fips_canister_start.c
@@ -2,8 +2,6 @@
* Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
* and usage in source and binary forms are granted according to the
* OpenSSL license.
- *
- * $Id: fips_canister_start.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stdio.h>
diff --git a/src/libstrongswan/fips/fips_signer.c b/src/libstrongswan/fips/fips_signer.c
index 4bf8b38dd..6f5fdcecf 100644
--- a/src/libstrongswan/fips/fips_signer.c
+++ b/src/libstrongswan/fips/fips_signer.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: fips_signer.c 4258 2008-08-19 18:51:30Z andreas $
*/
#include <stdio.h>
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index cb8d43052..8e5a8a611 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: library.c 4936 2009-03-12 18:07:32Z tobias $
*/
#include "library.h"
@@ -101,8 +99,6 @@ void library_init(char *settings)
PRINTF_HOOK_ARGTYPE_END);
pfh->add_handler(pfh, 'B', chunk_printf_hook,
PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
- pfh->add_handler(pfh, 'D', identification_printf_hook,
- PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
pfh->add_handler(pfh, 'H', host_printf_hook,
PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
pfh->add_handler(pfh, 'N', enum_printf_hook,
@@ -114,12 +110,14 @@ void library_init(char *settings)
pfh->add_handler(pfh, 'V', time_delta_printf_hook,
PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_POINTER,
PRINTF_HOOK_ARGTYPE_END);
+ pfh->add_handler(pfh, 'Y', identification_printf_hook,
+ PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END);
+ this->public.settings = settings_create(settings);
this->public.crypto = crypto_factory_create();
this->public.creds = credential_factory_create();
this->public.fetcher = fetcher_manager_create();
this->public.db = database_factory_create();
- this->public.settings = settings_create(settings);
this->public.plugins = plugin_loader_create();
}
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index a6d27551e..35c6b686a 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: library.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -63,9 +61,9 @@
#include <settings.h>
#include <plugins/plugin_loader.h>
#include <crypto/crypto_factory.h>
-#include <credentials/credential_factory.h>
#include <fetcher/fetcher_manager.h>
#include <database/database_factory.h>
+#include <credentials/credential_factory.h>
typedef struct library_t library_t;
diff --git a/src/libstrongswan/pgp/pgp.c b/src/libstrongswan/pgp/pgp.c
new file mode 100644
index 000000000..613c318c1
--- /dev/null
+++ b/src/libstrongswan/pgp/pgp.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2002-2009 Andreas Steffen
+ *
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "pgp.h"
+
+ENUM_BEGIN(pgp_packet_tag_names, PGP_PKT_RESERVED, PGP_PKT_PUBLIC_SUBKEY,
+ "Reserved",
+ "Public-Key Encrypted Session Key Packet",
+ "Signature Packet",
+ "Symmetric-Key Encrypted Session Key Packet",
+ "One-Pass Signature Packet",
+ "Secret Key Packet",
+ "Public Key Packet",
+ "Secret Subkey Packet",
+ "Compressed Data Packet",
+ "Symmetrically Encrypted Data Packet",
+ "Marker Packet",
+ "Literal Data Packet",
+ "Trust Packet",
+ "User ID Packet",
+ "Public Subkey Packet"
+);
+ENUM_NEXT(pgp_packet_tag_names, PGP_PKT_USER_ATTRIBUTE, PGP_PKT_MOD_DETECT_CODE, PGP_PKT_PUBLIC_SUBKEY,
+ "User Attribute Packet",
+ "Sym. Encrypted and Integrity Protected Data Packet",
+ "Modification Detection Code Packet"
+);
+ENUM_END(pgp_packet_tag_names, PGP_PKT_MOD_DETECT_CODE);
+
+
+ENUM_BEGIN(pgp_pubkey_alg_names, PGP_PUBKEY_ALG_RSA, PGP_PUBKEY_ALG_RSA_SIGN_ONLY,
+ "RSA",
+ "RSA_ENC_ONLY",
+ "RSA_SIGN_ONLY"
+);
+ENUM_NEXT(pgp_pubkey_alg_names, PGP_PUBKEY_ALG_ELGAMAL_ENC_ONLY, PGP_PUBKEY_ALG_DIFFIE_HELLMAN, PGP_PUBKEY_ALG_RSA_SIGN_ONLY,
+ "ELGAMAL_ENC_ONLY",
+ "DSA",
+ "ECC",
+ "ECDSA",
+ "ELGAMAL",
+ "DIFFIE_HELLMAN"
+);
+ENUM_END(pgp_pubkey_alg_names, PGP_PUBKEY_ALG_DIFFIE_HELLMAN);
+
+
+ENUM(pgp_sym_alg_names, PGP_SYM_ALG_PLAIN, PGP_SYM_ALG_TWOFISH,
+ "PLAINTEXT",
+ "IDEA",
+ "3DES",
+ "CAST5",
+ "BLOWFISH",
+ "SAFER",
+ "DES",
+ "AES_128",
+ "AES_192",
+ "AES_256",
+ "TWOFISH"
+);
+
+/*
+ * Defined in header.
+ */
+size_t pgp_length(chunk_t *blob, size_t len)
+{
+ size_t size = 0;
+
+ if (len > blob->len)
+ {
+ return PGP_INVALID_LENGTH;
+ }
+ blob->len -= len;
+
+ while (len-- > 0)
+ {
+ size = 256*size + *blob->ptr++;
+ }
+ return size;
+}
+
diff --git a/src/libstrongswan/pgp/pgp.h b/src/libstrongswan/pgp/pgp.h
new file mode 100644
index 000000000..677c5b1cc
--- /dev/null
+++ b/src/libstrongswan/pgp/pgp.h
@@ -0,0 +1,115 @@
+/*
+ * Copyright (C) 2002-2009 Andreas Steffen
+ *
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup pgpi pgp
+ * @{ @ingroup pgp
+ */
+
+#ifndef PGP_H_
+#define PGP_H_
+
+typedef enum pgp_packet_tag_t pgp_packet_tag_t;
+typedef enum pgp_pubkey_alg_t pgp_pubkey_alg_t;
+typedef enum pgp_sym_alg_t pgp_sym_alg_t;
+
+#include <chunk.h>
+#include <enum.h>
+
+/**
+ * OpenPGP packet tags as defined in section 4.3 of RFC 4880
+ */
+enum pgp_packet_tag_t {
+ PGP_PKT_RESERVED = 0,
+ PGP_PKT_PUBKEY_ENC_SESSION_KEY = 1,
+ PGP_PKT_SIGNATURE = 2,
+ PGP_PKT_SYMKEY_ENC_SESSION_KEY = 3,
+ PGP_PKT_ONE_PASS_SIGNATURE_PKT = 4,
+ PGP_PKT_SECRET_KEY = 5,
+ PGP_PKT_PUBLIC_KEY = 6,
+ PGP_PKT_SECRET_SUBKEY = 7,
+ PGP_PKT_COMPRESSED_DATA = 8,
+ PGP_PKT_SYMKEY_ENC_DATA = 9,
+ PGP_PKT_MARKER = 10,
+ PGP_PKT_LITERAL_DATA = 11,
+ PGP_PKT_TRUST = 12,
+ PGP_PKT_USER_ID = 13,
+ PGP_PKT_PUBLIC_SUBKEY = 14,
+ PGP_PKT_USER_ATTRIBUTE = 17,
+ PGP_PKT_SYM_ENC_INT_PROT_DATA = 18,
+ PGP_PKT_MOD_DETECT_CODE = 19
+};
+
+/**
+ * Enum names for pgp_packet_tag_t
+ */
+extern enum_name_t *pgp_packet_tag_names;
+
+/**
+ * OpenPGP public key algorithms as defined in section 9.1 of RFC 4880
+ */
+enum pgp_pubkey_alg_t {
+ PGP_PUBKEY_ALG_RSA = 1,
+ PGP_PUBKEY_ALG_RSA_ENC_ONLY = 2,
+ PGP_PUBKEY_ALG_RSA_SIGN_ONLY = 3,
+ PGP_PUBKEY_ALG_ELGAMAL_ENC_ONLY = 16,
+ PGP_PUBKEY_ALG_DSA = 17,
+ PGP_PUBKEY_ALG_ECC = 18,
+ PGP_PUBKEY_ALG_ECDSA = 19,
+ PGP_PUBKEY_ALG_ELGAMAL = 20,
+ PGP_PUBKEY_ALG_DIFFIE_HELLMAN = 21,
+};
+
+/**
+ * Enum names for pgp_pubkey_alg_t
+ */
+extern enum_name_t *pgp_pubkey_alg_names;
+
+/**
+ * OpenPGP symmetric key algorithms as defined in section 9.2 of RFC 4880
+ */
+enum pgp_sym_alg_t {
+ PGP_SYM_ALG_PLAIN = 0,
+ PGP_SYM_ALG_IDEA = 1,
+ PGP_SYM_ALG_3DES = 2,
+ PGP_SYM_ALG_CAST5 = 3,
+ PGP_SYM_ALG_BLOWFISH = 4,
+ PGP_SYM_ALG_SAFER = 5,
+ PGP_SYM_ALG_DES = 6,
+ PGP_SYM_ALG_AES_128 = 7,
+ PGP_SYM_ALG_AES_192 = 8,
+ PGP_SYM_ALG_AES_256 = 9,
+ PGP_SYM_ALG_TWOFISH = 10
+};
+
+/**
+ * Enum names for pgp_sym_alg_t
+ */
+extern enum_name_t *pgp_sym_alg_names;
+
+#define PGP_INVALID_LENGTH 0xffffffff
+
+/**
+ * Returns the length of an OpenPGP (RFC 4880) packet
+ * The blob pointer is advanced past the length field
+ *
+ * @param blob pointer to an OpenPGP blob
+ * @param len size of the length field
+ * @return length of the next OpenPGP packet
+ */
+size_t pgp_length(chunk_t *blob, size_t len);
+
+#endif /** PGP_H_ @}*/
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index e4eb7e5cf..19d3249b5 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -87,6 +87,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -109,6 +110,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -120,6 +124,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -133,6 +138,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -193,6 +200,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -204,6 +212,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -221,8 +230,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -317,7 +326,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c
index ce4c6da99..c5b091750 100644
--- a/src/libstrongswan/plugins/aes/aes_crypter.c
+++ b/src/libstrongswan/plugins/aes/aes_crypter.c
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: aes_crypter.c 3900 2008-04-30 14:02:25Z martin $
*/
#include "aes_crypter.h"
@@ -34,8 +32,6 @@
#define AES_KS_LENGTH 120
#define AES_RC_LENGTH 29
-#define AES_BLOCK_SIZE 16
-
typedef struct private_aes_crypter_t private_aes_crypter_t;
/**
diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c
index 71e49ad73..63fa48330 100644
--- a/src/libstrongswan/plugins/aes/aes_plugin.c
+++ b/src/libstrongswan/plugins/aes/aes_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: aes_plugin.c 3488 2008-02-21 15:10:02Z martin $
*/
#include "aes_plugin.h"
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index 6b2da9cb4..5a5202262 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -88,6 +88,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -110,6 +111,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -121,6 +125,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -134,6 +139,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -194,6 +201,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -205,6 +213,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -224,8 +233,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -320,7 +329,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c
index 474171ad1..84b85d4bd 100644
--- a/src/libstrongswan/plugins/agent/agent_plugin.c
+++ b/src/libstrongswan/plugins/agent/agent_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "agent_plugin.h"
diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c
index 5e7d0839e..ffdc6d778 100644
--- a/src/libstrongswan/plugins/agent/agent_private_key.c
+++ b/src/libstrongswan/plugins/agent/agent_private_key.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "agent_private_key.h"
@@ -191,8 +189,8 @@ static bool matches_pubkey(chunk_t key, public_key_t *pubkey)
return FALSE;
}
pubkeydata = asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_wrap(ASN1_INTEGER, "c", n),
- asn1_wrap(ASN1_INTEGER, "c", e));
+ asn1_integer("c", n),
+ asn1_integer("c", e));
hasher->allocate_hash(hasher, pubkeydata, &hash);
free(pubkeydata.ptr);
id = pubkey->get_id(pubkey, ID_PUBKEY_SHA1);
@@ -271,7 +269,7 @@ static bool sign(private_agent_private_key_t *this, signature_scheme_t scheme,
char buf[2048];
chunk_t blob = chunk_from_buf(buf);
- if (scheme != SIGN_DEFAULT && scheme != SIGN_RSA_EMSA_PKCS1_SHA1)
+ if (scheme != SIGN_RSA_EMSA_PKCS1_SHA1)
{
DBG1("signature scheme %N not supported by ssh-agent",
signature_scheme_names, scheme);
@@ -389,8 +387,8 @@ static public_key_t* get_public_key(private_agent_private_key_t *this)
e = read_string(&key);
n = read_string(&key);
encoded = asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_wrap(ASN1_INTEGER, "c", n),
- asn1_wrap(ASN1_INTEGER, "c", e));
+ asn1_integer("c", n),
+ asn1_integer("c", e));
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
BUILD_BLOB_ASN1_DER, encoded, BUILD_END);
@@ -442,8 +440,8 @@ static bool build_ids(private_agent_private_key_t *this)
return FALSE;
}
publicKey = asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_wrap(ASN1_INTEGER, "c", n),
- asn1_wrap(ASN1_INTEGER, "c", e));
+ asn1_integer("c", n),
+ asn1_integer("c", e));
hasher->allocate_hash(hasher, publicKey, &hash);
this->keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash);
chunk_free(&hash);
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.am b/src/libstrongswan/plugins/blowfish/Makefile.am
new file mode 100644
index 000000000..6bb82169e
--- /dev/null
+++ b/src/libstrongswan/plugins/blowfish/Makefile.am
@@ -0,0 +1,12 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+plugin_LTLIBRARIES = libstrongswan-blowfish.la
+
+libstrongswan_blowfish_la_SOURCES = \
+blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \
+bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c
+libstrongswan_blowfish_la_LDFLAGS = -module
+
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
new file mode 100644
index 000000000..25cea73df
--- /dev/null
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -0,0 +1,513 @@
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/blowfish
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(plugindir)"
+pluginLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(plugin_LTLIBRARIES)
+libstrongswan_blowfish_la_LIBADD =
+am_libstrongswan_blowfish_la_OBJECTS = blowfish_plugin.lo \
+ blowfish_crypter.lo bf_skey.lo bf_enc.lo
+libstrongswan_blowfish_la_OBJECTS = \
+ $(am_libstrongswan_blowfish_la_OBJECTS)
+libstrongswan_blowfish_la_LINK = $(LIBTOOL) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_blowfish_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_blowfish_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_blowfish_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@
+IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+confdir = @confdir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libstrongswan_plugins = @libstrongswan_plugins@
+linuxdir = @linuxdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+resolv_conf = @resolv_conf@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+simreader = @simreader@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -rdynamic
+plugin_LTLIBRARIES = libstrongswan-blowfish.la
+libstrongswan_blowfish_la_SOURCES = \
+blowfish_plugin.h blowfish_plugin.c blowfish_crypter.c blowfish_crypter.h \
+bf_skey.c blowfish.h bf_pi.h bf_locl.h bf_enc.c
+
+libstrongswan_blowfish_la_LDFLAGS = -module
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-blowfish.la: $(libstrongswan_blowfish_la_OBJECTS) $(libstrongswan_blowfish_la_DEPENDENCIES)
+ $(libstrongswan_blowfish_la_LINK) -rpath $(plugindir) $(libstrongswan_blowfish_la_OBJECTS) $(libstrongswan_blowfish_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bf_enc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bf_skey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/blowfish_crypter.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/blowfish_plugin.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-pluginLTLIBRARIES ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-pluginLTLIBRARIES \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/blowfish/bf_enc.c b/src/libstrongswan/plugins/blowfish/bf_enc.c
new file mode 100644
index 000000000..c2f3ce2e8
--- /dev/null
+++ b/src/libstrongswan/plugins/blowfish/bf_enc.c
@@ -0,0 +1,306 @@
+/* crypto/bf/bf_enc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "blowfish.h"
+#include "bf_locl.h"
+
+/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
+#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
+to modify the code.
+#endif
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key)
+{
+#ifndef BF_PTR2
+ const BF_LONG *p,*s;
+ BF_LONG l,r;
+
+ p=key->P;
+ s= &(key->S[0]);
+ l=data[0];
+ r=data[1];
+
+ l^=p[0];
+ BF_ENC(r,l,s,p[ 1]);
+ BF_ENC(l,r,s,p[ 2]);
+ BF_ENC(r,l,s,p[ 3]);
+ BF_ENC(l,r,s,p[ 4]);
+ BF_ENC(r,l,s,p[ 5]);
+ BF_ENC(l,r,s,p[ 6]);
+ BF_ENC(r,l,s,p[ 7]);
+ BF_ENC(l,r,s,p[ 8]);
+ BF_ENC(r,l,s,p[ 9]);
+ BF_ENC(l,r,s,p[10]);
+ BF_ENC(r,l,s,p[11]);
+ BF_ENC(l,r,s,p[12]);
+ BF_ENC(r,l,s,p[13]);
+ BF_ENC(l,r,s,p[14]);
+ BF_ENC(r,l,s,p[15]);
+ BF_ENC(l,r,s,p[16]);
+#if BF_ROUNDS == 20
+ BF_ENC(r,l,s,p[17]);
+ BF_ENC(l,r,s,p[18]);
+ BF_ENC(r,l,s,p[19]);
+ BF_ENC(l,r,s,p[20]);
+#endif
+ r^=p[BF_ROUNDS+1];
+
+ data[1]=l&0xffffffffL;
+ data[0]=r&0xffffffffL;
+#else
+ BF_LONG l,r,t,*k;
+
+ l=data[0];
+ r=data[1];
+ k=(BF_LONG*)key;
+
+ l^=k[0];
+ BF_ENC(r,l,k, 1);
+ BF_ENC(l,r,k, 2);
+ BF_ENC(r,l,k, 3);
+ BF_ENC(l,r,k, 4);
+ BF_ENC(r,l,k, 5);
+ BF_ENC(l,r,k, 6);
+ BF_ENC(r,l,k, 7);
+ BF_ENC(l,r,k, 8);
+ BF_ENC(r,l,k, 9);
+ BF_ENC(l,r,k,10);
+ BF_ENC(r,l,k,11);
+ BF_ENC(l,r,k,12);
+ BF_ENC(r,l,k,13);
+ BF_ENC(l,r,k,14);
+ BF_ENC(r,l,k,15);
+ BF_ENC(l,r,k,16);
+#if BF_ROUNDS == 20
+ BF_ENC(r,l,k,17);
+ BF_ENC(l,r,k,18);
+ BF_ENC(r,l,k,19);
+ BF_ENC(l,r,k,20);
+#endif
+ r^=k[BF_ROUNDS+1];
+
+ data[1]=l&0xffffffffL;
+ data[0]=r&0xffffffffL;
+#endif
+}
+
+#ifndef BF_DEFAULT_OPTIONS
+
+void BF_decrypt(BF_LONG *data, const BF_KEY *key)
+{
+#ifndef BF_PTR2
+ const BF_LONG *p,*s;
+ BF_LONG l,r;
+
+ p=key->P;
+ s= &(key->S[0]);
+ l=data[0];
+ r=data[1];
+
+ l^=p[BF_ROUNDS+1];
+#if BF_ROUNDS == 20
+ BF_ENC(r,l,s,p[20]);
+ BF_ENC(l,r,s,p[19]);
+ BF_ENC(r,l,s,p[18]);
+ BF_ENC(l,r,s,p[17]);
+#endif
+ BF_ENC(r,l,s,p[16]);
+ BF_ENC(l,r,s,p[15]);
+ BF_ENC(r,l,s,p[14]);
+ BF_ENC(l,r,s,p[13]);
+ BF_ENC(r,l,s,p[12]);
+ BF_ENC(l,r,s,p[11]);
+ BF_ENC(r,l,s,p[10]);
+ BF_ENC(l,r,s,p[ 9]);
+ BF_ENC(r,l,s,p[ 8]);
+ BF_ENC(l,r,s,p[ 7]);
+ BF_ENC(r,l,s,p[ 6]);
+ BF_ENC(l,r,s,p[ 5]);
+ BF_ENC(r,l,s,p[ 4]);
+ BF_ENC(l,r,s,p[ 3]);
+ BF_ENC(r,l,s,p[ 2]);
+ BF_ENC(l,r,s,p[ 1]);
+ r^=p[0];
+
+ data[1]=l&0xffffffffL;
+ data[0]=r&0xffffffffL;
+#else
+ BF_LONG l,r,t,*k;
+
+ l=data[0];
+ r=data[1];
+ k=(BF_LONG *)key;
+
+ l^=k[BF_ROUNDS+1];
+#if BF_ROUNDS == 20
+ BF_ENC(r,l,k,20);
+ BF_ENC(l,r,k,19);
+ BF_ENC(r,l,k,18);
+ BF_ENC(l,r,k,17);
+#endif
+ BF_ENC(r,l,k,16);
+ BF_ENC(l,r,k,15);
+ BF_ENC(r,l,k,14);
+ BF_ENC(l,r,k,13);
+ BF_ENC(r,l,k,12);
+ BF_ENC(l,r,k,11);
+ BF_ENC(r,l,k,10);
+ BF_ENC(l,r,k, 9);
+ BF_ENC(r,l,k, 8);
+ BF_ENC(l,r,k, 7);
+ BF_ENC(r,l,k, 6);
+ BF_ENC(l,r,k, 5);
+ BF_ENC(r,l,k, 4);
+ BF_ENC(l,r,k, 3);
+ BF_ENC(r,l,k, 2);
+ BF_ENC(l,r,k, 1);
+ r^=k[0];
+
+ data[1]=l&0xffffffffL;
+ data[0]=r&0xffffffffL;
+#endif
+}
+
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int encrypt)
+{
+ BF_LONG tin0,tin1;
+ BF_LONG tout0,tout1,xor0,xor1;
+ long l=length;
+ BF_LONG tin[2];
+
+ if (encrypt)
+ {
+ n2l(ivec,tout0);
+ n2l(ivec,tout1);
+ ivec-=8;
+ for (l-=8; l>=0; l-=8)
+ {
+ n2l(in,tin0);
+ n2l(in,tin1);
+ tin0^=tout0;
+ tin1^=tout1;
+ tin[0]=tin0;
+ tin[1]=tin1;
+ BF_encrypt(tin,schedule);
+ tout0=tin[0];
+ tout1=tin[1];
+ l2n(tout0,out);
+ l2n(tout1,out);
+ }
+ if (l != -8)
+ {
+ n2ln(in,tin0,tin1,l+8);
+ tin0^=tout0;
+ tin1^=tout1;
+ tin[0]=tin0;
+ tin[1]=tin1;
+ BF_encrypt(tin,schedule);
+ tout0=tin[0];
+ tout1=tin[1];
+ l2n(tout0,out);
+ l2n(tout1,out);
+ }
+ l2n(tout0,ivec);
+ l2n(tout1,ivec);
+ }
+ else
+ {
+ n2l(ivec,xor0);
+ n2l(ivec,xor1);
+ ivec-=8;
+ for (l-=8; l>=0; l-=8)
+ {
+ n2l(in,tin0);
+ n2l(in,tin1);
+ tin[0]=tin0;
+ tin[1]=tin1;
+ BF_decrypt(tin,schedule);
+ tout0=tin[0]^xor0;
+ tout1=tin[1]^xor1;
+ l2n(tout0,out);
+ l2n(tout1,out);
+ xor0=tin0;
+ xor1=tin1;
+ }
+ if (l != -8)
+ {
+ n2l(in,tin0);
+ n2l(in,tin1);
+ tin[0]=tin0;
+ tin[1]=tin1;
+ BF_decrypt(tin,schedule);
+ tout0=tin[0]^xor0;
+ tout1=tin[1]^xor1;
+ l2nn(tout0,tout1,out,l+8);
+ xor0=tin0;
+ xor1=tin1;
+ }
+ l2n(xor0,ivec);
+ l2n(xor1,ivec);
+ }
+ tin0=tin1=tout0=tout1=xor0=xor1=0;
+ tin[0]=tin[1]=0;
+}
+
+#endif
diff --git a/src/libstrongswan/plugins/blowfish/bf_locl.h b/src/libstrongswan/plugins/blowfish/bf_locl.h
new file mode 100644
index 000000000..283bf4c43
--- /dev/null
+++ b/src/libstrongswan/plugins/blowfish/bf_locl.h
@@ -0,0 +1,218 @@
+/* crypto/bf/bf_locl.h */
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BF_LOCL_H
+#define HEADER_BF_LOCL_H
+
+#undef c2l
+#define c2l(c,l) (l =((unsigned long)(*((c)++))) , \
+ l|=((unsigned long)(*((c)++)))<< 8L, \
+ l|=((unsigned long)(*((c)++)))<<16L, \
+ l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+ case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+ case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+ case 5: l2|=((unsigned long)(*(--(c)))); \
+ case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+ case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+ case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+ case 1: l1|=((unsigned long)(*(--(c)))); \
+ } \
+ }
+
+#undef l2c
+#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ } \
+ }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+ c+=n; \
+ l1=l2=0; \
+ switch (n) { \
+ case 8: l2 =((unsigned long)(*(--(c)))) ; \
+ case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+ case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+ case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+ case 4: l1 =((unsigned long)(*(--(c)))) ; \
+ case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+ case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+ case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+ } \
+ }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+ c+=n; \
+ switch (n) { \
+ case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \
+ case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+ case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+ case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+ case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \
+ case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+ case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+ case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+ } \
+ }
+
+#undef n2l
+#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \
+ l|=((unsigned long)(*((c)++)))<<16L, \
+ l|=((unsigned long)(*((c)++)))<< 8L, \
+ l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l) )&0xff))
+
+/* This is actually a big endian algorithm, the most significant byte
+ * is used to lookup array 0 */
+
+#if defined(BF_PTR2)
+
+/*
+ * This is basically a special Intel version. Point is that Intel
+ * doesn't have many registers, but offers a reach choice of addressing
+ * modes. So we spare some registers by directly traversing BF_KEY
+ * structure and hiring the most decorated addressing mode. The code
+ * generated by EGCS is *perfectly* competitive with assembler
+ * implementation!
+ */
+#define BF_ENC(LL,R,KEY,Pi) (\
+ LL^=KEY[Pi], \
+ t= KEY[BF_ROUNDS+2 + 0 + ((R>>24)&0xFF)], \
+ t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \
+ t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \
+ t+= KEY[BF_ROUNDS+2 + 768 + ((R )&0xFF)], \
+ LL^=t \
+ )
+
+#elif defined(BF_PTR)
+
+#ifndef BF_LONG_LOG2
+#define BF_LONG_LOG2 2 /* default to BF_LONG being 32 bits */
+#endif
+#define BF_M (0xFF<<BF_LONG_LOG2)
+#define BF_0 (24-BF_LONG_LOG2)
+#define BF_1 (16-BF_LONG_LOG2)
+#define BF_2 ( 8-BF_LONG_LOG2)
+#define BF_3 BF_LONG_LOG2 /* left shift */
+
+/*
+ * This is normally very good on RISC platforms where normally you
+ * have to explicitly "multiply" array index by sizeof(BF_LONG)
+ * in order to calculate the effective address. This implementation
+ * excuses CPU from this extra work. Power[PC] uses should have most
+ * fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely
+ * rlwinm. So let'em double-check if their compiler does it.
+ */
+
+#define BF_ENC(LL,R,S,P) ( \
+ LL^=P, \
+ LL^= (((*(BF_LONG *)((unsigned char *)&(S[ 0])+((R>>BF_0)&BF_M))+ \
+ *(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
+ *(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
+ *(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M))) \
+ )
+#else
+
+/*
+ * This is a *generic* version. Seem to perform best on platforms that
+ * offer explicit support for extraction of 8-bit nibbles preferably
+ * complemented with "multiplying" of array index by sizeof(BF_LONG).
+ * For the moment of this writing the list comprises Alpha CPU featuring
+ * extbl and s[48]addq instructions.
+ */
+
+#define BF_ENC(LL,R,S,P) ( \
+ LL^=P, \
+ LL^=((( S[ ((int)(R>>24)&0xff)] + \
+ S[0x0100+((int)(R>>16)&0xff)])^ \
+ S[0x0200+((int)(R>> 8)&0xff)])+ \
+ S[0x0300+((int)(R )&0xff)])&0xffffffffL \
+ )
+#endif
+
+#endif
diff --git a/src/libstrongswan/plugins/blowfish/bf_pi.h b/src/libstrongswan/plugins/blowfish/bf_pi.h
new file mode 100644
index 000000000..9949513c6
--- /dev/null
+++ b/src/libstrongswan/plugins/blowfish/bf_pi.h
@@ -0,0 +1,325 @@
+/* crypto/bf/bf_pi.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+static const BF_KEY bf_init= {
+ {
+ 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
+ 0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
+ 0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
+ 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
+ 0x9216d5d9L, 0x8979fb1b
+ },{
+ 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L,
+ 0xb8e1afedL, 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L,
+ 0x24a19947L, 0xb3916cf7L, 0x0801f2e2L, 0x858efc16L,
+ 0x636920d8L, 0x71574e69L, 0xa458fea3L, 0xf4933d7eL,
+ 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL,
+ 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L,
+ 0xc5d1b023L, 0x286085f0L, 0xca417918L, 0xb8db38efL,
+ 0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL, 0xb01e8a3eL,
+ 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL, 0x55605c60L,
+ 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L,
+ 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL,
+ 0xa15486afL, 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL,
+ 0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L, 0x9b87931eL,
+ 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L, 0x28958677L,
+ 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L,
+ 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L,
+ 0xef845d5dL, 0xe98575b1L, 0xdc262302L, 0xeb651b88L,
+ 0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L, 0x83f44239L,
+ 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL, 0x9e1f9b5eL,
+ 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L,
+ 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L,
+ 0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L,
+ 0xa1f1651dL, 0x39af0176L, 0x66ca593eL, 0x82430e88L,
+ 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L, 0x3b8b5ebeL,
+ 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L,
+ 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL,
+ 0x37d0d724L, 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL,
+ 0x075372c9L, 0x80991b7bL, 0x25d479d8L, 0xf6e8def7L,
+ 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL, 0x04c006baL,
+ 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L,
+ 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL,
+ 0x6dfc511fL, 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L,
+ 0xbee3d004L, 0xde334afdL, 0x660f2807L, 0x192e4bb3L,
+ 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L, 0xb9d3fbdbL,
+ 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L,
+ 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L,
+ 0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L, 0xad0552abL,
+ 0x323db5faL, 0xfd238760L, 0x53317b48L, 0x3e00df82L,
+ 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL, 0xdf1769dbL,
+ 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L,
+ 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L,
+ 0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL,
+ 0x9a53e479L, 0xb6f84565L, 0xd28e49bcL, 0x4bfb9790L,
+ 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L, 0xcee4c6e8L,
+ 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L,
+ 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L,
+ 0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L,
+ 0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L, 0x900df01cL,
+ 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L, 0xb3a8c1adL,
+ 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L,
+ 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L,
+ 0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L,
+ 0x165fa266L, 0x80957705L, 0x93cc7314L, 0x211a1477L,
+ 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L, 0xfb9d35cfL,
+ 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L,
+ 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL,
+ 0x2464369bL, 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL,
+ 0x78c14389L, 0xd95a537fL, 0x207d5ba2L, 0x02e5b9c5L,
+ 0x83260376L, 0x6295cfa9L, 0x11c81968L, 0x4e734a41L,
+ 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L,
+ 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L,
+ 0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L,
+ 0xb6636521L, 0xe7b9f9b6L, 0xff34052eL, 0xc5855664L,
+ 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L, 0x6e85076aL,
+ 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L,
+ 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L,
+ 0xecaa8c71L, 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L,
+ 0x193602a5L, 0x75094c29L, 0xa0591340L, 0xe4183a3eL,
+ 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L, 0x99f73fd6L,
+ 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L,
+ 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL,
+ 0x09686b3fL, 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L,
+ 0x687f3584L, 0x52a0e286L, 0xb79c5305L, 0xaa500737L,
+ 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL, 0x5716f2b8L,
+ 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL,
+ 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL,
+ 0xd19113f9L, 0x7ca92ff6L, 0x94324773L, 0x22f54701L,
+ 0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L, 0x9af3dda7L,
+ 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL, 0xa4751e41L,
+ 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L,
+ 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL,
+ 0x2cb81290L, 0x24977c79L, 0x5679b072L, 0xbcaf89afL,
+ 0xde9a771fL, 0xd9930810L, 0xb38bae12L, 0xdccf3f2eL,
+ 0x5512721fL, 0x2e6b7124L, 0x501adde6L, 0x9f84cd87L,
+ 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL,
+ 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L,
+ 0xef1c1847L, 0x3215d908L, 0xdd433b37L, 0x24c2ba16L,
+ 0x12a14d43L, 0x2a65c451L, 0x50940002L, 0x133ae4ddL,
+ 0x71dff89eL, 0x10314e55L, 0x81ac77d6L, 0x5f11199bL,
+ 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L,
+ 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL,
+ 0x86e34570L, 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L,
+ 0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L, 0x99e71d0fL,
+ 0x803e89d6L, 0x5266c825L, 0x2e4cc978L, 0x9c10b36aL,
+ 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L,
+ 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L,
+ 0x5223a708L, 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L,
+ 0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L, 0x018cff28L,
+ 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L, 0x68ab9802L,
+ 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L,
+ 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L,
+ 0x13cca830L, 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL,
+ 0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL, 0xcbaade14L,
+ 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL, 0xb2f3846eL,
+ 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L,
+ 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L,
+ 0x9b540b19L, 0x875fa099L, 0x95f7997eL, 0x623d7da8L,
+ 0xf837889aL, 0x97e32d77L, 0x11ed935fL, 0x16681281L,
+ 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L, 0x7858ba99L,
+ 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L,
+ 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L,
+ 0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L,
+ 0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L, 0x203e13e0L,
+ 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L, 0xfacb4fd0L,
+ 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L,
+ 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L,
+ 0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L,
+ 0x7f1524c3L, 0x69cb7492L, 0x47848a0bL, 0x5692b285L,
+ 0x095bbf00L, 0xad19489dL, 0x1462b174L, 0x23820e00L,
+ 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L,
+ 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL,
+ 0x7cde3759L, 0xcbee7460L, 0x4085f2a7L, 0xce77326eL,
+ 0xa6078084L, 0x19f8509eL, 0xe8efd855L, 0x61d99735L,
+ 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL, 0x800bcadcL,
+ 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L,
+ 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L,
+ 0xc5c43465L, 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L,
+ 0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL, 0xdb83adf7L,
+ 0xe93d5a68L, 0x948140f7L, 0xf64c261cL, 0x94692934L,
+ 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L,
+ 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL,
+ 0x1e39f62eL, 0x97244546L, 0x14214f74L, 0xbf8b8840L,
+ 0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L, 0x66a02f45L,
+ 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L, 0x31cb8504L,
+ 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL,
+ 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL,
+ 0x68dc1462L, 0xd7486900L, 0x680ec0a4L, 0x27a18deeL,
+ 0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L, 0x7af4d6b6L,
+ 0xaace1e7cL, 0xd3375fecL, 0xce78a399L, 0x406b2a42L,
+ 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL,
+ 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L,
+ 0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL,
+ 0xfb0af54eL, 0xd8feb397L, 0x454056acL, 0xba489527L,
+ 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L, 0xd096954bL,
+ 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L,
+ 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL,
+ 0xfdf8e802L, 0x04272f70L, 0x80bb155cL, 0x05282ce3L,
+ 0x95c11548L, 0xe4c66d22L, 0x48c1133fL, 0xc70f86dcL,
+ 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L, 0x5d886e17L,
+ 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L,
+ 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL,
+ 0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L, 0xcad18115L,
+ 0x6b2395e0L, 0x333e92e1L, 0x3b240b62L, 0xeebeb922L,
+ 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL, 0x2da2f728L,
+ 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L,
+ 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL,
+ 0x0a476341L, 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L,
+ 0xa812dc60L, 0xa1ebddf8L, 0x991be14cL, 0xdb6e6b0dL,
+ 0xc67b5510L, 0x6d672c37L, 0x2765d43bL, 0xdcd0e804L,
+ 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL,
+ 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L,
+ 0xbb132f88L, 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL,
+ 0x37392eb3L, 0xcc115979L, 0x8026e297L, 0xf42e312dL,
+ 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL, 0x782ef11cL,
+ 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L,
+ 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L,
+ 0x44421659L, 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL,
+ 0x64af674eL, 0xda86a85fL, 0xbebfe988L, 0x64e4c3feL,
+ 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L, 0x6003604dL,
+ 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL,
+ 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL,
+ 0x77a057beL, 0xbde8ae24L, 0x55464299L, 0xbf582e61L,
+ 0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L, 0x8789bdc2L,
+ 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L, 0x46fcd9b9L,
+ 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L,
+ 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL,
+ 0xb90bace1L, 0xbb8205d0L, 0x11a86248L, 0x7574a99eL,
+ 0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L, 0xc4324633L,
+ 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L, 0x1d6efe10L,
+ 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L,
+ 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L,
+ 0x50115e01L, 0xa70683faL, 0xa002b5c4L, 0x0de6d027L,
+ 0x9af88c27L, 0x773f8641L, 0xc3604c06L, 0x61a806b5L,
+ 0xf0177a28L, 0xc0f586e0L, 0x006058aaL, 0x30dc7d62L,
+ 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L,
+ 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L,
+ 0x6f05e409L, 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L,
+ 0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L, 0xd39eb8fcL,
+ 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L, 0x4dad0fc4L,
+ 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL,
+ 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L,
+ 0xd79a3234L, 0x92638212L, 0x670efa8eL, 0x406000e0L,
+ 0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L, 0x5ac52d1bL,
+ 0x5cb0679eL, 0x4fa33742L, 0xd3822740L, 0x99bc9bbeL,
+ 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL,
+ 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L,
+ 0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L,
+ 0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL, 0x4cd04dc6L,
+ 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L, 0xbe5ee304L,
+ 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L,
+ 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L,
+ 0x83c061baL, 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L,
+ 0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L, 0xef5562e9L,
+ 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L, 0x77fa0a59L,
+ 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L,
+ 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L,
+ 0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L,
+ 0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L, 0x5a88f54cL,
+ 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL, 0xed93fa9bL,
+ 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L,
+ 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL,
+ 0x15056dd4L, 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL,
+ 0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL, 0xa93a072aL,
+ 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL, 0x26dcf319L,
+ 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL,
+ 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL,
+ 0x4de81751L, 0x3830dc8eL, 0x379d5862L, 0x9320f991L,
+ 0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L, 0x774fbe32L,
+ 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L, 0x6413e680L,
+ 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L,
+ 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL,
+ 0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL,
+ 0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L, 0xbcb4cdd5L,
+ 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL, 0xbf3c6f47L,
+ 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L,
+ 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL,
+ 0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L,
+ 0xe1b00428L, 0x95983a1dL, 0x06b89fb4L, 0xce6ea048L,
+ 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL, 0x277227f8L,
+ 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL,
+ 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L,
+ 0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L,
+ 0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL, 0xd50ada38L,
+ 0x0339c32aL, 0xc6913667L, 0x8df9317cL, 0xe0b12b4fL,
+ 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL,
+ 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L,
+ 0xfae59361L, 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L,
+ 0xb6c1075eL, 0xe3056a0cL, 0x10d25065L, 0xcb03a442L,
+ 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL, 0x3278e964L,
+ 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL,
+ 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L,
+ 0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL,
+ 0xe54cda54L, 0x1edad891L, 0xce6279cfL, 0xcd3e7e6fL,
+ 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L, 0xf6fb2299L,
+ 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L,
+ 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL,
+ 0xde966292L, 0x81b949d0L, 0x4c50901bL, 0x71c65614L,
+ 0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L, 0xc3f27b9aL,
+ 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L, 0x35bdd2f6L,
+ 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL,
+ 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L,
+ 0xba38209cL, 0xf746ce76L, 0x77afa1c5L, 0x20756060L,
+ 0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L, 0x4cf9aa7eL,
+ 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L, 0xd6ebe1f9L,
+ 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL,
+ 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L,
+ }
+ };
+
diff --git a/src/libstrongswan/plugins/blowfish/bf_skey.c b/src/libstrongswan/plugins/blowfish/bf_skey.c
new file mode 100644
index 000000000..8cdbbd283
--- /dev/null
+++ b/src/libstrongswan/plugins/blowfish/bf_skey.c
@@ -0,0 +1,122 @@
+/* crypto/bf/bf_skey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifdef __KERNEL__
+#include <linux/types.h>
+#include <linux/string.h>
+#else
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#include "blowfish.h"
+#include "bf_locl.h"
+#include "bf_pi.h"
+
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
+ {
+ int i;
+ BF_LONG *p,ri,in[2];
+ const unsigned char *d,*end;
+
+
+ memcpy((char *)key,(const char *)&bf_init,sizeof(BF_KEY));
+ p=key->P;
+
+ if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;
+
+ d=data;
+ end= &(data[len]);
+ for (i=0; i<(BF_ROUNDS+2); i++)
+ {
+ ri= *(d++);
+ if (d >= end) d=data;
+
+ ri<<=8;
+ ri|= *(d++);
+ if (d >= end) d=data;
+
+ ri<<=8;
+ ri|= *(d++);
+ if (d >= end) d=data;
+
+ ri<<=8;
+ ri|= *(d++);
+ if (d >= end) d=data;
+
+ p[i]^=ri;
+ }
+
+ in[0]=0L;
+ in[1]=0L;
+ for (i=0; i<(BF_ROUNDS+2); i+=2)
+ {
+ BF_encrypt(in,key);
+ p[i ]=in[0];
+ p[i+1]=in[1];
+ }
+
+ p=key->S;
+ for (i=0; i<4*256; i+=2)
+ {
+ BF_encrypt(in,key);
+ p[i ]=in[0];
+ p[i+1]=in[1];
+ }
+ }
+
diff --git a/src/libstrongswan/plugins/blowfish/blowfish.h b/src/libstrongswan/plugins/blowfish/blowfish.h
new file mode 100644
index 000000000..ccb97e272
--- /dev/null
+++ b/src/libstrongswan/plugins/blowfish/blowfish.h
@@ -0,0 +1,133 @@
+/* crypto/bf/blowfish.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_BLOWFISH_H
+#define HEADER_BLOWFISH_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef NO_BF
+#error BF is disabled.
+#endif
+
+#define BF_ENCRYPT 1
+#define BF_DECRYPT 0
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! BF_LONG_LOG2 has to be defined along. !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(WIN16) || defined(__LP32__)
+#define BF_LONG unsigned long
+#elif defined(_CRAY) || defined(__ILP64__)
+#define BF_LONG unsigned long
+#define BF_LONG_LOG2 3
+#endif
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ * <appro@fy.chalmers.se>
+ */
+
+/* des.h-like hack <jjo-ipsec@mendoza.gov.ar> */
+#ifndef BF_LONG
+#ifdef __KERNEL__
+#include <linux/types.h>
+#else
+#include <sys/types.h>
+#endif
+#define BF_LONG u_int32_t
+#endif
+
+#define BF_ROUNDS 16
+#define BF_BLOCK 8
+
+typedef struct bf_key_st
+ {
+ BF_LONG P[BF_ROUNDS+2];
+ BF_LONG S[4*256];
+ } BF_KEY;
+
+
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+
+void BF_encrypt(BF_LONG *data,const BF_KEY *key);
+void BF_decrypt(BF_LONG *data,const BF_KEY *key);
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+ const BF_KEY *key, int enc);
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int enc);
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int *num, int enc);
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+ const BF_KEY *schedule, unsigned char *ivec, int *num);
+const char *BF_options(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
new file mode 100644
index 000000000..5064bfef6
--- /dev/null
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
@@ -0,0 +1,197 @@
+/*
+ * Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "blowfish.h"
+
+/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
+ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+#include "blowfish_crypter.h"
+
+typedef struct private_blowfish_crypter_t private_blowfish_crypter_t;
+
+/**
+ * Class implementing the Blowfish symmetric encryption algorithm.
+ *
+ * @ingroup crypters
+ */
+struct private_blowfish_crypter_t {
+
+ /**
+ * Public part of this class.
+ */
+ blowfish_crypter_t public;
+
+ /**
+ * Blowfish key schedule
+ */
+ BF_KEY schedule;
+
+ /**
+ * Key size of this Blowfish cipher object.
+ */
+ u_int32_t key_size;
+};
+
+/**
+ * Implementation of crypter_t.decrypt.
+ */
+static void decrypt(private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
+ chunk_t *decrypted)
+{
+ u_int8_t *in, *out;
+
+ if (decrypted)
+ {
+ *decrypted = chunk_alloc(data.len);
+ out = decrypted->ptr;
+ }
+ else
+ {
+ out = data.ptr;
+ }
+ in = data.ptr;
+ iv = chunk_clone(iv);
+
+ BF_cbc_encrypt(in, out, data.len, &this->schedule, iv.ptr, 0);
+
+ free(iv.ptr);
+}
+
+/**
+ * Implementation of crypter_t.decrypt.
+ */
+static void encrypt (private_blowfish_crypter_t *this, chunk_t data, chunk_t iv,
+ chunk_t *encrypted)
+{
+ u_int8_t *in, *out;
+
+ if (encrypted)
+ {
+ *encrypted = chunk_alloc(data.len);
+ out = encrypted->ptr;
+ }
+ else
+ {
+ out = data.ptr;
+ }
+ in = data.ptr;
+ iv = chunk_clone(iv);
+
+ BF_cbc_encrypt(in, out, data.len, &this->schedule, iv.ptr, 1);
+
+ free(iv.ptr);
+}
+
+/**
+ * Implementation of crypter_t.get_block_size.
+ */
+static size_t get_block_size (private_blowfish_crypter_t *this)
+{
+ return BLOWFISH_BLOCK_SIZE;
+}
+
+/**
+ * Implementation of crypter_t.get_key_size.
+ */
+static size_t get_key_size (private_blowfish_crypter_t *this)
+{
+ return this->key_size;
+}
+
+/**
+ * Implementation of crypter_t.set_key.
