diff options
Diffstat (limited to 'src/libstrongswan')
239 files changed, 11813 insertions, 4354 deletions
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index 259f0a375..d33bee6c7 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -12,6 +12,7 @@ printf_hook.c printf_hook.h \ asn1/asn1.c asn1/asn1.h \ asn1/asn1_parser.c asn1/asn1_parser.h \ asn1/oid.c asn1/oid.h \ +bio/bio_reader.h bio/bio_reader.c bio/bio_writer.h bio/bio_writer.c \ crypto/crypters/crypter.c crypto/crypters/crypter.h \ crypto/hashers/hasher.h crypto/hashers/hasher.c \ crypto/pkcs9.c crypto/pkcs9.h \ @@ -46,12 +47,14 @@ credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ credentials/sets/mem_cred.c credentials/sets/mem_cred.h \ credentials/sets/callback_cred.c credentials/sets/callback_cred.h \ credentials/auth_cfg.c credentials/auth_cfg.h credentials/credential_set.h \ -credentials/cert_validator.h \ -database/database.h database/database_factory.h database/database_factory.c \ +credentials/cert_validator.h database/database.h database/database.c \ +database/database_factory.h database/database_factory.c \ fetcher/fetcher.h fetcher/fetcher.c fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ eap/eap.h eap/eap.c \ +pen/pen.h pen/pen.c \ plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h \ -processing/jobs/job.h \ +plugins/plugin_feature.c plugins/plugin_feature.h \ +processing/jobs/job.h processing/jobs/job.c \ processing/jobs/callback_job.c processing/jobs/callback_job.h \ processing/processor.c processing/processor.h \ processing/scheduler.c processing/scheduler.h \ @@ -64,7 +67,6 @@ threading/lock_profiler.h \ utils.h utils.c \ utils/host.c utils/host.h \ utils/identification.c utils/identification.h \ -utils/iterator.h \ utils/lexparser.c utils/lexparser.h \ utils/linked_list.c utils/linked_list.h \ utils/hashtable.c utils/hashtable.h \ @@ -102,6 +104,8 @@ LOCAL_SRC_FILES += $(call add_plugin, pem) LOCAL_SRC_FILES += $(call add_plugin, pkcs1) +LOCAL_SRC_FILES += $(call add_plugin, pkcs11) + LOCAL_SRC_FILES += $(call add_plugin, pubkey) LOCAL_SRC_FILES += $(call add_plugin, random) @@ -124,6 +128,8 @@ LOCAL_CFLAGS := $(strongswan_CFLAGS) \ LOCAL_MODULE := libstrongswan +LOCAL_MODULE_TAGS := optional + LOCAL_ARM_MODE := arm LOCAL_PRELINK_MODULE := false diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index b6c70daea..7bb0812bd 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -1,4 +1,4 @@ -lib_LTLIBRARIES = libstrongswan.la +ipseclib_LTLIBRARIES = libstrongswan.la libstrongswan_la_SOURCES = \ library.c library.h \ @@ -10,6 +10,7 @@ printf_hook.c printf_hook.h \ asn1/asn1.c asn1/asn1.h \ asn1/asn1_parser.c asn1/asn1_parser.h \ asn1/oid.c asn1/oid.h \ +bio/bio_reader.h bio/bio_reader.c bio/bio_writer.h bio/bio_writer.c \ crypto/crypters/crypter.c crypto/crypters/crypter.h \ crypto/hashers/hasher.h crypto/hashers/hasher.c \ crypto/pkcs9.c crypto/pkcs9.h \ @@ -44,12 +45,14 @@ credentials/sets/cert_cache.c credentials/sets/cert_cache.h \ credentials/sets/mem_cred.c credentials/sets/mem_cred.h \ credentials/sets/callback_cred.c credentials/sets/callback_cred.h \ credentials/auth_cfg.c credentials/auth_cfg.h credentials/credential_set.h \ -credentials/cert_validator.h \ -database/database.h database/database_factory.h database/database_factory.c \ +credentials/cert_validator.h database/database.h database/database.c \ +database/database_factory.h database/database_factory.c \ fetcher/fetcher.h fetcher/fetcher.c fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ eap/eap.h eap/eap.c \ +pen/pen.h pen/pen.c \ plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h \ -processing/jobs/job.h \ +plugins/plugin_feature.c plugins/plugin_feature.h \ +processing/jobs/job.h processing/jobs/job.c \ processing/jobs/callback_job.c processing/jobs/callback_job.h \ processing/processor.c processing/processor.h \ processing/scheduler.c processing/scheduler.h \ @@ -62,7 +65,6 @@ threading/lock_profiler.h \ utils.h utils.c \ utils/host.c utils/host.h \ utils/identification.c utils/identification.h \ -utils/iterator.h \ utils/lexparser.c utils/lexparser.h \ utils/linked_list.c utils/linked_list.h \ utils/hashtable.c utils/hashtable.h \ @@ -78,6 +80,7 @@ libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = \ -DIPSEC_DIR=\"${ipsecdir}\" \ +-DIPSEC_LIB_DIR=\"${ipseclibdir}\" \ -DPLUGINDIR=\"${plugindir}\" \ -DSTRONGSWAN_CONF=\"${strongswan_conf}\" @@ -212,6 +215,13 @@ if MONOLITHIC endif endif +if USE_CMAC + SUBDIRS += plugins/cmac +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/cmac/libstrongswan-cmac.la +endif +endif + if USE_XCBC SUBDIRS += plugins/xcbc if MONOLITHIC @@ -254,6 +264,13 @@ if MONOLITHIC endif endif +if USE_PKCS8 + SUBDIRS += plugins/pkcs8 +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/pkcs8/libstrongswan-pkcs8.la +endif +endif + if USE_PGP SUBDIRS += plugins/pgp if MONOLITHIC diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index c9ae8992e..68c83a5aa 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -66,54 +66,58 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_26 = plugins/random/libstrongswan-random.la @USE_HMAC_TRUE@am__append_27 = plugins/hmac @MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_28 = plugins/hmac/libstrongswan-hmac.la -@USE_XCBC_TRUE@am__append_29 = plugins/xcbc -@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_30 = plugins/xcbc/libstrongswan-xcbc.la -@USE_X509_TRUE@am__append_31 = plugins/x509 -@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_32 = plugins/x509/libstrongswan-x509.la -@USE_REVOCATION_TRUE@am__append_33 = plugins/revocation -@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_34 = plugins/revocation/libstrongswan-revocation.la -@USE_CONSTRAINTS_TRUE@am__append_35 = plugins/constraints -@MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE@am__append_36 = plugins/constraints/libstrongswan-constraints.la -@USE_PUBKEY_TRUE@am__append_37 = plugins/pubkey -@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_38 = plugins/pubkey/libstrongswan-pubkey.la -@USE_PKCS1_TRUE@am__append_39 = plugins/pkcs1 -@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_40 = plugins/pkcs1/libstrongswan-pkcs1.la -@USE_PGP_TRUE@am__append_41 = plugins/pgp -@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_42 = plugins/pgp/libstrongswan-pgp.la -@USE_DNSKEY_TRUE@am__append_43 = plugins/dnskey -@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_44 = plugins/dnskey/libstrongswan-dnskey.la -@USE_PEM_TRUE@am__append_45 = plugins/pem -@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_46 = plugins/pem/libstrongswan-pem.la -@USE_CURL_TRUE@am__append_47 = plugins/curl -@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_48 = plugins/curl/libstrongswan-curl.la -@USE_SOUP_TRUE@am__append_49 = plugins/soup -@MONOLITHIC_TRUE@@USE_SOUP_TRUE@am__append_50 = plugins/soup/libstrongswan-soup.la -@USE_LDAP_TRUE@am__append_51 = plugins/ldap -@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_52 = plugins/ldap/libstrongswan-ldap.la -@USE_MYSQL_TRUE@am__append_53 = plugins/mysql -@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_54 = plugins/mysql/libstrongswan-mysql.la -@USE_SQLITE_TRUE@am__append_55 = plugins/sqlite -@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_56 = plugins/sqlite/libstrongswan-sqlite.la -@USE_PADLOCK_TRUE@am__append_57 = plugins/padlock -@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_58 = plugins/padlock/libstrongswan-padlock.la -@USE_OPENSSL_TRUE@am__append_59 = plugins/openssl -@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_60 = plugins/openssl/libstrongswan-openssl.la -@USE_GCRYPT_TRUE@am__append_61 = plugins/gcrypt -@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_62 = plugins/gcrypt/libstrongswan-gcrypt.la -@USE_FIPS_PRF_TRUE@am__append_63 = plugins/fips_prf -@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_64 = plugins/fips_prf/libstrongswan-fips-prf.la -@USE_AGENT_TRUE@am__append_65 = plugins/agent -@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_66 = plugins/agent/libstrongswan-agent.la -@USE_PKCS11_TRUE@am__append_67 = plugins/pkcs11 -@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_68 = plugins/pkcs11/libstrongswan-pkcs11.la -@USE_CTR_TRUE@am__append_69 = plugins/ctr -@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_70 = plugins/ctr/libstrongswan-ctr.la -@USE_CCM_TRUE@am__append_71 = plugins/ccm -@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_72 = plugins/ccm/libstrongswan-ccm.la -@USE_GCM_TRUE@am__append_73 = plugins/gcm -@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_74 = plugins/gcm/libstrongswan-gcm.la -@USE_TEST_VECTORS_TRUE@am__append_75 = plugins/test_vectors -@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_76 = plugins/test_vectors/libstrongswan-test-vectors.la +@USE_CMAC_TRUE@am__append_29 = plugins/cmac +@MONOLITHIC_TRUE@@USE_CMAC_TRUE@am__append_30 = plugins/cmac/libstrongswan-cmac.la +@USE_XCBC_TRUE@am__append_31 = plugins/xcbc +@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_32 = plugins/xcbc/libstrongswan-xcbc.la +@USE_X509_TRUE@am__append_33 = plugins/x509 +@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_34 = plugins/x509/libstrongswan-x509.la +@USE_REVOCATION_TRUE@am__append_35 = plugins/revocation +@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_36 = plugins/revocation/libstrongswan-revocation.la +@USE_CONSTRAINTS_TRUE@am__append_37 = plugins/constraints +@MONOLITHIC_TRUE@@USE_CONSTRAINTS_TRUE@am__append_38 = plugins/constraints/libstrongswan-constraints.la +@USE_PUBKEY_TRUE@am__append_39 = plugins/pubkey +@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_40 = plugins/pubkey/libstrongswan-pubkey.la +@USE_PKCS1_TRUE@am__append_41 = plugins/pkcs1 +@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_42 = plugins/pkcs1/libstrongswan-pkcs1.la +@USE_PKCS8_TRUE@am__append_43 = plugins/pkcs8 +@MONOLITHIC_TRUE@@USE_PKCS8_TRUE@am__append_44 = plugins/pkcs8/libstrongswan-pkcs8.la +@USE_PGP_TRUE@am__append_45 = plugins/pgp +@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_46 = plugins/pgp/libstrongswan-pgp.la +@USE_DNSKEY_TRUE@am__append_47 = plugins/dnskey +@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_48 = plugins/dnskey/libstrongswan-dnskey.la +@USE_PEM_TRUE@am__append_49 = plugins/pem +@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_50 = plugins/pem/libstrongswan-pem.la +@USE_CURL_TRUE@am__append_51 = plugins/curl +@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_52 = plugins/curl/libstrongswan-curl.la +@USE_SOUP_TRUE@am__append_53 = plugins/soup +@MONOLITHIC_TRUE@@USE_SOUP_TRUE@am__append_54 = plugins/soup/libstrongswan-soup.la +@USE_LDAP_TRUE@am__append_55 = plugins/ldap +@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_56 = plugins/ldap/libstrongswan-ldap.la +@USE_MYSQL_TRUE@am__append_57 = plugins/mysql +@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_58 = plugins/mysql/libstrongswan-mysql.la +@USE_SQLITE_TRUE@am__append_59 = plugins/sqlite +@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_60 = plugins/sqlite/libstrongswan-sqlite.la +@USE_PADLOCK_TRUE@am__append_61 = plugins/padlock +@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_62 = plugins/padlock/libstrongswan-padlock.la +@USE_OPENSSL_TRUE@am__append_63 = plugins/openssl +@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_64 = plugins/openssl/libstrongswan-openssl.la +@USE_GCRYPT_TRUE@am__append_65 = plugins/gcrypt +@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_66 = plugins/gcrypt/libstrongswan-gcrypt.la +@USE_FIPS_PRF_TRUE@am__append_67 = plugins/fips_prf +@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_68 = plugins/fips_prf/libstrongswan-fips-prf.la +@USE_AGENT_TRUE@am__append_69 = plugins/agent +@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_70 = plugins/agent/libstrongswan-agent.la +@USE_PKCS11_TRUE@am__append_71 = plugins/pkcs11 +@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_72 = plugins/pkcs11/libstrongswan-pkcs11.la +@USE_CTR_TRUE@am__append_73 = plugins/ctr +@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_74 = plugins/ctr/libstrongswan-ctr.la +@USE_CCM_TRUE@am__append_75 = plugins/ccm +@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_76 = plugins/ccm/libstrongswan-ccm.la +@USE_GCM_TRUE@am__append_77 = plugins/gcm +@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_78 = plugins/gcm/libstrongswan-gcm.la +@USE_TEST_VECTORS_TRUE@am__append_79 = plugins/test_vectors +@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_80 = plugins/test_vectors/libstrongswan-test-vectors.la subdir = src/libstrongswan DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -152,8 +156,8 @@ am__nobase_list = $(am__nobase_strip_setup); \ am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__installdirs = "$(DESTDIR)$(libdir)" -LTLIBRARIES = $(lib_LTLIBRARIES) +am__installdirs = "$(DESTDIR)$(ipseclibdir)" +LTLIBRARIES = $(ipseclib_LTLIBRARIES) am__DEPENDENCIES_1 = libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ @@ -169,14 +173,17 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__append_54) $(am__append_56) $(am__append_58) \ $(am__append_60) $(am__append_62) $(am__append_64) \ $(am__append_66) $(am__append_68) $(am__append_70) \ - $(am__append_72) $(am__append_74) $(am__append_76) + $(am__append_72) $(am__append_74) $(am__append_76) \ + $(am__append_78) $(am__append_80) am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ chunk.h debug.c debug.h enum.c enum.h settings.h settings.c \ printf_hook.c printf_hook.h asn1/asn1.c asn1/asn1.h \ asn1/asn1_parser.c asn1/asn1_parser.h asn1/oid.c asn1/oid.h \ - crypto/crypters/crypter.c crypto/crypters/crypter.h \ - crypto/hashers/hasher.h crypto/hashers/hasher.c crypto/pkcs9.c \ - crypto/pkcs9.h crypto/proposal/proposal_keywords.c \ + bio/bio_reader.h bio/bio_reader.c bio/bio_writer.h \ + bio/bio_writer.c crypto/crypters/crypter.c \ + crypto/crypters/crypter.h crypto/hashers/hasher.h \ + crypto/hashers/hasher.c crypto/pkcs9.c crypto/pkcs9.h \ + crypto/proposal/proposal_keywords.c \ crypto/proposal/proposal_keywords.h crypto/prfs/prf.c \ crypto/prfs/prf.h crypto/rngs/rng.c crypto/rngs/rng.h \ crypto/prf_plus.h crypto/prf_plus.c crypto/signers/signer.c \ @@ -215,45 +222,48 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ credentials/sets/callback_cred.h credentials/auth_cfg.c \ credentials/auth_cfg.h credentials/credential_set.h \ credentials/cert_validator.h database/database.h \ - database/database_factory.h database/database_factory.c \ - fetcher/fetcher.h fetcher/fetcher.c fetcher/fetcher_manager.h \ - fetcher/fetcher_manager.c eap/eap.h eap/eap.c \ - plugins/plugin_loader.c plugins/plugin_loader.h \ - plugins/plugin.h processing/jobs/job.h \ - processing/jobs/callback_job.c processing/jobs/callback_job.h \ - processing/processor.c processing/processor.h \ - processing/scheduler.c processing/scheduler.h \ - selectors/traffic_selector.c selectors/traffic_selector.h \ - threading/thread.h threading/thread.c threading/thread_value.h \ + database/database.c database/database_factory.h \ + database/database_factory.c fetcher/fetcher.h \ + fetcher/fetcher.c fetcher/fetcher_manager.h \ + fetcher/fetcher_manager.c eap/eap.h eap/eap.c pen/pen.h \ + pen/pen.c plugins/plugin_loader.c plugins/plugin_loader.h \ + plugins/plugin.h plugins/plugin_feature.c \ + plugins/plugin_feature.h processing/jobs/job.h \ + processing/jobs/job.c processing/jobs/callback_job.c \ + processing/jobs/callback_job.h processing/processor.c \ + processing/processor.h processing/scheduler.c \ + processing/scheduler.h selectors/traffic_selector.c \ + selectors/traffic_selector.h threading/thread.h \ + threading/thread.c threading/thread_value.h \ threading/thread_value.c threading/mutex.h threading/mutex.c \ threading/condvar.h threading/rwlock.h threading/rwlock.c \ threading/lock_profiler.h utils.h utils.c utils/host.c \ utils/host.h utils/identification.c utils/identification.h \ - utils/iterator.h utils/lexparser.c utils/lexparser.h \ - utils/linked_list.c utils/linked_list.h utils/hashtable.c \ - utils/hashtable.h utils/enumerator.c utils/enumerator.h \ - utils/optionsfrom.c utils/optionsfrom.h utils/backtrace.c \ - utils/backtrace.h utils/leak_detective.c \ - utils/leak_detective.h integrity_checker.c integrity_checker.h + utils/lexparser.c utils/lexparser.h utils/linked_list.c \ + utils/linked_list.h utils/hashtable.c utils/hashtable.h \ + utils/enumerator.c utils/enumerator.h utils/optionsfrom.c \ + utils/optionsfrom.h utils/backtrace.c utils/backtrace.h \ + utils/leak_detective.c utils/leak_detective.h \ + integrity_checker.c integrity_checker.h @USE_LEAK_DETECTIVE_TRUE@am__objects_1 = leak_detective.lo @USE_INTEGRITY_TEST_TRUE@am__objects_2 = integrity_checker.lo am_libstrongswan_la_OBJECTS = library.lo chunk.lo debug.lo enum.lo \ settings.lo printf_hook.lo asn1.lo asn1_parser.lo oid.lo \ - crypter.lo hasher.lo pkcs9.lo proposal_keywords.lo prf.lo \ - rng.lo prf_plus.lo signer.lo crypto_factory.lo \ - crypto_tester.lo diffie_hellman.lo aead.lo transform.lo \ - credential_factory.lo builder.lo cred_encoding.lo \ + bio_reader.lo bio_writer.lo crypter.lo hasher.lo pkcs9.lo \ + proposal_keywords.lo prf.lo rng.lo prf_plus.lo signer.lo \ + crypto_factory.lo crypto_tester.lo diffie_hellman.lo aead.lo \ + transform.lo credential_factory.lo builder.lo cred_encoding.lo \ private_key.lo public_key.lo shared_key.lo certificate.lo \ crl.lo ocsp_response.lo ietf_attributes.lo \ credential_manager.lo auth_cfg_wrapper.lo \ ocsp_response_wrapper.lo cert_cache.lo mem_cred.lo \ - callback_cred.lo auth_cfg.lo database_factory.lo fetcher.lo \ - fetcher_manager.lo eap.lo plugin_loader.lo callback_job.lo \ - processor.lo scheduler.lo traffic_selector.lo thread.lo \ - thread_value.lo mutex.lo rwlock.lo utils.lo host.lo \ - identification.lo lexparser.lo linked_list.lo hashtable.lo \ - enumerator.lo optionsfrom.lo backtrace.lo $(am__objects_1) \ - $(am__objects_2) + callback_cred.lo auth_cfg.lo database.lo database_factory.lo \ + fetcher.lo fetcher_manager.lo eap.lo pen.lo plugin_loader.lo \ + plugin_feature.lo job.lo callback_job.lo processor.lo \ + scheduler.lo traffic_selector.lo thread.lo thread_value.lo \ + mutex.lo rwlock.lo utils.lo host.lo identification.lo \ + lexparser.lo linked_list.lo hashtable.lo enumerator.lo \ + optionsfrom.lo backtrace.lo $(am__objects_1) $(am__objects_2) libstrongswan_la_OBJECTS = $(am_libstrongswan_la_OBJECTS) DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp @@ -287,13 +297,13 @@ CTAGS = ctags DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ plugins/blowfish plugins/md4 plugins/md5 plugins/sha1 \ plugins/sha2 plugins/gmp plugins/random plugins/hmac \ - plugins/xcbc plugins/x509 plugins/revocation \ - plugins/constraints plugins/pubkey plugins/pkcs1 plugins/pgp \ - plugins/dnskey plugins/pem plugins/curl plugins/soup \ - plugins/ldap plugins/mysql plugins/sqlite plugins/padlock \ - plugins/openssl plugins/gcrypt plugins/fips_prf plugins/agent \ - plugins/pkcs11 plugins/ctr plugins/ccm plugins/gcm \ - plugins/test_vectors + plugins/cmac plugins/xcbc plugins/x509 plugins/revocation \ + plugins/constraints plugins/pubkey plugins/pkcs1 plugins/pkcs8 \ + plugins/pgp plugins/dnskey plugins/pem plugins/curl \ + plugins/soup plugins/ldap plugins/mysql plugins/sqlite \ + plugins/padlock plugins/openssl plugins/gcrypt \ + plugins/fips_prf plugins/agent plugins/pkcs11 plugins/ctr \ + plugins/ccm plugins/gcm plugins/test_vectors DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -411,6 +421,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -419,6 +432,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -435,11 +449,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -483,6 +499,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ @@ -493,11 +510,12 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -lib_LTLIBRARIES = libstrongswan.la +ipseclib_LTLIBRARIES = libstrongswan.la libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \ debug.h enum.c enum.h settings.h settings.c printf_hook.c \ printf_hook.h asn1/asn1.c asn1/asn1.h asn1/asn1_parser.c \ - asn1/asn1_parser.h asn1/oid.c asn1/oid.h \ + asn1/asn1_parser.h asn1/oid.c asn1/oid.h bio/bio_reader.h \ + bio/bio_reader.c bio/bio_writer.h bio/bio_writer.c \ crypto/crypters/crypter.c crypto/crypters/crypter.h \ crypto/hashers/hasher.h crypto/hashers/hasher.c crypto/pkcs9.c \ crypto/pkcs9.h crypto/proposal/proposal_keywords.c \ @@ -539,25 +557,28 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \ credentials/sets/callback_cred.h credentials/auth_cfg.c \ credentials/auth_cfg.h credentials/credential_set.h \ credentials/cert_validator.h database/database.h \ - database/database_factory.h database/database_factory.c \ - fetcher/fetcher.h fetcher/fetcher.c fetcher/fetcher_manager.h \ - fetcher/fetcher_manager.c eap/eap.h eap/eap.c \ - plugins/plugin_loader.c plugins/plugin_loader.h \ - plugins/plugin.h processing/jobs/job.h \ - processing/jobs/callback_job.c processing/jobs/callback_job.h \ - processing/processor.c processing/processor.h \ - processing/scheduler.c processing/scheduler.h \ - selectors/traffic_selector.c selectors/traffic_selector.h \ - threading/thread.h threading/thread.c threading/thread_value.h \ + database/database.c database/database_factory.h \ + database/database_factory.c fetcher/fetcher.h \ + fetcher/fetcher.c fetcher/fetcher_manager.h \ + fetcher/fetcher_manager.c eap/eap.h eap/eap.c pen/pen.h \ + pen/pen.c plugins/plugin_loader.c plugins/plugin_loader.h \ + plugins/plugin.h plugins/plugin_feature.c \ + plugins/plugin_feature.h processing/jobs/job.h \ + processing/jobs/job.c processing/jobs/callback_job.c \ + processing/jobs/callback_job.h processing/processor.c \ + processing/processor.h processing/scheduler.c \ + processing/scheduler.h selectors/traffic_selector.c \ + selectors/traffic_selector.h threading/thread.h \ + threading/thread.c threading/thread_value.h \ threading/thread_value.c threading/mutex.h threading/mutex.c \ threading/condvar.h threading/rwlock.h threading/rwlock.c \ threading/lock_profiler.h utils.h utils.c utils/host.c \ utils/host.h utils/identification.c utils/identification.h \ - utils/iterator.h utils/lexparser.c utils/lexparser.h \ - utils/linked_list.c utils/linked_list.h utils/hashtable.c \ - utils/hashtable.h utils/enumerator.c utils/enumerator.h \ - utils/optionsfrom.c utils/optionsfrom.h utils/backtrace.c \ - utils/backtrace.h $(am__append_2) $(am__append_5) + utils/lexparser.c utils/lexparser.h utils/linked_list.c \ + utils/linked_list.h utils/hashtable.c utils/hashtable.h \ + utils/enumerator.c utils/enumerator.h utils/optionsfrom.c \ + utils/optionsfrom.h utils/backtrace.c utils/backtrace.h \ + $(am__append_2) $(am__append_5) libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \ $(RTLIB) $(am__append_6) $(am__append_8) $(am__append_10) \ $(am__append_12) $(am__append_14) $(am__append_16) \ @@ -570,9 +591,12 @@ libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \ $(am__append_54) $(am__append_56) $(am__append_58) \ $(am__append_60) $(am__append_62) $(am__append_64) \ $(am__append_66) $(am__append_68) $(am__append_70) \ - $(am__append_72) $(am__append_74) $(am__append_76) + $(am__append_72) $(am__append_74) $(am__append_76) \ + $(am__append_78) $(am__append_80) INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DPLUGINDIR=\"${plugindir}\" \ +AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" \ + -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \ + -DPLUGINDIR=\"${plugindir}\" \ -DSTRONGSWAN_CONF=\"${strongswan_conf}\" $(am__append_1) \ $(am__append_3) $(am__append_4) EXTRA_DIST = \ @@ -605,7 +629,8 @@ $(srcdir)/crypto/proposal/proposal_keywords.c @MONOLITHIC_FALSE@ $(am__append_63) $(am__append_65) \ @MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_FALSE@ $(am__append_71) $(am__append_73) \ -@MONOLITHIC_FALSE@ $(am__append_75) +@MONOLITHIC_FALSE@ $(am__append_75) $(am__append_77) \ +@MONOLITHIC_FALSE@ $(am__append_79) # build plugins with their own Makefile ####################################### @@ -626,7 +651,8 @@ $(srcdir)/crypto/proposal/proposal_keywords.c @MONOLITHIC_TRUE@ $(am__append_63) $(am__append_65) \ @MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_TRUE@ $(am__append_71) $(am__append_73) \ -@MONOLITHIC_TRUE@ $(am__append_75) +@MONOLITHIC_TRUE@ $(am__append_75) $(am__append_77) \ +@MONOLITHIC_TRUE@ $(am__append_79) all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -662,39 +688,39 @@ $(top_srcdir)/configure: $(am__configure_deps) $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): -install-libLTLIBRARIES: $(lib_LTLIBRARIES) +install-ipseclibLTLIBRARIES: $(ipseclib_LTLIBRARIES) @$(NORMAL_INSTALL) - test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)" - @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + test -z "$(ipseclibdir)" || $(MKDIR_P) "$(DESTDIR)$(ipseclibdir)" + @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \ list2=; for p in $$list; do \ if test -f $$p; then \ list2="$$list2 $$p"; \ else :; fi; \ done; \ test -z "$$list2" || { \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(ipseclibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(ipseclibdir)"; \ } -uninstall-libLTLIBRARIES: +uninstall-ipseclibLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \ + @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \ for p in $$list; do \ $(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(ipseclibdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(ipseclibdir)/$$f"; \ done -clean-libLTLIBRARIES: - -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES) - @list='$(lib_LTLIBRARIES)'; for p in $$list; do \ +clean-ipseclibLTLIBRARIES: + -test -z "$(ipseclib_LTLIBRARIES)" || rm -f $(ipseclib_LTLIBRARIES) + @list='$(ipseclib_LTLIBRARIES)'; for p in $$list; do \ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ test "$$dir" != "$$p" || dir=.; \ echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done libstrongswan.la: $(libstrongswan_la_OBJECTS) $(libstrongswan_la_DEPENDENCIES) - $(LINK) -rpath $(libdir) $(libstrongswan_la_OBJECTS) $(libstrongswan_la_LIBADD) $(LIBS) + $(LINK) -rpath $(ipseclibdir) $(libstrongswan_la_OBJECTS) $(libstrongswan_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -708,6 +734,8 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cfg_wrapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/backtrace.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bio_reader.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bio_writer.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/builder.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callback_cred.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/callback_job.Plo@am__quote@ @@ -721,6 +749,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypter.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto_factory.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto_tester.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/database.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/database_factory.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/debug.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/diffie_hellman.Plo@am__quote@ @@ -735,6 +764,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/identification.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ietf_attributes.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/integrity_checker.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/job.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/leak_detective.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lexparser.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/library.Plo@am__quote@ @@ -745,7 +775,9 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp_response_wrapper.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/oid.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/optionsfrom.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pen.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs9.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plugin_feature.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/plugin_loader.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prf.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prf_plus.Plo@am__quote@ @@ -808,6 +840,20 @@ oid.lo: asn1/oid.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o oid.lo `test -f 'asn1/oid.c' || echo '$(srcdir)/'`asn1/oid.c +bio_reader.lo: bio/bio_reader.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bio_reader.lo -MD -MP -MF $(DEPDIR)/bio_reader.Tpo -c -o bio_reader.lo `test -f 'bio/bio_reader.c' || echo '$(srcdir)/'`bio/bio_reader.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bio_reader.Tpo $(DEPDIR)/bio_reader.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bio/bio_reader.c' object='bio_reader.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bio_reader.lo `test -f 'bio/bio_reader.c' || echo '$(srcdir)/'`bio/bio_reader.c + +bio_writer.lo: bio/bio_writer.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT bio_writer.lo -MD -MP -MF $(DEPDIR)/bio_writer.Tpo -c -o bio_writer.lo `test -f 'bio/bio_writer.c' || echo '$(srcdir)/'`bio/bio_writer.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/bio_writer.Tpo $(DEPDIR)/bio_writer.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bio/bio_writer.c' object='bio_writer.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o bio_writer.lo `test -f 'bio/bio_writer.c' || echo '$(srcdir)/'`bio/bio_writer.c + crypter.lo: crypto/crypters/crypter.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypter.lo -MD -MP -MF $(DEPDIR)/crypter.Tpo -c -o crypter.lo `test -f 'crypto/crypters/crypter.c' || echo '$(srcdir)/'`crypto/crypters/crypter.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/crypter.Tpo $(DEPDIR)/crypter.Plo @@ -1018,6 +1064,13 @@ auth_cfg.lo: credentials/auth_cfg.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o auth_cfg.lo `test -f 'credentials/auth_cfg.c' || echo '$(srcdir)/'`credentials/auth_cfg.c +database.lo: database/database.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT database.lo -MD -MP -MF $(DEPDIR)/database.Tpo -c -o database.lo `test -f 'database/database.c' || echo '$(srcdir)/'`database/database.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/database.Tpo $(DEPDIR)/database.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='database/database.c' object='database.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o database.lo `test -f 'database/database.c' || echo '$(srcdir)/'`database/database.c + database_factory.lo: database/database_factory.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT database_factory.lo -MD -MP -MF $(DEPDIR)/database_factory.Tpo -c -o database_factory.lo `test -f 'database/database_factory.c' || echo '$(srcdir)/'`database/database_factory.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/database_factory.Tpo $(DEPDIR)/database_factory.Plo @@ -1046,6 +1099,13 @@ eap.lo: eap/eap.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o eap.lo `test -f 'eap/eap.c' || echo '$(srcdir)/'`eap/eap.c +pen.lo: pen/pen.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pen.lo -MD -MP -MF $(DEPDIR)/pen.Tpo -c -o pen.lo `test -f 'pen/pen.c' || echo '$(srcdir)/'`pen/pen.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/pen.Tpo $(DEPDIR)/pen.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pen/pen.c' object='pen.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pen.lo `test -f 'pen/pen.c' || echo '$(srcdir)/'`pen/pen.c + plugin_loader.lo: plugins/plugin_loader.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT plugin_loader.lo -MD -MP -MF $(DEPDIR)/plugin_loader.Tpo -c -o plugin_loader.lo `test -f 'plugins/plugin_loader.c' || echo '$(srcdir)/'`plugins/plugin_loader.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/plugin_loader.Tpo $(DEPDIR)/plugin_loader.Plo @@ -1053,6 +1113,20 @@ plugin_loader.lo: plugins/plugin_loader.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o plugin_loader.lo `test -f 'plugins/plugin_loader.c' || echo '$(srcdir)/'`plugins/plugin_loader.c +plugin_feature.lo: plugins/plugin_feature.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT plugin_feature.lo -MD -MP -MF $(DEPDIR)/plugin_feature.Tpo -c -o plugin_feature.lo `test -f 'plugins/plugin_feature.c' || echo '$(srcdir)/'`plugins/plugin_feature.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/plugin_feature.Tpo $(DEPDIR)/plugin_feature.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='plugins/plugin_feature.c' object='plugin_feature.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o plugin_feature.lo `test -f 'plugins/plugin_feature.c' || echo '$(srcdir)/'`plugins/plugin_feature.c + +job.lo: processing/jobs/job.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT job.lo -MD -MP -MF $(DEPDIR)/job.Tpo -c -o job.lo `test -f 'processing/jobs/job.c' || echo '$(srcdir)/'`processing/jobs/job.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/job.Tpo $(DEPDIR)/job.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='processing/jobs/job.c' object='job.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o job.lo `test -f 'processing/jobs/job.c' || echo '$(srcdir)/'`processing/jobs/job.c + callback_job.lo: processing/jobs/callback_job.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT callback_job.lo -MD -MP -MF $(DEPDIR)/callback_job.Tpo -c -o callback_job.lo `test -f 'processing/jobs/callback_job.c' || echo '$(srcdir)/'`processing/jobs/callback_job.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/callback_job.Tpo $(DEPDIR)/callback_job.Plo @@ -1377,7 +1451,7 @@ check: $(BUILT_SOURCES) all-am: Makefile $(LTLIBRARIES) installdirs: installdirs-recursive installdirs-am: - for dir in "$(DESTDIR)$(libdir)"; do \ + for dir in "$(DESTDIR)$(ipseclibdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: $(BUILT_SOURCES) @@ -1410,7 +1484,7 @@ maintainer-clean-generic: -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) clean: clean-recursive -clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \ +clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-recursive @@ -1431,13 +1505,13 @@ info: info-recursive info-am: -install-data-am: +install-data-am: install-ipseclibLTLIBRARIES install-dvi: install-dvi-recursive install-dvi-am: -install-exec-am: install-libLTLIBRARIES +install-exec-am: install-html: install-html-recursive @@ -1477,7 +1551,7 @@ ps: ps-recursive ps-am: -uninstall-am: uninstall-libLTLIBRARIES +uninstall-am: uninstall-ipseclibLTLIBRARIES .MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all check \ ctags-recursive install install-am install-strip \ @@ -1485,19 +1559,19 @@ uninstall-am: uninstall-libLTLIBRARIES .PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ all all-am check check-am clean clean-generic \ - clean-libLTLIBRARIES clean-libtool ctags ctags-recursive \ + clean-ipseclibLTLIBRARIES clean-libtool ctags ctags-recursive \ distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ - install-info-am install-libLTLIBRARIES install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs installdirs-am \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \ - uninstall-libLTLIBRARIES + install-info-am install-ipseclibLTLIBRARIES install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ + uninstall uninstall-am uninstall-ipseclibLTLIBRARIES library.lo : $(top_builddir)/config.status diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 4466b37a4..4cb38d126 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -222,7 +222,7 @@ size_t asn1_length(chunk_t *blob) if (blob->len < 2) { - DBG2(DBG_LIB, "insufficient number of octets to parse ASN.1 length"); + DBG2(DBG_ASN, "insufficient number of octets to parse ASN.1 length"); return ASN1_INVALID_LENGTH; } @@ -234,7 +234,7 @@ size_t asn1_length(chunk_t *blob) { /* single length octet */ if (n > blob->len) { - DBG2(DBG_LIB, "length is larger than remaining blob size"); + DBG2(DBG_ASN, "length is larger than remaining blob size"); return ASN1_INVALID_LENGTH; } return n; @@ -245,13 +245,13 @@ size_t asn1_length(chunk_t *blob) if (n == 0 || n > blob->len) { - DBG2(DBG_LIB, "number of length octets invalid"); + DBG2(DBG_ASN, "number of length octets invalid"); return ASN1_INVALID_LENGTH; } if (n > sizeof(len)) { - DBG2(DBG_LIB, "number of length octets is larger than limit of" + DBG2(DBG_ASN, "number of length octets is larger than limit of" " %d octets", (int)sizeof(len)); return ASN1_INVALID_LENGTH; } @@ -265,7 +265,7 @@ size_t asn1_length(chunk_t *blob) } if (len > blob->len) { - DBG2(DBG_LIB, "length is larger than remaining blob size"); + DBG2(DBG_ASN, "length is larger than remaining blob size"); return ASN1_INVALID_LENGTH; } return len; @@ -326,10 +326,10 @@ static const int tm_leap_1970 = 477; */ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) { - int tm_year, tm_mon, tm_day, tm_days, tm_hour, tm_min, tm_sec; + int tm_year, tm_mon, tm_day, tm_hour, tm_min, tm_sec; int tm_leap_4, tm_leap_100, tm_leap_400, tm_leap; int tz_hour, tz_min, tz_offset; - time_t tm_secs; + time_t tm_days, tm_secs; u_char *eot = NULL; if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL) @@ -435,6 +435,11 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type) struct tm t; gmtime_r(time, &t); + /* RFC 5280 says that dates through the year 2049 MUST be encoded as UTCTIME + * and dates in 2050 or later MUST be encoded as GENERALIZEDTIME. We only + * enforce the latter to avoid overflows but allow callers to force the + * encoding to GENERALIZEDTIME */ + type = (t.tm_year >= 150) ? ASN1_GENERALIZEDTIME : type; if (type == ASN1_GENERALIZEDTIME) { format = "%04d%02d%02d%02d%02d%02dZ"; @@ -443,7 +448,7 @@ chunk_t asn1_from_time(const time_t *time, asn1_t type) else /* ASN1_UTCTIME */ { format = "%02d%02d%02d%02d%02d%02dZ"; - offset = (t.tm_year < 100)? 0 : -100; + offset = (t.tm_year < 100) ? 0 : -100; } snprintf(buf, BUF_LEN, format, t.tm_year + offset, t.tm_mon + 1, t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec); @@ -471,12 +476,12 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private) { break; } - DBG2(DBG_LIB, " %s", oid_str); + DBG2(DBG_ASN, " %s", oid_str); free(oid_str); } else { - DBG2(DBG_LIB, " '%s'", oid_names[oid].name); + DBG2(DBG_ASN, " '%s'", oid_names[oid].name); } return; case ASN1_UTF8STRING: @@ -484,14 +489,14 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private) case ASN1_PRINTABLESTRING: case ASN1_T61STRING: case ASN1_VISIBLESTRING: - DBG2(DBG_LIB, " '%.*s'", (int)object.len, object.ptr); + DBG2(DBG_ASN, " '%.*s'", (int)object.len, object.ptr); return; case ASN1_UTCTIME: case ASN1_GENERALIZEDTIME: { time_t time = asn1_to_time(&object, type); - DBG2(DBG_LIB, " '%T'", &time, TRUE); + DBG2(DBG_ASN, " '%T'", &time, TRUE); } return; default: @@ -499,11 +504,11 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private) } if (private) { - DBG4(DBG_LIB, "%B", &object); + DBG4(DBG_ASN, "%B", &object); } else { - DBG3(DBG_LIB, "%B", &object); + DBG3(DBG_ASN, "%B", &object); } } @@ -517,14 +522,14 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c /* an ASN.1 object must possess at least a tag and length field */ if (object->len < 2) { - DBG2(DBG_LIB, "L%d - %s: ASN.1 object smaller than 2 octets", level, + DBG2(DBG_ASN, "L%d - %s: ASN.1 object smaller than 2 octets", level, name); return FALSE; } if (*object->ptr != type) { - DBG2(DBG_LIB, "L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x", + DBG2(DBG_ASN, "L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x", level, name, type, *object->ptr); return FALSE; } @@ -533,12 +538,12 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c if (len == ASN1_INVALID_LENGTH || object->len < len) { - DBG2(DBG_LIB, "L%d - %s: length of ASN.1 object invalid or too large", + DBG2(DBG_ASN, "L%d - %s: length of ASN.1 object invalid or too large", level, name); return FALSE; } - DBG2(DBG_LIB, "L%d - %s:", level, name); + DBG2(DBG_ASN, "L%d - %s:", level, name); asn1_debug_simple_object(*object, type, FALSE); return TRUE; } @@ -547,14 +552,20 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c * ASN.1 definition of an algorithmIdentifier */ static const asn1Object_t algorithmIdentifierObjects[] = { - { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ - { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */ - { 1, "parameters", ASN1_EOC, ASN1_RAW|ASN1_OPT }, /* 2 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } + { 0, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "algorithm", ASN1_OID, ASN1_BODY }, /* 1 */ + { 1, "parameters", ASN1_OID, ASN1_RAW|ASN1_OPT }, /* 2 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ + { 1, "parameters", ASN1_SEQUENCE, ASN1_RAW|ASN1_OPT }, /* 4 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 5 */ + { 1, "parameters", ASN1_OCTET_STRING, ASN1_RAW|ASN1_OPT }, /* 6 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 7 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; -#define ALGORITHM_ID_ALG 1 -#define ALGORITHM_ID_PARAMETERS 2 +#define ALGORITHM_ID_ALG 1 +#define ALGORITHM_ID_PARAMETERS_OID 2 +#define ALGORITHM_ID_PARAMETERS_SEQ 4 +#define ALGORITHM_ID_PARAMETERS_OCT 6 /* * Defined in header @@ -576,7 +587,9 @@ int asn1_parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters case ALGORITHM_ID_ALG: alg = asn1_known_oid(object); break; - case ALGORITHM_ID_PARAMETERS: + case ALGORITHM_ID_PARAMETERS_OID: + case ALGORITHM_ID_PARAMETERS_SEQ: + case ALGORITHM_ID_PARAMETERS_OCT: if (parameters != NULL) { *parameters = object; @@ -606,7 +619,7 @@ bool is_asn1(chunk_t blob) tag = *blob.ptr; if (tag != ASN1_SEQUENCE && tag != ASN1_SET && tag != ASN1_OCTET_STRING) { - DBG2(DBG_LIB, " file content is not binary ASN.1"); + DBG2(DBG_ASN, " file content is not binary ASN.1"); return FALSE; } @@ -624,7 +637,7 @@ bool is_asn1(chunk_t blob) return TRUE; } - DBG2(DBG_LIB, " file size does not match ASN.1 coded length"); + DBG2(DBG_ASN, " file size does not match ASN.1 coded length"); return FALSE; } diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index 05a060827..15ffff62e 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -35,8 +35,8 @@ typedef enum { ASN1_BOOLEAN = 0x01, ASN1_INTEGER = 0x02, ASN1_BIT_STRING = 0x03, - ASN1_OCTET_STRING = 0x04, - ASN1_NULL = 0x05, + ASN1_OCTET_STRING = 0x04, + ASN1_NULL = 0x05, ASN1_OID = 0x06, ASN1_ENUMERATED = 0x0A, ASN1_UTF8STRING = 0x0C, @@ -48,7 +48,7 @@ typedef enum { ASN1_UTCTIME = 0x17, ASN1_GENERALIZEDTIME = 0x18, ASN1_GRAPHICSTRING = 0x19, - ASN1_VISIBLESTRING = 0x1A, + ASN1_VISIBLESTRING = 0x1A, ASN1_GENERALSTRING = 0x1B, ASN1_UNIVERSALSTRING = 0x1C, ASN1_BMPSTRING = 0x1E, @@ -75,7 +75,7 @@ typedef enum { ASN1_CONTEXT_C_4 = 0xA4, ASN1_CONTEXT_C_5 = 0xA5, - ASN1_INVALID = 0x100, + ASN1_INVALID = 0x100, } asn1_t; #define ASN1_INVALID_LENGTH 0xffffffff @@ -191,6 +191,8 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type); /** * Converts time_t to an ASN.1 UTCTIME or GENERALIZEDTIME string * + * @note The type is automatically changed to GENERALIZEDTIME if needed + * * @param time time_t in UTC * @param type ASN1_UTCTIME or ASN1_GENERALIZEDTIME * @return body of an ASN.1 code time object diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c index 2a7a38a52..40e11b321 100644 --- a/src/libstrongswan/asn1/asn1_parser.c +++ b/src/libstrongswan/asn1/asn1_parser.c @@ -120,7 +120,7 @@ METHOD(asn1_parser_t, iterate, bool, if ((obj.flags & ASN1_DEF) && (blob->len == 0 || *start_ptr != obj.type) ) { /* field is missing */ - DBG2(DBG_LIB, "L%d - %s:", level, obj.name); + DBG2(DBG_ASN, "L%d - %s:", level, obj.name); if (obj.type & ASN1_CONSTRUCTED) { this->line++ ; /* skip context-specific tag */ @@ -147,7 +147,7 @@ METHOD(asn1_parser_t, iterate, bool, if (blob->len < 2) { - DBG1(DBG_LIB, "L%d - %s: ASN.1 object smaller than 2 octets", + DBG1(DBG_ASN, "L%d - %s: ASN.1 object smaller than 2 octets", level, obj.name); this->success = FALSE; goto end; @@ -157,7 +157,7 @@ METHOD(asn1_parser_t, iterate, bool, if (blob1->len == ASN1_INVALID_LENGTH) { - DBG1(DBG_LIB, "L%d - %s: length of ASN.1 object invalid or too large", + DBG1(DBG_ASN, "L%d - %s: length of ASN.1 object invalid or too large", level, obj.name); this->success = FALSE; } @@ -170,7 +170,7 @@ METHOD(asn1_parser_t, iterate, bool, if (obj.flags & ASN1_RAW) { - DBG2(DBG_LIB, "L%d - %s:", level, obj.name); + DBG2(DBG_ASN, "L%d - %s:", level, obj.name); object->ptr = start_ptr; object->len = (size_t)(blob->ptr - start_ptr); goto end; @@ -178,14 +178,14 @@ METHOD(asn1_parser_t, iterate, bool, if (*start_ptr != obj.type && !(this->implicit && this->line == 0)) { - DBG1(DBG_LIB, "L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x", + DBG2(DBG_ASN, "L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x", level, obj.name, obj.type, *start_ptr); - DBG3(DBG_LIB, "%b", start_ptr, (u_int)(blob->ptr - start_ptr)); + DBG3(DBG_ASN, "%b", start_ptr, (u_int)(blob->ptr - start_ptr)); this->success = FALSE; goto end; } - DBG2(DBG_LIB, "L%d - %s:", level, obj.name); + DBG2(DBG_ASN, "L%d - %s:", level, obj.name); /* In case of "SEQUENCE OF" or "SET OF" start a loop */ if (obj.flags & ASN1_LOOP) @@ -214,11 +214,11 @@ METHOD(asn1_parser_t, iterate, bool, object->len = (size_t)(blob->ptr - start_ptr); if (this->private) { - DBG4(DBG_LIB, "%B", object); + DBG4(DBG_ASN, "%B", object); } else { - DBG3(DBG_LIB, "%B", object); + DBG3(DBG_ASN, "%B", object); } } else if (obj.flags & ASN1_BODY) diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index 6af088fd2..bfc985c25 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -28,8 +28,8 @@ const oid_t oid_names[] = { { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */ { 0x01, 17, 0, 9, "UID" }, /* 16 */ { 0x19, 0, 0, 9, "DC" }, /* 17 */ - {0x55, 64, 1, 0, "X.500" }, /* 18 */ - { 0x04, 36, 1, 1, "X.509" }, /* 19 */ + {0x55, 65, 1, 0, "X.500" }, /* 18 */ + { 0x04, 37, 1, 1, "X.509" }, /* 19 */ { 0x03, 21, 0, 2, "CN" }, /* 20 */ { 0x04, 22, 0, 2, "S" }, /* 21 */ { 0x05, 23, 0, 2, "SN" }, /* 22 */ @@ -45,337 +45,343 @@ const oid_t oid_names[] = { { 0x2A, 33, 0, 2, "G" }, /* 32 */ { 0x2B, 34, 0, 2, "I" }, /* 33 */ { 0x2D, 35, 0, 2, "ID" }, /* 34 */ - { 0x48, 0, 0, 2, "role" }, /* 35 */ - { 0x1D, 0, 1, 1, "id-ce" }, /* 36 */ - { 0x09, 38, 0, 2, "subjectDirectoryAttrs" }, /* 37 */ - { 0x0E, 39, 0, 2, "subjectKeyIdentifier" }, /* 38 */ - { 0x0F, 40, 0, 2, "keyUsage" }, /* 39 */ - { 0x10, 41, 0, 2, "privateKeyUsagePeriod" }, /* 40 */ - { 0x11, 42, 0, 2, "subjectAltName" }, /* 41 */ - { 0x12, 43, 0, 2, "issuerAltName" }, /* 42 */ - { 0x13, 44, 0, 2, "basicConstraints" }, /* 43 */ - { 0x14, 45, 0, 2, "crlNumber" }, /* 44 */ - { 0x15, 46, 0, 2, "reasonCode" }, /* 45 */ - { 0x17, 47, 0, 2, "holdInstructionCode" }, /* 46 */ - { 0x18, 48, 0, 2, "invalidityDate" }, /* 47 */ - { 0x1B, 49, 0, 2, "deltaCrlIndicator" }, /* 48 */ - { 0x1C, 50, 0, 2, "issuingDistributionPoint" }, /* 49 */ - { 0x1D, 51, 0, 2, "certificateIssuer" }, /* 50 */ - { 0x1E, 52, 0, 2, "nameConstraints" }, /* 51 */ - { 0x1F, 53, 0, 2, "crlDistributionPoints" }, /* 52 */ - { 0x20, 55, 1, 2, "certificatePolicies" }, /* 53 */ - { 0x00, 0, 0, 3, "anyPolicy" }, /* 54 */ - { 0x21, 56, 0, 2, "policyMappings" }, /* 55 */ - { 0x23, 57, 0, 2, "authorityKeyIdentifier" }, /* 56 */ - { 0x24, 58, 0, 2, "policyConstraints" }, /* 57 */ - { 0x25, 60, 1, 2, "extendedKeyUsage" }, /* 58 */ - { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 59 */ - { 0x2E, 61, 0, 2, "freshestCRL" }, /* 60 */ - { 0x36, 62, 0, 2, "inhibitAnyPolicy" }, /* 61 */ - { 0x37, 63, 0, 2, "targetInformation" }, /* 62 */ - { 0x38, 0, 0, 2, "noRevAvail" }, /* 63 */ - {0x2A, 163, 1, 0, "" }, /* 64 */ - { 0x83, 77, 1, 1, "" }, /* 65 */ - { 0x08, 0, 1, 2, "jp" }, /* 66 */ - { 0x8C, 0, 1, 3, "" }, /* 67 */ - { 0x9A, 0, 1, 4, "" }, /* 68 */ - { 0x4B, 0, 1, 5, "" }, /* 69 */ - { 0x3D, 0, 1, 6, "" }, /* 70 */ - { 0x01, 0, 1, 7, "security" }, /* 71 */ - { 0x01, 0, 1, 8, "algorithm" }, /* 72 */ - { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 73 */ - { 0x02, 75, 0, 10, "camellia128-cbc" }, /* 74 */ - { 0x03, 76, 0, 10, "camellia192-cbc" }, /* 75 */ - { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 76 */ - { 0x86, 0, 1, 1, "" }, /* 77 */ - { 0x48, 0, 1, 2, "us" }, /* 78 */ - { 0x86, 122, 1, 3, "" }, /* 79 */ - { 0xF6, 85, 1, 4, "" }, /* 80 */ - { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 81 */ - { 0x07, 0, 1, 6, "Entrust" }, /* 82 */ - { 0x41, 0, 1, 7, "nsn-ce" }, /* 83 */ - { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 84 */ - { 0xF7, 0, 1, 4, "" }, /* 85 */ - { 0x0D, 0, 1, 5, "RSADSI" }, /* 86 */ - { 0x01, 117, 1, 6, "PKCS" }, /* 87 */ - { 0x01, 99, 1, 7, "PKCS-1" }, /* 88 */ - { 0x01, 90, 0, 8, "rsaEncryption" }, /* 89 */ - { 0x02, 91, 0, 8, "md2WithRSAEncryption" }, /* 90 */ - { 0x04, 92, 0, 8, "md5WithRSAEncryption" }, /* 91 */ - { 0x05, 93, 0, 8, "sha-1WithRSAEncryption" }, /* 92 */ - { 0x07, 94, 0, 8, "id-RSAES-OAEP" }, /* 93 */ - { 0x09, 95, 0, 8, "id-pSpecified" }, /* 94 */ - { 0x0B, 96, 0, 8, "sha256WithRSAEncryption" }, /* 95 */ - { 0x0C, 97, 0, 8, "sha384WithRSAEncryption" }, /* 96 */ - { 0x0D, 98, 0, 8, "sha512WithRSAEncryption" }, /* 97 */ - { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 98 */ - { 0x07, 106, 1, 7, "PKCS-7" }, /* 99 */ - { 0x01, 101, 0, 8, "data" }, /* 100 */ - { 0x02, 102, 0, 8, "signedData" }, /* 101 */ - { 0x03, 103, 0, 8, "envelopedData" }, /* 102 */ - { 0x04, 104, 0, 8, "signedAndEnvelopedData" }, /* 103 */ - { 0x05, 105, 0, 8, "digestedData" }, /* 104 */ - { 0x06, 0, 0, 8, "encryptedData" }, /* 105 */ - { 0x09, 0, 1, 7, "PKCS-9" }, /* 106 */ - { 0x01, 108, 0, 8, "E" }, /* 107 */ - { 0x02, 109, 0, 8, "unstructuredName" }, /* 108 */ - { 0x03, 110, 0, 8, "contentType" }, /* 109 */ - { 0x04, 111, 0, 8, "messageDigest" }, /* 110 */ - { 0x05, 112, 0, 8, "signingTime" }, /* 111 */ - { 0x06, 113, 0, 8, "counterSignature" }, /* 112 */ - { 0x07, 114, 0, 8, "challengePassword" }, /* 113 */ - { 0x08, 115, 0, 8, "unstructuredAddress" }, /* 114 */ - { 0x0E, 116, 0, 8, "extensionRequest" }, /* 115 */ - { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 116 */ - { 0x02, 120, 1, 6, "digestAlgorithm" }, /* 117 */ - { 0x02, 119, 0, 7, "md2" }, /* 118 */ - { 0x05, 0, 0, 7, "md5" }, /* 119 */ - { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 120 */ - { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 121 */ - { 0xCE, 0, 1, 3, "" }, /* 122 */ - { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 123 */ - { 0x02, 126, 1, 5, "id-publicKeyType" }, /* 124 */ - { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 125 */ - { 0x03, 156, 1, 5, "ellipticCurve" }, /* 126 */ - { 0x00, 148, 1, 6, "c-TwoCurve" }, /* 127 */ - { 0x01, 129, 0, 7, "c2pnb163v1" }, /* 128 */ - { 0x02, 130, 0, 7, "c2pnb163v2" }, /* 129 */ - { 0x03, 131, 0, 7, "c2pnb163v3" }, /* 130 */ - { 0x04, 132, 0, 7, "c2pnb176w1" }, /* 131 */ - { 0x05, 133, 0, 7, "c2tnb191v1" }, /* 132 */ - { 0x06, 134, 0, 7, "c2tnb191v2" }, /* 133 */ - { 0x07, 135, 0, 7, "c2tnb191v3" }, /* 134 */ - { 0x08, 136, 0, 7, "c2onb191v4" }, /* 135 */ - { 0x09, 137, 0, 7, "c2onb191v5" }, /* 136 */ - { 0x0A, 138, 0, 7, "c2pnb208w1" }, /* 137 */ - { 0x0B, 139, 0, 7, "c2tnb239v1" }, /* 138 */ - { 0x0C, 140, 0, 7, "c2tnb239v2" }, /* 139 */ - { 0x0D, 141, 0, 7, "c2tnb239v3" }, /* 140 */ - { 0x0E, 142, 0, 7, "c2onb239v4" }, /* 141 */ - { 0x0F, 143, 0, 7, "c2onb239v5" }, /* 142 */ - { 0x10, 144, 0, 7, "c2pnb272w1" }, /* 143 */ - { 0x11, 145, 0, 7, "c2pnb304w1" }, /* 144 */ - { 0x12, 146, 0, 7, "c2tnb359v1" }, /* 145 */ - { 0x13, 147, 0, 7, "c2pnb368w1" }, /* 146 */ - { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 147 */ - { 0x01, 0, 1, 6, "primeCurve" }, /* 148 */ - { 0x01, 150, 0, 7, "prime192v1" }, /* 149 */ - { 0x02, 151, 0, 7, "prime192v2" }, /* 150 */ - { 0x03, 152, 0, 7, "prime192v3" }, /* 151 */ - { 0x04, 153, 0, 7, "prime239v1" }, /* 152 */ - { 0x05, 154, 0, 7, "prime239v2" }, /* 153 */ - { 0x06, 155, 0, 7, "prime239v3" }, /* 154 */ - { 0x07, 0, 0, 7, "prime256v1" }, /* 155 */ - { 0x04, 0, 1, 5, "id-ecSigType" }, /* 156 */ - { 0x01, 158, 0, 6, "ecdsa-with-SHA1" }, /* 157 */ - { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 158 */ - { 0x01, 160, 0, 7, "ecdsa-with-SHA224" }, /* 159 */ - { 0x02, 161, 0, 7, "ecdsa-with-SHA256" }, /* 160 */ - { 0x03, 162, 0, 7, "ecdsa-with-SHA384" }, /* 161 */ - { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 162 */ - {0x2B, 314, 1, 0, "" }, /* 163 */ - { 0x06, 228, 1, 1, "dod" }, /* 164 */ - { 0x01, 0, 1, 2, "internet" }, /* 165 */ - { 0x04, 188, 1, 3, "private" }, /* 166 */ - { 0x01, 0, 1, 4, "enterprise" }, /* 167 */ - { 0x82, 181, 1, 5, "" }, /* 168 */ - { 0x37, 178, 1, 6, "Microsoft" }, /* 169 */ - { 0x0A, 174, 1, 7, "" }, /* 170 */ - { 0x03, 0, 1, 8, "" }, /* 171 */ - { 0x03, 173, 0, 9, "msSGC" }, /* 172 */ - { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 173 */ - { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 174 */ - { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 175 */ - { 0x02, 177, 0, 9, "msSmartcardLogon" }, /* 176 */ - { 0x03, 0, 0, 9, "msUPN" }, /* 177 */ - { 0xA0, 0, 1, 6, "" }, /* 178 */ - { 0x2A, 0, 1, 7, "ITA" }, /* 179 */ - { 0x01, 0, 0, 8, "strongSwan" }, /* 180 */ - { 0x89, 0, 1, 5, "" }, /* 181 */ - { 0x31, 0, 1, 6, "" }, /* 182 */ - { 0x01, 0, 1, 7, "" }, /* 183 */ - { 0x01, 0, 1, 8, "" }, /* 184 */ - { 0x02, 0, 1, 9, "" }, /* 185 */ - { 0x02, 0, 1, 10, "" }, /* 186 */ - { 0x4B, 0, 0, 11, "TCGID" }, /* 187 */ - { 0x05, 0, 1, 3, "security" }, /* 188 */ - { 0x05, 0, 1, 4, "mechanisms" }, /* 189 */ - { 0x07, 0, 1, 5, "id-pkix" }, /* 190 */ - { 0x01, 195, 1, 6, "id-pe" }, /* 191 */ - { 0x01, 193, 0, 7, "authorityInfoAccess" }, /* 192 */ - { 0x03, 194, 0, 7, "qcStatements" }, /* 193 */ - { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 194 */ - { 0x02, 198, 1, 6, "id-qt" }, /* 195 */ - { 0x01, 197, 0, 7, "cps" }, /* 196 */ - { 0x02, 0, 0, 7, "unotice" }, /* 197 */ - { 0x03, 208, 1, 6, "id-kp" }, /* 198 */ - { 0x01, 200, 0, 7, "serverAuth" }, /* 199 */ - { 0x02, 201, 0, 7, "clientAuth" }, /* 200 */ - { 0x03, 202, 0, 7, "codeSigning" }, /* 201 */ - { 0x04, 203, 0, 7, "emailProtection" }, /* 202 */ - { 0x05, 204, 0, 7, "ipsecEndSystem" }, /* 203 */ - { 0x06, 205, 0, 7, "ipsecTunnel" }, /* 204 */ - { 0x07, 206, 0, 7, "ipsecUser" }, /* 205 */ - { 0x08, 207, 0, 7, "timeStamping" }, /* 206 */ - { 0x09, 0, 0, 7, "ocspSigning" }, /* 207 */ - { 0x08, 210, 1, 6, "id-otherNames" }, /* 208 */ - { 0x05, 0, 0, 7, "xmppAddr" }, /* 209 */ - { 0x0A, 215, 1, 6, "id-aca" }, /* 210 */ - { 0x01, 212, 0, 7, "authenticationInfo" }, /* 211 */ - { 0x02, 213, 0, 7, "accessIdentity" }, /* 212 */ - { 0x03, 214, 0, 7, "chargingIdentity" }, /* 213 */ - { 0x04, 0, 0, 7, "group" }, /* 214 */ - { 0x0B, 216, 0, 6, "subjectInfoAccess" }, /* 215 */ - { 0x30, 0, 1, 6, "id-ad" }, /* 216 */ - { 0x01, 225, 1, 7, "ocsp" }, /* 217 */ - { 0x01, 219, 0, 8, "basic" }, /* 218 */ - { 0x02, 220, 0, 8, "nonce" }, /* 219 */ - { 0x03, 221, 0, 8, "crl" }, /* 220 */ - { 0x04, 222, 0, 8, "response" }, /* 221 */ - { 0x05, 223, 0, 8, "noCheck" }, /* 222 */ - { 0x06, 224, 0, 8, "archiveCutoff" }, /* 223 */ - { 0x07, 0, 0, 8, "serviceLocator" }, /* 224 */ - { 0x02, 226, 0, 7, "caIssuers" }, /* 225 */ - { 0x03, 227, 0, 7, "timeStamping" }, /* 226 */ - { 0x05, 0, 0, 7, "caRepository" }, /* 227 */ - { 0x0E, 234, 1, 1, "oiw" }, /* 228 */ - { 0x03, 0, 1, 2, "secsig" }, /* 229 */ - { 0x02, 0, 1, 3, "algorithms" }, /* 230 */ - { 0x07, 232, 0, 4, "des-cbc" }, /* 231 */ - { 0x1A, 233, 0, 4, "sha-1" }, /* 232 */ - { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 233 */ - { 0x24, 280, 1, 1, "TeleTrusT" }, /* 234 */ - { 0x03, 0, 1, 2, "algorithm" }, /* 235 */ - { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 236 */ - { 0x01, 241, 1, 4, "rsaSignature" }, /* 237 */ - { 0x02, 239, 0, 5, "rsaSigWithripemd160" }, /* 238 */ - { 0x03, 240, 0, 5, "rsaSigWithripemd128" }, /* 239 */ - { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 240 */ - { 0x02, 0, 1, 4, "ecSign" }, /* 241 */ - { 0x01, 243, 0, 5, "ecSignWithsha1" }, /* 242 */ - { 0x02, 244, 0, 5, "ecSignWithripemd160" }, /* 243 */ - { 0x03, 245, 0, 5, "ecSignWithmd2" }, /* 244 */ - { 0x04, 246, 0, 5, "ecSignWithmd5" }, /* 245 */ - { 0x05, 263, 1, 5, "ttt-ecg" }, /* 246 */ - { 0x01, 251, 1, 6, "fieldType" }, /* 247 */ - { 0x01, 0, 1, 7, "characteristictwoField" }, /* 248 */ - { 0x01, 0, 1, 8, "basisType" }, /* 249 */ - { 0x01, 0, 0, 9, "ipBasis" }, /* 250 */ - { 0x02, 253, 1, 6, "keyType" }, /* 251 */ - { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 252 */ - { 0x03, 254, 0, 6, "curve" }, /* 253 */ - { 0x04, 261, 1, 6, "signatures" }, /* 254 */ - { 0x01, 256, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 255 */ - { 0x02, 257, 0, 7, "ecgdsa-with-SHA1" }, /* 256 */ - { 0x03, 258, 0, 7, "ecgdsa-with-SHA224" }, /* 257 */ - { 0x04, 259, 0, 7, "ecgdsa-with-SHA256" }, /* 258 */ - { 0x05, 260, 0, 7, "ecgdsa-with-SHA384" }, /* 259 */ - { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 260 */ - { 0x05, 0, 1, 6, "module" }, /* 261 */ - { 0x01, 0, 0, 7, "1" }, /* 262 */ - { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 263 */ - { 0x01, 0, 1, 6, "ellipticCurve" }, /* 264 */ - { 0x01, 0, 1, 7, "versionOne" }, /* 265 */ - { 0x01, 267, 0, 8, "brainpoolP160r1" }, /* 266 */ - { 0x02, 268, 0, 8, "brainpoolP160t1" }, /* 267 */ - { 0x03, 269, 0, 8, "brainpoolP192r1" }, /* 268 */ - { 0x04, 270, 0, 8, "brainpoolP192t1" }, /* 269 */ - { 0x05, 271, 0, 8, "brainpoolP224r1" }, /* 270 */ - { 0x06, 272, 0, 8, "brainpoolP224t1" }, /* 271 */ - { 0x07, 273, 0, 8, "brainpoolP256r1" }, /* 272 */ - { 0x08, 274, 0, 8, "brainpoolP256t1" }, /* 273 */ - { 0x09, 275, 0, 8, "brainpoolP320r1" }, /* 274 */ - { 0x0A, 276, 0, 8, "brainpoolP320t1" }, /* 275 */ - { 0x0B, 277, 0, 8, "brainpoolP384r1" }, /* 276 */ - { 0x0C, 278, 0, 8, "brainpoolP384t1" }, /* 277 */ - { 0x0D, 279, 0, 8, "brainpoolP512r1" }, /* 278 */ - { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 279 */ - { 0x81, 0, 1, 1, "" }, /* 280 */ - { 0x04, 0, 1, 2, "Certicom" }, /* 281 */ - { 0x00, 0, 1, 3, "curve" }, /* 282 */ - { 0x01, 284, 0, 4, "sect163k1" }, /* 283 */ - { 0x02, 285, 0, 4, "sect163r1" }, /* 284 */ - { 0x03, 286, 0, 4, "sect239k1" }, /* 285 */ - { 0x04, 287, 0, 4, "sect113r1" }, /* 286 */ - { 0x05, 288, 0, 4, "sect113r2" }, /* 287 */ - { 0x06, 289, 0, 4, "secp112r1" }, /* 288 */ - { 0x07, 290, 0, 4, "secp112r2" }, /* 289 */ - { 0x08, 291, 0, 4, "secp160r1" }, /* 290 */ - { 0x09, 292, 0, 4, "secp160k1" }, /* 291 */ - { 0x0A, 293, 0, 4, "secp256k1" }, /* 292 */ - { 0x0F, 294, 0, 4, "sect163r2" }, /* 293 */ - { 0x10, 295, 0, 4, "sect283k1" }, /* 294 */ - { 0x11, 296, 0, 4, "sect283r1" }, /* 295 */ - { 0x16, 297, 0, 4, "sect131r1" }, /* 296 */ - { 0x17, 298, 0, 4, "sect131r2" }, /* 297 */ - { 0x18, 299, 0, 4, "sect193r1" }, /* 298 */ - { 0x19, 300, 0, 4, "sect193r2" }, /* 299 */ - { 0x1A, 301, 0, 4, "sect233k1" }, /* 300 */ - { 0x1B, 302, 0, 4, "sect233r1" }, /* 301 */ - { 0x1C, 303, 0, 4, "secp128r1" }, /* 302 */ - { 0x1D, 304, 0, 4, "secp128r2" }, /* 303 */ - { 0x1E, 305, 0, 4, "secp160r2" }, /* 304 */ - { 0x1F, 306, 0, 4, "secp192k1" }, /* 305 */ - { 0x20, 307, 0, 4, "secp224k1" }, /* 306 */ - { 0x21, 308, 0, 4, "secp224r1" }, /* 307 */ - { 0x22, 309, 0, 4, "secp384r1" }, /* 308 */ - { 0x23, 310, 0, 4, "secp521r1" }, /* 309 */ - { 0x24, 311, 0, 4, "sect409k1" }, /* 310 */ - { 0x25, 312, 0, 4, "sect409r1" }, /* 311 */ - { 0x26, 313, 0, 4, "sect571k1" }, /* 312 */ - { 0x27, 0, 0, 4, "sect571r1" }, /* 313 */ - {0x60, 360, 1, 0, "" }, /* 314 */ - { 0x86, 0, 1, 1, "" }, /* 315 */ - { 0x48, 0, 1, 2, "" }, /* 316 */ - { 0x01, 0, 1, 3, "organization" }, /* 317 */ - { 0x65, 336, 1, 4, "gov" }, /* 318 */ - { 0x03, 0, 1, 5, "csor" }, /* 319 */ - { 0x04, 0, 1, 6, "nistalgorithm" }, /* 320 */ - { 0x01, 331, 1, 7, "aes" }, /* 321 */ - { 0x02, 323, 0, 8, "id-aes128-CBC" }, /* 322 */ - { 0x06, 324, 0, 8, "id-aes128-GCM" }, /* 323 */ - { 0x07, 325, 0, 8, "id-aes128-CCM" }, /* 324 */ - { 0x16, 326, 0, 8, "id-aes192-CBC" }, /* 325 */ - { 0x1A, 327, 0, 8, "id-aes192-GCM" }, /* 326 */ - { 0x1B, 328, 0, 8, "id-aes192-CCM" }, /* 327 */ - { 0x2A, 329, 0, 8, "id-aes256-CBC" }, /* 328 */ - { 0x2E, 330, 0, 8, "id-aes256-GCM" }, /* 329 */ - { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 330 */ - { 0x02, 0, 1, 7, "hashalgs" }, /* 331 */ - { 0x01, 333, 0, 8, "id-SHA-256" }, /* 332 */ - { 0x02, 334, 0, 8, "id-SHA-384" }, /* 333 */ - { 0x03, 335, 0, 8, "id-SHA-512" }, /* 334 */ - { 0x04, 0, 0, 8, "id-SHA-224" }, /* 335 */ - { 0x86, 0, 1, 4, "" }, /* 336 */ - { 0xf8, 0, 1, 5, "" }, /* 337 */ - { 0x42, 350, 1, 6, "netscape" }, /* 338 */ - { 0x01, 345, 1, 7, "" }, /* 339 */ - { 0x01, 341, 0, 8, "nsCertType" }, /* 340 */ - { 0x03, 342, 0, 8, "nsRevocationUrl" }, /* 341 */ - { 0x04, 343, 0, 8, "nsCaRevocationUrl" }, /* 342 */ - { 0x08, 344, 0, 8, "nsCaPolicyUrl" }, /* 343 */ - { 0x0d, 0, 0, 8, "nsComment" }, /* 344 */ - { 0x03, 348, 1, 7, "directory" }, /* 345 */ - { 0x01, 0, 1, 8, "" }, /* 346 */ - { 0x03, 0, 0, 9, "employeeNumber" }, /* 347 */ - { 0x04, 0, 1, 7, "policy" }, /* 348 */ - { 0x01, 0, 0, 8, "nsSGC" }, /* 349 */ - { 0x45, 0, 1, 6, "verisign" }, /* 350 */ - { 0x01, 0, 1, 7, "pki" }, /* 351 */ - { 0x09, 0, 1, 8, "attributes" }, /* 352 */ - { 0x02, 354, 0, 9, "messageType" }, /* 353 */ - { 0x03, 355, 0, 9, "pkiStatus" }, /* 354 */ - { 0x04, 356, 0, 9, "failInfo" }, /* 355 */ - { 0x05, 357, 0, 9, "senderNonce" }, /* 356 */ - { 0x06, 358, 0, 9, "recipientNonce" }, /* 357 */ - { 0x07, 359, 0, 9, "transID" }, /* 358 */ - { 0x08, 0, 0, 9, "extensionReq" }, /* 359 */ - {0x67, 0, 1, 0, "" }, /* 360 */ - { 0x81, 0, 1, 1, "" }, /* 361 */ - { 0x05, 0, 1, 2, "" }, /* 362 */ - { 0x02, 0, 1, 3, "tcg-attribute" }, /* 363 */ - { 0x01, 365, 0, 4, "tcg-at-tpmManufacturer" }, /* 364 */ - { 0x02, 366, 0, 4, "tcg-at-tpmModel" }, /* 365 */ - { 0x03, 367, 0, 4, "tcg-at-tpmVersion" }, /* 366 */ - { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 367 */ + { 0x2E, 36, 0, 2, "dnQualifier" }, /* 35 */ + { 0x48, 0, 0, 2, "role" }, /* 36 */ + { 0x1D, 0, 1, 1, "id-ce" }, /* 37 */ + { 0x09, 39, 0, 2, "subjectDirectoryAttrs" }, /* 38 */ + { 0x0E, 40, 0, 2, "subjectKeyIdentifier" }, /* 39 */ + { 0x0F, 41, 0, 2, "keyUsage" }, /* 40 */ + { 0x10, 42, 0, 2, "privateKeyUsagePeriod" }, /* 41 */ + { 0x11, 43, 0, 2, "subjectAltName" }, /* 42 */ + { 0x12, 44, 0, 2, "issuerAltName" }, /* 43 */ + { 0x13, 45, 0, 2, "basicConstraints" }, /* 44 */ + { 0x14, 46, 0, 2, "crlNumber" }, /* 45 */ + { 0x15, 47, 0, 2, "reasonCode" }, /* 46 */ + { 0x17, 48, 0, 2, "holdInstructionCode" }, /* 47 */ + { 0x18, 49, 0, 2, "invalidityDate" }, /* 48 */ + { 0x1B, 50, 0, 2, "deltaCrlIndicator" }, /* 49 */ + { 0x1C, 51, 0, 2, "issuingDistributionPoint" }, /* 50 */ + { 0x1D, 52, 0, 2, "certificateIssuer" }, /* 51 */ + { 0x1E, 53, 0, 2, "nameConstraints" }, /* 52 */ + { 0x1F, 54, 0, 2, "crlDistributionPoints" }, /* 53 */ + { 0x20, 56, 1, 2, "certificatePolicies" }, /* 54 */ + { 0x00, 0, 0, 3, "anyPolicy" }, /* 55 */ + { 0x21, 57, 0, 2, "policyMappings" }, /* 56 */ + { 0x23, 58, 0, 2, "authorityKeyIdentifier" }, /* 57 */ + { 0x24, 59, 0, 2, "policyConstraints" }, /* 58 */ + { 0x25, 61, 1, 2, "extendedKeyUsage" }, /* 59 */ + { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 60 */ + { 0x2E, 62, 0, 2, "freshestCRL" }, /* 61 */ + { 0x36, 63, 0, 2, "inhibitAnyPolicy" }, /* 62 */ + { 0x37, 64, 0, 2, "targetInformation" }, /* 63 */ + { 0x38, 0, 0, 2, "noRevAvail" }, /* 64 */ + {0x2A, 169, 1, 0, "" }, /* 65 */ + { 0x83, 78, 1, 1, "" }, /* 66 */ + { 0x08, 0, 1, 2, "jp" }, /* 67 */ + { 0x8C, 0, 1, 3, "" }, /* 68 */ + { 0x9A, 0, 1, 4, "" }, /* 69 */ + { 0x4B, 0, 1, 5, "" }, /* 70 */ + { 0x3D, 0, 1, 6, "" }, /* 71 */ + { 0x01, 0, 1, 7, "security" }, /* 72 */ + { 0x01, 0, 1, 8, "algorithm" }, /* 73 */ + { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 74 */ + { 0x02, 76, 0, 10, "camellia128-cbc" }, /* 75 */ + { 0x03, 77, 0, 10, "camellia192-cbc" }, /* 76 */ + { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 77 */ + { 0x86, 0, 1, 1, "" }, /* 78 */ + { 0x48, 0, 1, 2, "us" }, /* 79 */ + { 0x86, 128, 1, 3, "" }, /* 80 */ + { 0xF6, 86, 1, 4, "" }, /* 81 */ + { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 82 */ + { 0x07, 0, 1, 6, "Entrust" }, /* 83 */ + { 0x41, 0, 1, 7, "nsn-ce" }, /* 84 */ + { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 85 */ + { 0xF7, 0, 1, 4, "" }, /* 86 */ + { 0x0D, 0, 1, 5, "RSADSI" }, /* 87 */ + { 0x01, 123, 1, 6, "PKCS" }, /* 88 */ + { 0x01, 100, 1, 7, "PKCS-1" }, /* 89 */ + { 0x01, 91, 0, 8, "rsaEncryption" }, /* 90 */ + { 0x02, 92, 0, 8, "md2WithRSAEncryption" }, /* 91 */ + { 0x04, 93, 0, 8, "md5WithRSAEncryption" }, /* 92 */ + { 0x05, 94, 0, 8, "sha-1WithRSAEncryption" }, /* 93 */ + { 0x07, 95, 0, 8, "id-RSAES-OAEP" }, /* 94 */ + { 0x09, 96, 0, 8, "id-pSpecified" }, /* 95 */ + { 0x0B, 97, 0, 8, "sha256WithRSAEncryption" }, /* 96 */ + { 0x0C, 98, 0, 8, "sha384WithRSAEncryption" }, /* 97 */ + { 0x0D, 99, 0, 8, "sha512WithRSAEncryption" }, /* 98 */ + { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 99 */ + { 0x05, 105, 1, 7, "PKCS-5" }, /* 100 */ + { 0x03, 102, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 101 */ + { 0x0A, 103, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 102 */ + { 0x0C, 104, 0, 8, "id-PBKDF2" }, /* 103 */ + { 0x0D, 0, 0, 8, "id-PBES2" }, /* 104 */ + { 0x07, 112, 1, 7, "PKCS-7" }, /* 105 */ + { 0x01, 107, 0, 8, "data" }, /* 106 */ + { 0x02, 108, 0, 8, "signedData" }, /* 107 */ + { 0x03, 109, 0, 8, "envelopedData" }, /* 108 */ + { 0x04, 110, 0, 8, "signedAndEnvelopedData" }, /* 109 */ + { 0x05, 111, 0, 8, "digestedData" }, /* 110 */ + { 0x06, 0, 0, 8, "encryptedData" }, /* 111 */ + { 0x09, 0, 1, 7, "PKCS-9" }, /* 112 */ + { 0x01, 114, 0, 8, "E" }, /* 113 */ + { 0x02, 115, 0, 8, "unstructuredName" }, /* 114 */ + { 0x03, 116, 0, 8, "contentType" }, /* 115 */ + { 0x04, 117, 0, 8, "messageDigest" }, /* 116 */ + { 0x05, 118, 0, 8, "signingTime" }, /* 117 */ + { 0x06, 119, 0, 8, "counterSignature" }, /* 118 */ + { 0x07, 120, 0, 8, "challengePassword" }, /* 119 */ + { 0x08, 121, 0, 8, "unstructuredAddress" }, /* 120 */ + { 0x0E, 122, 0, 8, "extensionRequest" }, /* 121 */ + { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 122 */ + { 0x02, 126, 1, 6, "digestAlgorithm" }, /* 123 */ + { 0x02, 125, 0, 7, "md2" }, /* 124 */ + { 0x05, 0, 0, 7, "md5" }, /* 125 */ + { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 126 */ + { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 127 */ + { 0xCE, 0, 1, 3, "" }, /* 128 */ + { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 129 */ + { 0x02, 132, 1, 5, "id-publicKeyType" }, /* 130 */ + { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 131 */ + { 0x03, 162, 1, 5, "ellipticCurve" }, /* 132 */ + { 0x00, 154, 1, 6, "c-TwoCurve" }, /* 133 */ + { 0x01, 135, 0, 7, "c2pnb163v1" }, /* 134 */ + { 0x02, 136, 0, 7, "c2pnb163v2" }, /* 135 */ + { 0x03, 137, 0, 7, "c2pnb163v3" }, /* 136 */ + { 0x04, 138, 0, 7, "c2pnb176w1" }, /* 137 */ + { 0x05, 139, 0, 7, "c2tnb191v1" }, /* 138 */ + { 0x06, 140, 0, 7, "c2tnb191v2" }, /* 139 */ + { 0x07, 141, 0, 7, "c2tnb191v3" }, /* 140 */ + { 0x08, 142, 0, 7, "c2onb191v4" }, /* 141 */ + { 0x09, 143, 0, 7, "c2onb191v5" }, /* 142 */ + { 0x0A, 144, 0, 7, "c2pnb208w1" }, /* 143 */ + { 0x0B, 145, 0, 7, "c2tnb239v1" }, /* 144 */ + { 0x0C, 146, 0, 7, "c2tnb239v2" }, /* 145 */ + { 0x0D, 147, 0, 7, "c2tnb239v3" }, /* 146 */ + { 0x0E, 148, 0, 7, "c2onb239v4" }, /* 147 */ + { 0x0F, 149, 0, 7, "c2onb239v5" }, /* 148 */ + { 0x10, 150, 0, 7, "c2pnb272w1" }, /* 149 */ + { 0x11, 151, 0, 7, "c2pnb304w1" }, /* 150 */ + { 0x12, 152, 0, 7, "c2tnb359v1" }, /* 151 */ + { 0x13, 153, 0, 7, "c2pnb368w1" }, /* 152 */ + { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 153 */ + { 0x01, 0, 1, 6, "primeCurve" }, /* 154 */ + { 0x01, 156, 0, 7, "prime192v1" }, /* 155 */ + { 0x02, 157, 0, 7, "prime192v2" }, /* 156 */ + { 0x03, 158, 0, 7, "prime192v3" }, /* 157 */ + { 0x04, 159, 0, 7, "prime239v1" }, /* 158 */ + { 0x05, 160, 0, 7, "prime239v2" }, /* 159 */ + { 0x06, 161, 0, 7, "prime239v3" }, /* 160 */ + { 0x07, 0, 0, 7, "prime256v1" }, /* 161 */ + { 0x04, 0, 1, 5, "id-ecSigType" }, /* 162 */ + { 0x01, 164, 0, 6, "ecdsa-with-SHA1" }, /* 163 */ + { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 164 */ + { 0x01, 166, 0, 7, "ecdsa-with-SHA224" }, /* 165 */ + { 0x02, 167, 0, 7, "ecdsa-with-SHA256" }, /* 166 */ + { 0x03, 168, 0, 7, "ecdsa-with-SHA384" }, /* 167 */ + { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 168 */ + {0x2B, 320, 1, 0, "" }, /* 169 */ + { 0x06, 234, 1, 1, "dod" }, /* 170 */ + { 0x01, 0, 1, 2, "internet" }, /* 171 */ + { 0x04, 194, 1, 3, "private" }, /* 172 */ + { 0x01, 0, 1, 4, "enterprise" }, /* 173 */ + { 0x82, 187, 1, 5, "" }, /* 174 */ + { 0x37, 184, 1, 6, "Microsoft" }, /* 175 */ + { 0x0A, 180, 1, 7, "" }, /* 176 */ + { 0x03, 0, 1, 8, "" }, /* 177 */ + { 0x03, 179, 0, 9, "msSGC" }, /* 178 */ + { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 179 */ + { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 180 */ + { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 181 */ + { 0x02, 183, 0, 9, "msSmartcardLogon" }, /* 182 */ + { 0x03, 0, 0, 9, "msUPN" }, /* 183 */ + { 0xA0, 0, 1, 6, "" }, /* 184 */ + { 0x2A, 0, 1, 7, "ITA" }, /* 185 */ + { 0x01, 0, 0, 8, "strongSwan" }, /* 186 */ + { 0x89, 0, 1, 5, "" }, /* 187 */ + { 0x31, 0, 1, 6, "" }, /* 188 */ + { 0x01, 0, 1, 7, "" }, /* 189 */ + { 0x01, 0, 1, 8, "" }, /* 190 */ + { 0x02, 0, 1, 9, "" }, /* 191 */ + { 0x02, 0, 1, 10, "" }, /* 192 */ + { 0x4B, 0, 0, 11, "TCGID" }, /* 193 */ + { 0x05, 0, 1, 3, "security" }, /* 194 */ + { 0x05, 0, 1, 4, "mechanisms" }, /* 195 */ + { 0x07, 0, 1, 5, "id-pkix" }, /* 196 */ + { 0x01, 201, 1, 6, "id-pe" }, /* 197 */ + { 0x01, 199, 0, 7, "authorityInfoAccess" }, /* 198 */ + { 0x03, 200, 0, 7, "qcStatements" }, /* 199 */ + { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 200 */ + { 0x02, 204, 1, 6, "id-qt" }, /* 201 */ + { 0x01, 203, 0, 7, "cps" }, /* 202 */ + { 0x02, 0, 0, 7, "unotice" }, /* 203 */ + { 0x03, 214, 1, 6, "id-kp" }, /* 204 */ + { 0x01, 206, 0, 7, "serverAuth" }, /* 205 */ + { 0x02, 207, 0, 7, "clientAuth" }, /* 206 */ + { 0x03, 208, 0, 7, "codeSigning" }, /* 207 */ + { 0x04, 209, 0, 7, "emailProtection" }, /* 208 */ + { 0x05, 210, 0, 7, "ipsecEndSystem" }, /* 209 */ + { 0x06, 211, 0, 7, "ipsecTunnel" }, /* 210 */ + { 0x07, 212, 0, 7, "ipsecUser" }, /* 211 */ + { 0x08, 213, 0, 7, "timeStamping" }, /* 212 */ + { 0x09, 0, 0, 7, "ocspSigning" }, /* 213 */ + { 0x08, 216, 1, 6, "id-otherNames" }, /* 214 */ + { 0x05, 0, 0, 7, "xmppAddr" }, /* 215 */ + { 0x0A, 221, 1, 6, "id-aca" }, /* 216 */ + { 0x01, 218, 0, 7, "authenticationInfo" }, /* 217 */ + { 0x02, 219, 0, 7, "accessIdentity" }, /* 218 */ + { 0x03, 220, 0, 7, "chargingIdentity" }, /* 219 */ + { 0x04, 0, 0, 7, "group" }, /* 220 */ + { 0x0B, 222, 0, 6, "subjectInfoAccess" }, /* 221 */ + { 0x30, 0, 1, 6, "id-ad" }, /* 222 */ + { 0x01, 231, 1, 7, "ocsp" }, /* 223 */ + { 0x01, 225, 0, 8, "basic" }, /* 224 */ + { 0x02, 226, 0, 8, "nonce" }, /* 225 */ + { 0x03, 227, 0, 8, "crl" }, /* 226 */ + { 0x04, 228, 0, 8, "response" }, /* 227 */ + { 0x05, 229, 0, 8, "noCheck" }, /* 228 */ + { 0x06, 230, 0, 8, "archiveCutoff" }, /* 229 */ + { 0x07, 0, 0, 8, "serviceLocator" }, /* 230 */ + { 0x02, 232, 0, 7, "caIssuers" }, /* 231 */ + { 0x03, 233, 0, 7, "timeStamping" }, /* 232 */ + { 0x05, 0, 0, 7, "caRepository" }, /* 233 */ + { 0x0E, 240, 1, 1, "oiw" }, /* 234 */ + { 0x03, 0, 1, 2, "secsig" }, /* 235 */ + { 0x02, 0, 1, 3, "algorithms" }, /* 236 */ + { 0x07, 238, 0, 4, "des-cbc" }, /* 237 */ + { 0x1A, 239, 0, 4, "sha-1" }, /* 238 */ + { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 239 */ + { 0x24, 286, 1, 1, "TeleTrusT" }, /* 240 */ + { 0x03, 0, 1, 2, "algorithm" }, /* 241 */ + { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 242 */ + { 0x01, 247, 1, 4, "rsaSignature" }, /* 243 */ + { 0x02, 245, 0, 5, "rsaSigWithripemd160" }, /* 244 */ + { 0x03, 246, 0, 5, "rsaSigWithripemd128" }, /* 245 */ + { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 246 */ + { 0x02, 0, 1, 4, "ecSign" }, /* 247 */ + { 0x01, 249, 0, 5, "ecSignWithsha1" }, /* 248 */ + { 0x02, 250, 0, 5, "ecSignWithripemd160" }, /* 249 */ + { 0x03, 251, 0, 5, "ecSignWithmd2" }, /* 250 */ + { 0x04, 252, 0, 5, "ecSignWithmd5" }, /* 251 */ + { 0x05, 269, 1, 5, "ttt-ecg" }, /* 252 */ + { 0x01, 257, 1, 6, "fieldType" }, /* 253 */ + { 0x01, 0, 1, 7, "characteristictwoField" }, /* 254 */ + { 0x01, 0, 1, 8, "basisType" }, /* 255 */ + { 0x01, 0, 0, 9, "ipBasis" }, /* 256 */ + { 0x02, 259, 1, 6, "keyType" }, /* 257 */ + { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 258 */ + { 0x03, 260, 0, 6, "curve" }, /* 259 */ + { 0x04, 267, 1, 6, "signatures" }, /* 260 */ + { 0x01, 262, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 261 */ + { 0x02, 263, 0, 7, "ecgdsa-with-SHA1" }, /* 262 */ + { 0x03, 264, 0, 7, "ecgdsa-with-SHA224" }, /* 263 */ + { 0x04, 265, 0, 7, "ecgdsa-with-SHA256" }, /* 264 */ + { 0x05, 266, 0, 7, "ecgdsa-with-SHA384" }, /* 265 */ + { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 266 */ + { 0x05, 0, 1, 6, "module" }, /* 267 */ + { 0x01, 0, 0, 7, "1" }, /* 268 */ + { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 269 */ + { 0x01, 0, 1, 6, "ellipticCurve" }, /* 270 */ + { 0x01, 0, 1, 7, "versionOne" }, /* 271 */ + { 0x01, 273, 0, 8, "brainpoolP160r1" }, /* 272 */ + { 0x02, 274, 0, 8, "brainpoolP160t1" }, /* 273 */ + { 0x03, 275, 0, 8, "brainpoolP192r1" }, /* 274 */ + { 0x04, 276, 0, 8, "brainpoolP192t1" }, /* 275 */ + { 0x05, 277, 0, 8, "brainpoolP224r1" }, /* 276 */ + { 0x06, 278, 0, 8, "brainpoolP224t1" }, /* 277 */ + { 0x07, 279, 0, 8, "brainpoolP256r1" }, /* 278 */ + { 0x08, 280, 0, 8, "brainpoolP256t1" }, /* 279 */ + { 0x09, 281, 0, 8, "brainpoolP320r1" }, /* 280 */ + { 0x0A, 282, 0, 8, "brainpoolP320t1" }, /* 281 */ + { 0x0B, 283, 0, 8, "brainpoolP384r1" }, /* 282 */ + { 0x0C, 284, 0, 8, "brainpoolP384t1" }, /* 283 */ + { 0x0D, 285, 0, 8, "brainpoolP512r1" }, /* 284 */ + { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 285 */ + { 0x81, 0, 1, 1, "" }, /* 286 */ + { 0x04, 0, 1, 2, "Certicom" }, /* 287 */ + { 0x00, 0, 1, 3, "curve" }, /* 288 */ + { 0x01, 290, 0, 4, "sect163k1" }, /* 289 */ + { 0x02, 291, 0, 4, "sect163r1" }, /* 290 */ + { 0x03, 292, 0, 4, "sect239k1" }, /* 291 */ + { 0x04, 293, 0, 4, "sect113r1" }, /* 292 */ + { 0x05, 294, 0, 4, "sect113r2" }, /* 293 */ + { 0x06, 295, 0, 4, "secp112r1" }, /* 294 */ + { 0x07, 296, 0, 4, "secp112r2" }, /* 295 */ + { 0x08, 297, 0, 4, "secp160r1" }, /* 296 */ + { 0x09, 298, 0, 4, "secp160k1" }, /* 297 */ + { 0x0A, 299, 0, 4, "secp256k1" }, /* 298 */ + { 0x0F, 300, 0, 4, "sect163r2" }, /* 299 */ + { 0x10, 301, 0, 4, "sect283k1" }, /* 300 */ + { 0x11, 302, 0, 4, "sect283r1" }, /* 301 */ + { 0x16, 303, 0, 4, "sect131r1" }, /* 302 */ + { 0x17, 304, 0, 4, "sect131r2" }, /* 303 */ + { 0x18, 305, 0, 4, "sect193r1" }, /* 304 */ + { 0x19, 306, 0, 4, "sect193r2" }, /* 305 */ + { 0x1A, 307, 0, 4, "sect233k1" }, /* 306 */ + { 0x1B, 308, 0, 4, "sect233r1" }, /* 307 */ + { 0x1C, 309, 0, 4, "secp128r1" }, /* 308 */ + { 0x1D, 310, 0, 4, "secp128r2" }, /* 309 */ + { 0x1E, 311, 0, 4, "secp160r2" }, /* 310 */ + { 0x1F, 312, 0, 4, "secp192k1" }, /* 311 */ + { 0x20, 313, 0, 4, "secp224k1" }, /* 312 */ + { 0x21, 314, 0, 4, "secp224r1" }, /* 313 */ + { 0x22, 315, 0, 4, "secp384r1" }, /* 314 */ + { 0x23, 316, 0, 4, "secp521r1" }, /* 315 */ + { 0x24, 317, 0, 4, "sect409k1" }, /* 316 */ + { 0x25, 318, 0, 4, "sect409r1" }, /* 317 */ + { 0x26, 319, 0, 4, "sect571k1" }, /* 318 */ + { 0x27, 0, 0, 4, "sect571r1" }, /* 319 */ + {0x60, 366, 1, 0, "" }, /* 320 */ + { 0x86, 0, 1, 1, "" }, /* 321 */ + { 0x48, 0, 1, 2, "" }, /* 322 */ + { 0x01, 0, 1, 3, "organization" }, /* 323 */ + { 0x65, 342, 1, 4, "gov" }, /* 324 */ + { 0x03, 0, 1, 5, "csor" }, /* 325 */ + { 0x04, 0, 1, 6, "nistalgorithm" }, /* 326 */ + { 0x01, 337, 1, 7, "aes" }, /* 327 */ + { 0x02, 329, 0, 8, "id-aes128-CBC" }, /* 328 */ + { 0x06, 330, 0, 8, "id-aes128-GCM" }, /* 329 */ + { 0x07, 331, 0, 8, "id-aes128-CCM" }, /* 330 */ + { 0x16, 332, 0, 8, "id-aes192-CBC" }, /* 331 */ + { 0x1A, 333, 0, 8, "id-aes192-GCM" }, /* 332 */ + { 0x1B, 334, 0, 8, "id-aes192-CCM" }, /* 333 */ + { 0x2A, 335, 0, 8, "id-aes256-CBC" }, /* 334 */ + { 0x2E, 336, 0, 8, "id-aes256-GCM" }, /* 335 */ + { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 336 */ + { 0x02, 0, 1, 7, "hashalgs" }, /* 337 */ + { 0x01, 339, 0, 8, "id-SHA-256" }, /* 338 */ + { 0x02, 340, 0, 8, "id-SHA-384" }, /* 339 */ + { 0x03, 341, 0, 8, "id-SHA-512" }, /* 340 */ + { 0x04, 0, 0, 8, "id-SHA-224" }, /* 341 */ + { 0x86, 0, 1, 4, "" }, /* 342 */ + { 0xf8, 0, 1, 5, "" }, /* 343 */ + { 0x42, 356, 1, 6, "netscape" }, /* 344 */ + { 0x01, 351, 1, 7, "" }, /* 345 */ + { 0x01, 347, 0, 8, "nsCertType" }, /* 346 */ + { 0x03, 348, 0, 8, "nsRevocationUrl" }, /* 347 */ + { 0x04, 349, 0, 8, "nsCaRevocationUrl" }, /* 348 */ + { 0x08, 350, 0, 8, "nsCaPolicyUrl" }, /* 349 */ + { 0x0d, 0, 0, 8, "nsComment" }, /* 350 */ + { 0x03, 354, 1, 7, "directory" }, /* 351 */ + { 0x01, 0, 1, 8, "" }, /* 352 */ + { 0x03, 0, 0, 9, "employeeNumber" }, /* 353 */ + { 0x04, 0, 1, 7, "policy" }, /* 354 */ + { 0x01, 0, 0, 8, "nsSGC" }, /* 355 */ + { 0x45, 0, 1, 6, "verisign" }, /* 356 */ + { 0x01, 0, 1, 7, "pki" }, /* 357 */ + { 0x09, 0, 1, 8, "attributes" }, /* 358 */ + { 0x02, 360, 0, 9, "messageType" }, /* 359 */ + { 0x03, 361, 0, 9, "pkiStatus" }, /* 360 */ + { 0x04, 362, 0, 9, "failInfo" }, /* 361 */ + { 0x05, 363, 0, 9, "senderNonce" }, /* 362 */ + { 0x06, 364, 0, 9, "recipientNonce" }, /* 363 */ + { 0x07, 365, 0, 9, "transID" }, /* 364 */ + { 0x08, 0, 0, 9, "extensionReq" }, /* 365 */ + {0x67, 0, 1, 0, "" }, /* 366 */ + { 0x81, 0, 1, 1, "" }, /* 367 */ + { 0x05, 0, 1, 2, "" }, /* 368 */ + { 0x02, 0, 1, 3, "tcg-attribute" }, /* 369 */ + { 0x01, 371, 0, 4, "tcg-at-tpmManufacturer" }, /* 370 */ + { 0x02, 372, 0, 4, "tcg-at-tpmModel" }, /* 371 */ + { 0x03, 373, 0, 4, "tcg-at-tpmVersion" }, /* 372 */ + { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 373 */ }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index 61db061f7..a01c434a9 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -39,182 +39,187 @@ extern const oid_t oid_names[]; #define OID_GIVEN_NAME 32 #define OID_INITIALS 33 #define OID_UNIQUE_IDENTIFIER 34 -#define OID_ROLE 35 -#define OID_SUBJECT_KEY_ID 38 -#define OID_KEY_USAGE 39 -#define OID_SUBJECT_ALT_NAME 41 -#define OID_BASIC_CONSTRAINTS 43 -#define OID_CRL_NUMBER 44 -#define OID_CRL_REASON_CODE 45 -#define OID_DELTA_CRL_INDICATOR 48 -#define OID_NAME_CONSTRAINTS 51 -#define OID_CRL_DISTRIBUTION_POINTS 52 -#define OID_CERTIFICATE_POLICIES 53 -#define OID_ANY_POLICY 54 -#define OID_POLICY_MAPPINGS 55 -#define OID_AUTHORITY_KEY_ID 56 -#define OID_POLICY_CONSTRAINTS 57 -#define OID_EXTENDED_KEY_USAGE 58 -#define OID_FRESHEST_CRL 60 -#define OID_INHIBIT_ANY_POLICY 61 -#define OID_TARGET_INFORMATION 62 -#define OID_NO_REV_AVAIL 63 -#define OID_CAMELLIA128_CBC 74 -#define OID_CAMELLIA192_CBC 75 -#define OID_CAMELLIA256_CBC 76 -#define OID_RSA_ENCRYPTION 89 -#define OID_MD2_WITH_RSA 90 -#define OID_MD5_WITH_RSA 91 -#define OID_SHA1_WITH_RSA 92 -#define OID_RSAES_OAEP 93 -#define OID_SHA256_WITH_RSA 95 -#define OID_SHA384_WITH_RSA 96 -#define OID_SHA512_WITH_RSA 97 -#define OID_SHA224_WITH_RSA 98 -#define OID_PKCS7_DATA 100 -#define OID_PKCS7_SIGNED_DATA 101 -#define OID_PKCS7_ENVELOPED_DATA 102 -#define OID_PKCS7_SIGNED_ENVELOPED_DATA 103 -#define OID_PKCS7_DIGESTED_DATA 104 -#define OID_PKCS7_ENCRYPTED_DATA 105 -#define OID_EMAIL_ADDRESS 107 -#define OID_UNSTRUCTURED_NAME 108 -#define OID_PKCS9_CONTENT_TYPE 109 -#define OID_PKCS9_MESSAGE_DIGEST 110 -#define OID_PKCS9_SIGNING_TIME 111 -#define OID_CHALLENGE_PASSWORD 113 -#define OID_UNSTRUCTURED_ADDRESS 114 -#define OID_EXTENSION_REQUEST 115 -#define OID_MD2 118 -#define OID_MD5 119 -#define OID_3DES_EDE_CBC 121 -#define OID_EC_PUBLICKEY 125 -#define OID_C2PNB163V1 128 -#define OID_C2PNB163V2 129 -#define OID_C2PNB163V3 130 -#define OID_C2PNB176W1 131 -#define OID_C2PNB191V1 132 -#define OID_C2PNB191V2 133 -#define OID_C2PNB191V3 134 -#define OID_C2PNB191V4 135 -#define OID_C2PNB191V5 136 -#define OID_C2PNB208W1 137 -#define OID_C2PNB239V1 138 -#define OID_C2PNB239V2 139 -#define OID_C2PNB239V3 140 -#define OID_C2PNB239V4 141 -#define OID_C2PNB239V5 142 -#define OID_C2PNB272W1 143 -#define OID_C2PNB304W1 144 -#define OID_C2PNB359V1 145 -#define OID_C2PNB368W1 146 -#define OID_C2PNB431R1 147 -#define OID_PRIME192V1 149 -#define OID_PRIME192V2 150 -#define OID_PRIME192V3 151 -#define OID_PRIME239V1 152 -#define OID_PRIME239V2 153 -#define OID_PRIME239V3 154 -#define OID_PRIME256V1 155 -#define OID_ECDSA_WITH_SHA1 157 -#define OID_ECDSA_WITH_SHA224 159 -#define OID_ECDSA_WITH_SHA256 