+ */
+static void set_key (private_blowfish_crypter_t *this, chunk_t key)
+{
+ BF_set_key(&this->schedule, key.len , key.ptr);
+}
+
+/**
+ * Implementation of crypter_t.destroy and blowfish_crypter_t.destroy.
+ */
+static void destroy (private_blowfish_crypter_t *this)
+{
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo, size_t key_size)
+{
+ private_blowfish_crypter_t *this;
+
+ if (algo != ENCR_BLOWFISH)
+ {
+ return NULL;
+ }
+
+ this = malloc_thing(private_blowfish_crypter_t);
+
+ this->key_size = key_size;
+ this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *)) encrypt;
+ this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *)) decrypt;
+ this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *)) get_block_size;
+ this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *)) get_key_size;
+ this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t)) set_key;
+ this->public.crypter_interface.destroy = (void (*) (crypter_t *)) destroy;
+
+ return &(this->public);
+}
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.h b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h
new file mode 100644
index 000000000..2bb896e64
--- /dev/null
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2005-2008 Martin Willi
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup blowfish_crypter blowfish_crypter
+ * @{ @ingroup blowfish_p
+ */
+
+#ifndef BLOWFISH_CRYPTER_H_
+#define BLOWFISH_CRYPTER_H_
+
+typedef struct blowfish_crypter_t blowfish_crypter_t;
+
+#include <crypto/crypters/crypter.h>
+
+/**
+ * Class implementing the Blowfish encryption algorithm.
+ */
+struct blowfish_crypter_t {
+
+ /**
+ * The crypter_t interface.
+ */
+ crypter_t crypter_interface;
+};
+
+/**
+ * Constructor to create blowfish_crypter_t objects.
+ *
+ * @param key_size key size in bytes
+ * @param algo algorithm to implement
+ * @return blowfish_crypter_t object, NULL if not supported
+ */
+blowfish_crypter_t *blowfish_crypter_create(encryption_algorithm_t algo,
+ size_t key_size);
+
+#endif /** BLOWFISH_CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
new file mode 100644
index 000000000..6e2f6d4fa
--- /dev/null
+++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "blowfish_plugin.h"
+
+#include <library.h>
+#include "blowfish_crypter.h"
+
+typedef struct private_blowfish_plugin_t private_blowfish_plugin_t;
+
+/**
+ * private data of blowfish_plugin
+ */
+struct private_blowfish_plugin_t {
+
+ /**
+ * public functions
+ */
+ blowfish_plugin_t public;
+};
+
+/**
+ * Implementation of blowfish_plugin_t.destroy
+ */
+static void destroy(private_blowfish_plugin_t *this)
+{
+ lib->crypto->remove_crypter(lib->crypto,
+ (crypter_constructor_t)blowfish_crypter_create);
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *plugin_create()
+{
+ private_blowfish_plugin_t *this = malloc_thing(private_blowfish_plugin_t);
+
+ this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+
+ lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH,
+ (crypter_constructor_t)blowfish_crypter_create);
+
+ return &this->public.plugin;
+}
+
diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.h b/src/libstrongswan/plugins/blowfish/blowfish_plugin.h
new file mode 100644
index 000000000..596a7c791
--- /dev/null
+++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2008 Martin Willi
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup blowfish_p blowfish
+ * @ingroup plugins
+ *
+ * @defgroup blowfish_plugin blowfish_plugin
+ * @{ @ingroup blowfish_p
+ */
+
+#ifndef BLOWFISH_PLUGIN_H_
+#define BLOWFISH_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct blowfish_plugin_t blowfish_plugin_t;
+
+/**
+ * Plugin implementing Blowfish based algorithms in software.
+ */
+struct blowfish_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+/**
+ * Create a blowfish_plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /** BLOWFISH_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index cd916ccbe..b413e035e 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -87,6 +87,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -109,6 +110,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -120,6 +124,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -133,6 +138,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -193,6 +200,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -204,6 +212,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -222,8 +231,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -318,7 +327,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c
index cd54c76a3..7ee9fa1bd 100644
--- a/src/libstrongswan/plugins/curl/curl_fetcher.c
+++ b/src/libstrongswan/plugins/curl/curl_fetcher.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: curl_fetcher.c 4632 2008-11-11 18:37:19Z martin $
*/
#include <curl/curl.h>
@@ -35,16 +33,16 @@ struct private_curl_fetcher_t {
* Public data
*/
curl_fetcher_t public;
-
+
/**
* CURL handle
*/
CURL* curl;
/**
- * request type, as set with FETCH_REQUEST_TYPE
+ * Optional HTTP headers
*/
- char *request_type;
+ struct curl_slist *headers;
};
/**
@@ -52,15 +50,15 @@ struct private_curl_fetcher_t {
*/
static size_t append(void *ptr, size_t size, size_t nmemb, chunk_t *data)
{
- size_t realsize = size * nmemb;
-
- data->ptr = (u_char*)realloc(data->ptr, data->len + realsize);
- if (data->ptr)
- {
+ size_t realsize = size * nmemb;
+
+ data->ptr = (u_char*)realloc(data->ptr, data->len + realsize);
+ if (data->ptr)
+ {
memcpy(&data->ptr[data->len], ptr, realsize);
data->len += realsize;
- }
- return realsize;
+ }
+ return realsize;
}
/**
@@ -68,9 +66,7 @@ static size_t append(void *ptr, size_t size, size_t nmemb, chunk_t *data)
*/
static status_t fetch(private_curl_fetcher_t *this, char *uri, chunk_t *result)
{
- struct curl_slist *headers = NULL;
char error[CURL_ERROR_SIZE];
- char buf[256];;
status_t status;
*result = chunk_empty;
@@ -85,14 +81,12 @@ static status_t fetch(private_curl_fetcher_t *this, char *uri, chunk_t *result)
curl_easy_setopt(this->curl, CURLOPT_CONNECTTIMEOUT, DEFAULT_TIMEOUT);
curl_easy_setopt(this->curl, CURLOPT_WRITEFUNCTION, (void*)append);
curl_easy_setopt(this->curl, CURLOPT_WRITEDATA, (void*)result);
- if (this->request_type)
+ if (this->headers)
{
- snprintf(buf, sizeof(buf), "Content-Type: %s", this->request_type);
- headers = curl_slist_append(headers, buf);
- curl_easy_setopt(this->curl, CURLOPT_HTTPHEADER, headers);
+ curl_easy_setopt(this->curl, CURLOPT_HTTPHEADER, this->headers);
}
-
- DBG2("sending http request to '%s'...", uri);
+
+ DBG2(" sending http request to '%s'...", uri);
switch (curl_easy_perform(this->curl))
{
case CURLE_UNSUPPORTED_PROTOCOL:
@@ -102,11 +96,10 @@ static status_t fetch(private_curl_fetcher_t *this, char *uri, chunk_t *result)
status = SUCCESS;
break;
default:
- DBG1("libcurl http request failed: %s", error);
+ DBG1("libcurl http request failed: %s", error);
status = FAILED;
break;
}
- curl_slist_free_all(headers);
return status;
}
@@ -123,13 +116,31 @@ static bool set_option(private_curl_fetcher_t *this, fetcher_option_t option, ..
case FETCH_REQUEST_DATA:
{
chunk_t data = va_arg(args, chunk_t);
+
curl_easy_setopt(this->curl, CURLOPT_POSTFIELDS, (char*)data.ptr);
curl_easy_setopt(this->curl, CURLOPT_POSTFIELDSIZE, data.len);
return TRUE;
}
case FETCH_REQUEST_TYPE:
{
- this->request_type = va_arg(args, char*);
+ char header[BUF_LEN];
+ char *request_type = va_arg(args, char*);
+
+ snprintf(header, BUF_LEN, "Content-Type: %s", request_type);
+ this->headers = curl_slist_append(this->headers, header);
+ return TRUE;
+ }
+ case FETCH_REQUEST_HEADER:
+ {
+ char *header = va_arg(args, char*);
+
+ this->headers = curl_slist_append(this->headers, header);
+ return TRUE;
+ }
+ case FETCH_HTTP_VERSION_1_0:
+ {
+ curl_easy_setopt(this->curl, CURLOPT_HTTP_VERSION,
+ CURL_HTTP_VERSION_1_0);
return TRUE;
}
case FETCH_TIMEOUT:
@@ -148,6 +159,7 @@ static bool set_option(private_curl_fetcher_t *this, fetcher_option_t option, ..
*/
static void destroy(private_curl_fetcher_t *this)
{
+ curl_slist_free_all(this->headers);
curl_easy_cleanup(this->curl);
free(this);
}
@@ -158,19 +170,19 @@ static void destroy(private_curl_fetcher_t *this)
curl_fetcher_t *curl_fetcher_create()
{
private_curl_fetcher_t *this = malloc_thing(private_curl_fetcher_t);
-
+
this->curl = curl_easy_init();
if (this->curl == NULL)
{
free(this);
return NULL;
}
- this->request_type = NULL;
-
+ this->headers = NULL;
+
this->public.interface.fetch = (status_t(*)(fetcher_t*,char*,chunk_t*))fetch;
this->public.interface.set_option = (bool(*)(fetcher_t*, fetcher_option_t option, ...))set_option;
this->public.interface.destroy = (void (*)(fetcher_t*))destroy;
-
+
return &this->public;
}
diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c
index a41c3815c..97fa07866 100644
--- a/src/libstrongswan/plugins/curl/curl_plugin.c
+++ b/src/libstrongswan/plugins/curl/curl_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: curl_plugin.c 3529 2008-03-05 15:26:24Z martin $
*/
#include "curl_plugin.h"
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index 415c126af..bbca6a032 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -87,6 +87,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -109,6 +110,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -120,6 +124,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -133,6 +138,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -193,6 +200,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -204,6 +212,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -221,8 +230,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -317,7 +326,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c
index b0b18a2c1..680fe8b6a 100644
--- a/src/libstrongswan/plugins/des/des_crypter.c
+++ b/src/libstrongswan/plugins/des/des_crypter.c
@@ -56,13 +56,11 @@
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
- *
- * $Id: des_crypter.c 4938 2009-03-12 18:38:13Z tobias $
*/
#include "des_crypter.h"
-typedef u_char des_cblock[8];
+typedef u_char des_cblock[DES_BLOCK_SIZE];
typedef struct des_ks_struct {
des_cblock _;
diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c
index a0d8ce07b..e16b475d4 100644
--- a/src/libstrongswan/plugins/des/des_plugin.c
+++ b/src/libstrongswan/plugins/des/des_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: des_plugin.c 4887 2009-02-19 14:29:25Z tobias $
*/
#include "des_plugin.h"
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index 1e53f435f..881d7a36e 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -89,6 +89,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -111,6 +112,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -122,6 +126,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -135,6 +140,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -195,6 +202,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -206,6 +214,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -223,8 +232,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -319,7 +328,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c
index df3d130a9..be28f10bc 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: fips_prf.c 3619 2008-03-19 14:02:52Z martin $
*/
#include "fips_prf.h"
diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
index 60fce8632..7576e79ad 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: fips_prf_plugin.c 3488 2008-02-21 15:10:02Z martin $
*/
#include "fips_prf_plugin.h"
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.am b/src/libstrongswan/plugins/gcrypt/Makefile.am
new file mode 100644
index 000000000..72cc409fc
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.am
@@ -0,0 +1,17 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic $(LIBGCRYPT_CFLAGS)
+
+plugin_LTLIBRARIES = libstrongswan-gcrypt.la
+
+libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \
+ gcrypt_rsa_public_key.h gcrypt_rsa_public_key.c \
+ gcrypt_rsa_private_key.h gcrypt_rsa_private_key.c \
+ gcrypt_dh.h gcrypt_dh.c \
+ gcrypt_rng.h gcrypt_rng.c \
+ gcrypt_crypter.h gcrypt_crypter.c \
+ gcrypt_hasher.h gcrypt_hasher.c
+
+libstrongswan_gcrypt_la_LDFLAGS = -module
+libstrongswan_gcrypt_la_LIBADD = $(LIBGCRYPT_LIBS)
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
new file mode 100644
index 000000000..49994c593
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -0,0 +1,522 @@
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/gcrypt
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(plugindir)"
+pluginLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(plugin_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libstrongswan_gcrypt_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
+am_libstrongswan_gcrypt_la_OBJECTS = gcrypt_plugin.lo \
+ gcrypt_rsa_public_key.lo gcrypt_rsa_private_key.lo \
+ gcrypt_dh.lo gcrypt_rng.lo gcrypt_crypter.lo gcrypt_hasher.lo
+libstrongswan_gcrypt_la_OBJECTS = \
+ $(am_libstrongswan_gcrypt_la_OBJECTS)
+libstrongswan_gcrypt_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_gcrypt_la_LDFLAGS) $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_gcrypt_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_gcrypt_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@
+IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+confdir = @confdir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libstrongswan_plugins = @libstrongswan_plugins@
+linuxdir = @linuxdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+resolv_conf = @resolv_conf@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+simreader = @simreader@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -rdynamic $(LIBGCRYPT_CFLAGS)
+plugin_LTLIBRARIES = libstrongswan-gcrypt.la
+libstrongswan_gcrypt_la_SOURCES = gcrypt_plugin.h gcrypt_plugin.c \
+ gcrypt_rsa_public_key.h gcrypt_rsa_public_key.c \
+ gcrypt_rsa_private_key.h gcrypt_rsa_private_key.c \
+ gcrypt_dh.h gcrypt_dh.c \
+ gcrypt_rng.h gcrypt_rng.c \
+ gcrypt_crypter.h gcrypt_crypter.c \
+ gcrypt_hasher.h gcrypt_hasher.c
+
+libstrongswan_gcrypt_la_LDFLAGS = -module
+libstrongswan_gcrypt_la_LIBADD = $(LIBGCRYPT_LIBS)
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-gcrypt.la: $(libstrongswan_gcrypt_la_OBJECTS) $(libstrongswan_gcrypt_la_DEPENDENCIES)
+ $(libstrongswan_gcrypt_la_LINK) -rpath $(plugindir) $(libstrongswan_gcrypt_la_OBJECTS) $(libstrongswan_gcrypt_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcrypt_crypter.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcrypt_dh.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcrypt_hasher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcrypt_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcrypt_rng.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcrypt_rsa_private_key.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gcrypt_rsa_public_key.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-pluginLTLIBRARIES ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-pluginLTLIBRARIES \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
new file mode 100644
index 000000000..f82d23185
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c
@@ -0,0 +1,252 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "gcrypt_crypter.h"
+
+#include <gcrypt.h>
+
+#include <debug.h>
+
+typedef struct private_gcrypt_crypter_t private_gcrypt_crypter_t;
+
+/**
+ * Private data of gcrypt_crypter_t
+ */
+struct private_gcrypt_crypter_t {
+
+ /**
+ * Public part of this class.
+ */
+ gcrypt_crypter_t public;
+
+ /**
+ * gcrypt cipher handle
+ */
+ gcry_cipher_hd_t h;
+
+ /**
+ * gcrypt algorithm identifier
+ */
+ int alg;
+};
+
+/**
+ * Implementation of crypter_t.decrypt.
+ */
+static void decrypt(private_gcrypt_crypter_t *this, chunk_t data,
+ chunk_t iv, chunk_t *dst)
+{
+ gcry_cipher_setiv(this->h, iv.ptr, iv.len);
+
+ if (dst)
+ {
+ *dst = chunk_alloc(data.len);
+ gcry_cipher_decrypt(this->h, dst->ptr, dst->len, data.ptr, data.len);
+ }
+ else
+ {
+ gcry_cipher_decrypt(this->h, data.ptr, data.len, NULL, 0);
+ }
+}
+
+/**
+ * Implementation of crypter_t.encrypt.
+ */
+static void encrypt(private_gcrypt_crypter_t *this, chunk_t data,
+ chunk_t iv, chunk_t *dst)
+{
+ gcry_cipher_setiv(this->h, iv.ptr, iv.len);
+
+ if (dst)
+ {
+ *dst = chunk_alloc(data.len);
+ gcry_cipher_encrypt(this->h, dst->ptr, dst->len, data.ptr, data.len);
+ }
+ else
+ {
+ gcry_cipher_encrypt(this->h, data.ptr, data.len, NULL, 0);
+ }
+}
+
+/**
+ * Implementation of crypter_t.get_block_size.
+ */
+static size_t get_block_size(private_gcrypt_crypter_t *this)
+{
+ size_t len = 0;
+
+ gcry_cipher_algo_info(this->alg, GCRYCTL_GET_BLKLEN, NULL, &len);
+ return len;
+}
+
+/**
+ * Implementation of crypter_t.get_key_size.
+ */
+static size_t get_key_size(private_gcrypt_crypter_t *this)
+{
+ size_t len = 0;
+
+ gcry_cipher_algo_info(this->alg, GCRYCTL_GET_KEYLEN, NULL, &len);
+ return len;
+}
+
+/**
+ * Implementation of crypter_t.set_key.
+ */
+static void set_key(private_gcrypt_crypter_t *this, chunk_t key)
+{
+ gcry_cipher_setkey(this->h, key.ptr, key.len);
+}
+
+/**
+ * Implementation of crypter_t.destroy.
+ */
+static void destroy (private_gcrypt_crypter_t *this)
+{
+ gcry_cipher_close(this->h);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
+ size_t key_size)
+{
+ private_gcrypt_crypter_t *this;
+ int gcrypt_alg;
+ int mode = GCRY_CIPHER_MODE_CBC;
+ gcry_error_t err;
+
+ switch (algo)
+ {
+ case ENCR_DES:
+ gcrypt_alg = GCRY_CIPHER_DES;
+ break;
+ case ENCR_DES_ECB:
+ gcrypt_alg = GCRY_CIPHER_DES;
+ mode = GCRY_CIPHER_MODE_ECB;
+ break;
+ case ENCR_3DES:
+ gcrypt_alg = GCRY_CIPHER_3DES;
+ break;
+ case ENCR_IDEA:
+ /* currently not implemented in gcrypt */
+ return NULL;
+ case ENCR_CAST:
+ gcrypt_alg = GCRY_CIPHER_CAST5;
+ break;
+ case ENCR_BLOWFISH:
+ if (key_size != 16)
+ { /* gcrypt currently supports 128 bit blowfish only */
+ return NULL;
+ }
+ gcrypt_alg = GCRY_CIPHER_BLOWFISH;
+ break;
+ /* case ENCR_AES_CTR:
+ mode = GCRY_CIPHER_MODE_CTR; */
+ /* fall */
+ case ENCR_AES_CBC:
+ switch (key_size)
+ {
+ case 16:
+ gcrypt_alg = GCRY_CIPHER_AES128;
+ break;
+ case 24:
+ gcrypt_alg = GCRY_CIPHER_AES192;
+ break;
+ case 32:
+ gcrypt_alg = GCRY_CIPHER_AES256;
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ /* case ENCR_CAMELLIA_CTR:
+ mode = GCRY_CIPHER_MODE_CTR; */
+ /* fall */
+ case ENCR_CAMELLIA_CBC:
+ switch (key_size)
+ {
+#ifdef HAVE_GCRY_CIPHER_CAMELLIA
+ case 16:
+ gcrypt_alg = GCRY_CIPHER_CAMELLIA128;
+ break;
+ case 24:
+ gcrypt_alg = GCRY_CIPHER_CAMELLIA192;
+ break;
+ case 32:
+ gcrypt_alg = GCRY_CIPHER_CAMELLIA256;
+ break;
+#endif /* HAVE_GCRY_CIPHER_CAMELLIA */
+ default:
+ return NULL;
+ }
+ break;
+ case ENCR_SERPENT_CBC:
+ switch (key_size)
+ {
+ case 16:
+ gcrypt_alg = GCRY_CIPHER_SERPENT128;
+ break;
+ case 24:
+ gcrypt_alg = GCRY_CIPHER_SERPENT192;
+ break;
+ case 32:
+ gcrypt_alg = GCRY_CIPHER_SERPENT256;
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ case ENCR_TWOFISH_CBC:
+ switch (key_size)
+ {
+ case 16:
+ gcrypt_alg = GCRY_CIPHER_TWOFISH128;
+ break;
+ case 32:
+ gcrypt_alg = GCRY_CIPHER_TWOFISH;
+ break;
+ default:
+ return NULL;
+ }
+ break;
+ default:
+ return NULL;
+ }
+
+ this = malloc_thing(private_gcrypt_crypter_t);
+
+ this->alg = gcrypt_alg;
+ err = gcry_cipher_open(&this->h, gcrypt_alg, mode, 0);
+ if (err)
+ {
+ DBG1("grcy_cipher_open(%N) failed: %s",
+ encryption_algorithm_names, algo, gpg_strerror(err));
+ free(this);
+ return NULL;
+ }
+
+ this->public.crypter_interface.encrypt = (void (*) (crypter_t *, chunk_t,chunk_t, chunk_t *))encrypt;
+ this->public.crypter_interface.decrypt = (void (*) (crypter_t *, chunk_t , chunk_t, chunk_t *))decrypt;
+ this->public.crypter_interface.get_block_size = (size_t (*) (crypter_t *))get_block_size;
+ this->public.crypter_interface.get_key_size = (size_t (*) (crypter_t *))get_key_size;
+ this->public.crypter_interface.set_key = (void (*) (crypter_t *,chunk_t))set_key;
+ this->public.crypter_interface.destroy = (void (*) (crypter_t *))destroy;
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h
new file mode 100644
index 000000000..c5a5e6723
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.h
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup gcrypt_crypter gcrypt_crypter
+ * @{ @ingroup gcrypt_p
+ */
+
+#ifndef GCRYPT_CRYPTER_H_
+#define GCRYPT_CRYPTER_H_
+
+typedef struct gcrypt_crypter_t gcrypt_crypter_t;
+
+#include <crypto/crypters/crypter.h>
+
+/**
+ * Implementation of crypters using gcrypt.
+ */
+struct gcrypt_crypter_t {
+
+ /**
+ * The crypter_t interface.
+ */
+ crypter_t crypter_interface;
+};
+
+/**
+ * Constructor to create gcrypt_crypter_t.
+ *
+ * @param algo algorithm to implement
+ * @param key_size key size in bytes
+ * @return gcrypt_crypter_t, NULL if not supported
+ */
+gcrypt_crypter_t *gcrypt_crypter_create(encryption_algorithm_t algo,
+ size_t key_size);
+
+#endif /** GCRYPT_CRYPTER_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
new file mode 100644
index 000000000..89d9f2348
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.c
@@ -0,0 +1,564 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <gcrypt.h>
+
+#include "gcrypt_dh.h"
+
+#include <debug.h>
+
+/**
+ * Modulus of Group 1 (MODP_768_BIT).
+ */
+static u_int8_t group1_modulus[] = {
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
+};
+
+/**
+ * Modulus of Group 2 (MODP_1024_BIT).
+ */
+static u_int8_t group2_modulus[] = {
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+ 0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
+};
+
+/**
+ * Modulus of Group 5 (MODP_1536_BIT).
+ */
+static u_int8_t group5_modulus[] = {
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+ 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+ 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+ 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+ 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
+};
+/**
+ * Modulus of Group 14 (MODP_2048_BIT).
+ */
+static u_int8_t group14_modulus[] = {
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+ 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+ 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+ 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+ 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+ 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+ 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
+};
+
+/**
+ * Modulus of Group 15 (MODP_3072_BIT).
+ */
+static u_int8_t group15_modulus[] = {
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+ 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+ 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+ 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+ 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+ 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+ 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+ 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+ 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+ 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+ 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+ 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+ 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+ 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+ 0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
+};
+
+/**
+ * Modulus of Group 16 (MODP_4096_BIT).
+ */
+static u_int8_t group16_modulus[] = {
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+ 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+ 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+ 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+ 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+ 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+ 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+ 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+ 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+ 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+ 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+ 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+ 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+ 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+ 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+ 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
+ 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
+ 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+ 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
+ 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
+ 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+ 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
+ 0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
+};
+
+/**
+ * Modulus of Group 17 (MODP_6144_BIT).
+ */
+static u_int8_t group17_modulus[] = {
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+ 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+ 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+ 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+ 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+ 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+ 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+ 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+ 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+ 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+ 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+ 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+ 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+ 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+ 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+ 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
+ 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
+ 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+ 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
+ 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
+ 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+ 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
+ 0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
+ 0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
+ 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
+ 0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
+ 0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
+ 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
+ 0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
+ 0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
+ 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
+ 0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
+ 0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
+ 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
+ 0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
+ 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
+ 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
+ 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
+ 0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
+};
+
+/**
+ * Modulus of Group 18 (MODP_8192_BIT).
+ */
+static u_int8_t group18_modulus[] = {
+ 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+ 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+ 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+ 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+ 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+ 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+ 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+ 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+ 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+ 0xF1,0x74,0x6C,0x08,0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
+ 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F,
+ 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,
+ 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
+ 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,0x04,0x50,0x7A,0x33,
+ 0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,
+ 0x8A,0xEA,0x71,0x57,0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
+ 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,0x4A,0x25,0x61,0x9D,
+ 0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,
+ 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
+ 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2,
+ 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,
+ 0x4B,0x82,0xD1,0x20,0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
+ 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,0x6A,0xF4,0xE2,0x3C,
+ 0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,
+ 0xDB,0xBB,0xC2,0xDB,0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
+ 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,0xA0,0x90,0xC3,0xA2,
+ 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,
+ 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
+ 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F,
+ 0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,
+ 0xC1,0xD4,0xDC,0xB2,0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
+ 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,0x41,0x30,0x01,0xAE,
+ 0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,
+ 0xDA,0x3E,0xDB,0xEB,0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
+ 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,0x2B,0xD7,0xAF,0x42,
+ 0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,
+ 0xF0,0x32,0xEA,0x15,0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
+ 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,0x90,0x0B,0x1C,0x9E,
+ 0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,
+ 0x0F,0x1D,0x45,0xB7,0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
+ 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,0x0F,0x80,0x37,0xE0,
+ 0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,
+ 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
+ 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68,
+ 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,
+ 0xE6,0x94,0xF9,0x1E,0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
+ 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,0x73,0xB9,0x31,0xBA,
+ 0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,
+ 0x25,0x76,0xF6,0x93,0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
+ 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,0xE3,0x9D,0x65,0x2D,
+ 0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,
+ 0x13,0xEB,0x57,0xA8,0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
+ 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,0xA2,0xC0,0x87,0xE8,
+ 0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,
+ 0x6D,0x2A,0x13,0xF8,0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
+ 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,0x08,0x46,0x85,0x1D,
+ 0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,
+ 0xFA,0xF3,0x6B,0xC3,0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
+ 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,0xD5,0xEE,0x38,0x2B,
+ 0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,
+ 0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
+ 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+};
+
+typedef struct modulus_entry_t modulus_entry_t;
+
+/**
+ * Entry of the modulus list.
+ */
+struct modulus_entry_t {
+ /** IKEv2 DH group */
+ diffie_hellman_group_t group;
+ /** modulus */
+ chunk_t modulus;
+ /** optimum length of exponent in bytes */
+ size_t opt_len;
+ /** generator */
+ u_int16_t g;
+};
+
+/**
+ * All supported modulus values - optimum exponent size according to RFC 3526.
+ */
+static modulus_entry_t modulus_entries[] = {
+ {MODP_768_BIT, {group1_modulus, sizeof(group1_modulus)}, 32, 2},
+ {MODP_1024_BIT, {group2_modulus, sizeof(group2_modulus)}, 32, 2},
+ {MODP_1536_BIT, {group5_modulus, sizeof(group5_modulus)}, 32, 2},
+ {MODP_2048_BIT, {group14_modulus, sizeof(group14_modulus)}, 48, 2},
+ {MODP_3072_BIT, {group15_modulus, sizeof(group15_modulus)}, 48, 2},
+ {MODP_4096_BIT, {group16_modulus, sizeof(group16_modulus)}, 64, 2},
+ {MODP_6144_BIT, {group17_modulus, sizeof(group17_modulus)}, 64, 2},
+ {MODP_8192_BIT, {group18_modulus, sizeof(group18_modulus)}, 64, 2},
+};
+
+/**
+ * Lookup the modulus in modulo table
+ */
+static modulus_entry_t *find_entry(diffie_hellman_group_t group)
+{
+ int i;
+
+ for (i = 0; i < countof(modulus_entries); i++)
+ {
+ if (modulus_entries[i].group == group)
+ {
+ return &modulus_entries[i];
+ }
+ }
+ return NULL;
+}
+
+typedef struct private_gcrypt_dh_t private_gcrypt_dh_t;
+
+/**
+ * Private data of an gcrypt_dh_t object.
+ */
+struct private_gcrypt_dh_t {
+
+ /**
+ * Public gcrypt_dh_t interface
+ */
+ gcrypt_dh_t public;
+
+ /**
+ * Diffie Hellman group number
+ */
+ u_int16_t group;
+
+ /*
+ * Generator value
+ */
+ gcry_mpi_t g;
+
+ /**
+ * Own private value
+ */
+ gcry_mpi_t xa;
+
+ /**
+ * Own public value
+ */
+ gcry_mpi_t ya;
+
+ /**
+ * Other public value
+ */
+ gcry_mpi_t yb;
+
+ /**
+ * Shared secret
+ */
+ gcry_mpi_t zz;
+
+ /**
+ * Modulus
+ */
+ gcry_mpi_t p;
+
+ /**
+ * Modulus length.
+ */
+ size_t p_len;
+};
+
+/**
+ * Implementation of gcrypt_dh_t.set_other_public_value.
+ */
+static void set_other_public_value(private_gcrypt_dh_t *this, chunk_t value)
+{
+ gcry_mpi_t p_min_1;
+ gcry_error_t err;
+
+ if (this->yb)
+ {
+ gcry_mpi_release(this->yb);
+ this->yb = NULL;
+ }
+ err = gcry_mpi_scan(&this->yb, GCRYMPI_FMT_USG, value.ptr, value.len, NULL);
+ if (err)
+ {
+ DBG1("importing mpi yb failed: %s", gpg_strerror(err));
+ return;
+ }
+
+ p_min_1 = gcry_mpi_new(this->p_len * 8);
+ gcry_mpi_sub_ui(p_min_1, this->p, 1);
+
+ /* check public value:
+ * 1. 0 or 1 is invalid as 0^a = 0 and 1^a = 1
+ * 2. a public value larger or equal the modulus is invalid */
+ if (gcry_mpi_cmp_ui(this->yb, 1) > 0 &&
+ gcry_mpi_cmp(this->yb, p_min_1) < 0)
+ {
+ if (!this->zz)
+ {
+ this->zz = gcry_mpi_new(this->p_len * 8);
+ }
+ gcry_mpi_powm(this->zz, this->yb, this->xa, this->p);
+ }
+ else
+ {
+ DBG1("public DH value verification failed: y < 2 || y > p - 1 ");
+ }
+ gcry_mpi_release(p_min_1);
+}
+
+/**
+ * export a gcry_mpi to an allocated chunk of len bytes
+ */
+static chunk_t export_mpi(gcry_mpi_t value, size_t len)
+{
+ chunk_t chunk;
+ size_t written;
+
+ chunk = chunk_alloc(len);
+ gcry_mpi_print(GCRYMPI_FMT_USG, chunk.ptr, chunk.len, &written, value);
+ if (written < len)
+ { /* right-align number of written bytes in chunk */
+ memmove(chunk.ptr + (len - written), chunk.ptr, written);
+ memset(chunk.ptr, 0, len - written);
+ }
+ return chunk;
+}
+
+/**
+ * Implementation of gcrypt_dh_t.get_my_public_value.
+ */
+static void get_my_public_value(private_gcrypt_dh_t *this, chunk_t *value)
+{
+ *value = export_mpi(this->ya, this->p_len);
+}
+
+/**
+ * Implementation of gcrypt_dh_t.get_shared_secret.
+ */
+static status_t get_shared_secret(private_gcrypt_dh_t *this, chunk_t *secret)
+{
+ if (!this->zz)
+ {
+ return FAILED;
+ }
+ *secret = export_mpi(this->zz, this->p_len);
+ return SUCCESS;
+}
+
+/**
+ * Implementation of gcrypt_dh_t.get_dh_group.
+ */
+static diffie_hellman_group_t get_dh_group(private_gcrypt_dh_t *this)
+{
+ return this->group;
+}
+
+/**
+ * Implementation of gcrypt_dh_t.destroy.
+ */
+static void destroy(private_gcrypt_dh_t *this)
+{
+ gcry_mpi_release(this->p);
+ gcry_mpi_release(this->xa);
+ gcry_mpi_release(this->ya);
+ gcry_mpi_release(this->g);
+ gcry_mpi_release(this->yb);
+ gcry_mpi_release(this->zz);
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group)
+{
+ private_gcrypt_dh_t *this;
+ modulus_entry_t *entry;
+ gcry_error_t err;
+ chunk_t random;
+ rng_t *rng;
+ size_t len;
+
+ entry = find_entry(group);
+ if (!entry)
+ {
+ return NULL;
+ }
+
+ this = malloc_thing(private_gcrypt_dh_t);
+
+ this->public.dh.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
+ this->public.dh.set_other_public_value = (void (*)(diffie_hellman_t *, chunk_t )) set_other_public_value;
+ this->public.dh.get_my_public_value = (void (*)(diffie_hellman_t *, chunk_t *)) get_my_public_value;
+ this->public.dh.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
+ this->public.dh.destroy = (void (*)(diffie_hellman_t *)) destroy;
+
+ this->group = group;
+ this->p_len = entry->modulus.len;
+ err = gcry_mpi_scan(&this->p, GCRYMPI_FMT_USG,
+ entry->modulus.ptr, entry->modulus.len, NULL);
+ if (err)
+ {
+ DBG1("importing mpi modulus failed: %s", gpg_strerror(err));
+ free(this);
+ return NULL;
+ }
+ if (lib->settings->get_int(lib->settings,
+ "libstrongswan.dh_exponent_ansi_x9_42", TRUE))
+ {
+ len = this->p_len;
+ }
+ else
+ {
+ len = entry->opt_len;
+ }
+
+ rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
+ if (rng)
+ { /* prefer external randomizer */
+ rng->allocate_bytes(rng, len, &random);
+ rng->destroy(rng);
+ err = gcry_mpi_scan(&this->xa, GCRYMPI_FMT_USG,
+ random.ptr, random.len, NULL);
+ chunk_clear(&random);
+ if (err)
+ {
+ DBG1("importing mpi xa failed: %s", gpg_strerror(err));
+ gcry_mpi_release(this->p);
+ free(this);
+ return NULL;
+ }
+ }
+ else
+ { /* fallback to gcrypt internal randomizer, shouldn't ever happen */
+ this->xa = gcry_mpi_new(len * 8);
+ gcry_mpi_randomize(this->xa, len * 8, GCRY_STRONG_RANDOM);
+ }
+ if (len == this->p_len)
+ {
+ /* achieve bitsof(p)-1 by setting MSB to 0 */
+ gcry_mpi_clear_bit(this->xa, len * 8 - 1);
+ }
+
+ this->g = gcry_mpi_set_ui(NULL, entry->g);
+ this->ya = gcry_mpi_new(this->p_len * 8);
+ this->yb = NULL;
+ this->zz = NULL;
+
+ gcry_mpi_powm(this->ya, this->g, this->xa, this->p);
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
new file mode 100644
index 000000000..dbef96ca7
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_dh.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup gcrypt_dh gcrypt_dh
+ * @{ @ingroup gcrypt_p
+ */
+
+#ifndef GCRYPT_DH_H_
+#define GCRYPT_DH_H_
+
+typedef struct gcrypt_dh_t gcrypt_dh_t;
+
+#include <library.h>
+
+/**
+ * Implementation of the Diffie-Hellman algorithm using libgcrypt mpi.
+ */
+struct gcrypt_dh_t {
+
+ /**
+ * Implements diffie_hellman_t interface.
+ */
+ diffie_hellman_t dh;
+};
+
+/**
+ * Creates a new gcrypt_dh_t object.
+ *
+ * @param group Diffie Hellman group number to use
+ * @return gcrypt_dh_t object, NULL if not supported
+ */
+gcrypt_dh_t *gcrypt_dh_create(diffie_hellman_group_t group);
+
+#endif /** GCRYPT_DH_H_ @}*/
+
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
new file mode 100644
index 000000000..785ebda90
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "gcrypt_hasher.h"
+
+#include <debug.h>
+
+#include <gcrypt.h>
+
+typedef struct private_gcrypt_hasher_t private_gcrypt_hasher_t;
+
+/**
+ * Private data of gcrypt_hasher_t
+ */
+struct private_gcrypt_hasher_t {
+
+ /**
+ * Public part of this class.
+ */
+ gcrypt_hasher_t public;
+
+ /**
+ * gcrypt hasher context
+ */
+ gcry_md_hd_t hd;
+};
+
+/**
+ * Implementation of hasher_t.get_hash_size.
+ */
+static size_t get_hash_size(private_gcrypt_hasher_t *this)
+{
+ return gcry_md_get_algo_dlen(gcry_md_get_algo(this->hd));
+}
+
+/**
+ * Implementation of hasher_t.reset.
+ */
+static void reset(private_gcrypt_hasher_t *this)
+{
+ gcry_md_reset(this->hd);
+}
+
+/**
+ * Implementation of hasher_t.get_hash.
+ */
+static void get_hash(private_gcrypt_hasher_t *this, chunk_t chunk,
+ u_int8_t *hash)
+{
+ gcry_md_write(this->hd, chunk.ptr, chunk.len);
+ if (hash)
+ {
+ memcpy(hash, gcry_md_read(this->hd, 0), get_hash_size(this));
+ gcry_md_reset(this->hd);
+ }
+}
+
+/**
+ * Implementation of hasher_t.allocate_hash.
+ */
+static void allocate_hash(private_gcrypt_hasher_t *this, chunk_t chunk,
+ chunk_t *hash)
+{
+ if (hash)
+ {
+ *hash = chunk_alloc(get_hash_size(this));
+ get_hash(this, chunk, hash->ptr);
+ }
+ else
+ {
+ get_hash(this, chunk, NULL);
+ }
+}
+
+/**
+ * Implementation of hasher_t.destroy.
+ */
+static void destroy (private_gcrypt_hasher_t *this)
+{
+ gcry_md_close(this->hd);
+ free(this);
+}
+
+/*
+ * Described in header
+ */
+gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo)
+{
+ private_gcrypt_hasher_t *this;
+ int gcrypt_alg;
+ gcry_error_t err;
+
+ switch (algo)
+ {
+ case HASH_MD2:
+ gcrypt_alg = GCRY_MD_MD2;
+ break;
+ case HASH_MD4:
+ gcrypt_alg = GCRY_MD_MD4;
+ break;
+ case HASH_MD5:
+ gcrypt_alg = GCRY_MD_MD5;
+ break;
+ case HASH_SHA1:
+ gcrypt_alg = GCRY_MD_SHA1;
+ break;
+ case HASH_SHA256:
+ gcrypt_alg = GCRY_MD_SHA256;
+ break;
+ case HASH_SHA384:
+ gcrypt_alg = GCRY_MD_SHA384;
+ break;
+ case HASH_SHA512:
+ gcrypt_alg = GCRY_MD_SHA512;
+ break;
+ default:
+ return NULL;
+ }
+
+ this = malloc_thing(private_gcrypt_hasher_t);
+
+ err = gcry_md_open(&this->hd, gcrypt_alg, 0);
+ if (err)
+ {
+ DBG1("grcy_md_open(%N) failed: %s",
+ hash_algorithm_names, algo, gpg_strerror(err));
+ free(this);
+ return NULL;
+ }
+
+ this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash;
+ this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash;
+ this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size;
+ this->public.hasher_interface.reset = (void (*) (hasher_t*))reset;
+ this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy;
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h
new file mode 100644
index 000000000..6f724fba8
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup gcrypt_hasher gcrypt_hasher
+ * @{ @ingroup gcrypt_p
+ */
+
+#ifndef GCRYPT_HASHER_H_
+#define GCRYPT_HASHER_H_
+
+typedef struct gcrypt_hasher_t gcrypt_hasher_t;
+
+#include <crypto/hashers/hasher.h>
+
+/**
+ * Implementation of hashers using libgcrypt.
+ */
+struct gcrypt_hasher_t {
+
+ /**
+ * The hasher_t interface.
+ */
+ hasher_t hasher_interface;
+};
+
+/**
+ * Constructor to create gcrypt_hasher_t.
+ *
+ * @param algo algorithm
+ * @return gcrypt_hasher_t, NULL if not supported
+ */
+gcrypt_hasher_t *gcrypt_hasher_create(hash_algorithm_t algo);
+
+#endif /** GCRYPT_HASHER_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
new file mode 100644
index 000000000..547329dde
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c
@@ -0,0 +1,212 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "gcrypt_plugin.h"
+
+#include "gcrypt_hasher.h"
+#include "gcrypt_crypter.h"
+#include "gcrypt_rng.h"
+#include "gcrypt_dh.h"
+#include "gcrypt_rsa_private_key.h"
+#include "gcrypt_rsa_public_key.h"
+
+#include <library.h>
+#include <debug.h>
+#include <utils/mutex.h>
+
+#include <errno.h>
+#include <gcrypt.h>
+
+typedef struct private_gcrypt_plugin_t private_gcrypt_plugin_t;
+
+/**
+ * private data of gcrypt_plugin
+ */
+struct private_gcrypt_plugin_t {
+
+ /**
+ * public functions
+ */
+ gcrypt_plugin_t public;
+};
+
+/**
+ * gcrypt mutex initialization wrapper
+ */
+static int mutex_init(void **lock)
+{
+ *lock = mutex_create(MUTEX_DEFAULT);
+ return 0;
+}
+
+/**
+ * gcrypt mutex cleanup wrapper
+ */
+static int mutex_destroy(void **lock)
+{
+ mutex_t *mutex = *lock;
+
+ mutex->destroy(mutex);
+ return 0;
+}
+
+/**
+ * gcrypt mutex lock wrapper
+ */
+static int mutex_lock(void **lock)
+{
+ mutex_t *mutex = *lock;
+
+ mutex->lock(mutex);
+ return 0;
+}
+
+/**
+ * gcrypt mutex unlock wrapper
+ */
+static int mutex_unlock(void **lock)
+{
+ mutex_t *mutex = *lock;
+
+ mutex->unlock(mutex);
+ return 0;
+}
+
+/**
+ * gcrypt locking functions using our mutex_t
+ */
+static struct gcry_thread_cbs thread_functions = {
+ GCRY_THREAD_OPTION_USER, NULL,
+ mutex_init, mutex_destroy, mutex_lock, mutex_unlock,
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+/**
+ * Implementation of gcrypt_plugin_t.destroy
+ */
+static void destroy(private_gcrypt_plugin_t *this)
+{
+ lib->crypto->remove_hasher(lib->crypto,
+ (hasher_constructor_t)gcrypt_hasher_create);
+ lib->crypto->remove_crypter(lib->crypto,
+ (crypter_constructor_t)gcrypt_crypter_create);
+ lib->crypto->remove_rng(lib->crypto,
+ (rng_constructor_t)gcrypt_rng_create);
+ lib->crypto->remove_dh(lib->crypto,
+ (dh_constructor_t)gcrypt_dh_create);
+ lib->creds->remove_builder(lib->creds,
+ (builder_constructor_t)gcrypt_rsa_private_key_builder);
+ lib->creds->remove_builder(lib->creds,
+ (builder_constructor_t)gcrypt_rsa_public_key_builder);
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *plugin_create()
+{
+ private_gcrypt_plugin_t *this;
+
+ gcry_control(GCRYCTL_SET_THREAD_CBS, &thread_functions);
+
+ if (!gcry_check_version(GCRYPT_VERSION))
+ {
+ DBG1("libgcrypt version mismatch");
+ return NULL;
+ }
+
+ /* we currently do not use secure memory */
+ gcry_control(GCRYCTL_DISABLE_SECMEM, 0);
+ if (lib->settings->get_bool(lib->settings,
+ "libstrongswan.plugins.gcrypt.quick_random", FALSE))
+ {
+ gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+ }
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+
+ this = malloc_thing(private_gcrypt_plugin_t);
+
+ this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+
+ /* hashers */
+ lib->crypto->add_hasher(lib->crypto, HASH_SHA1,
+ (hasher_constructor_t)gcrypt_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_MD4,
+ (hasher_constructor_t)gcrypt_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_MD5,
+ (hasher_constructor_t)gcrypt_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_SHA256,
+ (hasher_constructor_t)gcrypt_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_SHA384,
+ (hasher_constructor_t)gcrypt_hasher_create);
+ lib->crypto->add_hasher(lib->crypto, HASH_SHA512,
+ (hasher_constructor_t)gcrypt_hasher_create);
+
+ /* crypters */
+ lib->crypto->add_crypter(lib->crypto, ENCR_3DES,
+ (crypter_constructor_t)gcrypt_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_CAST,
+ (crypter_constructor_t)gcrypt_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH,
+ (crypter_constructor_t)gcrypt_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_DES,
+ (crypter_constructor_t)gcrypt_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB,
+ (crypter_constructor_t)gcrypt_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
+ (crypter_constructor_t)gcrypt_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC,
+ (crypter_constructor_t)gcrypt_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_SERPENT_CBC,
+ (crypter_constructor_t)gcrypt_crypter_create);
+ lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC,
+ (crypter_constructor_t)gcrypt_crypter_create);
+
+ /* random numbers */
+ lib->crypto->add_rng(lib->crypto, RNG_WEAK,
+ (rng_constructor_t)gcrypt_rng_create);
+ lib->crypto->add_rng(lib->crypto, RNG_STRONG,
+ (rng_constructor_t)gcrypt_rng_create);
+ lib->crypto->add_rng(lib->crypto, RNG_TRUE,
+ (rng_constructor_t)gcrypt_rng_create);
+
+ /* diffie hellman groups, using modp */
+ lib->crypto->add_dh(lib->crypto, MODP_2048_BIT,
+ (dh_constructor_t)gcrypt_dh_create);
+ lib->crypto->add_dh(lib->crypto, MODP_1536_BIT,
+ (dh_constructor_t)gcrypt_dh_create);
+ lib->crypto->add_dh(lib->crypto, MODP_3072_BIT,
+ (dh_constructor_t)gcrypt_dh_create);
+ lib->crypto->add_dh(lib->crypto, MODP_4096_BIT,
+ (dh_constructor_t)gcrypt_dh_create);
+ lib->crypto->add_dh(lib->crypto, MODP_6144_BIT,
+ (dh_constructor_t)gcrypt_dh_create);
+ lib->crypto->add_dh(lib->crypto, MODP_8192_BIT,
+ (dh_constructor_t)gcrypt_dh_create);
+ lib->crypto->add_dh(lib->crypto, MODP_1024_BIT,
+ (dh_constructor_t)gcrypt_dh_create);
+ lib->crypto->add_dh(lib->crypto, MODP_768_BIT,
+ (dh_constructor_t)gcrypt_dh_create);
+
+ /* RSA */
+ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA,
+ (builder_constructor_t)gcrypt_rsa_private_key_builder);
+ lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
+ (builder_constructor_t)gcrypt_rsa_public_key_builder);
+
+ return &this->public.plugin;
+}
+
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h
new file mode 100644
index 000000000..f2247ed5c
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup gcrypt_p gcrypt
+ * @ingroup plugins
+ *
+ * @defgroup gcrypt_plugin gcrypt_plugin
+ * @{ @ingroup gcrypt_p
+ */
+
+#ifndef GCRYPT_PLUGIN_H_
+#define GCRYPT_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct gcrypt_plugin_t gcrypt_plugin_t;
+
+/**
+ * Plugin implementing crypto functions via libgcrypt.
+ */
+struct gcrypt_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+/**
+ * Create a gcrypt_plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /** GCRYPT_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
new file mode 100644
index 000000000..64b4eb8d0
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "gcrypt_rng.h"
+
+#include <gcrypt.h>
+
+typedef struct private_gcrypt_rng_t private_gcrypt_rng_t;
+
+/**
+ * Private data of an gcrypt_rng_t object.
+ */
+struct private_gcrypt_rng_t {
+
+ /**
+ * Public gcrypt_rng_t interface.
+ */
+ gcrypt_rng_t public;
+
+ /**
+ * RNG quality of this instance
+ */
+ rng_quality_t quality;
+};
+
+/**
+ * Implementation of gcrypt_rng_t.get_bytes.
+ */
+static void get_bytes(private_gcrypt_rng_t *this, size_t bytes,
+ u_int8_t *buffer)
+{
+ switch (this->quality)
+ {
+ case RNG_WEAK:
+ gcry_create_nonce(buffer, bytes);
+ break;
+ case RNG_STRONG:
+ gcry_randomize(buffer, bytes, GCRY_STRONG_RANDOM);
+ break;
+ case RNG_TRUE:
+ gcry_randomize(buffer, bytes, GCRY_VERY_STRONG_RANDOM);
+ break;
+ }
+}
+
+/**
+ * Implementation of gcrypt_rng_t.allocate_bytes.
+ */
+static void allocate_bytes(private_gcrypt_rng_t *this, size_t bytes,
+ chunk_t *chunk)
+{
+ *chunk = chunk_alloc(bytes);
+ get_bytes(this, chunk->len, chunk->ptr);
+}
+
+/**
+ * Implementation of gcrypt_rng_t.destroy.
+ */
+static void destroy(private_gcrypt_rng_t *this)
+{
+ free(this);
+}
+
+/*
+ * Described in header.
+ */
+gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality)
+{
+ private_gcrypt_rng_t *this;
+
+ switch (quality)
+ {
+ case RNG_WEAK:
+ case RNG_STRONG:
+ case RNG_TRUE:
+ break;
+ default:
+ return NULL;
+ }
+
+ this = malloc_thing(private_gcrypt_rng_t);
+
+ this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes;
+ this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes;
+ this->public.rng.destroy = (void (*) (rng_t *))destroy;
+
+ this->quality = quality;
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h
new file mode 100644
index 000000000..3cfde8447
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup gcrypt_rng gcrypt_rng
+ * @{ @ingroup gcrypt_p
+ */
+
+#ifndef GCRYPT_RNG_H_
+#define GCRYPT_RNG_H_
+
+typedef struct gcrypt_rng_t gcrypt_rng_t;
+
+#include <library.h>
+
+/**
+ * rng_t implementation using libgcrypt.
+ */
+struct gcrypt_rng_t {
+
+ /**
+ * Implements rng_t.
+ */
+ rng_t rng;
+};
+
+/**
+ * Creates an gcrypt_rng_t instance.
+ *
+ * @param quality required quality of gcryptness
+ * @return created gcrypt_rng_t
+ */
+gcrypt_rng_t *gcrypt_rng_create(rng_quality_t quality);
+
+#endif /** GCRYPT_RNG_H_ @} */
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
new file mode 100644
index 000000000..611ab2467
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -0,0 +1,734 @@
+/*
+ * Copyright (C) 2005-2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <gcrypt.h>
+
+#include "gcrypt_rsa_private_key.h"
+
+#include <debug.h>
+#include <asn1/oid.h>
+#include <asn1/asn1.h>
+#include <asn1/asn1_parser.h>
+
+typedef struct private_gcrypt_rsa_private_key_t private_gcrypt_rsa_private_key_t;
+
+/**
+ * Private data of a gcrypt_rsa_private_key_t object.
+ */
+struct private_gcrypt_rsa_private_key_t {
+
+ /**
+ * Public interface
+ */
+ gcrypt_rsa_private_key_t public;
+
+ /**
+ * gcrypt S-expression representing an RSA key
+ */
+ gcry_sexp_t key;
+
+ /**
+ * Keyid formed as a SHA-1 hash of a publicKey object
+ */
+ identification_t* keyid;
+
+ /**
+ * Keyid formed as a SHA-1 hash of a publicKeyInfo object
+ */
+ identification_t* keyid_info;
+
+ /**
+ * reference count
+ */
+ refcount_t ref;
+};
+
+/**
+ * Implemented in gcrypt_rsa_public_key.c
+ */
+public_key_t *gcrypt_rsa_public_key_create_from_sexp(gcry_sexp_t key);
+
+/**
+ * find a token in a S-expression
+ */
+chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name)
+{
+ gcry_sexp_t token;
+ chunk_t data = chunk_empty;
+
+ token = gcry_sexp_find_token(sexp, name, 1);
+ if (token)
+ {
+ data.ptr = (char*)gcry_sexp_nth_data(token, 1, &data.len);
+ if (!data.ptr)
+ {
+ data.len = 0;
+ }
+ data = chunk_clone(data);
+ gcry_sexp_release(token);
+ }
+ return data;
+}
+
+/**
+ * Sign a chunk of data with direct PKCS#1 encoding, no hash OID
+ */
+static bool sign_raw(private_gcrypt_rsa_private_key_t *this,
+ chunk_t data, chunk_t *signature)
+{
+ gcry_sexp_t in, out;
+ gcry_error_t err;
+ chunk_t em;
+ size_t k;
+
+ /* EM = 0x00 || 0x01 || PS || 0x00 || T
+ * PS = 0xFF padding, with length to fill em
+ * T = data
+ */
+ k = gcry_pk_get_nbits(this->key) / 8;
+ if (data.len > k - 3)
+ {
+ return FALSE;
+ }
+ em = chunk_alloc(k);
+ memset(em.ptr, 0xFF, em.len);
+ em.ptr[0] = 0x00;
+ em.ptr[1] = 0x01;
+ em.ptr[em.len - data.len - 1] = 0x00;
+ memcpy(em.ptr + em.len - data.len, data.ptr, data.len);
+
+ err = gcry_sexp_build(&in, NULL, "(data(flags raw)(value %b))",
+ em.len, em.ptr);
+ chunk_free(&em);
+ if (err)
+ {
+ DBG1("building signature S-expression failed: %s", gpg_strerror(err));
+ return FALSE;
+ }
+ err = gcry_pk_sign(&out, in, this->key);
+ gcry_sexp_release(in);
+ if (err)
+ {
+ DBG1("creating pkcs1 signature failed: %s", gpg_strerror(err));
+ return FALSE;
+ }
+ *signature = gcrypt_rsa_find_token(out, "s");
+ gcry_sexp_release(out);
+ return !!signature->len;
+}
+
+/**
+ * Sign a chunk of data using hashing and PKCS#1 encoding
+ */
+static bool sign_pkcs1(private_gcrypt_rsa_private_key_t *this,
+ hash_algorithm_t hash_algorithm, char *hash_name,
+ chunk_t data, chunk_t *signature)
+{
+ hasher_t *hasher;
+ chunk_t hash;
+ gcry_error_t err;
+ gcry_sexp_t in, out;
+ int hash_oid;
+
+ hash_oid = hasher_algorithm_to_oid(hash_algorithm);
+ if (hash_oid == OID_UNKNOWN)
+ {
+ return FALSE;
+ }
+ hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
+ if (!hasher)
+ {
+ return FALSE;
+ }
+ hasher->allocate_hash(hasher, data, &hash);
+ hasher->destroy(hasher);
+
+ err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))",
+ hash_name, hash.len, hash.ptr);
+ chunk_free(&hash);
+ if (err)
+ {
+ DBG1("building signature S-expression failed: %s", gpg_strerror(err));
+ return FALSE;
+ }
+ err = gcry_pk_sign(&out, in, this->key);
+ gcry_sexp_release(in);
+ if (err)
+ {
+ DBG1("creating pkcs1 signature failed: %s", gpg_strerror(err));
+ return FALSE;
+ }
+ *signature = gcrypt_rsa_find_token(out, "s");
+ gcry_sexp_release(out);
+ return !!signature->len;
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.destroy.
+ */
+static key_type_t get_type(private_gcrypt_rsa_private_key_t *this)
+{
+ return KEY_RSA;
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.destroy.
+ */
+static bool sign(private_gcrypt_rsa_private_key_t *this, signature_scheme_t scheme,
+ chunk_t data, chunk_t *sig)
+{
+ switch (scheme)
+ {
+ case SIGN_RSA_EMSA_PKCS1_NULL:
+ return sign_raw(this, data, sig);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return sign_pkcs1(this, HASH_SHA1, "sha1", data, sig);
+ case SIGN_RSA_EMSA_PKCS1_SHA256:
+ return sign_pkcs1(this, HASH_SHA256, "sha256", data, sig);
+ case SIGN_RSA_EMSA_PKCS1_SHA384:
+ return sign_pkcs1(this, HASH_SHA384, "sha384", data, sig);
+ case SIGN_RSA_EMSA_PKCS1_SHA512:
+ return sign_pkcs1(this, HASH_SHA512, "sha512", data, sig);
+ case SIGN_RSA_EMSA_PKCS1_MD5:
+ return sign_pkcs1(this, HASH_MD5, "md5", data, sig);
+ default:
+ DBG1("signature scheme %N not supported in RSA",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.destroy.
+ */
+static bool decrypt(private_gcrypt_rsa_private_key_t *this,
+ chunk_t encrypted, chunk_t *plain)
+{
+ gcry_error_t err;
+ gcry_sexp_t in, out;
+ chunk_t padded;
+ u_char *pos = NULL;;
+
+ err = gcry_sexp_build(&in, NULL, "(enc-val(flags)(rsa(a %b)))",
+ encrypted.len, encrypted.ptr);
+ if (err)
+ {
+ DBG1("building decryption S-expression failed: %s", gpg_strerror(err));
+ return FALSE;
+ }
+ err = gcry_pk_decrypt(&out, in, this->key);
+ gcry_sexp_release(in);
+ if (err)
+ {
+ DBG1("decrypting pkcs1 data failed: %s", gpg_strerror(err));
+ return FALSE;
+ }
+ padded.ptr = (u_char*)gcry_sexp_nth_data(out, 1, &padded.len);
+ /* result is padded, but gcrypt strips leading zero:
+ * 00 | 02 | RANDOM | 00 | DATA */
+ if (padded.ptr && padded.len > 2 && padded.ptr[0] == 0x02)
+ {
+ pos = memchr(padded.ptr, 0x00, padded.len - 1);
+ if (pos)
+ {
+ pos++;
+ *plain = chunk_clone(chunk_create(
+ pos, padded.len - (pos - padded.ptr)));
+ }
+ }
+ gcry_sexp_release(out);
+ if (!pos)
+ {
+ DBG1("decrypted data has invalid pkcs1 padding");
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.get_keysize.
+ */
+static size_t get_keysize(private_gcrypt_rsa_private_key_t *this)
+{
+ return gcry_pk_get_nbits(this->key) / 8;
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.destroy.
+ */
+static identification_t* get_id(private_gcrypt_rsa_private_key_t *this,
+ id_type_t type)
+{
+ switch (type)
+ {
+ case ID_PUBKEY_INFO_SHA1:
+ return this->keyid_info;
+ case ID_PUBKEY_SHA1:
+ return this->keyid;
+ default:
+ return NULL;
+ }
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.get_public_key.
+ */
+static public_key_t* get_public_key(private_gcrypt_rsa_private_key_t *this)
+{
+ return gcrypt_rsa_public_key_create_from_sexp(this->key);
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.equals.
+ */
+static bool equals(private_gcrypt_rsa_private_key_t *this, private_key_t *other)
+{
+ identification_t *keyid;
+
+ if (&this->public.interface == other)
+ {
+ return TRUE;
+ }
+ if (other->get_type(other) != KEY_RSA)
+ {
+ return FALSE;
+ }
+ keyid = other->get_id(other, ID_PUBKEY_SHA1);
+ if (keyid && keyid->equals(keyid, this->keyid))
+ {
+ return TRUE;
+ }
+ keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
+ if (keyid && keyid->equals(keyid, this->keyid_info))
+ {
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.belongs_to.
+ */
+static bool belongs_to(private_gcrypt_rsa_private_key_t *this,
+ public_key_t *public)
+{
+ identification_t *keyid;
+
+ if (public->get_type(public) != KEY_RSA)
+ {
+ return FALSE;
+ }
+ keyid = public->get_id(public, ID_PUBKEY_SHA1);
+ if (keyid && keyid->equals(keyid, this->keyid))
+ {
+ return TRUE;
+ }
+ keyid = public->get_id(public, ID_PUBKEY_INFO_SHA1);
+ if (keyid && keyid->equals(keyid, this->keyid_info))
+ {
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ * Implementation of private_key_t.get_encoding.
+ */
+static chunk_t get_encoding(private_gcrypt_rsa_private_key_t *this)
+{
+ chunk_t cp, cq, cd, cexp1 = chunk_empty, cexp2 = chunk_empty;
+ gcry_mpi_t p = NULL, q = NULL, d = NULL, exp1, exp2;
+ gcry_error_t err;
+
+ /* p and q are swapped, gcrypt expects p < q */
+ cp = gcrypt_rsa_find_token(this->key, "q");
+ cq = gcrypt_rsa_find_token(this->key, "p");
+ cd = gcrypt_rsa_find_token(this->key, "d");
+
+ err = gcry_mpi_scan(&p, GCRYMPI_FMT_USG, cp.ptr, cp.len, NULL)
+ | gcry_mpi_scan(&q, GCRYMPI_FMT_USG, cq.ptr, cq.len, NULL)
+ | gcry_mpi_scan(&d, GCRYMPI_FMT_USG, cd.ptr, cd.len, NULL);
+ if (err)
+ {
+ gcry_mpi_release(p);
+ gcry_mpi_release(q);
+ gcry_mpi_release(d);
+ chunk_clear(&cp);
+ chunk_clear(&cq);
+ chunk_clear(&cd);
+ DBG1("scanning mpi for export failed: %s", gpg_strerror(err));
+ return chunk_empty;
+ }
+
+ gcry_mpi_sub_ui(p, p, 1);
+ exp1 = gcry_mpi_new(gcry_pk_get_nbits(this->key));
+ gcry_mpi_mod(exp1, d, p);
+ gcry_mpi_release(p);
+
+ gcry_mpi_sub_ui(q, q, 1);
+ exp2 = gcry_mpi_new(gcry_pk_get_nbits(this->key));
+ gcry_mpi_mod(exp1, d, q);
+ gcry_mpi_release(q);
+
+ err = gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp1.ptr, &cexp1.len, exp1)
+ | gcry_mpi_aprint(GCRYMPI_FMT_USG, &cexp2.ptr, &cexp2.len, exp2);
+
+ gcry_mpi_release(d);
+ gcry_mpi_release(exp1);
+ gcry_mpi_release(exp2);
+
+ if (err)
+ {
+ DBG1("printing mpi for export failed: %s", gpg_strerror(err));
+ chunk_clear(&cp);
+ chunk_clear(&cq);
+ chunk_clear(&cd);
+ chunk_clear(&cexp1);
+ chunk_clear(&cexp2);
+ return chunk_empty;
+ }
+
+ return asn1_wrap(ASN1_SEQUENCE, "cmmmmmmmm", ASN1_INTEGER_0,
+ asn1_integer("m", gcrypt_rsa_find_token(this->key, "n")),
+ asn1_integer("m", gcrypt_rsa_find_token(this->key, "e")),
+ asn1_integer("m", cd),
+ asn1_integer("m", cp),
+ asn1_integer("m", cq),
+ asn1_integer("m", cexp1),
+ asn1_integer("m", cexp2),
+ asn1_integer("m", gcrypt_rsa_find_token(this->key, "u")));
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.get_ref.
+ */
+static private_key_t* get_ref(private_gcrypt_rsa_private_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.interface;
+}
+
+/**
+ * Implementation of gcrypt_rsa_private_key.destroy.
+ */
+static void destroy(private_gcrypt_rsa_private_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ DESTROY_IF(this->keyid);
+ DESTROY_IF(this->keyid_info);
+ gcry_sexp_release(this->key);
+ free(this);
+ }
+}
+
+/**
+ * Internal generic constructor
+ */
+static private_gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_create_empty()
+{
+ private_gcrypt_rsa_private_key_t *this = malloc_thing(private_gcrypt_rsa_private_key_t);
+
+ this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
+ this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
+ this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
+ this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
+ this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id;
+ this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
+ this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals;
+ this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to;
+ this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding;
+ this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
+ this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
+
+ this->key = NULL;
+ this->keyid = NULL;
+ this->keyid_info = NULL;
+ this->ref = 1;
+
+ return this;
+}
+
+/**
+ * build the keyids of a private/public key
+ */
+bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid,
+ identification_t **keyid_info)
+{
+ chunk_t publicKeyInfo, publicKey, hash;
+ hasher_t *hasher;
+
+ hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
+ if (!hasher)
+ {
+ DBG1("SHA1 hash algorithm not supported, unable to use RSA");
+ return FALSE;
+ }
+ publicKey = asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_integer("m", gcrypt_rsa_find_token(key, "n")),
+ asn1_integer("m", gcrypt_rsa_find_token(key, "e")));
+ hasher->allocate_hash(hasher, publicKey, &hash);
+ *keyid = identification_create_from_encoding(ID_PUBKEY_SHA1, hash);
+ chunk_free(&hash);
+
+ publicKeyInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
+ asn1_algorithmIdentifier(OID_RSA_ENCRYPTION),
+ asn1_bitstring("m", publicKey));
+ hasher->allocate_hash(hasher, publicKeyInfo, &hash);
+ *keyid_info = identification_create_from_encoding(ID_PUBKEY_INFO_SHA1, hash);
+ chunk_free(&hash);
+
+ hasher->destroy(hasher);
+ chunk_free(&publicKeyInfo);
+
+ return TRUE;
+}
+
+/**
+ * Generate an RSA key of specified key size
+ */
+static gcrypt_rsa_private_key_t *generate(size_t key_size)
+{
+ private_gcrypt_rsa_private_key_t *this;
+ gcry_sexp_t param, key;
+ gcry_error_t err;
+
+ err = gcry_sexp_build(&param, NULL, "(genkey(rsa(nbits %d)))", key_size);
+ if (err)
+ {
+ DBG1("building S-expression failed: %s", gpg_strerror(err));
+ return NULL;
+ }
+
+ err = gcry_pk_genkey(&key, param);
+ gcry_sexp_release(param);
+ if (err)
+ {
+ DBG1("generating RSA key failed: %s", gpg_strerror(err));
+ return NULL;
+ }
+ this = gcrypt_rsa_private_key_create_empty();
+ this->key = key;
+
+ if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info))
+ {
+ destroy(this);
+ return NULL;
+ }
+
+ return &this->public;
+}
+
+/**
+ * ASN.1 definition of a PKCS#1 RSA private key
+ */
+static const asn1Object_t privkeyObjects[] = {
+ { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
+ { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */
+ { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */
+ { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */
+ { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */
+ { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */
+ { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */
+ { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */
+ { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */
+ { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT |
+ ASN1_LOOP }, /* 10 */
+ { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */
+ { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */
+ { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */
+ { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */
+ { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 15 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+#define PRIV_KEY_VERSION 1
+#define PRIV_KEY_MODULUS 2
+#define PRIV_KEY_PUB_EXP 3
+#define PRIV_KEY_PRIV_EXP 4
+#define PRIV_KEY_PRIME1 5
+#define PRIV_KEY_PRIME2 6
+#define PRIV_KEY_EXP1 7
+#define PRIV_KEY_EXP2 8
+#define PRIV_KEY_COEFF 9
+
+/**
+ * load private key from a ASN1 encoded blob
+ */
+static gcrypt_rsa_private_key_t *load(chunk_t blob)
+{
+ private_gcrypt_rsa_private_key_t *this;
+ asn1_parser_t *parser;
+ chunk_t object;
+ int objectID ;
+ bool success = FALSE;
+ chunk_t n, e, d, u, p, q;
+ gcry_error_t err;
+
+ n = e = d = u = p = q = chunk_empty;
+
+ parser = asn1_parser_create(privkeyObjects, blob);
+ parser->set_flags(parser, FALSE, TRUE);
+
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ switch (objectID)
+ {
+ case PRIV_KEY_VERSION:
+ if (object.len > 0 && *object.ptr != 0)
+ {
+ goto end;
+ }
+ break;
+ case PRIV_KEY_MODULUS:
+ n = object;
+ break;
+ case PRIV_KEY_PUB_EXP:
+ e = object;
+ break;
+ case PRIV_KEY_PRIV_EXP:
+ d = object;
+ break;
+ case PRIV_KEY_PRIME1:
+ /* p and q are swapped, as gcrypt expects p < q */
+ q = object;
+ break;
+ case PRIV_KEY_PRIME2:
+ p = object;
+ break;
+ case PRIV_KEY_EXP1:
+ case PRIV_KEY_EXP2:
+ break;
+ case PRIV_KEY_COEFF:
+ u = object;
+ break;
+ }
+ }
+ success = parser->success(parser);
+
+end:
+ parser->destroy(parser);
+
+ if (!success)
+ {
+ return NULL;
+ }
+
+ this = gcrypt_rsa_private_key_create_empty();
+ err = gcry_sexp_build(&this->key, NULL,
+ "(private-key(rsa(n %b)(e %b)(d %b)(p %b)(q %b)(u %b)))",
+ n.len, n.ptr, e.len, e.ptr, d.len, d.ptr,
+ p.len, p.ptr, q.len, q.ptr, u.len, u.ptr);
+ if (err)
+ {
+ DBG1("loading private key failed: %s", gpg_strerror(err));
+ free(this);
+ return NULL;
+ }
+ err = gcry_pk_testkey(this->key);
+ if (err)
+ {
+ DBG1("private key sanity check failed: %s", gpg_strerror(err));
+ destroy(this);
+ return NULL;
+ }
+ if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info))
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
+typedef struct private_builder_t private_builder_t;
+
+/**
+ * Builder implementation for key loading/generation
+ */
+struct private_builder_t {
+ /** implements the builder interface */
+ builder_t public;
+ /** loaded/generated private key */
+ gcrypt_rsa_private_key_t *key;
+};
+
+/**
+ * Implementation of builder_t.build
+ */
+static gcrypt_rsa_private_key_t *build(private_builder_t *this)
+{
+ gcrypt_rsa_private_key_t *key = this->key;
+
+ free(this);
+ return key;
+}
+
+/**
+ * Implementation of builder_t.add
+ */
+static void add(private_builder_t *this, builder_part_t part, ...)
+{
+ if (!this->key)
+ {
+ va_list args;
+
+ switch (part)
+ {
+ case BUILD_BLOB_ASN1_DER:
+ {
+ va_start(args, part);
+ this->key = load(va_arg(args, chunk_t));
+ va_end(args);
+ return;
+ }
+ case BUILD_KEY_SIZE:
+ {
+ va_start(args, part);
+ this->key = generate(va_arg(args, u_int));
+ va_end(args);
+ return;
+ }
+ default:
+ break;
+ }
+ }
+ if (this->key)
+ {
+ destroy((private_gcrypt_rsa_private_key_t*)this->key);
+ }
+ builder_cancel(&this->public);
+}
+
+/**
+ * Builder construction function
+ */
+builder_t *gcrypt_rsa_private_key_builder(key_type_t type)
+{
+ private_builder_t *this;
+
+ if (type != KEY_RSA)
+ {
+ return NULL;
+ }
+
+ this = malloc_thing(private_builder_t);
+
+ this->key = NULL;
+ this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
+ this->public.build = (void*(*)(builder_t *this))build;
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h
new file mode 100644
index 000000000..2edd7ce5d
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup gcrypt_rsa_private_key gcrypt_rsa_private_key
+ * @{ @ingroup gcrypt_p
+ */
+
+#ifndef GCRYPT_RSA_PRIVATE_KEY_H_
+#define GCRYPT_RSA_PRIVATE_KEY_H_
+
+#include <credentials/keys/private_key.h>
+
+typedef struct gcrypt_rsa_private_key_t gcrypt_rsa_private_key_t;
+
+/**
+ * Private_key_t implementation of RSA algorithm using libgcrypt.
+ */
+struct gcrypt_rsa_private_key_t {
+
+ /**
+ * Implements private_key_t interface
+ */
+ private_key_t interface;
+};
+
+/**
+ * Create the builder for a private key.
+ *
+ * @param type type of the key, must be KEY_RSA
+ * @return builder instance
+ */
+builder_t *gcrypt_rsa_private_key_builder(key_type_t type);
+
+#endif /** GCRYPT_RSA_PRIVATE_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
new file mode 100644
index 000000000..8024f58a7
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.c
@@ -0,0 +1,512 @@
+/*
+ * Copyright (C) 2005-2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <gcrypt.h>
+
+#include "gcrypt_rsa_public_key.h"
+
+#include <debug.h>
+#include <asn1/oid.h>
+#include <asn1/asn1.h>
+#include <asn1/asn1_parser.h>
+#include <asn1/pem.h>
+#include <crypto/hashers/hasher.h>
+
+typedef struct private_gcrypt_rsa_public_key_t private_gcrypt_rsa_public_key_t;
+
+/**
+ * Private data structure with signing context.
+ */
+struct private_gcrypt_rsa_public_key_t {
+
+ /**
+ * Public interface for this signer.
+ */
+ gcrypt_rsa_public_key_t public;
+
+ /**
+ * gcrypt S-expression representing an public RSA key
+ */
+ gcry_sexp_t key;
+
+ /**
+ * Keyid formed as a SHA-1 hash of a publicKey object
+ */
+ identification_t* keyid;
+
+ /**
+ * Keyid formed as a SHA-1 hash of a publicKeyInfo object
+ */
+ identification_t* keyid_info;
+
+ /**
+ * reference counter
+ */
+ refcount_t ref;
+};
+
+/**
+ * Implemented in gcrypt_rsa_private_key.c
+ */
+chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name);
+bool gcrypt_rsa_build_keyids(gcry_sexp_t key, identification_t **keyid,
+ identification_t **keyid_info);
+
+/**
+ * verification of a padded PKCS1 signature without an OID
+ */
+static bool verify_raw(private_gcrypt_rsa_public_key_t *this,
+ chunk_t data, chunk_t signature)
+{
+ gcry_sexp_t in, sig;
+ gcry_error_t err;
+ chunk_t em;
+ size_t k;
+
+ /* EM = 0x00 || 0x01 || PS || 0x00 || T
+ * PS = 0xFF padding, with length to fill em
+ * T = data
+ */
+ k = gcry_pk_get_nbits(this->key) / 8;
+ if (data.len > k - 3)
+ {
+ return FALSE;
+ }
+ em = chunk_alloc(k);
+ memset(em.ptr, 0xFF, em.len);
+ em.ptr[0] = 0x00;
+ em.ptr[1] = 0x01;
+ em.ptr[em.len - data.len - 1] = 0x00;
+ memcpy(em.ptr + em.len - data.len, data.ptr, data.len);
+
+ err = gcry_sexp_build(&in, NULL, "(data(flags raw)(value %b))",
+ em.len, em.ptr);
+ chunk_free(&em);
+ if (err)
+ {
+ DBG1("building data S-expression failed: %s", gpg_strerror(err));
+ return FALSE;
+ }
+ err = gcry_sexp_build(&sig, NULL, "(sig-val(rsa(s %b)))",
+ signature.len, signature.ptr);
+ if (err)
+ {
+ DBG1("building signature S-expression failed: %s", gpg_strerror(err));
+ gcry_sexp_release(in);
+ return FALSE;
+ }
+ err = gcry_pk_verify(sig, in, this->key);
+ gcry_sexp_release(in);
+ gcry_sexp_release(sig);
+ if (err)
+ {
+ DBG1("RSA signature verification failed: %s", gpg_strerror(err));
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ * Verification of an EMSA PKCS1 signature described in PKCS#1
+ */
+static bool verify_pkcs1(private_gcrypt_rsa_public_key_t *this,
+ hash_algorithm_t algorithm, char *hash_name,
+ chunk_t data, chunk_t signature)
+{
+ hasher_t *hasher;
+ chunk_t hash;
+ gcry_error_t err;
+ gcry_sexp_t in, sig;
+
+ hasher = lib->crypto->create_hasher(lib->crypto, algorithm);
+ if (!hasher)
+ {
+ return FALSE;
+ }
+ hasher->allocate_hash(hasher, data, &hash);
+ hasher->destroy(hasher);
+
+ err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(hash %s %b))",
+ hash_name, hash.len, hash.ptr);
+ chunk_free(&hash);
+ if (err)
+ {
+ DBG1("building data S-expression failed: %s", gpg_strerror(err));
+ return FALSE;
+ }
+
+ err = gcry_sexp_build(&sig, NULL, "(sig-val(rsa(s %b)))",
+ signature.len, signature.ptr);
+ if (err)
+ {
+ DBG1("building signature S-expression failed: %s", gpg_strerror(err));
+ gcry_sexp_release(in);
+ return FALSE;
+ }
+ err = gcry_pk_verify(sig, in, this->key);
+ gcry_sexp_release(in);
+ gcry_sexp_release(sig);
+ if (err)
+ {
+ DBG1("RSA signature verification failed: %s", gpg_strerror(err));
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
+ * Implementation of public_key_t.get_type.
+ */
+static key_type_t get_type(private_gcrypt_rsa_public_key_t *this)
+{
+ return KEY_RSA;
+}
+
+/**
+ * Implementation of public_key_t.verify.
+ */
+static bool verify(private_gcrypt_rsa_public_key_t *this,
+ signature_scheme_t scheme, chunk_t data, chunk_t signature)
+{
+ switch (scheme)
+ {
+ case SIGN_RSA_EMSA_PKCS1_NULL:
+ return verify_raw(this, data, signature);
+ case SIGN_RSA_EMSA_PKCS1_MD5:
+ return verify_pkcs1(this, HASH_MD5, "md5", data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA1:
+ return verify_pkcs1(this, HASH_SHA1, "sha1", data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA256:
+ return verify_pkcs1(this, HASH_SHA256, "sha256", data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA384:
+ return verify_pkcs1(this, HASH_SHA384, "sha384", data, signature);
+ case SIGN_RSA_EMSA_PKCS1_SHA512:
+ return verify_pkcs1(this, HASH_SHA512, "sha512", data, signature);
+ default:
+ DBG1("signature scheme %N not supported in RSA",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+}
+
+/**
+ * Implementation of public_key_t.encrypt.
+ */
+static bool encrypt_(private_gcrypt_rsa_public_key_t *this, chunk_t plain,
+ chunk_t *encrypted)
+{
+ gcry_sexp_t in, out;
+ gcry_error_t err;
+
+ /* "pkcs1" uses PKCS 1.5 (section 8.1) block type 2 encryption:
+ * 00 | 02 | RANDOM | 00 | DATA */
+ err = gcry_sexp_build(&in, NULL, "(data(flags pkcs1)(value %b))",
+ plain.len, plain.ptr);
+ if (err)
+ {
+ DBG1("building encryption S-expression failed: %s", gpg_strerror(err));
+ return FALSE;
+ }
+ err = gcry_pk_encrypt(&out, in, this->key);
+ gcry_sexp_release(in);
+ if (err)
+ {
+ DBG1("encrypting data using pkcs1 failed: %s", gpg_strerror(err));
+ return FALSE;
+ }
+ *encrypted = gcrypt_rsa_find_token(out, "a");
+ gcry_sexp_release(out);
+ return !!encrypted->len;
+}
+
+/**
+ * Implementation of gcrypt_rsa_public_key.equals.
+ */
+static bool equals(private_gcrypt_rsa_public_key_t *this, public_key_t *other)
+{
+ identification_t *keyid;
+
+ if (&this->public.interface == other)
+ {
+ return TRUE;
+ }
+ if (other->get_type(other) != KEY_RSA)
+ {
+ return FALSE;
+ }
+ keyid = other->get_id(other, ID_PUBKEY_SHA1);
+ if (keyid && keyid->equals(keyid, this->keyid))
+ {
+ return TRUE;
+ }
+ keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
+ if (keyid && keyid->equals(keyid, this->keyid_info))
+ {
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ * Implementation of public_key_t.get_keysize.
+ */
+static size_t get_keysize(private_gcrypt_rsa_public_key_t *this)
+{
+ return gcry_pk_get_nbits(this->key) / 8;
+}
+
+/**
+ * Implementation of public_key_t.get_id.
+ */
+static identification_t *get_id(private_gcrypt_rsa_public_key_t *this,
+ id_type_t type)
+{
+ switch (type)
+ {
+ case ID_PUBKEY_INFO_SHA1:
+ return this->keyid_info;
+ case ID_PUBKEY_SHA1:
+ return this->keyid;
+ default:
+ return NULL;
+ }
+}
+
+/*
+ * Implementation of public_key_t.get_encoding.
+ */
+static chunk_t get_encoding(private_gcrypt_rsa_public_key_t *this)
+{
+ return asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_integer("m", gcrypt_rsa_find_token(this->key, "n")),
+ asn1_integer("m", gcrypt_rsa_find_token(this->key, "e")));
+}
+
+/**
+ * Implementation of public_key_t.get_ref.
+ */
+static public_key_t* get_ref(private_gcrypt_rsa_public_key_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.interface;
+}
+
+/**
+ * Implementation of gcrypt_rsa_public_key.destroy.
+ */
+static void destroy(private_gcrypt_rsa_public_key_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ DESTROY_IF(this->keyid);
+ DESTROY_IF(this->keyid_info);
+ gcry_sexp_release(this->key);
+ free(this);
+ }
+}
+
+/**
+ * Generic private constructor
+ */
+static private_gcrypt_rsa_public_key_t *gcrypt_rsa_public_key_create_empty()
+{
+ private_gcrypt_rsa_public_key_t *this = malloc_thing(private_gcrypt_rsa_public_key_t);
+
+ this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
+ this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
+ this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_;
+ this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals;
+ this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
+ this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id;
+ this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding;
+ this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref;
+ this->public.interface.destroy = (void (*)(public_key_t *this))destroy;
+
+ this->key = NULL;
+ this->keyid = NULL;
+ this->keyid_info = NULL;
+ this->ref = 1;
+
+ return this;
+}
+
+/**
+ * Create a public key from a S-expression, used in gcrypt_rsa_private_key
+ */
+public_key_t *gcrypt_rsa_public_key_create_from_sexp(gcry_sexp_t key)
+{
+ private_gcrypt_rsa_public_key_t *this;
+ gcry_error_t err;
+ chunk_t n, e;
+
+ this = gcrypt_rsa_public_key_create_empty();
+ n = gcrypt_rsa_find_token(key, "n");
+ e = gcrypt_rsa_find_token(key, "e");
+
+ err = gcry_sexp_build(&this->key, NULL, "(public-key(rsa(n %b)(e %b)))",
+ n.len, n.ptr, e.len, e.ptr);
+ chunk_free(&n);
+ chunk_free(&e);
+ if (err)
+ {
+ DBG1("loading public key failed: %s", gpg_strerror(err));
+ free(this);
+ return NULL;
+ }
+ if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info))
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public.interface;
+}
+
+/**
+ * ASN.1 definition of RSApublicKey
+ */
+static const asn1Object_t pubkeyObjects[] = {
+ { 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
+ { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */
+ { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */
+ { 0, "exit", ASN1_EOC, ASN1_EXIT }
+};
+#define PUB_KEY_RSA_PUBLIC_KEY 0
+#define PUB_KEY_MODULUS 1
+#define PUB_KEY_EXPONENT 2
+
+/**
+ * Load a public key from an ASN1 encoded blob
+ */
+static gcrypt_rsa_public_key_t *load(chunk_t blob)
+{
+ private_gcrypt_rsa_public_key_t *this;
+ asn1_parser_t *parser;
+ chunk_t object, n, e;
+ int objectID;
+ bool success = FALSE;
+ gcry_error_t err;
+
+ n = e = chunk_empty;
+
+ parser = asn1_parser_create(pubkeyObjects, blob);
+ while (parser->iterate(parser, &objectID, &object))
+ {
+ switch (objectID)
+ {
+ case PUB_KEY_MODULUS:
+ n = object;
+ break;
+ case PUB_KEY_EXPONENT:
+ e = object;
+ break;
+ }
+ }
+ success = parser->success(parser);
+ parser->destroy(parser);
+
+ if (!success)
+ {
+ return NULL;
+ }
+
+ this = gcrypt_rsa_public_key_create_empty();
+ err = gcry_sexp_build(&this->key, NULL, "(public-key(rsa(n %b)(e %b)))",
+ n.len, n.ptr, e.len, e.ptr);
+ if (err)
+ {
+ DBG1("loading public key failed: %s", gpg_strerror(err));
+ free(this);
+ return NULL;
+ }
+ if (!gcrypt_rsa_build_keyids(this->key, &this->keyid, &this->keyid_info))
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
+typedef struct private_builder_t private_builder_t;
+/**
+ * Builder implementation for key loading
+ */
+struct private_builder_t {
+ /** implements the builder interface */
+ builder_t public;
+ /** loaded public key */
+ gcrypt_rsa_public_key_t *key;
+};
+
+/**
+ * Implementation of builder_t.build
+ */
+static gcrypt_rsa_public_key_t *build(private_builder_t *this)
+{
+ gcrypt_rsa_public_key_t *key = this->key;
+
+ free(this);
+ return key;
+}
+
+/**
+ * Implementation of builder_t.add
+ */
+static void add(private_builder_t *this, builder_part_t part, ...)
+{
+ if (!this->key)
+ {
+ va_list args;
+
+ switch (part)
+ {
+ case BUILD_BLOB_ASN1_DER:
+ {
+ va_start(args, part);
+ this->key = load(va_arg(args, chunk_t));
+ va_end(args);
+ return;
+ }
+ default:
+ break;
+ }
+ }
+ if (this->key)
+ {
+ destroy((private_gcrypt_rsa_public_key_t*)this->key);
+ }
+ builder_cancel(&this->public);
+}
+
+/**
+ * Builder construction function
+ */
+builder_t *gcrypt_rsa_public_key_builder(key_type_t type)
+{
+ private_builder_t *this;
+
+ if (type != KEY_RSA)
+ {
+ return NULL;
+ }
+
+ this = malloc_thing(private_builder_t);
+
+ this->key = NULL;
+ this->public.add = (void(*)(builder_t *this, builder_part_t part, ...))add;
+ this->public.build = (void*(*)(builder_t *this))build;
+
+ return &this->public;
+}
+
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h
new file mode 100644
index 000000000..102547276
--- /dev/null
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_public_key.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup gcrypt_rsa_public_key gcrypt_rsa_public_key
+ * @{ @ingroup gcrypt_p
+ */
+
+#ifndef GCRYPT_RSA_PUBLIC_KEY_H_
+#define GCRYPT_RSA_PUBLIC_KEY_H_
+
+typedef struct gcrypt_rsa_public_key_t gcrypt_rsa_public_key_t;
+
+#include <credentials/keys/public_key.h>
+
+/**
+ * public_key_t implementation of RSA algorithm using libgcrypt.
+ */
+struct gcrypt_rsa_public_key_t {
+
+ /**
+ * Implements the public_key_t interface
+ */
+ public_key_t interface;
+};
+
+/**
+ * Create the builder for a public key.
+ *
+ * @param type type of the key, must be KEY_RSA
+ * @return builder instance
+ */
+builder_t *gcrypt_rsa_public_key_builder(key_type_t type);
+
+#endif /** GCRYPT_RSA_PUBLIC_KEY_H_ @}*/
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index c406f3af6..a60cd998c 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -88,6 +88,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -110,6 +111,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -121,6 +125,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -134,6 +139,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -194,6 +201,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -205,6 +213,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -227,8 +236,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -325,7 +334,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
index 294fb722f..a03e83e66 100644
--- a/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
+++ b/src/libstrongswan/plugins/gmp/gmp_diffie_hellman.c
@@ -14,8 +14,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: gmp_diffie_hellman.c 4566 2008-11-04 13:12:11Z martin $
*/
#include <gmp.h>
@@ -30,7 +28,7 @@
*/
static u_int8_t group1_modulus[] = {
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
- 0xC4,0xC6,0x62,0x8B,0x80 ,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+ 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
@@ -562,7 +560,7 @@ gmp_diffie_hellman_t *gmp_diffie_hellman_create(diffie_hellman_group_t group)
}
ansi_x9_42 = lib->settings->get_int(lib->settings,
- "charon.dh_exponent_ansi_x9_42", TRUE);
+ "libstrongswan.dh_exponent_ansi_x9_42", TRUE);
exponent_len = (ansi_x9_42) ? this->p_len : this->opt_exponent_len;
rng->allocate_bytes(rng, exponent_len, &random);
rng->destroy(rng);
diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c
index 7711b6d34..f6ea964c1 100644
--- a/src/libstrongswan/plugins/gmp/gmp_plugin.c
+++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: gmp_plugin.c 4309 2008-08-28 11:07:57Z martin $
*/
#include "gmp_plugin.h"
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
index e445dd670..cbc112762 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: gmp_rsa_private_key.c 4345 2008-09-17 08:10:48Z martin $
*/
#include <gmp.h>
@@ -28,6 +26,7 @@
#include <asn1/oid.h>
#include <asn1/asn1.h>
#include <asn1/asn1_parser.h>
+#include <pgp/pgp.h>
/**
* Public exponent to use for key generation.
@@ -112,11 +111,12 @@ struct private_gmp_rsa_private_key_t {
};
/**
- * shared functions, implemented in gmp_rsa_public_key.c
+ * Shared functions defined in gmp_rsa_public_key.c
*/
-bool gmp_rsa_public_key_build_id(mpz_t n, mpz_t e, identification_t **keyid,
- identification_t **keyid_info);
-gmp_rsa_public_key_t *gmp_rsa_public_key_create_from_n_e(mpz_t n, mpz_t e);
+extern bool gmp_rsa_public_key_build_id(mpz_t n, mpz_t e,
+ identification_t **keyid,
+ identification_t **keyid_info);
+extern gmp_rsa_public_key_t *gmp_rsa_public_key_create_from_n_e(mpz_t n, mpz_t e);
/**
* Auxiliary function overwriting private key material with zero bytes
@@ -141,10 +141,10 @@ static status_t compute_prime(private_gmp_rsa_private_key_t *this,
rng_t *rng;
chunk_t random_bytes;
- rng = lib->crypto->create_rng(lib->crypto, RNG_REAL);
+ rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE);
if (!rng)
{
- DBG1("no RNG of quality %N found", rng_quality_names, RNG_REAL);
+ DBG1("no RNG of quality %N found", rng_quality_names, RNG_TRUE);
return FAILED;
}
@@ -217,33 +217,44 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
hash_algorithm_t hash_algorithm,
chunk_t data, chunk_t *signature)
{
- hasher_t *hasher;
- chunk_t em, digestInfo, hash;
- int hash_oid = hasher_algorithm_to_oid(hash_algorithm);
-
- if (hash_oid == OID_UNKNOWN)
+ chunk_t digestInfo = chunk_empty;
+ chunk_t em;
+
+ if (hash_algorithm != HASH_UNKNOWN)
{
- return FALSE;
+ hasher_t *hasher;
+ chunk_t hash;
+ int hash_oid = hasher_algorithm_to_oid(hash_algorithm);
+
+ if (hash_oid == OID_UNKNOWN)
+ {
+ return FALSE;
+ }
+
+ hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
+ if (hasher == NULL)
+ {
+ return FALSE;
+ }
+ hasher->allocate_hash(hasher, data, &hash);
+ hasher->destroy(hasher);
+
+ /* build DER-encoded digestInfo */
+ digestInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
+ asn1_algorithmIdentifier(hash_oid),
+ asn1_simple_object(ASN1_OCTET_STRING, hash)
+ );
+ chunk_free(&hash);
+ data = digestInfo;
}
- /* get hasher */
- hasher = lib->crypto->create_hasher(lib->crypto, hash_algorithm);
- if (hasher == NULL)
+ if (data.len > this->k - 3)
{
+ free(digestInfo.ptr);
+ DBG1("unable to sign %d bytes using a %dbit key", data.len, this->k * 8);
return FALSE;
}
- /* build hash */
- hasher->allocate_hash(hasher, data, &hash);
- hasher->destroy(hasher);
-
- /* build DER-encoded digestInfo */
- digestInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
- asn1_algorithmIdentifier(hash_oid),
- asn1_simple_object(ASN1_OCTET_STRING, hash)
- );
- chunk_free(&hash);
-
/* build chunk to rsa-decrypt:
* EM = 0x00 || 0x01 || PS || 0x00 || T.