160 -#define OID_ECDSA_WITH_SHA384 161 -#define OID_ECDSA_WITH_SHA512 162 -#define OID_USER_PRINCIPAL_NAME 177 -#define OID_STRONGSWAN 180 -#define OID_TCGID 187 -#define OID_AUTHORITY_INFO_ACCESS 192 -#define OID_IP_ADDR_BLOCKS 194 -#define OID_POLICY_QUALIFIER_CPS 196 -#define OID_POLICY_QUALIFIER_UNOTICE 197 -#define OID_SERVER_AUTH 199 -#define OID_CLIENT_AUTH 200 -#define OID_OCSP_SIGNING 207 -#define OID_XMPP_ADDR 209 -#define OID_AUTHENTICATION_INFO 211 -#define OID_ACCESS_IDENTITY 212 -#define OID_CHARGING_IDENTITY 213 -#define OID_GROUP 214 -#define OID_OCSP 217 -#define OID_BASIC 218 -#define OID_NONCE 219 -#define OID_CRL 220 -#define OID_RESPONSE 221 -#define OID_NO_CHECK 222 -#define OID_ARCHIVE_CUTOFF 223 -#define OID_SERVICE_LOCATOR 224 -#define OID_CA_ISSUERS 225 -#define OID_DES_CBC 231 -#define OID_SHA1 232 -#define OID_SHA1_WITH_RSA_OIW 233 -#define OID_ECGDSA_PUBKEY 252 -#define OID_ECGDSA_SIG_WITH_RIPEMD160 255 -#define OID_ECGDSA_SIG_WITH_SHA1 256 -#define OID_ECGDSA_SIG_WITH_SHA224 257 -#define OID_ECGDSA_SIG_WITH_SHA256 258 -#define OID_ECGDSA_SIG_WITH_SHA384 259 -#define OID_ECGDSA_SIG_WITH_SHA512 260 -#define OID_SECT163K1 283 -#define OID_SECT163R1 284 -#define OID_SECT239K1 285 -#define OID_SECT113R1 286 -#define OID_SECT113R2 287 -#define OID_SECT112R1 288 -#define OID_SECT112R2 289 -#define OID_SECT160R1 290 -#define OID_SECT160K1 291 -#define OID_SECT256K1 292 -#define OID_SECT163R2 293 -#define OID_SECT283K1 294 -#define OID_SECT283R1 295 -#define OID_SECT131R1 296 -#define OID_SECT131R2 297 -#define OID_SECT193R1 298 -#define OID_SECT193R2 299 -#define OID_SECT233K1 300 -#define OID_SECT233R1 301 -#define OID_SECT128R1 302 -#define OID_SECT128R2 303 -#define OID_SECT160R2 304 -#define OID_SECT192K1 305 -#define OID_SECT224K1 306 -#define OID_SECT224R1 307 -#define OID_SECT384R1 308 -#define OID_SECT521R1 309 -#define OID_SECT409K1 310 -#define OID_SECT409R1 311 -#define OID_SECT571K1 312 -#define OID_SECT571R1 313 -#define OID_AES128_CBC 322 -#define OID_AES128_GCM 323 -#define OID_AES128_CCM 324 -#define OID_AES192_CBC 325 -#define OID_AES192_GCM 326 -#define OID_AES192_CCM 327 -#define OID_AES256_CBC 328 -#define OID_AES256_GCM 329 -#define OID_AES256_CCM 330 -#define OID_SHA256 332 -#define OID_SHA384 333 -#define OID_SHA512 334 -#define OID_SHA224 335 -#define OID_NS_REVOCATION_URL 341 -#define OID_NS_CA_REVOCATION_URL 342 -#define OID_NS_CA_POLICY_URL 343 -#define OID_NS_COMMENT 344 -#define OID_EMPLOYEE_NUMBER 347 -#define OID_PKI_MESSAGE_TYPE 353 -#define OID_PKI_STATUS 354 -#define OID_PKI_FAIL_INFO 355 -#define OID_PKI_SENDER_NONCE 356 -#define OID_PKI_RECIPIENT_NONCE 357 -#define OID_PKI_TRANS_ID 358 -#define OID_TPM_MANUFACTURER 364 -#define OID_TPM_MODEL 365 -#define OID_TPM_VERSION 366 -#define OID_TPM_ID_LABEL 367 +#define OID_DN_QUALIFIER 35 +#define OID_ROLE 36 +#define OID_SUBJECT_KEY_ID 39 +#define OID_KEY_USAGE 40 +#define OID_SUBJECT_ALT_NAME 42 +#define OID_BASIC_CONSTRAINTS 44 +#define OID_CRL_NUMBER 45 +#define OID_CRL_REASON_CODE 46 +#define OID_DELTA_CRL_INDICATOR 49 +#define OID_NAME_CONSTRAINTS 52 +#define OID_CRL_DISTRIBUTION_POINTS 53 +#define OID_CERTIFICATE_POLICIES 54 +#define OID_ANY_POLICY 55 +#define OID_POLICY_MAPPINGS 56 +#define OID_AUTHORITY_KEY_ID 57 +#define OID_POLICY_CONSTRAINTS 58 +#define OID_EXTENDED_KEY_USAGE 59 +#define OID_FRESHEST_CRL 61 +#define OID_INHIBIT_ANY_POLICY 62 +#define OID_TARGET_INFORMATION 63 +#define OID_NO_REV_AVAIL 64 +#define OID_CAMELLIA128_CBC 75 +#define OID_CAMELLIA192_CBC 76 +#define OID_CAMELLIA256_CBC 77 +#define OID_RSA_ENCRYPTION 90 +#define OID_MD2_WITH_RSA 91 +#define OID_MD5_WITH_RSA 92 +#define OID_SHA1_WITH_RSA 93 +#define OID_RSAES_OAEP 94 +#define OID_SHA256_WITH_RSA 96 +#define OID_SHA384_WITH_RSA 97 +#define OID_SHA512_WITH_RSA 98 +#define OID_SHA224_WITH_RSA 99 +#define OID_PBE_MD5_DES_CBC 101 +#define OID_PBE_SHA1_DES_CBC 102 +#define OID_PBKDF2 103 +#define OID_PBES2 104 +#define OID_PKCS7_DATA 106 +#define OID_PKCS7_SIGNED_DATA 107 +#define OID_PKCS7_ENVELOPED_DATA 108 +#define OID_PKCS7_SIGNED_ENVELOPED_DATA 109 +#define OID_PKCS7_DIGESTED_DATA 110 +#define OID_PKCS7_ENCRYPTED_DATA 111 +#define OID_EMAIL_ADDRESS 113 +#define OID_UNSTRUCTURED_NAME 114 +#define OID_PKCS9_CONTENT_TYPE 115 +#define OID_PKCS9_MESSAGE_DIGEST 116 +#define OID_PKCS9_SIGNING_TIME 117 +#define OID_CHALLENGE_PASSWORD 119 +#define OID_UNSTRUCTURED_ADDRESS 120 +#define OID_EXTENSION_REQUEST 121 +#define OID_MD2 124 +#define OID_MD5 125 +#define OID_3DES_EDE_CBC 127 +#define OID_EC_PUBLICKEY 131 +#define OID_C2PNB163V1 134 +#define OID_C2PNB163V2 135 +#define OID_C2PNB163V3 136 +#define OID_C2PNB176W1 137 +#define OID_C2PNB191V1 138 +#define OID_C2PNB191V2 139 +#define OID_C2PNB191V3 140 +#define OID_C2PNB191V4 141 +#define OID_C2PNB191V5 142 +#define OID_C2PNB208W1 143 +#define OID_C2PNB239V1 144 +#define OID_C2PNB239V2 145 +#define OID_C2PNB239V3 146 +#define OID_C2PNB239V4 147 +#define OID_C2PNB239V5 148 +#define OID_C2PNB272W1 149 +#define OID_C2PNB304W1 150 +#define OID_C2PNB359V1 151 +#define OID_C2PNB368W1 152 +#define OID_C2PNB431R1 153 +#define OID_PRIME192V1 155 +#define OID_PRIME192V2 156 +#define OID_PRIME192V3 157 +#define OID_PRIME239V1 158 +#define OID_PRIME239V2 159 +#define OID_PRIME239V3 160 +#define OID_PRIME256V1 161 +#define OID_ECDSA_WITH_SHA1 163 +#define OID_ECDSA_WITH_SHA224 165 +#define OID_ECDSA_WITH_SHA256 166 +#define OID_ECDSA_WITH_SHA384 167 +#define OID_ECDSA_WITH_SHA512 168 +#define OID_USER_PRINCIPAL_NAME 183 +#define OID_STRONGSWAN 186 +#define OID_TCGID 193 +#define OID_AUTHORITY_INFO_ACCESS 198 +#define OID_IP_ADDR_BLOCKS 200 +#define OID_POLICY_QUALIFIER_CPS 202 +#define OID_POLICY_QUALIFIER_UNOTICE 203 +#define OID_SERVER_AUTH 205 +#define OID_CLIENT_AUTH 206 +#define OID_OCSP_SIGNING 213 +#define OID_XMPP_ADDR 215 +#define OID_AUTHENTICATION_INFO 217 +#define OID_ACCESS_IDENTITY 218 +#define OID_CHARGING_IDENTITY 219 +#define OID_GROUP 220 +#define OID_OCSP 223 +#define OID_BASIC 224 +#define OID_NONCE 225 +#define OID_CRL 226 +#define OID_RESPONSE 227 +#define OID_NO_CHECK 228 +#define OID_ARCHIVE_CUTOFF 229 +#define OID_SERVICE_LOCATOR 230 +#define OID_CA_ISSUERS 231 +#define OID_DES_CBC 237 +#define OID_SHA1 238 +#define OID_SHA1_WITH_RSA_OIW 239 +#define OID_ECGDSA_PUBKEY 258 +#define OID_ECGDSA_SIG_WITH_RIPEMD160 261 +#define OID_ECGDSA_SIG_WITH_SHA1 262 +#define OID_ECGDSA_SIG_WITH_SHA224 263 +#define OID_ECGDSA_SIG_WITH_SHA256 264 +#define OID_ECGDSA_SIG_WITH_SHA384 265 +#define OID_ECGDSA_SIG_WITH_SHA512 266 +#define OID_SECT163K1 289 +#define OID_SECT163R1 290 +#define OID_SECT239K1 291 +#define OID_SECT113R1 292 +#define OID_SECT113R2 293 +#define OID_SECT112R1 294 +#define OID_SECT112R2 295 +#define OID_SECT160R1 296 +#define OID_SECT160K1 297 +#define OID_SECT256K1 298 +#define OID_SECT163R2 299 +#define OID_SECT283K1 300 +#define OID_SECT283R1 301 +#define OID_SECT131R1 302 +#define OID_SECT131R2 303 +#define OID_SECT193R1 304 +#define OID_SECT193R2 305 +#define OID_SECT233K1 306 +#define OID_SECT233R1 307 +#define OID_SECT128R1 308 +#define OID_SECT128R2 309 +#define OID_SECT160R2 310 +#define OID_SECT192K1 311 +#define OID_SECT224K1 312 +#define OID_SECT224R1 313 +#define OID_SECT384R1 314 +#define OID_SECT521R1 315 +#define OID_SECT409K1 316 +#define OID_SECT409R1 317 +#define OID_SECT571K1 318 +#define OID_SECT571R1 319 +#define OID_AES128_CBC 328 +#define OID_AES128_GCM 329 +#define OID_AES128_CCM 330 +#define OID_AES192_CBC 331 +#define OID_AES192_GCM 332 +#define OID_AES192_CCM 333 +#define OID_AES256_CBC 334 +#define OID_AES256_GCM 335 +#define OID_AES256_CCM 336 +#define OID_SHA256 338 +#define OID_SHA384 339 +#define OID_SHA512 340 +#define OID_SHA224 341 +#define OID_NS_REVOCATION_URL 347 +#define OID_NS_CA_REVOCATION_URL 348 +#define OID_NS_CA_POLICY_URL 349 +#define OID_NS_COMMENT 350 +#define OID_EMPLOYEE_NUMBER 353 +#define OID_PKI_MESSAGE_TYPE 359 +#define OID_PKI_STATUS 360 +#define OID_PKI_FAIL_INFO 361 +#define OID_PKI_SENDER_NONCE 362 +#define OID_PKI_RECIPIENT_NONCE 363 +#define OID_PKI_TRANS_ID 364 +#define OID_TPM_MANUFACTURER 370 +#define OID_TPM_MODEL 371 +#define OID_TPM_VERSION 372 +#define OID_TPM_ID_LABEL 373 -#define OID_MAX 368 +#define OID_MAX 374 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index f16287cb2..c3ff1a9e7 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -33,6 +33,7 @@ 0x2A "G" OID_GIVEN_NAME 0x2B "I" OID_INITIALS 0x2D "ID" OID_UNIQUE_IDENTIFIER + 0x2E "dnQualifier" OID_DN_QUALIFIER 0x48 "role" OID_ROLE 0x1D "id-ce" 0x09 "subjectDirectoryAttrs" @@ -97,6 +98,11 @@ 0x0C "sha384WithRSAEncryption" OID_SHA384_WITH_RSA 0x0D "sha512WithRSAEncryption" OID_SHA512_WITH_RSA 0x0E "sha224WithRSAEncryption" OID_SHA224_WITH_RSA + 0x05 "PKCS-5" + 0x03 "pbeWithMD5AndDES-CBC" OID_PBE_MD5_DES_CBC + 0x0A "pbeWithSHA1AndDES-CBC" OID_PBE_SHA1_DES_CBC + 0x0C "id-PBKDF2" OID_PBKDF2 + 0x0D "id-PBES2" OID_PBES2 0x07 "PKCS-7" 0x01 "data" OID_PKCS7_DATA 0x02 "signedData" OID_PKCS7_SIGNED_DATA diff --git a/src/libstrongswan/bio/bio_reader.c b/src/libstrongswan/bio/bio_reader.c new file mode 100644 index 000000000..fce0d1aef --- /dev/null +++ b/src/libstrongswan/bio/bio_reader.c @@ -0,0 +1,215 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "bio_reader.h" + +#include <debug.h> + +typedef struct private_bio_reader_t private_bio_reader_t; + +/** + * Private data of an bio_reader_t object. + */ +struct private_bio_reader_t { + + /** + * Public bio_reader_t interface. + */ + bio_reader_t public; + + /** + * Remaining data to process + */ + chunk_t buf; +}; + +METHOD(bio_reader_t, remaining, u_int32_t, + private_bio_reader_t *this) +{ + return this->buf.len; +} + +METHOD(bio_reader_t, peek, chunk_t, + private_bio_reader_t *this) +{ + return this->buf; +} + +METHOD(bio_reader_t, read_uint8, bool, + private_bio_reader_t *this, u_int8_t *res) +{ + if (this->buf.len < 1) + { + DBG1(DBG_LIB, "%d bytes insufficient to parse u_int8 data", + this->buf.len); + return FALSE; + } + *res = this->buf.ptr[0]; + this->buf = chunk_skip(this->buf, 1); + return TRUE; +} + +METHOD(bio_reader_t, read_uint16, bool, + private_bio_reader_t *this, u_int16_t *res) +{ + if (this->buf.len < 2) + { + DBG1(DBG_LIB, "%d bytes insufficient to parse u_int16 data", + this->buf.len); + return FALSE; + } + *res = untoh16(this->buf.ptr); + this->buf = chunk_skip(this->buf, 2); + return TRUE; +} + +METHOD(bio_reader_t, read_uint24, bool, + private_bio_reader_t *this, u_int32_t *res) +{ + if (this->buf.len < 3) + { + DBG1(DBG_LIB, "%d bytes insufficient to parse u_int24 data", + this->buf.len); + return FALSE; + } + *res = untoh32(this->buf.ptr) >> 8; + this->buf = chunk_skip(this->buf, 3); + return TRUE; +} + +METHOD(bio_reader_t, read_uint32, bool, + private_bio_reader_t *this, u_int32_t *res) +{ + if (this->buf.len < 4) + { + DBG1(DBG_LIB, "%d bytes insufficient to parse u_int32 data", + this->buf.len); + return FALSE; + } + *res = untoh32(this->buf.ptr); + this->buf = chunk_skip(this->buf, 4); + return TRUE; +} + +METHOD(bio_reader_t, read_uint64, bool, + private_bio_reader_t *this, u_int64_t *res) +{ + if (this->buf.len < 8) + { + DBG1(DBG_LIB, "%d bytes insufficient to parse u_int64 data", + this->buf.len); + return FALSE; + } + *res = untoh64(this->buf.ptr); + this->buf = chunk_skip(this->buf, 8); + return TRUE; +} + +METHOD(bio_reader_t, read_data, bool, + private_bio_reader_t *this, u_int32_t len, chunk_t *res) +{ + if (this->buf.len < len) + { + DBG1(DBG_LIB, "%d bytes insufficient to parse %d bytes of data", + this->buf.len, len); + return FALSE; + } + *res = chunk_create(this->buf.ptr, len); + this->buf = chunk_skip(this->buf, len); + return TRUE; +} + +METHOD(bio_reader_t, read_data8, bool, + private_bio_reader_t *this, chunk_t *res) +{ + u_int8_t len; + + if (!read_uint8(this, &len)) + { + return FALSE; + } + return read_data(this, len, res); +} + +METHOD(bio_reader_t, read_data16, bool, + private_bio_reader_t *this, chunk_t *res) +{ + u_int16_t len; + + if (!read_uint16(this, &len)) + { + return FALSE; + } + return read_data(this, len, res); +} + +METHOD(bio_reader_t, read_data24, bool, + private_bio_reader_t *this, chunk_t *res) +{ + u_int32_t len; + + if (!read_uint24(this, &len)) + { + return FALSE; + } + return read_data(this, len, res); +} + +METHOD(bio_reader_t, read_data32, bool, + private_bio_reader_t *this, chunk_t *res) +{ + u_int32_t len; + + if (!read_uint32(this, &len)) + { + return FALSE; + } + return read_data(this, len, res); +} + +METHOD(bio_reader_t, destroy, void, + private_bio_reader_t *this) +{ + free(this); +} + +/** + * See header + */ +bio_reader_t *bio_reader_create(chunk_t data) +{ + private_bio_reader_t *this; + + INIT(this, + .public = { + .remaining = _remaining, + .peek = _peek, + .read_uint8 = _read_uint8, + .read_uint16 = _read_uint16, + .read_uint24 = _read_uint24, + .read_uint32 = _read_uint32, + .read_uint64 = _read_uint64, + .read_data = _read_data, + .read_data8 = _read_data8, + .read_data16 = _read_data16, + .read_data24 = _read_data24, + .read_data32 = _read_data32, + .destroy = _destroy, + }, + .buf = data, + ); + + return &this->public; +} diff --git a/src/libstrongswan/bio/bio_reader.h b/src/libstrongswan/bio/bio_reader.h new file mode 100644 index 000000000..85434a784 --- /dev/null +++ b/src/libstrongswan/bio/bio_reader.h @@ -0,0 +1,139 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup bio_reader bio_reader + * @{ @ingroup bio + */ + +#ifndef BIO_READER_H_ +#define BIO_READER_H_ + +typedef struct bio_reader_t bio_reader_t; + +#include <library.h> + +/** + * Buffered input parser. + */ +struct bio_reader_t { + + /** + * Get the number of remaining bytes. + * + * @return number of remaining bytes in buffer + */ + u_int32_t (*remaining)(bio_reader_t *this); + + /** + * Peek the remaining data, not consuming any bytes. + * + * @return remaining data + */ + chunk_t (*peek)(bio_reader_t *this); + + /** + * Read a 8-bit integer from the buffer, advance. + * + * @param res pointer to result + * @return TRUE if integer read successfully + */ + bool (*read_uint8)(bio_reader_t *this, u_int8_t *res); + + /** + * Read a 16-bit integer from the buffer, advance. + * + * @param res pointer to result + * @return TRUE if integer read successfully + */ + bool (*read_uint16)(bio_reader_t *this, u_int16_t *res); + + /** + * Read a 24-bit integer from the buffer, advance. + * + * @param res pointer to result + * @return TRUE if integer read successfully + */ + bool (*read_uint24)(bio_reader_t *this, u_int32_t *res); + + /** + * Read a 32-bit integer from the buffer, advance. + * + * @param res pointer to result + * @return TRUE if integer read successfully + */ + bool (*read_uint32)(bio_reader_t *this, u_int32_t *res); + + /** + * Read a 64-bit integer from the buffer, advance. + * + * @param res pointer to result + * @return TRUE if integer read successfully + */ + bool (*read_uint64)(bio_reader_t *this, u_int64_t *res); + + /** + * Read a chunk of len bytes, advance. + * + * @param len number of bytes to read + * @param res pointer to result, not cloned + * @return TRUE if data read successfully + */ + bool (*read_data)(bio_reader_t *this, u_int32_t len, chunk_t *res); + + /** + * Read a chunk of bytes with a 8-bit length header, advance. + * + * @param res pointer to result, not cloned + * @return TRUE if data read successfully + */ + bool (*read_data8)(bio_reader_t *this, chunk_t *res); + + /** + * Read a chunk of bytes with a 16-bit length header, advance. + * + * @param res pointer to result, not cloned + * @return TRUE if data read successfully + */ + bool (*read_data16)(bio_reader_t *this, chunk_t *res); + + /** + * Read a chunk of bytes with a 24-bit length header, advance. + * + * @param res pointer to result, not cloned + * @return TRUE if data read successfully + */ + bool (*read_data24)(bio_reader_t *this, chunk_t *res); + + /** + * Read a chunk of bytes with a 32-bit length header, advance. + * + * @param res pointer to result, not cloned + * @return TRUE if data read successfully + */ + bool (*read_data32)(bio_reader_t *this, chunk_t *res); + + /** + * Destroy a bio_reader_t. + */ + void (*destroy)(bio_reader_t *this); +}; + +/** + * Create a bio_reader instance. + */ +bio_reader_t *bio_reader_create(chunk_t data); + +#endif /** bio_reader_H_ @}*/ diff --git a/src/libstrongswan/bio/bio_writer.c b/src/libstrongswan/bio/bio_writer.c new file mode 100644 index 000000000..bf373d6ac --- /dev/null +++ b/src/libstrongswan/bio/bio_writer.c @@ -0,0 +1,249 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "bio_writer.h" + +typedef struct private_bio_writer_t private_bio_writer_t; + +/** + * Private data of an bio_writer_t object. + */ +struct private_bio_writer_t { + + /** + * Public bio_writer_t interface. + */ + bio_writer_t public; + + /** + * Allocated buffer + */ + chunk_t buf; + + /** + * Used bytes in buffer + */ + size_t used; + + /** + * Number of bytes to increase buffer size + */ + size_t increase; +}; + +/** + * Increase buffer size + */ +static void increase(private_bio_writer_t *this) +{ + this->buf.len += this->increase; + this->buf.ptr = realloc(this->buf.ptr, this->buf.len); +} + +METHOD(bio_writer_t, write_uint8, void, + private_bio_writer_t *this, u_int8_t value) +{ + if (this->used + 1 > this->buf.len) + { + increase(this); + } + this->buf.ptr[this->used] = value; + this->used += 1; +} + +METHOD(bio_writer_t, write_uint16, void, + private_bio_writer_t *this, u_int16_t value) +{ + if (this->used + 2 > this->buf.len) + { + increase(this); + } + htoun16(this->buf.ptr + this->used, value); + this->used += 2; +} + +METHOD(bio_writer_t, write_uint24, void, + private_bio_writer_t *this, u_int32_t value) +{ + if (this->used + 3 > this->buf.len) + { + increase(this); + } + value = htonl(value); + memcpy(this->buf.ptr + this->used, ((char*)&value) + 1, 3); + this->used += 3; +} + +METHOD(bio_writer_t, write_uint32, void, + private_bio_writer_t *this, u_int32_t value) +{ + if (this->used + 4 > this->buf.len) + { + increase(this); + } + htoun32(this->buf.ptr + this->used, value); + this->used += 4; +} + +METHOD(bio_writer_t, write_uint64, void, + private_bio_writer_t *this, u_int64_t value) +{ + if (this->used + 8 > this->buf.len) + { + increase(this); + } + htoun64(this->buf.ptr + this->used, value); + this->used += 8; +} + +METHOD(bio_writer_t, write_data, void, + private_bio_writer_t *this, chunk_t value) +{ + while (this->used + value.len > this->buf.len) + { + increase(this); + } + memcpy(this->buf.ptr + this->used, value.ptr, value.len); + this->used += value.len; +} + +METHOD(bio_writer_t, write_data8, void, + private_bio_writer_t *this, chunk_t value) +{ + write_uint8(this, value.len); + write_data(this, value); +} + +METHOD(bio_writer_t, write_data16, void, + private_bio_writer_t *this, chunk_t value) +{ + write_uint16(this, value.len); + write_data(this, value); +} + +METHOD(bio_writer_t, write_data24, void, + private_bio_writer_t *this, chunk_t value) +{ + write_uint24(this, value.len); + write_data(this, value); +} + +METHOD(bio_writer_t, write_data32, void, + private_bio_writer_t *this, chunk_t value) +{ + write_uint32(this, value.len); + write_data(this, value); +} + +METHOD(bio_writer_t, wrap8, void, + private_bio_writer_t *this) +{ + if (this->used + 1 > this->buf.len) + { + increase(this); + } + memmove(this->buf.ptr + 1, this->buf.ptr, this->used); + this->buf.ptr[0] = this->used; + this->used += 1; +} + +METHOD(bio_writer_t, wrap16, void, + private_bio_writer_t *this) +{ + if (this->used + 2 > this->buf.len) + { + increase(this); + } + memmove(this->buf.ptr + 2, this->buf.ptr, this->used); + htoun16(this->buf.ptr, this->used); + this->used += 2; +} + +METHOD(bio_writer_t, wrap24, void, + private_bio_writer_t *this) +{ + u_int32_t len; + + if (this->used + 3 > this->buf.len) + { + increase(this); + } + memmove(this->buf.ptr + 3, this->buf.ptr, this->used); + + len = htonl(this->used); + memcpy(this->buf.ptr, ((char*)&len) + 1, 3); + this->used += 3; +} + +METHOD(bio_writer_t, wrap32, void, + private_bio_writer_t *this) +{ + if (this->used + 4 > this->buf.len) + { + increase(this); + } + memmove(this->buf.ptr + 4, this->buf.ptr, this->used); + htoun32(this->buf.ptr, this->used); + this->used += 4; +} + +METHOD(bio_writer_t, get_buf, chunk_t, + private_bio_writer_t *this) +{ + return chunk_create(this->buf.ptr, this->used); +} + +METHOD(bio_writer_t, destroy, void, + private_bio_writer_t *this) +{ + free(this->buf.ptr); + free(this); +} + +/** + * See header + */ +bio_writer_t *bio_writer_create(u_int32_t bufsize) +{ + private_bio_writer_t *this; + + INIT(this, + .public = { + .write_uint8 = _write_uint8, + .write_uint16 = _write_uint16, + .write_uint24 = _write_uint24, + .write_uint32 = _write_uint32, + .write_uint64 = _write_uint64, + .write_data = _write_data, + .write_data8 = _write_data8, + .write_data16 = _write_data16, + .write_data24 = _write_data24, + .write_data32 = _write_data32, + .wrap8 = _wrap8, + .wrap16 = _wrap16, + .wrap24 = _wrap24, + .wrap32 = _wrap32, + .get_buf = _get_buf, + .destroy = _destroy, + }, + .increase = bufsize ? max(bufsize, 4) : 32, + ); + if (bufsize) + { + this->buf = chunk_alloc(bufsize); + } + + return &this->public; +} diff --git a/src/libstrongswan/bio/bio_writer.h b/src/libstrongswan/bio/bio_writer.h new file mode 100644 index 000000000..0b50f7882 --- /dev/null +++ b/src/libstrongswan/bio/bio_writer.h @@ -0,0 +1,143 @@ +/* + * Copyright (C) 2010 Martin Willi + * Copyright (C) 2010 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup bio_writer bio_writer + * @{ @ingroup bio + */ + +#ifndef BIO_WRITER_H_ +#define BIO_WRITER_H_ + +typedef struct bio_writer_t bio_writer_t; + +#include <library.h> + +/** + * Buffered output generator. + */ +struct bio_writer_t { + + /** + * Append a 8-bit integer to the buffer. + * + * @param value value to append + */ + void (*write_uint8)(bio_writer_t *this, u_int8_t value); + + /** + * Append a 16-bit integer to the buffer. + * + * @param value value to append + */ + void (*write_uint16)(bio_writer_t *this, u_int16_t value); + + /** + * Append a 24-bit integer to the buffer. + * + * @param value value to append + */ + void (*write_uint24)(bio_writer_t *this, u_int32_t value); + + /** + * Append a 32-bit integer to the buffer. + * + * @param value value to append + */ + void (*write_uint32)(bio_writer_t *this, u_int32_t value); + + /** + * Append a 64-bit integer to the buffer. + * + * @param value value to append + */ + void (*write_uint64)(bio_writer_t *this, u_int64_t value); + + /** + * Append a chunk of data without a length header. + * + * @param value value to append + */ + void (*write_data)(bio_writer_t *this, chunk_t value); + + /** + * Append a chunk of data with a 8-bit length header. + * + * @param value value to append + */ + void (*write_data8)(bio_writer_t *this, chunk_t value); + + /** + * Append a chunk of data with a 16-bit length header. + * + * @param value value to append + */ + void (*write_data16)(bio_writer_t *this, chunk_t value); + + /** + * Append a chunk of data with a 24-bit length header. + * + * @param value value to append + */ + void (*write_data24)(bio_writer_t *this, chunk_t value); + + /** + * Append a chunk of data with a 32-bit length header. + * + * @param value value to append + */ + void (*write_data32)(bio_writer_t *this, chunk_t value); + + /** + * Prepend a 8-bit length header to existing data. + */ + void (*wrap8)(bio_writer_t *this); + + /** + * Prepend a 16-bit length header to existing data. + */ + void (*wrap16)(bio_writer_t *this); + + /** + * Prepend a 24-bit length header to existing data. + */ + void (*wrap24)(bio_writer_t *this); + + /** + * Prepend a 32-bit length header to existing data. + */ + void (*wrap32)(bio_writer_t *this); + + /** + * Get the encoded data buffer. + * + * @return chunk to internal buffer + */ + chunk_t (*get_buf)(bio_writer_t *this); + + /** + * Destroy a bio_writer_t. + */ + void (*destroy)(bio_writer_t *this); +}; + +/** + * Create a bio_writer instance. + * + * @param bufsize initially allocated buffer size + */ +bio_writer_t *bio_writer_create(u_int32_t bufsize); + +#endif /** BIO_WRITER_H_ @}*/ diff --git a/src/libstrongswan/chunk.c b/src/libstrongswan/chunk.c index 9a4152145..9397c4e44 100644 --- a/src/libstrongswan/chunk.c +++ b/src/libstrongswan/chunk.c @@ -57,7 +57,7 @@ chunk_t chunk_create_clone(u_char *ptr, chunk_t chunk) } /** - * Decribed in header. + * Described in header. */ size_t chunk_length(const char* mode, ...) { @@ -87,7 +87,7 @@ size_t chunk_length(const char* mode, ...) } /** - * Decribed in header. + * Described in header. */ chunk_t chunk_create_cat(u_char *ptr, const char* mode, ...) { @@ -133,7 +133,7 @@ chunk_t chunk_create_cat(u_char *ptr, const char* mode, ...) } /** - * Decribed in header. + * Described in header. */ void chunk_split(chunk_t chunk, const char *mode, ...) { @@ -313,7 +313,7 @@ chunk_t chunk_from_hex(chunk_t hex, char *buf) /* subtract the number of optional ':' separation characters */ len = hex.len; ptr = hex.ptr; - for (i = 0; i < hex.len; i++) + for (i = 0; i < hex.len; i++) { if (*ptr++ == ':') { @@ -668,7 +668,8 @@ int chunk_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, if (!spec->hash) { - const void *new_args[] = {&chunk->ptr, &chunk->len}; + u_int chunk_len = chunk->len; + const void *new_args[] = {&chunk->ptr, &chunk_len}; return mem_printf_hook(dst, len, spec, new_args); } diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h index 63644ac78..3de02eee7 100644 --- a/src/libstrongswan/chunk.h +++ b/src/libstrongswan/chunk.h @@ -235,6 +235,20 @@ static inline chunk_t chunk_skip(chunk_t chunk, size_t bytes) } /** + * Skip a leading zero-valued byte + */ +static inline chunk_t chunk_skip_zero(chunk_t chunk) +{ + if (chunk.len > 1 && *chunk.ptr == 0x00) + { + chunk.ptr++; + chunk.len--; + } + return chunk; +} + + +/** * Compare two chunks, returns zero if a equals b * or negative/positive if a is small/greater than b */ @@ -254,7 +268,7 @@ static inline bool chunk_equals(chunk_t a, chunk_t b) * Increment a chunk, as it would reprensent a network order integer. * * @param chunk chunk to increment - * @return TRUE if an overflow occured + * @return TRUE if an overflow occurred */ bool chunk_increment(chunk_t chunk); diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 23a3f62d9..12f75b240 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -1,6 +1,6 @@ /* + * Copyright (C) 2008-2012 Tobias Brunner * Copyright (C) 2007-2009 Martin Willi - * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -30,6 +30,63 @@ ENUM(auth_class_names, AUTH_CLASS_ANY, AUTH_CLASS_EAP, "EAP", ); +ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_REVOCATION_CERT, + "RULE_IDENTITY", + "RULE_AUTH_CLASS", + "RULE_AAA_IDENTITY", + "RULE_EAP_IDENTITY", + "RULE_EAP_TYPE", + "RULE_EAP_VENDOR", + "RULE_CA_CERT", + "RULE_IM_CERT", + "RULE_SUBJECT_CERT", + "RULE_CRL_VALIDATION", + "RULE_OCSP_VALIDATION", + "RULE_GROUP", + "RULE_RSA_STRENGTH", + "RULE_ECDSA_STRENGTH", + "RULE_CERT_POLICY", + "HELPER_IM_CERT", + "HELPER_SUBJECT_CERT", + "HELPER_IM_HASH_URL", + "HELPER_SUBJECT_HASH_URL", + "HELPER_REVOCATION_CERT", +); + +/** + * Check if the given rule is a rule for which there may be multiple values. + */ +static inline bool is_multi_value_rule(auth_rule_t type) +{ + switch (type) + { + case AUTH_RULE_AUTH_CLASS: + case AUTH_RULE_EAP_TYPE: + case AUTH_RULE_EAP_VENDOR: + case AUTH_RULE_RSA_STRENGTH: + case AUTH_RULE_ECDSA_STRENGTH: + case AUTH_RULE_IDENTITY: + case AUTH_RULE_EAP_IDENTITY: + case AUTH_RULE_AAA_IDENTITY: + case AUTH_RULE_SUBJECT_CERT: + case AUTH_HELPER_SUBJECT_CERT: + case AUTH_HELPER_SUBJECT_HASH_URL: + case AUTH_RULE_MAX: + return FALSE; + case AUTH_RULE_OCSP_VALIDATION: + case AUTH_RULE_CRL_VALIDATION: + case AUTH_RULE_GROUP: + case AUTH_RULE_CA_CERT: + case AUTH_RULE_IM_CERT: + case AUTH_RULE_CERT_POLICY: + case AUTH_HELPER_IM_CERT: + case AUTH_HELPER_IM_HASH_URL: + case AUTH_HELPER_REVOCATION_CERT: + return TRUE; + } + return FALSE; +} + typedef struct private_auth_cfg_t private_auth_cfg_t; /** @@ -67,6 +124,8 @@ typedef struct { enumerator_t *inner; /** current entry */ entry_t *current; + /** types we have already enumerated */ + bool enumerated[AUTH_RULE_MAX]; } entry_enumerator_t; /** @@ -76,11 +135,22 @@ static bool enumerate(entry_enumerator_t *this, auth_rule_t *type, void **value) { entry_t *entry; - if (this->inner->enumerate(this->inner, &entry)) + while (this->inner->enumerate(this->inner, &entry)) { + if (!is_multi_value_rule(entry->type) && this->enumerated[entry->type]) + { + continue; + } + this->enumerated[entry->type] = TRUE; this->current = entry; - *type = entry->type; - *value = entry->value; + if (type) + { + *type = entry->type; + } + if (value) + { + *value = entry->value; + } return TRUE; } return FALSE; @@ -95,22 +165,124 @@ static void entry_enumerator_destroy(entry_enumerator_t *this) free(this); } -/** - * Implementation of auth_cfg_t.create_enumerator. - */ -static enumerator_t* create_enumerator(private_auth_cfg_t *this) +METHOD(auth_cfg_t, create_enumerator, enumerator_t*, + private_auth_cfg_t *this) { entry_enumerator_t *enumerator; - enumerator = malloc_thing(entry_enumerator_t); - enumerator->inner = this->entries->create_enumerator(this->entries); - enumerator->public.enumerate = (void*)enumerate; - enumerator->public.destroy = (void*)entry_enumerator_destroy; - enumerator->current = NULL; + INIT(enumerator, + .public = { + .enumerate = (void*)enumerate, + .destroy = (void*)entry_enumerator_destroy, + }, + .inner = this->entries->create_enumerator(this->entries), + ); return &enumerator->public; } /** + * Create an entry from the given arguments. + */ +static entry_t *entry_create(auth_rule_t type, va_list args) +{ + entry_t *this = malloc_thing(entry_t); + + this->type = type; + switch (type) + { + case AUTH_RULE_AUTH_CLASS: + case AUTH_RULE_EAP_TYPE: + case AUTH_RULE_EAP_VENDOR: + case AUTH_RULE_CRL_VALIDATION: + case AUTH_RULE_OCSP_VALIDATION: + case AUTH_RULE_RSA_STRENGTH: + case AUTH_RULE_ECDSA_STRENGTH: + /* integer type */ + this->value = (void*)(uintptr_t)va_arg(args, u_int); + break; + case AUTH_RULE_IDENTITY: + case AUTH_RULE_EAP_IDENTITY: + case AUTH_RULE_AAA_IDENTITY: + case AUTH_RULE_GROUP: + case AUTH_RULE_CA_CERT: + case AUTH_RULE_IM_CERT: + case AUTH_RULE_SUBJECT_CERT: + case AUTH_RULE_CERT_POLICY: + case AUTH_HELPER_IM_CERT: + case AUTH_HELPER_SUBJECT_CERT: + case AUTH_HELPER_IM_HASH_URL: + case AUTH_HELPER_SUBJECT_HASH_URL: + case AUTH_HELPER_REVOCATION_CERT: + /* pointer type */ + this->value = va_arg(args, void*); + break; + case AUTH_RULE_MAX: + this->value = NULL; + break; + } + return this; +} + +/** + * Compare two entries for equality. + */ +static bool entry_equals(entry_t *e1, entry_t *e2) +{ + if (e1->type != e2->type) + { + return FALSE; + } + switch (e1->type) + { + case AUTH_RULE_AUTH_CLASS: + case AUTH_RULE_EAP_TYPE: + case AUTH_RULE_EAP_VENDOR: + case AUTH_RULE_CRL_VALIDATION: + case AUTH_RULE_OCSP_VALIDATION: + case AUTH_RULE_RSA_STRENGTH: + case AUTH_RULE_ECDSA_STRENGTH: + { + return e1->value == e2->value; + } + case AUTH_RULE_CA_CERT: + case AUTH_RULE_IM_CERT: + case AUTH_RULE_SUBJECT_CERT: + case AUTH_HELPER_IM_CERT: + case AUTH_HELPER_SUBJECT_CERT: + case AUTH_HELPER_REVOCATION_CERT: + { + certificate_t *c1, *c2; + + c1 = (certificate_t*)e1->value; + c2 = (certificate_t*)e2->value; + + return c1->equals(c1, c2); + } + case AUTH_RULE_IDENTITY: + case AUTH_RULE_EAP_IDENTITY: + case AUTH_RULE_AAA_IDENTITY: + case AUTH_RULE_GROUP: + { + identification_t *id1, *id2; + + id1 = (identification_t*)e1->value; + id2 = (identification_t*)e2->value; + + return id1->equals(id1, id2); + } + case AUTH_RULE_CERT_POLICY: + case AUTH_HELPER_IM_HASH_URL: + case AUTH_HELPER_SUBJECT_HASH_URL: + { + return streq(e1->value, e2->value); + } + case AUTH_RULE_MAX: + break; + } + return FALSE; +} + +/** * Destroy the value associated with an entry */ static void destroy_entry_value(entry_t *entry) @@ -151,6 +323,7 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_OCSP_VALIDATION: case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: + case AUTH_RULE_MAX: break; } } @@ -158,17 +331,18 @@ static void destroy_entry_value(entry_t *entry) /** * Implementation of auth_cfg_t.replace. */ -static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, +static void replace(private_auth_cfg_t *this, entry_enumerator_t *enumerator, auth_rule_t type, ...) { if (enumerator->current) { + entry_t *entry; va_list args; va_start(args, type); - - destroy_entry_value(enumerator->current); - enumerator->current->type = type; + entry = enumerator->current; + destroy_entry_value(entry); + entry->type = type; switch (type) { case AUTH_RULE_AUTH_CLASS: @@ -179,7 +353,7 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: /* integer type */ - enumerator->current->value = (void*)(uintptr_t)va_arg(args, u_int); + entry->value = (void*)(uintptr_t)va_arg(args, u_int); break; case AUTH_RULE_IDENTITY: case AUTH_RULE_EAP_IDENTITY: @@ -195,17 +369,18 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_HELPER_SUBJECT_HASH_URL: case AUTH_HELPER_REVOCATION_CERT: /* pointer type */ - enumerator->current->value = va_arg(args, void*); + entry->value = va_arg(args, void*); + break; + case AUTH_RULE_MAX: + entry->value = NULL; break; } va_end(args); } } -/** - * Implementation of auth_cfg_t.get. - */ -static void* get(private_auth_cfg_t *this, auth_rule_t type) +METHOD(auth_cfg_t, get, void*, + private_auth_cfg_t *this, auth_rule_t type) { enumerator_t *enumerator; void *current_value, *best_value = NULL; @@ -264,9 +439,10 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: case AUTH_HELPER_REVOCATION_CERT: - default: - return NULL; + case AUTH_RULE_MAX: + break; } + return NULL; } /** @@ -274,49 +450,26 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) */ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) { - entry_t *entry = malloc_thing(entry_t); + entry_t *entry; va_list args; va_start(args, type); - entry->type = type; - switch (type) - { - case AUTH_RULE_AUTH_CLASS: - case AUTH_RULE_EAP_TYPE: - case AUTH_RULE_EAP_VENDOR: - case AUTH_RULE_CRL_VALIDATION: - case AUTH_RULE_OCSP_VALIDATION: - case AUTH_RULE_RSA_STRENGTH: - case AUTH_RULE_ECDSA_STRENGTH: - /* integer type */ - entry->value = (void*)(uintptr_t)va_arg(args, u_int); - break; - case AUTH_RULE_IDENTITY: - case AUTH_RULE_EAP_IDENTITY: - case AUTH_RULE_AAA_IDENTITY: - case AUTH_RULE_GROUP: - case AUTH_RULE_CA_CERT: - case AUTH_RULE_IM_CERT: - case AUTH_RULE_SUBJECT_CERT: - case AUTH_RULE_CERT_POLICY: - case AUTH_HELPER_IM_CERT: - case AUTH_HELPER_SUBJECT_CERT: - case AUTH_HELPER_IM_HASH_URL: - case AUTH_HELPER_SUBJECT_HASH_URL: - case AUTH_HELPER_REVOCATION_CERT: - /* pointer type */ - entry->value = va_arg(args, void*); - break; - } + entry = entry_create(type, args); va_end(args); - this->entries->insert_last(this->entries, entry); + + if (is_multi_value_rule(type)) + { /* insert rules that may occur multiple times at the end */ + this->entries->insert_last(this->entries, entry); + } + else + { /* insert rules we expect only once at the front (get() will return + * the latest value) */ + this->entries->insert_first(this->entries, entry); + } } -/** - * Implementation of auth_cfg_t.complies. - */ -static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, - bool log_error) +METHOD(auth_cfg_t, complies, bool, + private_auth_cfg_t *this, auth_cfg_t *constraints, bool log_error) { enumerator_t *e1, *e2; bool success = TRUE, has_group = FALSE, group_match = FALSE; @@ -566,6 +719,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: case AUTH_HELPER_REVOCATION_CERT: + case AUTH_RULE_MAX: /* skip helpers */ continue; } @@ -602,6 +756,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy auth_rule_t type; void *value; + /* this enumerator skips duplicates for rules we expect only once */ enumerator = create_enumerator(other); while (enumerator->enumerate(enumerator, &type, &value)) { @@ -647,6 +802,8 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy add(this, type, strdup((char*)value)); break; } + case AUTH_RULE_MAX: + break; } } enumerator->destroy(enumerator); @@ -672,85 +829,23 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) entry_t *i1, *i2; bool equal = TRUE, found; - if (this->entries->get_count(this->entries) != - other->entries->get_count(other->entries)) - { - return FALSE; - } + /* the rule count does not have to be equal for the two, as we only compare + * the first value found for some rules */ e1 = this->entries->create_enumerator(this->entries); while (e1->enumerate(e1, &i1)) { found = FALSE; + e2 = other->entries->create_enumerator(other->entries); while (e2->enumerate(e2, &i2)) { - if (i1->type == i2->type) + if (entry_equals(i1, i2)) { - switch (i1->type) - { - case AUTH_RULE_AUTH_CLASS: - case AUTH_RULE_EAP_TYPE: - case AUTH_RULE_EAP_VENDOR: - case AUTH_RULE_CRL_VALIDATION: - case AUTH_RULE_OCSP_VALIDATION: - case AUTH_RULE_RSA_STRENGTH: - case AUTH_RULE_ECDSA_STRENGTH: - { - if (i1->value == i2->value) - { - found = TRUE; - break; - } - continue; - } - case AUTH_RULE_CA_CERT: - case AUTH_RULE_IM_CERT: - case AUTH_RULE_SUBJECT_CERT: - case AUTH_HELPER_IM_CERT: - case AUTH_HELPER_SUBJECT_CERT: - case AUTH_HELPER_REVOCATION_CERT: - { - certificate_t *c1, *c2; - - c1 = (certificate_t*)i1->value; - c2 = (certificate_t*)i2->value; - - if (c1->equals(c1, c2)) - { - found = TRUE; - break; - } - continue; - } - case AUTH_RULE_IDENTITY: - case AUTH_RULE_EAP_IDENTITY: - case AUTH_RULE_AAA_IDENTITY: - case AUTH_RULE_GROUP: - { - identification_t *id1, *id2; - - id1 = (identification_t*)i1->value; - id2 = (identification_t*)i2->value; - - if (id1->equals(id1, id2)) - { - found = TRUE; - break; - } - continue; - } - case AUTH_RULE_CERT_POLICY: - case AUTH_HELPER_IM_HASH_URL: - case AUTH_HELPER_SUBJECT_HASH_URL: - { - if (streq(i1->value, i2->value)) - { - found = TRUE; - break; - } - continue; - } - } + found = TRUE; + break; + } + else if (i1->type == i2->type && !is_multi_value_rule(i1->type)) + { /* we continue our search, only for multi valued rules */ break; } } @@ -765,10 +860,8 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) return equal; } -/** - * Implementation of auth_cfg_t.purge - */ -static void purge(private_auth_cfg_t *this, bool keep_ca) +METHOD(auth_cfg_t, purge, void, + private_auth_cfg_t *this, bool keep_ca) { entry_t *entry; linked_list_t *cas; @@ -793,16 +886,15 @@ static void purge(private_auth_cfg_t *this, bool keep_ca) cas->destroy(cas); } -/** - * Implementation of auth_cfg_t.clone - */ -static auth_cfg_t* clone_(private_auth_cfg_t *this) +METHOD(auth_cfg_t, clone_, auth_cfg_t*, + private_auth_cfg_t *this) { enumerator_t *enumerator; auth_cfg_t *clone; entry_t *entry; clone = auth_cfg_create(); + /* this enumerator skips duplicates for rules we expect only once */ enumerator = this->entries->create_enumerator(this->entries); while (enumerator->enumerate(enumerator, &entry)) { @@ -844,16 +936,16 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) case AUTH_RULE_ECDSA_STRENGTH: clone->add(clone, entry->type, (uintptr_t)entry->value); break; + case AUTH_RULE_MAX: + break; } } enumerator->destroy(enumerator); return clone; } -/** - * Implementation of auth_cfg_t.destroy - */ -static void destroy(private_auth_cfg_t *this) +METHOD(auth_cfg_t, destroy, void, + private_auth_cfg_t *this) { purge(this, FALSE); this->entries->destroy(this->entries); @@ -865,20 +957,23 @@ static void destroy(private_auth_cfg_t *this) */ auth_cfg_t *auth_cfg_create() { - private_auth_cfg_t *this = malloc_thing(private_auth_cfg_t); - - this->public.add = (void(*)(auth_cfg_t*, auth_rule_t type, ...))add; - this->public.get = (void*(*)(auth_cfg_t*, auth_rule_t type))get; - this->public.create_enumerator = (enumerator_t*(*)(auth_cfg_t*))create_enumerator; - this->public.replace = (void(*)(auth_cfg_t*,enumerator_t*,auth_rule_t,...))replace; - this->public.complies = (bool(*)(auth_cfg_t*, auth_cfg_t *,bool))complies; - this->public.merge = (void(*)(auth_cfg_t*, auth_cfg_t *other,bool))merge; - this->public.purge = (void(*)(auth_cfg_t*,bool))purge; - this->public.equals = (bool(*)(auth_cfg_t*, auth_cfg_t *other))equals; - this->public.clone = (auth_cfg_t*(*)(auth_cfg_t*))clone_; - this->public.destroy = (void(*)(auth_cfg_t*))destroy; - - this->entries = linked_list_create(); + private_auth_cfg_t *this; + + INIT(this, + .public = { + .add = (void(*)(auth_cfg_t*, auth_rule_t type, ...))add, + .get = _get, + .create_enumerator = _create_enumerator, + .replace = (void(*)(auth_cfg_t*,enumerator_t*,auth_rule_t,...))replace, + .complies = _complies, + .merge = (void(*)(auth_cfg_t*,auth_cfg_t*,bool))merge, + .purge = _purge, + .equals = (bool(*)(auth_cfg_t*,auth_cfg_t*))equals, + .clone = _clone_, + .destroy = _destroy, + }, + .entries = linked_list_create(), + ); return &this->public; } diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h index 489ce1134..4d12a9c14 100644 --- a/src/libstrongswan/credentials/auth_cfg.h +++ b/src/libstrongswan/credentials/auth_cfg.h @@ -1,6 +1,6 @@ /* + * Copyright (C) 2008-2012 Tobias Brunner * Copyright (C) 2007-2009 Martin Willi - * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -31,7 +31,7 @@ typedef enum auth_class_t auth_class_t; /** * Class of authentication to use. This is different to auth_method_t in that * it does not specify a method, but a class of acceptable methods. The found - * certificate finally dictates wich method is used. + * certificate finally dictates which method is used. */ enum auth_class_t { /** any class acceptable */ @@ -57,13 +57,12 @@ extern enum_name_t *auth_class_names; * - For configs specifying local authentication behavior, the rules define * which authentication method in which way. * - For configs specifying remote peer authentication, the rules define - * constraints the peer has to fullfill. + * constraints the peer has to fulfill. * * Additionally to the rules, there is a set of helper items. These are used * to transport credentials during the authentication process. */ enum auth_rule_t { - /** identity to use for IKEv2 authentication exchange, identification_t* */ AUTH_RULE_IDENTITY, /** authentication class, auth_class_t */ @@ -107,6 +106,9 @@ enum auth_rule_t { AUTH_HELPER_SUBJECT_HASH_URL, /** revocation certificate (CRL, OCSP), certificate_t* */ AUTH_HELPER_REVOCATION_CERT, + + /** helper to determine the number of elements in this enum */ + AUTH_RULE_MAX, }; /** @@ -119,8 +121,8 @@ extern enum_name_t *auth_rule_names; * * RFC4739 defines multiple authentication rounds. This class defines such * a round from a configuration perspective, either for the local or the remote - * peer. Local config are called "rulesets", as they define how we authenticate. - * Remote peer configs are called "constraits", they define what is needed to + * peer. Local configs are called "rulesets". They define how we authenticate. + * Remote peer configs are called "constraits". They define what is needed to * complete the authentication round successfully. * * @verbatim @@ -144,13 +146,20 @@ extern enum_name_t *auth_rule_names; @endverbatim * - * Values for each items are either pointers (casted to void*) or short + * Values for each item are either pointers (casted to void*) or short * integers (use uintptr_t cast). */ struct auth_cfg_t { /** - * Add an rule to the set. + * Add a rule to the set. + * + * Rules we expect only once (e.g. identities) implicitly replace previous + * rules of the same type (but pointers to previous values will remain + * valid until the auth_cfg_t object is destroyed). + * Rules that may occur multiple times (e.g. CA certificates) are inserted + * so that they can be enumerated in the order in which they were added. + * For these get() will return the value added first. * * @param rule rule type * @param ... associated value to rule @@ -158,7 +167,9 @@ struct auth_cfg_t { void (*add)(auth_cfg_t *this, auth_rule_t rule, ...); /** - * Get an rule value. + * Get a rule value. + * + * For rules we expect only once the latest value is returned. * * @param rule rule type * @return bool if item has been found @@ -168,14 +179,17 @@ struct auth_cfg_t { /** * Create an enumerator over added rules. * + * Refer to add() regarding the order in which rules are enumerated. + * For rules we expect only once the latest value is enumerated only. + * * @return enumerator over (auth_rule_t, union{void*,uintpr_t}) */ enumerator_t* (*create_enumerator)(auth_cfg_t *this); /** - * Replace an rule at enumerator position. + * Replace a rule at enumerator position. * - * @param pos enumerator position position + * @param pos enumerator position * @param rule rule type * @param ... associated value to rule */ @@ -186,7 +200,7 @@ struct auth_cfg_t { * Check if a used config fulfills a set of configured constraints. * * @param constraints required authorization rules - * @param log_error wheter to log compliance errors + * @param log_error whether to log compliance errors * @return TRUE if this complies with constraints */ bool (*complies)(auth_cfg_t *this, auth_cfg_t *constraints, bool log_error); @@ -202,20 +216,22 @@ struct auth_cfg_t { /** * Purge all rules in a config. * - * @param keep_ca wheter to keep AUTH_RULE_CA_CERT entries + * @param keep_ca whether to keep AUTH_RULE_CA_CERT entries */ void (*purge)(auth_cfg_t *this, bool keep_ca); /** * Check two configs for equality. * - * @param other other config to compaire against this + * For rules we expect only once the latest value is compared only. + * + * @param other other config to compare against this * @return TRUE if auth infos identical */ bool (*equals)(auth_cfg_t *this, auth_cfg_t *other); /** - * Clone a authentication config, including all rules. + * Clone an authentication config, including all rules. * * @return cloned configuration */ diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c index f9a277a2c..d3157c80e 100644 --- a/src/libstrongswan/credentials/builder.c +++ b/src/libstrongswan/credentials/builder.c @@ -23,8 +23,7 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_BLOB_PEM", "BUILD_BLOB_PGP", "BUILD_BLOB_DNSKEY", - "BUILD_PASSPHRASE", - "BUILD_PASSPHRASE_CALLBACK", + "BUILD_BLOB_ALGID_PARAMS", "BUILD_KEY_SIZE", "BUILD_SIGNING_KEY", "BUILD_SIGNING_CERT", diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h index 325b668cd..41250ccae 100644 --- a/src/libstrongswan/credentials/builder.h +++ b/src/libstrongswan/credentials/builder.h @@ -28,8 +28,8 @@ typedef enum builder_part_t builder_part_t; /** * Constructor function to build credentials. * - * Any added parts are cloned/refcounted by the builder implementation, a - * caller may need to free the passed ressources themself. + * Any added parts are cloned/refcounted by the builder implementation. + * Callers may need to free the passed resources themselves. * * @param subtype constructor specific subtype, e.g. a certificate_type_t * @param args list of builder part types, followed by parts, BUILD_END @@ -53,10 +53,12 @@ enum builder_part_t { BUILD_BLOB_ASN1_DER, /** PEM encoded ASN.1/PGP blob, chunk_t */ BUILD_BLOB_PEM, - /** OpenPGP key blob, chunk_t */ + /** OpenPGP key blob, chunk_t */ BUILD_BLOB_PGP, /** DNS public key blob (RFC 4034, RSA specifc RFC 3110), chunk_t */ BUILD_BLOB_DNSKEY, + /** parameters from algorithmIdentifier (ASN.1 blob), chunk_t */ + BUILD_BLOB_ALGID_PARAMS, /** key size in bits, as used for key generation, u_int */ BUILD_KEY_SIZE, /** private key to use for signing, private_key_t* */ diff --git a/src/libstrongswan/credentials/cert_validator.h b/src/libstrongswan/credentials/cert_validator.h index 733d9d612..00e30d7a0 100644 --- a/src/libstrongswan/credentials/cert_validator.h +++ b/src/libstrongswan/credentials/cert_validator.h @@ -39,7 +39,7 @@ struct cert_validator_t { * * @param subject subject certificate to check * @param issuer issuer of subject - * @param online wheter to do online revocation checking + * @param online whether to do online revocation checking * @param pathlen the current length of the path bottom-up * @param anchor is issuer trusted root anchor * @param auth container for resulting authentication info diff --git a/src/libstrongswan/credentials/certificates/ac.h b/src/libstrongswan/credentials/certificates/ac.h index fef7f8c65..57b44adca 100644 --- a/src/libstrongswan/credentials/certificates/ac.h +++ b/src/libstrongswan/credentials/certificates/ac.h @@ -79,7 +79,6 @@ struct ac_t { /** * @brief Checks if two attribute certificates belong to the same holder * - * @param this calling attribute certificate * @param that other attribute certificate * @return TRUE if same holder */ diff --git a/src/libstrongswan/credentials/certificates/certificate.c b/src/libstrongswan/credentials/certificates/certificate.c index 661b69e36..33ba4e907 100644 --- a/src/libstrongswan/credentials/certificates/certificate.c +++ b/src/libstrongswan/credentials/certificates/certificate.c @@ -38,6 +38,7 @@ ENUM(cert_validation_names, VALIDATION_GOOD, VALIDATION_REVOKED, "SKIPPED", "STALE", "FAILED", + "ON_HOLD", "REVOKED", ); diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h index 43bfe3dc1..2f471da5b 100644 --- a/src/libstrongswan/credentials/certificates/certificate.h +++ b/src/libstrongswan/credentials/certificates/certificate.h @@ -77,6 +77,8 @@ enum cert_validation_t { VALIDATION_STALE, /** validation failed due to a processing error */ VALIDATION_FAILED, + /** certificate is on hold (i.e. temporary revokation) */ + VALIDATION_ON_HOLD, /** certificate has been revoked */ VALIDATION_REVOKED, }; @@ -115,7 +117,7 @@ struct certificate_t { * not returned by get_subject (e.g. subjectAltNames) * * @param subject subject identity - * @return matching value of best match + * @return matching value of best match */ id_match_t (*has_subject)(certificate_t *this, identification_t *subject); @@ -132,8 +134,8 @@ struct certificate_t { * A certificate may contain additional issuer identifiers, which are * not returned by get_issuer (e.g. issuerAltNames) * - * @param subject isser identity - * @return matching value of best match + * @param subject issuer identity + * @return matching value of best match */ id_match_t (*has_issuer)(certificate_t *this, identification_t *issuer); @@ -141,7 +143,7 @@ struct certificate_t { * Check if this certificate is issued and signed by a specific issuer. * * @param issuer issuer's certificate - * @return TRUE if certificate issued by issuer and trusted + * @return TRUE if certificate issued by issuer and trusted */ bool (*issued_by)(certificate_t *this, certificate_t *issuer); @@ -176,7 +178,7 @@ struct certificate_t { /** * Check if two certificates are equal. * - * @param other certificate to compair against this + * @param other certificate to compare against this * @return TRUE if certificates are equal */ bool (*equals)(certificate_t *this, certificate_t *other); @@ -197,10 +199,10 @@ struct certificate_t { /** * Generic check if a given certificate is newer than another. * - * @param this first certificate to check - * @param other second certificate + * @param cert certificate + * @param other certificate to compare to * @return TRUE if this newer than other */ -bool certificate_is_newer(certificate_t *this, certificate_t *other); +bool certificate_is_newer(certificate_t *cert, certificate_t *other); #endif /** CERTIFICATE_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h index 2f3497474..4191c5935 100644 --- a/src/libstrongswan/credentials/certificates/crl.h +++ b/src/libstrongswan/credentials/certificates/crl.h @@ -100,10 +100,10 @@ struct crl_t { /** * Generic check if a given CRL is newer than another. * - * @param this first CRL to check - * @param other second CRL + * @param crl CRL + * @param other CRL to compare to * @return TRUE if this newer than other */ -bool crl_is_newer(crl_t *this, crl_t *other); +bool crl_is_newer(crl_t *crl, crl_t *other); #endif /** CRL_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index fec02dbad..5125aca26 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -41,13 +41,13 @@ enum x509_flag_t { /** cert has no constraints */ X509_NONE = 0, /** cert has CA constraint */ - X509_CA = (1<<0), + X509_CA = (1<<0), /** cert has AA constraint */ - X509_AA = (1<<1), + X509_AA = (1<<1), /** cert has OCSP signer constraint */ - X509_OCSP_SIGNER = (1<<2), + X509_OCSP_SIGNER = (1<<2), /** cert has serverAuth key usage */ - X509_SERVER_AUTH = (1<<3), + X509_SERVER_AUTH = (1<<3), /** cert has clientAuth key usage */ X509_CLIENT_AUTH = (1<<4), /** cert is self-signed */ @@ -76,12 +76,12 @@ enum x509_constraint_t { * X.509 certPolicy extension. */ struct x509_cert_policy_t { - /** OID of certPolicy */ - chunk_t oid; /** Certification Practice Statement URI qualifier */ char *cps_uri; /** UserNotice Text qualifier */ char *unotice_text; + /** OID of certPolicy */ + chunk_t oid; }; /** diff --git a/src/libstrongswan/credentials/cred_encoding.c b/src/libstrongswan/credentials/cred_encoding.c index ac3266f4c..4865984dd 100644 --- a/src/libstrongswan/credentials/cred_encoding.c +++ b/src/libstrongswan/credentials/cred_encoding.c @@ -110,15 +110,13 @@ static bool equals(void *key1, void *key2) return key1 == key2; } -/** - * Implementation of cred_encoding_t.get_cache - */ -static bool get_cache(private_cred_encoding_t *this, cred_encoding_type_t type, - void *cache, chunk_t *encoding) +METHOD(cred_encoding_t, get_cache, bool, + private_cred_encoding_t *this, cred_encoding_type_t type, void *cache, + chunk_t *encoding) { chunk_t *chunk; - if (type >= CRED_ENCODING_MAX || type < 0) + if (type >= CRED_ENCODING_MAX || (int)type < 0) { return FALSE; } @@ -144,7 +142,7 @@ static bool encode(private_cred_encoding_t *this, cred_encoding_type_t type, bool success = FALSE; chunk_t *chunk; - if (type >= CRED_ENCODING_MAX || type < 0) + if (type >= CRED_ENCODING_MAX || (int)type < 0) { return FALSE; } @@ -191,15 +189,13 @@ static bool encode(private_cred_encoding_t *this, cred_encoding_type_t type, return success; } -/** - * Implementation of cred_encoding_t.cache - */ -static void cache(private_cred_encoding_t *this, cred_encoding_type_t type, - void *cache, chunk_t encoding) +METHOD(cred_encoding_t, cache, void, + private_cred_encoding_t *this, cred_encoding_type_t type, void *cache, + chunk_t encoding) { chunk_t *chunk; - if (type >= CRED_ENCODING_MAX || type < 0) + if (type >= CRED_ENCODING_MAX || (int)type < 0) { return free(encoding.ptr); } @@ -216,10 +212,8 @@ static void cache(private_cred_encoding_t *this, cred_encoding_type_t type, } } -/** - * Implementation of cred_encoding_t.clear_cache - */ -static void clear_cache(private_cred_encoding_t *this, void *cache) +METHOD(cred_encoding_t, clear_cache, void, + private_cred_encoding_t *this, void *cache) { cred_encoding_type_t type; chunk_t *chunk; @@ -237,30 +231,24 @@ static void clear_cache(private_cred_encoding_t *this, void *cache) this->lock->unlock(this->lock); } -/** - * Implementation of cred_encoding_t.add_encoder - */ -static void add_encoder(private_cred_encoding_t *this, cred_encoder_t encoder) +METHOD(cred_encoding_t, add_encoder, void, + private_cred_encoding_t *this, cred_encoder_t encoder) { this->lock->write_lock(this->lock); this->encoders->insert_last(this->encoders, encoder); this->lock->unlock(this->lock); } -/** - * Implementation of cred_encoding_t.remove_encoder - */ -static void remove_encoder(private_cred_encoding_t *this, cred_encoder_t encoder) +METHOD(cred_encoding_t, remove_encoder, void, + private_cred_encoding_t *this, cred_encoder_t encoder) { this->lock->write_lock(this->lock); this->encoders->remove(this->encoders, encoder, NULL); this->lock->unlock(this->lock); } -/** - * Implementation of cred_encoder_t.destroy. - */ -static void destroy(private_cred_encoding_t *this) +METHOD(cred_encoding_t, destroy, void, + private_cred_encoding_t *this) { cred_encoding_type_t type; @@ -282,23 +270,27 @@ static void destroy(private_cred_encoding_t *this) */ cred_encoding_t *cred_encoding_create() { - private_cred_encoding_t *this = malloc_thing(private_cred_encoding_t); + private_cred_encoding_t *this; cred_encoding_type_t type; - this->public.encode = (bool(*)(cred_encoding_t*, cred_encoding_type_t type, void *cache, chunk_t *encoding, ...))encode; - this->public.get_cache = (bool(*)(cred_encoding_t*, cred_encoding_type_t type, void *cache, chunk_t *encoding))get_cache; - this->public.cache = (void(*)(cred_encoding_t*, cred_encoding_type_t type, void *cache, chunk_t encoding))cache; - this->public.clear_cache = (void(*)(cred_encoding_t*, void *cache))clear_cache; - this->public.add_encoder = (void(*)(cred_encoding_t*, cred_encoder_t encoder))add_encoder; - this->public.remove_encoder = (void(*)(cred_encoding_t*, cred_encoder_t encoder))remove_encoder; - this->public.destroy = (void(*)(cred_encoding_t*))destroy; + INIT(this, + .public = { + .encode = (bool(*)(cred_encoding_t*, cred_encoding_type_t type, void *cache, chunk_t *encoding, ...))encode, + .get_cache = _get_cache, + .cache = _cache, + .clear_cache = _clear_cache, + .add_encoder = _add_encoder, + .remove_encoder = _remove_encoder, + .destroy = _destroy, + }, + .encoders = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); for (type = 0; type < CRED_ENCODING_MAX; type++) { this->cache[type] = hashtable_create(hash, equals, 8); } - this->encoders = linked_list_create(); - this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); return &this->public; } diff --git a/src/libstrongswan/credentials/cred_encoding.h b/src/libstrongswan/credentials/cred_encoding.h index e2d69691e..b029fe2ac 100644 --- a/src/libstrongswan/credentials/cred_encoding.h +++ b/src/libstrongswan/credentials/cred_encoding.h @@ -59,7 +59,7 @@ bool cred_encoding_args(va_list args, ...); /** * Encoding type of a fingerprint/credential. * - * Fingerprints have have the KEYID_*, public keys the PUBKEY_* and + * Fingerprints have the KEYID_*, public keys the PUBKEY_* and * private keys the PRIVKEY_* prefix. */ enum cred_encoding_type_t { diff --git a/src/libstrongswan/credentials/credential_factory.h b/src/libstrongswan/credentials/credential_factory.h index 709dc916a..c31601245 100644 --- a/src/libstrongswan/credentials/credential_factory.h +++ b/src/libstrongswan/credentials/credential_factory.h @@ -54,7 +54,7 @@ struct credential_factory_t { * The variable argument list takes builder_part_t types followed * by the type specific value. The list must be terminated using BUILD_END. * All passed parts get cloned/refcounted by the builder functions, - * so free up allocated ressources after successful and unsuccessful + * so free up allocated resources after successful and unsuccessful * invocations. * * @param type credential type to build diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 27b97eab3..b3461b810 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -866,7 +866,7 @@ METHOD(credential_manager_t, create_public_enumerator, enumerator_t*, } /** - * Check if an helper contains a certificate as trust anchor + * Check if a helper contains a certificate as trust anchor */ static bool auth_contains_cacert(auth_cfg_t *auth, certificate_t *cert) { @@ -949,7 +949,7 @@ static auth_cfg_t *build_trustchain(private_credential_manager_t *this, } /** - * find a private key of a give certificate + * find a private key of a given certificate */ static private_key_t *get_private_by_cert(private_credential_manager_t *this, certificate_t *cert, key_type_t type) diff --git a/src/libstrongswan/credentials/credential_manager.h b/src/libstrongswan/credentials/credential_manager.h index 04269cfbf..8e8f04b8c 100644 --- a/src/libstrongswan/credentials/credential_manager.h +++ b/src/libstrongswan/credentials/credential_manager.h @@ -36,11 +36,11 @@ typedef struct credential_manager_t credential_manager_t; * Manages credentials using credential_sets. * * The credential manager is the entry point of the credential framework. It - * uses so called "sets" to access credentials in a modular fashion, these + * uses so called "sets" to access credentials in a modular fashion. These * are implemented through the credential_set_t interface. * The manager additionally does trust chain verification and trust status - * chaching. A set may call the managers methods if it needs credentials itself, - * the manager uses recursive locking. + * caching. A set may call the managers methods if it needs credentials itself. + * The manager uses recursive locking. * * @verbatim @@ -62,8 +62,8 @@ typedef struct credential_manager_t credential_manager_t; @endverbatim * - * The credential manager uses rwlocks for performance reasons, credential - * sets must be fully thread save. + * The credential manager uses rwlocks for performance reasons. Credential + * sets must be fully thread-safe. */ struct credential_manager_t { @@ -84,7 +84,7 @@ struct credential_manager_t { * * The enumerator enumerates over: * shared_key_t*, id_match_t me, id_match_t other - * But must accepts values for the id_matches. + * But must accept values for the id_matches. * * @param type kind of requested shared key * @param first first subject between key is shared @@ -120,7 +120,7 @@ struct credential_manager_t { * * @param type kind of requested shared key * @param me own identity - * @param other peers identity + * @param other peer identity * @return shared_key_t, NULL if none found */ shared_key_t *(*get_shared)(credential_manager_t *this, shared_key_type_t type, @@ -130,7 +130,7 @@ struct credential_manager_t { * * The get_private() method gets a secret private key identified by either * the keyid itself or an id the key belongs to. - * The auth parameter contains additional information, such as receipients + * The auth parameter contains additional information, such as recipients * trusted CA certs. Auth gets filled with subject and CA certificates * needed to validate a created signature. * @@ -146,7 +146,7 @@ struct credential_manager_t { * Create an enumerator over trusted certificates. * * This method creates an enumerator over trusted certificates. The auth - * parameter (if given) recevies the trustchain used to validate + * parameter (if given) receives the trustchain used to validate * the certificate. The resulting enumerator enumerates over * certificate_t*, auth_cfg_t*. * If online is set, revocations are checked online for the whole @@ -163,7 +163,7 @@ struct credential_manager_t { /** * Create an enumerator over trusted public keys. * - * This method gets a an enumerator over trusted public keys to verify a + * This method creates an enumerator over trusted public keys to verify a * signature created by id. The auth parameter contains additional * authentication infos, e.g. peer and intermediate certificates. * The resulting enumerator enumerates over public_key_t *, auth_cfg_t *, @@ -180,7 +180,7 @@ struct credential_manager_t { key_type_t type, identification_t *id, auth_cfg_t *auth); /** - * Cache a certificate by invoking cache_cert() on all registerd sets. + * Cache a certificate by invoking cache_cert() on all registered sets. * * @param cert certificate to cache */ @@ -199,8 +199,8 @@ struct credential_manager_t { /** * Check if a given subject certificate is issued by an issuer certificate. * - * This operation does signature verification, but uses the credential - * managers cache for to speed up the operation. + * This operation does signature verification using the credential + * manager's cache to speed up the operation. * * @param subject subject certificate to check * @param issuer issuer certificate that potentially has signed subject @@ -228,7 +228,7 @@ struct credential_manager_t { * * To add a credential set for the current trustchain verification * operation, sets may be added for the calling thread only. This - * does not require a write lock and is therefore a much less expensive + * does not require a write lock and is therefore a much cheaper * operation. * * @param set set to register diff --git a/src/libstrongswan/credentials/credential_set.h b/src/libstrongswan/credentials/credential_set.h index 0eee237cb..8673c484f 100644 --- a/src/libstrongswan/credentials/credential_set.h +++ b/src/libstrongswan/credentials/credential_set.h @@ -38,7 +38,7 @@ typedef struct credential_set_t credential_set_t; * A credential set enumerator may not block the credential set, i.e. multiple * threads must be able to hold multiple enumerators, as the credential manager * is higly parallelized. The best way to achieve this is by using shared - * read locks for the enumerators only. Otherwiese deadlocks will occur. + * read locks for the enumerators only. Otherwise deadlocks will occur. * The writing cache_cert() routine is called by the manager only if no * enumerator is alive, so it is save to use a write lock there. */ @@ -97,7 +97,7 @@ struct credential_set_t { /** * Cache a certificate in the credential set. * - * The caching policy is implementation dependent, the sets may cache the + * The caching policy is implementation dependent. The sets may cache the * certificate in-memory, persistent on disk or not at all. * * @param cert certificate to cache diff --git a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c index fecc9910e..fb18fb53d 100644 --- a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c +++ b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c @@ -102,15 +102,14 @@ static void ietf_attr_destroy(ietf_attr_t *this) */ static ietf_attr_t* ietf_attr_create(ietf_attribute_type_t type, chunk_t value) { - ietf_attr_t *this = malloc_thing(ietf_attr_t); + ietf_attr_t *this; - /* initialize */ - this->type = type; - this->value = chunk_clone(value); - - /* function */ - this->compare = ietf_attr_compare; - this->destroy = ietf_attr_destroy; + INIT(this, + .compare = ietf_attr_compare, + .destroy = ietf_attr_destroy, + .type = type, + .value = chunk_clone(value), + ); return this; } @@ -142,10 +141,8 @@ struct private_ietf_attributes_t { refcount_t ref; }; -/** - * Implementation of ietf_attributes_t.get_string. - */ -static char* get_string(private_ietf_attributes_t *this) +METHOD(ietf_attributes_t, get_string, char*, + private_ietf_attributes_t *this) { if (this->string == NULL) { @@ -217,10 +214,8 @@ static char* get_string(private_ietf_attributes_t *this) return this->string; } -/** - * Implementation of ietf_attributes_t.get_encoding. - */ -static chunk_t get_encoding(private_ietf_attributes_t *this) +METHOD(ietf_attributes_t, get_encoding, chunk_t, + private_ietf_attributes_t *this) { chunk_t values; size_t size = 0; @@ -270,7 +265,11 @@ static chunk_t get_encoding(private_ietf_attributes_t *this) return asn1_wrap(ASN1_SEQUENCE, "m", values); } -static bool equals(private_ietf_attributes_t *this, private_ietf_attributes_t *other) +/** + * Implementation of ietf_attributes_t.equals. + */ +static bool equals(private_ietf_attributes_t *this, + private_ietf_attributes_t *other) { bool result = TRUE; @@ -304,7 +303,11 @@ static bool equals(private_ietf_attributes_t *this, private_ietf_attributes_t *o return result; } -static bool matches(private_ietf_attributes_t *this, private_ietf_attributes_t *other) +/** + * Implementation of ietf_attributes_t.matches. + */ +static bool matches(private_ietf_attributes_t *this, + private_ietf_attributes_t *other) { bool result = FALSE; ietf_attr_t *attr_a, *attr_b; @@ -364,19 +367,15 @@ static bool matches(private_ietf_attributes_t *this, private_ietf_attributes_t * return result; } -/** - * Implementation of ietf_attributes_t.get_ref - */ -static private_ietf_attributes_t* get_ref(private_ietf_attributes_t *this) +METHOD(ietf_attributes_t, get_ref, ietf_attributes_t*, + private_ietf_attributes_t *this) { ref_get(&this->ref); - return this; + return &this->public; } -/** - * Implementation of ietf_attributes_t.destroy. - */ -static void destroy(private_ietf_attributes_t *this) +METHOD(ietf_attributes_t, destroy, void, + private_ietf_attributes_t *this) { if (ref_put(&this->ref)) { @@ -388,18 +387,21 @@ static void destroy(private_ietf_attributes_t *this) static private_ietf_attributes_t* create_empty(void) { - private_ietf_attributes_t *this = malloc_thing(private_ietf_attributes_t); - - this->public.get_string = (char* (*)(ietf_attributes_t*))get_string; - this->public.get_encoding = (chunk_t (*)(ietf_attributes_t*))get_encoding; - this->public.equals = (bool (*)(ietf_attributes_t*,ietf_attributes_t*))equals; - this->public.matches = (bool (*)(ietf_attributes_t*,ietf_attributes_t*))matches; - this->public.get_ref = (ietf_attributes_t* (*)(ietf_attributes_t*))get_ref; - this->public.destroy = (void (*)(ietf_attributes_t*))destroy; - - this->list = linked_list_create(); - this->string = NULL; - this->ref = 1; + private_ietf_attributes_t *this; + + INIT(this, + .public = { + .get_string = _get_string, + .get_encoding = _get_encoding, + .equals = (bool (*)(ietf_attributes_t*,ietf_attributes_t*))equals, + .matches = (bool (*)(ietf_attributes_t*,ietf_attributes_t*))matches, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .list = linked_list_create(), + .ref = 1, + ); + return this; } @@ -410,34 +412,24 @@ static void ietf_attributes_add(private_ietf_attributes_t *this, ietf_attr_t *attr) { ietf_attr_t *current_attr; - bool found = FALSE; - iterator_t *iterator; + enumerator_t *enumerator; + int cmp = -1; - iterator = this->list->create_iterator(this->list, TRUE); - while (iterator->iterate(iterator, (void **)¤t_attr)) + enumerator = this->list->create_enumerator(this->list); + while (enumerator->enumerate(enumerator, (void **)¤t_attr) && + (cmp = attr->compare(attr, current_attr)) > 0) { - int cmp = attr->compare(attr, current_attr); - - if (cmp > 0) - { - continue; - } - if (cmp == 0) - { - attr->destroy(attr); - } - else - { - iterator->insert_before(iterator, attr); - } - found = TRUE; - break; + continue; } - iterator->destroy(iterator); - if (!found) + if (cmp == 0) { - this->list->insert_last(this->list, attr); + attr->destroy(attr); + } + else + { /* the enumerator either points to the end or to the attribute > attr */ + this->list->insert_before(this->list, enumerator, attr); } + enumerator->destroy(enumerator); } /* @@ -527,7 +519,7 @@ ietf_attributes_t *ietf_attributes_create_from_encoding(chunk_t encoded) ietf_attr_t *attr; type = (objectID - IETF_ATTR_OCTETS) / 2; - attr = ietf_attr_create(type, object); + attr = ietf_attr_create(type, object); ietf_attributes_add(this, attr); } break; diff --git a/src/libstrongswan/credentials/keys/private_key.h b/src/libstrongswan/credentials/keys/private_key.h index e57d3f5a5..b9f7dad55 100644 --- a/src/libstrongswan/credentials/keys/private_key.h +++ b/src/libstrongswan/credentials/keys/private_key.h @@ -133,11 +133,11 @@ struct private_key_t { /** * Generic private key equals() implementation, usable by implementors. * - * @param this first key to compare - * @param other second key to compare + * @param private private key to check + * @param other key to compare * @return TRUE if this is equal to other */ -bool private_key_equals(private_key_t *this, private_key_t *other); +bool private_key_equals(private_key_t *private, private_key_t *other); /** * Generic private key belongs_to() implementation, usable by implementors. @@ -151,10 +151,10 @@ bool private_key_belongs_to(private_key_t *private, public_key_t *public); /** * Generic private key has_fingerprint() implementation, usable by implementors. * - * @param this key to check fingerprint + * @param private private key to check * @param fingerprint fingerprint to check * @return TRUE if key has given fingerprint */ -bool private_key_has_fingerprint(private_key_t *this, chunk_t fingerprint); +bool private_key_has_fingerprint(private_key_t *private, chunk_t fingerprint); #endif /** PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/credentials/keys/public_key.c b/src/libstrongswan/credentials/keys/public_key.c index 22df5dd1b..37bba77d1 100644 --- a/src/libstrongswan/credentials/keys/public_key.c +++ b/src/libstrongswan/credentials/keys/public_key.c @@ -17,7 +17,8 @@ #include "public_key.h" -ENUM(key_type_names, KEY_RSA, KEY_DSA, +ENUM(key_type_names, KEY_ANY, KEY_DSA, + "ANY", "RSA", "ECDSA", "DSA" diff --git a/src/libstrongswan/credentials/keys/public_key.h b/src/libstrongswan/credentials/keys/public_key.h index d20d2736b..fdbe17f2c 100644 --- a/src/libstrongswan/credentials/keys/public_key.h +++ b/src/libstrongswan/credentials/keys/public_key.h @@ -151,7 +151,7 @@ struct public_key_t { * @param scheme encryption scheme to use * @param plain chunk containing plaintext data * @param crypto where to allocate encrypted data - * @return TRUE if data successfully encrypted + * @return TRUE if data successfully encrypted */ bool (*encrypt)(public_key_t *this, encryption_scheme_t scheme, chunk_t plain, chunk_t *crypto); @@ -215,20 +215,20 @@ struct public_key_t { /** * Generic public key equals() implementation, usable by implementors. * - * @param this first key to compare - * @param other second key to compare + * @param public public key to check + * @param other key to compare * @return TRUE if this is equal to other */ -bool public_key_equals(public_key_t *this, public_key_t *other); +bool public_key_equals(public_key_t *public, public_key_t *other); /** * Generic public key has_fingerprint() implementation, usable by implementors. * - * @param this key to check fingerprint + * @param public public key to check * @param fingerprint fingerprint to check * @return TRUE if key has given fingerprint */ -bool public_key_has_fingerprint(public_key_t *this, chunk_t fingerprint); +bool public_key_has_fingerprint(public_key_t *public, chunk_t fingerprint); /** * Conversion of ASN.1 signature or hash OID to signature scheme. diff --git a/src/libstrongswan/credentials/keys/shared_key.c b/src/libstrongswan/credentials/keys/shared_key.c index f695c078d..1c2d31167 100644 --- a/src/libstrongswan/credentials/keys/shared_key.c +++ b/src/libstrongswan/credentials/keys/shared_key.c @@ -51,35 +51,27 @@ struct private_shared_key_t { refcount_t ref; }; -/** - * Implements shared_key_t.get_type - */ -static shared_key_type_t get_type(private_shared_key_t *this) +METHOD(shared_key_t, get_type, shared_key_type_t, + private_shared_key_t *this) { return this->type; } -/** - * Implements shared_key_t.get_key - */ -static chunk_t get_key(private_shared_key_t *this) +METHOD(shared_key_t, get_key, chunk_t, + private_shared_key_t *this) { return this->key; } -/** - * Implements shared_key_t.get_ref - */ -static shared_key_t* get_ref(private_shared_key_t *this) +METHOD(shared_key_t, get_ref, shared_key_t*, + private_shared_key_t *this) { ref_get(&this->ref); return &this->public; } -/** - * Implementation of shared_key_t.destroy - */ -static void destroy(private_shared_key_t *this) +METHOD(shared_key_t, destroy, void, + private_shared_key_t *this) { if (ref_put(&this->ref)) { @@ -93,16 +85,19 @@ static void destroy(private_shared_key_t *this) */ shared_key_t *shared_key_create(shared_key_type_t type, chunk_t key) { - private_shared_key_t *this = malloc_thing(private_shared_key_t); - - this->public.get_type = (shared_key_type_t (*)(shared_key_t *this))get_type; - this->public.get_key = (chunk_t (*)(shared_key_t *this))get_key; - this->public.get_ref = (shared_key_t* (*)(shared_key_t *this))get_ref; - this->public.destroy = (void(*)(shared_key_t*))destroy; - - this->type = type; - this->key = key; - this->ref = 1; + private_shared_key_t *this; + + INIT(this, + .public = { + .get_type = _get_type, + .get_key = _get_key, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .type = type, + .key = key, + .ref = 1, + ); return &this->public; } diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c index 225fabe31..2cef23328 100644 --- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c +++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c @@ -172,12 +172,9 @@ static void wrapper_enumerator_destroy(wrapper_enumerator_t *this) free(this); } -/** - * implementation of auth_cfg_wrapper_t.set.create_cert_enumerator - */ -static enumerator_t *create_enumerator(private_auth_cfg_wrapper_t *this, - certificate_type_t cert, key_type_t key, - identification_t *id, bool trusted) +METHOD(credential_set_t, create_enumerator, enumerator_t*, + private_auth_cfg_wrapper_t *this, certificate_type_t cert, key_type_t key, + identification_t *id, bool trusted) { wrapper_enumerator_t *enumerator; @@ -196,10 +193,8 @@ static enumerator_t *create_enumerator(private_auth_cfg_wrapper_t *this, return &enumerator->public; } -/** - * Implementation of auth_cfg_wrapper_t.destroy - */ -static void destroy(private_auth_cfg_wrapper_t *this) +METHOD(auth_cfg_wrapper_t, destroy, void, + private_auth_cfg_wrapper_t *this) { free(this); } @@ -209,16 +204,20 @@ static void destroy(private_auth_cfg_wrapper_t *this) */ auth_cfg_wrapper_t *auth_cfg_wrapper_create(auth_cfg_t *auth) { - private_auth_cfg_wrapper_t *this = malloc_thing(private_auth_cfg_wrapper_t); - - this->public.set.create_private_enumerator = (void*)return_null; - this->public.set.create_cert_enumerator = (void*)create_enumerator; - this->public.set.create_shared_enumerator = (void*)return_null; - this->public.set.create_cdp_enumerator = (void*)return_null; - this->public.set.cache_cert = (void*)nop; - this->public.destroy = (void(*)(auth_cfg_wrapper_t*))destroy; - - this->auth = auth; + private_auth_cfg_wrapper_t *this; + + INIT(this, + .public = { + .set = { + .create_cert_enumerator = _create_enumerator, + .create_shared_enumerator = (void*)return_null, + .create_cdp_enumerator = (void*)return_null, + .cache_cert = (void*)nop, + }, + .destroy = _destroy, + }, + .auth = auth, + ); return &this->public; } diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c index 7161ac9ac..968c3e31e 100644 --- a/src/libstrongswan/credentials/sets/cert_cache.c +++ b/src/libstrongswan/credentials/sets/cert_cache.c @@ -132,11 +132,8 @@ static void cache(private_cert_cache_t *this, } } -/** - * Implementation of cert_cache_t.issued_by. - */ -static bool issued_by(private_cert_cache_t *this, - certificate_t *subject, certificate_t *issuer) +METHOD(cert_cache_t, issued_by, bool, + private_cert_cache_t *this, certificate_t *subject, certificate_t *issuer) { relation_t *found = NULL, *current; int i; @@ -270,12 +267,9 @@ static void cert_enumerator_destroy(cert_enumerator_t *this) free(this); } -/** - * implementation of credential_set_t.create_cert_enumerator - */ -static enumerator_t *create_enumerator(private_cert_cache_t *this, - certificate_type_t cert, key_type_t key, - identification_t *id, bool trusted) +METHOD(credential_set_t, create_enumerator, enumerator_t*, + private_cert_cache_t *this, certificate_type_t cert, key_type_t key, + identification_t *id, bool trusted) { cert_enumerator_t *enumerator; @@ -296,10 +290,8 @@ static enumerator_t *create_enumerator(private_cert_cache_t *this, return &enumerator->public; } -/** - * Implementation of cert_cache_t.flush. - */ -static void flush(private_cert_cache_t *this, certificate_type_t type) +METHOD(cert_cache_t, flush, void, + private_cert_cache_t *this, certificate_type_t type) { relation_t *rel; int i; @@ -339,10 +331,8 @@ static void flush(private_cert_cache_t *this, certificate_type_t type) } } -/** - * Implementation of cert_cache_t.destroy - */ -static void destroy(private_cert_cache_t *this) +METHOD(cert_cache_t, destroy, void, + private_cert_cache_t *this) { relation_t *rel; int i; @@ -368,15 +358,20 @@ cert_cache_t *cert_cache_create() private_cert_cache_t *this; int i; - this = malloc_thing(private_cert_cache_t); - this->public.set.create_private_enumerator = (void*)return_null; - this->public.set.create_cert_enumerator = (void*)create_enumerator; - this->public.set.create_shared_enumerator = (void*)return_null; - this->public.set.create_cdp_enumerator = (void*)return_null; - this->public.set.cache_cert = (void*)nop; - this->public.issued_by = (bool(*)(cert_cache_t*, certificate_t *subject, certificate_t *issuer))issued_by; - this->public.flush = (void(*)(cert_cache_t*, certificate_type_t type))flush; - this->public.destroy = (void(*)(cert_cache_t*))destroy; + INIT(this, + .public = { + .set = { + .create_cert_enumerator = _create_enumerator, + .create_private_enumerator = (void*)return_null, + .create_shared_enumerator = (void*)return_null, + .create_cdp_enumerator = (void*)return_null, + .cache_cert = (void*)nop, + }, + .issued_by = _issued_by, + .flush = _flush, + .destroy = _destroy, + }, + ); for (i = 0; i < CACHE_SIZE; i++) { @@ -385,5 +380,6 @@ cert_cache_t *cert_cache_create() this->relations[i].hits = 0; this->relations[i].lock = rwlock_create(RWLOCK_TYPE_DEFAULT); } + return &this->public; } diff --git a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c index 4786495da..151d69216 100644 --- a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c +++ b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c @@ -94,12 +94,9 @@ static void enumerator_destroy(wrapper_enumerator_t *this) free(this); } -/** - * implementation of ocsp_response_wrapper_t.set.create_cert_enumerator - */ -static enumerator_t *create_enumerator(private_ocsp_response_wrapper_t *this, - certificate_type_t cert, key_type_t key, - identification_t *id, bool trusted) +METHOD(credential_set_t, create_enumerator, enumerator_t*, + private_ocsp_response_wrapper_t *this,certificate_type_t cert, + key_type_t key, identification_t *id, bool trusted) { wrapper_enumerator_t *enumerator; @@ -118,10 +115,8 @@ static enumerator_t *create_enumerator(private_ocsp_response_wrapper_t *this, return &enumerator->public; } -/** - * Implementation of ocsp_response_wrapper_t.destroy - */ -static void destroy(private_ocsp_response_wrapper_t *this) +METHOD(ocsp_response_wrapper_t, destroy, void, + private_ocsp_response_wrapper_t *this) { free(this); } @@ -131,16 +126,21 @@ static void destroy(private_ocsp_response_wrapper_t *this) */ ocsp_response_wrapper_t *ocsp_response_wrapper_create(ocsp_response_t *response) { - private_ocsp_response_wrapper_t *this = malloc_thing(private_ocsp_response_wrapper_t); - - this->public.set.create_private_enumerator = (void*)return_null; - this->public.set.create_cert_enumerator = (void*)create_enumerator; - this->public.set.create_shared_enumerator = (void*)return_null; - this->public.set.create_cdp_enumerator = (void*)return_null; - this->public.set.cache_cert = (void*)nop; - this->public.destroy = (void(*)(ocsp_response_wrapper_t*))destroy; - - this->response = response; + private_ocsp_response_wrapper_t *this; + + INIT(this, + .public = { + .set = { + .create_cert_enumerator = _create_enumerator, + .create_private_enumerator = (void*)return_null, + .create_shared_enumerator = (void*)return_null, + .create_cdp_enumerator = (void*)return_null, + .cache_cert = (void*)nop, + }, + .destroy = _destroy, + }, + .response = response, + ); return &this->public; } diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h index d560381d9..3f6abb4f9 100644 --- a/src/libstrongswan/crypto/aead.h +++ b/src/libstrongswan/crypto/aead.h @@ -111,7 +111,7 @@ struct aead_t { * Create a aead instance using traditional transforms. * * @param crypter encryption transform for this aead - * @param signer integrity tranform for this aead + * @param signer integrity transform for this aead * @return aead transform */ aead_t *aead_create(crypter_t *crypter, signer_t *signer); diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 4635dccea..8b1daa885 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -102,6 +102,8 @@ static const char* get_name(void *sym) return "unknown"; } +#ifdef CLOCK_THREAD_CPUTIME_ID + /** * Start a benchmark timer */ @@ -122,6 +124,14 @@ static u_int end_timing(struct timespec *start) (end.tv_sec - start->tv_sec) * 1000; } +#else /* CLOCK_THREAD_CPUTIME_ID */ + +/* Make benchmarking a no-op if CLOCK_THREAD_CPUTIME_ID is not available */ +#define start_timing(start) ((start)->tv_sec = 0, (start)->tv_nsec = 0) +#define end_timing(...) (this->bench_time) + +#endif /* CLOCK_THREAD_CPUTIME_ID */ + /** * Benchmark a crypter */ diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index 5f7365321..1124ee6f7 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -64,7 +64,8 @@ static struct { 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, - 0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0xF4,0x4C,0x42,0xE9,0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_1024_BIT, .opt_exp = 32, .public = { @@ -77,7 +78,8 @@ static struct { 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, - 0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_1536_BIT, .opt_exp = 32, .public = { @@ -94,7 +96,8 @@ static struct { 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, - 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_2048_BIT, .opt_exp = 48, .public = { @@ -115,7 +118,8 @@ static struct { 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,0xEC,0x07,0xA2,0x8F, 0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18, 0x39,0x95,0x49,0x7C,0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10, - 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_3072_BIT, .opt_exp = 48, .public = { @@ -144,7 +148,8 @@ static struct { 0xD8,0x76,0x02,0x73,0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C, 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,0xBA,0xD9,0x46,0xE2, 0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E, - 0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0x4B,0x82,0xD1,0x20,0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_4096_BIT, .opt_exp = 64, .public = { @@ -181,7 +186,8 @@ static struct { 0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF, 0xB8,0x1B,0xDD,0x76,0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9, 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,0x90,0xA6,0xC0,0x8F, - 0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_6144_BIT, .opt_exp = 64, .public = { @@ -234,7 +240,8 @@ static struct { 0xF5,0x50,0xAA,0x3D,0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C, 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,0x6E,0x3C,0x04,0x68, 0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6, - 0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0xE6,0x94,0xF9,0x1E,0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_8192_BIT, .opt_exp = 64, .public = { @@ -303,7 +310,8 @@ static struct { 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,0xD5,0xEE,0x38,0x2B, 0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA, 0x9E,0x30,0x50,0xE2,0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71, - 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF) + 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF), + .exp_len = 0, }, },{ .group = MODP_1024_160, .opt_exp = 20, .public = { diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index 9ae772363..cab3b1ba7 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -57,7 +57,7 @@ enum diffie_hellman_group_t { ECP_224_BIT = 26, /** insecure NULL diffie hellman group for testing, in PRIVATE USE */ MODP_NULL = 1024, - /** MODP group with custon generator, prime */ + /** MODP group with custom generator/prime */ MODP_CUSTOM = 1025, }; @@ -74,8 +74,7 @@ struct diffie_hellman_t { /** * Returns the shared secret of this diffie hellman exchange. * - * Space for returned secret is allocated and must be - * freed by the caller. + * Space for returned secret is allocated and must be freed by the caller. * * @param secret shared secret will be written into this chunk * @return SUCCESS, FAILED if not both DH values are set @@ -108,7 +107,7 @@ struct diffie_hellman_t { diffie_hellman_group_t (*get_dh_group) (diffie_hellman_t *this); /** - * Destroys an diffie_hellman_t object. + * Destroys a diffie_hellman_t object. */ void (*destroy) (diffie_hellman_t *this); }; diff --git a/src/libstrongswan/crypto/pkcs9.c b/src/libstrongswan/crypto/pkcs9.c index e3ba0f129..63a615238 100644 --- a/src/libstrongswan/crypto/pkcs9.c +++ b/src/libstrongswan/crypto/pkcs9.c @@ -68,8 +68,6 @@ struct attribute_t { /** * Destroys the attribute. - * - * @param this attribute to destroy */ void (*destroy) (attribute_t *this); @@ -184,23 +182,24 @@ static void attribute_destroy(attribute_t *this) */ static attribute_t *attribute_create(int oid, chunk_t value) { - attribute_t *this = malloc_thing(attribute_t); - - this->oid = oid; - this->value = chunk_clone(value); - this->encoding = asn1_wrap(ASN1_SEQUENCE, "cm", - asn1_attributeIdentifier(oid), - asn1_simple_object(ASN1_SET, value)); - this->destroy = (void (*) (attribute_t*))attribute_destroy; + attribute_t *this; + + INIT(this, + .destroy = attribute_destroy, + .oid = oid, + .value = chunk_clone(value), + .encoding = asn1_wrap(ASN1_SEQUENCE, "cm", + asn1_attributeIdentifier(oid), + asn1_simple_object(ASN1_SET, value)), + ); + return this; } -/** - * Implements pkcs9_t.build_encoding - */ -static void build_encoding(private_pkcs9_t *this) +METHOD(pkcs9_t, build_encoding, void, + private_pkcs9_t *this) { - iterator_t *iterator; + enumerator_t *enumerator; attribute_t *attribute; u_int attributes_len = 0; @@ -214,33 +213,31 @@ static void build_encoding(private_pkcs9_t *this) } /* compute the total length of the encoded attributes */ - iterator = this->attributes->create_iterator(this->attributes, TRUE); + enumerator = this->attributes->create_enumerator(this->attributes); - while (iterator->iterate(iterator, (void**)&attribute)) + while (enumerator->enumerate(enumerator, (void**)&attribute)) { attributes_len += attribute->encoding.len; } - iterator->destroy(iterator); + enumerator->destroy(enumerator); /* allocate memory for the attributes and build the encoding */ { u_char *pos = asn1_build_object(&this->encoding, ASN1_SET, attributes_len); - iterator = this->attributes->create_iterator(this->attributes, TRUE); + enumerator = this->attributes->create_enumerator(this->attributes); - while (iterator->iterate(iterator, (void**)&attribute)) + while (enumerator->enumerate(enumerator, (void**)&attribute)) { memcpy(pos, attribute->encoding.ptr, attribute->encoding.len); pos += attribute->encoding.len; } - iterator->destroy(iterator); + enumerator->destroy(enumerator); } } -/** - * Implements pkcs9_t.get_encoding - */ -static chunk_t get_encoding(private_pkcs9_t *this) +METHOD(pkcs9_t, get_encoding, chunk_t, + private_pkcs9_t *this) { if (this->encoding.ptr == NULL) { @@ -249,16 +246,15 @@ static chunk_t get_encoding(private_pkcs9_t *this) return this->encoding; } -/** - * Implements pkcs9_t.get_attribute - */ -static chunk_t get_attribute(private_pkcs9_t *this, int oid) +METHOD(pkcs9_t, get_attribute, chunk_t, + private_pkcs9_t *this, int oid) { - iterator_t *iterator = this->attributes->create_iterator(this->attributes, TRUE); + enumerator_t *enumerator; chunk_t value = chunk_empty; attribute_t *attribute; - while (iterator->iterate(iterator, (void**)&attribute)) + enumerator = this->attributes->create_enumerator(this->attributes); + while (enumerator->enumerate(enumerator, (void**)&attribute)) { if (attribute->oid == oid) { @@ -266,24 +262,20 @@ static chunk_t get_attribute(private_pkcs9_t *this, int oid) break; } } - iterator->destroy(iterator); + enumerator->destroy(enumerator); return value; } -/** - * Implements pkcs9_t.set_attribute - */ -static void set_attribute(private_pkcs9_t *this, int oid, chunk_t value) +METHOD(pkcs9_t, set_attribute, void, + private_pkcs9_t *this, int oid, chunk_t value) { attribute_t *attribute = attribute_create(oid, value); this->attributes->insert_last(this->attributes, (void*)attribute); } -/** - * Implements pkcs9_t.get_messageDigest - */ -static chunk_t get_messageDigest(private_pkcs9_t *this) +METHOD(pkcs9_t, get_messageDigest, chunk_t, + private_pkcs9_t *this) { const int oid = OID_PKCS9_MESSAGE_DIGEST; chunk_t value = get_attribute(this, oid); @@ -300,10 +292,8 @@ static chunk_t get_messageDigest(private_pkcs9_t *this) return chunk_clone(value); } -/** - * Implements pkcs9_t.set_attribute - */ -static void set_messageDigest(private_pkcs9_t *this, chunk_t value) +METHOD(pkcs9_t, set_messageDigest, void, + private_pkcs9_t *this, chunk_t value) { const int oid = OID_PKCS9_MESSAGE_DIGEST; chunk_t messageDigest = asn1_simple_object(asn1_attributeType(oid), value); @@ -312,10 +302,8 @@ static void set_messageDigest(private_pkcs9_t *this, chunk_t value) free(messageDigest.ptr); } -/** - * Implements pkcs9_t.destroy - */ -static void destroy(private_pkcs9_t *this) +METHOD(pkcs9_t, destroy, void, + private_pkcs9_t *this) { this->attributes->destroy_offset(this->attributes, offsetof(attribute_t, destroy)); free(this->encoding.ptr); @@ -327,20 +315,20 @@ static void destroy(private_pkcs9_t *this) */ static private_pkcs9_t *pkcs9_create_empty(void) { - private_pkcs9_t *this = malloc_thing(private_pkcs9_t); - - /* initialize */ - this->encoding = chunk_empty; - this->attributes = linked_list_create(); - - /*public functions */ - this->public.build_encoding = (void (*) (pkcs9_t*))build_encoding; - this->public.get_encoding = (chunk_t (*) (pkcs9_t*))get_encoding; - this->public.get_attribute = (chunk_t (*) (pkcs9_t*,int))get_attribute; - this->public.set_attribute = (void (*) (pkcs9_t*,int,chunk_t))set_attribute; - this->public.get_messageDigest = (chunk_t (*) (pkcs9_t*))get_messageDigest; - this->public.set_messageDigest = (void (*) (pkcs9_t*,chunk_t))set_messageDigest; - this->public.destroy = (void (*) (pkcs9_t*))destroy; + private_pkcs9_t *this; + + INIT(this, + .public = { + .build_encoding = _build_encoding, + .get_encoding = _get_encoding, + .get_attribute = _get_attribute, + .set_attribute = _set_attribute, + .get_messageDigest = _get_messageDigest, + .set_messageDigest = _set_messageDigest, + .destroy = _destroy, + }, + .attributes = linked_list_create(), + ); return this; } diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c index 6bd0f7465..8e815e608 100644 --- a/src/libstrongswan/crypto/prf_plus.c +++ b/src/libstrongswan/crypto/prf_plus.c @@ -56,10 +56,8 @@ struct private_prf_plus_t { u_int8_t appending_octet; }; -/** - * Implementation of prf_plus_t.get_bytes. - */ -static void get_bytes(private_prf_plus_t *this, size_t length, u_int8_t *buffer) +METHOD(prf_plus_t, get_bytes, void, + private_prf_plus_t *this, size_t length, u_int8_t *buffer) { chunk_t appending_chunk; size_t bytes_in_round; @@ -89,10 +87,8 @@ static void get_bytes(private_prf_plus_t *this, size_t length, u_int8_t *buffer) } } -/** - * Implementation of prf_plus_t.allocate_bytes. - */ -static void allocate_bytes(private_prf_plus_t *this, size_t length, chunk_t *chunk) +METHOD(prf_plus_t, allocate_bytes, void, + private_prf_plus_t *this, size_t length, chunk_t *chunk) { if (length) { @@ -106,10 +102,8 @@ static void allocate_bytes(private_prf_plus_t *this, size_t length, chunk_t *chu } } -/** - * Implementation of prf_plus_t.destroy. - */ -static void destroy(private_prf_plus_t *this) +METHOD(prf_plus_t, destroy, void, + private_prf_plus_t *this) { free(this->buffer.ptr); free(this->seed.ptr); @@ -124,15 +118,14 @@ prf_plus_t *prf_plus_create(prf_t *prf, chunk_t seed) private_prf_plus_t *this; chunk_t appending_chunk; - this = malloc_thing(private_prf_plus_t); - - /* set public methods */ - this->public.get_bytes = (void (*)(prf_plus_t *,size_t,u_int8_t*))get_bytes; - this->public.allocate_bytes = (void (*)(prf_plus_t *,size_t,chunk_t*))allocate_bytes; - this->public.destroy = (void (*)(prf_plus_t *))destroy; - - /* take over prf */ - this->prf = prf; + INIT(this, + .public = { + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .destroy = _destroy, + }, + .prf = prf, + ); /* allocate buffer for prf output */ this->buffer.len = prf->get_block_size(prf); diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c index d65955a2e..2060864a5 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c @@ -59,7 +59,7 @@ struct proposal_token { u_int16_t keysize; }; -#define TOTAL_KEYWORDS 119 +#define TOTAL_KEYWORDS 122 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 #define MIN_HASH_VALUE 9 @@ -90,7 +90,7 @@ hash (str, len) 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 131, 214, 3, 22, 21, - 3, 1, 101, 48, 3, 4, 214, 214, 3, 214, + 3, 1, 101, 48, 3, 4, 214, 214, 3, 10, 57, 4, 214, 214, 94, 6, 3, 32, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, @@ -196,7 +196,9 @@ static const struct proposal_token wordlist[] = {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, + {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0}, {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, @@ -250,6 +252,7 @@ static const struct proposal_token wordlist[] = {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, + {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0}, {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, @@ -273,20 +276,20 @@ static const short lookup[] = -1, -1, -1, -1, 29, 30, 31, 32, 33, 34, 35, -1, 36, -1, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, - 53, -1, 54, -1, 55, -1, 56, -1, 57, -1, - 58, -1, 59, 60, 61, 62, 63, 64, 65, 66, - 67, 68, 69, 70, 71, 72, -1, 73, -1, 74, - -1, 75, -1, 76, 77, 78, 79, 80, -1, 81, - 82, 83, 84, 85, -1, 86, 87, -1, 88, -1, - -1, 89, 90, -1, 91, -1, -1, 92, -1, 93, - 94, 95, 96, -1, 97, -1, 98, 99, 100, 101, - 102, 103, -1, -1, -1, 104, -1, -1, 105, 106, - -1, 107, -1, -1, -1, 108, 109, -1, -1, 110, - 111, -1, -1, -1, 112, 113, -1, 114, 115, -1, + 53, 54, 55, 56, 57, -1, 58, -1, 59, -1, + 60, -1, 61, 62, 63, 64, 65, 66, 67, 68, + 69, 70, 71, 72, 73, 74, -1, 75, -1, 76, + -1, 77, -1, 78, 79, 80, 81, 82, -1, 83, + 84, 85, 86, 87, -1, 88, 89, -1, 90, -1, + -1, 91, 92, -1, 93, -1, -1, 94, -1, 95, + 96, 97, 98, -1, 99, -1, 100, 101, 102, 103, + 104, 105, -1, -1, -1, 106, -1, -1, 107, 108, + -1, 109, -1, -1, 110, 111, 112, -1, -1, 113, + 114, -1, -1, -1, 115, 116, -1, 117, 118, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 116, -1, -1, -1, 117, - -1, -1, -1, 118 + -1, -1, -1, -1, -1, 119, -1, -1, -1, 120, + -1, -1, -1, 121 }; #ifdef __GNUC__ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt index 4ef664d8f..1d04f2dc4 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt @@ -118,6 +118,7 @@ twofish192, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192 twofish256, ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256 sha, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0 sha1, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0 +sha1_160, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0 sha256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0 sha2_256, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0 sha256_96, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0 @@ -127,8 +128,10 @@ sha2_384, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0 sha512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0 sha2_512, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0 md5, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0 +md5_128, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0 aesxcbc, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0 camelliaxcbc, INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0 +aescmac, INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0 modpnull, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0 modp768, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0 modp1024, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0 diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h index e2c224d8b..c6870e475 100644 --- a/src/libstrongswan/crypto/signers/signer.h +++ b/src/libstrongswan/crypto/signers/signer.h @@ -66,9 +66,9 @@ enum integrity_algorithm_t { AUTH_HMAC_SHA1_128 = 1025, /** SHA256 96 bit truncation variant, supported by Linux kernels */ AUTH_HMAC_SHA2_256_96 = 1026, - /** SHA256 full length tuncation variant, as used in TLS */ + /** SHA256 full length truncation variant, as used in TLS */ AUTH_HMAC_SHA2_256_256 = 1027, - /** SHA384 full length tuncation variant, as used in TLS */ + /** SHA384 full length truncation variant, as used in TLS */ AUTH_HMAC_SHA2_384_384 = 1028, /** draft-kanno-ipsecme-camellia-xcbc, not yet assigned by IANA */ AUTH_CAMELLIA_XCBC_96 = 1029, diff --git a/src/libstrongswan/database/database.c b/src/libstrongswan/database/database.c new file mode 100644 index 000000000..60ef6cd7c --- /dev/null +++ b/src/libstrongswan/database/database.c @@ -0,0 +1,22 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "database.h" + +ENUM(db_driver_names, DB_ANY, DB_MYSQL, + "any", + "SQLite", + "MySQL", +); diff --git a/src/libstrongswan/database/database.h b/src/libstrongswan/database/database.h index 8df1c6f7f..dda29b5fb 100644 --- a/src/libstrongswan/database/database.h +++ b/src/libstrongswan/database/database.h @@ -49,6 +49,8 @@ enum db_type_t { * Database implementation type. */ enum db_driver_t { + /** matches to other databases */ + DB_ANY = 0, /** SQLite database */ DB_SQLITE, /** MySQL database */ @@ -56,6 +58,11 @@ enum db_driver_t { }; /** + * Names for db_driver_t + */ +extern enum_name_t *db_driver_names; + +/** * Interface for a database implementation. * * @code diff --git a/src/libstrongswan/database/database_factory.c b/src/libstrongswan/database/database_factory.c index 3936565a1..909522d64 100644 --- a/src/libstrongswan/database/database_factory.c +++ b/src/libstrongswan/database/database_factory.c @@ -41,10 +41,8 @@ struct private_database_factory_t { mutex_t *mutex; }; -/** - * Implementation of database_factory_t.create. - */ -static database_t* create(private_database_factory_t *this, char *uri) +METHOD(database_factory_t, create, database_t*, + private_database_factory_t *this, char *uri) { enumerator_t *enumerator; database_t *database = NULL; @@ -65,32 +63,24 @@ static database_t* create(private_database_factory_t *this, char *uri) return database; } -/** - * Implementation of database_factory_t.add_database. - */ -static void add_database(private_database_factory_t *this, - database_constructor_t create) +METHOD(database_factory_t, add_database, void, + private_database_factory_t *this, database_constructor_t create) { this->mutex->lock(this->mutex); this->databases->insert_last(this->databases, create); this->mutex->unlock(this->mutex); } -/** - * Implementation of database_factory_t.remove_database. - */ -static void remove_database(private_database_factory_t *this, - database_constructor_t create) +METHOD(database_factory_t, remove_database, void, + private_database_factory_t *this, database_constructor_t create) { this->mutex->lock(this->mutex); this->databases->remove(this->databases, create, NULL); this->mutex->unlock(this->mutex); } -/** - * Implementation of database_factory_t.destroy - */ -static void destroy(private_database_factory_t *this) +METHOD(database_factory_t, destroy, void, + private_database_factory_t *this) { this->databases->destroy(this->databases); this->mutex->destroy(this->mutex); @@ -102,15 +92,18 @@ static void destroy(private_database_factory_t *this) */ database_factory_t *database_factory_create() { - private_database_factory_t *this = malloc_thing(private_database_factory_t); - - this->public.create = (database_t*(*)(database_factory_t*, char *url))create; - this->public.add_database = (void(*)(database_factory_t*, database_constructor_t))add_database; - this->public.remove_database = (void(*)(database_factory_t*, database_constructor_t))remove_database; - this->public.destroy = (void(*)(database_factory_t*))destroy; - - this->databases = linked_list_create(); - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); + private_database_factory_t *this; + + INIT(this, + .public = { + .create = _create, + .add_database = _add_database, + .remove_database = _remove_database, + .destroy = _destroy, + }, + .databases = linked_list_create(), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + ); return &this->public; } diff --git a/src/libstrongswan/debug.c b/src/libstrongswan/debug.c index 6ded70248..d6c5b06b6 100644 --- a/src/libstrongswan/debug.c +++ b/src/libstrongswan/debug.c @@ -26,8 +26,12 @@ ENUM(debug_names, DBG_DMN, DBG_LIB, "CFG", "KNL", "NET", + "ASN", "ENC", "TNC", + "IMC", + "IMV", + "PTS", "TLS", "LIB", ); @@ -41,8 +45,12 @@ ENUM(debug_lower_names, DBG_DMN, DBG_LIB, "cfg", "knl", "net", + "asn", "enc", "tnc", + "imc", + "imv", + "pts", "tls", "lib", ); diff --git a/src/libstrongswan/debug.h b/src/libstrongswan/debug.h index d3399bff6..2a6ff98ad 100644 --- a/src/libstrongswan/debug.h +++ b/src/libstrongswan/debug.h @@ -48,10 +48,18 @@ enum debug_t { DBG_KNL, /** networking/sockets */ DBG_NET, + /** low-level encoding/decoding (ASN.1, X.509 etc.) */ + DBG_ASN, /** message encoding/decoding */ DBG_ENC, /** trusted network connect */ DBG_TNC, + /** integrity measurement client */ + DBG_IMC, + /** integrity measurement verifier */ + DBG_IMV, + /** platform trust service */ + DBG_PTS, /** libtls */ DBG_TLS, /** libstrongswan */ diff --git a/src/libstrongswan/eap/eap.c b/src/libstrongswan/eap/eap.c index 11b475d8f..efd3ee981 100644 --- a/src/libstrongswan/eap/eap.c +++ b/src/libstrongswan/eap/eap.c @@ -87,24 +87,6 @@ ENUM_NEXT(eap_type_short_names, EAP_DYNAMIC, EAP_EXPERIMENTAL, EAP_TNC, "XP"); ENUM_END(eap_type_short_names, EAP_EXPERIMENTAL); -ENUM(auth_rule_names, AUTH_RULE_IDENTITY, AUTH_HELPER_SUBJECT_HASH_URL, - "RULE_IDENTITY", - "RULE_AUTH_CLASS", - "RULE_EAP_IDENTITY", - "RULE_EAP_TYPE", - "RULE_EAP_VENDOR", - "RULE_CA_CERT", - "RULE_IM_CERT", - "RULE_SUBJECT_CERT", - "RULE_CRL_VALIDATION", - "RULE_OCSP_VALIDATION", - "RULE_GROUP", - "HELPER_IM_CERT", - "HELPER_SUBJECT_CERT", - "HELPER_IM_HASH_URL", - "HELPER_SUBJECT_HASH_URL", -); - /* * See header */ diff --git a/src/libstrongswan/fetcher/fetcher_manager.h b/src/libstrongswan/fetcher/fetcher_manager.h index 15250d531..449f284f7 100644 --- a/src/libstrongswan/fetcher/fetcher_manager.h +++ b/src/libstrongswan/fetcher/fetcher_manager.h @@ -26,7 +26,7 @@ typedef struct fetcher_manager_t fetcher_manager_t; #include <fetcher/fetcher.h> /** - * Fetches from URIs using registerd fetcher_t instances. + * Fetches from URIs using registered fetcher_t instances. */ struct fetcher_manager_t { diff --git a/src/libstrongswan/integrity_checker.h b/src/libstrongswan/integrity_checker.h index 55a4658f7..891ccccf7 100644 --- a/src/libstrongswan/integrity_checker.h +++ b/src/libstrongswan/integrity_checker.h @@ -22,7 +22,6 @@ #define INTEGRITY_CHECKER_H_ #include "utils.h" -#include "plugins/plugin.h" typedef struct integrity_checker_t integrity_checker_t; typedef struct integrity_checksum_t integrity_checksum_t; diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index b7e75aec5..cd6a41f44 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -22,12 +22,10 @@ #include <threading/thread.h> #include <utils/identification.h> #include <utils/host.h> +#include <utils/hashtable.h> #include <selectors/traffic_selector.h> -#ifdef LEAK_DETECTIVE -#include <utils/leak_detective.h> -#endif -#define CHECKSUM_LIBRARY IPSEC_DIR"/libchecksum.so" +#define CHECKSUM_LIBRARY IPSEC_LIB_DIR"/libchecksum.so" typedef struct private_library_t private_library_t; @@ -41,12 +39,10 @@ struct private_library_t { */ library_t public; -#ifdef LEAK_DETECTIVE /** - * Memory leak detective, if enabled + * Hashtable with registered objects (name => object) */ - leak_detective_t *detective; -#endif /* LEAK_DETECTIVE */ + hashtable_t *objects; }; /** @@ -55,7 +51,7 @@ struct private_library_t { library_t *lib; /** - * Implementation of library_t.destroy + * Deinitialize library */ void library_deinit() { @@ -65,6 +61,9 @@ void library_deinit() detailed = lib->settings->get_bool(lib->settings, "libstrongswan.leak_detective.detailed", TRUE); + /* make sure the cache is clear before unloading plugins */ + lib->credmgr->flush_cache(lib->credmgr, CERT_ANY); + this->public.scheduler->destroy(this->public.scheduler); this->public.processor->destroy(this->public.processor); this->public.plugins->destroy(this->public.plugins); @@ -76,18 +75,17 @@ void library_deinit() this->public.fetcher->destroy(this->public.fetcher); this->public.db->destroy(this->public.db); this->public.printf_hook->destroy(this->public.printf_hook); + this->objects->destroy(this->objects); if (this->public.integrity) { this->public.integrity->destroy(this->public.integrity); } -#ifdef LEAK_DETECTIVE - if (this->detective) + if (lib->leak_detective) { - this->detective->report(this->detective, detailed); - this->detective->destroy(this->detective); + lib->leak_detective->report(lib->leak_detective, detailed); + lib->leak_detective->destroy(lib->leak_detective); } -#endif /* LEAK_DETECTIVE */ threads_deinit(); @@ -95,21 +93,63 @@ void library_deinit() lib = NULL; } +METHOD(library_t, get, void*, + private_library_t *this, char *name) +{ + return this->objects->get(this->objects, name); +} + +METHOD(library_t, set, bool, + private_library_t *this, char *name, void *object) +{ + if (object) + { + if (this->objects->get(this->objects, name)) + { + return FALSE; + } + this->objects->put(this->objects, name, object); + return TRUE; + } + return this->objects->remove(this->objects, name) != NULL; +} + +/** + * Hashtable hash function + */ +static u_int hash(char *key) +{ + return chunk_hash(chunk_create(key, strlen(key))); +} + +/** + * Hashtable equals function + */ +static bool equals(char *a, char *b) +{ + return streq(a, b); +} + /* * see header file */ bool library_init(char *settings) { + private_library_t *this; printf_hook_t *pfh; - private_library_t *this = malloc_thing(private_library_t); + + INIT(this, + .public = { + .get = _get, + .set = _set, + }, + ); lib = &this->public; threads_init(); - lib->leak_detective = FALSE; - #ifdef LEAK_DETECTIVE - this->detective = leak_detective_create(); + lib->leak_detective = leak_detective_create(); #endif /* LEAK_DETECTIVE */ pfh = printf_hook_create(); @@ -136,6 +176,8 @@ bool library_init(char *settings) pfh->add_handler(pfh, 'R', traffic_selector_printf_hook, PRINTF_HOOK_ARGTYPE_POINTER, PRINTF_HOOK_ARGTYPE_END); + this->objects = hashtable_create((hashtable_hash_t)hash, + (hashtable_equals_t)equals, 4); this->public.settings = settings_create(settings); this->public.crypto = crypto_factory_create(); this->public.creds = credential_factory_create(); @@ -146,7 +188,6 @@ bool library_init(char *settings) this->public.processor = processor_create(); this->public.scheduler = scheduler_create(); this->public.plugins = plugin_loader_create(); - this->public.integrity = NULL; if (lib->settings->get_bool(lib->settings, "libstrongswan.integrity_test", FALSE)) diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h index 034ff10c5..7e76e1927 100644 --- a/src/libstrongswan/library.h +++ b/src/libstrongswan/library.h @@ -19,6 +19,9 @@ * @defgroup asn1 asn1 * @ingroup libstrongswan * + * @defgroup bio bio + * @ingroup libstrongswan + * * @defgroup credentials credentials * @ingroup libstrongswan * @@ -69,7 +72,6 @@ #include "chunk.h" #include "settings.h" #include "integrity_checker.h" -#include "plugins/plugin_loader.h" #include "processing/processor.h" #include "processing/scheduler.h" #include "crypto/crypto_factory.h" @@ -78,6 +80,8 @@ #include "credentials/credential_factory.h" #include "credentials/credential_manager.h" #include "credentials/cred_encoding.h" +#include "utils/leak_detective.h" +#include "plugins/plugin_loader.h" typedef struct library_t library_t; @@ -87,6 +91,23 @@ typedef struct library_t library_t; struct library_t { /** + * Get an arbitrary object registered by name. + * + * @param name name of the object to get + * @return object, NULL if none found + */ + void* (*get)(library_t *this, char *name); + + /** + * (Un-)Register an arbitrary object using the given name. + * + * @param name name to register object under + * @param object object to register, NULL to unregister + * @return TRUE if registered, FALSE if name already taken + */ + bool (*set)(library_t *this, char *name, void *object); + + /** * Printf hook registering facility */ printf_hook_t *printf_hook; @@ -147,15 +168,15 @@ struct library_t { integrity_checker_t *integrity; /** - * is leak detective running? + * Leak detective, if built and enabled */ - bool leak_detective; + leak_detective_t *leak_detective; }; /** * Initialize library, creates "lib" instance. * - * @param settings file to read settings from, may be NULL for none + * @param settings file to read settings from, may be NULL for default * @return FALSE if integrity check failed */ bool library_init(char *settings); @@ -166,7 +187,7 @@ bool library_init(char *settings); void library_deinit(); /** - * Library instance, set after between library_init() and library_deinit() calls. + * Library instance, set after library_init() and before library_deinit() calls. */ extern library_t *lib; diff --git a/src/libstrongswan/pen/pen.c b/src/libstrongswan/pen/pen.c new file mode 100644 index 000000000..3dd92218d --- /dev/null +++ b/src/libstrongswan/pen/pen.c @@ -0,0 +1,33 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pen.h" + +ENUM_BEGIN(pen_names, PEN_IETF, PEN_IETF, + "IETF"); +ENUM_NEXT(pen_names, PEN_MICROSOFT, PEN_MICROSOFT, PEN_IETF, + "Microsoft"); +ENUM_NEXT(pen_names, PEN_OSC, PEN_OSC, PEN_MICROSOFT, + "OSC"); +ENUM_NEXT(pen_names, PEN_TCG, PEN_TCG, PEN_OSC, + "TCG"); +ENUM_NEXT(pen_names, PEN_FHH, PEN_FHH, PEN_TCG, + "FHH"); +ENUM_NEXT(pen_names, PEN_ITA, PEN_ITA, PEN_FHH, + "ITA-HSR"); +ENUM_NEXT(pen_names, PEN_RESERVED, PEN_RESERVED, PEN_ITA, + "Reserved"); +ENUM_END(pen_names, PEN_RESERVED); + diff --git a/src/libstrongswan/pen/pen.h b/src/libstrongswan/pen/pen.h new file mode 100644 index 000000000..396cc7199 --- /dev/null +++ b/src/libstrongswan/pen/pen.h @@ -0,0 +1,46 @@ +/* + * Copyright (C) 2011 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pen pen + * @ingroup libstrongswan + * + * @defgroup pent pen + * @{ @ingroup pen + */ + +#ifndef PEN_H_ +#define PEN_H_ + +#include <library.h> + +typedef enum pen_t pen_t; + +enum pen_t { + PEN_IETF = 0x000000, /* 0 */ + PEN_MICROSOFT = 0x000137, /* 311 */ + PEN_OSC = 0x002358, /* 9048 */ + PEN_TCG = 0x005597, /* 21911 */ + PEN_FHH = 0x0080ab, /* 32939 */ + PEN_ITA = 0x00902a, /* 36906 */ + PEN_RESERVED = 0xffffff, /* 16777215 */ +}; + +/** + * enum names for pen_t. + */ +extern enum_name_t *pen_names; + +#endif /** PEN_H_ @}*/ diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index c93f84ca7..53eecbe8d 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -199,6 +202,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -215,11 +219,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c index d17355d1d..1e84a7c86 100644 --- a/src/libstrongswan/plugins/aes/aes_plugin.c +++ b/src/libstrongswan/plugins/aes/aes_plugin.c @@ -37,11 +37,22 @@ METHOD(plugin_t, get_name, char*, return "aes"; } +METHOD(plugin_t, get_features, int, + private_aes_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(CRYPTER, aes_crypter_create), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_aes_plugin_t *this) { - lib->crypto->remove_crypter(lib->crypto, - (crypter_constructor_t)aes_crypter_create); free(this); } @@ -56,15 +67,12 @@ plugin_t *aes_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this), - (crypter_constructor_t)aes_crypter_create); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in index 00b54b026..679e883e1 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.in +++ b/src/libstrongswan/plugins/af_alg/Makefile.in @@ -195,6 +195,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -203,6 +206,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -219,11 +223,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -267,6 +273,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/af_alg/af_alg_crypter.c b/src/libstrongswan/plugins/af_alg/af_alg_crypter.c index 7b3c062aa..9c547140d 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_crypter.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_crypter.c @@ -61,7 +61,7 @@ static struct { /* size of the keying material (key + nonce for ctr mode) */ size_t keymat_size; size_t iv_size; -} algs[] = { +} algs[AF_ALG_CRYPTER] = { {ENCR_DES, "cbc(des)", 8, 8, 8, 8, }, {ENCR_DES_ECB, "ecb(des)", 8, 8, 8, 0, }, {ENCR_3DES, "cbc(des3_ede)", 8, 24, 24, 8, }, @@ -92,25 +92,20 @@ static struct { /** * See header. */ -void af_alg_crypter_probe(char *plugin) +void af_alg_crypter_probe(plugin_feature_t *features, int *pos) { - encryption_algorithm_t prev = -1; af_alg_ops_t *ops; int i; for (i = 0; i < countof(algs); i++) { - if (prev != algs[i].id) + ops = af_alg_ops_create("skcipher", algs[i].name); + if (ops) { - ops = af_alg_ops_create("skcipher", algs[i].name); - if (ops) - { - ops->destroy(ops); - lib->crypto->add_crypter(lib->crypto, algs[i].id, plugin, - (crypter_constructor_t)af_alg_crypter_create); - } + ops->destroy(ops); + features[(*pos)++] = PLUGIN_PROVIDE(CRYPTER, + algs[i].id, algs[i].key_size); } - prev = algs[i].id; } } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_crypter.h b/src/libstrongswan/plugins/af_alg/af_alg_crypter.h index ed7799cc8..ad2d42a97 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_crypter.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_crypter.h @@ -23,8 +23,12 @@ typedef struct af_alg_crypter_t af_alg_crypter_t; +#include <plugins/plugin.h> #include <crypto/crypters/crypter.h> +/** Number of crypters */ +#define AF_ALG_CRYPTER 25 + /** * Implementation of signers using AF_ALG. */ @@ -47,10 +51,11 @@ af_alg_crypter_t *af_alg_crypter_create(encryption_algorithm_t algo, size_t key_size); /** - * Probe algorithms and register af_alg_crypter_create(). + * Probe algorithms and return plugin features. * - * @param plugin plugin name to register algorithms for + * @param features plugin features to create + * @param pos current position in features */ -void af_alg_crypter_probe(char *plugin); +void af_alg_crypter_probe(plugin_feature_t *features, int *pos); #endif /** AF_ALG_CRYPTER_H_ @}*/ diff --git a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c index 11074c4bd..ef2350497 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c @@ -46,7 +46,7 @@ static struct { hash_algorithm_t id; char *name; size_t size; -} algs[] = { +} algs[AF_ALG_HASHER] = { {HASH_SHA1, "sha1", HASH_SIZE_SHA1 }, {HASH_MD5, "md5", HASH_SIZE_MD5 }, {HASH_SHA224, "sha224", HASH_SIZE_SHA224 }, @@ -59,7 +59,7 @@ static struct { /** * See header. */ -void af_alg_hasher_probe(char *plugin) +void af_alg_hasher_probe(plugin_feature_t *features, int *pos) { af_alg_ops_t *ops; int i; @@ -70,8 +70,7 @@ void af_alg_hasher_probe(char *plugin) if (ops) { ops->destroy(ops); - lib->crypto->add_hasher(lib->crypto, algs[i].id, plugin, - (hasher_constructor_t)af_alg_hasher_create); + features[(*pos)++] = PLUGIN_PROVIDE(HASHER, algs[i].id); } } } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_hasher.h b/src/libstrongswan/plugins/af_alg/af_alg_hasher.h index f44ba2938..5b540875a 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_hasher.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_hasher.h @@ -23,8 +23,12 @@ typedef struct af_alg_hasher_t af_alg_hasher_t; +#include <plugins/plugin.h> #include <crypto/hashers/hasher.h> +/** Number of hashers */ +#define AF_ALG_HASHER 7 + /** * Implementation of hashers using AF_ALG. */ @@ -45,10 +49,11 @@ struct af_alg_hasher_t { af_alg_hasher_t *af_alg_hasher_create(hash_algorithm_t algo); /** - * Probe algorithms and register af_alg_hasher_create(). + * Probe algorithms and return plugin features. * - * @param plugin plugin name to register algorithms for + * @param features plugin features to create + * @param pos current position in deps */ -void af_alg_hasher_probe(char *plugin); +void af_alg_hasher_probe(plugin_feature_t *features, int *pos); #endif /** af_alg_HASHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/af_alg/af_alg_ops.c b/src/libstrongswan/plugins/af_alg/af_alg_ops.c index 82a227d97..a7b5de264 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_ops.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_ops.c @@ -122,7 +122,7 @@ METHOD(af_alg_ops_t, crypt, void, cmsg->cmsg_level = SOL_ALG; cmsg->cmsg_type = ALG_SET_OP; cmsg->cmsg_len = CMSG_LEN(sizeof(type)); - *(u_int32_t*)CMSG_DATA(cmsg) = type; + memcpy(CMSG_DATA(cmsg), &type, sizeof(type)); cmsg = CMSG_NXTHDR(&msg, cmsg); cmsg->cmsg_level = SOL_ALG; diff --git a/src/libstrongswan/plugins/af_alg/af_alg_plugin.c b/src/libstrongswan/plugins/af_alg/af_alg_plugin.c index 280ea4e98..445667507 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_plugin.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_plugin.c @@ -41,18 +41,31 @@ METHOD(plugin_t, get_name, char*, return "af-alg"; } +METHOD(plugin_t, get_features, int, + private_af_alg_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[AF_ALG_HASHER + AF_ALG_SIGNER + + AF_ALG_PRF + AF_ALG_CRYPTER + 4] = {}; + static int count = 0; + + if (!count) + { /* initialize only once */ + f[count++] = PLUGIN_REGISTER(HASHER, af_alg_hasher_create); + af_alg_hasher_probe(f, &count); + f[count++] = PLUGIN_REGISTER(SIGNER, af_alg_signer_create); + af_alg_signer_probe(f, &count); + f[count++] = PLUGIN_REGISTER(PRF, af_alg_prf_create); + af_alg_prf_probe(f, &count); + f[count++] = PLUGIN_REGISTER(CRYPTER, af_alg_crypter_create); + af_alg_crypter_probe(f, &count); + } + *features = f; + return count; +} + METHOD(plugin_t, destroy, void, private_af_alg_plugin_t *this) { - lib->crypto->remove_hasher(lib->crypto, - (hasher_constructor_t)af_alg_hasher_create); - lib->crypto->remove_signer(lib->crypto, - (signer_constructor_t)af_alg_signer_create); - lib->crypto->remove_prf(lib->crypto, - (prf_constructor_t)af_alg_prf_create); - lib->crypto->remove_crypter(lib->crypto, - (crypter_constructor_t)af_alg_crypter_create); - free(this); } @@ -67,16 +80,11 @@ plugin_t *af_alg_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - af_alg_hasher_probe(get_name(this)); - af_alg_signer_probe(get_name(this)); - af_alg_prf_probe(get_name(this)); - af_alg_crypter_probe(get_name(this)); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_prf.c b/src/libstrongswan/plugins/af_alg/af_alg_prf.c index 1c1174abb..a7912291f 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_prf.