* PS = 0xFF padding, with length to fill em
@@ -257,9 +268,9 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
/* set magic bytes */
*(em.ptr) = 0x00;
*(em.ptr+1) = 0x01;
- *(em.ptr + em.len - digestInfo.len - 1) = 0x00;
+ *(em.ptr + em.len - data.len - 1) = 0x00;
/* set DER-encoded hash */
- memcpy(em.ptr + em.len - digestInfo.len, digestInfo.ptr, digestInfo.len);
+ memcpy(em.ptr + em.len - data.len, data.ptr, data.len);
/* build signature */
*signature = rsasp1(this, em);
@@ -271,7 +282,7 @@ static bool build_emsa_pkcs1_signature(private_gmp_rsa_private_key_t *this,
}
/**
- * Implementation of gmp_rsa_private_key.destroy.
+ * Implementation of gmp_rsa_private_key.get_type.
*/
static key_type_t get_type(private_gmp_rsa_private_key_t *this)
{
@@ -279,15 +290,15 @@ static key_type_t get_type(private_gmp_rsa_private_key_t *this)
}
/**
- * Implementation of gmp_rsa_private_key.destroy.
+ * Implementation of gmp_rsa_private_key.sign.
*/
static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme,
chunk_t data, chunk_t *signature)
{
switch (scheme)
{
- case SIGN_DEFAULT:
- /* default is EMSA-PKCS1 using SHA1 */
+ case SIGN_RSA_EMSA_PKCS1_NULL:
+ return build_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA1:
return build_emsa_pkcs1_signature(this, HASH_SHA1, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA256:
@@ -306,17 +317,46 @@ static bool sign(private_gmp_rsa_private_key_t *this, signature_scheme_t scheme,
}
/**
- * Implementation of gmp_rsa_private_key.destroy.
+ * Implementation of gmp_rsa_private_key.decrypt.
*/
-static bool decrypt(private_gmp_rsa_private_key_t *this,
- chunk_t crypto, chunk_t *plain)
+static bool decrypt(private_gmp_rsa_private_key_t *this, chunk_t crypto,
+ chunk_t *plain)
{
- DBG1("RSA private key decryption not implemented");
- return FALSE;
+ chunk_t em, stripped;
+ bool success = FALSE;
+
+ /* rsa decryption using PKCS#1 RSADP */
+ stripped = em = rsadp(this, crypto);
+
+ /* PKCS#1 v1.5 8.1 encryption-block formatting (EB = 00 || 02 || PS || 00 || D) */
+
+ /* check for hex pattern 00 02 in decrypted message */
+ if ((*stripped.ptr++ != 0x00) || (*(stripped.ptr++) != 0x02))
+ {
+ DBG1("incorrect padding - probably wrong rsa key");
+ goto end;
+ }
+ stripped.len -= 2;
+
+ /* the plaintext data starts after first 0x00 byte */
+ while (stripped.len-- > 0 && *stripped.ptr++ != 0x00)
+
+ if (stripped.len == 0)
+ {
+ DBG1("no plaintext data");
+ goto end;
+ }
+
+ *plain = chunk_clone(stripped);
+ success = TRUE;
+
+end:
+ chunk_clear(&em);
+ return success;
}
/**
- * Implementation of gmp_rsa_private_key.destroy.
+ * Implementation of gmp_rsa_private_key.get_keysize.
*/
static size_t get_keysize(private_gmp_rsa_private_key_t *this)
{
@@ -324,7 +364,7 @@ static size_t get_keysize(private_gmp_rsa_private_key_t *this)
}
/**
- * Implementation of gmp_rsa_private_key.destroy.
+ * Implementation of gmp_rsa_private_key.get_id.
*/
static identification_t* get_id(private_gmp_rsa_private_key_t *this,
id_type_t type)
@@ -349,7 +389,35 @@ static gmp_rsa_public_key_t* get_public_key(private_gmp_rsa_private_key_t *this)
}
/**
- * Implementation of gmp_rsa_private_key.destroy.
+ * Implementation of gmp_rsa_private_key.equals.
+ */
+static bool equals(private_gmp_rsa_private_key_t *this, private_key_t *other)
+{
+ identification_t *keyid;
+
+ if (&this->public.interface == other)
+ {
+ return TRUE;
+ }
+ if (other->get_type(other) != KEY_RSA)
+ {
+ return FALSE;
+ }
+ keyid = other->get_id(other, ID_PUBKEY_SHA1);
+ if (keyid && keyid->equals(keyid, this->keyid))
+ {
+ return TRUE;
+ }
+ keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
+ if (keyid && keyid->equals(keyid, this->keyid_info))
+ {
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ * Implementation of gmp_rsa_private_key.belongs_to.
*/
static bool belongs_to(private_gmp_rsa_private_key_t *this, public_key_t *public)
{
@@ -373,19 +441,27 @@ static bool belongs_to(private_gmp_rsa_private_key_t *this, public_key_t *public
}
/**
- * convert a MP integer into a DER coded ASN.1 object
+ * Convert a MP integer into a chunk_t
*/
-chunk_t gmp_mpz_to_asn1(const mpz_t value)
+chunk_t gmp_mpz_to_chunk(const mpz_t value)
{
chunk_t n;
- n.len = 1 + mpz_sizeinbase(value, 2) / 8; /* size in bytes */
+ n.len = 1 + mpz_sizeinbase(value, 2) / BITS_PER_BYTE;
n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, value);
if (n.ptr == NULL)
{ /* if we have zero in "value", gmp returns NULL */
n.len = 0;
}
- return asn1_wrap(ASN1_INTEGER, "m", n);
+ return n;
+}
+
+/**
+ * Convert a MP integer into a DER coded ASN.1 object
+ */
+chunk_t gmp_mpz_to_asn1(const mpz_t value)
+{
+ return asn1_wrap(ASN1_INTEGER, "m", gmp_mpz_to_chunk(value));
}
/**
@@ -406,7 +482,7 @@ static chunk_t get_encoding(private_gmp_rsa_private_key_t *this)
}
/**
- * Implementation of gmp_rsa_private_key.destroy.
+ * Implementation of gmp_rsa_private_key.get_ref.
*/
static private_gmp_rsa_private_key_t* get_ref(private_gmp_rsa_private_key_t *this)
{
@@ -447,14 +523,14 @@ static status_t check(private_gmp_rsa_private_key_t *this)
/* PKCS#1 1.5 section 6 requires modulus to have at least 12 octets.
* We actually require more (for security).
*/
- if (this->k < 512/8)
+ if (this->k < 512 / BITS_PER_BYTE)
{
DBG1("key shorter than 512 bits");
return FAILED;
}
/* we picked a max modulus size to simplify buffer allocation */
- if (this->k > 8192/8)
+ if (this->k > 8192 / BITS_PER_BYTE)
{
DBG1("key larger than 8192 bits");
return FAILED;
@@ -542,16 +618,17 @@ static private_gmp_rsa_private_key_t *gmp_rsa_private_key_create_empty(void)
{
private_gmp_rsa_private_key_t *this = malloc_thing(private_gmp_rsa_private_key_t);
- this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
- this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
- this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
- this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
- this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id;
- this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
- this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to;
- this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding;
- this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
+ this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type;
+ this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign;
+ this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt;
+ this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize;
+ this->public.interface.get_id = (identification_t* (*) (private_key_t*, id_type_t))get_id;
+ this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key;
+ this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals;
+ this->public.interface.belongs_to = (bool (*) (private_key_t*, public_key_t*))belongs_to;
+ this->public.interface.get_encoding = (chunk_t (*) (private_key_t*))get_encoding;
+ this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref;
+ this->public.interface.destroy = (void (*) (private_key_t*))destroy;
this->keyid = NULL;
this->keyid_info = NULL;
@@ -569,7 +646,7 @@ static gmp_rsa_private_key_t *generate(size_t key_size)
mpz_t m, q1, t;
private_gmp_rsa_private_key_t *this = gmp_rsa_private_key_create_empty();
- key_size = key_size / 8;
+ key_size = key_size / BITS_PER_BYTE;
/* Get values of primes p and q */
if (compute_prime(this, key_size/2, &p) != SUCCESS)
@@ -680,7 +757,7 @@ static const asn1Object_t privkeyObjects[] = {
/**
* load private key from a ASN1 encoded blob
*/
-static gmp_rsa_private_key_t *load(chunk_t blob)
+static gmp_rsa_private_key_t *load_asn1_der(chunk_t blob)
{
asn1_parser_t *parser;
chunk_t object;
@@ -708,6 +785,7 @@ static gmp_rsa_private_key_t *load(chunk_t blob)
case PRIV_KEY_VERSION:
if (object.len > 0 && *object.ptr != 0)
{
+ DBG1("PKCS#1 private key format is not version 1");
goto end;
}
break;
@@ -757,13 +835,144 @@ end:
destroy(this);
return NULL;
}
+ if (check(this) != SUCCESS)
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+}
+
+/**
+ * load private key from an OpenPGP blob coded according to section
+ */
+static gmp_rsa_private_key_t *load_pgp(chunk_t blob)
+{
+ mpz_t u;
+ int objectID;
+ chunk_t packet = blob;
+ private_gmp_rsa_private_key_t *this = gmp_rsa_private_key_create_empty();
+
+ mpz_init(this->n);
+ mpz_init(this->e);
+ mpz_init(this->p);
+ mpz_init(this->q);
+ mpz_init(this->d);
+ mpz_init(this->exp1);
+ mpz_init(this->exp2);
+ mpz_init(this->coeff);
+
+ for (objectID = PRIV_KEY_MODULUS; objectID <= PRIV_KEY_COEFF; objectID++)
+ {
+ chunk_t object;
+
+ switch (objectID)
+ {
+ case PRIV_KEY_PRIV_EXP:
+ {
+ pgp_sym_alg_t s2k;
+
+ /* string-to-key usage */
+ s2k = pgp_length(&packet, 1);
+ DBG2("L3 - string-to-key: %d", s2k);
+
+ if (s2k == 255 || s2k == 254)
+ {
+ DBG1("string-to-key specifiers not supported");
+ goto end;
+ }
+ DBG2(" %N", pgp_sym_alg_names, s2k);
+
+ if (s2k != PGP_SYM_ALG_PLAIN)
+ {
+ DBG1("%N encryption not supported", pgp_sym_alg_names, s2k);
+ goto end;
+ }
+ break;
+ }
+ case PRIV_KEY_EXP1:
+ case PRIV_KEY_EXP2:
+ /* not contained in OpenPGP secret key payload */
+ continue;
+ default:
+ break;
+ }
+
+ DBG2("L3 - %s:", privkeyObjects[objectID].name);
+ object.len = pgp_length(&packet, 2);
+
+ if (object.len == PGP_INVALID_LENGTH)
+ {
+ DBG1("OpenPGP length is invalid");
+ goto end;
+ }
+ object.len = (object.len + 7) / BITS_PER_BYTE;
+ if (object.len > packet.len)
+ {
+ DBG1("OpenPGP field is too short");
+ goto end;
+ }
+ object.ptr = packet.ptr;
+ packet.ptr += object.len;
+ packet.len -= object.len;
+ DBG4("%B", &object);
+
+ switch (objectID)
+ {
+ case PRIV_KEY_MODULUS:
+ mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr);
+ break;
+ case PRIV_KEY_PUB_EXP:
+ mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr);
+ break;
+ case PRIV_KEY_PRIV_EXP:
+ mpz_import(this->d, object.len, 1, 1, 1, 0, object.ptr);
+ break;
+ case PRIV_KEY_PRIME1:
+ mpz_import(this->q, object.len, 1, 1, 1, 0, object.ptr);
+ break;
+ case PRIV_KEY_PRIME2:
+ mpz_import(this->p, object.len, 1, 1, 1, 0, object.ptr);
+ break;
+ case PRIV_KEY_COEFF:
+ mpz_import(this->coeff, object.len, 1, 1, 1, 0, object.ptr);
+ break;
+ }
+ }
+
+ /* auxiliary variable */
+ mpz_init(u);
+
+ /* exp1 = d mod (p-1) */
+ mpz_sub_ui(u, this->p, 1);
+ mpz_mod(this->exp1, this->d, u);
+
+ /* exp2 = d mod (q-1) */
+ mpz_sub_ui(u, this->q, 1);
+ mpz_mod(this->exp2, this->d, u);
+
+ mpz_clear(u);
+ chunk_clear(&blob);
+
+ this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
+ if (!gmp_rsa_public_key_build_id(this->n, this->e,
+ &this->keyid, &this->keyid_info))
+ {
+ destroy(this);
+ return NULL;
+ }
if (check(this) != SUCCESS)
{
destroy(this);
return NULL;
}
return &this->public;
+
+end:
+ chunk_clear(&blob);
+ destroy(this);
+ return NULL;
}
typedef struct private_builder_t private_builder_t;
@@ -804,7 +1013,15 @@ static void add(private_builder_t *this, builder_part_t part, ...)
{
va_start(args, part);
chunk = va_arg(args, chunk_t);
- this->key = load(chunk_clone(chunk));
+ this->key = load_asn1_der(chunk_clone(chunk));
+ va_end(args);
+ return;
+ }
+ case BUILD_BLOB_PGP:
+ {
+ va_start(args, part);
+ chunk = va_arg(args, chunk_t);
+ this->key = load_pgp(chunk_clone(chunk));
va_end(args);
return;
}
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
index 8a89849cd..1f3e3072f 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: gmp_rsa_public_key.c 4345 2008-09-17 08:10:48Z martin $
*/
#include <gmp.h>
@@ -30,11 +28,7 @@
#include <asn1/asn1_parser.h>
#include <asn1/pem.h>
#include <crypto/hashers/hasher.h>
-
-/**
- * defined in gmp_rsa_private_key.c
- */
-extern chunk_t gmp_mpz_to_asn1(const mpz_t value);
+#include <pgp/pgp.h>
typedef struct private_gmp_rsa_public_key_t private_gmp_rsa_public_key_t;
@@ -79,6 +73,12 @@ struct private_gmp_rsa_public_key_t {
};
/**
+ * Shared functions defined in gmp_rsa_private_key.c
+ */
+extern chunk_t gmp_mpz_to_chunk(const mpz_t value);
+extern chunk_t gmp_mpz_to_asn1(const mpz_t value);
+
+/**
* RSAEP algorithm specified in PKCS#1.
*/
static chunk_t rsaep(private_gmp_rsa_public_key_t *this, chunk_t data)
@@ -140,11 +140,10 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
/* remove any preceding 0-bytes from signature */
while (signature.len && *(signature.ptr) == 0x00)
{
- signature.len -= 1;
- signature.ptr++;
+ signature = chunk_skip(signature, 1);
}
- if (signature.len > this->k)
+ if (signature.len == 0 || signature.len > this->k)
{
return INVALID_ARG;
}
@@ -163,8 +162,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
{
goto end;
}
- em.ptr += 2;
- em.len -= 2;
+ em = chunk_skip(em, 2);
/* find magic 0x00 */
while (em.len > 0)
@@ -172,8 +170,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
if (*em.ptr == 0x00)
{
/* found magic byte, stop */
- em.ptr++;
- em.len--;
+ em = chunk_skip(em, 1);
break;
}
else if (*em.ptr != 0xFF)
@@ -181,8 +178,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
/* bad padding, decryption failed ?!*/
goto end;
}
- em.ptr++;
- em.len--;
+ em = chunk_skip(em, 1);
}
if (em.len == 0)
@@ -191,13 +187,24 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
goto end;
}
- /* parse ASN.1-based digestInfo */
- {
+ if (algorithm == HASH_UNKNOWN)
+ { /* IKEv1 signatures without digestInfo */
+ if (em.len != data.len)
+ {
+ DBG1("hash size in signature is %u bytes instead of %u bytes",
+ em.len, data.len);
+ goto end;
+ }
+ success = memeq(em.ptr, data.ptr, data.len);
+ }
+ else
+ { /* IKEv2 and X.509 certificate signatures */
asn1_parser_t *parser;
chunk_t object;
int objectID;
hash_algorithm_t hash_algorithm = HASH_UNKNOWN;
+ DBG2("signature verification:");
parser = asn1_parser_create(digestInfoObjects, em);
while (parser->iterate(parser, &objectID, &object))
@@ -220,8 +227,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this,
parser->get_level(parser)+1, NULL);
hash_algorithm = hasher_algorithm_from_oid(hash_oid);
- if (hash_algorithm == HASH_UNKNOWN ||
- (algorithm != HASH_UNKNOWN && hash_algorithm != algorithm))
+ if (hash_algorithm == HASH_UNKNOWN || hash_algorithm != algorithm)
{
DBG1("expected hash algorithm %N, but found %N (OID: %#B)",
hash_algorithm_names, algorithm,
@@ -289,7 +295,7 @@ static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme
{
switch (scheme)
{
- case SIGN_DEFAULT: /* default is EMSA-PKCS1 using included OID */
+ case SIGN_RSA_EMSA_PKCS1_NULL:
return verify_emsa_pkcs1_signature(this, HASH_UNKNOWN, data, signature);
case SIGN_RSA_EMSA_PKCS1_MD5:
return verify_emsa_pkcs1_signature(this, HASH_MD5, data, signature);
@@ -308,12 +314,96 @@ static bool verify(private_gmp_rsa_public_key_t *this, signature_scheme_t scheme
}
}
+#define MIN_PS_PADDING 8
+
/**
- * Implementation of public_key_t.get_keysize.
+ * Implementation of public_key_t.encrypt.
+ */
+static bool encrypt_(private_gmp_rsa_public_key_t *this, chunk_t plain,
+ chunk_t *crypto)
+{
+ chunk_t em;
+ u_char *pos;
+ int padding, i;
+ rng_t *rng;
+
+ rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+ if (rng == NULL)
+ {
+ DBG1("no random generator available");
+ return FALSE;
+ }
+
+ /* number of pseudo-random padding octets */
+ padding = this->k - plain.len - 3;
+ if (padding < MIN_PS_PADDING)
+ {
+ DBG1("pseudo-random padding must be at least %d octets", MIN_PS_PADDING);
+ return FALSE;
+ }
+
+ /* padding according to PKCS#1 7.2.1 (RSAES-PKCS1-v1.5-ENCRYPT) */
+ DBG2("padding %u bytes of data to the rsa modulus size of %u bytes",
+ plain.len, this->k);
+ em.len = this->k;
+ em.ptr = malloc(em.len);
+ pos = em.ptr;
+ *pos++ = 0x00;
+ *pos++ = 0x02;
+
+ /* fill with pseudo random octets */
+ rng->get_bytes(rng, padding, pos);
+
+ /* replace zero-valued random octets */
+ for (i = 0; i < padding; i++)
+ {
+ while (*pos == 0)
+ {
+ rng->get_bytes(rng, 1, pos);
+ }
+ pos++;
+ }
+ rng->destroy(rng);
+
+ /* append the padding terminator */
+ *pos++ = 0x00;
+
+ /* now add the data */
+ memcpy(pos, plain.ptr, plain.len);
+ DBG3("padded data before rsa encryption: %B", &em);
+
+ /* rsa encryption using PKCS#1 RSAEP */
+ *crypto = rsaep(this, em);
+ DBG3("rsa encrypted data: %B", crypto);
+ chunk_clear(&em);
+ return TRUE;
+}
+
+/**
+ * Implementation of gmp_rsa_public_key.equals.
*/
-static bool encrypt(private_gmp_rsa_public_key_t *this, chunk_t crypto, chunk_t *plain)
+static bool equals(private_gmp_rsa_public_key_t *this, public_key_t *other)
{
- DBG1("RSA public key encryption not implemented");
+ identification_t *keyid;
+
+ if (&this->public.interface == other)
+ {
+ return TRUE;
+ }
+ if (other->get_type(other) != KEY_RSA)
+ {
+ return FALSE;
+ }
+ keyid = other->get_id(other, ID_PUBKEY_SHA1);
+ if (keyid && keyid->equals(keyid, this->keyid))
+ {
+ return TRUE;
+ }
+ keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
+ if (keyid && keyid->equals(keyid, this->keyid_info))
+ {
+ return TRUE;
+ }
return FALSE;
}
@@ -326,6 +416,46 @@ static size_t get_keysize(private_gmp_rsa_public_key_t *this)
}
/**
+ * Build the PGP version 3 RSA key identifier from n and e using
+ * MD5 hashed modulus and exponent. Also used in rsa_private_key.c.
+ */
+static identification_t* gmp_rsa_build_pgp_v3_keyid(mpz_t n, mpz_t e)
+{
+ identification_t *keyid;
+ chunk_t modulus, mod, exponent, exp, hash;
+ hasher_t *hasher;
+
+ hasher= lib->crypto->create_hasher(lib->crypto, HASH_MD5);
+ if (hasher == NULL)
+ {
+ DBG1("computation of PGP V3 keyid failed, no MD5 hasher is available");
+ return NULL;
+ }
+ mod = modulus = gmp_mpz_to_chunk(n);
+ exp = exponent = gmp_mpz_to_chunk(e);
+
+ /* remove leading zero bytes before hashing modulus and exponent */
+ while (mod.len > 0 && *mod.ptr == 0x00)
+ {
+ mod.ptr++;
+ mod.len--;
+ }
+ while (exp.len > 0 && *exp.ptr == 0x00)
+ {
+ exp.ptr++;
+ exp.len--;
+ }
+ hasher->allocate_hash(hasher, mod, NULL);
+ hasher->allocate_hash(hasher, exp, &hash);
+ hasher->destroy(hasher);
+ keyid = identification_create_from_encoding(ID_KEY_ID, hash);
+ free(hash.ptr);
+ free(modulus.ptr);
+ free(exponent.ptr);
+ return keyid;
+}
+
+/**
* Implementation of public_key_t.get_id.
*/
static identification_t *get_id(private_gmp_rsa_public_key_t *this,
@@ -337,6 +467,8 @@ static identification_t *get_id(private_gmp_rsa_public_key_t *this,
return this->keyid_info;
case ID_PUBKEY_SHA1:
return this->keyid;
+ case ID_KEY_ID:
+ return gmp_rsa_build_pgp_v3_keyid(this->n, this->e);
default:
return NULL;
}
@@ -383,14 +515,15 @@ static private_gmp_rsa_public_key_t *gmp_rsa_public_key_create_empty()
{
private_gmp_rsa_public_key_t *this = malloc_thing(private_gmp_rsa_public_key_t);
- this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
- this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
- this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt;
- this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
- this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id;
- this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding;
- this->public.interface.get_ref = (public_key_t* (*)(public_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(public_key_t *this))destroy;
+ this->public.interface.get_type = (key_type_t (*) (public_key_t*))get_type;
+ this->public.interface.verify = (bool (*) (public_key_t*, signature_scheme_t, chunk_t, chunk_t))verify;
+ this->public.interface.encrypt = (bool (*) (public_key_t*, chunk_t, chunk_t*))encrypt_;
+ this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals;
+ this->public.interface.get_keysize = (size_t (*) (public_key_t*))get_keysize;
+ this->public.interface.get_id = (identification_t* (*) (public_key_t*, id_type_t))get_id;
+ this->public.interface.get_encoding = (chunk_t(*) (public_key_t*))get_encoding;
+ this->public.interface.get_ref = (public_key_t* (*) (public_key_t *this))get_ref;
+ this->public.interface.destroy = (void (*) (public_key_t *this))destroy;
this->keyid = NULL;
this->keyid_info = NULL;
@@ -445,7 +578,7 @@ gmp_rsa_public_key_t *gmp_rsa_public_key_create_from_n_e(mpz_t n, mpz_t e)
mpz_init_set(this->n, n);
mpz_init_set(this->e, e);
- this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
+ this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
if (!gmp_rsa_public_key_build_id(this->n, this->e,
&this->keyid, &this->keyid_info))
{
@@ -469,9 +602,9 @@ static const asn1Object_t pubkeyObjects[] = {
#define PUB_KEY_EXPONENT 2
/**
- * Load a public key from an ASN1 encoded blob
+ * Load a public key from an ASN.1 encoded blob
*/
-static gmp_rsa_public_key_t *load(chunk_t blob)
+static gmp_rsa_public_key_t *load_asn1_der(chunk_t blob)
{
asn1_parser_t *parser;
chunk_t object;
@@ -507,7 +640,7 @@ static gmp_rsa_public_key_t *load(chunk_t blob)
return NULL;
}
- this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
+ this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
if (!gmp_rsa_public_key_build_id(this->n, this->e,
&this->keyid, &this->keyid_info))
@@ -518,6 +651,133 @@ static gmp_rsa_public_key_t *load(chunk_t blob)
return &this->public;
}
+/**
+ * Load a public key from an OpenPGP blob
+ */
+static gmp_rsa_public_key_t* load_pgp(chunk_t blob)
+{
+ int objectID;
+ chunk_t packet = blob;
+ private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty();
+
+ mpz_init(this->n);
+ mpz_init(this->e);
+
+ for (objectID = PUB_KEY_MODULUS; objectID <= PUB_KEY_EXPONENT; objectID++)
+ {
+ chunk_t object;
+
+ DBG2("L3 - %s:", pubkeyObjects[objectID].name);
+ object.len = pgp_length(&packet, 2);
+
+ if (object.len == PGP_INVALID_LENGTH)
+ {
+ DBG1("OpenPGP length is invalid");
+ goto end;
+ }
+ object.len = (object.len + 7) / BITS_PER_BYTE;
+ if (object.len > packet.len)
+ {
+ DBG1("OpenPGP field is too short");
+ goto end;
+ }
+ object.ptr = packet.ptr;
+ packet.ptr += object.len;
+ packet.len -= object.len;
+ DBG4("%B", &object);
+
+ switch (objectID)
+ {
+ case PUB_KEY_MODULUS:
+ mpz_import(this->n, object.len, 1, 1, 1, 0, object.ptr);
+ break;
+ case PUB_KEY_EXPONENT:
+ mpz_import(this->e, object.len, 1, 1, 1, 0, object.ptr);
+ break;
+ }
+ }
+
+ this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
+ free(blob.ptr);
+
+ if (!gmp_rsa_public_key_build_id(this->n, this->e,
+ &this->keyid, &this->keyid_info))
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+
+end:
+ free(blob.ptr);
+ destroy(this);
+ return NULL;
+}
+
+/**
+ * Load a public key from an RFC 3110 encoded blob
+ */
+static gmp_rsa_public_key_t *load_rfc_3110(chunk_t blob)
+{
+ chunk_t exponent, modulus;
+ u_char *pos = blob.ptr;
+ size_t len = blob.len;
+ private_gmp_rsa_public_key_t *this = gmp_rsa_public_key_create_empty();
+
+ mpz_init(this->n);
+ mpz_init(this->e);
+
+ if (blob.len < 3)
+ {
+ DBG1("RFC 3110 public key blob too short for exponent length");
+ goto end;
+ }
+ if (pos[0] != 0x00)
+ {
+ exponent = chunk_create(pos + 1, pos[0]);
+ pos++;
+ len--;
+ }
+ else
+ {
+ exponent = chunk_create(pos + 3, 256*pos[1] + pos[2]);
+ pos += 3;
+ len -= 3;
+ }
+ if (exponent.len > len)
+ {
+ DBG1("RFC 3110 public key blob too short for exponent");
+ goto end;
+ }
+ pos += exponent.len;
+ len -= exponent.len;
+
+ if (len == 0)
+ {
+ DBG1("RFC 3110 public key blob has zero length modulus");
+ goto end;
+ }
+ modulus = chunk_create(pos, len);
+
+ mpz_import(this->n, modulus.len, 1, 1, 1, 0, modulus.ptr);
+ mpz_import(this->e, exponent.len, 1, 1, 1, 0, exponent.ptr);
+ this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
+ free(blob.ptr);
+
+ if (!gmp_rsa_public_key_build_id(this->n, this->e,
+ &this->keyid, &this->keyid_info))
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+
+end:
+ free(blob.ptr);
+ destroy(this);
+ return NULL;
+}
+
typedef struct private_builder_t private_builder_t;
/**
* Builder implementation for key loading
@@ -556,7 +816,23 @@ static void add(private_builder_t *this, builder_part_t part, ...)
{
va_start(args, part);
chunk = va_arg(args, chunk_t);
- this->key = load(chunk_clone(chunk));
+ this->key = load_asn1_der(chunk_clone(chunk));
+ va_end(args);
+ return;
+ }
+ case BUILD_BLOB_PGP:
+ {
+ va_start(args, part);
+ chunk = va_arg(args, chunk_t);
+ this->key = load_pgp(chunk_clone(chunk));
+ va_end(args);
+ return;
+ }
+ case BUILD_BLOB_RFC_3110:
+ {
+ va_start(args, part);
+ chunk = va_arg(args, chunk_t);
+ this->key = load_rfc_3110(chunk_clone(chunk));
va_end(args);
return;
}
diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
index 46c8c3fd8..ed7b9429f 100644
--- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
+++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: gmp_rsa_public_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index 067763049..fc36bd9fa 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -88,6 +88,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -110,6 +111,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -121,6 +125,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -134,6 +139,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -194,6 +201,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -205,6 +213,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -224,8 +233,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -322,7 +331,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c
index b2f99bdc3..6dfa02233 100644
--- a/src/libstrongswan/plugins/hmac/hmac.c
+++ b/src/libstrongswan/plugins/hmac/hmac.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General hmac License
* for more details.
- *
- * $Id: hmac.c 3488 2008-02-21 15:10:02Z martin $
*/
#include <string.h>
diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c
index 7a09b7a4e..aa1e994b0 100644
--- a/src/libstrongswan/plugins/hmac/hmac_plugin.c
+++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: hmac_plugin.c 4997 2009-03-24 10:24:58Z martin $
*/
#include "hmac_plugin.h"
@@ -70,6 +68,8 @@ plugin_t *plugin_create()
(signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128,
(signer_constructor_t)hmac_signer_create);
+ lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160,
+ (signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128,
(signer_constructor_t)hmac_signer_create);
lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96,
diff --git a/src/libstrongswan/plugins/hmac/hmac_prf.c b/src/libstrongswan/plugins/hmac/hmac_prf.c
index 8d843bc5a..454d40be3 100644
--- a/src/libstrongswan/plugins/hmac/hmac_prf.c
+++ b/src/libstrongswan/plugins/hmac/hmac_prf.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: hmac_prf.c 3488 2008-02-21 15:10:02Z martin $
*/
#include "hmac_prf.h"
diff --git a/src/libstrongswan/plugins/hmac/hmac_signer.c b/src/libstrongswan/plugins/hmac/hmac_signer.c
index 89cae1716..b44bc2109 100644
--- a/src/libstrongswan/plugins/hmac/hmac_signer.c
+++ b/src/libstrongswan/plugins/hmac/hmac_signer.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: hmac_signer.c 4997 2009-03-24 10:24:58Z martin $
*/
#include <string.h>
@@ -155,6 +153,10 @@ hmac_signer_t *hmac_signer_create(integrity_algorithm_t algo)
hash = HASH_SHA1;
trunc = 16;
break;
+ case AUTH_HMAC_SHA1_160:
+ hash = HASH_SHA1;
+ trunc = 20;
+ break;
case AUTH_HMAC_MD5_96:
hash = HASH_MD5;
trunc = 12;
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index e0109c6e8..6eefc8546 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -87,6 +87,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -109,6 +110,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -120,6 +124,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -133,6 +138,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -193,6 +200,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -204,6 +212,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -222,8 +231,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -318,7 +327,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
index 8e55b800e..b2a40219f 100644
--- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c
+++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: ldap_fetcher.c 3693 2008-03-28 22:44:45Z andreas $
*/
#ifndef LDAP_DEPRECATED
diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.c b/src/libstrongswan/plugins/ldap/ldap_plugin.c
index 0925cb395..994f3db46 100644
--- a/src/libstrongswan/plugins/ldap/ldap_plugin.c
+++ b/src/libstrongswan/plugins/ldap/ldap_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: ldap_plugin.c 3529 2008-03-05 15:26:24Z martin $
*/
#include "ldap_plugin.h"
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index 4dbe8a6c4..efdb64e90 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -87,6 +87,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -109,6 +110,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -120,6 +124,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -133,6 +138,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -193,6 +200,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -204,6 +212,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -221,8 +230,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -317,7 +326,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/md4/md4_hasher.c b/src/libstrongswan/plugins/md4/md4_hasher.c
index 9053bc68d..3801110dc 100644
--- a/src/libstrongswan/plugins/md4/md4_hasher.c
+++ b/src/libstrongswan/plugins/md4/md4_hasher.c
@@ -17,8 +17,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: md4_hasher.c 4885 2009-02-19 10:16:45Z andreas $
*/
#include <string.h>
diff --git a/src/libstrongswan/plugins/md4/md4_plugin.c b/src/libstrongswan/plugins/md4/md4_plugin.c
index df77314f7..43ae6261d 100644
--- a/src/libstrongswan/plugins/md4/md4_plugin.c
+++ b/src/libstrongswan/plugins/md4/md4_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: md4_plugin.c 4885 2009-02-19 10:16:45Z andreas $
*/
#include "md4_plugin.h"
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index a73e78b05..15c98aba4 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -87,6 +87,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -109,6 +110,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -120,6 +124,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -133,6 +138,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -193,6 +200,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -204,6 +212,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -221,8 +230,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -317,7 +326,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/md5/md5_hasher.c b/src/libstrongswan/plugins/md5/md5_hasher.c
index 2354139bb..0ec5c073a 100644
--- a/src/libstrongswan/plugins/md5/md5_hasher.c
+++ b/src/libstrongswan/plugins/md5/md5_hasher.c
@@ -17,8 +17,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: md5_hasher.c 3488 2008-02-21 15:10:02Z martin $
*/
#include <string.h>
diff --git a/src/libstrongswan/plugins/md5/md5_plugin.c b/src/libstrongswan/plugins/md5/md5_plugin.c
index c1c9a0805..b1a3b495c 100644
--- a/src/libstrongswan/plugins/md5/md5_plugin.c
+++ b/src/libstrongswan/plugins/md5/md5_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: md5_plugin.c 3488 2008-02-21 15:10:02Z martin $
*/
#include "md5_plugin.h"
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index 9a16662b9..26b514ad6 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -87,6 +87,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -109,6 +110,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -120,6 +124,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -133,6 +138,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -193,6 +200,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -204,6 +212,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -224,8 +233,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -320,7 +329,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c
index 01f604fef..d0d5a3d15 100644
--- a/src/libstrongswan/plugins/mysql/mysql_database.c
+++ b/src/libstrongswan/plugins/mysql/mysql_database.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: mysql_database.c 4193 2008-07-21 11:13:06Z martin $
*/
#define _GNU_SOURCE
diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.c b/src/libstrongswan/plugins/mysql/mysql_plugin.c
index 29348ac14..92914ae6d 100644
--- a/src/libstrongswan/plugins/mysql/mysql_plugin.c
+++ b/src/libstrongswan/plugins/mysql/mysql_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: mysql_plugin.c 3488 2008-02-21 15:10:02Z martin $
*/
#include "mysql_plugin.h"
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index 0af89d377..0ebb5acf0 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -92,6 +92,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -114,6 +115,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -125,6 +129,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -138,6 +143,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -198,6 +205,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -209,6 +217,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -237,8 +246,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -341,7 +350,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c
index 5eddeb5f9..7f48f1009 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_crypter.c 4879 2009-02-18 19:41:33Z tobias $
*/
#include "openssl_crypter.h"
@@ -133,10 +131,12 @@ static void crypt(private_openssl_crypter_t *this, chunk_t data,
}
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
- EVP_CipherInit_ex(&ctx, this->cipher, NULL, this->key.ptr, iv.ptr, enc);
- EVP_CIPHER_CTX_set_padding(&ctx, 0); /* disable padding */
+ EVP_CipherInit_ex(&ctx, this->cipher, NULL, NULL, NULL, enc);
+ EVP_CIPHER_CTX_set_padding(&ctx, 0); /* disable padding */
+ EVP_CIPHER_CTX_set_key_length(&ctx, this->key.len);
+ EVP_CipherInit_ex(&ctx, NULL, NULL, this->key.ptr, iv.ptr, enc);
EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len);
- EVP_CipherFinal_ex(&ctx, out, &len); /* since padding is disabled this does nothing */
+ EVP_CipherFinal_ex(&ctx, out + len, &len); /* since padding is disabled this does nothing */
EVP_CIPHER_CTX_cleanup(&ctx);
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.h b/src/libstrongswan/plugins/openssl/openssl_crypter.h
index 4510fb7ee..e5a899418 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.h
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_crypter.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index 7c83b3dea..fe042efdc 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_diffie_hellman.c 4639 2008-11-12 15:09:24Z martin $
*/
#include <openssl/dh.h>
@@ -171,7 +169,7 @@ static status_t set_modulus(private_openssl_diffie_hellman_t *this)
bool ansi_x9_42;
ansi_x9_42 = lib->settings->get_bool(lib->settings,
- "charon.dh_exponent_ansi_x9_42", TRUE);
+ "libstrongswan.dh_exponent_ansi_x9_42", TRUE);
for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++)
{
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
index c67ce8970..bdc153812 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_diffie_hellman.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index 9a89ad045..c93acb75c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_ec_diffie_hellman.c 4566 2008-11-04 13:12:11Z martin $
*/
#include <openssl/ec.h>
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
index 6b135b36b..9d17aed57 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_ec_diffie_hellman.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index aeab15f26..d6b442ae9 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_ec_private_key.c 4317 2008-09-02 11:00:13Z martin $
*/
#include "openssl_ec_private_key.h"
@@ -130,36 +128,18 @@ static bool sig2chunk(const EC_GROUP *group, ECDSA_SIG *sig, chunk_t *chunk)
* Build the signature
*/
static bool build_signature(private_openssl_ec_private_key_t *this,
- int hash_type, chunk_t data, chunk_t *signature)
+ chunk_t hash, chunk_t *signature)
{
- chunk_t hash = chunk_empty;
- ECDSA_SIG *sig;
- bool ret = FALSE;
-
- if (!openssl_hash_chunk(hash_type, data, &hash))
- {
- return FALSE;
- }
-
- sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec);
+ ECDSA_SIG *sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec);
+ bool success;
+
if (!sig)
{
- goto error;
- }
-
- if (!sig2chunk(EC_KEY_get0_group(this->ec), sig, signature))
- {
- goto error;
- }
-
- ret = TRUE;
-error:
- chunk_free(&hash);
- if (sig)
- {
- ECDSA_SIG_free(sig);
+ return FALSE;
}
- return ret;
+ success = sig2chunk(EC_KEY_get0_group(this->ec), sig, signature);
+ ECDSA_SIG_free(sig);
+ return success;
}
/**
@@ -176,36 +156,51 @@ static key_type_t get_type(private_openssl_ec_private_key_t *this)
static bool sign(private_openssl_ec_private_key_t *this, signature_scheme_t scheme,
chunk_t data, chunk_t *signature)
{
- EC_GROUP *req_group;
- const EC_GROUP *my_group;
- int hash, curve;
-
- if (!lookup_scheme(scheme, &hash, &curve))
- {
- DBG1("signature scheme %N not supported in EC",
- signature_scheme_names, scheme);
- return FALSE;
- }
-
- req_group = EC_GROUP_new_by_curve_name(curve);
- if (!req_group)
+ bool success;
+
+ if (scheme == SIGN_ECDSA_WITH_NULL)
{
- DBG1("signature scheme %N not supported in EC (required curve not supported)",
- signature_scheme_names, scheme);
- return FALSE;
+ success = build_signature(this, data, signature);
}
-
- my_group = EC_KEY_get0_group(this->ec);
- if (EC_GROUP_cmp(my_group, req_group, NULL) != 0)
+ else
{
- DBG1("signature scheme %N not supported by private key",
- signature_scheme_names, scheme);
- return FALSE;
- }
+ EC_GROUP *req_group;
+ const EC_GROUP *my_group;
+ chunk_t hash = chunk_empty;
+ int hash_type, curve;
+
+ if (!lookup_scheme(scheme, &hash_type, &curve))
+ {
+ DBG1("signature scheme %N not supported in EC",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
- EC_GROUP_free(req_group);
+ req_group = EC_GROUP_new_by_curve_name(curve);
+ if (!req_group)
+ {
+ DBG1("signature scheme %N not supported in EC (required curve not supported)",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
- return build_signature(this, hash, data, signature);
+ my_group = EC_KEY_get0_group(this->ec);
+ if (EC_GROUP_cmp(my_group, req_group, NULL) != 0)
+ {
+ DBG1("signature scheme %N not supported by private key",
+ signature_scheme_names, scheme);
+ return FALSE;
+ }
+ EC_GROUP_free(req_group);
+
+ if (!openssl_hash_chunk(hash_type, data, &hash))
+ {
+ return FALSE;
+ }
+ success = build_signature(this, hash, signature);
+ chunk_free(&hash);
+ }
+ return success;
}
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
index 29588ce18..6a6f7c867 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_ec_private_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index 923df3938..635a106dd 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_ec_public_key.c 4317 2008-09-02 11:00:13Z martin $
*/
#include "openssl_ec_public_key.h"
@@ -75,9 +73,16 @@ static bool verify_signature(private_openssl_ec_public_key_t *this,
ECDSA_SIG *sig;
bool valid = FALSE;
- if (!openssl_hash_chunk(hash_type, data, &hash))
+ if (hash_type == NID_undef)
{
- return FALSE;
+ hash = data;
+ }
+ else
+ {
+ if (!openssl_hash_chunk(hash_type, data, &hash))
+ {
+ return FALSE;
+ }
}
sig = ECDSA_SIG_new();
@@ -90,7 +95,6 @@ static bool verify_signature(private_openssl_ec_public_key_t *this,
{
goto error;
}
-
valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1);
error:
@@ -98,7 +102,10 @@ error:
{
ECDSA_SIG_free(sig);
}
- chunk_free(&hash);
+ if (hash_type != NID_undef)
+ {
+ chunk_free(&hash);
+ }
return valid;
}
@@ -160,6 +167,8 @@ static bool verify(private_openssl_ec_public_key_t *this, signature_scheme_t sch
{
switch (scheme)
{
+ case SIGN_ECDSA_WITH_NULL:
+ return verify_signature(this, NID_undef, data, signature);
case SIGN_ECDSA_WITH_SHA1:
return verify_default_signature(this, data, signature);
case SIGN_ECDSA_256:
@@ -178,7 +187,7 @@ static bool verify(private_openssl_ec_public_key_t *this, signature_scheme_t sch
/**
* Implementation of public_key_t.get_keysize.
*/
-static bool encrypt(private_openssl_ec_public_key_t *this, chunk_t crypto, chunk_t *plain)
+static bool encrypt_(private_openssl_ec_public_key_t *this, chunk_t crypto, chunk_t *plain)
{
DBG1("EC public key encryption not implemented");
return FALSE;
@@ -279,7 +288,7 @@ static private_openssl_ec_public_key_t *openssl_ec_public_key_create_empty()
this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
- this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt;
+ this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_;
this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id;
this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding;
@@ -331,24 +340,6 @@ bool openssl_ec_public_key_build_id(EC_KEY *ec, identification_t **keyid,
}
/**
- * Create a public key from BIGNUM values, used in openssl_ec_private_key.c
- */
-openssl_ec_public_key_t *openssl_ec_public_key_create_from_private_key(EC_KEY *ec)
-{
- private_openssl_ec_public_key_t *this = openssl_ec_public_key_create_empty();
-
- this->ec = EC_KEY_new();
- EC_KEY_set_public_key(this->ec, EC_KEY_get0_public_key(ec));
-
- if (!openssl_ec_public_key_build_id(this->ec, &this->keyid, &this->keyid_info))
- {
- destroy(this);
- return NULL;
- }
- return &this->public;
-}
-
-/**
* Load a public key from an ASN1 encoded blob
*/
static openssl_ec_public_key_t *load(chunk_t blob)
@@ -374,6 +365,14 @@ static openssl_ec_public_key_t *load(chunk_t blob)
return &this->public;
}
+/**
+ * Create a public key from BIGNUM values, used in openssl_ec_private_key.c
+ */
+openssl_ec_public_key_t *openssl_ec_public_key_create_from_private_key(EC_KEY *ec)
+{
+ return (openssl_ec_public_key_t*)load(get_encoding_full(ec));
+}
+
typedef struct private_builder_t private_builder_t;
/**
* Builder implementation for key loading
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
index 83552d590..bdbb2fe6e 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_ec_public_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c
index d344dbd51..ed3e57957 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hasher.c
+++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_hasher.c 4879 2009-02-18 19:41:33Z tobias $
*/
#include "openssl_hasher.h"
diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.h b/src/libstrongswan/plugins/openssl/openssl_hasher.h
index 52699f7ff..aec5bc7dd 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hasher.h
+++ b/src/libstrongswan/plugins/openssl/openssl_hasher.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_hasher.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 725daff01..a90dff7f1 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_plugin.c 4879 2009-02-18 19:41:33Z tobias $
*/
#include <openssl/conf.h>
@@ -121,7 +119,7 @@ static void destroy_function(struct CRYPTO_dynlock_value *lock,
*/
static unsigned long id_function(void)
{
- return pthread_self();
+ return (unsigned long)pthread_self();
}
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.h b/src/libstrongswan/plugins/openssl/openssl_plugin.h
index a6d2a060e..9f422c9d0 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.h
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_plugin.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 9730e0ab2..c5d4142da 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_rsa_private_key.c 4745 2008-12-03 10:12:20Z tobias $
*/
#include "openssl_rsa_private_key.h"
@@ -80,65 +78,75 @@ openssl_rsa_public_key_t *openssl_rsa_public_key_create_from_n_e(BIGNUM *n, BIGN
* Build an EMPSA PKCS1 signature described in PKCS#1
*/
static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this,
- int type, chunk_t data, chunk_t *out)
+ int type, chunk_t data, chunk_t *sig)
{
bool success = FALSE;
- u_char *sig = NULL;
- u_int len;
- const EVP_MD *hasher = EVP_get_digestbynid(type);
- if (!hasher)
- {
- return FALSE;
- }
-
- EVP_MD_CTX *ctx = EVP_MD_CTX_create();
- EVP_PKEY *key = EVP_PKEY_new();
- if (!ctx || !key)
- {
- goto error;
- }
-
- if (!EVP_PKEY_set1_RSA(key, this->rsa))
- {
- goto error;
- }
-
- if (!EVP_SignInit_ex(ctx, hasher, NULL))
- {
- goto error;
- }
-
- if (!EVP_SignUpdate(ctx, data.ptr, data.len))
- {
- goto error;
- }
-
- sig = malloc(EVP_PKEY_size(key));
- if (EVP_SignFinal(ctx, sig, &len, key))
+
+ *sig = chunk_alloc(RSA_size(this->rsa));
+
+ if (type == NID_undef)
{
- out->ptr = sig;
- out->len = len;
- success = TRUE;
+ if (RSA_private_encrypt(data.len, data.ptr, sig->ptr, this->rsa,
+ RSA_PKCS1_PADDING) == sig->len)
+ {
+ success = TRUE;
+ }
}
else
{
- free(sig);
- }
+ EVP_MD_CTX *ctx;
+ EVP_PKEY *key;
+ const EVP_MD *hasher;
+ u_int len;
+
+ hasher = EVP_get_digestbynid(type);
+ if (!hasher)
+ {
+ return FALSE;
+ }
+
+ ctx = EVP_MD_CTX_create();
+ key = EVP_PKEY_new();
+ if (!ctx || !key)
+ {
+ goto error;
+ }
+ if (!EVP_PKEY_set1_RSA(key, this->rsa))
+ {
+ goto error;
+ }
+ if (!EVP_SignInit_ex(ctx, hasher, NULL))
+ {
+ goto error;
+ }
+ if (!EVP_SignUpdate(ctx, data.ptr, data.len))
+ {
+ goto error;
+ }
+ if (EVP_SignFinal(ctx, sig->ptr, &len, key))
+ {
+ success = TRUE;
+ }
error:
- if (key)
- {
- EVP_PKEY_free(key);
+ if (key)
+ {
+ EVP_PKEY_free(key);
+ }
+ if (ctx)
+ {
+ EVP_MD_CTX_destroy(ctx);
+ }
}
- if (ctx)
+ if (!success)
{
- EVP_MD_CTX_destroy(ctx);
+ free(sig->ptr);
}
return success;
}
/**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.get_type.