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_prf.c @@ -57,7 +57,7 @@ static struct { char *name; size_t block_size; bool xcbc; -} algs[] = { +} algs[AF_ALG_PRF] = { {PRF_HMAC_SHA1, "hmac(sha1)", 20, FALSE, }, {PRF_HMAC_SHA2_256, "hmac(sha256)", 32, FALSE, }, {PRF_HMAC_MD5, "hmac(md5)", 16, FALSE, }, @@ -70,7 +70,7 @@ static struct { /** * See header. */ -void af_alg_prf_probe(char *plugin) +void af_alg_prf_probe(plugin_feature_t *features, int *pos) { af_alg_ops_t *ops; int i; @@ -81,8 +81,7 @@ void af_alg_prf_probe(char *plugin) if (ops) { ops->destroy(ops); - lib->crypto->add_prf(lib->crypto, algs[i].id, plugin, - (prf_constructor_t)af_alg_prf_create); + features[(*pos)++] = PLUGIN_PROVIDE(PRF, algs[i].id); } } } @@ -90,7 +89,7 @@ void af_alg_prf_probe(char *plugin) /** * Get the kernel algorithm string and block size for our identifier */ -static size_t lookup_alg(integrity_algorithm_t algo, char **name, bool *xcbc) +static size_t lookup_alg(pseudo_random_function_t algo, char **name, bool *xcbc) { int i; diff --git a/src/libstrongswan/plugins/af_alg/af_alg_prf.h b/src/libstrongswan/plugins/af_alg/af_alg_prf.h index d3275e7be..2f6cf0cf1 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_prf.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_prf.h @@ -23,8 +23,12 @@ typedef struct af_alg_prf_t af_alg_prf_t; +#include <plugins/plugin.h> #include <crypto/prfs/prf.h> +/** Number of PRFs */ +#define AF_ALG_PRF 7 + /** * Implementation of PRFs using AF_ALG. */ @@ -45,10 +49,11 @@ struct af_alg_prf_t { af_alg_prf_t *af_alg_prf_create(pseudo_random_function_t algo); /** - * Probe algorithms and register af_alg_prf_create(). + * Probe algorithms and return plugin features. * - * @param plugin plugin name to register algorithms for + * @param features plugin features to create + * @param pos current position in features */ -void af_alg_prf_probe(char *plugin); +void af_alg_prf_probe(plugin_feature_t *features, int *pos); #endif /** AF_ALG_PRF_H_ @}*/ diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.c b/src/libstrongswan/plugins/af_alg/af_alg_signer.c index 34534a06b..6cd79f8f2 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_signer.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.c @@ -52,7 +52,7 @@ static struct { char *name; size_t block_size; size_t key_size; -} algs[] = { +} algs[AF_ALG_SIGNER] = { {AUTH_HMAC_SHA1_96, "hmac(sha1)", 12, 20, }, {AUTH_HMAC_SHA1_128, "hmac(sha1)", 16, 20, }, {AUTH_HMAC_SHA1_160, "hmac(sha1)", 20, 20, }, @@ -71,7 +71,7 @@ static struct { /** * See header. */ -void af_alg_signer_probe(char *plugin) +void af_alg_signer_probe(plugin_feature_t *features, int *pos) { af_alg_ops_t *ops; int i; @@ -82,8 +82,7 @@ void af_alg_signer_probe(char *plugin) if (ops) { ops->destroy(ops); - lib->crypto->add_signer(lib->crypto, algs[i].id, plugin, - (signer_constructor_t)af_alg_signer_create); + features[(*pos)++] = PLUGIN_PROVIDE(SIGNER, algs[i].id); } } } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.h b/src/libstrongswan/plugins/af_alg/af_alg_signer.h index 21487a118..deced7110 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_signer.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.h @@ -23,8 +23,12 @@ typedef struct af_alg_signer_t af_alg_signer_t; +#include <plugins/plugin.h> #include <crypto/signers/signer.h> +/** Number of signers */ +#define AF_ALG_SIGNER 13 + /** * Implementation of signers using AF_ALG. */ @@ -45,10 +49,11 @@ struct af_alg_signer_t { af_alg_signer_t *af_alg_signer_create(integrity_algorithm_t algo); /** - * Probe algorithms and register af_alg_signer_create(). + * Probe algorithms and return plugin features. * - * @param plugin plugin name to register algorithms for + * @param features plugin features to create + * @param pos current position in features */ -void af_alg_signer_probe(char *plugin); +void af_alg_signer_probe(plugin_feature_t *features, int *pos); #endif /** AF_ALG_SIGNER_H_ @}*/ diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index ce333660d..452233b85 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -193,6 +193,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -201,6 +204,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -217,11 +221,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,6 +271,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c index 79c13b7c1..980a140b9 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.c +++ b/src/libstrongswan/plugins/agent/agent_plugin.c @@ -37,11 +37,20 @@ METHOD(plugin_t, get_name, char*, return "agent"; } +METHOD(plugin_t, get_features, int, + private_agent_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(PRIVKEY, agent_private_key_open, FALSE), + PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_agent_plugin_t *this) { - lib->creds->remove_builder(lib->creds, - (builder_function_t)agent_private_key_open); free(this); } @@ -56,14 +65,12 @@ plugin_t *agent_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, - (builder_function_t)agent_private_key_open); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index 0864f4118..60b57ad2d 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -161,7 +161,7 @@ static int open_connection(char *path) */ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) { - int len, count; + int len; char buf[2048]; chunk_t blob, key, type, n; @@ -184,7 +184,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) DBG1(DBG_LIB, "received invalid ssh-agent identity response"); return FALSE; } - count = read_uint32(&blob); + read_uint32(&blob); while (blob.len) { @@ -398,7 +398,7 @@ agent_private_key_t *agent_private_key_open(key_type_t type, va_list args) } if (!path) { - return FALSE; + return NULL; } INIT(this, diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index be8ba72ee..52f5fa98a 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -195,6 +195,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -203,6 +206,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -219,11 +223,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -267,6 +273,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index b2bc4a51f..2ffe6194b 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -199,6 +202,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -215,11 +219,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.c b/src/libstrongswan/plugins/ccm/ccm_aead.c index 7fee2b3c4..0d2a56a49 100644 --- a/src/libstrongswan/plugins/ccm/ccm_aead.c +++ b/src/libstrongswan/plugins/ccm/ccm_aead.c @@ -67,7 +67,7 @@ typedef struct __attribute__((packed)) { u_char salt[SALT_SIZE]; u_char iv[IV_SIZE]; } nonce; - /* lenght of plain text, q */ + /* length of plain text, q */ u_char q[Q_SIZE]; } b0_t; diff --git a/src/libstrongswan/plugins/ccm/ccm_plugin.c b/src/libstrongswan/plugins/ccm/ccm_plugin.c index 2865c2ae4..549f0a736 100644 --- a/src/libstrongswan/plugins/ccm/ccm_plugin.c +++ b/src/libstrongswan/plugins/ccm/ccm_plugin.c @@ -5,11 +5,11 @@ * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ @@ -38,12 +38,55 @@ METHOD(plugin_t, get_name, char*, return "ccm"; } +METHOD(plugin_t, get_features, int, + private_ccm_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(AEAD, ccm_aead_create), + PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 16), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 24), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24), + PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV8, 32), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32), + PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 16), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 24), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24), + PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV12, 32), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32), + PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 16), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 24), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24), + PLUGIN_PROVIDE(AEAD, ENCR_AES_CCM_ICV16, 32), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32), + PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV8, 16), + PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 16), + PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV8, 24), + PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 24), + PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV8, 32), + PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 32), + PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV12, 16), + PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 16), + PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV12, 24), + PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 24), + PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV12, 32), + PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 32), + PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV16, 16), + PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 16), + PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV16, 24), + PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 24), + PLUGIN_PROVIDE(AEAD, ENCR_CAMELLIA_CCM_ICV16, 32), + PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 32), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_ccm_plugin_t *this) { - lib->crypto->remove_aead(lib->crypto, - (aead_constructor_t)ccm_aead_create); - free(this); } @@ -53,40 +96,16 @@ METHOD(plugin_t, destroy, void, plugin_t *ccm_plugin_create() { private_ccm_plugin_t *this; - crypter_t *crypter; INIT(this, .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 0); - if (crypter) - { - crypter->destroy(crypter); - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV8, get_name(this), - (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV12, get_name(this), - (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV16, get_name(this), - (aead_constructor_t)ccm_aead_create); - } - crypter = lib->crypto->create_crypter(lib->crypto, ENCR_CAMELLIA_CBC, 0); - if (crypter) - { - crypter->destroy(crypter); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV8, get_name(this), - (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV12, get_name(this), - (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16, get_name(this), - (aead_constructor_t)ccm_aead_create); - } - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/cmac/Makefile.am b/src/libstrongswan/plugins/cmac/Makefile.am new file mode 100644 index 000000000..ce0104f11 --- /dev/null +++ b/src/libstrongswan/plugins/cmac/Makefile.am @@ -0,0 +1,16 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-cmac.la +else +plugin_LTLIBRARIES = libstrongswan-cmac.la +endif + +libstrongswan_cmac_la_SOURCES = \ + cmac_plugin.h cmac_plugin.c cmac.h cmac.c \ + cmac_prf.h cmac_prf.c cmac_signer.h cmac_signer.c + +libstrongswan_cmac_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in new file mode 100644 index 000000000..093e63f32 --- /dev/null +++ b/src/libstrongswan/plugins/cmac/Makefile.in @@ -0,0 +1,613 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/cmac +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_cmac_la_LIBADD = +am_libstrongswan_cmac_la_OBJECTS = cmac_plugin.lo cmac.lo cmac_prf.lo \ + cmac_signer.lo +libstrongswan_cmac_la_OBJECTS = $(am_libstrongswan_cmac_la_OBJECTS) +libstrongswan_cmac_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_cmac_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_cmac_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_cmac_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_cmac_la_SOURCES) +DIST_SOURCES = $(libstrongswan_cmac_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-cmac.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-cmac.la +libstrongswan_cmac_la_SOURCES = \ + cmac_plugin.h cmac_plugin.c cmac.h cmac.c \ + cmac_prf.h cmac_prf.c cmac_signer.h cmac_signer.c + +libstrongswan_cmac_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/cmac/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/cmac/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-cmac.la: $(libstrongswan_cmac_la_OBJECTS) $(libstrongswan_cmac_la_DEPENDENCIES) + $(libstrongswan_cmac_la_LINK) $(am_libstrongswan_cmac_la_rpath) $(libstrongswan_cmac_la_OBJECTS) $(libstrongswan_cmac_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmac.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmac_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmac_prf.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmac_signer.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/cmac/cmac.c b/src/libstrongswan/plugins/cmac/cmac.c new file mode 100644 index 000000000..5ec7073c7 --- /dev/null +++ b/src/libstrongswan/plugins/cmac/cmac.c @@ -0,0 +1,321 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <string.h> + +#include "cmac.h" + +#include <debug.h> + +typedef struct private_cmac_t private_cmac_t; + +/** + * Private data of a cmac_t object. + * + * The variable names are the same as in the RFC. + */ +struct private_cmac_t { + + /** + * Public interface. + */ + cmac_t public; + + /** + * Block size, in bytes + */ + u_int8_t b; + + /** + * Crypter with key K + */ + crypter_t *k; + + /** + * K1 + */ + u_int8_t *k1; + + /** + * K2 + */ + u_int8_t *k2; + + /** + * T + */ + u_int8_t *t; + + /** + * remaining, unprocessed bytes in append mode + */ + u_int8_t *remaining; + + /** + * number of bytes in remaining + */ + int remaining_bytes; +}; + +/** + * process supplied data, but do not run final operation + */ +static void update(private_cmac_t *this, chunk_t data) +{ + chunk_t iv; + + if (this->remaining_bytes + data.len <= this->b) + { /* no complete block (or last block), just copy into remaining */ + memcpy(this->remaining + this->remaining_bytes, data.ptr, data.len); + this->remaining_bytes += data.len; + return; + } + + iv = chunk_alloca(this->b); + memset(iv.ptr, 0, iv.len); + + /* T := 0x00000000000000000000000000000000 (initially) + * for each block M_i (except the last) + * X := T XOR M_i; + * T := AES-128(K, X); + */ + + /* append data to remaining bytes, process block M_1 */ + memcpy(this->remaining + this->remaining_bytes, data.ptr, + this->b - this->remaining_bytes); + data = chunk_skip(data, this->b - this->remaining_bytes); + memxor(this->t, this->remaining, this->b); + this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL); + + /* process blocks M_2 ... M_n-1 */ + while (data.len > this->b) + { + memcpy(this->remaining, data.ptr, this->b); + data = chunk_skip(data, this->b); + memxor(this->t, this->remaining, this->b); + this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL); + } + + /* store remaining bytes of block M_n */ + memcpy(this->remaining, data.ptr, data.len); + this->remaining_bytes = data.len; +} + +/** + * process last block M_last + */ +static void final(private_cmac_t *this, u_int8_t *out) +{ + chunk_t iv; + + iv = chunk_alloca(this->b); + memset(iv.ptr, 0, iv.len); + + /* if last block is complete + * M_last := M_n XOR K1; + * else + * M_last := padding(M_n) XOR K2; + */ + if (this->remaining_bytes == this->b) + { + memxor(this->remaining, this->k1, this->b); + } + else + { + /* padding(x) = x || 10^i where i is 128-8*r-1 + * That is, padding(x) is the concatenation of x and a single '1', + * followed by the minimum number of '0's, so that the total length is + * equal to 128 bits. + */ + if (this->remaining_bytes < this->b) + { + this->remaining[this->remaining_bytes] = 0x80; + while (++this->remaining_bytes < this->b) + { + this->remaining[this->remaining_bytes] = 0x00; + } + } + memxor(this->remaining, this->k2, this->b); + } + /* T := M_last XOR T; + * T := AES-128(K,T); + */ + memxor(this->t, this->remaining, this->b); + this->k->encrypt(this->k, chunk_create(this->t, this->b), iv, NULL); + + memcpy(out, this->t, this->b); + + /* reset state */ + memset(this->t, 0, this->b); + this->remaining_bytes = 0; +} + +METHOD(cmac_t, get_mac, void, + private_cmac_t *this, chunk_t data, u_int8_t *out) +{ + /* update T, do not process last block */ + update(this, data); + + if (out) + { /* if not in append mode, process last block and output result */ + final(this, out); + } +} + +METHOD(cmac_t, get_block_size, size_t, + private_cmac_t *this) +{ + return this->b; +} + +/** + * Left-shift the given chunk by one bit. + */ +static void bit_shift(chunk_t chunk) +{ + size_t i; + + for (i = 0; i < chunk.len; i++) + { + chunk.ptr[i] <<= 1; + if (i < chunk.len - 1 && chunk.ptr[i + 1] & 0x80) + { + chunk.ptr[i] |= 0x01; + } + } +} + +/** + * Apply the following key derivation (in-place): + * if MSB(C) == 0 + * C := C << 1 + * else + * C := (C << 1) XOR 0x00000000000000000000000000000087 + */ +static void derive_key(chunk_t chunk) +{ + if (chunk.ptr[0] & 0x80) + { + chunk_t rb; + + rb = chunk_alloca(chunk.len); + memset(rb.ptr, 0, rb.len); + rb.ptr[rb.len - 1] = 0x87; + bit_shift(chunk); + memxor(chunk.ptr, rb.ptr, chunk.len); + } + else + { + bit_shift(chunk); + } +} + +METHOD(cmac_t, set_key, void, + private_cmac_t *this, chunk_t key) +{ + chunk_t resized, iv, l; + + /* we support variable keys as defined in RFC 4615 */ + if (key.len == this->b) + { + resized = key; + } + else + { /* use cmac recursively to resize longer or shorter keys */ + resized = chunk_alloca(this->b); + memset(resized.ptr, 0, resized.len); + set_key(this, resized); + get_mac(this, key, resized.ptr); + } + + /* + * Rb = 0x00000000000000000000000000000087 + * L = 0x00000000000000000000000000000000 encrypted with K + * if MSB(L) == 0 + * K1 = L << 1 + * else + * K1 = (L << 1) XOR Rb + * if MSB(K1) == 0 + * K2 = K1 << 1 + * else + * K2 = (K1 << 1) XOR Rb + */ + iv = chunk_alloca(this->b); + memset(iv.ptr, 0, iv.len); + l = chunk_alloca(this->b); + memset(l.ptr, 0, l.len); + this->k->set_key(this->k, resized); + this->k->encrypt(this->k, l, iv, NULL); + derive_key(l); + memcpy(this->k1, l.ptr, l.len); + derive_key(l); + memcpy(this->k2, l.ptr, l.len); + memwipe(l.ptr, l.len); +} + +METHOD(cmac_t, destroy, void, + private_cmac_t *this) +{ + this->k->destroy(this->k); + memwipe(this->k1, this->b); + free(this->k1); + memwipe(this->k2, this->b); + free(this->k2); + free(this->t); + free(this->remaining); + free(this); +} + +/* + * Described in header + */ +cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size) +{ + private_cmac_t *this; + crypter_t *crypter; + u_int8_t b; + + crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size); + if (!crypter) + { + return NULL; + } + b = crypter->get_block_size(crypter); + /* input and output of crypter must be equal for cmac */ + if (b != key_size) + { + crypter->destroy(crypter); + return NULL; + } + + INIT(this, + .public = { + .get_mac = _get_mac, + .get_block_size = _get_block_size, + .set_key = _set_key, + .destroy = _destroy, + }, + .b = b, + .k = crypter, + .k1 = malloc(b), + .k2 = malloc(b), + .t = malloc(b), + .remaining = malloc(b), + ); + memset(this->t, 0, b); + + return &this->public; +} + diff --git a/src/libstrongswan/plugins/cmac/cmac.h b/src/libstrongswan/plugins/cmac/cmac.h new file mode 100644 index 000000000..061609127 --- /dev/null +++ b/src/libstrongswan/plugins/cmac/cmac.h @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup cmac cmac + * @{ @ingroup cmac_p + */ + +#ifndef CMAC_H_ +#define CMAC_H_ + +#include <crypto/crypters/crypter.h> + +typedef struct cmac_t cmac_t; + +/** + * Cipher-based Message Authentication Code (CMAC). + * + * This class implements the message authentication algorithm + * described in RFC 4493. + */ +struct cmac_t { + + /** + * Generate message authentication code. + * + * If buffer is NULL, no result is given back. A next call will + * append the data to already supplied data. If buffer is not NULL, + * the mac of all apended data is calculated, returned and the internal + * state is reset. + * + * @param data chunk of data to authenticate + * @param buffer pointer where the generated bytes will be written + */ + void (*get_mac) (cmac_t *this, chunk_t data, u_int8_t *buffer); + + /** + * Get the block size of this cmac_t object. + * + * @return block size in bytes + */ + size_t (*get_block_size) (cmac_t *this); + + /** + * Set the key for this cmac_t object. + * + * @param key key to set + */ + void (*set_key) (cmac_t *this, chunk_t key); + + /** + * Destroys a cmac_t object. + */ + void (*destroy) (cmac_t *this); +}; + +/** + * Creates a new cmac_t object. + * + * @param algo underlying crypto algorithm + * @param key_size key size to use, if required for algorithm + * @return cmac_t object, NULL if not supported + */ +cmac_t *cmac_create(encryption_algorithm_t algo, size_t key_size); + +#endif /** CMAC_H_ @}*/ diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.c b/src/libstrongswan/plugins/cmac/cmac_plugin.c new file mode 100644 index 000000000..5b42c5002 --- /dev/null +++ b/src/libstrongswan/plugins/cmac/cmac_plugin.c @@ -0,0 +1,81 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "cmac_plugin.h" + +#include <library.h> +#include "cmac_prf.h" +#include "cmac_signer.h" + +typedef struct private_cmac_plugin_t private_cmac_plugin_t; + +/** + * private data of cmac_plugin + */ +struct private_cmac_plugin_t { + + /** + * public functions + */ + cmac_plugin_t public; +}; + +METHOD(plugin_t, get_name, char*, + private_cmac_plugin_t *this) +{ + return "cmac"; +} + +METHOD(plugin_t, get_features, int, + private_cmac_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(PRF, cmac_prf_create), + PLUGIN_PROVIDE(PRF, PRF_AES128_CMAC), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_REGISTER(SIGNER, cmac_signer_create), + PLUGIN_PROVIDE(SIGNER, AUTH_AES_CMAC_96), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), + }; + *features = f; + return countof(f); +} + +METHOD(plugin_t, destroy, void, + private_cmac_plugin_t *this) +{ + free(this); +} + +/* + * see header file + */ +plugin_t *cmac_plugin_create() +{ + private_cmac_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + ); + + return &this->public.plugin; +} + diff --git a/src/libstrongswan/plugins/cmac/cmac_plugin.h b/src/libstrongswan/plugins/cmac/cmac_plugin.h new file mode 100644 index 000000000..a31e1077d --- /dev/null +++ b/src/libstrongswan/plugins/cmac/cmac_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup cmac_p cmac + * @ingroup plugins + * + * @defgroup cmac_plugin cmac_plugin + * @{ @ingroup cmac_p + */ + +#ifndef CMAC_PLUGIN_H_ +#define CMAC_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct cmac_plugin_t cmac_plugin_t; + +/** + * Plugin implementing CMAC algorithm to provide crypter based PRF and signer. + */ +struct cmac_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** CMAC_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/cmac/cmac_prf.c b/src/libstrongswan/plugins/cmac/cmac_prf.c new file mode 100644 index 000000000..17affe439 --- /dev/null +++ b/src/libstrongswan/plugins/cmac/cmac_prf.c @@ -0,0 +1,121 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "cmac_prf.h" + +#include "cmac.h" + +typedef struct private_cmac_prf_t private_cmac_prf_t; + +/** + * Private data of a cmac_prf_t object. + */ +struct private_cmac_prf_t { + + /** + * Public cmac_prf_t interface. + */ + cmac_prf_t public; + + /** + * cmac to use for generation. + */ + cmac_t *cmac; +}; + +METHOD(prf_t, get_bytes, void, + private_cmac_prf_t *this, chunk_t seed, u_int8_t *buffer) +{ + this->cmac->get_mac(this->cmac, seed, buffer); +} + +METHOD(prf_t, allocate_bytes, void, + private_cmac_prf_t *this, chunk_t seed, chunk_t *chunk) +{ + if (chunk) + { + *chunk = chunk_alloc(this->cmac->get_block_size(this->cmac)); + get_bytes(this, seed, chunk->ptr); + } + else + { + get_bytes(this, seed, NULL); + } +} + +METHOD(prf_t, get_block_size, size_t, + private_cmac_prf_t *this) +{ + return this->cmac->get_block_size(this->cmac); +} + +METHOD(prf_t, get_key_size, size_t, + private_cmac_prf_t *this) +{ + /* in cmac, block and key size are always equal */ + return this->cmac->get_block_size(this->cmac); +} + +METHOD(prf_t, set_key, void, + private_cmac_prf_t *this, chunk_t key) +{ + this->cmac->set_key(this->cmac, key); +} + +METHOD(prf_t, destroy, void, + private_cmac_prf_t *this) +{ + this->cmac->destroy(this->cmac); + free(this); +} + +/* + * Described in header. + */ +cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo) +{ + private_cmac_prf_t *this; + cmac_t *cmac; + + switch (algo) + { + case PRF_AES128_CMAC: + cmac = cmac_create(ENCR_AES_CBC, 16); + break; + default: + return NULL; + } + if (!cmac) + { + return NULL; + } + + INIT(this, + .public = { + .prf = { + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .get_block_size = _get_block_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .cmac = cmac, + ); + + return &this->public; +} + diff --git a/src/libstrongswan/plugins/cmac/cmac_prf.h b/src/libstrongswan/plugins/cmac/cmac_prf.h new file mode 100644 index 000000000..a53cc5947 --- /dev/null +++ b/src/libstrongswan/plugins/cmac/cmac_prf.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup cmac_prf cmac_prf + * @{ @ingroup cmac_p + */ + +#ifndef PRF_CMAC_H_ +#define PRF_CMAC_H_ + +typedef struct cmac_prf_t cmac_prf_t; + +#include <crypto/prfs/prf.h> + +/** + * Implementation of prf_t on CBC block cipher using CMAC, RFC 4493 / RFC 4615. + * + * This simply wraps a cmac_t in a prf_t. More a question of + * interface matching. + */ +struct cmac_prf_t { + + /** + * Implements prf_t interface. + */ + prf_t prf; +}; + +/** + * Creates a new cmac_prf_t object. + * + * @param algo algorithm to implement + * @return cmac_prf_t object, NULL if hash not supported + */ +cmac_prf_t *cmac_prf_create(pseudo_random_function_t algo); + +#endif /** PRF_CMAC_H_ @}*/ diff --git a/src/libstrongswan/plugins/cmac/cmac_signer.c b/src/libstrongswan/plugins/cmac/cmac_signer.c new file mode 100644 index 000000000..82e8885d6 --- /dev/null +++ b/src/libstrongswan/plugins/cmac/cmac_signer.c @@ -0,0 +1,159 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <string.h> + +#include "cmac_signer.h" +#include "cmac.h" + +typedef struct private_cmac_signer_t private_cmac_signer_t; + +/** + * Private data structure with signing context. + */ +struct private_cmac_signer_t { + + /** + * Public interface. + */ + cmac_signer_t public; + + /** + * Assigned cmac function. + */ + cmac_t *cmac; + + /** + * Block size (truncation of CMAC MAC) + */ + size_t block_size; +}; + +METHOD(signer_t, get_signature, void, + private_cmac_signer_t *this, chunk_t data, u_int8_t *buffer) +{ + if (buffer == NULL) + { /* append mode */ + this->cmac->get_mac(this->cmac, data, NULL); + } + else + { + u_int8_t mac[this->cmac->get_block_size(this->cmac)]; + + this->cmac->get_mac(this->cmac, data, mac); + memcpy(buffer, mac, this->block_size); + } +} + +METHOD(signer_t, allocate_signature, void, + private_cmac_signer_t *this, chunk_t data, chunk_t *chunk) +{ + if (chunk == NULL) + { /* append mode */ + this->cmac->get_mac(this->cmac, data, NULL); + } + else + { + u_int8_t mac[this->cmac->get_block_size(this->cmac)]; + + this->cmac->get_mac(this->cmac, data, mac); + + chunk->ptr = malloc(this->block_size); + chunk->len = this->block_size; + + memcpy(chunk->ptr, mac, this->block_size); + } +} + +METHOD(signer_t, verify_signature, bool, + private_cmac_signer_t *this, chunk_t data, chunk_t signature) +{ + u_int8_t mac[this->cmac->get_block_size(this->cmac)]; + + if (signature.len != this->block_size) + { + return FALSE; + } + + this->cmac->get_mac(this->cmac, data, mac); + return memeq(signature.ptr, mac, this->block_size); +} + +METHOD(signer_t, get_key_size, size_t, + private_cmac_signer_t *this) +{ + return this->cmac->get_block_size(this->cmac); +} + +METHOD(signer_t, get_block_size, size_t, + private_cmac_signer_t *this) +{ + return this->block_size; +} + +METHOD(signer_t, set_key, void, + private_cmac_signer_t *this, chunk_t key) +{ + this->cmac->set_key(this->cmac, key); +} + +METHOD(signer_t, destroy, void, + private_cmac_signer_t *this) +{ + this->cmac->destroy(this->cmac); + free(this); +} + +/* + * Described in header + */ +cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo) +{ + private_cmac_signer_t *this; + size_t truncation; + cmac_t *cmac; + + switch (algo) + { + case AUTH_AES_CMAC_96: + cmac = cmac_create(ENCR_AES_CBC, 16); + truncation = 12; + break; + default: + return NULL; + } + if (cmac == NULL) + { + return NULL; + } + + INIT(this, + .public = { + .signer = { + .get_signature = _get_signature, + .allocate_signature = _allocate_signature, + .verify_signature = _verify_signature, + .get_key_size = _get_key_size, + .get_block_size = _get_block_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .cmac = cmac, + .block_size = min(truncation, cmac->get_block_size(cmac)), + ); + + return &this->public; +} diff --git a/src/libstrongswan/plugins/cmac/cmac_signer.h b/src/libstrongswan/plugins/cmac/cmac_signer.h new file mode 100644 index 000000000..2e3724471 --- /dev/null +++ b/src/libstrongswan/plugins/cmac/cmac_signer.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup cmac_signer cmac_signer + * @{ @ingroup cmac_p + */ + +#ifndef CMAC_SIGNER_H_ +#define CMAC_SIGNER_H_ + +typedef struct cmac_signer_t cmac_signer_t; + +#include <crypto/signers/signer.h> + +/** + * Implementation of signer_t on CBC symmetric cipher using CMAC, RFC 4494. + */ +struct cmac_signer_t { + + /** + * Implements signer_t interface. + */ + signer_t signer; +}; + +/** + * Creates a new cmac_signer_t. + * + * @param algo algorithm to implement + * @return cmac_signer_t, NULL if not supported + */ +cmac_signer_t *cmac_signer_create(integrity_algorithm_t algo); + +#endif /** CMAC_SIGNER_H_ @}*/ diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in index 8be502a9c..06b66db60 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.in +++ b/src/libstrongswan/plugins/constraints/Makefile.in @@ -195,6 +195,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -203,6 +206,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -219,11 +223,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -267,6 +273,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index 0db640829..853625a19 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -199,6 +202,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -215,11 +219,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/ctr/ctr_plugin.c b/src/libstrongswan/plugins/ctr/ctr_plugin.c index 6850cacf0..c01308a52 100644 --- a/src/libstrongswan/plugins/ctr/ctr_plugin.c +++ b/src/libstrongswan/plugins/ctr/ctr_plugin.c @@ -38,12 +38,31 @@ METHOD(plugin_t, get_name, char*, return "ctr"; } +METHOD(plugin_t, get_features, int, + private_ctr_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(CRYPTER, ctr_ipsec_crypter_create), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 24), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 32), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32), + PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 16), + PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 16), + PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 24), + PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 32), + PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 32), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_ctr_plugin_t *this) { - lib->crypto->remove_crypter(lib->crypto, - (crypter_constructor_t)ctr_ipsec_crypter_create); - free(this); } @@ -53,31 +72,16 @@ METHOD(plugin_t, destroy, void, plugin_t *ctr_plugin_create() { private_ctr_plugin_t *this; - crypter_t *crypter; INIT(this, .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16); - if (crypter) - { - crypter->destroy(crypter); - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, get_name(this), - (crypter_constructor_t)ctr_ipsec_crypter_create); - } - crypter = lib->crypto->create_crypter(lib->crypto, ENCR_CAMELLIA_CBC, 16); - if (crypter) - { - crypter->destroy(crypter); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, get_name(this), - (crypter_constructor_t)ctr_ipsec_crypter_create); - } return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index cdfb2b801..5b83c60f8 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -199,6 +202,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -215,11 +219,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c index d0e532055..8628c4bb5 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.c +++ b/src/libstrongswan/plugins/curl/curl_plugin.c @@ -40,11 +40,23 @@ METHOD(plugin_t, get_name, char*, return "curl"; } +METHOD(plugin_t, get_features, int, + private_curl_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(FETCHER, curl_fetcher_create), + PLUGIN_PROVIDE(FETCHER, "file://"), + PLUGIN_PROVIDE(FETCHER, "http://"), + PLUGIN_PROVIDE(FETCHER, "https://"), + PLUGIN_PROVIDE(FETCHER, "ftp://"), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_curl_plugin_t *this) { - lib->fetcher->remove_fetcher(lib->fetcher, - (fetcher_constructor_t)curl_fetcher_create); curl_global_cleanup(); free(this); } @@ -61,28 +73,19 @@ plugin_t *curl_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); res = curl_global_init(CURL_GLOBAL_NOTHING); - if (res == CURLE_OK) - { - lib->fetcher->add_fetcher(lib->fetcher, - (fetcher_constructor_t)curl_fetcher_create, "file://"); - lib->fetcher->add_fetcher(lib->fetcher, - (fetcher_constructor_t)curl_fetcher_create, "http://"); - lib->fetcher->add_fetcher(lib->fetcher, - (fetcher_constructor_t)curl_fetcher_create, "https://"); - lib->fetcher->add_fetcher(lib->fetcher, - (fetcher_constructor_t)curl_fetcher_create, "ftp://"); - } - else + if (res != CURLE_OK) { - DBG1(DBG_LIB, "global libcurl initializing failed: %s, curl disabled", + DBG1(DBG_LIB, "global libcurl initializing failed: %s", curl_easy_strerror(res)); + destroy(this); + return NULL; } return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index d24ac40f8..f4056951a 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -199,6 +202,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -215,11 +219,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c index 695e7e4c4..bc399ef8a 100644 --- a/src/libstrongswan/plugins/des/des_crypter.c +++ b/src/libstrongswan/plugins/des/des_crypter.c @@ -80,7 +80,7 @@ struct private_des_crypter_t { des_crypter_t public; /** - * Key size, depends on algoritm... + * Key size, depends on algorithm... */ size_t key_size; @@ -127,7 +127,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! #endif /* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ + * Very much CPU dependent */ #ifndef DES_UNROLL #define DES_UNROLL #endif @@ -316,7 +316,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! * bytes, probably an issue of accessing non-word aligned objects :-( */ #ifdef DES_PTR -/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there +/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there * is no reason to not xor all the sub items together. This potentially * saves a register since things can be xored directly into L */ diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c index 78b73347d..be2587679 100644 --- a/src/libstrongswan/plugins/des/des_plugin.c +++ b/src/libstrongswan/plugins/des/des_plugin.c @@ -37,11 +37,22 @@ METHOD(plugin_t, get_name, char*, return "des"; } +METHOD(plugin_t, get_features, int, + private_des_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(CRYPTER, des_crypter_create), + PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8), + PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_des_plugin_t *this) { - lib->crypto->remove_crypter(lib->crypto, - (crypter_constructor_t)des_crypter_create); free(this); } @@ -56,19 +67,12 @@ plugin_t *des_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, get_name(this), - (crypter_constructor_t)des_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, get_name(this), - (crypter_constructor_t)des_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, get_name(this), - (crypter_constructor_t)des_crypter_create); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index 62c52498c..dabddd6d0 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -194,6 +194,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -202,6 +205,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -218,11 +222,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -266,6 +272,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c index 4e08746f8..b6863e8e3 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c +++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c @@ -37,11 +37,22 @@ METHOD(plugin_t, get_name, char*, return "dnskey"; } +METHOD(plugin_t, get_features, int, + private_dnskey_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(PUBKEY, dnskey_public_key_load, FALSE), + PLUGIN_PROVIDE(PUBKEY, KEY_ANY), + PLUGIN_REGISTER(PUBKEY, dnskey_public_key_load, FALSE), + PLUGIN_PROVIDE(PUBKEY, KEY_RSA), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_dnskey_plugin_t *this) { - lib->creds->remove_builder(lib->creds, - (builder_function_t)dnskey_public_key_load); free(this); } @@ -56,15 +67,11 @@ plugin_t *dnskey_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, - (builder_function_t)dnskey_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, - (builder_function_t)dnskey_public_key_load); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index e88a102b8..cbe9ef303 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -194,6 +194,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -202,6 +205,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -218,11 +222,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -266,6 +272,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c index ee71f6efd..c0666367a 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c @@ -127,14 +127,14 @@ METHOD(prf_t, get_bytes, void, { /* a. XVAL = (XKEY + XSEED j) mod 2^b */ add_mod(this->b, xkey, xseed, xval); - DBG3(DBG_LIB, "XVAL %b", xval, this->b); + DBG3(DBG_LIB, "XVAL %b", xval, (u_int)this->b); /* b. wi = G(t, XVAL ) */ this->g(this, chunk_create(xval, this->b), &w[i * this->b]); - DBG3(DBG_LIB, "w[%d] %b", i, &w[i * this->b], this->b); + DBG3(DBG_LIB, "w[%d] %b", i, &w[i * this->b], (u_int)this->b); /* c. XKEY = (1 + XKEY + wi) mod 2b */ add_mod(this->b, xkey, &w[i * this->b], sum); add_mod(this->b, sum, one, xkey); - DBG3(DBG_LIB, "XKEY %b", xkey, this->b); + DBG3(DBG_LIB, "XKEY %b", xkey, (u_int)this->b); } /* 3.3 done already, mod q not used */ diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c index 7038da146..68b6bacb2 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c @@ -37,11 +37,21 @@ METHOD(plugin_t, get_name, char*, return "fips-prf"; } +METHOD(plugin_t, get_features, int, + private_fips_prf_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(PRF, fips_prf_create), + PLUGIN_PROVIDE(PRF, PRF_FIPS_SHA1_160), + PLUGIN_DEPENDS(PRF, PRF_KEYED_SHA1), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_fips_prf_plugin_t *this) { - lib->crypto->remove_prf(lib->crypto, - (prf_constructor_t)fips_prf_create); free(this); } @@ -51,25 +61,16 @@ METHOD(plugin_t, destroy, void, plugin_t *fips_prf_plugin_create() { private_fips_prf_plugin_t *this; - prf_t *prf; INIT(this, .