*/
static key_type_t get_type(private_openssl_rsa_private_key_t *this)
{
@@ -146,15 +154,15 @@ static key_type_t get_type(private_openssl_rsa_private_key_t *this)
}
/**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.sign.
*/
static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t scheme,
chunk_t data, chunk_t *signature)
{
switch (scheme)
{
- case SIGN_DEFAULT:
- /* default is EMSA-PKCS1 using SHA1 */
+ case SIGN_RSA_EMSA_PKCS1_NULL:
+ return build_emsa_pkcs1_signature(this, NID_undef, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA1:
return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA256:
@@ -173,7 +181,7 @@ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t sch
}
/**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.decrypt.
*/
static bool decrypt(private_openssl_rsa_private_key_t *this,
chunk_t crypto, chunk_t *plain)
@@ -183,7 +191,7 @@ static bool decrypt(private_openssl_rsa_private_key_t *this,
}
/**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.get_keysize.
*/
static size_t get_keysize(private_openssl_rsa_private_key_t *this)
{
@@ -191,7 +199,7 @@ static size_t get_keysize(private_openssl_rsa_private_key_t *this)
}
/**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.get_id.
*/
static identification_t* get_id(private_openssl_rsa_private_key_t *this,
id_type_t type)
@@ -208,7 +216,7 @@ static identification_t* get_id(private_openssl_rsa_private_key_t *this,
}
/**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.get_public_key.
*/
static openssl_rsa_public_key_t* get_public_key(private_openssl_rsa_private_key_t *this)
{
@@ -216,7 +224,35 @@ static openssl_rsa_public_key_t* get_public_key(private_openssl_rsa_private_key_
}
/**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.equals.
+ */
+static bool equals(private_openssl_rsa_private_key_t *this, private_key_t *other)
+{
+ identification_t *keyid;
+
+ if (&this->public.interface == other)
+ {
+ return TRUE;
+ }
+ if (other->get_type(other) != KEY_RSA)
+ {
+ return FALSE;
+ }
+ keyid = other->get_id(other, ID_PUBKEY_SHA1);
+ if (keyid && keyid->equals(keyid, this->keyid))
+ {
+ return TRUE;
+ }
+ keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
+ if (keyid && keyid->equals(keyid, this->keyid_info))
+ {
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ * Implementation of openssl_rsa_private_key.belongs_to.
*/
static bool belongs_to(private_openssl_rsa_private_key_t *this, public_key_t *public)
{
@@ -255,7 +291,7 @@ static chunk_t get_encoding(private_openssl_rsa_private_key_t *this)
}
/**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.get_ref.
*/
static private_openssl_rsa_private_key_t* get_ref(private_openssl_rsa_private_key_t *this)
{
@@ -288,16 +324,17 @@ static private_openssl_rsa_private_key_t *openssl_rsa_private_key_create_empty(v
{
private_openssl_rsa_private_key_t *this = malloc_thing(private_openssl_rsa_private_key_t);
- this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
- this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
- this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
- this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
- this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id;
- this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
- this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to;
- this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding;
- this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
- this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
+ this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type;
+ this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign;
+ this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt;
+ this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize;
+ this->public.interface.get_id = (identification_t* (*) (private_key_t*, id_type_t))get_id;
+ this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key;
+ this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals;
+ this->public.interface.belongs_to = (bool (*) (private_key_t*, public_key_t*))belongs_to;
+ this->public.interface.get_encoding = (chunk_t(*) (private_key_t*))get_encoding;
+ this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref;
+ this->public.interface.destroy = (void (*) (private_key_t*))destroy;
this->engine = FALSE;
this->keyid = NULL;
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
index 05d83416c..53ec44b28 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_rsa_private_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index 794fa8123..89912f24c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_rsa_public_key.c 4567 2008-11-04 14:05:42Z martin $
*/
#include "openssl_rsa_public_key.h"
@@ -62,49 +60,65 @@ static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this,
int type, chunk_t data, chunk_t signature)
{
bool valid = FALSE;
- const EVP_MD *hasher = EVP_get_digestbynid(type);
- if (!hasher)
- {
- return FALSE;
- }
-
- EVP_MD_CTX *ctx = EVP_MD_CTX_create();
- EVP_PKEY *key = EVP_PKEY_new();
- if (!ctx || !key)
- {
- goto error;
- }
-
- if (!EVP_PKEY_set1_RSA(key, this->rsa))
- {
- goto error;
- }
-
- if (!EVP_VerifyInit_ex(ctx, hasher, NULL))
+ int rsa_size = RSA_size(this->rsa);
+
+ /* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */
+ if (signature.len > rsa_size)
{
- goto error;
+ signature = chunk_skip(signature, signature.len - rsa_size);
}
-
- if (!EVP_VerifyUpdate(ctx, data.ptr, data.len))
+
+ if (type == NID_undef)
{
- goto error;
+ chunk_t hash = chunk_alloc(rsa_size);
+
+ hash.len = RSA_public_decrypt(signature.len, signature.ptr, hash.ptr,
+ this->rsa, RSA_PKCS1_PADDING);
+ valid = chunk_equals(data, hash);
+ free(hash.ptr);
}
-
- /* VerifyFinal expects a signature of exactly RSA size (no leading 0x00) */
- if (signature.len > RSA_size(this->rsa))
+ else
{
- signature = chunk_skip(signature, signature.len - RSA_size(this->rsa));
- }
- valid = (EVP_VerifyFinal(ctx, signature.ptr, signature.len, key) == 1);
+ EVP_MD_CTX *ctx;
+ EVP_PKEY *key;
+ const EVP_MD *hasher;
+
+ hasher = EVP_get_digestbynid(type);
+ if (!hasher)
+ {
+ return FALSE;
+ }
+
+ ctx = EVP_MD_CTX_create();
+ key = EVP_PKEY_new();
+
+ if (!ctx || !key)
+ {
+ goto error;
+ }
+ if (!EVP_PKEY_set1_RSA(key, this->rsa))
+ {
+ goto error;
+ }
+ if (!EVP_VerifyInit_ex(ctx, hasher, NULL))
+ {
+ goto error;
+ }
+ if (!EVP_VerifyUpdate(ctx, data.ptr, data.len))
+ {
+ goto error;
+ }
+ valid = (EVP_VerifyFinal(ctx, signature.ptr, signature.len, key) == 1);
error:
- if (key)
- {
- EVP_PKEY_free(key);
- }
- if (ctx)
- {
- EVP_MD_CTX_destroy(ctx);
+ if (key)
+ {
+ EVP_PKEY_free(key);
+ }
+ if (ctx)
+ {
+ EVP_MD_CTX_destroy(ctx);
+ }
}
return valid;
}
@@ -125,8 +139,8 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc
{
switch (scheme)
{
- case SIGN_DEFAULT:
- /* default is EMSA-PKCS1 using SHA1 */
+ case SIGN_RSA_EMSA_PKCS1_NULL:
+ return verify_emsa_pkcs1_signature(this, NID_undef, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA1:
return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
case SIGN_RSA_EMSA_PKCS1_SHA256:
@@ -147,13 +161,41 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc
/**
* Implementation of public_key_t.get_keysize.
*/
-static bool encrypt(private_openssl_rsa_public_key_t *this, chunk_t crypto, chunk_t *plain)
+static bool encrypt_(private_openssl_rsa_public_key_t *this, chunk_t crypto, chunk_t *plain)
{
DBG1("RSA public key encryption not implemented");
return FALSE;
}
/**
+ * Implementation of public_key_t.equals.
+ */
+static bool equals(private_openssl_rsa_public_key_t *this, public_key_t *other)
+{
+ identification_t *keyid;
+
+ if (&this->public.interface == other)
+ {
+ return TRUE;
+ }
+ if (other->get_type(other) != KEY_RSA)
+ {
+ return FALSE;
+ }
+ keyid = other->get_id(other, ID_PUBKEY_SHA1);
+ if (keyid && keyid->equals(keyid, this->keyid))
+ {
+ return TRUE;
+ }
+ keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
+ if (keyid && keyid->equals(keyid, this->keyid_info))
+ {
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
* Implementation of public_key_t.get_keysize.
*/
static size_t get_keysize(private_openssl_rsa_public_key_t *this)
@@ -263,7 +305,8 @@ static private_openssl_rsa_public_key_t *openssl_rsa_public_key_create_empty()
this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
- this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt;
+ this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_;
+ this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals;
this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id;
this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding;
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
index c97ba1b92..ff99ddbc5 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_rsa_public_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c
index 3c4f6595b..bb0c296e1 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.c
+++ b/src/libstrongswan/plugins/openssl/openssl_util.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_util.c 4051 2008-06-10 09:08:27Z tobias $
*/
#include "openssl_util.h"
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h
index e780e2a25..6ba1ff07b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.h
+++ b/src/libstrongswan/plugins/openssl/openssl_util.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: openssl_util.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index 290b4836d..7fe0cc198 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -89,6 +89,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -111,6 +112,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -122,6 +126,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -135,6 +140,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -195,6 +202,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -206,6 +214,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -227,8 +236,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -325,7 +334,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
index f6f9b3501..afdd85b79 100644
--- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
+++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "padlock_aes_crypter.h"
diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c
index d0b55bcd9..dddb73551 100644
--- a/src/libstrongswan/plugins/padlock/padlock_plugin.c
+++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "padlock_plugin.h"
@@ -159,7 +157,7 @@ plugin_t *plugin_create()
if (this->features & PADLOCK_RNG_ENABLED)
{
- lib->crypto->add_rng(lib->crypto, RNG_REAL,
+ lib->crypto->add_rng(lib->crypto, RNG_TRUE,
(rng_constructor_t)padlock_rng_create);
lib->crypto->add_rng(lib->crypto, RNG_STRONG,
(rng_constructor_t)padlock_rng_create);
diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.c b/src/libstrongswan/plugins/padlock/padlock_rng.c
index 50d9f0c43..8a04dccfc 100644
--- a/src/libstrongswan/plugins/padlock/padlock_rng.c
+++ b/src/libstrongswan/plugins/padlock/padlock_rng.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "padlock_rng.h"
@@ -126,7 +124,7 @@ padlock_rng_t *padlock_rng_create(rng_quality_t quality)
case RNG_STRONG:
this->quality = PADLOCK_QF1;
break;
- case RNG_REAL:
+ case RNG_TRUE:
this->quality = PADLOCK_QF3;
break;
}
diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.h b/src/libstrongswan/plugins/padlock/padlock_rng.h
index 505f4649c..237d8fbe2 100644
--- a/src/libstrongswan/plugins/padlock/padlock_rng.h
+++ b/src/libstrongswan/plugins/padlock/padlock_rng.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
/**
diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
index 4ac5ddf4d..b5a6abc64 100644
--- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
+++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include <string.h>
diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c
index 6480a2760..ad5a9e240 100644
--- a/src/libstrongswan/plugins/plugin_loader.c
+++ b/src/libstrongswan/plugins/plugin_loader.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: plugin_loader.c 4144 2008-07-02 08:19:43Z martin $
*/
#define _GNU_SOURCE
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index eb5e19f08..4514424f2 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -89,6 +89,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -111,6 +112,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -122,6 +126,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -135,6 +140,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -195,6 +202,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -206,6 +214,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -226,8 +235,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -323,7 +332,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
index 762557094..863a8a1d4 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "pubkey_cert.h"
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.h b/src/libstrongswan/plugins/pubkey/pubkey_cert.h
index b04824fee..394fc8b98 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_cert.h
+++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
/**
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
index dd7ac6fd1..7672e8dc1 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "pubkey_plugin.h"
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_public_key.c b/src/libstrongswan/plugins/pubkey/pubkey_public_key.c
index 4b5f4aac2..6d3ae66ab 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_public_key.c
+++ b/src/libstrongswan/plugins/pubkey/pubkey_public_key.c
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: pubkey_public_key.c 4379 2008-10-08 01:19:26Z andreas $
*/
#include "pubkey_public_key.h"
@@ -147,7 +145,7 @@ static void add(private_builder_t *this, builder_part_t part, ...)
va_start(args, part);
pem = va_arg(args, char *);
blob = chunk_clone(chunk_create(pem, strlen(pem)));
- if (pem_to_bin(&blob, &chunk_empty, &pgp))
+ if (pem_to_bin(&blob, chunk_empty, &pgp) == SUCCESS)
{
this->key = pubkey_public_key_load(chunk_clone(blob));
}
diff --git a/src/libstrongswan/plugins/pubkey/pubkey_public_key.h b/src/libstrongswan/plugins/pubkey/pubkey_public_key.h
index 0545feeee..d3198fab2 100644
--- a/src/libstrongswan/plugins/pubkey/pubkey_public_key.h
+++ b/src/libstrongswan/plugins/pubkey/pubkey_public_key.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: pubkey_public_key.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index f5e3c4cc9..0bed27468 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -88,6 +88,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -110,6 +111,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -121,6 +125,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -134,6 +139,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -194,6 +201,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -205,6 +213,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -224,8 +233,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -320,7 +329,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c
index 3eff81ee0..5f04f1d79 100644
--- a/src/libstrongswan/plugins/random/random_plugin.c
+++ b/src/libstrongswan/plugins/random/random_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "random_plugin.h"
@@ -54,7 +52,7 @@ plugin_t *plugin_create()
lib->crypto->add_rng(lib->crypto, RNG_STRONG,
(rng_constructor_t)random_rng_create);
- lib->crypto->add_rng(lib->crypto, RNG_REAL,
+ lib->crypto->add_rng(lib->crypto, RNG_TRUE,
(rng_constructor_t)random_rng_create);
return &this->public.plugin;
diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c
index 45a1b5138..22d21574e 100644
--- a/src/libstrongswan/plugins/random/random_rng.c
+++ b/src/libstrongswan/plugins/random/random_rng.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include <string.h>
@@ -114,7 +112,7 @@ random_rng_t *random_rng_create(rng_quality_t quality)
this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes;
this->public.rng.destroy = (void (*) (rng_t *))destroy;
- if (quality == RNG_REAL)
+ if (quality == RNG_TRUE)
{
this->file = DEV_RANDOM;
}
diff --git a/src/libstrongswan/plugins/random/random_rng.h b/src/libstrongswan/plugins/random/random_rng.h
index 3426d694e..bcb9cb204 100644
--- a/src/libstrongswan/plugins/random/random_rng.h
+++ b/src/libstrongswan/plugins/random/random_rng.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
/**
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index ece7381b2..c8b8905bb 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -88,6 +88,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -110,6 +111,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -121,6 +125,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -134,6 +139,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -194,6 +201,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -205,6 +213,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -224,8 +233,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -321,7 +330,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.c b/src/libstrongswan/plugins/sha1/sha1_hasher.c
index ea0882cb5..ba3dd9592 100644
--- a/src/libstrongswan/plugins/sha1/sha1_hasher.c
+++ b/src/libstrongswan/plugins/sha1/sha1_hasher.c
@@ -15,8 +15,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: sha1_hasher.c 4308 2008-08-28 10:57:24Z martin $
*/
#include <string.h>
diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.c b/src/libstrongswan/plugins/sha1/sha1_plugin.c
index 58f0faf56..b9eb62ac5 100644
--- a/src/libstrongswan/plugins/sha1/sha1_plugin.c
+++ b/src/libstrongswan/plugins/sha1/sha1_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: sha1_plugin.c 4308 2008-08-28 10:57:24Z martin $
*/
#include "sha1_plugin.h"
diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.c b/src/libstrongswan/plugins/sha1/sha1_prf.c
index 668801caf..4a5f7c293 100644
--- a/src/libstrongswan/plugins/sha1/sha1_prf.c
+++ b/src/libstrongswan/plugins/sha1/sha1_prf.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "sha1_prf.h"
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index 6b28b68a1..f37c93502 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -87,6 +87,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -109,6 +110,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -120,6 +124,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -133,6 +138,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -193,6 +200,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -204,6 +212,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -221,8 +230,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -317,7 +326,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.c b/src/libstrongswan/plugins/sha2/sha2_hasher.c
index ca9c2f926..0e8811cca 100644
--- a/src/libstrongswan/plugins/sha2/sha2_hasher.c
+++ b/src/libstrongswan/plugins/sha2/sha2_hasher.c
@@ -14,8 +14,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: sha2_hasher.c 3488 2008-02-21 15:10:02Z martin $
*/
#include <string.h>
diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.c b/src/libstrongswan/plugins/sha2/sha2_plugin.c
index ebb2947ef..21bc592dc 100644
--- a/src/libstrongswan/plugins/sha2/sha2_plugin.c
+++ b/src/libstrongswan/plugins/sha2/sha2_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: sha2_plugin.c 3488 2008-02-21 15:10:02Z martin $
*/
#include "sha2_plugin.h"
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index e6732a195..547548bd7 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -89,6 +89,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -111,6 +112,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -122,6 +126,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -135,6 +140,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -195,6 +202,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -206,6 +214,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -226,8 +235,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -322,7 +331,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c
index c8d9e5beb..ce873b714 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_database.c
+++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: sqlite_database.c 4268 2008-08-21 11:58:58Z andreas $
*/
#include "sqlite_database.h"
diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
index 441e59a5e..bedf91e0f 100644
--- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
+++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: sqlite_plugin.c 3488 2008-02-21 15:10:02Z martin $
*/
#include "sqlite_plugin.h"
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am
new file mode 100644
index 000000000..27d17c084
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.am
@@ -0,0 +1,33 @@
+
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+
+AM_CFLAGS = -rdynamic
+
+plugin_LTLIBRARIES = libstrongswan-test-vectors.la
+
+libstrongswan_test_vectors_la_SOURCES = \
+ test_vectors_plugin.h test_vectors_plugin.c test_vectors.h \
+ test_vectors/3des_cbc.c \
+ test_vectors/aes_cbc.c \
+ test_vectors/aes_xcbc.c \
+ test_vectors/blowfish.c \
+ test_vectors/camellia_cbc.c \
+ test_vectors/cast.c \
+ test_vectors/des.c \
+ test_vectors/idea.c \
+ test_vectors/null.c \
+ test_vectors/rc5.c \
+ test_vectors/serpent_cbc.c \
+ test_vectors/twofish_cbc.c \
+ test_vectors/md2.c \
+ test_vectors/md4.c \
+ test_vectors/md5.c \
+ test_vectors/md5_hmac.c \
+ test_vectors/sha1.c \
+ test_vectors/sha1_hmac.c \
+ test_vectors/sha2.c \
+ test_vectors/sha2_hmac.c \
+ test_vectors/fips_prf.c \
+ test_vectors/rng.c
+libstrongswan_test_vectors_la_LDFLAGS = -module
+
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
new file mode 100644
index 000000000..bb877620c
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -0,0 +1,710 @@
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src/libstrongswan/plugins/test_vectors
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_CLEAN_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = `echo $$p | sed -e 's|^.*/||'`;
+am__installdirs = "$(DESTDIR)$(plugindir)"
+pluginLTLIBRARIES_INSTALL = $(INSTALL)
+LTLIBRARIES = $(plugin_LTLIBRARIES)
+libstrongswan_test_vectors_la_LIBADD =
+am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \
+ 3des_cbc.lo aes_cbc.lo aes_xcbc.lo blowfish.lo camellia_cbc.lo \
+ cast.lo des.lo idea.lo null.lo rc5.lo serpent_cbc.lo \
+ twofish_cbc.lo md2.lo md4.lo md5.lo md5_hmac.lo sha1.lo \
+ sha1_hmac.lo sha2.lo sha2_hmac.lo fips_prf.lo rng.lo
+libstrongswan_test_vectors_la_OBJECTS = \
+ $(am_libstrongswan_test_vectors_la_OBJECTS)
+libstrongswan_test_vectors_la_LINK = $(LIBTOOL) --tag=CC \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
+ $(AM_CFLAGS) $(CFLAGS) \
+ $(libstrongswan_test_vectors_la_LDFLAGS) $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_test_vectors_la_SOURCES)
+DIST_SOURCES = $(libstrongswan_test_vectors_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GPERF = @GPERF@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@
+IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LINUX_HEADERS = @LINUX_HEADERS@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PERL = @PERL@
+PKG_CONFIG = @PKG_CONFIG@
+RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+confdir = @confdir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+gtk_CFLAGS = @gtk_CFLAGS@
+gtk_LIBS = @gtk_LIBS@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+ipsecdir = @ipsecdir@
+ipsecgroup = @ipsecgroup@
+ipsecuser = @ipsecuser@
+libdir = @libdir@
+libexecdir = @libexecdir@
+libstrongswan_plugins = @libstrongswan_plugins@
+linuxdir = @linuxdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nm_CFLAGS = @nm_CFLAGS@
+nm_LIBS = @nm_LIBS@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+piddir = @piddir@
+plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+resolv_conf = @resolv_conf@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+simreader = @simreader@
+srcdir = @srcdir@
+strongswan_conf = @strongswan_conf@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+xml_CFLAGS = @xml_CFLAGS@
+xml_LIBS = @xml_LIBS@
+INCLUDES = -I$(top_srcdir)/src/libstrongswan
+AM_CFLAGS = -rdynamic
+plugin_LTLIBRARIES = libstrongswan-test-vectors.la
+libstrongswan_test_vectors_la_SOURCES = \
+ test_vectors_plugin.h test_vectors_plugin.c test_vectors.h \
+ test_vectors/3des_cbc.c \
+ test_vectors/aes_cbc.c \
+ test_vectors/aes_xcbc.c \
+ test_vectors/blowfish.c \
+ test_vectors/camellia_cbc.c \
+ test_vectors/cast.c \
+ test_vectors/des.c \
+ test_vectors/idea.c \
+ test_vectors/null.c \
+ test_vectors/rc5.c \
+ test_vectors/serpent_cbc.c \
+ test_vectors/twofish_cbc.c \
+ test_vectors/md2.c \
+ test_vectors/md4.c \
+ test_vectors/md5.c \
+ test_vectors/md5_hmac.c \
+ test_vectors/sha1.c \
+ test_vectors/sha1_hmac.c \
+ test_vectors/sha2.c \
+ test_vectors/sha2_hmac.c \
+ test_vectors/fips_prf.c \
+ test_vectors/rng.c
+
+libstrongswan_test_vectors_la_LDFLAGS = -module
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile'; \
+ cd $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)"
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ if test -f $$p; then \
+ f=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \
+ else :; fi; \
+ done
+
+uninstall-pluginLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ p=$(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \
+ done
+
+clean-pluginLTLIBRARIES:
+ -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
+ @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libstrongswan-test-vectors.la: $(libstrongswan_test_vectors_la_OBJECTS) $(libstrongswan_test_vectors_la_DEPENDENCIES)
+ $(libstrongswan_test_vectors_la_LINK) -rpath $(plugindir) $(libstrongswan_test_vectors_la_OBJECTS) $(libstrongswan_test_vectors_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/3des_cbc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_cbc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_xcbc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/blowfish.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/camellia_cbc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cast.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/des.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fips_prf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/idea.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md2.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md4.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5_hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/null.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rc5.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rng.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/serpent_cbc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha1_hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha2.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha2_hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_vectors_plugin.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/twofish_cbc.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+3des_cbc.lo: test_vectors/3des_cbc.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT 3des_cbc.lo -MD -MP -MF $(DEPDIR)/3des_cbc.Tpo -c -o 3des_cbc.lo `test -f 'test_vectors/3des_cbc.c' || echo '$(srcdir)/'`test_vectors/3des_cbc.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/3des_cbc.Tpo $(DEPDIR)/3des_cbc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/3des_cbc.c' object='3des_cbc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o 3des_cbc.lo `test -f 'test_vectors/3des_cbc.c' || echo '$(srcdir)/'`test_vectors/3des_cbc.c
+
+aes_cbc.lo: test_vectors/aes_cbc.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_cbc.lo -MD -MP -MF $(DEPDIR)/aes_cbc.Tpo -c -o aes_cbc.lo `test -f 'test_vectors/aes_cbc.c' || echo '$(srcdir)/'`test_vectors/aes_cbc.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/aes_cbc.Tpo $(DEPDIR)/aes_cbc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_cbc.c' object='aes_cbc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_cbc.lo `test -f 'test_vectors/aes_cbc.c' || echo '$(srcdir)/'`test_vectors/aes_cbc.c
+
+aes_xcbc.lo: test_vectors/aes_xcbc.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_xcbc.lo -MD -MP -MF $(DEPDIR)/aes_xcbc.Tpo -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/aes_xcbc.Tpo $(DEPDIR)/aes_xcbc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_xcbc.c' object='aes_xcbc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c
+
+blowfish.lo: test_vectors/blowfish.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT blowfish.lo -MD -MP -MF $(DEPDIR)/blowfish.Tpo -c -o blowfish.lo `test -f 'test_vectors/blowfish.c' || echo '$(srcdir)/'`test_vectors/blowfish.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/blowfish.Tpo $(DEPDIR)/blowfish.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/blowfish.c' object='blowfish.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o blowfish.lo `test -f 'test_vectors/blowfish.c' || echo '$(srcdir)/'`test_vectors/blowfish.c
+
+camellia_cbc.lo: test_vectors/camellia_cbc.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT camellia_cbc.lo -MD -MP -MF $(DEPDIR)/camellia_cbc.Tpo -c -o camellia_cbc.lo `test -f 'test_vectors/camellia_cbc.c' || echo '$(srcdir)/'`test_vectors/camellia_cbc.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/camellia_cbc.Tpo $(DEPDIR)/camellia_cbc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/camellia_cbc.c' object='camellia_cbc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o camellia_cbc.lo `test -f 'test_vectors/camellia_cbc.c' || echo '$(srcdir)/'`test_vectors/camellia_cbc.c
+
+cast.lo: test_vectors/cast.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cast.lo -MD -MP -MF $(DEPDIR)/cast.Tpo -c -o cast.lo `test -f 'test_vectors/cast.c' || echo '$(srcdir)/'`test_vectors/cast.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/cast.Tpo $(DEPDIR)/cast.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/cast.c' object='cast.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o cast.lo `test -f 'test_vectors/cast.c' || echo '$(srcdir)/'`test_vectors/cast.c
+
+des.lo: test_vectors/des.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT des.lo -MD -MP -MF $(DEPDIR)/des.Tpo -c -o des.lo `test -f 'test_vectors/des.c' || echo '$(srcdir)/'`test_vectors/des.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/des.Tpo $(DEPDIR)/des.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/des.c' object='des.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o des.lo `test -f 'test_vectors/des.c' || echo '$(srcdir)/'`test_vectors/des.c
+
+idea.lo: test_vectors/idea.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT idea.lo -MD -MP -MF $(DEPDIR)/idea.Tpo -c -o idea.lo `test -f 'test_vectors/idea.c' || echo '$(srcdir)/'`test_vectors/idea.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/idea.Tpo $(DEPDIR)/idea.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/idea.c' object='idea.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o idea.lo `test -f 'test_vectors/idea.c' || echo '$(srcdir)/'`test_vectors/idea.c
+
+null.lo: test_vectors/null.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT null.lo -MD -MP -MF $(DEPDIR)/null.Tpo -c -o null.lo `test -f 'test_vectors/null.c' || echo '$(srcdir)/'`test_vectors/null.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/null.Tpo $(DEPDIR)/null.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/null.c' object='null.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o null.lo `test -f 'test_vectors/null.c' || echo '$(srcdir)/'`test_vectors/null.c
+
+rc5.lo: test_vectors/rc5.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rc5.lo -MD -MP -MF $(DEPDIR)/rc5.Tpo -c -o rc5.lo `test -f 'test_vectors/rc5.c' || echo '$(srcdir)/'`test_vectors/rc5.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/rc5.Tpo $(DEPDIR)/rc5.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/rc5.c' object='rc5.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rc5.lo `test -f 'test_vectors/rc5.c' || echo '$(srcdir)/'`test_vectors/rc5.c
+
+serpent_cbc.lo: test_vectors/serpent_cbc.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT serpent_cbc.lo -MD -MP -MF $(DEPDIR)/serpent_cbc.Tpo -c -o serpent_cbc.lo `test -f 'test_vectors/serpent_cbc.c' || echo '$(srcdir)/'`test_vectors/serpent_cbc.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/serpent_cbc.Tpo $(DEPDIR)/serpent_cbc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/serpent_cbc.c' object='serpent_cbc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o serpent_cbc.lo `test -f 'test_vectors/serpent_cbc.c' || echo '$(srcdir)/'`test_vectors/serpent_cbc.c
+
+twofish_cbc.lo: test_vectors/twofish_cbc.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT twofish_cbc.lo -MD -MP -MF $(DEPDIR)/twofish_cbc.Tpo -c -o twofish_cbc.lo `test -f 'test_vectors/twofish_cbc.c' || echo '$(srcdir)/'`test_vectors/twofish_cbc.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/twofish_cbc.Tpo $(DEPDIR)/twofish_cbc.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/twofish_cbc.c' object='twofish_cbc.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o twofish_cbc.lo `test -f 'test_vectors/twofish_cbc.c' || echo '$(srcdir)/'`test_vectors/twofish_cbc.c
+
+md2.lo: test_vectors/md2.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md2.lo -MD -MP -MF $(DEPDIR)/md2.Tpo -c -o md2.lo `test -f 'test_vectors/md2.c' || echo '$(srcdir)/'`test_vectors/md2.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/md2.Tpo $(DEPDIR)/md2.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/md2.c' object='md2.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md2.lo `test -f 'test_vectors/md2.c' || echo '$(srcdir)/'`test_vectors/md2.c
+
+md4.lo: test_vectors/md4.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md4.lo -MD -MP -MF $(DEPDIR)/md4.Tpo -c -o md4.lo `test -f 'test_vectors/md4.c' || echo '$(srcdir)/'`test_vectors/md4.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/md4.Tpo $(DEPDIR)/md4.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/md4.c' object='md4.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md4.lo `test -f 'test_vectors/md4.c' || echo '$(srcdir)/'`test_vectors/md4.c
+
+md5.lo: test_vectors/md5.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md5.lo -MD -MP -MF $(DEPDIR)/md5.Tpo -c -o md5.lo `test -f 'test_vectors/md5.c' || echo '$(srcdir)/'`test_vectors/md5.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/md5.Tpo $(DEPDIR)/md5.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/md5.c' object='md5.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md5.lo `test -f 'test_vectors/md5.c' || echo '$(srcdir)/'`test_vectors/md5.c
+
+md5_hmac.lo: test_vectors/md5_hmac.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md5_hmac.lo -MD -MP -MF $(DEPDIR)/md5_hmac.Tpo -c -o md5_hmac.lo `test -f 'test_vectors/md5_hmac.c' || echo '$(srcdir)/'`test_vectors/md5_hmac.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/md5_hmac.Tpo $(DEPDIR)/md5_hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/md5_hmac.c' object='md5_hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md5_hmac.lo `test -f 'test_vectors/md5_hmac.c' || echo '$(srcdir)/'`test_vectors/md5_hmac.c
+
+sha1.lo: test_vectors/sha1.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1.lo -MD -MP -MF $(DEPDIR)/sha1.Tpo -c -o sha1.lo `test -f 'test_vectors/sha1.c' || echo '$(srcdir)/'`test_vectors/sha1.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sha1.Tpo $(DEPDIR)/sha1.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/sha1.c' object='sha1.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1.lo `test -f 'test_vectors/sha1.c' || echo '$(srcdir)/'`test_vectors/sha1.c
+
+sha1_hmac.lo: test_vectors/sha1_hmac.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1_hmac.lo -MD -MP -MF $(DEPDIR)/sha1_hmac.Tpo -c -o sha1_hmac.lo `test -f 'test_vectors/sha1_hmac.c' || echo '$(srcdir)/'`test_vectors/sha1_hmac.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sha1_hmac.Tpo $(DEPDIR)/sha1_hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/sha1_hmac.c' object='sha1_hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1_hmac.lo `test -f 'test_vectors/sha1_hmac.c' || echo '$(srcdir)/'`test_vectors/sha1_hmac.c
+
+sha2.lo: test_vectors/sha2.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha2.lo -MD -MP -MF $(DEPDIR)/sha2.Tpo -c -o sha2.lo `test -f 'test_vectors/sha2.c' || echo '$(srcdir)/'`test_vectors/sha2.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sha2.Tpo $(DEPDIR)/sha2.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/sha2.c' object='sha2.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha2.lo `test -f 'test_vectors/sha2.c' || echo '$(srcdir)/'`test_vectors/sha2.c
+
+sha2_hmac.lo: test_vectors/sha2_hmac.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha2_hmac.lo -MD -MP -MF $(DEPDIR)/sha2_hmac.Tpo -c -o sha2_hmac.lo `test -f 'test_vectors/sha2_hmac.c' || echo '$(srcdir)/'`test_vectors/sha2_hmac.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sha2_hmac.Tpo $(DEPDIR)/sha2_hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/sha2_hmac.c' object='sha2_hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha2_hmac.lo `test -f 'test_vectors/sha2_hmac.c' || echo '$(srcdir)/'`test_vectors/sha2_hmac.c
+
+fips_prf.lo: test_vectors/fips_prf.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fips_prf.lo -MD -MP -MF $(DEPDIR)/fips_prf.Tpo -c -o fips_prf.lo `test -f 'test_vectors/fips_prf.c' || echo '$(srcdir)/'`test_vectors/fips_prf.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/fips_prf.Tpo $(DEPDIR)/fips_prf.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/fips_prf.c' object='fips_prf.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fips_prf.lo `test -f 'test_vectors/fips_prf.c' || echo '$(srcdir)/'`test_vectors/fips_prf.c
+
+rng.lo: test_vectors/rng.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rng.lo -MD -MP -MF $(DEPDIR)/rng.Tpo -c -o rng.lo `test -f 'test_vectors/rng.c' || echo '$(srcdir)/'`test_vectors/rng.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/rng.Tpo $(DEPDIR)/rng.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/rng.c' object='rng.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rng.lo `test -f 'test_vectors/rng.c' || echo '$(srcdir)/'`test_vectors/rng.c
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$tags $$unique; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ tags=; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$tags$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$tags $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && cd $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) $$here
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
+ fi; \
+ cp -pR $$d/$$file $(distdir)$$dir || exit 1; \
+ else \
+ test -f $(distdir)/$$file \
+ || cp -p $$d/$$file $(distdir)/$$file \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(plugindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+info: info-am
+
+info-am:
+
+install-data-am: install-pluginLTLIBRARIES
+
+install-dvi: install-dvi-am
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-info: install-info-am
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-pluginLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-pluginLTLIBRARIES ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-pluginLTLIBRARIES \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h
new file mode 100644
index 000000000..df5a9c9a8
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h
@@ -0,0 +1,159 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+TEST_VECTOR_CRYPTER(aes_cbc1)
+TEST_VECTOR_CRYPTER(aes_cbc2)
+TEST_VECTOR_CRYPTER(aes_cbc3)
+TEST_VECTOR_CRYPTER(aes_cbc4)
+TEST_VECTOR_CRYPTER(aes_cbc5)
+TEST_VECTOR_CRYPTER(aes_cbc6)
+TEST_VECTOR_CRYPTER(blowfish1)
+TEST_VECTOR_CRYPTER(blowfish2)
+TEST_VECTOR_CRYPTER(camellia_cbc1)
+TEST_VECTOR_CRYPTER(camellia_cbc2)
+TEST_VECTOR_CRYPTER(camellia_cbc3)
+TEST_VECTOR_CRYPTER(camellia_cbc4)
+TEST_VECTOR_CRYPTER(camellia_cbc5)
+TEST_VECTOR_CRYPTER(camellia_cbc6)
+TEST_VECTOR_CRYPTER(cast1)
+TEST_VECTOR_CRYPTER(des_cbc1)
+TEST_VECTOR_CRYPTER(des_cbc2)
+TEST_VECTOR_CRYPTER(des_ecb1)
+TEST_VECTOR_CRYPTER(des_ecb2)
+TEST_VECTOR_CRYPTER(des3_cbc1)
+TEST_VECTOR_CRYPTER(des3_cbc2)
+TEST_VECTOR_CRYPTER(idea1)
+TEST_VECTOR_CRYPTER(idea2)
+TEST_VECTOR_CRYPTER(null1)
+TEST_VECTOR_CRYPTER(rc5_1)
+TEST_VECTOR_CRYPTER(rc5_2)
+TEST_VECTOR_CRYPTER(serpent_cbc1)
+TEST_VECTOR_CRYPTER(serpent_cbc2)
+TEST_VECTOR_CRYPTER(serpent_cbc3)
+TEST_VECTOR_CRYPTER(serpent_cbc4)
+TEST_VECTOR_CRYPTER(serpent_cbc5)
+TEST_VECTOR_CRYPTER(serpent_cbc6)
+TEST_VECTOR_CRYPTER(twofish_cbc1)
+TEST_VECTOR_CRYPTER(twofish_cbc2)
+TEST_VECTOR_CRYPTER(twofish_cbc3)
+
+TEST_VECTOR_SIGNER(aes_xcbc_s1)
+TEST_VECTOR_SIGNER(aes_xcbc_s2)
+TEST_VECTOR_SIGNER(aes_xcbc_s3)
+TEST_VECTOR_SIGNER(aes_xcbc_s4)
+TEST_VECTOR_SIGNER(aes_xcbc_s5)
+TEST_VECTOR_SIGNER(md5_hmac_s1)
+TEST_VECTOR_SIGNER(md5_hmac_s2)
+TEST_VECTOR_SIGNER(md5_hmac_s3)
+TEST_VECTOR_SIGNER(md5_hmac_s4)
+TEST_VECTOR_SIGNER(sha1_hmac_s1)
+TEST_VECTOR_SIGNER(sha1_hmac_s2)
+TEST_VECTOR_SIGNER(sha1_hmac_s3)
+TEST_VECTOR_SIGNER(sha1_hmac_s4)
+TEST_VECTOR_SIGNER(sha1_hmac_s5)
+TEST_VECTOR_SIGNER(sha1_hmac_s6)
+TEST_VECTOR_SIGNER(sha256_hmac_s1)
+TEST_VECTOR_SIGNER(sha256_hmac_s2)
+TEST_VECTOR_SIGNER(sha256_hmac_s3)
+TEST_VECTOR_SIGNER(sha384_hmac_s1)
+TEST_VECTOR_SIGNER(sha384_hmac_s2)
+TEST_VECTOR_SIGNER(sha384_hmac_s3)
+TEST_VECTOR_SIGNER(sha512_hmac_s1)
+TEST_VECTOR_SIGNER(sha512_hmac_s2)
+TEST_VECTOR_SIGNER(sha512_hmac_s3)
+
+TEST_VECTOR_HASHER(md2_1)
+TEST_VECTOR_HASHER(md2_2)
+TEST_VECTOR_HASHER(md2_3)
+TEST_VECTOR_HASHER(md2_4)
+TEST_VECTOR_HASHER(md2_5)
+TEST_VECTOR_HASHER(md2_6)
+TEST_VECTOR_HASHER(md2_7)
+TEST_VECTOR_HASHER(md4_1)
+TEST_VECTOR_HASHER(md4_2)
+TEST_VECTOR_HASHER(md4_3)
+TEST_VECTOR_HASHER(md4_4)
+TEST_VECTOR_HASHER(md4_5)
+TEST_VECTOR_HASHER(md4_6)
+TEST_VECTOR_HASHER(md4_7)
+TEST_VECTOR_HASHER(md5_1)
+TEST_VECTOR_HASHER(md5_2)
+TEST_VECTOR_HASHER(md5_3)
+TEST_VECTOR_HASHER(md5_4)
+TEST_VECTOR_HASHER(md5_5)
+TEST_VECTOR_HASHER(md5_6)
+TEST_VECTOR_HASHER(md5_7)
+TEST_VECTOR_HASHER(sha1_1)
+TEST_VECTOR_HASHER(sha1_2)
+TEST_VECTOR_HASHER(sha1_3)
+TEST_VECTOR_HASHER(sha256_1)
+TEST_VECTOR_HASHER(sha256_2)
+TEST_VECTOR_HASHER(sha256_3)
+TEST_VECTOR_HASHER(sha384_1)
+TEST_VECTOR_HASHER(sha384_2)
+TEST_VECTOR_HASHER(sha384_3)
+TEST_VECTOR_HASHER(sha512_1)
+TEST_VECTOR_HASHER(sha512_2)
+TEST_VECTOR_HASHER(sha512_3)
+
+TEST_VECTOR_PRF(aes_xcbc_p1)
+TEST_VECTOR_PRF(aes_xcbc_p2)
+TEST_VECTOR_PRF(aes_xcbc_p3)
+TEST_VECTOR_PRF(aes_xcbc_p4)
+TEST_VECTOR_PRF(aes_xcbc_p5)
+TEST_VECTOR_PRF(aes_xcbc_p6)
+TEST_VECTOR_PRF(aes_xcbc_p7)
+TEST_VECTOR_PRF(md5_hmac_p1)
+TEST_VECTOR_PRF(md5_hmac_p2)
+TEST_VECTOR_PRF(md5_hmac_p3)
+TEST_VECTOR_PRF(md5_hmac_p4)
+TEST_VECTOR_PRF(md5_hmac_p5)
+TEST_VECTOR_PRF(md5_hmac_p6)
+TEST_VECTOR_PRF(sha1_hmac_p1)
+TEST_VECTOR_PRF(sha1_hmac_p2)
+TEST_VECTOR_PRF(sha1_hmac_p3)
+TEST_VECTOR_PRF(sha1_hmac_p4)
+TEST_VECTOR_PRF(sha1_hmac_p5)
+TEST_VECTOR_PRF(sha1_hmac_p6)
+TEST_VECTOR_PRF(sha256_hmac_p1)
+TEST_VECTOR_PRF(sha256_hmac_p2)
+TEST_VECTOR_PRF(sha256_hmac_p3)
+TEST_VECTOR_PRF(sha256_hmac_p4)
+TEST_VECTOR_PRF(sha256_hmac_p5)
+TEST_VECTOR_PRF(sha256_hmac_p6)
+TEST_VECTOR_PRF(sha384_hmac_p1)
+TEST_VECTOR_PRF(sha384_hmac_p2)
+TEST_VECTOR_PRF(sha384_hmac_p3)
+TEST_VECTOR_PRF(sha384_hmac_p4)
+TEST_VECTOR_PRF(sha384_hmac_p5)
+TEST_VECTOR_PRF(sha384_hmac_p6)
+TEST_VECTOR_PRF(sha512_hmac_p1)
+TEST_VECTOR_PRF(sha512_hmac_p2)
+TEST_VECTOR_PRF(sha512_hmac_p3)
+TEST_VECTOR_PRF(sha512_hmac_p4)
+TEST_VECTOR_PRF(sha512_hmac_p5)
+TEST_VECTOR_PRF(sha512_hmac_p6)
+TEST_VECTOR_PRF(fips_prf_1)
+
+TEST_VECTOR_RNG(rng_monobit_1)
+TEST_VECTOR_RNG(rng_monobit_2)
+TEST_VECTOR_RNG(rng_monobit_3)
+TEST_VECTOR_RNG(rng_poker_1)
+TEST_VECTOR_RNG(rng_poker_2)
+TEST_VECTOR_RNG(rng_poker_3)
+TEST_VECTOR_RNG(rng_runs_1)
+TEST_VECTOR_RNG(rng_runs_2)
+TEST_VECTOR_RNG(rng_runs_3)
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c
new file mode 100644
index 000000000..de5658da7
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/3des_cbc.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * Example 1 from NIST 3DES MMT
+ */
+crypter_test_vector_t des3_cbc1 = {
+ .alg = ENCR_3DES, .key_size = 24, .len = 8,
+ .key = "\x62\x7f\x46\x0e\x08\x10\x4a\x10"
+ "\x43\xcd\x26\x5d\x58\x40\xea\xf1"
+ "\x31\x3e\xdf\x97\xdf\x2a\x8a\x8c",
+ .iv = "\x8e\x29\xf7\x5e\xa7\x7e\x54\x75",
+ .plain = "\x32\x6a\x49\x4c\xd3\x3f\xe7\x56",
+ .cipher = "\xb2\x2b\x8d\x66\xde\x97\x06\x92"
+};
+
+/**
+ * Example 2 from NIST 3DES MMT
+ */
+crypter_test_vector_t des3_cbc2 = {
+ .alg = ENCR_3DES, .key_size = 24, .len = 16,
+ .key = "\x37\xae\x5e\xbf\x46\xdf\xf2\xdc"
+ "\x07\x54\xb9\x4f\x31\xcb\xb3\x85"
+ "\x5e\x7f\xd3\x6d\xc8\x70\xbf\xae",
+ .iv = "\x3d\x1d\xe3\xcc\x13\x2e\x3b\x65",
+ .plain = "\x84\x40\x1f\x78\xfe\x6c\x10\x87\x6d\x8e\xa2\x30\x94\xea\x53\x09",
+ .cipher = "\x7b\x1f\x7c\x7e\x3b\x1c\x94\x8e\xbd\x04\xa7\x5f\xfb\xa7\xd2\xf5"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cbc.c
new file mode 100644
index 000000000..26aadb444
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cbc.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * Test 1 of RFC3602
+ */
+crypter_test_vector_t aes_cbc1 = {
+ .alg = ENCR_AES_CBC, .key_size = 16, .len = 16,
+ .key = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b\x51\x2e\x03\xd5\x34\x12\x00\x06",
+ .iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30\xb4\x22\xda\x80\x2c\x9f\xac\x41",
+ .plain = "Single block msg",
+ .cipher = "\xe3\x53\x77\x9c\x10\x79\xae\xb8\x27\x08\x94\x2d\xbe\x77\x18\x1a"
+};
+
+/**
+ * Test 2 of RFC3602
+ */
+crypter_test_vector_t aes_cbc2 = {
+ .alg = ENCR_AES_CBC, .key_size = 16, .len = 32,
+ .key = "\xc2\x86\x69\x6d\x88\x7c\x9a\xa0\x61\x1b\xbb\x3e\x20\x25\xa4\x5a",
+ .iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
+ .plain = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .cipher = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a\x3a\x86\x30\x28\xb5\xe1\xdc\x0a"
+ "\x75\x86\x60\x2d\x25\x3c\xff\xf9\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1"
+};
+
+/**
+ * Test 3 of RFC3602
+ */
+crypter_test_vector_t aes_cbc3 = {
+ .alg = ENCR_AES_CBC, .key_size = 16, .len = 64,
+ .key = "\x56\xe4\x7a\x38\xc5\x59\x89\x74\xbc\x46\x90\x3d\xba\x29\x03\x49",
+ .iv = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c\x44\x69\x9e\xd7\xdb\x51\xb7\xd9",
+ .plain = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
+ "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
+ "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
+ "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf",
+ .cipher = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e\x6a\xff\x6a\xf0\x86\x9f\x71\xaa"
+ "\x0f\x3a\xf0\x7a\x9a\x31\xa9\xc6\x84\xdb\x20\x7e\xb0\xef\x8e\x4e"
+ "\x35\x90\x7a\xa6\x32\xc3\xff\xdf\x86\x8b\xb7\xb2\x9d\x3d\x46\xad"
+ "\x83\xce\x9f\x9a\x10\x2e\xe9\x9d\x49\xa5\x3e\x87\xf4\xc3\xda\x55"
+};
+
+/**
+ * Test F.2.1 of NIST SP 800-38A 2001
+ */
+crypter_test_vector_t aes_cbc4 = {
+ .alg = ENCR_AES_CBC, .key_size = 16, .len = 64,
+ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .plain = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .cipher = "\x76\x49\xab\xac\x81\x19\xb2\x46\xce\xe9\x8e\x9b\x12\xe9\x19\x7d"
+ "\x50\x86\xcb\x9b\x50\x72\x19\xee\x95\xdb\x11\x3a\x91\x76\x78\xb2"
+ "\x73\xbe\xd6\xb8\xe3\xc1\x74\x3b\x71\x16\xe6\x9e\x22\x22\x95\x16"
+ "\x3f\xf1\xca\xa1\x68\x1f\xac\x09\x12\x0e\xca\x30\x75\x86\xe1\xa7"
+};
+
+/**
+ * Test F.2.3 of NIST SP 800-38A 2001
+ */
+crypter_test_vector_t aes_cbc5 = {
+ .alg = ENCR_AES_CBC, .key_size = 24, .len = 64,
+ .key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
+ "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .plain = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .cipher = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d\x71\x78\x18\x3a\x9f\xa0\x71\xe8"
+ "\xb4\xd9\xad\xa9\xad\x7d\xed\xf4\xe5\xe7\x38\x76\x3f\x69\x14\x5a"
+ "\x57\x1b\x24\x20\x12\xfb\x7a\xe0\x7f\xa9\xba\xac\x3d\xf1\x02\xe0"
+ "\x08\xb0\xe2\x79\x88\x59\x88\x81\xd9\x20\xa9\xe6\x4f\x56\x15\xcd"
+};
+
+/**
+ * Test F.2.5 of NIST SP 800-38A 2001
+ */
+crypter_test_vector_t aes_cbc6 = {
+ .alg = ENCR_AES_CBC, .key_size = 32, .len = 64,
+ .key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe\x2b\x73\xae\xf0\x85\x7d\x77\x81"
+ "\x1f\x35\x2c\x07\x3b\x61\x08\xd7\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .plain = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .cipher = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6"
+ "\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d\x67\x9f\x77\x7b\xc6\x70\x2c\x7d"
+ "\x39\xf2\x33\x69\xa9\xd9\xba\xcf\xa5\x30\xe2\x63\x04\x23\x14\x61"
+ "\xb2\xeb\x05\xe2\xc3\x9b\xe9\xfc\xda\x6c\x19\x07\x8c\x6a\x9d\x1b"
+};
+
+
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_xcbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_xcbc.c
new file mode 100644
index 000000000..56d12f036
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_xcbc.c
@@ -0,0 +1,129 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * RFC 3566 Test Case #1: AES-XCBC-MAC-96 with 0-byte input
+ */
+signer_test_vector_t aes_xcbc_s1 = {
+ .alg = AUTH_AES_XCBC_96, .len = 0,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .data = "",
+ .mac = "\x75\xf0\x25\x1d\x52\x8a\xc0\x1c\x45\x73\xdf\xd5"
+};
+
+prf_test_vector_t aes_xcbc_p1 = {
+ .alg = PRF_AES128_XCBC, .key_size = 16, .len = 0,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .seed = "",
+ .out = "\x75\xf0\x25\x1d\x52\x8a\xc0\x1c\x45\x73\xdf\xd5\x84\xd7\x9f\x29"
+};
+
+/**
+ * RFC 3566 Test Case #2: AES-XCBC-MAC-96 with 3-byte input
+ */
+signer_test_vector_t aes_xcbc_s2 = {
+ .alg = AUTH_AES_XCBC_96, .len = 3,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .data = "\x00\x01\x02",
+ .mac = "\x5b\x37\x65\x80\xae\x2f\x19\xaf\xe7\x21\x9c\xee"
+};
+
+prf_test_vector_t aes_xcbc_p2 = {
+ .alg = PRF_AES128_XCBC, .key_size = 16, .len = 3,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .seed = "\x00\x01\x02",
+ .out = "\x5b\x37\x65\x80\xae\x2f\x19\xaf\xe7\x21\x9c\xee\xf1\x72\x75\x6f"
+};
+
+/**
+ * RFC 3566 Test Case #3: AES-XCBC-MAC-96 with 16-byte input
+ */
+signer_test_vector_t aes_xcbc_s3 = {
+ .alg = AUTH_AES_XCBC_96, .len = 16,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .data = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .mac = "\xd2\xa2\x46\xfa\x34\x9b\x68\xa7\x99\x98\xa4\x39"
+};
+
+prf_test_vector_t aes_xcbc_p3 = {
+ .alg = PRF_AES128_XCBC, .key_size = 16, .len = 16,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .out = "\xd2\xa2\x46\xfa\x34\x9b\x68\xa7\x99\x98\xa4\x39\x4f\xf7\xa2\x63"
+};
+
+/**
+ * RFC 3566 Test Case #4: AES-XCBC-MAC-96 with 20-byte input
+ */
+signer_test_vector_t aes_xcbc_s4 = {
+ .alg = AUTH_AES_XCBC_96, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .data = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .mac = "\x47\xf5\x1b\x45\x64\x96\x62\x15\xb8\x98\x5c\x63"
+};
+
+prf_test_vector_t aes_xcbc_p4 = {
+ .alg = PRF_AES128_XCBC, .key_size = 16, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .out = "\x47\xf5\x1b\x45\x64\x96\x62\x15\xb8\x98\x5c\x63\x05\x5e\xd3\x08"
+};
+
+/**
+ * RFC 3566 Test Case #5: AES-XCBC-MAC-96 with 32-byte input
+ */
+signer_test_vector_t aes_xcbc_s5 = {
+ .alg = AUTH_AES_XCBC_96, .len = 32,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .data = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .mac = "\xf5\x4f\x0e\xc8\xd2\xb9\xf3\xd3\x68\x07\x73\x4b"
+};
+
+prf_test_vector_t aes_xcbc_p5 = {
+ .alg = PRF_AES128_XCBC, .key_size = 16, .len = 32,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .out = "\xf5\x4f\x0e\xc8\xd2\xb9\xf3\xd3\x68\x07\x73\x4b\xd5\x28\x3f\xd4"
+};
+
+/**
+ * RFC4434 Test Case: AES-XCBC-PRF-128 with 20-byte input, 10 byte key
+ */
+prf_test_vector_t aes_xcbc_p6 = {
+ .alg = PRF_AES128_XCBC, .key_size = 10, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09",
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .out = "\x0f\xa0\x87\xaf\x7d\x86\x6e\x76\x53\x43\x4e\x60\x2f\xdd\xe8\x35"
+};
+
+/**
+ * RFC4434 Test Case: AES-XCBC-PRF-128 with 20-byte input, 18 byte key
+ */
+prf_test_vector_t aes_xcbc_p7 = {
+ .alg = PRF_AES128_XCBC, .key_size = 18, .len = 20,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\xed\xcb",
+ .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13",
+ .out = "\x8c\xd3\xc9\x3a\xe5\x98\xa9\x80\x30\x06\xff\xb6\x7c\x40\xe9\xe4"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c b/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c
new file mode 100644
index 000000000..63bbb1261
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/blowfish.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Copyright (C) 2009 Andreas Steffen
+ * Copyright (C) JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar>
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * Test vector by Eric Young
+ */
+crypter_test_vector_t blowfish1 = {
+ .alg = ENCR_BLOWFISH, .key_size = 16, .len = 32,
+ .key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF\xF0\xE1\xD2\xC3\xB4\xA5\x96\x87",
+ .iv = "\xFE\xDC\xBA\x98\x76\x54\x32\x10",
+ .plain = "7654321 Now is the time for \0\0\0\0",
+ .cipher = "\x6B\x77\xB4\xD6\x30\x06\xDE\xE6\x05\xB1\x56\xE2\x74\x03\x97\x93"
+ "\x58\xDE\xB9\xE7\x15\x46\x16\xD9\x59\xF1\x65\x2B\xD5\xFF\x92\xCC"
+};
+
+/**
+ * Test vector by Chilkat Software
+ * (www.chilkatsoft.com/p/php_blowfish.asp)
+ */
+crypter_test_vector_t blowfish2 = {
+ .alg = ENCR_BLOWFISH, .key_size = 32, .len = 48,
+ .key = "\x31\x32\x33\x34\x35\x36\x37\x38\x39\x30\x31\x32\x33\x34\x35\x36"
+ "\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50",
+ .iv = "\x31\x32\x33\x34\x35\x36\x37\x38",
+ .plain = "The quick brown fox jumped over the lazy dog\0\0\0\0",
+ .cipher = "\x27\x68\x55\xca\x6c\x0d\x60\xf7\xd9\x70\x82\x10\x44\x0c\x10\x72"
+ "\xe0\x5d\x07\x8e\x73\x3b\x34\xb4\x19\x8d\x60\x9d\xc2\xfc\xc2\xf0"
+ "\xc3\x09\x26\xcd\xef\x3b\x6d\x52\xba\xf6\xe3\x45\xaa\x03\xf8\x3e"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c
new file mode 100644
index 000000000..28c038878
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/camellia_cbc.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * All testvectors from https://www.cosic.esat.kuleuven.be/nessie/testvectors/
+ */
+
+/**
+ * Camellia 128 bit: set 8, vector #0
+ */
+crypter_test_vector_t camellia_cbc1 = {
+ .alg = ENCR_CAMELLIA_CBC, .key_size = 16, .len = 16,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x41\x0E\x33\xF3\x16\xDF\x4A\x72\xAA\x2B\xCD\x41\x14\xE2\x31\x4D",
+ .cipher = "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
+};
+
+/**
+ * Camellia 128 bit: set 8, vector #1
+ */
+crypter_test_vector_t camellia_cbc2 = {
+ .alg = ENCR_CAMELLIA_CBC, .key_size = 16, .len = 16,
+ .key = "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00\x95\x2C\x49\x10\x48\x81\xFF\x48",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x78\x35\x78\x66\xFD\x8B\x2C\xAE\xD4\xD1\xBB\xA3\xCF\xD5\x34\x0A",
+ .cipher = "\xEA\x02\x47\x14\xAD\x5C\x4D\x84\xEA\x02\x47\x14\xAD\x5C\x4D\x84"
+};
+
+/**
+ * Camellia 192 bit: set 8, vector #0
+ */
+crypter_test_vector_t camellia_cbc3 = {
+ .alg = ENCR_CAMELLIA_CBC, .key_size = 24, .len = 16,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
+ "\x10\x11\x12\x13\x14\x15\x16\x17",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x94\x1A\xC6\x45\x3C\x3F\x48\xA1\x69\xC2\xF4\xFE\x2B\xBE\x55\x32",
+ .cipher = "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
+};
+
+/**
+ * Camellia 192 bit: set 8, vector #1
+ */
+crypter_test_vector_t camellia_cbc4 = {
+ .alg = ENCR_CAMELLIA_CBC, .key_size = 24, .len = 16,
+ .key = "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00\x95\x2C\x49\x10\x48\x81\xFF\x48"
+ "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x29\x2C\x5B\xBF\xD7\x72\xAD\x27\x95\x09\x12\x0F\x3F\x0A\xCD\x48",
+ .cipher = "\xEA\x02\x47\x14\xAD\x5C\x4D\x84\xEA\x02\x47\x14\xAD\x5C\x4D\x84"
+};
+
+/**
+ * Camellia 256 bit: set 8, vector #0
+ */
+crypter_test_vector_t camellia_cbc5 = {
+ .alg = ENCR_CAMELLIA_CBC, .key_size = 32, .len = 16,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x06\x36\x9B\x36\x08\xAE\x43\xCA\x79\xC8\x8B\xCF\x49\x7F\x67\x71",
+ .cipher = "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
+};
+
+/**
+ * Camellia 256 bit: set 8, vector #1
+ */
+crypter_test_vector_t camellia_cbc6 = {
+ .alg = ENCR_CAMELLIA_CBC, .key_size = 32, .len = 16,
+ .key = "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00\x95\x2C\x49\x10\x48\x81\xFF\x48"
+ "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00\x95\x2C\x49\x10\x48\x81\xFF\x48",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\xE6\x84\x42\x17\x16\xFC\x0B\x01\xAE\xB5\xC6\x76\x51\x20\xF9\x5F",
+ .cipher = "\xEA\x02\x47\x14\xAD\x5C\x4D\x84\xEA\x02\x47\x14\xAD\x5C\x4D\x84"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/cast.c b/src/libstrongswan/plugins/test_vectors/test_vectors/cast.c
new file mode 100644
index 000000000..a33a219ed
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/cast.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * Test from RFC 2144
+ */
+crypter_test_vector_t cast1 = {
+ .alg = ENCR_CAST, .key_size = 16, .len = 8,
+ .key = "\x01\x23\x45\x67\x12\x34\x56\x78\x23\x45\x67\x89\x34\x56\x78\x9A",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x01\x23\x45\x67\x89\xAB\xCD\xEF",
+ .cipher = "\x23\x8B\x4F\xE5\x84\x7E\x44\xB2"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/des.c b/src/libstrongswan/plugins/test_vectors/test_vectors/des.c
new file mode 100644
index 000000000..80b5f1010
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/des.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * All testvectors from https://www.cosic.esat.kuleuven.be/nessie/testvectors/
+ */
+
+/**
+ * DES 56 bit: set 8, vector #0
+ */
+crypter_test_vector_t des_ecb1 = {
+ .alg = ENCR_DES_ECB, .key_size = 8, .len = 8,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x41\xAD\x06\x85\x48\x80\x9D\x02",
+ .cipher = "\x00\x11\x22\x33\x44\x55\x66\x77"
+};
+
+/**
+ * DES 56 bit: set 8, vector #1
+ */
+crypter_test_vector_t des_ecb2 = {
+ .alg = ENCR_DES_ECB, .key_size = 8, .len = 8,
+ .key = "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\xB1\x0F\x84\x30\x97\xA0\xF9\x32",
+ .cipher = "\xEA\x02\x47\x14\xAD\x5C\x4D\x84"
+};
+
+/**
+ * DES 56 bit: set 8, vector #0
+ */
+crypter_test_vector_t des_cbc1 = {
+ .alg = ENCR_DES, .key_size = 8, .len = 8,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x41\xAD\x06\x85\x48\x80\x9D\x02",
+ .cipher = "\x00\x11\x22\x33\x44\x55\x66\x77"
+};
+
+/**
+ * DES 56 bit: set 8, vector #1
+ */
+crypter_test_vector_t des_cbc2 = {
+ .alg = ENCR_DES, .key_size = 8, .len = 8,
+ .key = "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\xB1\x0F\x84\x30\x97\xA0\xF9\x32",
+ .cipher = "\xEA\x02\x47\x14\xAD\x5C\x4D\x84"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/fips_prf.c b/src/libstrongswan/plugins/test_vectors/test_vectors/fips_prf.c
new file mode 100644
index 000000000..74e000419
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/fips_prf.c
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * FIPS PRF known value test
+ */
+prf_test_vector_t fips_prf_1 = {
+ .alg = PRF_FIPS_SHA1_160, .stateful = TRUE, .key_size = 20, .len = 1,
+ .key = "\xbd\x02\x9b\xbe\x7f\x51\x96\x0b\xcf\x9e\xdb\x2b\x61\xf0\x6f\x0f"
+ "\xeb\x5a\x38\xb6",
+ .seed = "\x00",
+ .out = "\x20\x70\xb3\x22\x3d\xba\x37\x2f\xde\x1c\x0f\xfc\x7b\x2e\x3b\x49"
+ "\x8b\x26\x06\x14\x3c\x6c\x18\xba\xcb\x0f\x6c\x55\xba\xbb\x13\x78"
+ "\x8e\x20\xd7\x37\xa3\x27\x51\x16"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/idea.c b/src/libstrongswan/plugins/test_vectors/test_vectors/idea.c
new file mode 100644
index 000000000..4856a480f
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/idea.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * All testvectors from https://www.cosic.esat.kuleuven.be/nessie/testvectors/
+ */
+
+/**
+ * IDEA 128 bit: set 8, vector #0
+ */
+crypter_test_vector_t idea1 = {
+ .alg = ENCR_IDEA, .key_size = 16, .len = 8,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\xDB\x2D\x4A\x92\xAA\x68\x27\x3F",
+ .cipher = "\x00\x11\x22\x33\x44\x55\x66\x77"
+};
+
+/**
+ * IDEA 128 bit: set 8, vector #1
+ */
+crypter_test_vector_t idea2 = {
+ .alg = ENCR_IDEA, .key_size = 16, .len = 8,
+ .key = "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00\x95\x2C\x49\x10\x48\x81\xFF\x48",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\xF1\x29\xA6\x60\x1E\xF6\x2A\x47",
+ .cipher = "\xEA\x02\x47\x14\xAD\x5C\x4D\x84"
+};
+
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c b/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c
new file mode 100644
index 000000000..3348e12d3
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/md2.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * MD2 vectors from RFC 1319
+ */
+hasher_test_vector_t md2_1 = {
+ .alg = HASH_MD2, .len = 0,
+ .data = "",
+ .hash = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69\x27\x73"
+};
+
+hasher_test_vector_t md2_2 = {
+ .alg = HASH_MD2, .len = 1,
+ .data = "a",
+ .hash = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0\xb5\xd1"
+};
+
+hasher_test_vector_t md2_3 = {
+ .alg = HASH_MD2, .len = 3,
+ .data = "abc",
+ .hash = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde\xd6\xbb"
+};
+
+hasher_test_vector_t md2_4 = {
+ .alg = HASH_MD2, .len = 14,
+ .data = "message digest",
+ .hash = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe\x06\xb0"
+};
+
+hasher_test_vector_t md2_5 = {
+ .alg = HASH_MD2, .len = 26,
+ .data = "abcdefghijklmnopqrstuvwxyz",
+ .hash = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47\x94\x0b"
+};
+
+hasher_test_vector_t md2_6 = {
+ .alg = HASH_MD2, .len = 62,
+ .data = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+ .hash = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03\x38\xcd"
+};
+
+hasher_test_vector_t md2_7 = {
+ .alg = HASH_MD2, .len = 80,
+ .data = "1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890",
+ .hash = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3\xef\xd8"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/md4.c b/src/libstrongswan/plugins/test_vectors/test_vectors/md4.c
new file mode 100644
index 000000000..ef9406f5f
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/md4.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * MD4 vectors from RFC 1320
+ */
+hasher_test_vector_t md4_1 = {
+ .alg = HASH_MD4, .len = 0,
+ .data = "",
+ .hash = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89\xc0"
+};
+
+hasher_test_vector_t md4_2 = {
+ .alg = HASH_MD4, .len = 1,
+ .data = "a",
+ .hash = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb\x24"
+};
+
+hasher_test_vector_t md4_3 = {
+ .alg = HASH_MD4, .len = 3,
+ .data = "abc",
+ .hash = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72\x9d"
+};
+
+hasher_test_vector_t md4_4 = {
+ .alg = HASH_MD4, .len = 14,
+ .data = "message digest",
+ .hash = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01\x4b"
+};
+
+hasher_test_vector_t md4_5 = {
+ .alg = HASH_MD4, .len = 26,
+ .data = "abcdefghijklmnopqrstuvwxyz",
+ .hash = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d\xa9"
+};
+
+hasher_test_vector_t md4_6 = {
+ .alg = HASH_MD4, .len = 62,
+ .data = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+ .hash = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0\xe4"
+};
+
+hasher_test_vector_t md4_7 = {
+ .alg = HASH_MD4, .len = 80,
+ .data = "1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890",
+ .hash = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05\x36"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/md5.c b/src/libstrongswan/plugins/test_vectors/test_vectors/md5.c
new file mode 100644
index 000000000..c7b213674
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/md5.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * MD5 vectors from RFC1321
+ */
+hasher_test_vector_t md5_1 = {
+ .alg = HASH_MD5, .len = 0,
+ .data = "",
+ .hash = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e"
+};
+
+hasher_test_vector_t md5_2 = {
+ .alg = HASH_MD5, .len = 1,
+ .data = "a",
+ .hash = "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8\x31\xc3\x99\xe2\x69\x77\x26\x61"
+};
+
+hasher_test_vector_t md5_3 = {
+ .alg = HASH_MD5, .len = 3,
+ .data = "abc",
+ .hash = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"
+};
+
+hasher_test_vector_t md5_4 = {
+ .alg = HASH_MD5, .len = 14,
+ .data = "message digest",
+ .hash = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"
+};
+
+hasher_test_vector_t md5_5 = {
+ .alg = HASH_MD5, .len = 26,
+ .data = "abcdefghijklmnopqrstuvwxyz",
+ .hash = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1\x3b"
+};
+
+hasher_test_vector_t md5_6 = {
+ .alg = HASH_MD5, .len = 62,
+ .data = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+ .hash = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f"
+};
+
+hasher_test_vector_t md5_7 = {
+ .alg = HASH_MD5, .len = 80,
+ .data = "1234567890123456789012345678901234567890"
+ "1234567890123456789012345678901234567890",
+ .hash = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6\x7a"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/md5_hmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/md5_hmac.c
new file mode 100644
index 000000000..5221d530c
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/md5_hmac.c
@@ -0,0 +1,112 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * MD5 hmac test vectors from RFC2202
+ */
+signer_test_vector_t md5_hmac_s1 = {
+ .alg = AUTH_HMAC_MD5_96, .len = 8,
+ .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+ .data = "Hi There",
+ .mac = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8"
+};
+
+signer_test_vector_t md5_hmac_s2 = {
+ .alg = AUTH_HMAC_MD5_128, .len = 8,
+ .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+ .data = "Hi There",
+ .mac = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d"
+};
+
+prf_test_vector_t md5_hmac_p1 = {
+ .alg = PRF_HMAC_MD5, .key_size = 16, .len = 8,
+ .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+ .seed = "Hi There",
+ .out = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d"
+};
+
+prf_test_vector_t md5_hmac_p2 = {
+ .alg = PRF_HMAC_MD5, .key_size = 4, .len = 28,
+ .key = "Jefe",
+ .seed = "what do ya want for nothing?",
+ .out = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7\x38"
+};
+
+signer_test_vector_t md5_hmac_s3 = {
+ .alg = AUTH_HMAC_MD5_96, .len = 50,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+ .data = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ .mac = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33"
+};
+
+signer_test_vector_t md5_hmac_s4 = {
+ .alg = AUTH_HMAC_MD5_128, .len = 50,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+ .data = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ .mac = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3\xf6"
+};
+
+prf_test_vector_t md5_hmac_p3 = {
+ .alg = PRF_HMAC_MD5, .key_size = 16, .len = 50,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+ .seed = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ .out = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3\xf6"
+};
+
+prf_test_vector_t md5_hmac_p4 = {
+ .alg = PRF_HMAC_MD5, .key_size = 25, .len = 50,
+ .key = "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18\x19",
+ .seed = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd",
+ .out = "\x69\x7e\xaf\x0a\xca\x3a\x3a\xea\x3a\x75\x16\x47\x46\xff\xaa\x79"
+};
+
+prf_test_vector_t md5_hmac_p5 = {
+ .alg = PRF_HMAC_MD5, .key_size = 80, .len = 54,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+ .seed = "Test Using Larger Than Block-Size Key - Hash Key First",
+ .out = "\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0\xcd"
+};
+
+prf_test_vector_t md5_hmac_p6 = {
+ .alg = PRF_HMAC_MD5, .key_size = 80, .len = 73,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+ .seed = "Test Using Larger Than Block-Size Key and Larger "
+ "Than One Block-Size Data",
+ .out = "\x6f\x63\x0f\xad\x67\xcd\xa0\xee\x1f\xb1\xf5\x62\xdb\x3a\xa5\x3e"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/null.c b/src/libstrongswan/plugins/test_vectors/test_vectors/null.c
new file mode 100644
index 000000000..c4f5d41b3
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/null.c
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+crypter_test_vector_t null1 = {
+ .alg = ENCR_NULL, .key_size = 0, .len = 44,
+ .key = "",
+ .iv = "",
+ .plain = "The quick brown fox jumped over the lazy dog",
+ .cipher = "The quick brown fox jumped over the lazy dog"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c b/src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c
new file mode 100644
index 000000000..458f63aa9
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/rc5.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * All testvectors from https://www.cosic.esat.kuleuven.be/nessie/testvectors/
+ */
+
+/**
+ * RC5 128 bit: set 8, vector #0
+ */
+crypter_test_vector_t rc5_1 = {
+ .alg = ENCR_RC5, .key_size = 16, .len = 8,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x96\x95\x0D\xDA\x65\x4A\x3D\x62",
+ .cipher = "\x00\x11\x22\x33\x44\x55\x66\x77"
+};
+
+/**
+ * RC5 128 bit: set 8, vector #1
+ */
+crypter_test_vector_t rc5_2 = {
+ .alg = ENCR_RC5, .key_size = 16, .len = 8,
+ .key = "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00\x95\x2C\x49\x10\x48\x81\xFF\x48",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x63\x8B\x3A\x5E\xF7\x2B\x66\x3F",
+ .cipher = "\xEA\x02\x47\x14\xAD\x5C\x4D\x84"
+};
+
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c
new file mode 100644
index 000000000..8502df7ad
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/rng.c
@@ -0,0 +1,236 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+#include <debug.h>
+
+/**
+ * Monobit test
+ */
+typedef struct {
+ int lower;
+ int upper;
+} monobit_t;
+
+monobit_t monobit_all = {
+ .lower = 9654,
+ .upper = 10346
+};
+
+static bool test_monobit(monobit_t *param, chunk_t data)
+{
+ int i, j, bits = 0;
+
+ for (i = 0; i < data.len; i++)
+ {
+ for (j = 0; j < 8; j++)
+ {
+ if (data.ptr[i] & (1<<j))
+ {
+ bits++;
+ }
+ }
+ }
+ DBG2(" Monobit: %d/%d bits set", bits, data.len * 8);
+ if (bits > param->lower && bits < param->upper)
+ {
+ return TRUE;
+ }
+ return FALSE;
+}
+
+rng_test_vector_t rng_monobit_1 = {
+ RNG_WEAK, .len = 2500,
+ .test = (void*)test_monobit,
+ .user = &monobit_all
+};
+
+rng_test_vector_t rng_monobit_2 = {
+ RNG_STRONG, .len = 2500,
+ .test = (void*)test_monobit,
+ .user = &monobit_all
+};
+
+rng_test_vector_t rng_monobit_3 = {
+ RNG_TRUE, .len = 2500,
+ .test = (void*)test_monobit,
+ .user = &monobit_all
+};
+
+/**
+ * Poker test
+ */
+typedef struct {
+ double lower;
+ double upper;
+} poker_t;
+
+poker_t poker_all = {
+ .lower = 1.03,
+ .upper = 57.4
+};
+
+static bool test_poker(poker_t *param, chunk_t data)
+{
+ int i, counter[16];
+ double sum = 0.0;
+
+ memset(counter, 0, sizeof(counter));
+
+ for (i = 0; i < data.len; i++)
+ {
+ counter[data.ptr[i] & 0x0F]++;
+ counter[(data.ptr[i] & 0xF0) >> 4]++;
+ }
+
+ for (i = 0; i < countof(counter); i++)
+ {
+ sum += (counter[i] * counter[i]) / 5000.0 * 16.0;
+ }
+ sum -= 5000.0;
+ DBG2(" Poker: %f", sum);
+ if (sum > param->lower && sum < param->upper)
+ {
+ return TRUE;
+ }
+ return FALSE;
+}
+
+rng_test_vector_t rng_poker_1 = {
+ RNG_WEAK, .len = 2500,
+ .test = (void*)test_poker,
+ .user = &poker_all
+};
+
+rng_test_vector_t rng_poker_2 = {
+ RNG_STRONG, .len = 2500,
+ .test = (void*)test_poker,
+ .user = &poker_all
+};
+
+rng_test_vector_t rng_poker_3 = {
+ RNG_TRUE, .len = 2500,
+ .test = (void*)test_poker,
+ .user = &poker_all
+};
+
+/**
+ * Runs test
+ */
+typedef struct {
+ int longrun;
+ int lower[7];
+ int upper[7];
+} runs_t;
+
+runs_t runs_all = {
+ .longrun = 34,
+ .lower = {-1, 2267, 1079, 502, 223, 90, 90},
+ .upper = {-1, 2733, 1421, 748, 402, 223, 223},
+};
+
+static bool test_runs(runs_t *param, chunk_t data)
+{
+ int i, j, zero_runs[7], one_runs[7], zero = 0, one = 0, longrun = 0;
+
+ memset(one_runs, 0, sizeof(zero_runs));
+ memset(zero_runs, 0, sizeof(one_runs));
+
+ for (i = 0; i < data.len; i++)
+ {
+ for (j = 0; j < 8; j++)
+ {
+ if (data.ptr[i] & (1<<j))
+ {
+ if (one)
+ {
+ if (++one >= param->longrun)
+ {
+ longrun++;
+ break;
+ }
+ }
+ else
+ {
+ zero_runs[min(6, zero)]++;
+ zero = 0;
+ one = 1;
+ }
+ }
+ else
+ {
+ if (zero)
+ {
+ if (++zero >= param->longrun)
+ {
+ longrun++;
+ break;
+ }
+ }
+ else
+ {
+ one_runs[min(6, one)]++;
+ one = 0;
+ zero = 1;
+ }
+ }
+ }
+ }
+
+ DBG2(" Runs: zero: %d/%d/%d/%d/%d/%d, one: %d/%d/%d/%d/%d/%d, "
+ "longruns: %d",
+ zero_runs[1], zero_runs[2], zero_runs[3],
+ zero_runs[4], zero_runs[5], zero_runs[6],
+ one_runs[1], one_runs[2], one_runs[3],
+ one_runs[4], one_runs[5], one_runs[6],
+ longrun);
+
+ if (longrun)
+ {
+ return FALSE;
+ }
+
+ for (i = 1; i < countof(zero_runs); i++)
+ {
+ if (zero_runs[i] <= param->lower[i] ||
+ zero_runs[i] >= param->upper[i] ||
+ one_runs[i] <= param->lower[i] ||
+ one_runs[i] >= param->upper[i])
+ {
+ return FALSE;
+ }
+ }
+ return TRUE;
+}
+
+rng_test_vector_t rng_runs_1 = {
+ RNG_WEAK, .len = 2500,
+ .test = (void*)test_runs,
+ .user = &runs_all
+};
+
+rng_test_vector_t rng_runs_2 = {
+ RNG_STRONG, .len = 2500,
+ .test = (void*)test_runs,
+ .user = &runs_all
+};
+
+rng_test_vector_t rng_runs_3 = {
+ RNG_TRUE, .len = 2500,
+ .test = (void*)test_runs,
+ .user = &runs_all
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c
new file mode 100644
index 000000000..256a59603
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/serpent_cbc.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * All testvectors from https://www.cosic.esat.kuleuven.be/nessie/testvectors/
+ */
+
+/**
+ * Serpent 128 bit: set 8, vector #0
+ */
+crypter_test_vector_t serpent_cbc1 = {
+ .alg = ENCR_SERPENT_CBC, .key_size = 16, .len = 16,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x33\xB3\xDC\x87\xED\xDD\x9B\x0F\x6A\x1F\x40\x7D\x14\x91\x93\x65",
+ .cipher = "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
+};
+
+/**
+ * Serpent 128 bit: set 8, vector #1
+ */
+crypter_test_vector_t serpent_cbc2 = {
+ .alg = ENCR_SERPENT_CBC, .key_size = 16, .len = 16,
+ .key = "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00\x95\x2C\x49\x10\x48\x81\xFF\x48",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\xBE\xB6\xC0\x69\x39\x38\x22\xD3\xBE\x73\xFF\x30\x52\x5E\xC4\x3E",
+ .cipher = "\xEA\x02\x47\x14\xAD\x5C\x4D\x84\xEA\x02\x47\x14\xAD\x5C\x4D\x84"
+};
+
+/**
+ * Serpent 192 bit: set 8, vector #0
+ */
+crypter_test_vector_t serpent_cbc3 = {
+ .alg = ENCR_SERPENT_CBC, .key_size = 24, .len = 16,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
+ "\x10\x11\x12\x13\x14\x15\x16\x17",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x45\x28\xCA\xCC\xB9\x54\xD4\x50\x65\x5E\x8C\xFD\x71\xCB\xFA\xC7",
+ .cipher = "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
+};
+
+/**
+ * Serpent 192 bit: set 8, vector #1
+ */
+crypter_test_vector_t serpent_cbc4 = {
+ .alg = ENCR_SERPENT_CBC, .key_size = 24, .len = 16,
+ .key = "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00\x95\x2C\x49\x10\x48\x81\xFF\x48"
+ "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\xE0\x20\x8B\xE2\x78\xE2\x14\x20\xC4\xB1\xB9\x74\x77\x88\xA9\x54",
+ .cipher = "\xEA\x02\x47\x14\xAD\x5C\x4D\x84\xEA\x02\x47\x14\xAD\x5C\x4D\x84"
+};
+
+/**
+ * Serpent 256 bit: set 8, vector #0
+ */
+crypter_test_vector_t serpent_cbc5 = {
+ .alg = ENCR_SERPENT_CBC, .key_size = 32, .len = 16,
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
+ "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x3D\xA4\x6F\xFA\x6F\x4D\x6F\x30\xCD\x25\x83\x33\xE5\xA6\x13\x69",
+ .cipher = "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xAA\xBB\xCC\xDD\xEE\xFF"
+};
+
+/**
+ * Serpent 256 bit: set 8, vector #1
+ */
+crypter_test_vector_t serpent_cbc6 = {
+ .alg = ENCR_SERPENT_CBC, .key_size = 32, .len = 16,
+ .key = "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00\x95\x2C\x49\x10\x48\x81\xFF\x48"
+ "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00\x95\x2C\x49\x10\x48\x81\xFF\x48",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x67\x7C\x8D\xFA\xA0\x80\x71\x74\x3F\xD2\xB4\x15\xD1\xB2\x8A\xF2",
+ .cipher = "\xEA\x02\x47\x14\xAD\x5C\x4D\x84\xEA\x02\x47\x14\xAD\x5C\x4D\x84"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha1.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha1.c
new file mode 100644
index 000000000..51f22716e
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha1.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * SHA-1 test vectors from "The Secure Hash Algorithm Validation System (SHAVS)"
+ */
+hasher_test_vector_t sha1_1 = {
+ .alg = HASH_SHA1, .len = 1,
+ .data = "\x5e",
+ .hash = "\x5e\x6f\x80\xa3\x4a\x97\x98\xca\xfc\x6a\x5d\xb9\x6c\xc5\x7b\xa4"
+ "\xc4\xdb\x59\xc2"
+};
+
+hasher_test_vector_t sha1_2 = {
+ .alg = HASH_SHA1, .len = 16,
+ .data = "\x9a\x7d\xfd\xf1\xec\xea\xd0\x6e\xd6\x46\xaa\x55\xfe\x75\x71\x46",
+ .hash = "\x82\xab\xff\x66\x05\xdb\xe1\xc1\x7d\xef\x12\xa3\x94\xfa\x22\xa8"
+ "\x2b\x54\x4a\x35"
+};
+
+hasher_test_vector_t sha1_3 = {
+ .alg = HASH_SHA1, .len = 163,
+ .data = "\xf7\x8f\x92\x14\x1b\xcd\x17\x0a\xe8\x9b\x4f\xba\x15\xa1\xd5\x9f"
+ "\x3f\xd8\x4d\x22\x3c\x92\x51\xbd\xac\xbb\xae\x61\xd0\x5e\xd1\x15"
+ "\xa0\x6a\x7c\xe1\x17\xb7\xbe\xea\xd2\x44\x21\xde\xd9\xc3\x25\x92"
+ "\xbd\x57\xed\xea\xe3\x9c\x39\xfa\x1f\xe8\x94\x6a\x84\xd0\xcf\x1f"
+ "\x7b\xee\xad\x17\x13\xe2\xe0\x95\x98\x97\x34\x7f\x67\xc8\x0b\x04"
+ "\x00\xc2\x09\x81\x5d\x6b\x10\xa6\x83\x83\x6f\xd5\x56\x2a\x56\xca"
+ "\xb1\xa2\x8e\x81\xb6\x57\x66\x54\x63\x1c\xf1\x65\x66\xb8\x6e\x3b"
+ "\x33\xa1\x08\xb0\x53\x07\xc0\x0a\xff\x14\xa7\x68\xed\x73\x50\x60"
+ "\x6a\x0f\x85\xe6\xa9\x1d\x39\x6f\x5b\x5c\xbe\x57\x7f\x9b\x38\x80"
+ "\x7c\x7d\x52\x3d\x6d\x79\x2f\x6e\xbc\x24\xa4\xec\xf2\xb3\xa4\x27"
+ "\xcd\xbb\xfb",
+ .hash = "\xcb\x00\x82\xc8\xf1\x97\xd2\x60\x99\x1b\xa6\xa4\x60\xe7\x6e\x20"
+ "\x2b\xad\x27\xb3"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha1_hmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha1_hmac.c
new file mode 100644
index 000000000..8d6f66373
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha1_hmac.c
@@ -0,0 +1,146 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * SHA1 hmac test vectors from RFC2202
+ */
+signer_test_vector_t sha1_hmac_s1 = {
+ .alg = AUTH_HMAC_SHA1_96, .len = 8,
+ .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b",
+ .data = "Hi There",
+ .mac = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6"
+};
+
+signer_test_vector_t sha1_hmac_s2 = {
+ .alg = AUTH_HMAC_SHA1_128, .len = 8,
+ .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b",
+ .data = "Hi There",
+ .mac = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e"
+};
+
+signer_test_vector_t sha1_hmac_s3 = {
+ .alg = AUTH_HMAC_SHA1_160, .len = 8,
+ .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b",
+ .data = "Hi There",
+ .mac = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e"
+ "\xf1\x46\xbe\x00"
+};
+
+prf_test_vector_t sha1_hmac_p1 = {
+ .alg = PRF_HMAC_SHA1, .key_size = 20, .len = 8,
+ .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b",
+ .seed = "Hi There",
+ .out = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e"
+ "\xf1\x46\xbe\x00"
+};
+
+prf_test_vector_t sha1_hmac_p2 = {
+ .alg = PRF_HMAC_SHA1, .key_size = 4, .len = 28,
+ .key = "Jefe",
+ .seed = "what do ya want for nothing?",
+ .out = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf\x9c"
+ "\x25\x9a\x7c\x79"
+};
+
+signer_test_vector_t sha1_hmac_s4 = {
+ .alg = AUTH_HMAC_SHA1_96, .len = 50,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa",
+ .data = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ .mac = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4"
+ "\x63\xf1\x75\xd3"
+};
+
+signer_test_vector_t sha1_hmac_s5 = {
+ .alg = AUTH_HMAC_SHA1_128, .len = 50,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa",
+ .data = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ .mac = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f"
+};
+
+signer_test_vector_t sha1_hmac_s6 = {
+ .alg = AUTH_HMAC_SHA1_160, .len = 50,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa",
+ .data = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ .mac = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f"
+ "\x63\xf1\x75\xd3"
+};
+
+prf_test_vector_t sha1_hmac_p3 = {
+ .alg = PRF_HMAC_SHA1, .key_size = 20, .len = 50,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa",
+ .seed = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ .out = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b\x4f"
+ "\x63\xf1\x75\xd3"
+};
+
+prf_test_vector_t sha1_hmac_p4 = {
+ .alg = PRF_HMAC_SHA1, .key_size = 25, .len = 50,
+ .key = "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18\x19",
+ .seed = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd",
+ .out = "\x4c\x90\x07\xf4\x02\x62\x50\xc6\xbc\x84\x14\xf9\xbf\x50\xc8\x6c"
+ "\x2d\x72\x35\xda"
+};
+
+prf_test_vector_t sha1_hmac_p5 = {
+ .alg = PRF_HMAC_SHA1, .key_size = 80, .len = 54,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+ .seed = "Test Using Larger Than Block-Size Key - Hash Key First",
+ .out = "\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b\x55"
+ "\xed\x40\x21\x12"
+};
+
+prf_test_vector_t sha1_hmac_p6 = {
+ .alg = PRF_HMAC_SHA1, .key_size = 80, .len = 73,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+ .seed = "Test Using Larger Than Block-Size Key and Larger "
+ "Than One Block-Size Data",
+ .out = "\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b\xba\xa7\x96\x5c\x78\x08"
+ "\xbb\xff\x1a\x91"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha2.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha2.c
new file mode 100644
index 000000000..e2bd42240
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha2.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * SHA-256 vectors from "The Secure Hash Algorithm Validation System (SHAVS)"
+ */
+hasher_test_vector_t sha256_1 = {
+ .alg = HASH_SHA256, .len = 1,
+ .data = "\x19",
+ .hash = "\x68\xaa\x2e\x2e\xe5\xdf\xf9\x6e\x33\x55\xe6\xc7\xee\x37\x3e\x3d"
+ "\x6a\x4e\x17\xf7\x5f\x95\x18\xd8\x43\x70\x9c\x0c\x9b\xc3\xe3\xd4"
+};
+
+hasher_test_vector_t sha256_2 = {
+ .alg = HASH_SHA256, .len = 16,
+ .data = "\xe3\xd7\x25\x70\xdc\xdd\x78\x7c\xe3\x88\x7a\xb2\xcd\x68\x46\x52",
+ .hash = "\x17\x5e\xe6\x9b\x02\xba\x9b\x58\xe2\xb0\xa5\xfd\x13\x81\x9c\xea"
+ "\x57\x3f\x39\x40\xa9\x4f\x82\x51\x28\xcf\x42\x09\xbe\xab\xb4\xe8"
+};
+
+hasher_test_vector_t sha256_3 = {
+ .alg = HASH_SHA256, .len = 163,
+ .data = "\x83\x26\x75\x4e\x22\x77\x37\x2f\x4f\xc1\x2b\x20\x52\x7a\xfe\xf0"
+ "\x4d\x8a\x05\x69\x71\xb1\x1a\xd5\x71\x23\xa7\xc1\x37\x76\x00\x00"
+ "\xd7\xbe\xf6\xf3\xc1\xf7\xa9\x08\x3a\xa3\x9d\x81\x0d\xb3\x10\x77"
+ "\x7d\xab\x8b\x1e\x7f\x02\xb8\x4a\x26\xc7\x73\x32\x5f\x8b\x23\x74"
+ "\xde\x7a\x4b\x5a\x58\xcb\x5c\x5c\xf3\x5b\xce\xe6\xfb\x94\x6e\x5b"
+ "\xd6\x94\xfa\x59\x3a\x8b\xeb\x3f\x9d\x65\x92\xec\xed\xaa\x66\xca"
+ "\x82\xa2\x9d\x0c\x51\xbc\xf9\x33\x62\x30\xe5\xd7\x84\xe4\xc0\xa4"
+ "\x3f\x8d\x79\xa3\x0a\x16\x5c\xba\xbe\x45\x2b\x77\x4b\x9c\x71\x09"
+ "\xa9\x7d\x13\x8f\x12\x92\x28\x96\x6f\x6c\x0a\xdc\x10\x6a\xad\x5a"
+ "\x9f\xdd\x30\x82\x57\x69\xb2\xc6\x71\xaf\x67\x59\xdf\x28\xeb\x39"
+ "\x3d\x54\xd6",
+ .hash = "\x97\xdb\xca\x7d\xf4\x6d\x62\xc8\xa4\x22\xc9\x41\xdd\x7e\x83\x5b"
+ "\x8a\xd3\x36\x17\x63\xf7\xe9\xb2\xd9\x5f\x4f\x0d\xa6\xe1\xcc\xbc"
+};
+
+/**
+ * SHA-384 vectors from "The Secure Hash Algorithm Validation System (SHAVS)"
+ */
+hasher_test_vector_t sha384_1 = {
+ .alg = HASH_SHA384, .len = 1,
+ .data = "\xb9",
+ .hash = "\xbc\x80\x89\xa1\x90\x07\xc0\xb1\x41\x95\xf4\xec\xc7\x40\x94\xfe"
+ "\xc6\x4f\x01\xf9\x09\x29\x28\x2c\x2f\xb3\x92\x88\x15\x78\x20\x8a"
+ "\xd4\x66\x82\x8b\x1c\x6c\x28\x3d\x27\x22\xcf\x0a\xd1\xab\x69\x38"
+};
+
+hasher_test_vector_t sha384_2 = {
+ .alg = HASH_SHA384, .len = 16,
+ .data = "\xa4\x1c\x49\x77\x79\xc0\x37\x5f\xf1\x0a\x7f\x4e\x08\x59\x17\x39",
+ .hash = "\xc9\xa6\x84\x43\xa0\x05\x81\x22\x56\xb8\xec\x76\xb0\x05\x16\xf0"
+ "\xdb\xb7\x4f\xab\x26\xd6\x65\x91\x3f\x19\x4b\x6f\xfb\x0e\x91\xea"
+ "\x99\x67\x56\x6b\x58\x10\x9c\xbc\x67\x5c\xc2\x08\xe4\xc8\x23\xf7"
+};
+
+hasher_test_vector_t sha384_3 = {
+ .alg = HASH_SHA384, .len = 227,
+ .data = "\x39\x96\x69\xe2\x8f\x6b\x9c\x6d\xbc\xbb\x69\x12\xec\x10\xff\xcf"
+ "\x74\x79\x03\x49\xb7\xdc\x8f\xbe\x4a\x8e\x7b\x3b\x56\x21\xdb\x0f"
+ "\x3e\x7d\xc8\x7f\x82\x32\x64\xbb\xe4\x0d\x18\x11\xc9\xea\x20\x61"
+ "\xe1\xc8\x4a\xd1\x0a\x23\xfa\xc1\x72\x7e\x72\x02\xfc\x3f\x50\x42"
+ "\xe6\xbf\x58\xcb\xa8\xa2\x74\x6e\x1f\x64\xf9\xb9\xea\x35\x2c\x71"
+ "\x15\x07\x05\x3c\xf4\xe5\x33\x9d\x52\x86\x5f\x25\xcc\x22\xb5\xe8"
+ "\x77\x84\xa1\x2f\xc9\x61\xd6\x6c\xb6\xe8\x95\x73\x19\x9a\x2c\xe6"
+ "\x56\x5c\xbd\xf1\x3d\xca\x40\x38\x32\xcf\xcb\x0e\x8b\x72\x11\xe8"
+ "\x3a\xf3\x2a\x11\xac\x17\x92\x9f\xf1\xc0\x73\xa5\x1c\xc0\x27\xaa"
+ "\xed\xef\xf8\x5a\xad\x7c\x2b\x7c\x5a\x80\x3e\x24\x04\xd9\x6d\x2a"
+ "\x77\x35\x7b\xda\x1a\x6d\xae\xed\x17\x15\x1c\xb9\xbc\x51\x25\xa4"
+ "\x22\xe9\x41\xde\x0c\xa0\xfc\x50\x11\xc2\x3e\xcf\xfe\xfd\xd0\x96"
+ "\x76\x71\x1c\xf3\xdb\x0a\x34\x40\x72\x0e\x16\x15\xc1\xf2\x2f\xbc"
+ "\x3c\x72\x1d\xe5\x21\xe1\xb9\x9b\xa1\xbd\x55\x77\x40\x86\x42\x14"
+ "\x7e\xd0\x96",
+ .hash = "\x4f\x44\x0d\xb1\xe6\xed\xd2\x89\x9f\xa3\x35\xf0\x95\x15\xaa\x02"
+ "\x5e\xe1\x77\xa7\x9f\x4b\x4a\xaf\x38\xe4\x2b\x5c\x4d\xe6\x60\xf5"
+ "\xde\x8f\xb2\xa5\xb2\xfb\xd2\xa3\xcb\xff\xd2\x0c\xff\x12\x88\xc0"
+};
+
+/**
+ * SHA-512 vectors from "The Secure Hash Algorithm Validation System (SHAVS)"
+ */
+hasher_test_vector_t sha512_1 = {
+ .alg = HASH_SHA512, .len = 1,
+ .data = "\xd0",
+ .hash = "\x99\x92\x20\x29\x38\xe8\x82\xe7\x3e\x20\xf6\xb6\x9e\x68\xa0\xa7"
+ "\x14\x90\x90\x42\x3d\x93\xc8\x1b\xab\x3f\x21\x67\x8d\x4a\xce\xee"
+ "\xe5\x0e\x4e\x8c\xaf\xad\xa4\xc8\x5a\x54\xea\x83\x06\x82\x6c\x4a"
+ "\xd6\xe7\x4c\xec\xe9\x63\x1b\xfa\x8a\x54\x9b\x4a\xb3\xfb\xba\x15"
+};
+
+hasher_test_vector_t sha512_2 = {
+ .alg = HASH_SHA512, .len = 16,
+ .data = "\x8d\x4e\x3c\x0e\x38\x89\x19\x14\x91\x81\x6e\x9d\x98\xbf\xf0\xa0",
+ .hash = "\xcb\x0b\x67\xa4\xb8\x71\x2c\xd7\x3c\x9a\xab\xc0\xb1\x99\xe9\x26"
+ "\x9b\x20\x84\x4a\xfb\x75\xac\xbd\xd1\xc1\x53\xc9\x82\x89\x24\xc3"
+ "\xdd\xed\xaa\xfe\x66\x9c\x5f\xdd\x0b\xc6\x6f\x63\x0f\x67\x73\x98"
+ "\x82\x13\xeb\x1b\x16\xf5\x17\xad\x0d\xe4\xb2\xf0\xc9\x5c\x90\xf8"
+};
+
+hasher_test_vector_t sha512_3 = {
+ .alg = HASH_SHA512, .len = 227,
+ .data = "\xa5\x5f\x20\xc4\x11\xaa\xd1\x32\x80\x7a\x50\x2d\x65\x82\x4e\x31"
+ "\xa2\x30\x54\x32\xaa\x3d\x06\xd3\xe2\x82\xa8\xd8\x4e\x0d\xe1\xde"
+ "\x69\x74\xbf\x49\x54\x69\xfc\x7f\x33\x8f\x80\x54\xd5\x8c\x26\xc4"
+ "\x93\x60\xc3\xe8\x7a\xf5\x65\x23\xac\xf6\xd8\x9d\x03\xe5\x6f\xf2"
+ "\xf8\x68\x00\x2b\xc3\xe4\x31\xed\xc4\x4d\xf2\xf0\x22\x3d\x4b\xb3"
+ "\xb2\x43\x58\x6e\x1a\x7d\x92\x49\x36\x69\x4f\xcb\xba\xf8\x8d\x95"
+ "\x19\xe4\xeb\x50\xa6\x44\xf8\xe4\xf9\x5e\xb0\xea\x95\xbc\x44\x65"
+ "\xc8\x82\x1a\xac\xd2\xfe\x15\xab\x49\x81\x16\x4b\xbb\x6d\xc3\x2f"
+ "\x96\x90\x87\xa1\x45\xb0\xd9\xcc\x9c\x67\xc2\x2b\x76\x32\x99\x41"
+ "\x9c\xc4\x12\x8b\xe9\xa0\x77\xb3\xac\xe6\x34\x06\x4e\x6d\x99\x28"
+ "\x35\x13\xdc\x06\xe7\x51\x5d\x0d\x73\x13\x2e\x9a\x0d\xc6\xd3\xb1"
+ "\xf8\xb2\x46\xf1\xa9\x8a\x3f\xc7\x29\x41\xb1\xe3\xbb\x20\x98\xe8"
+ "\xbf\x16\xf2\x68\xd6\x4f\x0b\x0f\x47\x07\xfe\x1e\xa1\xa1\x79\x1b"
+ "\xa2\xf3\xc0\xc7\x58\xe5\xf5\x51\x86\x3a\x96\xc9\x49\xad\x47\xd7"
+ "\xfb\x40\xd2",
+ .hash = "\xc6\x65\xbe\xfb\x36\xda\x18\x9d\x78\x82\x2d\x10\x52\x8c\xbf\x3b"
+ "\x12\xb3\xee\xf7\x26\x03\x99\x09\xc1\xa1\x6a\x27\x0d\x48\x71\x93"
+ "\x77\x96\x6b\x95\x7a\x87\x8e\x72\x05\x84\x77\x9a\x62\x82\x5c\x18"
+ "\xda\x26\x41\x5e\x49\xa7\x17\x6a\x89\x4e\x75\x10\xfd\x14\x51\xf5"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/sha2_hmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/sha2_hmac.c
new file mode 100644
index 000000000..536eba8f6
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/sha2_hmac.c
@@ -0,0 +1,353 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * SHA-256, SHA384, SHA512 hmac test vectors from RFC 4868
+ */
+prf_test_vector_t sha256_hmac_p1 = {
+ .alg = PRF_HMAC_SHA2_256, .key_size = 20, .len = 8,
+ .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b",
+ .seed = "Hi There",
+ .out = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b"
+ "\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7"
+};
+
+signer_test_vector_t sha256_hmac_s1 = {
+ .alg = AUTH_HMAC_SHA2_256_128, .len = 8,
+ .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+ .data = "Hi There",
+ .mac = "\x19\x8a\x60\x7e\xb4\x4b\xfb\xc6\x99\x03\xa0\xf1\xcf\x2b\xbd\xc5"
+};
+
+prf_test_vector_t sha384_hmac_p1 = {
+ .alg = PRF_HMAC_SHA2_384, .key_size = 20, .len = 8,
+ .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b",
+ .seed = "Hi There",
+ .out = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90\x7f"
+ "\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb\xc5\x9c"
+ "\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2\xfa\x9c\xb6"
+};
+
+signer_test_vector_t sha384_hmac_s1 = {
+ .alg = AUTH_HMAC_SHA2_384_192, .len = 8,
+ .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+ .data = "Hi There",
+ .mac = "\xb6\xa8\xd5\x63\x6f\x5c\x6a\x72\x24\xf9\x97\x7d\xcf\x7e\xe6\xc7"
+ "\xfb\x6d\x0c\x48\xcb\xde\xe9\x73"
+};
+
+prf_test_vector_t sha512_hmac_p1 = {
+ .alg = PRF_HMAC_SHA2_512, .key_size = 20, .len = 8,
+ .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b",
+ .seed = "Hi There",
+ .out = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c\xb0"
+ "\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1\x7c\xde"
+ "\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae\xa3\xf4\xe4"
+ "\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20\x3a\x12\x68\x54"
+};
+
+signer_test_vector_t sha512_hmac_s1 = {
+ .alg = AUTH_HMAC_SHA2_512_256, .len = 8,
+ .key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
+ .data = "Hi There",
+ .mac = "\x63\x7e\xdc\x6e\x01\xdc\xe7\xe6\x74\x2a\x99\x45\x1a\xae\x82\xdf"
+ "\x23\xda\x3e\x92\x43\x9e\x59\x0e\x43\xe7\x61\xb3\x3e\x91\x0f\xb8"
+};
+
+prf_test_vector_t sha256_hmac_p2 = {
+ .alg = PRF_HMAC_SHA2_256, .key_size = 4, .len = 28,
+ .key = "Jefe",
+ .seed = "what do ya want for nothing?",
+ .out = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75\xc7"
+ "\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec\x38\x43"
+};
+
+signer_test_vector_t sha256_hmac_s2 = {
+ .alg = AUTH_HMAC_SHA2_256_128, .len = 28,
+ .key = "JefeJefeJefeJefeJefeJefeJefeJefe",
+ .data = "what do ya want for nothing?",
+ .mac = "\x16\x7f\x92\x85\x88\xc5\xcc\x2e\xef\x8e\x30\x93\xca\xa0\xe8\x7c"
+};
+
+prf_test_vector_t sha384_hmac_p2 = {
+ .alg = PRF_HMAC_SHA2_384, .key_size = 4, .len = 28,
+ .key = "Jefe",
+ .seed = "what do ya want for nothing?",
+ .out = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b\x1b"
+ "\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22\x44\x5e"
+ "\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa\xb2\x16\x49"
+};
+
+signer_test_vector_t sha384_hmac_s2 = {
+ .alg = AUTH_HMAC_SHA2_384_192, .len = 28,
+ .key = "JefeJefeJefeJefeJefeJefeJefeJefeJefeJefeJefeJefe",
+ .data = "what do ya want for nothing?",
+ .mac = "\x2c\x73\x53\x97\x4f\x18\x42\xfd\x66\xd5\x3c\x45\x2c\xa4\x21\x22"
+ "\xb2\x8c\x0b\x59\x4c\xfb\x18\x4d"
+};
+
+prf_test_vector_t sha512_hmac_p2 = {
+ .alg = PRF_HMAC_SHA2_512, .key_size = 4, .len = 28,
+ .key = "Jefe",
+ .seed = "what do ya want for nothing?",
+ .out = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0\xa3"
+ "\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25\x05\x54"
+ "\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8\xf0\xe6\xfd"
+ "\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a\x38\xbc\xe7\x37"
+};
+
+signer_test_vector_t sha512_hmac_s2 = {
+ .alg = AUTH_HMAC_SHA2_512_256, .len = 28,
+ .key = "JefeJefeJefeJefeJefeJefeJefeJefeJefeJefeJefeJefeJefeJefeJefeJefe",
+ .data = "what do ya want for nothing?",
+ .mac = "\xcb\x37\x09\x17\xae\x8a\x7c\xe2\x8c\xfd\x1d\x8f\x47\x05\xd6\x14"
+ "\x1c\x17\x3b\x2a\x93\x62\xc1\x5d\xf2\x35\xdf\xb2\x51\xb1\x54\x54"
+};
+
+prf_test_vector_t sha256_hmac_p3 = {
+ .alg = PRF_HMAC_SHA2_256, .key_size = 20, .len = 50,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa",
+ .seed = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ .out = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81\xa7"
+ "\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5\x65\xfe"
+};
+
+signer_test_vector_t sha256_hmac_s3 = {
+ .alg = AUTH_HMAC_SHA2_256_128, .len = 50,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+ .data = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ .mac = "\xcd\xcb\x12\x20\xd1\xec\xcc\xea\x91\xe5\x3a\xba\x30\x92\xf9\x62"
+};
+
+prf_test_vector_t sha384_hmac_p3 = {
+ .alg = PRF_HMAC_SHA2_384, .key_size = 20, .len = 50,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa",
+ .seed = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ .out = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8\x6f"
+ "\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66\x14\x4b"
+ "\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01\xa3\x4f\x27"
+};
+
+signer_test_vector_t sha384_hmac_s3 = {
+ .alg = AUTH_HMAC_SHA2_384_192, .len = 50,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+ .data = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ .mac = "\x80\x9f\x43\x9b\xe0\x02\x74\x32\x1d\x4a\x53\x86\x52\x16\x4b\x53"
+ "\x55\x4a\x50\x81\x84\xa0\xc3\x16"
+};
+
+prf_test_vector_t sha512_hmac_p3 = {
+ .alg = PRF_HMAC_SHA2_512, .key_size = 20, .len = 50,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa",
+ .seed = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ .out = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b\xe9"
+ "\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27\x9d\x39"
+ "\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e\x67\xc8\x07"
+ "\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59\xe1\x32\x92\xfb"
+};
+
+signer_test_vector_t sha512_hmac_s3 = {
+ .alg = AUTH_HMAC_SHA2_512_256, .len = 50,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+ .data = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xdd\xdd",
+ .mac = "\x2e\xe7\xac\xd7\x83\x62\x4c\xa9\x39\x87\x10\xf3\xee\x05\xae\x41"
+ "\xb9\xf9\xb0\x51\x0c\x87\xe4\x9e\x58\x6c\xc9\xbf\x96\x17\x33\xd8"
+};
+
+prf_test_vector_t sha256_hmac_p4 = {
+ .alg = PRF_HMAC_SHA2_256, .key_size = 25, .len = 50,
+ .key = "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18\x19",
+ .seed = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd",
+ .out = "\x82\x55\x8a\x38\x9a\x44\x3c\x0e\xa4\xcc\x81\x98\x99\xf2\x08\x3a"
+ "\x85\xf0\xfa\xa3\xe5\x78\xf8\x07\x7a\x2e\x3f\xf4\x67\x29\x66\x5b"
+};
+
+prf_test_vector_t sha384_hmac_p4 = {
+ .alg = PRF_HMAC_SHA2_384, .key_size = 25, .len = 50,
+ .key = "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18\x19",
+ .seed = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd",
+ .out = "\x3e\x8a\x69\xb7\x78\x3c\x25\x85\x19\x33\xab\x62\x90\xaf\x6c\xa7"
+ "\x7a\x99\x81\x48\x08\x50\x00\x9c\xc5\x57\x7c\x6e\x1f\x57\x3b\x4e"
+ "\x68\x01\xdd\x23\xc4\xa7\xd6\x79\xcc\xf8\xa3\x86\xc6\x74\xcf\xfb"
+};
+
+prf_test_vector_t sha512_hmac_p4 = {
+ .alg = PRF_HMAC_SHA2_512, .key_size = 25, .len = 50,
+ .key = "\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
+ "\x11\x12\x13\x14\x15\x16\x17\x18\x19",
+ .seed = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
+ "\xcd\xcd",
+ .out = "\xb0\xba\x46\x56\x37\x45\x8c\x69\x90\xe5\xa8\xc5\xf6\x1d\x4a\xf7"
+ "\xe5\x76\xd9\x7f\xf9\x4b\x87\x2d\xe7\x6f\x80\x50\x36\x1e\xe3\xdb"
+ "\xa9\x1c\xa5\xc1\x1a\xa2\x5e\xb4\xd6\x79\x27\x5c\xc5\x78\x80\x63"
+ "\xa5\xf1\x97\x41\x12\x0c\x4f\x2d\xe2\xad\xeb\xeb\x10\xa2\x98\xdd"
+};
+
+prf_test_vector_t sha256_hmac_p5 = {
+ .alg = PRF_HMAC_SHA2_256, .key_size = 131, .len = 54,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ .seed = "Test Using Larger Than Block-Size Key - Hash Key First",
+ .out = "\x60\xe4\x31\x59\x1e\xe0\xb6\x7f\x0d\x8a\x26\xaa\xcb\xf5\xb7\x7f"
+ "\x8e\x0b\xc6\x21\x37\x28\xc5\x14\x05\x46\x04\x0f\x0e\xe3\x7f\x54"
+};
+
+prf_test_vector_t sha384_hmac_p5 = {
+ .alg = PRF_HMAC_SHA2_384, .key_size = 131, .len = 54,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ .seed = "Test Using Larger Than Block-Size Key - Hash Key First",
+ .out = "\x4e\xce\x08\x44\x85\x81\x3e\x90\x88\xd2\xc6\x3a\x04\x1b\xc5\xb4"
+ "\x4f\x9e\xf1\x01\x2a\x2b\x58\x8f\x3c\xd1\x1f\x05\x03\x3a\xc4\xc6"
+ "\x0c\x2e\xf6\xab\x40\x30\xfe\x82\x96\x24\x8d\xf1\x63\xf4\x49\x52"
+};
+
+prf_test_vector_t sha512_hmac_p5 = {
+ .alg = PRF_HMAC_SHA2_512, .key_size = 131, .len = 54,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ .seed = "Test Using Larger Than Block-Size Key - Hash Key First",
+ .out = "\x80\xb2\x42\x63\xc7\xc1\xa3\xeb\xb7\x14\x93\xc1\xdd\x7b\xe8\xb4"
+ "\x9b\x46\xd1\xf4\x1b\x4a\xee\xc1\x12\x1b\x01\x37\x83\xf8\xf3\x52"
+ "\x6b\x56\xd0\x37\xe0\x5f\x25\x98\xbd\x0f\xd2\x21\x5d\x6a\x1e\x52"
+ "\x95\xe6\x4f\x73\xf6\x3f\x0a\xec\x8b\x91\x5a\x98\x5d\x78\x65\x98"
+};
+
+prf_test_vector_t sha256_hmac_p6 = {
+ .alg = PRF_HMAC_SHA2_256, .key_size = 131, .len = 152,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ .seed = "This is a test using a larger than block-size key and a larger "
+ "than block-size data. The key needs to be hashed before being "
+ "used by the HMAC algorithm.",
+ .out = "\x9b\x09\xff\xa7\x1b\x94\x2f\xcb\x27\x63\x5f\xbc\xd5\xb0\xe9\x44"
+ "\xbf\xdc\x63\x64\x4f\x07\x13\x93\x8a\x7f\x51\x53\x5c\x3a\x35\xe2"
+};
+
+prf_test_vector_t sha384_hmac_p6 = {
+ .alg = PRF_HMAC_SHA2_384, .key_size = 131, .len = 152,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ .seed = "This is a test using a larger than block-size key and a larger "
+ "than block-size data. The key needs to be hashed before being "
+ "used by the HMAC algorithm.",
+ .out = "\x66\x17\x17\x8e\x94\x1f\x02\x0d\x35\x1e\x2f\x25\x4e\x8f\xd3\x2c"
+ "\x60\x24\x20\xfe\xb0\xb8\xfb\x9a\xdc\xce\xbb\x82\x46\x1e\x99\xc5"
+ "\xa6\x78\xcc\x31\xe7\x99\x17\x6d\x38\x60\xe6\x11\x0c\x46\x52\x3e"
+};
+
+prf_test_vector_t sha512_hmac_p6 = {
+ .alg = PRF_HMAC_SHA2_512, .key_size = 131, .len = 152,
+ .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xaa\xaa\xaa",
+ .seed = "This is a test using a larger than block-size key and a larger "
+ "than block-size data. The key needs to be hashed before being "
+ "used by the HMAC algorithm.",
+ .out = "\xe3\x7b\x6a\x77\x5d\xc8\x7d\xba\xa4\xdf\xa9\xf9\x6e\x5e\x3f\xfd"
+ "\xde\xbd\x71\xf8\x86\x72\x89\x86\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44"
+ "\xb6\x02\x2c\xac\x3c\x49\x82\xb1\x0d\x5e\xeb\x55\xc3\xe4\xde\x15"
+ "\x13\x46\x76\xfb\x6d\xe0\x44\x60\x65\xc9\x74\x40\xfa\x8c\x6a\x58"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c b/src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c
new file mode 100644
index 000000000..9c3ca20cc
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors/twofish_cbc.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2009 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the Licenseor (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be usefulbut
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <crypto/crypto_tester.h>
+
+/**
+ * All testvectors from http://www.schneier.com/code/ecb_ival.txt
+ */
+
+/**
+ * Twofish 128 bit: I=49
+ */
+crypter_test_vector_t twofish_cbc1 = {
+ .alg = ENCR_TWOFISH_CBC, .key_size = 16, .len = 16,
+ .key = "\xBC\xA7\x24\xA5\x45\x33\xC6\x98\x7E\x14\xAA\x82\x79\x52\xF9\x21",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x6B\x45\x92\x86\xF3\xFF\xD2\x8D\x49\xF1\x5B\x15\x81\xB0\x8E\x42",
+ .cipher = "\x5D\x9D\x4E\xEF\xFA\x91\x51\x57\x55\x24\xF1\x15\x81\x5A\x12\xE0"
+};
+
+/**
+ * Twofish 192 bit: I=49
+ */
+crypter_test_vector_t twofish_cbc2 = {
+ .alg = ENCR_TWOFISH_CBC, .key_size = 24, .len = 16,
+ .key = "\xFB\x66\x52\x2C\x33\x2F\xCC\x4C\x04\x2A\xBE\x32\xFA\x9E\x90\x2F"
+ "\xDE\xA4\xF3\xDA\x75\xEC\x7A\x8E",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\xF0\xAB\x73\x30\x11\x25\xFA\x21\xEF\x70\xBE\x53\x85\xFB\x76\xB6",
+ .cipher = "\xE7\x54\x49\x21\x2B\xEE\xF9\xF4\xA3\x90\xBD\x86\x0A\x64\x09\x41"
+};
+
+/**
+ * Twofish 256 bit: I=49
+ */
+crypter_test_vector_t twofish_cbc3 = {
+ .alg = ENCR_TWOFISH_CBC, .key_size = 32, .len = 16,
+ .key = "\x24\x8A\x7F\x35\x28\xB1\x68\xAC\xFD\xD1\x38\x6E\x3F\x51\xE3\x0C"
+ "\x2E\x21\x58\xBC\x3E\x5F\xC7\x14\xC1\xEE\xEC\xA0\xEA\x69\x6D\x48",
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ .plain = "\x43\x10\x58\xF4\xDB\xC7\xF7\x34\xDA\x4F\x02\xF0\x4C\xC4\xF4\x59",
+ .cipher = "\x37\xFE\x26\xFF\x1C\xF6\x61\x75\xF5\xDD\xF4\xC3\x3B\x97\xA2\x05"
+};
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
new file mode 100644
index 000000000..b96dc0c9a
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c
@@ -0,0 +1,142 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "test_vectors_plugin.h"
+
+#include <crypto/crypto_factory.h>
+#include <crypto/crypto_tester.h>
+
+/* define symbols of all test vectors */
+#define TEST_VECTOR_CRYPTER(x) crypter_test_vector_t x;
+#define TEST_VECTOR_SIGNER(x) signer_test_vector_t x;
+#define TEST_VECTOR_HASHER(x) hasher_test_vector_t x;
+#define TEST_VECTOR_PRF(x) prf_test_vector_t x;
+#define TEST_VECTOR_RNG(x) rng_test_vector_t x;
+
+#include "test_vectors.h"
+
+#undef TEST_VECTOR_CRYPTER
+#undef TEST_VECTOR_SIGNER
+#undef TEST_VECTOR_HASHER
+#undef TEST_VECTOR_PRF
+#undef TEST_VECTOR_RNG
+
+#define TEST_VECTOR_CRYPTER(x)
+#define TEST_VECTOR_SIGNER(x)
+#define TEST_VECTOR_HASHER(x)
+#define TEST_VECTOR_PRF(x)
+#define TEST_VECTOR_RNG(x)
+
+/* create test vector arrays */
+#undef TEST_VECTOR_CRYPTER
+#define TEST_VECTOR_CRYPTER(x) &x,
+static crypter_test_vector_t *crypter[] = {
+#include "test_vectors.h"
+};
+#undef TEST_VECTOR_CRYPTER
+#define TEST_VECTOR_CRYPTER(x)
+
+#undef TEST_VECTOR_SIGNER
+#define TEST_VECTOR_SIGNER(x) &x,
+static signer_test_vector_t *signer[] = {
+#include "test_vectors.h"
+};
+#undef TEST_VECTOR_SIGNER
+#define TEST_VECTOR_SIGNER(x)
+
+#undef TEST_VECTOR_HASHER
+#define TEST_VECTOR_HASHER(x) &x,
+static hasher_test_vector_t *hasher[] = {
+#include "test_vectors.h"
+};
+#undef TEST_VECTOR_HASHER
+#define TEST_VECTOR_HASHER(x)
+
+#undef TEST_VECTOR_PRF
+#define TEST_VECTOR_PRF(x) &x,
+static prf_test_vector_t *prf[] = {
+#include "test_vectors.h"
+};
+#undef TEST_VECTOR_PRF
+#define TEST_VECTOR_PRF(x)
+
+#undef TEST_VECTOR_RNG
+#define TEST_VECTOR_RNG(x) &x,
+static rng_test_vector_t *rng[] = {
+#include "test_vectors.h"
+};
+#undef TEST_VECTOR_RNG
+#define TEST_VECTOR_RNG(x)
+
+typedef struct private_test_vectors_plugin_t private_test_vectors_plugin_t;
+
+/**
+ * private data of test_vectors_plugin
+ */
+struct private_test_vectors_plugin_t {
+
+ /**
+ * public functions
+ */
+ test_vectors_plugin_t public;
+};
+
+/**
+ * Implementation of test_vectors_plugin_t.test_vectorstroy
+ */
+static void destroy(private_test_vectors_plugin_t *this)
+{
+ free(this);
+}
+
+/*
+ * see header file
+ */
+plugin_t *plugin_create()
+{
+ private_test_vectors_plugin_t *this = malloc_thing(private_test_vectors_plugin_t);
+ int i;
+
+ this->public.plugin.destroy = (void(*)(plugin_t*))destroy;
+
+ for (i = 0; i < countof(crypter); i++)
+ {
+ lib->crypto->add_test_vector(lib->crypto,
+ ENCRYPTION_ALGORITHM, crypter[i]);
+ }
+ for (i = 0; i < countof(signer); i++)
+ {
+ lib->crypto->add_test_vector(lib->crypto,
+ INTEGRITY_ALGORITHM, signer[i]);
+ }
+ for (i = 0; i < countof(hasher); i++)
+ {
+ lib->crypto->add_test_vector(lib->crypto,
+ HASH_ALGORITHM, hasher[i]);
+ }
+ for (i = 0; i < countof(prf); i++)
+ {
+ lib->crypto->add_test_vector(lib->crypto,
+ PSEUDO_RANDOM_FUNCTION, prf[i]);
+ }
+ for (i = 0; i < countof(rng); i++)
+ {
+ lib->crypto->add_test_vector(lib->crypto,
+ RANDOM_NUMBER_GENERATOR, rng[i]);
+ }
+
+ return &this->public.plugin;
+}
+
diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h
new file mode 100644
index 000000000..9cb959c88
--- /dev/null
+++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2009 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup test_vectors_p test_vectors
+ * @ingroup plugins
+ *
+ * @defgroup test_vectors_plugin test_vectors_plugin
+ * @{ @ingroup test_vectors_p
+ */
+
+#ifndef TEST_VECTORS_PLUGIN_H_
+#define TEST_VECTORS_PLUGIN_H_
+
+#include <plugins/plugin.h>
+
+typedef struct test_vectors_plugin_t test_vectors_plugin_t;
+
+/**
+ * Plugin providing various crypto test vectors.
+ */
+struct test_vectors_plugin_t {
+
+ /**
+ * implements plugin interface
+ */
+ plugin_t plugin;
+};
+
+/**
+ * Create a test_vectors_plugin instance.
+ */
+plugin_t *plugin_create();
+
+#endif /** TEST_VECTORS_PLUGIN_H_ @}*/
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index 028bbd41a..0c62ad3b3 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -89,6 +89,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -111,6 +112,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -122,6 +126,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -135,6 +140,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -195,6 +202,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -206,6 +214,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -230,8 +239,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -331,7 +340,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/x509/ietf_attr_list.h b/src/libstrongswan/plugins/x509/ietf_attr_list.h
index 983c67d14..5807a899e 100644
--- a/src/libstrongswan/plugins/x509/ietf_attr_list.h
+++ b/src/libstrongswan/plugins/x509/ietf_attr_list.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
/**
diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index 2168f9bc7..638f96b44 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -14,8 +14,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "x509_ac.h"
@@ -32,6 +30,7 @@
#include <utils/identification.h>
#include <utils/linked_list.h>
#include <credentials/certificates/x509.h>
+#include <credentials/keys/private_key.h>
extern identification_t* x509_parse_authorityKeyIdentifier(chunk_t blob,
int level0, chunk_t *authKeySerialNumber);
@@ -780,31 +779,11 @@ static bool issued_by(private_x509_ac_t *this, certificate_t *issuer)
return FALSE;
}
}
- /* TODO: generic OID to scheme mapper? */
- switch (this->algorithm)
- {
- case OID_MD5_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_MD5;
- break;
- case OID_SHA1_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
- break;
- case OID_SHA256_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
- break;
- case OID_SHA384_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
- break;
- case OID_SHA512_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
- break;
- case OID_ECDSA_WITH_SHA1:
- scheme = SIGN_ECDSA_WITH_SHA1;
- break;
- default:
- return FALSE;
- }
- if (key == NULL)
+
+ /* determine signature scheme */
+ scheme = signature_scheme_from_oid(this->algorithm);
+
+ if (scheme == SIGN_UNKNOWN || key == NULL)
{
return FALSE;
}
diff --git a/src/libstrongswan/plugins/x509/x509_ac.h b/src/libstrongswan/plugins/x509/x509_ac.h
index 5df9c5f8a..958d5c57a 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.h
+++ b/src/libstrongswan/plugins/x509/x509_ac.h
@@ -14,8 +14,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
/**
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index 4c6b45394..6fe1809c2 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -16,8 +16,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509_cert.c 4936 2009-03-12 18:07:32Z tobias $
*/
#define _GNU_SOURCE
@@ -37,6 +35,7 @@
#include <asn1/asn1_parser.h>
#include <asn1/pem.h>
#include <crypto/hashers/hasher.h>
+#include <credentials/keys/private_key.h>
#include <utils/linked_list.h>
#include <utils/identification.h>
@@ -353,7 +352,7 @@ static identification_t *parse_generalName(chunk_t blob, int level0)
if (id_type != ID_ANY)
{
gn = identification_create_from_encoding(id_type, object);
- DBG2(" '%D'", gn);
+ DBG2(" '%Y'", gn);
goto end;
}
}
@@ -510,9 +509,9 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0,
/* parsing went wrong - abort */
goto end;
}
- DBG2(" '%D'", id);
+ DBG2(" '%Y'", id);
if (accessMethod == OID_OCSP &&
- asprintf(&uri, "%D", id) > 0)
+ asprintf(&uri, "%Y", id) > 0)
{
this->ocsp_uris->insert_last(this->ocsp_uris, uri);
}
@@ -619,7 +618,7 @@ static void parse_crlDistributionPoints(chunk_t blob, int level0,
{
char *uri;
- if (asprintf(&uri, "%D", id) > 0)
+ if (asprintf(&uri, "%Y", id) > 0)
{
this->crl_uris->insert_last(this->crl_uris, uri);
}
@@ -714,7 +713,7 @@ static bool parse_certificate(private_x509_cert_t *this)
break;
case X509_OBJ_ISSUER:
this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(" '%D'", this->issuer);
+ DBG2(" '%Y'", this->issuer);
break;
case X509_OBJ_NOT_BEFORE:
this->notBefore = asn1_parse_time(object, level);
@@ -724,14 +723,13 @@ static bool parse_certificate(private_x509_cert_t *this)
break;
case X509_OBJ_SUBJECT:
this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(" '%D'", this->subject);
+ DBG2(" '%Y'", this->subject);
break;
case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO:
this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY,
KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END);
if (this->public_key == NULL)
{
- DBG1("could not create public key");
goto end;
}
break;
@@ -911,32 +909,14 @@ static bool issued_by(private_x509_cert_t *this, certificate_t *issuer)
{
return FALSE;
}
- /* TODO: generic OID to scheme mapper? */
- switch (this->algorithm)
- {
- case OID_MD5_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_MD5;
- break;
- case OID_SHA1_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
- break;
- case OID_SHA256_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
- break;
- case OID_SHA384_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
- break;
- case OID_SHA512_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
- break;
- case OID_ECDSA_WITH_SHA1:
- scheme = SIGN_ECDSA_WITH_SHA1;
- break;
- default:
- return FALSE;
- }
+
+ /* get the public key of the issuer */
key = issuer->get_public_key(issuer);
- if (key == NULL)
+
+ /* determine signature scheme */
+ scheme = signature_scheme_from_oid(this->algorithm);
+
+ if (scheme == SIGN_UNKNOWN || key == NULL)
{
return FALSE;
}
@@ -1124,19 +1104,19 @@ static private_x509_cert_t* create_empty(void)
{
private_x509_cert_t *this = malloc_thing(private_x509_cert_t);
- this->public.interface.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type;
- this->public.interface.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject;
- this->public.interface.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer;
- this->public.interface.interface.has_subject = (id_match_t (*)(certificate_t*, identification_t *subject))has_subject;
- this->public.interface.interface.has_issuer = (id_match_t (*)(certificate_t*, identification_t *issuer))has_issuer;
- this->public.interface.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by;
- this->public.interface.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key;
- this->public.interface.interface.get_validity = (bool (*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity;
- this->public.interface.interface.is_newer = (bool (*)(certificate_t*,certificate_t*))is_newer;
- this->public.interface.interface.get_encoding = (chunk_t (*)(certificate_t*))get_encoding;
- this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals;
- this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref;
- this->public.interface.interface.destroy = (void (*)(certificate_t *this))destroy;
+ this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type;
+ this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject;
+ this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer;
+ this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject;
+ this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_issuer;
+ this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by;
+ this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key;
+ this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity;
+ this->public.interface.interface.is_newer = (bool (*) (certificate_t*,certificate_t*))is_newer;
+ this->public.interface.interface.get_encoding = (chunk_t (*) (certificate_t*))get_encoding;
+ this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals;
+ this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref;
+ this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy;
this->public.interface.get_flags = (x509_flag_t (*)(x509_t*))get_flags;
this->public.interface.get_serial = (chunk_t (*)(x509_t*))get_serial;
this->public.interface.get_authKeyIdentifier = (identification_t* (*)(x509_t*))get_authKeyIdentifier;
@@ -1178,6 +1158,7 @@ static private_x509_cert_t *create_from_chunk(chunk_t chunk)
private_x509_cert_t *this = create_empty();
this->encoding = chunk;
+ this->parsed = TRUE;
if (!parse_certificate(this))
{
destroy(this);
@@ -1191,17 +1172,15 @@ static private_x509_cert_t *create_from_chunk(chunk_t chunk)
}
hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
- if (hasher != NULL)
- {
- hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash);
- hasher->destroy(hasher);
- }
- else
+ if (hasher == NULL)
{
- DBG1(" unable to create hash of certificate, SHA1 not supported");
+ DBG1(" unable to create hash of certificate, SHA1 not supported");
+ destroy(this);
+ return NULL;
}
+ hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash);
+ hasher->destroy(hasher);
- this->parsed = TRUE;
return this;
}
@@ -1316,7 +1295,7 @@ static bool generate(private_builder_t *this)
this->cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmccmcmm",
asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2),
- asn1_simple_object(ASN1_INTEGER, this->cert->serialNumber),
+ asn1_integer("c", this->cert->serialNumber),
asn1_algorithmIdentifier(this->cert->algorithm),
issuer->get_encoding(issuer),
asn1_wrap(ASN1_SEQUENCE, "mm",
@@ -1352,33 +1331,22 @@ static bool generate(private_builder_t *this)
static private_x509_cert_t *build(private_builder_t *this)
{
private_x509_cert_t *cert;
- x509_flag_t flags;
- if (this->cert && !this->cert->encoding.ptr)
+ if (this->cert)
{
- if (!this->sign_key || !this->cert ||
- !generate(this))
- {
- destroy(this->cert);
- free(this);
- return NULL;
+ this->cert->flags |= this->flags;
+ if (!this->cert->encoding.ptr)
+ { /* generate a new certificate */
+ if (!this->sign_key || !generate(this))
+ {
+ destroy(this->cert);
+ free(this);
+ return NULL;
+ }
}
}
cert = this->cert;
- flags = this->flags;
free(this);
- if (cert == NULL)
- {
- return NULL;
- }
-
- if ((flags & X509_CA) && !(cert->flags & X509_CA))
- {
- DBG1(" ca certificate must have ca basic constraint set, discarded");
- destroy(cert);
- return NULL;
- }
- cert->flags |= flags;
return cert;
}
diff --git a/src/libstrongswan/plugins/x509/x509_cert.h b/src/libstrongswan/plugins/x509/x509_cert.h
index 8dbd8050a..5ebe1567d 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.h
+++ b/src/libstrongswan/plugins/x509/x509_cert.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509_cert.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index fd14dfebd..f502668cb 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509_crl.c 4936 2009-03-12 18:07:32Z tobias $
*/
#include "x509_crl.h"
@@ -226,7 +224,7 @@ static bool parse(private_x509_crl_t *this)
break;
case CRL_OBJ_ISSUER:
this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
- DBG2(" '%D'", this->issuer);
+ DBG2(" '%Y'", this->issuer);
break;
case CRL_OBJ_THIS_UPDATE:
this->thisUpdate = asn1_parse_time(object, level);
@@ -436,31 +434,11 @@ static bool issued_by(private_x509_crl_t *this, certificate_t *issuer)
return FALSE;
}
}
- /* TODO: generic OID to scheme mapper? */
- switch (this->algorithm)
- {
- case OID_MD5_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_MD5;
- break;
- case OID_SHA1_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
- break;
- case OID_SHA256_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
- break;
- case OID_SHA384_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
- break;
- case OID_SHA512_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
- break;
- case OID_ECDSA_WITH_SHA1:
- scheme = SIGN_ECDSA_WITH_SHA1;
- break;
- default:
- return FALSE;
- }
- if (key == NULL)
+
+ /* determine signature scheme */
+ scheme = signature_scheme_from_oid(this->algorithm);
+
+ if (scheme == SIGN_UNKNOWN || key == NULL)
{
return FALSE;
}
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index 7b97b990d..4020d8d95 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509_ocsp_request.c 4317 2008-09-02 11:00:13Z martin $
*/
#include "x509_ocsp_request.h"
@@ -26,6 +24,7 @@
#include <utils/linked_list.h>
#include <debug.h>
#include <credentials/certificates/x509.h>
+#include <credentials/keys/private_key.h>
#define NONCE_LEN 16
diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
index 6bb59d8e6..1b3187258 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509_ocsp_response.c 4936 2009-03-12 18:07:32Z tobias $
*/
#include "x509_ocsp_response.h"
@@ -523,12 +521,12 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this,
case BASIC_RESPONSE_ID_BY_NAME:
this->responderId = identification_create_from_encoding(
ID_DER_ASN1_DN, object);
- DBG2(" '%D'", this->responderId);
+ DBG2(" '%Y'", this->responderId);
break;
case BASIC_RESPONSE_ID_BY_KEY:
this->responderId = identification_create_from_encoding(
ID_PUBKEY_INFO_SHA1, object);
- DBG2(" '%D'", this->responderId);
+ DBG2(" '%Y'", this->responderId);
break;
case BASIC_RESPONSE_PRODUCED_AT:
this->producedAt = asn1_to_time(&object, ASN1_GENERALIZEDTIME);
@@ -726,32 +724,14 @@ static bool issued_by(private_x509_ocsp_response_t *this, certificate_t *issuer)
{
return FALSE;
}
- /* TODO: generic OID to scheme mapper? */
- switch (this->signatureAlgorithm)
- {
- case OID_MD5_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_MD5;
- break;
- case OID_SHA1_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA1;
- break;
- case OID_SHA256_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA256;
- break;
- case OID_SHA384_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA384;
- break;
- case OID_SHA512_WITH_RSA:
- scheme = SIGN_RSA_EMSA_PKCS1_SHA512;
- break;
- case OID_ECDSA_WITH_SHA1:
- scheme = SIGN_ECDSA_WITH_SHA1;
- break;
- default:
- return FALSE;
- }
+
+ /* get the public key of the issuer */
key = issuer->get_public_key(issuer);
- if (key == NULL)
+
+ /* determine signature scheme */
+ scheme = signature_scheme_from_oid(this->signatureAlgorithm);
+
+ if (scheme == SIGN_UNKNOWN || key == NULL)
{
return FALSE;
}
diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c
index 42768487d..9ed7f95bd 100644
--- a/src/libstrongswan/plugins/x509/x509_plugin.c
+++ b/src/libstrongswan/plugins/x509/x509_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: x509_plugin.c 3640 2008-03-21 10:52:11Z andreas $
*/
#include "x509_plugin.h"
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 48c6ef954..82ef55bd5 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -88,6 +88,7 @@ CPPFLAGS = @CPPFLAGS@
CYGPATH_W = @CYGPATH_W@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
@@ -110,6 +111,9 @@ LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
@@ -121,6 +125,7 @@ MAKEINFO = @MAKEINFO@
MKDIR_P = @MKDIR_P@
NM = @NM@
NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
@@ -134,6 +139,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
@@ -194,6 +201,7 @@ oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
piddir = @piddir@
plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
@@ -205,6 +213,7 @@ srcdir = @srcdir@
strongswan_conf = @strongswan_conf@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
@@ -224,8 +233,8 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
- cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
- && exit 0; \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
@@ -322,7 +331,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | \
- $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in files) print i; }; }'`; \
mkid -fID $$unique
tags: TAGS
diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c
index ab37eca40..dd63af005 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General xcbc License
* for more details.
- *
- * $Id: xcbc.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <string.h>
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
index f1501476f..25f59c650 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "xcbc_plugin.h"
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_prf.c b/src/libstrongswan/plugins/xcbc/xcbc_prf.c
index 03056594d..a90f2d44f 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_prf.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_prf.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include "xcbc_prf.h"
diff --git a/src/libstrongswan/plugins/xcbc/xcbc_signer.c b/src/libstrongswan/plugins/xcbc/xcbc_signer.c
index 29eb2d25b..b394bb251 100644
--- a/src/libstrongswan/plugins/xcbc/xcbc_signer.c
+++ b/src/libstrongswan/plugins/xcbc/xcbc_signer.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#include <string.h>
diff --git a/src/libstrongswan/printf_hook.c b/src/libstrongswan/printf_hook.c
index ceace27da..692ad9cf8 100644
--- a/src/libstrongswan/printf_hook.c
+++ b/src/libstrongswan/printf_hook.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: printf_hook.c 4975 2009-03-19 08:54:39Z martin $
*/
#include "printf_hook.h"
@@ -62,7 +60,7 @@ struct printf_hook_handler_t {
*/
int argtypes[ARGS_MAX];
-#ifndef HAVE_PRINTF_HOOKS
+#ifdef USE_VSTR
/**
* name required for Vstr
*/
@@ -77,7 +75,7 @@ static printf_hook_handler_t *printf_hooks[NUM_HANDLERS];
#define SPEC_TO_INDEX(spec) ((int)(spec) - (int)'A')
#define IS_VALID_SPEC(spec) (SPEC_TO_INDEX(spec) > -1 && SPEC_TO_INDEX(spec) < NUM_HANDLERS)
-#ifdef HAVE_PRINTF_HOOKS
+#if defined(HAVE_PRINTF_HOOKS) && !defined(USE_VSTR)
/**
* Printf hook print function. This is actually of type "printf_function",
@@ -165,7 +163,7 @@ static int custom_fmt_cb(Vstr_base *base, size_t pos, Vstr_fmt_spec *fmt_spec)
}
/**
- * Add a custom format handler to the given Vstr_conf object
+ * Add a custom format handler to the given Vstr_conf object
*/
static void vstr_fmt_add_handler(Vstr_conf *conf, printf_hook_handler_t *handler)
{
@@ -340,7 +338,7 @@ static void add_handler(private_printf_hook_t *this, char spec,
return;
}
- handler = malloc_thing(printf_hook_handler_t);
+ handler = malloc_thing(printf_hook_handler_t);
handler->hook = hook;
va_start(args, hook);
@@ -361,7 +359,7 @@ static void add_handler(private_printf_hook_t *this, char spec,
if (handler->numargs > 0)
{
-#ifdef HAVE_PRINTF_HOOKS
+#if defined(HAVE_PRINTF_HOOKS) && !defined(USE_VSTR)
register_printf_function(spec, custom_print, custom_arginfo);
#else
Vstr_conf *conf = get_vstr_conf();
@@ -384,7 +382,7 @@ static void add_handler(private_printf_hook_t *this, char spec,
static void destroy(private_printf_hook_t *this)
{
int i;
-#ifndef HAVE_PRINTF_HOOKS
+#ifdef USE_VSTR
Vstr_conf *conf = get_vstr_conf();
#endif
@@ -393,7 +391,7 @@ static void destroy(private_printf_hook_t *this)
printf_hook_handler_t *handler = printf_hooks[i];
if (handler)
{
-#ifndef HAVE_PRINTF_HOOKS
+#ifdef USE_VSTR
vstr_fmt_del(conf, handler->name);
free(handler->name);
#endif
@@ -401,7 +399,7 @@ static void destroy(private_printf_hook_t *this)
}
}
-#ifndef HAVE_PRINTF_HOOKS
+#ifdef USE_VSTR
/* freeing the Vstr_conf of the main thread */
pthread_key_delete(vstr_conf_key);
vstr_free_conf(conf);
@@ -422,7 +420,7 @@ printf_hook_t *printf_hook_create()
memset(printf_hooks, 0, sizeof(printf_hooks));
-#ifndef HAVE_PRINTF_HOOKS
+#ifdef USE_VSTR
if (!vstr_init())
{
DBG1("failed to initialize Vstr library!");
diff --git a/src/libstrongswan/printf_hook.h b/src/libstrongswan/printf_hook.h
index a82c1583c..02c973580 100644
--- a/src/libstrongswan/printf_hook.h
+++ b/src/libstrongswan/printf_hook.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: printf_hook.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -28,12 +26,13 @@ typedef struct printf_hook_t printf_hook_t;
typedef struct printf_hook_spec_t printf_hook_spec_t;
typedef enum printf_hook_argtype_t printf_hook_argtype_t;
-#ifdef HAVE_PRINTF_HOOKS
+#if defined(HAVE_PRINTF_HOOKS) && !defined(USE_VSTR)
+#include <stdio.h>
#include <printf.h>
enum printf_hook_argtype_t {
- PRINTF_HOOK_ARGTYPE_END = PA_LAST,
+ PRINTF_HOOK_ARGTYPE_END = -1,
PRINTF_HOOK_ARGTYPE_INT = PA_INT,
PRINTF_HOOK_ARGTYPE_POINTER = PA_POINTER,
};
diff --git a/src/libstrongswan/settings.c b/src/libstrongswan/settings.c
index a02823ba0..64ac09299 100644
--- a/src/libstrongswan/settings.c
+++ b/src/libstrongswan/settings.c
@@ -11,12 +11,11 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#define _GNU_SOURCE
#include <string.h>
+#include <stdarg.h>
#include <stdio.h>
#include <errno.h>
@@ -213,17 +212,17 @@ static bool get_bool(private_settings_t *this, char *key, bool def, ...)
va_end(args);
if (value)
{
- if (strcasecmp(value, "true") == 0 ||
- strcasecmp(value, "enabled") == 0 ||
- strcasecmp(value, "yes") == 0 ||
- strcasecmp(value, "1") == 0)
+ if (strcaseeq(value, "true") ||
+ strcaseeq(value, "enabled") ||
+ strcaseeq(value, "yes") ||
+ strcaseeq(value, "1"))
{
return TRUE;
}
- else if (strcasecmp(value, "false") == 0 ||
- strcasecmp(value, "disabled") == 0 ||
- strcasecmp(value, "no") == 0 ||
- strcasecmp(value, "0") == 0)
+ else if (strcaseeq(value, "false") ||
+ strcaseeq(value, "disabled") ||
+ strcaseeq(value, "no") ||
+ strcaseeq(value, "0"))
{
return FALSE;
}
diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h
index c487f7775..1816787ae 100644
--- a/src/libstrongswan/settings.h
+++ b/src/libstrongswan/settings.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
/**
@@ -25,7 +23,7 @@
typedef struct settings_t settings_t;
-#include <library.h>
+#include <utils.h>
#include <utils/enumerator.h>
/**
diff --git a/src/libstrongswan/utils.c b/src/libstrongswan/utils.c
index be0e8e9e5..4a0eff45f 100644
--- a/src/libstrongswan/utils.c
+++ b/src/libstrongswan/utils.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: utils.c 4936 2009-03-12 18:07:32Z tobias $
*/
#include "utils.h"
@@ -22,6 +20,7 @@
#include <string.h>
#include <stdio.h>
#include <unistd.h>
+#include <limits.h>
#include <dirent.h>
#include <time.h>
@@ -148,6 +147,22 @@ void *return_null()
}
/**
+ * returns TRUE
+ */
+bool return_true()
+{
+ return TRUE;
+}
+
+/**
+ * returns FALSE
+ */
+bool return_false()
+{
+ return FALSE;
+}
+
+/**
* nop operation
*/
void nop()
diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h
index b740e7473..debd0145b 100644
--- a/src/libstrongswan/utils.h
+++ b/src/libstrongswan/utils.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: utils.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -51,6 +49,11 @@
#define strneq(x,y,len) (strncmp(x, y, len) == 0)
/**
+ * Macro compares two strings for equality ignoring case
+ */
+#define strcaseeq(x,y) (strcasecmp(x, y) == 0)
+
+/**
* Macro compares two binary blobs for equality
*/
#define memeq(x,y,len) (memcmp(x, y, len) == 0)
@@ -113,12 +116,22 @@
/**
* General purpose boolean type.
*/
-typedef int bool;
+#ifdef HAVE_STDBOOL_H
+# include <stdbool.h>
+#else
+# ifndef HAVE__BOOL
+# define _Bool signed char
+# endif /* HAVE__BOOL */
+# define bool _Bool
+# define false 0
+# define true 1
+# define __bool_true_false_are_defined 1
+#endif /* HAVE_STDBOOL_H */
#ifndef FALSE
-# define FALSE 0
+# define FALSE false
#endif /* FALSE */
#ifndef TRUE
-# define TRUE 1
+# define TRUE true
#endif /* TRUE */
typedef enum status_t status_t;
@@ -250,6 +263,16 @@ void *return_null();
void nop();
/**
+ * returns TRUE
+ */
+bool return_true();
+
+/**
+ * returns FALSE
+ */
+bool return_false();
+
+/**
* Special type to count references
*/
typedef volatile u_int refcount_t;
diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c
index 3caafdc38..f110521af 100644
--- a/src/libstrongswan/utils/backtrace.c
+++ b/src/libstrongswan/utils/backtrace.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id$
*/
#define _GNU_SOURCE
@@ -25,6 +23,8 @@
# include <execinfo.h>
#endif /* HAVE_BACKTRACE */
+#include <string.h>
+
#include "backtrace.h"
typedef struct private_backtrace_t private_backtrace_t;
diff --git a/src/libstrongswan/utils/enumerator.c b/src/libstrongswan/utils/enumerator.c
index e7653a9b2..24bafe66a 100644
--- a/src/libstrongswan/utils/enumerator.c
+++ b/src/libstrongswan/utils/enumerator.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: enumerator.c 4744 2008-12-03 10:03:59Z tobias $
*/
#include "enumerator.h"
@@ -21,9 +19,11 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
+#include <limits.h>
#include <stdio.h>
#include <dirent.h>
#include <errno.h>
+#include <string.h>
#include <debug.h>
diff --git a/src/libstrongswan/utils/enumerator.h b/src/libstrongswan/utils/enumerator.h
index 98f300609..4367d0836 100644
--- a/src/libstrongswan/utils/enumerator.h
+++ b/src/libstrongswan/utils/enumerator.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: enumerator.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -25,7 +23,7 @@
typedef struct enumerator_t enumerator_t;
-#include <library.h>
+#include <utils.h>
/**
* Enumerate is simpler, but more flexible than iterator.
diff --git a/src/libstrongswan/utils/hashtable.c b/src/libstrongswan/utils/hashtable.c
index 27a7a66c1..6d33d023b 100644
--- a/src/libstrongswan/utils/hashtable.c
+++ b/src/libstrongswan/utils/hashtable.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: hashtable.c 4936 2009-03-12 18:07:32Z tobias $
*/
#include <utils/linked_list.h>
diff --git a/src/libstrongswan/utils/hashtable.h b/src/libstrongswan/utils/hashtable.h
index 28804caf8..cbe51f557 100644
--- a/src/libstrongswan/utils/hashtable.h
+++ b/src/libstrongswan/utils/hashtable.h
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: hashtable.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c
index a40c42c49..484de5e54 100644
--- a/src/libstrongswan/utils/host.c
+++ b/src/libstrongswan/utils/host.c
@@ -14,8 +14,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: host.c 4977 2009-03-19 09:16:03Z martin $
*/
#define _GNU_SOURCE
@@ -34,7 +32,7 @@ typedef struct private_host_t private_host_t;
/**
* Private Data of a host object.
*/
-struct private_host_t {
+struct private_host_t {
/**
* Public data
*/
@@ -81,7 +79,7 @@ static socklen_t *get_sockaddr_len(private_host_t *this)
*/
static bool is_anyaddr(private_host_t *this)
{
- switch (this->address.sa_family)
+ switch (this->address.sa_family)
{
case AF_INET:
{
@@ -100,7 +98,7 @@ static bool is_anyaddr(private_host_t *this)
default:
{
return FALSE;
- }
+ }
}
}
@@ -171,7 +169,7 @@ static chunk_t get_address(private_host_t *this)
{
chunk_t address = chunk_empty;
- switch (this->address.sa_family)
+ switch (this->address.sa_family)
{
case AF_INET:
{
@@ -206,7 +204,7 @@ static int get_family(private_host_t *this)
*/
static u_int16_t get_port(private_host_t *this)
{
- switch (this->address.sa_family)
+ switch (this->address.sa_family)
{
case AF_INET:
{
@@ -342,7 +340,7 @@ static void destroy(private_host_t *this)
}
/**
- * Creates an empty host_t object
+ * Creates an empty host_t object
*/
static private_host_t *host_create_empty(void)
{
@@ -438,9 +436,12 @@ host_t *host_create_from_string(char *string, u_int16_t port)
host_t *host_create_from_dns(char *string, int af, u_int16_t port)
{
private_host_t *this;
- struct hostent host, *ptr;
+ struct hostent *ptr;
+ int ret = 0, err;
+#ifdef HAVE_GETHOSTBYNAME_R
+ struct hostent host;
char buf[512];
- int err, ret;
+#endif
if (streq(string, "%any"))
{
@@ -455,37 +456,49 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port)
/* gethostbyname does not like IPv6 addresses - fallback */
return host_create_from_string(string, port);
}
-
+
+#ifdef HAVE_GETHOSTBYNAME_R
if (af)
- {
+ {
ret = gethostbyname2_r(string, af, &host, buf, sizeof(buf), &ptr, &err);
}
else
{
ret = gethostbyname_r(string, &host, buf, sizeof(buf), &ptr, &err);
}
- if (ret != 0)
+#else
+ /* Some systems (e.g. Mac OS X) do not support gethostbyname_r */
+ if (af)
+ {
+ ptr = gethostbyname2(string, af);
+ }
+ else
{
- DBG1("resolving '%s' failed: %s", string, hstrerror(err));
- return NULL;
+ ptr = gethostbyname(string);
}
if (ptr == NULL)
{
- DBG1("resolving '%s' failed", string);
+ err = h_errno;
+ }
+#endif
+ if (ret != 0 || ptr == NULL)
+ {
+ DBG1("resolving '%s' failed: %s", string, hstrerror(err));
+ return NULL;
}
this = host_create_empty();
- this->address.sa_family = host.h_addrtype;
+ this->address.sa_family = ptr->h_addrtype;
switch (this->address.sa_family)
{
case AF_INET:
memcpy(&this->address4.sin_addr.s_addr,
- host.h_addr_list[0], host.h_length);
+ ptr->h_addr_list[0], ptr->h_length);
this->address4.sin_port = htons(port);
this->socklen = sizeof(struct sockaddr_in);
break;
case AF_INET6:
memcpy(&this->address6.sin6_addr.s6_addr,
- host.h_addr_list[0], host.h_length);
+ ptr->h_addr_list[0], ptr->h_length);
this->address6.sin6_port = htons(port);
this->socklen = sizeof(struct sockaddr_in6);
break;
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index bce6b1cc2..1c04c97ef 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2009 Tobias Brunner
- * Copyright (C) 2005-2008 Martin Willi
+ * Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: identification.c 5036 2009-03-26 13:25:46Z martin $
*/
#define _GNU_SOURCE
@@ -59,110 +57,42 @@ ENUM_NEXT(id_type_names, ID_DER_ASN1_GN_URI, ID_CERT_DER_SHA1, ID_KEY_ID,
ENUM_END(id_type_names, ID_CERT_DER_SHA1);
/**
- * X.501 acronyms for well known object identifiers (OIDs)
- */
-static u_char oid_ND[] = {
- 0x02, 0x82, 0x06, 0x01, 0x0A, 0x07, 0x14
-};
-static u_char oid_UID[] = {
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01
-};
-static u_char oid_DC[] = {
- 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x19
-};
-static u_char oid_CN[] = {
- 0x55, 0x04, 0x03
-};
-static u_char oid_S[] = {
- 0x55, 0x04, 0x04
-};
-static u_char oid_SN[] = {
- 0x55, 0x04, 0x05
-};
-static u_char oid_C[] = {
- 0x55, 0x04, 0x06
-};
-static u_char oid_L[] = {
- 0x55, 0x04, 0x07
-};
-static u_char oid_ST[] = {
- 0x55, 0x04, 0x08
-};
-static u_char oid_O[] = {
- 0x55, 0x04, 0x0A
-};
-static u_char oid_OU[] = {
- 0x55, 0x04, 0x0B
-};
-static u_char oid_T[] = {
- 0x55, 0x04, 0x0C
-};
-static u_char oid_D[] = {
- 0x55, 0x04, 0x0D
-};
-static u_char oid_N[] = {
- 0x55, 0x04, 0x29
-};
-static u_char oid_G[] = {
- 0x55, 0x04, 0x2A
-};
-static u_char oid_I[] = {
- 0x55, 0x04, 0x2B
-};
-static u_char oid_ID[] = {
- 0x55, 0x04, 0x2D
-};
-static u_char oid_EN[] = {
- 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x42, 0x03, 0x01, 0x03
-};
-static u_char oid_E[] = {
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01
-};
-static u_char oid_UN[] = {
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x02
-};
-static u_char oid_TCGID[] = {
- 0x2B, 0x06, 0x01, 0x04, 0x01, 0x89, 0x31, 0x01, 0x01, 0x02, 0x02, 0x4B
-};
-
-/**
* coding of X.501 distinguished name
*/
typedef struct {
const u_char *name;
- chunk_t oid;
+ int oid;
u_char type;
} x501rdn_t;
static const x501rdn_t x501rdns[] = {
- {"ND", {oid_ND, 7}, ASN1_PRINTABLESTRING},
- {"UID", {oid_UID, 10}, ASN1_PRINTABLESTRING},
- {"DC", {oid_DC, 10}, ASN1_PRINTABLESTRING},
- {"CN", {oid_CN, 3}, ASN1_PRINTABLESTRING},
- {"S", {oid_S, 3}, ASN1_PRINTABLESTRING},
- {"SN", {oid_SN, 3}, ASN1_PRINTABLESTRING},
- {"serialNumber", {oid_SN, 3}, ASN1_PRINTABLESTRING},
- {"C", {oid_C, 3}, ASN1_PRINTABLESTRING},
- {"L", {oid_L, 3}, ASN1_PRINTABLESTRING},
- {"ST", {oid_ST, 3}, ASN1_PRINTABLESTRING},
- {"O", {oid_O, 3}, ASN1_PRINTABLESTRING},
- {"OU", {oid_OU, 3}, ASN1_PRINTABLESTRING},
- {"T", {oid_T, 3}, ASN1_PRINTABLESTRING},
- {"D", {oid_D, 3}, ASN1_PRINTABLESTRING},
- {"N", {oid_N, 3}, ASN1_PRINTABLESTRING},
- {"G", {oid_G, 3}, ASN1_PRINTABLESTRING},
- {"I", {oid_I, 3}, ASN1_PRINTABLESTRING},
- {"ID", {oid_ID, 3}, ASN1_PRINTABLESTRING},
- {"EN", {oid_EN, 10}, ASN1_PRINTABLESTRING},
- {"employeeNumber", {oid_EN, 10}, ASN1_PRINTABLESTRING},
- {"E", {oid_E, 9}, ASN1_IA5STRING},
- {"Email", {oid_E, 9}, ASN1_IA5STRING},
- {"emailAddress", {oid_E, 9}, ASN1_IA5STRING},
- {"UN", {oid_UN, 9}, ASN1_IA5STRING},
- {"unstructuredName",{oid_UN, 9}, ASN1_IA5STRING},
- {"TCGID", {oid_TCGID, 12}, ASN1_PRINTABLESTRING}
+ {"ND", OID_NAME_DISTINGUISHER, ASN1_PRINTABLESTRING},
+ {"UID", OID_PILOT_USERID, ASN1_PRINTABLESTRING},
+ {"DC", OID_PILOT_DOMAIN_COMPONENT, ASN1_PRINTABLESTRING},
+ {"CN", OID_COMMON_NAME, ASN1_PRINTABLESTRING},
+ {"S", OID_SURNAME, ASN1_PRINTABLESTRING},
+ {"SN", OID_SERIAL_NUMBER, ASN1_PRINTABLESTRING},
+ {"serialNumber", OID_SERIAL_NUMBER, ASN1_PRINTABLESTRING},
+ {"C", OID_COUNTRY, ASN1_PRINTABLESTRING},
+ {"L", OID_LOCALITY, ASN1_PRINTABLESTRING},
+ {"ST", OID_STATE_OR_PROVINCE, ASN1_PRINTABLESTRING},
+ {"O", OID_ORGANIZATION, ASN1_PRINTABLESTRING},
+ {"OU", OID_ORGANIZATION_UNIT, ASN1_PRINTABLESTRING},
+ {"T", OID_TITLE, ASN1_PRINTABLESTRING},
+ {"D", OID_DESCRIPTION, ASN1_PRINTABLESTRING},
+ {"N", OID_NAME, ASN1_PRINTABLESTRING},
+ {"G", OID_GIVEN_NAME, ASN1_PRINTABLESTRING},
+ {"I", OID_INITIALS, ASN1_PRINTABLESTRING},
+ {"ID", OID_UNIQUE_IDENTIFIER, ASN1_PRINTABLESTRING},
+ {"EN", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING},
+ {"employeeNumber", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING},
+ {"E", OID_EMAIL_ADDRESS, ASN1_IA5STRING},
+ {"Email", OID_EMAIL_ADDRESS, ASN1_IA5STRING},
+ {"emailAddress", OID_EMAIL_ADDRESS, ASN1_IA5STRING},
+ {"UN", OID_UNSTRUCTURED_NAME, ASN1_IA5STRING},
+ {"unstructuredName",OID_UNSTRUCTURED_NAME, ASN1_IA5STRING},
+ {"TCGID", OID_TCGID, ASN1_PRINTABLESTRING}
};
-#define X501_RDN_ROOF 26
/**
* maximum number of RDNs in atodn()
@@ -208,34 +138,22 @@ static void update_chunk(chunk_t *ch, int n)
* Remove any malicious characters from a chunk. We are very restrictive, but
* whe use these strings only to present it to the user.
*/
-static chunk_t sanitize_chunk(chunk_t chunk)
+static bool sanitize_chunk(chunk_t chunk, chunk_t *clone)
{
char *pos;
- chunk_t clone = chunk_clone(chunk);
+ bool all_printable = TRUE;
+
+ *clone = chunk_clone(chunk);
- for (pos = clone.ptr; pos < (char*)(clone.ptr + clone.len); pos++)
+ for (pos = clone->ptr; pos < (char*)(clone->ptr + clone->len); pos++)
{
- switch (*pos)
+ if (!isprint(*pos))
{
- case '\0':
- case ' ':
- case '*':
- case '-':
- case '.':
- case '/':
- case '0' ... '9':
- case ':':
- case '=':
- case '@':
- case 'A' ... 'Z':
- case '_':
- case 'a' ... 'z':
- break;
- default:
- *pos = '?';
+ *pos = '?';
+ all_printable = FALSE;
}
}
- return clone;
+ return all_printable;
}
/**
@@ -272,14 +190,15 @@ static bool init_rdn(chunk_t dn, chunk_t *rdn, chunk_t *attribute, bool *next)
/**
* Fetches the next RDN in a DN
*/
-static bool get_next_rdn(chunk_t *rdn, chunk_t * attribute, chunk_t *oid, chunk_t *value, asn1_t *type, bool *next)
+static bool get_next_rdn(chunk_t *rdn, chunk_t * attribute, chunk_t *oid,
+ chunk_t *value, asn1_t *type, bool *next)
{
chunk_t body;
-
+
/* initialize return values */
*oid = chunk_empty;
*value = chunk_empty;
-
+
/* if all attributes have been parsed, get next rdn */
if (attribute->len <= 0)
{
@@ -371,19 +290,19 @@ static bool dntoa(chunk_t dn, chunk_t *str)
int oid_code;
bool next;
bool first = TRUE;
-
+
if (!init_rdn(dn, &rdn, &attribute, &next))
{
return FALSE;
}
-
+
while (next)
{
if (!get_next_rdn(&rdn, &attribute, &oid, &value, &type, &next))
{
return FALSE;
}
-
+
if (first)
{ /* first OID/value pair */
first = FALSE;
@@ -392,7 +311,7 @@ static bool dntoa(chunk_t dn, chunk_t *str)
{ /* separate OID/value pair by a comma */
update_chunk(str, snprintf(str->ptr,str->len,", "));
}
-
+
/* print OID */
oid_code = asn1_known_oid(oid);
if (oid_code == OID_UNKNOWN)
@@ -404,7 +323,7 @@ static bool dntoa(chunk_t dn, chunk_t *str)
update_chunk(str, snprintf(str->ptr,str->len,"%s", oid_names[oid_code].name));
}
/* print value */
- proper = sanitize_chunk(value);
+ sanitize_chunk(value, &proper);
update_chunk(str, snprintf(str->ptr,str->len,"=%.*s", (int)proper.len, proper.ptr));
chunk_free(&proper);
}
@@ -421,7 +340,7 @@ static bool same_dn(chunk_t a, chunk_t b)
chunk_t oid_a, oid_b, value_a, value_b;
asn1_t type_a, type_b;
bool next_a, next_b;
-
+
/* same lengths for the DNs */
if (a.len != b.len)
{
@@ -438,7 +357,7 @@ static bool same_dn(chunk_t a, chunk_t b)
{
return FALSE;
}
-
+
/* fetch next RDN pair */
while (next_a && next_b)
{
@@ -448,19 +367,19 @@ static bool same_dn(chunk_t a, chunk_t b)
{
return FALSE;
}
-
+
/* OIDs must agree */
if (oid_a.len != oid_b.len || !memeq(oid_a.ptr, oid_b.ptr, oid_b.len))
{
return FALSE;
}
-
+
/* same lengths for values */
if (value_a.len != value_b.len)
{
return FALSE;
}
-
+
/* printableStrings and email RDNs require uppercase comparison */
if (type_a == type_b && (type_a == ASN1_PRINTABLESTRING ||
(type_a == ASN1_IA5STRING && asn1_known_oid(oid_a) == OID_PKCS9_EMAIL)))
@@ -499,17 +418,17 @@ bool match_dn(chunk_t a, chunk_t b, int *wildcards)
chunk_t oid_a, oid_b, value_a, value_b;
asn1_t type_a, type_b;
bool next_a, next_b;
-
+
/* initialize wildcard counter */
*wildcards = 0;
-
+
/* initialize DN parsing */
if (!init_rdn(a, &rdn_a, &attribute_a, &next_a) ||
!init_rdn(b, &rdn_b, &attribute_b, &next_b))
{
return FALSE;
}
-
+
/* fetch next RDN pair */
while (next_a && next_b)
{
@@ -524,7 +443,7 @@ bool match_dn(chunk_t a, chunk_t b, int *wildcards)
{
return FALSE;
}
-
+
/* does rdn_b contain a wildcard? */
if (value_b.len == 1 && *value_b.ptr == '*')
{
@@ -536,7 +455,7 @@ bool match_dn(chunk_t a, chunk_t b, int *wildcards)
{
return FALSE;
}
-
+
/* printableStrings and email RDNs require uppercase comparison */
if (type_a == type_b && (type_a == ASN1_PRINTABLESTRING ||
(type_a == ASN1_IA5STRING && asn1_known_oid(oid_a) == OID_PKCS9_EMAIL)))
@@ -609,15 +528,18 @@ static status_t atodn(char *src, chunk_t *dn)
}
else
{
- for (i = 0; i < X501_RDN_ROOF; i++)
+ bool found = FALSE;
+
+ for (i = 0; i < countof(x501rdns); i++)
{
- if (strlen(x501rdns[i].name) == oid.len
- && strncasecmp(x501rdns[i].name, oid.ptr, oid.len) == 0)
+ if (strlen(x501rdns[i].name) == oid.len &&
+ strncasecmp(x501rdns[i].name, oid.ptr, oid.len) == 0)
{
- break; /* found a valid OID */
+ found = TRUE;
+ break;
}
}
- if (i == X501_RDN_ROOF)
+ if (!found)
{
status = NOT_SUPPORTED;
state = UNKNOWN_OID;
@@ -655,14 +577,24 @@ static status_t atodn(char *src, chunk_t *dn)
if (rdn_count < RDN_MAX)
{
- rdns[rdn_count] =
- asn1_wrap(ASN1_SET, "m",
- asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_wrap(ASN1_OID, "c", x501rdns[i].oid),
- asn1_wrap(rdn_type, "c", name)
- )
- );
- dn_len += rdns[rdn_count++].len;
+ chunk_t rdn_oid;
+
+ rdn_oid = asn1_build_known_oid(x501rdns[i].oid);
+ if (rdn_oid.len)
+ {
+ rdns[rdn_count] =
+ asn1_wrap(ASN1_SET, "m",
+ asn1_wrap(ASN1_SEQUENCE, "mm",
+ rdn_oid,
+ asn1_wrap(rdn_type, "c", name)
+ )
+ );
+ dn_len += rdns[rdn_count++].len;
+ }
+ else
+ {
+ status = INVALID_ARG;
+ }
}
else
{
@@ -677,12 +609,12 @@ static status_t atodn(char *src, chunk_t *dn)
break;
}
} while (*src++ != '\0');
-
+
/* build the distinguished name sequence */
- {
+ {
int i;
u_char *pos = asn1_build_object(dn, ASN1_SEQUENCE, dn_len);
-
+
for (i = 0; i < rdn_count; i++)
{
memcpy(pos, rdns[i].ptr, rdns[i].len);
@@ -690,7 +622,7 @@ static status_t atodn(char *src, chunk_t *dn)
free(rdns[i].ptr);
}
}
-
+
if (status != SUCCESS)
{
free(dn->ptr);
@@ -945,9 +877,8 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
case ID_FQDN:
case ID_RFC822_ADDR:
case ID_DER_ASN1_GN_URI:
- case ID_EAP:
case ID_IETF_ATTR_STRING:
- proper = sanitize_chunk(this->encoded);
+ sanitize_chunk(this->encoded, &proper);
snprintf(buf, sizeof(buf), "%.*s", proper.len, proper.ptr);
chunk_free(&proper);
break;
@@ -961,6 +892,16 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
snprintf(buf, sizeof(buf), "(ASN.1 general Name");
break;
case ID_KEY_ID:
+ if (sanitize_chunk(this->encoded, &proper))
+ { /* fully printable, use ascii version */
+ snprintf(buf, sizeof(buf), "%.*s", proper.len, proper.ptr);
+ }
+ else
+ { /* not printable, hex dump */
+ snprintf(buf, sizeof(buf), "%#B", &this->encoded);
+ }
+ chunk_free(&proper);
+ break;
case ID_PUBKEY_INFO_SHA1:
case ID_PUBKEY_SHA1:
case ID_CERT_DER_SHA1:
@@ -978,6 +919,124 @@ int identification_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec,
}
/**
+ * Enumerator over RDNs
+ */
+typedef struct {
+ /* implements enumerator interface */
+ enumerator_t public;
+ /* current RDN */
+ chunk_t rdn;
+ /* current attribute */
+ chunk_t attr;
+ /** have another RDN? */
+ bool next;
+} rdn_enumerator_t;
+
+/**
+ * Implementation of rdn_enumerator_t.enumerate
+ */
+static bool rdn_enumerate(rdn_enumerator_t *this,
+ id_part_t *type, chunk_t *data)
+{
+ chunk_t oid, value;
+ asn1_t asn1_type;
+
+ while (this->next)
+ {
+ if (!get_next_rdn(&this->rdn, &this->attr, &oid,
+ &value, &asn1_type, &this->next))
+ {
+ return FALSE;
+ }
+ switch (asn1_known_oid(oid))
+ {
+ case OID_COMMON_NAME:
+ *type = ID_PART_RDN_CN;
+ break;
+ case OID_SURNAME:
+ *type = ID_PART_RDN_S;
+ break;
+ case OID_SERIAL_NUMBER:
+ *type = ID_PART_RDN_SN;
+ break;
+ case OID_COUNTRY:
+ *type = ID_PART_RDN_C;
+ break;
+ case OID_LOCALITY:
+ *type = ID_PART_RDN_L;
+ break;
+ case OID_STATE_OR_PROVINCE:
+ *type = ID_PART_RDN_ST;
+ break;
+ case OID_ORGANIZATION:
+ *type = ID_PART_RDN_O;
+ break;
+ case OID_ORGANIZATION_UNIT:
+ *type = ID_PART_RDN_OU;
+ break;
+ case OID_TITLE:
+ *type = ID_PART_RDN_T;
+ break;
+ case OID_DESCRIPTION:
+ *type = ID_PART_RDN_D;
+ break;
+ case OID_NAME:
+ *type = ID_PART_RDN_N;
+ break;
+ case OID_GIVEN_NAME:
+ *type = ID_PART_RDN_G;
+ break;
+ case OID_INITIALS:
+ *type = ID_PART_RDN_I;
+ break;
+ case OID_UNIQUE_IDENTIFIER:
+ *type = ID_PART_RDN_ID;
+ break;
+ case OID_EMAIL_ADDRESS:
+ *type = ID_PART_RDN_E;
+ break;
+ case OID_EMPLOYEE_NUMBER:
+ *type = ID_PART_RDN_EN;
+ break;
+ default:
+ continue;
+ }
+ *data = value;
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ * Implementation of identification_t.create_part_enumerator
+ */
+static enumerator_t* create_part_enumerator(private_identification_t *this)
+{
+ switch (this->type)
+ {
+ case ID_DER_ASN1_DN:
+ {
+ rdn_enumerator_t *e = malloc_thing(rdn_enumerator_t);
+
+ e->public.enumerate = (void*)rdn_enumerate;
+ e->public.destroy = (void*)free;
+ if (init_rdn(this->encoded, &e->rdn, &e->attr, &e->next))
+ {
+ return &e->public;
+ }
+ free(e);
+ /* FALL */
+ }
+ case ID_RFC822_ADDR:
+ /* TODO */
+ case ID_FQDN:
+ /* TODO */
+ default:
+ return enumerator_create_empty();
+ }
+}
+
+/**
* Implementation of identification_t.clone.
*/
static identification_t *clone_(private_identification_t *this)
@@ -1014,6 +1073,7 @@ static private_identification_t *identification_create(void)
this->public.get_encoding = (chunk_t (*) (identification_t*))get_encoding;
this->public.get_type = (id_type_t (*) (identification_t*))get_type;
this->public.contains_wildcards = (bool (*) (identification_t *this))contains_wildcards;
+ this->public.create_part_enumerator = (enumerator_t*(*)(identification_t*))create_part_enumerator;
this->public.clone = (identification_t* (*) (identification_t*))clone_;
this->public.destroy = (void (*) (identification_t*))destroy;
/* we use these as defaults, the may be overloaded for special ID types */
@@ -1043,8 +1103,9 @@ identification_t *identification_create_from_string(char *string)
*/
if (atodn(string, &this->encoded) != SUCCESS)
{
- free(this);
- return NULL;
+ this->type = ID_KEY_ID;
+ this->encoded = chunk_clone(chunk_create(string, strlen(string)));
+ return &this->public;
}
this->type = ID_DER_ASN1_DN;
this->public.equals = (bool (*) (identification_t*,identification_t*))equals_dn;
@@ -1084,11 +1145,11 @@ identification_t *identification_create_from_string(char *string)
(identification_t*,identification_t*))matches_string;
this->public.equals = (bool (*)
(identification_t*,identification_t*))equals_strcasecmp;
- return &(this->public);
+ return &this->public;
}
this->encoded = chunk_clone(chunk);
this->type = ID_IPV4_ADDR;
- return &(this->public);
+ return &this->public;
}
else
{
@@ -1098,12 +1159,14 @@ identification_t *identification_create_from_string(char *string)
if (inet_pton(AF_INET6, string, &address) <= 0)
{
- free(this);
- return NULL;
+ this->type = ID_KEY_ID;
+ this->encoded = chunk_clone(chunk_create(string,
+ strlen(string)));
+ return &this->public;
}
this->encoded = chunk_clone(chunk);
this->type = ID_IPV6_ADDR;
- return &(this->public);
+ return &this->public;
}
}
}
@@ -1117,7 +1180,7 @@ identification_t *identification_create_from_string(char *string)
this->type = ID_KEY_ID;
this->encoded = chunk_from_hex(
chunk_create(string, strlen(string)), NULL);
- return &(this->public);
+ return &this->public;
}
else
{
@@ -1128,7 +1191,7 @@ identification_t *identification_create_from_string(char *string)
(identification_t*,identification_t*))matches_string;
this->public.equals = (bool (*)
(identification_t*,identification_t*))equals_strcasecmp;
- return &(this->public);
+ return &this->public;
}
}
else
@@ -1140,7 +1203,7 @@ identification_t *identification_create_from_string(char *string)
(identification_t*,identification_t*))matches_string;
this->public.equals = (bool (*)
(identification_t*,identification_t*))equals_strcasecmp;
- return &(this->public);
+ return &this->public;
}
}
}
@@ -1180,7 +1243,6 @@ identification_t *identification_create_from_encoding(id_type_t type, chunk_t en
case ID_PUBKEY_INFO_SHA1:
case ID_PUBKEY_SHA1:
case ID_CERT_DER_SHA1:
- case ID_EAP:
case ID_IETF_ATTR_STRING:
default:
break;
diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h
index 2284b7b46..dc0aec18e 100644
--- a/src/libstrongswan/utils/identification.h
+++ b/src/libstrongswan/utils/identification.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2009 Tobias Brunner
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005-2009 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: identification.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -29,6 +27,7 @@
typedef enum id_type_t id_type_t;
typedef struct identification_t identification_t;
typedef enum id_match_t id_match_t;
+typedef enum id_part_t id_part_t;
#include <library.h>
@@ -80,7 +79,8 @@ enum id_type_t {
* An example of an ID_RFC822_ADDR is "jsmith@example.com".
* The string MUST NOT contain any terminators.
*/
- ID_RFC822_ADDR = 3,
+ ID_USER_FQDN = 3, /* IKEv1 only */
+ ID_RFC822_ADDR = 3, /* IKEv2 only */
/**
* ID data is an IPv4 subnet (IKEv1 only)
@@ -143,16 +143,16 @@ enum id_type_t {
* SHA1 hash of the binary DER encoding of a certificate
*/
ID_CERT_DER_SHA1 = 204,
-
+
/**
- * Generic EAP identity
+ * IETF Attribute Syntax String (RFC 3281)
*/
- ID_EAP = 205,
+ ID_IETF_ATTR_STRING = 205,
/**
- * IETF Attribute Syntax String (RFC 3281)
+ * Private ID used by the pluto daemon for opportunistic encryption
*/
- ID_IETF_ATTR_STRING = 206,
+ ID_MYID = 206,
};
/**
@@ -161,6 +161,56 @@ enum id_type_t {
extern enum_name_t *id_type_names;
/**
+ * Type of an ID sub part.
+ */
+enum id_part_t {
+ /** Username part of an RFC822_ADDR */
+ ID_PART_USERNAME,
+ /** Domain part of an RFC822_ADDR */
+ ID_PART_DOMAIN,
+
+ /** Top-Level domain of a FQDN */
+ ID_PART_TLD,
+ /** Second-Level domain of a FQDN */
+ ID_PART_SLD,
+ /** Another Level domain of a FQDN */
+ ID_PART_ALD,
+
+ /** Country RDN of a DN */
+ ID_PART_RDN_C,
+ /** CommonName RDN of a DN */
+ ID_PART_RDN_CN,
+ /** Description RDN of a DN */
+ ID_PART_RDN_D,
+ /** Email RDN of a DN */
+ ID_PART_RDN_E,
+ /** EmployeeNumber RDN of a DN */
+ ID_PART_RDN_EN,
+ /** GivenName RDN of a DN */
+ ID_PART_RDN_G,
+ /** Initials RDN of a DN */
+ ID_PART_RDN_I,
+ /** UniqueIdentifier RDN of a DN */
+ ID_PART_RDN_ID,
+ /** Locality RDN of a DN */
+ ID_PART_RDN_L,
+ /** Name RDN of a DN */
+ ID_PART_RDN_N,
+ /** Organization RDN of a DN */
+ ID_PART_RDN_O,
+ /** OrganizationUnit RDN of a DN */
+ ID_PART_RDN_OU,
+ /** Surname RDN of a DN */
+ ID_PART_RDN_S,
+ /** SerialNumber RDN of a DN */
+ ID_PART_RDN_SN,
+ /** StateOrProvince RDN of a DN */
+ ID_PART_RDN_ST,
+ /** Title RDN of a DN */
+ ID_PART_RDN_T,
+};
+
+/**
* Generic identification, such as used in ID payload.
*
* @todo Support for ID_DER_ASN1_GN is minimal right now. Comparison
@@ -225,6 +275,19 @@ struct identification_t {
bool (*contains_wildcards) (identification_t *this);
/**
+ * Create an enumerator over subparts of an identity.
+ *
+ * Some identities are built from several parts, e.g. an E-Mail consists
+ * of a username and a domain part, or a DistinguishedName contains several
+ * RDNs.
+ * For identity without subtypes (support), an empty enumerator is
+ * returned.
+ *
+ * @return an enumerator over (id_part_t type, chunk_t data)
+ */
+ enumerator_t* (*create_part_enumerator)(identification_t *this);
+
+ /**
* Clone a identification_t instance.
*
* @return clone of this
@@ -257,16 +320,16 @@ struct identification_t {
* N, G, I, ID, EN, EmployeeNumber, E, Email, emailAddress, UN,
* unstructuredName, TCGID.
*
+ * This constructor never returns NULL. If it does not find a suitable
+ * conversion function, it will copy the string to an ID_KEY_ID.
+ *
* @param string input string, which will be converted
- * @return created identification_t, NULL if not supported.
+ * @return identification_t
*/
identification_t * identification_create_from_string(char *string);
/**
* Creates an identification_t object from an encoded chunk.
- *
- * In contrast to identification_create_from_string(), this constructor never
- * returns NULL, even when the conversion to a string representation fails.
*
* @param type type of this id, such as ID_IPV4_ADDR
* @param encoded encoded bytes, such as from identification_t.get_encoding
diff --git a/src/libstrongswan/utils/iterator.h b/src/libstrongswan/utils/iterator.h
index 02eb1b9c0..1dbf01539 100644
--- a/src/libstrongswan/utils/iterator.h
+++ b/src/libstrongswan/utils/iterator.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: iterator.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index 0e0866fec..2cac3b458 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: leak_detective.c 4936 2009-03-12 18:07:32Z tobias $
*/
#define _GNU_SOURCE
@@ -202,6 +200,11 @@ char *whitelist[] = {
"DH_new_method",
"ENGINE_load_builtin_engines",
"OPENSSL_config",
+ /* libgcrypt */
+ "gcry_control",
+ "gcry_check_version",
+ "gcry_randomize",
+ "gcry_create_nonce",
};
/**
diff --git a/src/libstrongswan/utils/lexparser.c b/src/libstrongswan/utils/lexparser.c
index 5725df1ea..2472f6751 100644
--- a/src/libstrongswan/utils/lexparser.c
+++ b/src/libstrongswan/utils/lexparser.c
@@ -10,8 +10,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: lexparser.c 4877 2009-02-18 09:45:54Z martin $
*/
#include "lexparser.h"
diff --git a/src/libstrongswan/utils/lexparser.h b/src/libstrongswan/utils/lexparser.h
index 6ae970e1e..7e2edb278 100644
--- a/src/libstrongswan/utils/lexparser.h
+++ b/src/libstrongswan/utils/lexparser.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: lexparser.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/utils/linked_list.c b/src/libstrongswan/utils/linked_list.c
index bfe30b0df..a45468cca 100644
--- a/src/libstrongswan/utils/linked_list.c
+++ b/src/libstrongswan/utils/linked_list.c
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: linked_list.c 4936 2009-03-12 18:07:32Z tobias $
*/
#include <stdlib.h>
diff --git a/src/libstrongswan/utils/linked_list.h b/src/libstrongswan/utils/linked_list.h
index aa603fefa..8b2de9083 100644
--- a/src/libstrongswan/utils/linked_list.h
+++ b/src/libstrongswan/utils/linked_list.h
@@ -13,8 +13,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: linked_list.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
@@ -27,7 +25,6 @@
typedef struct linked_list_t linked_list_t;
-#include <library.h>
#include <utils/iterator.h>
#include <utils/enumerator.h>
diff --git a/src/libstrongswan/utils/mutex.c b/src/libstrongswan/utils/mutex.c
index ba4b72b0c..8b3a25201 100644
--- a/src/libstrongswan/utils/mutex.c
+++ b/src/libstrongswan/utils/mutex.c
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: mutex.c 4803 2008-12-15 09:13:43Z martin $
*/
#define _GNU_SOURCE
@@ -315,7 +313,7 @@ mutex_t *mutex_create(mutex_type_t type)
/**
* Implementation of condvar_t.wait.
*/
-static void wait(private_condvar_t *this, private_mutex_t *mutex)
+static void _wait(private_condvar_t *this, private_mutex_t *mutex)
{
if (mutex->recursive)
{
@@ -389,7 +387,7 @@ static bool timed_wait(private_condvar_t *this, private_mutex_t *mutex,
/**
* Implementation of condvar_t.signal.
*/
-static void signal(private_condvar_t *this)
+static void _signal(private_condvar_t *this)
{
pthread_cond_signal(&this->condvar);
}
@@ -423,10 +421,10 @@ condvar_t *condvar_create(condvar_type_t type)
{
private_condvar_t *this = malloc_thing(private_condvar_t);
- this->public.wait = (void(*)(condvar_t*, mutex_t *mutex))wait;
+ this->public.wait = (void(*)(condvar_t*, mutex_t *mutex))_wait;
this->public.timed_wait = (bool(*)(condvar_t*, mutex_t *mutex, u_int timeout))timed_wait;
this->public.timed_wait_abs = (bool(*)(condvar_t*, mutex_t *mutex, timeval_t time))timed_wait_abs;
- this->public.signal = (void(*)(condvar_t*))signal;
+ this->public.signal = (void(*)(condvar_t*))_signal;
this->public.broadcast = (void(*)(condvar_t*))broadcast;
this->public.destroy = (void(*)(condvar_t*))condvar_destroy;
diff --git a/src/libstrongswan/utils/mutex.h b/src/libstrongswan/utils/mutex.h
index 46c939fb8..c5c667992 100644
--- a/src/libstrongswan/utils/mutex.h
+++ b/src/libstrongswan/utils/mutex.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: mutex.h 5003 2009-03-24 17:43:01Z martin $
*/
/**
diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c
index 18427e197..bf47e6b98 100644
--- a/src/libstrongswan/utils/optionsfrom.c
+++ b/src/libstrongswan/utils/optionsfrom.c
@@ -11,8 +11,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
* License for more details.
- *
- * $Id: optionsfrom.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stdio.h>
diff --git a/src/libstrongswan/utils/optionsfrom.h b/src/libstrongswan/utils/optionsfrom.h
index 9372971ca..05269f4f5 100644
--- a/src/libstrongswan/utils/optionsfrom.h
+++ b/src/libstrongswan/utils/optionsfrom.h
@@ -12,8 +12,6 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
- *
- * $Id: optionsfrom.h 5003 2009-03-24 17:43:01Z martin $
*/
/**