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - prf = lib->crypto->create_prf(lib->crypto, PRF_KEYED_SHA1); - if (prf) - { - prf->destroy(prf); - lib->crypto->add_prf(lib->crypto, PRF_FIPS_SHA1_160, get_name(this), - (prf_constructor_t)fips_prf_create); - } - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index 202849eb6..8285b5aeb 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -199,6 +202,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -215,11 +219,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/gcm/gcm_plugin.c b/src/libstrongswan/plugins/gcm/gcm_plugin.c index 4b46f0ee4..abfa4f007 100644 --- a/src/libstrongswan/plugins/gcm/gcm_plugin.c +++ b/src/libstrongswan/plugins/gcm/gcm_plugin.c @@ -38,12 +38,37 @@ METHOD(plugin_t, get_name, char*, return "gcm"; } +METHOD(plugin_t, get_features, int, + private_gcm_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(AEAD, gcm_aead_create), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 16), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 24), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV8, 32), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 16), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 24), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV12, 32), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 16), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 24), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 24), + PLUGIN_PROVIDE(AEAD, ENCR_AES_GCM_ICV16, 32), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 32), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_gcm_plugin_t *this) { - lib->crypto->remove_aead(lib->crypto, - (aead_constructor_t)gcm_aead_create); - free(this); } @@ -53,29 +78,16 @@ METHOD(plugin_t, destroy, void, plugin_t *gcm_plugin_create() { private_gcm_plugin_t *this; - crypter_t *crypter; INIT(this, .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 0); - if (crypter) - { - crypter->destroy(crypter); - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV8, get_name(this), - (aead_constructor_t)gcm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV12, get_name(this), - (aead_constructor_t)gcm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16, get_name(this), - (aead_constructor_t)gcm_aead_create); - } - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index bedb918b9..4dc72fed0 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -195,6 +195,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -203,6 +206,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -219,11 +223,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -267,6 +273,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index e26277b0b..a48d4a133 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -99,25 +99,81 @@ METHOD(plugin_t, get_name, char*, return "gcrypt"; } +METHOD(plugin_t, get_features, int, + private_gcrypt_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + /* crypters */ + PLUGIN_REGISTER(CRYPTER, gcrypt_crypter_create), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 16), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CTR, 32), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32), + /* gcrypt only supports 128 bit blowfish */ + PLUGIN_PROVIDE(CRYPTER, ENCR_BLOWFISH, 16), +#ifdef HAVE_GCRY_CIPHER_CAMELLIA + PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 16), + PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CTR, 32), + PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16), + PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32), +#endif + PLUGIN_PROVIDE(CRYPTER, ENCR_CAST, 0), + PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8), + PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8), + PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 16), + PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_SERPENT_CBC, 32), + PLUGIN_PROVIDE(CRYPTER, ENCR_TWOFISH_CBC, 16), + PLUGIN_PROVIDE(CRYPTER, ENCR_TWOFISH_CBC, 32), + /* hashers */ + PLUGIN_REGISTER(HASHER, gcrypt_hasher_create), + PLUGIN_PROVIDE(HASHER, HASH_MD4), + PLUGIN_PROVIDE(HASHER, HASH_MD5), + PLUGIN_PROVIDE(HASHER, HASH_SHA1), + PLUGIN_PROVIDE(HASHER, HASH_SHA224), + PLUGIN_PROVIDE(HASHER, HASH_SHA256), + PLUGIN_PROVIDE(HASHER, HASH_SHA384), + PLUGIN_PROVIDE(HASHER, HASH_SHA512), + /* MODP DH groups */ + PLUGIN_REGISTER(DH, gcrypt_dh_create), + PLUGIN_PROVIDE(DH, MODP_2048_BIT), + PLUGIN_PROVIDE(DH, MODP_2048_224), + PLUGIN_PROVIDE(DH, MODP_2048_256), + PLUGIN_PROVIDE(DH, MODP_1536_BIT), + PLUGIN_PROVIDE(DH, MODP_3072_BIT), + PLUGIN_PROVIDE(DH, MODP_4096_BIT), + PLUGIN_PROVIDE(DH, MODP_6144_BIT), + PLUGIN_PROVIDE(DH, MODP_8192_BIT), + PLUGIN_PROVIDE(DH, MODP_1024_BIT), + PLUGIN_PROVIDE(DH, MODP_1024_160), + PLUGIN_PROVIDE(DH, MODP_768_BIT), + PLUGIN_REGISTER(DH, gcrypt_dh_create_custom), + PLUGIN_PROVIDE(DH, MODP_CUSTOM), + /* RSA private/public key loading */ + PLUGIN_REGISTER(PUBKEY, gcrypt_rsa_public_key_load, TRUE), + PLUGIN_PROVIDE(PUBKEY, KEY_RSA), + PLUGIN_REGISTER(PRIVKEY, gcrypt_rsa_private_key_load, TRUE), + PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), + PLUGIN_REGISTER(PRIVKEY_GEN, gcrypt_rsa_private_key_gen, FALSE), + PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA), + /* random numbers */ + PLUGIN_REGISTER(RNG, gcrypt_rng_create), + PLUGIN_PROVIDE(RNG, RNG_WEAK), + PLUGIN_PROVIDE(RNG, RNG_STRONG), + PLUGIN_PROVIDE(RNG, RNG_TRUE), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_gcrypt_plugin_t *this) { - lib->crypto->remove_hasher(lib->crypto, - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->remove_crypter(lib->crypto, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->remove_rng(lib->crypto, - (rng_constructor_t)gcrypt_rng_create); - lib->crypto->remove_dh(lib->crypto, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->remove_dh(lib->crypto, - (dh_constructor_t)gcrypt_dh_create_custom); - lib->creds->remove_builder(lib->creds, - (builder_function_t)gcrypt_rsa_private_key_gen); - lib->creds->remove_builder(lib->creds, - (builder_function_t)gcrypt_rsa_private_key_load); - lib->creds->remove_builder(lib->creds, - (builder_function_t)gcrypt_rsa_public_key_load); free(this); } @@ -149,96 +205,12 @@ plugin_t *gcrypt_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - /* hashers */ - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, get_name(this), - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this), - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, get_name(this), - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this), - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this), - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this), - (hasher_constructor_t)gcrypt_hasher_create); - - /* crypters */ - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, get_name(this), - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAST, get_name(this), - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, get_name(this), - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, get_name(this), - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, get_name(this), - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this), - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, get_name(this), - (crypter_constructor_t)gcrypt_crypter_create); -#ifdef HAVE_GCRY_CIPHER_CAMELLIA - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, get_name(this), - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, get_name(this), - (crypter_constructor_t)gcrypt_crypter_create); -#endif /* HAVE_GCRY_CIPHER_CAMELLIA */ - lib->crypto->add_crypter(lib->crypto, ENCR_SERPENT_CBC, get_name(this), - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC, get_name(this), - (crypter_constructor_t)gcrypt_crypter_create); - - /* random numbers */ - lib->crypto->add_rng(lib->crypto, RNG_WEAK, get_name(this), - (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, get_name(this), - (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, get_name(this), - (rng_constructor_t)gcrypt_rng_create); - - /* diffie hellman groups, using modp */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, get_name(this), - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, get_name(this), - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, get_name(this), - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, get_name(this), - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this), - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this), - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this), - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this), - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this), - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this), - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this), - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this), - (dh_constructor_t)gcrypt_dh_create_custom); - - /* RSA */ - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, - (builder_function_t)gcrypt_rsa_private_key_gen); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE, - (builder_function_t)gcrypt_rsa_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE, - (builder_function_t)gcrypt_rsa_public_key_load); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c index 38ce2cd6c..eb38eea3b 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c @@ -68,7 +68,7 @@ chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name, gcry_sexp_t key) if (key) { /* gcrypt might return more bytes than necessary. Truncate - * to key lenght if key given, or prepend zeros if needed */ + * to key length if key given, or prepend zeros if needed */ len = gcry_pk_get_nbits(key); len = len / 8 + (len % 8 ? 1 : 0); if (len > data.len) @@ -504,7 +504,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type, va_list args) { private_gcrypt_rsa_private_key_t *this; - chunk_t n, e, d, p, q, exp, u; + chunk_t n, e, d, p, q, u; gcry_error_t err; n = e = d = p = q = u = chunk_empty; @@ -531,7 +531,7 @@ gcrypt_rsa_private_key_t *gcrypt_rsa_private_key_load(key_type_t type, case BUILD_RSA_EXP1: case BUILD_RSA_EXP2: /* not required for gcrypt */ - exp = va_arg(args, chunk_t); + va_arg(args, chunk_t); continue; case BUILD_RSA_COEFF: u = va_arg(args, chunk_t); diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index 18592ab4a..34a23312b 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -200,6 +203,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -216,11 +220,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c index 55ccd4a4f..d93aa14a1 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.c +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c @@ -39,19 +39,85 @@ METHOD(plugin_t, get_name, char*, return "gmp"; } +METHOD(plugin_t, get_features, int, + private_gmp_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + /* DH groups */ + PLUGIN_REGISTER(DH, gmp_diffie_hellman_create), + PLUGIN_PROVIDE(DH, MODP_2048_BIT), + PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_PROVIDE(DH, MODP_2048_224), + PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_PROVIDE(DH, MODP_2048_256), + PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_PROVIDE(DH, MODP_1536_BIT), + PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_PROVIDE(DH, MODP_3072_BIT), + PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_PROVIDE(DH, MODP_4096_BIT), + PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_PROVIDE(DH, MODP_6144_BIT), + PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_PROVIDE(DH, MODP_8192_BIT), + PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_PROVIDE(DH, MODP_1024_BIT), + PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_PROVIDE(DH, MODP_1024_160), + PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_PROVIDE(DH, MODP_768_BIT), + PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_REGISTER(DH, gmp_diffie_hellman_create_custom), + PLUGIN_PROVIDE(DH, MODP_CUSTOM), + PLUGIN_DEPENDS(RNG, RNG_STRONG), + /* private/public keys */ + PLUGIN_REGISTER(PRIVKEY, gmp_rsa_private_key_load, TRUE), + PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), + PLUGIN_REGISTER(PRIVKEY_GEN, gmp_rsa_private_key_gen, FALSE), + PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA), + PLUGIN_DEPENDS(RNG, RNG_TRUE), + PLUGIN_REGISTER(PUBKEY, gmp_rsa_public_key_load, TRUE), + PLUGIN_PROVIDE(PUBKEY, KEY_RSA), + /* signature schemes, private */ + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224), + PLUGIN_DEPENDS(HASHER, HASH_SHA224), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256), + PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384), + PLUGIN_DEPENDS(HASHER, HASH_SHA384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512), + PLUGIN_DEPENDS(HASHER, HASH_SHA512), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), + PLUGIN_DEPENDS(HASHER, HASH_MD5), + /* signature verification schemes */ + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224), + PLUGIN_DEPENDS(HASHER, HASH_SHA224), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256), + PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384), + PLUGIN_DEPENDS(HASHER, HASH_SHA384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512), + PLUGIN_DEPENDS(HASHER, HASH_SHA512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5), + PLUGIN_DEPENDS(HASHER, HASH_MD5), + /* en-/decryption schemes */ + PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1), + PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1), + PLUGIN_DEPENDS(RNG, RNG_WEAK), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_gmp_plugin_t *this) { - lib->crypto->remove_dh(lib->crypto, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->remove_dh(lib->crypto, - (dh_constructor_t)gmp_diffie_hellman_create_custom); - lib->creds->remove_builder(lib->creds, - (builder_function_t)gmp_rsa_private_key_gen); - lib->creds->remove_builder(lib->creds, - (builder_function_t)gmp_rsa_private_key_load); - lib->creds->remove_builder(lib->creds, - (builder_function_t)gmp_rsa_public_key_load); free(this); } @@ -66,45 +132,12 @@ plugin_t *gmp_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, get_name(this), - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, get_name(this), - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, get_name(this), - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, get_name(this), - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this), - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this), - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this), - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this), - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this), - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this), - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this), - (dh_constructor_t)gmp_diffie_hellman_create); - - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this), - (dh_constructor_t)gmp_diffie_hellman_create_custom); - - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, - (builder_function_t)gmp_rsa_private_key_gen); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE, - (builder_function_t)gmp_rsa_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE, - (builder_function_t)gmp_rsa_public_key_load); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c index a7ba80138..898892f5b 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c @@ -137,7 +137,7 @@ static bool verify_emsa_pkcs1_signature(private_gmp_rsa_public_key_t *this, if (signature.len == 0 || signature.len > this->k) { - return INVALID_ARG; + return FALSE; } /* unpack signature */ diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index b9e2cd817..5242764d4 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -200,6 +203,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -216,11 +220,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c index 397a1ea11..91294305e 100644 --- a/src/libstrongswan/plugins/hmac/hmac.c +++ b/src/libstrongswan/plugins/hmac/hmac.c @@ -4,13 +4,13 @@ * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General hmac License as published by the + * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General hmac License + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ diff --git a/src/libstrongswan/plugins/hmac/hmac.h b/src/libstrongswan/plugins/hmac/hmac.h index be1bce66d..1ed041596 100644 --- a/src/libstrongswan/plugins/hmac/hmac.h +++ b/src/libstrongswan/plugins/hmac/hmac.h @@ -29,8 +29,8 @@ typedef struct hmac_t hmac_t; /** * Message authentication using hash functions. * - * This class implements the message authenticaion algorithm - * described in RFC2104. It uses a hash function, wich must + * This class implements the message authentication algorithm + * described in RFC2104. It uses a hash function, which must * be implemented as a hasher_t class. */ struct hmac_t { diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c index 47d6d3cde..7d9ff3c67 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.c +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c @@ -38,13 +38,50 @@ METHOD(plugin_t, get_name, char*, return "hmac"; } +METHOD(plugin_t, get_features, int, + private_hmac_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(PRF, hmac_prf_create), + PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA1), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), + PLUGIN_PROVIDE(PRF, PRF_HMAC_MD5), + PLUGIN_DEPENDS(HASHER, HASH_MD5), + PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_256), + PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_384), + PLUGIN_DEPENDS(HASHER, HASH_SHA384), + PLUGIN_PROVIDE(PRF, PRF_HMAC_SHA2_512), + PLUGIN_DEPENDS(HASHER, HASH_SHA512), + PLUGIN_REGISTER(SIGNER, hmac_signer_create), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_96), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_128), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA1_160), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_96), + PLUGIN_DEPENDS(HASHER, HASH_MD5), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_MD5_128), + PLUGIN_DEPENDS(HASHER, HASH_MD5), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_128), + PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_256_256), + PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_192), + PLUGIN_DEPENDS(HASHER, HASH_SHA384), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_384_384), + PLUGIN_DEPENDS(HASHER, HASH_SHA384), + PLUGIN_PROVIDE(SIGNER, AUTH_HMAC_SHA2_512_256), + PLUGIN_DEPENDS(HASHER, HASH_SHA512), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_hmac_plugin_t *this) { - lib->crypto->remove_prf(lib->crypto, - (prf_constructor_t)hmac_prf_create); - lib->crypto->remove_signer(lib->crypto, - (signer_constructor_t)hmac_signer_create); free(this); } @@ -54,75 +91,17 @@ METHOD(plugin_t, destroy, void, plugin_t *hmac_plugin_create() { private_hmac_plugin_t *this; - hasher_t *hasher; INIT(this, .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (hasher) - { - hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, get_name(this), - (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, get_name(this), - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, get_name(this), - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160, get_name(this), - (signer_constructor_t)hmac_signer_create); - } - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA256); - if (hasher) - { - hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, get_name(this), - (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, get_name(this), - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_256, get_name(this), - (signer_constructor_t)hmac_signer_create); - - } - hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); - if (hasher) - { - hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, get_name(this), - (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, get_name(this), - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, get_name(this), - (signer_constructor_t)hmac_signer_create); - } - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA384); - if (hasher) - { - hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, get_name(this), - (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, get_name(this), - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_384, get_name(this), - (signer_constructor_t)hmac_signer_create); - } - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA512); - if (hasher) - { - hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, get_name(this), - (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, get_name(this), - (signer_constructor_t)hmac_signer_create); - } - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index b496ace28..851df5667 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -199,6 +202,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -215,11 +219,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.c b/src/libstrongswan/plugins/ldap/ldap_plugin.c index 08d9748ce..210d33a93 100644 --- a/src/libstrongswan/plugins/ldap/ldap_plugin.c +++ b/src/libstrongswan/plugins/ldap/ldap_plugin.c @@ -37,11 +37,21 @@ METHOD(plugin_t, get_name, char*, return "ldap"; } +METHOD(plugin_t, get_features, int, + private_ldap_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(FETCHER, ldap_fetcher_create), + PLUGIN_PROVIDE(FETCHER, "ldap://"), + PLUGIN_PROVIDE(FETCHER, "ldaps://"), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_ldap_plugin_t *this) { - lib->fetcher->remove_fetcher(lib->fetcher, - (fetcher_constructor_t)ldap_fetcher_create); free(this); } @@ -56,17 +66,12 @@ plugin_t *ldap_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->fetcher->add_fetcher(lib->fetcher, - (fetcher_constructor_t)ldap_fetcher_create, "ldap://"); - lib->fetcher->add_fetcher(lib->fetcher, - (fetcher_constructor_t)ldap_fetcher_create, "ldaps://"); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index 82781054b..f5b06a0df 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -199,6 +202,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -215,11 +219,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/md4/md4_hasher.c b/src/libstrongswan/plugins/md4/md4_hasher.c index 366d37328..6a31017c2 100644 --- a/src/libstrongswan/plugins/md4/md4_hasher.c +++ b/src/libstrongswan/plugins/md4/md4_hasher.c @@ -268,10 +268,8 @@ static void MD4Final (private_md4_hasher_t *this, u_int8_t digest[16]) -/** - * Implementation of hasher_t.get_hash. - */ -static void get_hash(private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer) +METHOD(hasher_t, get_hash, void, + private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { MD4Update(this, chunk.ptr, chunk.len); if (buffer != NULL) @@ -281,11 +279,8 @@ static void get_hash(private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer } } - -/** - * Implementation of hasher_t.allocate_hash. - */ -static void allocate_hash(private_md4_hasher_t *this, chunk_t chunk, chunk_t *hash) +METHOD(hasher_t, allocate_hash, void, + private_md4_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; @@ -302,18 +297,14 @@ static void allocate_hash(private_md4_hasher_t *this, chunk_t chunk, chunk_t *ha } } -/** - * Implementation of hasher_t.get_hash_size. - */ -static size_t get_hash_size(private_md4_hasher_t *this) +METHOD(hasher_t, get_hash_size, size_t, + private_md4_hasher_t *this) { return HASH_SIZE_MD4; } -/** - * Implementation of hasher_t.reset. - */ -static void reset(private_md4_hasher_t *this) +METHOD(hasher_t, reset, void, + private_md4_hasher_t *this) { this->state[0] = 0x67452301; this->state[1] = 0xefcdab89; @@ -323,10 +314,8 @@ static void reset(private_md4_hasher_t *this) this->count[1] = 0; } -/** - * Implementation of hasher_t.destroy. - */ -static void destroy(private_md4_hasher_t *this) +METHOD(hasher_t, destroy, void, + private_md4_hasher_t *this) { free(this); } @@ -342,13 +331,18 @@ md4_hasher_t *md4_hasher_create(hash_algorithm_t algo) { return NULL; } - this = malloc_thing(private_md4_hasher_t); - this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; - this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; - this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; - this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; - this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; + INIT(this, + .public = { + .hasher_interface = { + .get_hash = _get_hash, + .allocate_hash = _allocate_hash, + .get_hash_size = _get_hash_size, + .reset = _reset, + .destroy = _destroy, + }, + }, + ); /* initialize */ reset(this); diff --git a/src/libstrongswan/plugins/md4/md4_plugin.c b/src/libstrongswan/plugins/md4/md4_plugin.c index 371bba280..baa44b7f5 100644 --- a/src/libstrongswan/plugins/md4/md4_plugin.c +++ b/src/libstrongswan/plugins/md4/md4_plugin.c @@ -37,11 +37,20 @@ METHOD(plugin_t, get_name, char*, return "md4"; } +METHOD(plugin_t, get_features, int, + private_md4_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(HASHER, md4_hasher_create), + PLUGIN_PROVIDE(HASHER, HASH_MD4), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_md4_plugin_t *this) { - lib->crypto->remove_hasher(lib->crypto, - (hasher_constructor_t)md4_hasher_create); free(this); } @@ -56,15 +65,12 @@ plugin_t *md4_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, get_name(this), - (hasher_constructor_t)md4_hasher_create); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index 0e3c37e7e..f7762c37e 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -199,6 +202,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -215,11 +219,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/md5/md5_hasher.c b/src/libstrongswan/plugins/md5/md5_hasher.c index a97ad5cae..45c2391ef 100644 --- a/src/libstrongswan/plugins/md5/md5_hasher.c +++ b/src/libstrongswan/plugins/md5/md5_hasher.c @@ -299,12 +299,8 @@ static void MD5Final (private_md5_hasher_t *this, u_int8_t digest[16]) } } - - -/** - * Implementation of hasher_t.get_hash. - */ -static void get_hash(private_md5_hasher_t *this, chunk_t chunk, u_int8_t *buffer) +METHOD(hasher_t, get_hash, void, + private_md5_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { MD5Update(this, chunk.ptr, chunk.len); if (buffer != NULL) @@ -314,11 +310,8 @@ static void get_hash(private_md5_hasher_t *this, chunk_t chunk, u_int8_t *buffer } } - -/** - * Implementation of hasher_t.allocate_hash. - */ -static void allocate_hash(private_md5_hasher_t *this, chunk_t chunk, chunk_t *hash) +METHOD(hasher_t, allocate_hash, void, + private_md5_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; @@ -335,18 +328,14 @@ static void allocate_hash(private_md5_hasher_t *this, chunk_t chunk, chunk_t *ha } } -/** - * Implementation of hasher_t.get_hash_size. - */ -static size_t get_hash_size(private_md5_hasher_t *this) +METHOD(hasher_t, get_hash_size, size_t, + private_md5_hasher_t *this) { return HASH_SIZE_MD5; } -/** - * Implementation of hasher_t.reset. - */ -static void reset(private_md5_hasher_t *this) +METHOD(hasher_t, reset, void, + private_md5_hasher_t *this) { this->state[0] = 0x67452301; this->state[1] = 0xefcdab89; @@ -356,10 +345,8 @@ static void reset(private_md5_hasher_t *this) this->count[1] = 0; } -/** - * Implementation of hasher_t.destroy. - */ -static void destroy(private_md5_hasher_t *this) +METHOD(hasher_t, destroy, void, + private_md5_hasher_t *this) { free(this); } @@ -375,13 +362,18 @@ md5_hasher_t *md5_hasher_create(hash_algorithm_t algo) { return NULL; } - this = malloc_thing(private_md5_hasher_t); - this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; - this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; - this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; - this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; - this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; + INIT(this, + .public = { + .hasher_interface = { + .get_hash = _get_hash, + .allocate_hash = _allocate_hash, + .get_hash_size = _get_hash_size, + .reset = _reset, + .destroy = _destroy, + }, + }, + ); /* initialize */ reset(this); diff --git a/src/libstrongswan/plugins/md5/md5_plugin.c b/src/libstrongswan/plugins/md5/md5_plugin.c index c72284193..a3ad7b305 100644 --- a/src/libstrongswan/plugins/md5/md5_plugin.c +++ b/src/libstrongswan/plugins/md5/md5_plugin.c @@ -37,6 +37,17 @@ METHOD(plugin_t, get_name, char*, return "md5"; } +METHOD(plugin_t, get_features, int, + private_md5_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(HASHER, md5_hasher_create), + PLUGIN_PROVIDE(HASHER, HASH_MD5), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_md5_plugin_t *this) { @@ -56,15 +67,12 @@ plugin_t *md5_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this), - (hasher_constructor_t)md5_hasher_create); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index 32067d5b4..5025a0eb8 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -193,6 +193,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -201,6 +204,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -217,11 +221,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,6 +271,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c index 5fbfa0f28..25ea42a4f 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.c +++ b/src/libstrongswan/plugins/mysql/mysql_database.c @@ -20,6 +20,7 @@ #include "mysql_database.h" #include <debug.h> +#include <chunk.h> #include <threading/thread_value.h> #include <threading/mutex.h> #include <utils/linked_list.h> diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.c b/src/libstrongswan/plugins/mysql/mysql_plugin.c index 579df4d50..dd8b32761 100644 --- a/src/libstrongswan/plugins/mysql/mysql_plugin.c +++ b/src/libstrongswan/plugins/mysql/mysql_plugin.c @@ -38,11 +38,20 @@ METHOD(plugin_t, get_name, char*, return "mysql"; } +METHOD(plugin_t, get_features, int, + private_mysql_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(DATABASE, mysql_database_create), + PLUGIN_PROVIDE(DATABASE, DB_MYSQL), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_mysql_plugin_t *this) { - lib->db->remove_database(lib->db, - (database_constructor_t)mysql_database_create); mysql_database_deinit(); free(this); } @@ -64,15 +73,12 @@ plugin_t *mysql_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->db->add_database(lib->db, - (database_constructor_t)mysql_database_create); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index d1c8fce81..8994ff1b4 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -198,6 +198,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -206,6 +209,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -222,11 +226,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -270,6 +276,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index 58401faa5..9a9efb2b6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -185,7 +185,7 @@ METHOD(crl_t, create_enumerator, enumerator_t*, free(enumerator); return enumerator_create_empty(); } - enumerator->num = sk_X509_EXTENSION_num(enumerator->stack); + enumerator->num = sk_X509_REVOKED_num(enumerator->stack); return &enumerator->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index 78ed2811a..9e4067589 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -219,7 +219,7 @@ METHOD(diffie_hellman_t, set_other_public_value, void, return; } - chunk_free(&this->shared_secret); + chunk_clear(&this->shared_secret); if (!compute_shared_key(this, &this->shared_secret)) { DBG1(DBG_LIB, "ECDH shared secret computation failed"); diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index f4c4759bf..950504573 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -1,6 +1,6 @@ /* + * Copyright (C) 2008-2012 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Copyright (C) 2008 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -371,14 +371,17 @@ openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type, va_list args) { private_openssl_ec_private_key_t *this; - chunk_t blob = chunk_empty; + chunk_t par = chunk_empty, key = chunk_empty; while (TRUE) { switch (va_arg(args, builder_part_t)) { + case BUILD_BLOB_ALGID_PARAMS: + par = va_arg(args, chunk_t); + continue; case BUILD_BLOB_ASN1_DER: - blob = va_arg(args, chunk_t); + key = va_arg(args, chunk_t); continue; case BUILD_END: break; @@ -389,18 +392,36 @@ openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type, } this = create_empty(); - this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len); - if (!this->ec) + + if (par.ptr) { - destroy(this); - return NULL; + this->ec = d2i_ECParameters(NULL, (const u_char**)&par.ptr, par.len); + if (!this->ec) + { + goto error; + } + if (!d2i_ECPrivateKey(&this->ec, (const u_char**)&key.ptr, key.len)) + { + goto error; + } + } + else + { + this->ec = d2i_ECPrivateKey(NULL, (const u_char**)&key.ptr, key.len); + if (!this->ec) + { + goto error; + } } if (!EC_KEY_check_key(this->ec)) { - destroy(this); - return NULL; + goto error; } return &this->public; + +error: + destroy(this); + return NULL; } #endif /* OPENSSL_NO_EC */ diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 96aa38bb6..c93ceacc9 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -199,40 +199,175 @@ METHOD(plugin_t, get_name, char*, return "openssl"; } +METHOD(plugin_t, get_features, int, + private_openssl_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + /* crypters */ + PLUGIN_REGISTER(CRYPTER, openssl_crypter_create), +#ifndef OPENSSL_NO_AES + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_AES_CBC, 32), +#endif +#ifndef OPENSSL_NO_CAMELLIA + PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 16), + PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_CAMELLIA_CBC, 32), +#endif +#ifndef OPENSSL_NO_RC5 + PLUGIN_PROVIDE(CRYPTER, ENCR_RC5, 0), +#endif +#ifndef OPENSSL_NO_CAST + PLUGIN_PROVIDE(CRYPTER, ENCR_CAST, 0), +#endif +#ifndef OPENSSL_NO_BLOWFISH + PLUGIN_PROVIDE(CRYPTER, ENCR_BLOWFISH, 0), +#endif +#ifndef OPENSSL_NO_IDEA + PLUGIN_PROVIDE(CRYPTER, ENCR_IDEA, 16), +#endif +#ifndef OPENSSL_NO_DES + PLUGIN_PROVIDE(CRYPTER, ENCR_3DES, 24), + PLUGIN_PROVIDE(CRYPTER, ENCR_DES, 8), + PLUGIN_PROVIDE(CRYPTER, ENCR_DES_ECB, 8), +#endif + PLUGIN_PROVIDE(CRYPTER, ENCR_NULL, 0), + /* hashers */ + PLUGIN_REGISTER(HASHER, openssl_hasher_create), +#ifndef OPENSSL_NO_SHA1 + PLUGIN_PROVIDE(HASHER, HASH_SHA1), +#endif +#ifndef OPENSSL_NO_MD2 + PLUGIN_PROVIDE(HASHER, HASH_MD2), +#endif +#ifndef OPENSSL_NO_MD4 + PLUGIN_PROVIDE(HASHER, HASH_MD4), +#endif +#ifndef OPENSSL_NO_MD5 + PLUGIN_PROVIDE(HASHER, HASH_MD5), +#endif +#ifndef OPENSSL_NO_SHA256 + PLUGIN_PROVIDE(HASHER, HASH_SHA224), + PLUGIN_PROVIDE(HASHER, HASH_SHA256), +#endif +#ifndef OPENSSL_NO_SHA512 + PLUGIN_PROVIDE(HASHER, HASH_SHA384), + PLUGIN_PROVIDE(HASHER, HASH_SHA512), +#endif +#ifndef OPENSSL_NO_SHA1 + /* keyed sha1 hasher (aka prf) */ + PLUGIN_REGISTER(PRF, openssl_sha1_prf_create), + PLUGIN_PROVIDE(PRF, PRF_KEYED_SHA1), +#endif +#ifndef OPENSSL_NO_DH + /* MODP DH groups */ + PLUGIN_REGISTER(DH, openssl_diffie_hellman_create), + PLUGIN_PROVIDE(DH, MODP_2048_BIT), + PLUGIN_PROVIDE(DH, MODP_2048_224), + PLUGIN_PROVIDE(DH, MODP_2048_256), + PLUGIN_PROVIDE(DH, MODP_1536_BIT), + PLUGIN_PROVIDE(DH, MODP_3072_BIT), + PLUGIN_PROVIDE(DH, MODP_4096_BIT), + PLUGIN_PROVIDE(DH, MODP_6144_BIT), + PLUGIN_PROVIDE(DH, MODP_8192_BIT), + PLUGIN_PROVIDE(DH, MODP_1024_BIT), + PLUGIN_PROVIDE(DH, MODP_1024_160), + PLUGIN_PROVIDE(DH, MODP_768_BIT), + PLUGIN_PROVIDE(DH, MODP_CUSTOM), +#endif +#ifndef OPENSSL_NO_RSA + /* RSA private/public key loading */ + PLUGIN_REGISTER(PRIVKEY, openssl_rsa_private_key_load, TRUE), + PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), + PLUGIN_REGISTER(PRIVKEY, openssl_rsa_private_key_connect, FALSE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), + PLUGIN_REGISTER(PRIVKEY_GEN, openssl_rsa_private_key_gen, FALSE), + PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_RSA), + PLUGIN_REGISTER(PUBKEY, openssl_rsa_public_key_load, FALSE), + PLUGIN_PROVIDE(PUBKEY, KEY_RSA), + PLUGIN_REGISTER(PUBKEY, openssl_rsa_public_key_load, TRUE), + PLUGIN_PROVIDE(PUBKEY, KEY_ANY), + /* signature/encryption schemes */ + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_NULL), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_NULL), +#ifndef OPENSSL_NO_SHA1 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA1), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), +#endif +#ifndef OPENSSL_NO_SHA256 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256), +#endif +#ifndef OPENSSL_NO_SHA512 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512), +#endif +#ifndef OPENSSL_NO_MD5 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_MD5), +#endif + PLUGIN_PROVIDE(PRIVKEY_DECRYPT, ENCRYPT_RSA_PKCS1), + PLUGIN_PROVIDE(PUBKEY_ENCRYPT, ENCRYPT_RSA_PKCS1), +#endif /* OPENSSL_NO_RSA */ + /* certificate/CRL loading */ + PLUGIN_REGISTER(CERT_DECODE, openssl_x509_load, TRUE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_X509), + PLUGIN_REGISTER(CERT_DECODE, openssl_crl_load, TRUE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_CRL), +#ifndef OPENSSL_NO_ECDH + /* EC DH groups */ + PLUGIN_REGISTER(DH, openssl_ec_diffie_hellman_create), + PLUGIN_PROVIDE(DH, ECP_256_BIT), + PLUGIN_PROVIDE(DH, ECP_384_BIT), + PLUGIN_PROVIDE(DH, ECP_521_BIT), + PLUGIN_PROVIDE(DH, ECP_224_BIT), + PLUGIN_PROVIDE(DH, ECP_192_BIT), +#endif +#ifndef OPENSSL_NO_ECDSA + /* EC private/public key loading */ + PLUGIN_REGISTER(PRIVKEY, openssl_ec_private_key_load, TRUE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA), + PLUGIN_REGISTER(PRIVKEY_GEN, openssl_ec_private_key_gen, FALSE), + PLUGIN_PROVIDE(PRIVKEY_GEN, KEY_ECDSA), + PLUGIN_REGISTER(PUBKEY, openssl_ec_public_key_load, TRUE), + PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA), + /* signature encryption schemes */ + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_NULL), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_NULL), +#ifndef OPENSSL_NO_SHA1 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA1_DER), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA1_DER), +#endif +#ifndef OPENSSL_NO_SHA256 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA256_DER), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA256_DER), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_256), +#endif +#ifndef OPENSSL_NO_SHA512 + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA384_DER), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_WITH_SHA512_DER), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA384_DER), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_WITH_SHA512_DER), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_ECDSA_521), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521), +#endif +#endif /* OPENSSL_NO_ECDSA */ + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_openssl_plugin_t *this) { - lib->crypto->remove_crypter(lib->crypto, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->remove_hasher(lib->crypto, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->remove_prf(lib->crypto, - (prf_constructor_t)openssl_sha1_prf_create); - lib->crypto->remove_dh(lib->crypto, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->creds->remove_builder(lib->creds, - (builder_function_t)openssl_rsa_private_key_load); - lib->creds->remove_builder(lib->creds, - (builder_function_t)openssl_rsa_private_key_gen); - lib->creds->remove_builder(lib->creds, - (builder_function_t)openssl_rsa_private_key_connect); - lib->creds->remove_builder(lib->creds, - (builder_function_t)openssl_rsa_public_key_load); -#ifndef OPENSSL_NO_EC - lib->crypto->remove_dh(lib->crypto, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->creds->remove_builder(lib->creds, - (builder_function_t)openssl_ec_private_key_load); - lib->creds->remove_builder(lib->creds, - (builder_function_t)openssl_ec_private_key_gen); - lib->creds->remove_builder(lib->creds, - (builder_function_t)openssl_ec_public_key_load); -#endif /* OPENSSL_NO_EC */ - lib->creds->remove_builder(lib->creds, - (builder_function_t)openssl_x509_load); - lib->creds->remove_builder(lib->creds, - (builder_function_t)openssl_crl_load); - #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); #endif /* OPENSSL_NO_ENGINE */ @@ -255,7 +390,7 @@ plugin_t *openssl_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, @@ -279,116 +414,6 @@ plugin_t *openssl_plugin_create() return NULL; } - /* crypter */ - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this), - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, get_name(this), - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, get_name(this), - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_RC5, get_name(this), - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_IDEA, get_name(this), - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAST, get_name(this), - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, get_name(this), - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, get_name(this), - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, get_name(this), - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_NULL, get_name(this), - (crypter_constructor_t)openssl_crypter_create); - - /* hasher */ - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD2, get_name(this), - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, get_name(this), - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this), - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, get_name(this), - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this), - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this), - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this), - (hasher_constructor_t)openssl_hasher_create); - - /* prf */ - lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, get_name(this), - (prf_constructor_t)openssl_sha1_prf_create); - - /* (ec) diffie hellman */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, get_name(this), - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, get_name(this), - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, get_name(this), - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, get_name(this), - (dh_constructor_t)openssl_diffie_hellman_create); -#ifndef OPENSSL_NO_EC - lib->crypto->add_dh(lib->crypto, ECP_256_BIT, get_name(this), - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_384_BIT, get_name(this), - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_521_BIT, get_name(this), - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_224_BIT, get_name(this), - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_192_BIT, get_name(this), - (dh_constructor_t)openssl_ec_diffie_hellman_create); -#endif /* OPENSSL_NO_EC */ - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this), - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this), - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this), - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this), - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this), - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this), - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this), - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this), - (dh_constructor_t)openssl_diffie_hellman_create); - - /* rsa */ - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, TRUE, - (builder_function_t)openssl_rsa_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, - (builder_function_t)openssl_rsa_private_key_gen); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE, - (builder_function_t)openssl_rsa_private_key_connect); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE, - (builder_function_t)openssl_rsa_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, - (builder_function_t)openssl_rsa_public_key_load); - -#ifndef OPENSSL_NO_EC - /* ecdsa */ - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, TRUE, - (builder_function_t)openssl_ec_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, FALSE, - (builder_function_t)openssl_ec_private_key_gen); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, TRUE, - (builder_function_t)openssl_ec_public_key_load); -#endif /* OPENSSL_NO_EC */ - - /* X509 certificates */ - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, TRUE, - (builder_function_t)openssl_x509_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, TRUE, - (builder_function_t)openssl_crl_load); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index 422e31521..a24bae5d6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -44,6 +44,8 @@ struct private_openssl_rsa_public_key_t { refcount_t ref; }; + + /** * Verification of an EMPSA PKCS1 signature described in PKCS#1 */ @@ -386,4 +388,3 @@ openssl_rsa_public_key_t *openssl_rsa_public_key_load(key_type_t type, destroy(this); return NULL; } - diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c index 99dca3631..1eb1c6723 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.c +++ b/src/libstrongswan/plugins/openssl/openssl_util.c @@ -130,7 +130,7 @@ chunk_t openssl_asn1_obj2chunk(ASN1_OBJECT *asn1) { if (asn1) { - return chunk_create(asn1->data, asn1->length); + return chunk_create((u_char*)asn1->data, asn1->length); } return chunk_empty; } diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index f7495b2ae..5caf5182c 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2011 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -597,7 +600,7 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this, } if (constraints->pathlen) { - + pathlen = ASN1_INTEGER_get(constraints->pathlen); this->pathlen = (pathlen >= 0 && pathlen < 128) ? pathlen : X509_NO_CONSTRAINT; @@ -609,6 +612,41 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this, } /** + * parse key usage + */ +static bool parse_keyUsage_ext(private_openssl_x509_t *this, + X509_EXTENSION *ext) +{ + ASN1_BIT_STRING *usage; + + usage = X509V3_EXT_d2i(ext); + if (usage) + { + if (usage->length > 0) + { + int flags = usage->data[0]; + if (usage->length > 1) + { + flags |= usage->data[1] << 8; + } + switch (flags) + { + case X509v3_KU_CRL_SIGN: + this->flags |= X509_CRL_SIGN; + break; + case X509v3_KU_KEY_CERT_SIGN: + /* we use the caBasicContraint, MUST be set */ + default: + break; + } + } + ASN1_BIT_STRING_free(usage); + return TRUE; + } + return FALSE; +} + +/** * Parse CRL distribution points */ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, @@ -713,7 +751,7 @@ static bool parse_authorityInfoAccess_ext(private_openssl_x509_t *this, { if (asprintf(&uri, "%Y", id) > 0) { - this->ocsp_uris->insert_first(this->ocsp_uris, uri); + this->ocsp_uris->insert_last(this->ocsp_uris, uri); } id->destroy(id); } @@ -804,6 +842,9 @@ static bool parse_extensions(private_openssl_x509_t *this) case NID_basic_constraints: ok = parse_basicConstraints_ext(this, ext); break; + case NID_key_usage: + ok = parse_keyUsage_ext(this, ext); + break; case NID_crl_distribution_points: ok = parse_crlDistributionPoints_ext(this, ext); break; diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 7bc342995..6ff607456 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -194,6 +194,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -202,6 +205,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -218,11 +222,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -266,6 +272,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index 92c7fa2fe..98c196ef4 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -200,6 +203,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -216,11 +220,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c index b760adda9..c5d96be47 100644 --- a/src/libstrongswan/plugins/pem/pem_builder.c +++ b/src/libstrongswan/plugins/pem/pem_builder.c @@ -73,7 +73,7 @@ static bool find_boundary(char* tag, chunk_t *line) { if (present("-----", line)) { - DBG2(DBG_LIB, " -----%s %.*s-----", tag, (int)name.len, name.ptr); + DBG2(DBG_ASN, " -----%s %.*s-----", tag, (int)name.len, name.ptr); return TRUE; } line->ptr++; line->len--; name.len++; @@ -99,7 +99,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); if (hasher == NULL) { - DBG1(DBG_LIB, " MD5 hash algorithm not available"); + DBG1(DBG_ASN, " MD5 hash algorithm not available"); return NOT_SUPPORTED; } hash.len = hasher->get_hash_size(hasher); @@ -121,7 +121,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, crypter = lib->crypto->create_crypter(lib->crypto, alg, key_size); if (crypter == NULL) { - DBG1(DBG_LIB, " %N encryption algorithm not available", + DBG1(DBG_ASN, " %N encryption algorithm not available", encryption_algorithm_names, alg); return NOT_SUPPORTED; } @@ -131,7 +131,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, blob->len % crypter->get_block_size(crypter)) { crypter->destroy(crypter); - DBG1(DBG_LIB, " data size is not multiple of block size"); + DBG1(DBG_ASN, " data size is not multiple of block size"); return PARSE_ERROR; } crypter->decrypt(crypter, *blob, iv, &decrypted); @@ -155,7 +155,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, { if (*last_padding_pos != padding) { - DBG1(DBG_LIB, " invalid passphrase"); + DBG1(DBG_ASN, " invalid passphrase"); return INVALID_ARG; } } @@ -234,7 +234,7 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp) } /* we are looking for a parameter: value pair */ - DBG2(DBG_LIB, " %.*s", (int)line.len, line.ptr); + DBG2(DBG_ASN, " %.*s", (int)line.len, line.ptr); ugh = extract_parameter_value(&name, &value, &line); if (ugh != NULL) { @@ -274,7 +274,7 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp) } else { - DBG1(DBG_LIB, " encryption algorithm '%.*s'" + DBG1(DBG_ASN, " encryption algorithm '%.*s'" " not supported", dek.len, dek.ptr); return NOT_SUPPORTED; } @@ -298,7 +298,7 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp) *pgp = TRUE; data.ptr++; data.len--; - DBG2(DBG_LIB, " armor checksum: %.*s", (int)data.len, + DBG2(DBG_ASN, " armor checksum: %.*s", (int)data.len, data.ptr); continue; } @@ -355,7 +355,7 @@ static status_t pem_to_bin(chunk_t *blob, bool *pgp) * load the credential from a blob */ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype, - x509_flag_t flags) + identification_t *subject, x509_flag_t flags) { void *cred = NULL; bool pgp = FALSE; @@ -381,10 +381,19 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype, { subtype = pgp ? CERT_GPG : CERT_X509; } - cred = lib->creds->create(lib->creds, type, subtype, + if (type == CRED_CERTIFICATE && subtype == CERT_TRUSTED_PUBKEY && subject) + { + cred = lib->creds->create(lib->creds, type, subtype, + BUILD_BLOB_ASN1_DER, blob, BUILD_SUBJECT, subject, + BUILD_END); + } + else + { + cred = lib->creds->create(lib->creds, type, subtype, pgp ? BUILD_BLOB_PGP : BUILD_BLOB_ASN1_DER, blob, flags ? BUILD_X509_FLAG : BUILD_END, flags, BUILD_END); + } chunk_clear(&blob); return cred; } @@ -393,7 +402,7 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype, * load the credential from a file */ static void *load_from_file(char *file, credential_type_t type, int subtype, - x509_flag_t flags) + identification_t *subject, x509_flag_t flags) { void *cred = NULL; struct stat sb; @@ -423,7 +432,8 @@ static void *load_from_file(char *file, credential_type_t type, int subtype, return NULL; } - cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype, flags); + cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype, + subject, flags); munmap(addr, sb.st_size); close(fd); @@ -434,7 +444,7 @@ static void *load_from_file(char *file, credential_type_t type, int subtype, * load the credential from a file descriptor */ static void *load_from_fd(int fd, credential_type_t type, int subtype, - x509_flag_t flags) + identification_t *subject, x509_flag_t flags) { char buf[8096]; char *pos = buf; @@ -460,7 +470,8 @@ static void *load_from_fd(int fd, credential_type_t type, int subtype, return NULL; } } - return load_from_blob(chunk_create(buf, total), type, subtype, flags); + return load_from_blob(chunk_create(buf, total), type, subtype, + subject, flags); } /** @@ -471,6 +482,7 @@ static void *pem_load(credential_type_t type, int subtype, va_list args) char *file = NULL; int fd = -1; chunk_t pem = chunk_empty; + identification_t *subject = NULL; int flags = 0; while (TRUE) @@ -486,6 +498,9 @@ static void *pem_load(credential_type_t type, int subtype, va_list args) case BUILD_BLOB_PEM: pem = va_arg(args, chunk_t); continue; + case BUILD_SUBJECT: + subject = va_arg(args, identification_t*); + continue; case BUILD_X509_FLAG: flags = va_arg(args, int); continue; @@ -499,15 +514,15 @@ static void *pem_load(credential_type_t type, int subtype, va_list args) if (pem.len) { - return load_from_blob(pem, type, subtype, flags); + return load_from_blob(pem, type, subtype, subject, flags); } if (file) { - return load_from_file(file, type, subtype, flags); + return load_from_file(file, type, subtype, subject, flags); } if (fd != -1) { - return load_from_fd(fd, type, subtype, flags); + return load_from_fd(fd, type, subtype, subject, flags); } return NULL; } diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c index c81605ae5..fca717a10 100644 --- a/src/libstrongswan/plugins/pem/pem_plugin.c +++ b/src/libstrongswan/plugins/pem/pem_plugin.c @@ -39,15 +39,69 @@ METHOD(plugin_t, get_name, char*, return "pem"; } +METHOD(plugin_t, get_features, int, + private_pem_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + /* private key PEM decoding */ + PLUGIN_REGISTER(PRIVKEY, pem_private_key_load, FALSE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), + PLUGIN_DEPENDS(HASHER, HASH_MD5), + PLUGIN_REGISTER(PRIVKEY, pem_private_key_load, FALSE), + PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), + PLUGIN_DEPENDS(HASHER, HASH_MD5), + PLUGIN_REGISTER(PRIVKEY, pem_private_key_load, FALSE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA), + PLUGIN_DEPENDS(HASHER, HASH_MD5), + PLUGIN_REGISTER(PRIVKEY, pem_private_key_load, FALSE), + PLUGIN_PROVIDE(PRIVKEY, KEY_DSA), + PLUGIN_DEPENDS(HASHER, HASH_MD5), + + /* public key PEM decoding */ + PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE), + PLUGIN_PROVIDE(PUBKEY, KEY_ANY), + PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE), + PLUGIN_PROVIDE(PUBKEY, KEY_RSA), + PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE), + PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA), + PLUGIN_REGISTER(PUBKEY, pem_public_key_load, FALSE), + PLUGIN_PROVIDE(PUBKEY, KEY_DSA), + + /* certificate PEM decoding */ + PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_ANY), + PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_X509), + PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_CRL), + PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_OCSP_REQUEST), + PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_OCSP_RESPONSE), + PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_AC), + PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_PKCS10_REQUEST), + PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_TRUSTED_PUBKEY), + PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_GPG), + + /* pluto specific certificate formats */ + PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_PLUTO_CERT), + PLUGIN_REGISTER(CERT_DECODE, pem_certificate_load, FALSE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_PLUTO_CRL), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_pem_plugin_t *this) { - lib->creds->remove_builder(lib->creds, - (builder_function_t)pem_private_key_load); - lib->creds->remove_builder(lib->creds, - (builder_function_t)pem_public_key_load); - lib->creds->remove_builder(lib->creds, - (builder_function_t)pem_certificate_load); + lib->encoding->remove_encoder(lib->encoding, pem_encoder_encode); + free(this); } @@ -62,58 +116,12 @@ plugin_t *pem_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - /* register private key PEM decoding builders */ - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE, - (builder_function_t)pem_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, - (builder_function_t)pem_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ECDSA, FALSE, - (builder_function_t)pem_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_DSA, FALSE, - (builder_function_t)pem_private_key_load); - - /* register public key PEM decoding builders */ - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, - (builder_function_t)pem_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, - (builder_function_t)pem_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ECDSA, FALSE, - (builder_function_t)pem_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_DSA, FALSE, - (builder_function_t)pem_public_key_load); - - /* register certificate PEM decoding builders */ - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_ANY, FALSE, - (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, FALSE, - (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, FALSE, - (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, FALSE, - (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, FALSE, - (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, FALSE, - (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, FALSE, - (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, FALSE, - (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE, - (builder_function_t)pem_certificate_load); - - /* register pluto specific certificate formats */ - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CERT, FALSE, - (builder_function_t)pem_certificate_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL, FALSE, - (builder_function_t)pem_certificate_load); - /* register PEM encoder */ lib->encoding->add_encoder(lib->encoding, pem_encoder_encode); diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index 6be915f29..946424eee 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -200,6 +203,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -216,11 +220,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c index 440e70a18..361157742 100644 --- a/src/libstrongswan/plugins/pgp/pgp_builder.c +++ b/src/libstrongswan/plugins/pgp/pgp_builder.c @@ -152,7 +152,7 @@ static private_key_t *parse_private_key(chunk_t blob) } if (!pgp_read_scalar(&packet, 1, &version)) { - return FALSE; + return NULL; } switch (version) { @@ -166,7 +166,7 @@ static private_key_t *parse_private_key(chunk_t blob) break; default: DBG1(DBG_LIB, "PGP packet version V%d not supported", version); - return FALSE; + return NULL; } if (!pgp_read_scalar(&packet, 4, &created)) { diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c index 5b21b46d4..70a236855 100644 --- a/src/libstrongswan/plugins/pgp/pgp_cert.c +++ b/src/libstrongswan/plugins/pgp/pgp_cert.c @@ -74,35 +74,26 @@ struct private_pgp_cert_t { }; -/** - * Implementation of certificate_t.get_type - */ -static certificate_type_t get_type(private_pgp_cert_t *this) +METHOD(certificate_t, get_type, certificate_type_t, + private_pgp_cert_t *this) { return CERT_GPG; } -/** - * Implementation of certificate_t.get_subject - */ -static identification_t* get_subject(private_pgp_cert_t *this) +METHOD(certificate_t, get_subject,identification_t*, + private_pgp_cert_t *this) { return this->user_id; } -/** - * Implementation of certificate_t.get_issuer - */ -static identification_t* get_issuer(private_pgp_cert_t *this) +METHOD(certificate_t, get_issuer, identification_t*, + private_pgp_cert_t *this) { return this->user_id; } -/** - * Implementation of certificate_t.has_subject. - */ -static id_match_t has_subject(private_pgp_cert_t *this, - identification_t *subject) +METHOD(certificate_t, has_subject, id_match_t, + private_pgp_cert_t *this, identification_t *subject) { id_match_t match_user_id; @@ -116,46 +107,36 @@ static id_match_t has_subject(private_pgp_cert_t *this, return match_user_id; } -/** - * Implementation of certificate_t.has_subject. - */ -static id_match_t has_issuer(private_pgp_cert_t *this, identification_t *issuer) +METHOD(certificate_t, has_issuer, id_match_t, + private_pgp_cert_t *this, identification_t *issuer) { return ID_MATCH_NONE; } -/** - * Implementation of certificate_t.issued_by - */ -static bool issued_by(private_pgp_cert_t *this, certificate_t *issuer) +METHOD(certificate_t, issued_by,bool, + private_pgp_cert_t *this, certificate_t *issuer) { /* TODO: check signature blobs for a valid signature */ return FALSE; } -/** - * Implementation of certificate_t.get_public_key - */ -static public_key_t* get_public_key(private_pgp_cert_t *this) +METHOD(certificate_t, get_public_key, public_key_t*, + private_pgp_cert_t *this) { this->key->get_ref(this->key); return this->key; } -/** - * Implementation of certificate_t.get_ref - */ -static private_pgp_cert_t* get_ref(private_pgp_cert_t *this) +METHOD(certificate_t, get_ref, certificate_t*, + private_pgp_cert_t *this) { ref_get(&this->ref); - return this; + return &this->public.interface.interface; } -/** - * Implementation of certificate_t.get_validity. - */ -static bool get_validity(private_pgp_cert_t *this, time_t *when, - time_t *not_before, time_t *not_after) +METHOD(certificate_t, get_validity, bool, + private_pgp_cert_t *this, time_t *when, time_t *not_before, + time_t *not_after) { time_t t, until; @@ -187,11 +168,8 @@ static bool get_validity(private_pgp_cert_t *this, time_t *when, return (t >= this->valid && t <= until); } -/** - * Implementation of certificate_t.get_encoding. - */ -static bool get_encoding(private_pgp_cert_t *this, cred_encoding_type_t type, - chunk_t *encoding) +METHOD(certificate_t, get_encoding, bool, + private_pgp_cert_t *this, cred_encoding_type_t type, chunk_t *encoding) { if (type == CERT_PGP_PKT) { @@ -202,10 +180,8 @@ static bool get_encoding(private_pgp_cert_t *this, cred_encoding_type_t type, CRED_PART_PGP_CERT, this->encoding, CRED_PART_END); } -/** - * Implementation of certificate_t.equals. - */ -static bool equals(private_pgp_cert_t *this, certificate_t *other) +METHOD(certificate_t, equals, bool, + private_pgp_cert_t *this, certificate_t *other) { chunk_t encoding; bool equal; @@ -231,10 +207,8 @@ static bool equals(private_pgp_cert_t *this, certificate_t *other) return equal; } -/** - * Implementation of pgp_cert_t.destroy. - */ -static void destroy(private_pgp_cert_t *this) +METHOD(certificate_t, destroy, void, + private_pgp_cert_t *this) { if (ref_put(&this->ref)) { @@ -246,10 +220,8 @@ static void destroy(private_pgp_cert_t *this) } } -/** - * Implementation of pgp_certificate_t.get_fingerprint. - */ -static chunk_t get_fingerprint(private_pgp_cert_t *this) +METHOD(pgp_certificate_t, get_fingerprint, chunk_t, + private_pgp_cert_t *this) { return this->fingerprint; } @@ -259,30 +231,30 @@ static chunk_t get_fingerprint(private_pgp_cert_t *this) */ private_pgp_cert_t *create_empty() { - private_pgp_cert_t *this = malloc_thing(private_pgp_cert_t); - - this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type; - this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject; - this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer; - this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject; - this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_issuer; - this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by; - this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key; - this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity; - this->public.interface.interface.get_encoding = (bool (*) (certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding; - this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals; - this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref; - this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy; - this->public.interface.get_fingerprint = (chunk_t (*)(pgp_certificate_t*))get_fingerprint; - - this->key = NULL; - this->version = 0; - this->created = 0; - this->valid = 0; - this->user_id = NULL; - this->fingerprint = chunk_empty; - this->encoding = chunk_empty; - this->ref = 1; + private_pgp_cert_t *this; + + INIT(this, + .public = { + .interface = { + .interface = { + .get_type = _get_type, + .get_subject = _get_subject, + .get_issuer = _get_issuer, + .has_subject = _has_subject, + .has_issuer = _has_issuer, + .issued_by = _issued_by, + .get_public_key = _get_public_key, + .get_validity = _get_validity, + .get_encoding = _get_encoding, + .equals = _equals, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_fingerprint = _get_fingerprint, + }, + }, + .ref = 1, + ); return this; } @@ -314,18 +286,18 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet) } break; default: - DBG1(DBG_LIB, "PGP packet version V%d not supported", + DBG1(DBG_ASN, "PGP packet version V%d not supported", this->version); return FALSE; } if (this->valid) { - DBG2(DBG_LIB, "L2 - created %T, valid %d days", &this->created, FALSE, + DBG2(DBG_ASN, "L2 - created %T, valid %d days", &this->created, FALSE, this->valid); } else { - DBG2(DBG_LIB, "L2 - created %T, never expires", &this->created, FALSE); + DBG2(DBG_ASN, "L2 - created %T, never expires", &this->created, FALSE); } DESTROY_IF(this->key); this->key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, @@ -346,13 +318,13 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet) hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { - DBG1(DBG_LIB, "no SHA-1 hasher available"); + DBG1(DBG_ASN, "no SHA-1 hasher available"); return FALSE; } hasher->allocate_hash(hasher, pubkey_packet_header, NULL); hasher->allocate_hash(hasher, pubkey_packet, &this->fingerprint); hasher->destroy(hasher); - DBG2(DBG_LIB, "L2 - v4 fingerprint %#B", &this->fingerprint); + DBG2(DBG_ASN, "L2 - v4 fingerprint %#B", &this->fingerprint); } else { @@ -363,7 +335,7 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet) return FALSE; } this->fingerprint = chunk_clone(this->fingerprint); - DBG2(DBG_LIB, "L2 - v3 fingerprint %#B", &this->fingerprint); + DBG2(DBG_ASN, "L2 - v3 fingerprint %#B", &this->fingerprint); } return TRUE; } @@ -383,7 +355,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet) /* we parse only v3 or v4 signature packets */ if (version != 3 && version != 4) { - DBG2(DBG_LIB, "L2 - v%d signature ignored", version); + DBG2(DBG_ASN, "L2 - v%d signature ignored", version); return TRUE; } if (version == 4) @@ -392,7 +364,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet) { return FALSE; } - DBG2(DBG_LIB, "L2 - v%d signature of type 0x%02x", version, type); + DBG2(DBG_ASN, "L2 - v%d signature of type 0x%02x", version, type); } else { @@ -405,7 +377,7 @@ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet) { return FALSE; } - DBG2(DBG_LIB, "L2 - v3 signature of type 0x%02x, created %T", type, + DBG2(DBG_ASN, "L2 - v3 signature of type 0x%02x, created %T", type, &created, FALSE); } /* TODO: parse and save signature to a list */ @@ -419,7 +391,7 @@ static bool parse_user_id(private_pgp_cert_t *this, chunk_t packet) { DESTROY_IF(this->user_id); this->user_id = identification_create_from_encoding(ID_KEY_ID, packet); - DBG2(DBG_LIB, "L2 - '%Y'", this->user_id); + DBG2(DBG_ASN, "L2 - '%Y'", this->user_id); return TRUE; } @@ -469,14 +441,14 @@ pgp_cert_t *pgp_cert_load(certificate_type_t type, va_list args) if (!parse_signature(this, packet)) { destroy(this); - return FALSE; + return NULL; } break; case PGP_PKT_USER_ID: if (!parse_user_id(this, packet)) { destroy(this); - return FALSE; + return NULL; } break; default: diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c index 52e9d96b1..a2cf403dc 100644 --- a/src/libstrongswan/plugins/pgp/pgp_plugin.c +++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c @@ -39,17 +39,30 @@ METHOD(plugin_t, get_name, char*, return "pgp"; } -METHOD(plugin_t, destroy, void, - private_pgp_plugin_t *this) +METHOD(plugin_t, get_features, int, + private_pgp_plugin_t *this, plugin_feature_t *features[]) { - lib->creds->remove_builder(lib->creds, - (builder_function_t)pgp_public_key_load); - lib->creds->remove_builder(lib->creds, - (builder_function_t)pgp_private_key_load); + static plugin_feature_t f[] = { + PLUGIN_REGISTER(PRIVKEY, pgp_private_key_load, FALSE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), + PLUGIN_REGISTER(PRIVKEY, pgp_private_key_load, FALSE), + PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), - lib->creds->remove_builder(lib->creds, - (builder_function_t)pgp_cert_load); + PLUGIN_REGISTER(PUBKEY, pgp_public_key_load, FALSE), + PLUGIN_PROVIDE(PUBKEY, KEY_ANY), + PLUGIN_REGISTER(PUBKEY, pgp_public_key_load, FALSE), + PLUGIN_PROVIDE(PUBKEY, KEY_RSA), + + PLUGIN_REGISTER(CERT_DECODE, pgp_cert_load, FALSE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_GPG), + }; + *features = f; + return countof(f); +} +METHOD(plugin_t, destroy, void, + private_pgp_plugin_t *this) +{ lib->encoding->remove_encoder(lib->encoding, pgp_encoder_encode); free(this); @@ -66,21 +79,12 @@ plugin_t *pgp_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, - (builder_function_t)pgp_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, - (builder_function_t)pgp_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE, - (builder_function_t)pgp_private_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, - (builder_function_t)pgp_private_key_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE, - (builder_function_t)pgp_cert_load); + lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.c b/src/libstrongswan/plugins/pgp/pgp_utils.c index 2d85cc0c8..7fd905ce4 100644 --- a/src/libstrongswan/plugins/pgp/pgp_utils.c +++ b/src/libstrongswan/plugins/pgp/pgp_utils.c @@ -79,7 +79,7 @@ bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar) if (bytes > blob->len) { - DBG1(DBG_LIB, "PGP data too short to read %d byte scalar", bytes); + DBG1(DBG_ASN, "PGP data too short to read %d byte scalar", bytes); return FALSE; } while (bytes-- > 0) @@ -100,13 +100,13 @@ bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi) if (!pgp_read_scalar(blob, 2, &bits)) { - DBG1(DBG_LIB, "PGP data too short to read MPI length"); + DBG1(DBG_ASN, "PGP data too short to read MPI length"); return FALSE; } bytes = (bits + 7) / 8; if (bytes > blob->len) { - DBG1(DBG_LIB, "PGP data too short to read %d byte MPI", bytes); + DBG1(DBG_ASN, "PGP data too short to read %d byte MPI", bytes); return FALSE; } *mpi = chunk_create(blob->ptr, bytes); @@ -146,7 +146,7 @@ bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag) if (!blob->len) { - DBG1(DBG_LIB, "missing input"); + DBG1(DBG_ASN, "missing input"); return FALSE; } t = blob->ptr[0]; @@ -154,27 +154,27 @@ bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag) /* bit 7 must be set */ if (!(t & 0x80)) { - DBG1(DBG_LIB, "invalid packet tag"); + DBG1(DBG_ASN, "invalid packet tag"); return FALSE; } /* bit 6 set defines new packet format */ if (t & 0x40) { - DBG1(DBG_LIB, "new PGP packet format not supported"); + DBG1(DBG_ASN, "new PGP packet format not supported"); return FALSE; } t = (t & 0x3C) >> 2; if (!pgp_old_packet_length(blob, &len) || len > blob->len) { - DBG1(DBG_LIB, "invalid packet length"); + DBG1(DBG_ASN, "invalid packet length"); return FALSE; } *data = chunk_create(blob->ptr, len); *blob = chunk_skip(*blob, len); *tag = t; - DBG2(DBG_LIB, "L1 - PGP %N (%u bytes)", pgp_packet_tag_names, t, len); - DBG3(DBG_LIB, "%B", data); + DBG2(DBG_ASN, "L1 - PGP %N (%u bytes)", pgp_packet_tag_names, t, len); + DBG3(DBG_ASN, "%B", data); return TRUE; } diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index 1ae880c3b..f9322a62d 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -193,6 +193,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -201,6 +204,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -217,11 +221,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,6 +271,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c index a605fabc7..6d022f362 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c @@ -81,10 +81,10 @@ static public_key_t *parse_public_key(chunk_t blob) /* skip initial bit string octet defining 0 unused bits */ object = chunk_skip(object, 1); } - DBG2(DBG_LIB, "-- > --"); + DBG2(DBG_ASN, "-- > --"); key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, type, BUILD_BLOB_ASN1_DER, object, BUILD_END); - DBG2(DBG_LIB, "-- < --"); + DBG2(DBG_ASN, "-- < --"); break; } } @@ -197,7 +197,7 @@ static private_key_t *parse_rsa_private_key(chunk_t blob) case PRIV_KEY_VERSION: if (object.len > 0 && *object.ptr != 0) { - DBG1(DBG_LIB, "PKCS#1 private key format is not version 1"); + DBG1(DBG_ASN, "PKCS#1 private key format is not version 1"); goto end; } break; diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c index e0e24cab2..b304a5101 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c @@ -38,14 +38,24 @@ METHOD(plugin_t, get_name, char*, return "pkcs1"; } +METHOD(plugin_t, get_features, int, + private_pkcs1_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(PRIVKEY, pkcs1_private_key_load, FALSE), + PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), + PLUGIN_REGISTER(PUBKEY, pkcs1_public_key_load, FALSE), + PLUGIN_PROVIDE(PUBKEY, KEY_ANY), + PLUGIN_REGISTER(PUBKEY, pkcs1_public_key_load, FALSE), + PLUGIN_PROVIDE(PUBKEY, KEY_RSA), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_pkcs1_plugin_t *this) { - lib->creds->remove_builder(lib->creds, - (builder_function_t)pkcs1_public_key_load); - lib->creds->remove_builder(lib->creds, - (builder_function_t)pkcs1_private_key_load); - lib->encoding->remove_encoder(lib->encoding, pkcs1_encoder_encode); free(this); @@ -62,19 +72,12 @@ plugin_t *pkcs1_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, - (builder_function_t)pkcs1_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, - (builder_function_t)pkcs1_public_key_load); - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, - (builder_function_t)pkcs1_private_key_load); - lib->encoding->add_encoder(lib->encoding, pkcs1_encoder_encode); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.am b/src/libstrongswan/plugins/pkcs11/Makefile.am index 199039d95..d032b879a 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.am +++ b/src/libstrongswan/plugins/pkcs11/Makefile.am @@ -16,6 +16,8 @@ libstrongswan_pkcs11_la_SOURCES = \ pkcs11_private_key.h pkcs11_private_key.c \ pkcs11_public_key.h pkcs11_public_key.c \ pkcs11_hasher.h pkcs11_hasher.c \ + pkcs11_rng.h pkcs11_rng.c \ + pkcs11_dh.h pkcs11_dh.c \ pkcs11_manager.h pkcs11_manager.c libstrongswan_pkcs11_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index 1a67f88cc..2ead77f5a 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -77,7 +77,8 @@ LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_pkcs11_la_LIBADD = am_libstrongswan_pkcs11_la_OBJECTS = pkcs11_plugin.lo \ pkcs11_library.lo pkcs11_creds.lo pkcs11_private_key.lo \ - pkcs11_public_key.lo pkcs11_hasher.lo pkcs11_manager.lo + pkcs11_public_key.lo pkcs11_hasher.lo pkcs11_rng.lo \ + pkcs11_dh.lo pkcs11_manager.lo libstrongswan_pkcs11_la_OBJECTS = \ $(am_libstrongswan_pkcs11_la_OBJECTS) libstrongswan_pkcs11_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -195,6 +196,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -203,6 +207,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -219,11 +224,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -267,6 +274,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ @@ -288,6 +296,8 @@ libstrongswan_pkcs11_la_SOURCES = \ pkcs11_private_key.h pkcs11_private_key.c \ pkcs11_public_key.h pkcs11_public_key.c \ pkcs11_hasher.h pkcs11_hasher.c \ + pkcs11_rng.h pkcs11_rng.c \ + pkcs11_dh.h pkcs11_dh.c \ pkcs11_manager.h pkcs11_manager.c libstrongswan_pkcs11_la_LDFLAGS = -module -avoid-version @@ -375,12 +385,14 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_creds.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_dh.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_hasher.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_library.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_plugin.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_private_key.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_public_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_rng.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11.h b/src/libstrongswan/plugins/pkcs11/pkcs11.h index 2e6a1e3ed..da29a77d0 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11.h @@ -179,6 +179,14 @@ extern "C" { #define unlock_mutex UnlockMutex #define reserved pReserved +#define ck_ec_kdf_type_t CK_EC_KDF_TYPE + +#define ck_ecdh1_derive_args _CK_ECDH1_DERIVE_PARAMS +#define shared_data_len ulSharedDataLen +#define shared_data pSharedData +#define public_data_len ulPublicDataLen +#define public_data pPublicData + #endif /* CRYPTOKI_COMPAT */ @@ -1090,6 +1098,19 @@ struct ck_c_initialize_args void *reserved; }; +typedef unsigned long ck_ec_kdf_type_t; + +#define CKD_NULL (1) +#define CKD_SHA1_DKF (2) + +struct ck_ecdh1_derive_params +{ + ck_ec_kdf_type_t kdf; + unsigned long shared_data_len; + void *shared_data; + unsigned long public_data_len; + void *public_data; +}; #define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0) #define CKF_OS_LOCKING_OK (1 << 1) @@ -1260,6 +1281,9 @@ typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; +typedef struct ck_ecdh1_derive_params CK_ECDH1_DERIVE_PARAMS; +typedef struct ck_ecdh1_derive_params *CK_ECDH1_DERIVE_PARAMS_PTR; + #define NULL_PTR NULL /* Delete the helper macros defined at the top of the file. */ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c new file mode 100644 index 000000000..c870370c8 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c @@ -0,0 +1,446 @@ +/* + * Copyright (C) 2011 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs11_dh.h" + +#include <debug.h> +#include <library.h> +#include <asn1/asn1.h> +#include <asn1/oid.h> + +#include "pkcs11_manager.h" + +typedef struct private_pkcs11_dh_t private_pkcs11_dh_t; + +/** + * Private data of an pkcs11_dh_t object. + */ +struct private_pkcs11_dh_t { + + /** + * Public pkcs11_dh_t interface + */ + pkcs11_dh_t public; + + /** + * PKCS#11 library + */ + pkcs11_library_t *lib; + + /** + * Session handle for this objct + */ + CK_SESSION_HANDLE session; + + /** + * Diffie Hellman group number. + */ + u_int16_t group; + + /** + * Handle for own private value + */ + CK_OBJECT_HANDLE pri_key; + + /** + * Own public value + */ + chunk_t pub_key; + + /** + * Shared secret + */ + chunk_t secret; + + /** + * Mechanism to use to generate a key pair + */ + CK_MECHANISM_TYPE mech_key; + + /** + * Mechanism to use to derive a shared secret + */ + CK_MECHANISM_TYPE mech_derive; + +}; + +/** + * Derive a DH/ECDH shared secret. + * + * If this succeeds the shared secret is stored in this->secret. + */ +static void derive_secret(private_pkcs11_dh_t *this, chunk_t other) +{ + CK_OBJECT_CLASS klass = CKO_SECRET_KEY; + CK_KEY_TYPE type = CKK_GENERIC_SECRET; + CK_ATTRIBUTE attr[] = { + { CKA_CLASS, &klass, sizeof(klass) }, + { CKA_KEY_TYPE, &type, sizeof(type) }, + }; + CK_MECHANISM mech = { + this->mech_derive, + other.ptr, + other.len, + }; + CK_OBJECT_HANDLE secret; + CK_RV rv; + + rv = this->lib->f->C_DeriveKey(this->session, &mech, this->pri_key, + attr, countof(attr), &secret); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_DeriveKey() error: %N", ck_rv_names, rv); + return; + } + if (!this->lib->get_ck_attribute(this->lib, this->session, secret, + CKA_VALUE, &this->secret)) + { + chunk_free(&this->secret); + return; + } +} + +METHOD(diffie_hellman_t, set_other_public_value, void, + private_pkcs11_dh_t *this, chunk_t value) +{ + switch (this->group) + { + case ECP_192_BIT: + case ECP_224_BIT: + case ECP_256_BIT: + case ECP_384_BIT: + case ECP_521_BIT: + { /* we expect the public value to just be the concatenated x and y + * coordinates, so we tag the value as an uncompressed ECPoint */ + chunk_t tag = chunk_from_chars(0x04); + chunk_t pubkey = chunk_cata("cc", tag, value); + CK_ECDH1_DERIVE_PARAMS params = { + CKD_NULL, + 0, + NULL, + pubkey.len, + pubkey.ptr, + }; + + if (!lib->settings->get_bool(lib->settings, + "libstrongswan.ecp_x_coordinate_only", TRUE)) + { /* we only get the x coordinate back */ + return; + } + value = chunk_from_thing(params); + break; + } + default: + break; + } + derive_secret(this, value); +} + +METHOD(diffie_hellman_t, get_my_public_value, void, + private_pkcs11_dh_t *this, chunk_t *value) +{ + *value = chunk_clone(this->pub_key); +} + +METHOD(diffie_hellman_t, get_shared_secret, status_t, + private_pkcs11_dh_t *this, chunk_t *secret) +{ + if (!this->secret.ptr) + { + return FAILED; + } + *secret = chunk_clone(this->secret); + return SUCCESS; +} + +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_pkcs11_dh_t *this) +{ + return this->group; +} + +METHOD(diffie_hellman_t, destroy, void, + private_pkcs11_dh_t *this) +{ + this->lib->f->C_CloseSession(this->session); + chunk_clear(&this->pub_key); + chunk_clear(&this->secret); + free(this); +} + +/** + * Generate a DH/ECDH key pair. + * + * If this succeeds, this->pri_key has a handle to the private key and + * this->pub_key stores the public key. + */ +static bool generate_key_pair(private_pkcs11_dh_t *this, CK_ATTRIBUTE_PTR pub, + int pub_len, CK_ATTRIBUTE_PTR pri, int pri_len, + CK_ATTRIBUTE_TYPE attr) +{ + CK_MECHANISM mech = { + this->mech_key, + NULL, + 0, + }; + CK_OBJECT_HANDLE pub_key; + CK_RV rv; + + rv = this->lib->f->C_GenerateKeyPair(this->session, &mech, pub, pub_len, + pri, pri_len, &pub_key, &this->pri_key); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GenerateKeyPair() error: %N", ck_rv_names, rv); + return FALSE; + } + if (!this->lib->get_ck_attribute(this->lib, this->session, pub_key, + attr, &this->pub_key)) + { + chunk_free(&this->pub_key); + return FALSE; + } + return TRUE; +} + +/** + * Generate DH key pair. + */ +static bool generate_key_pair_modp(private_pkcs11_dh_t *this, size_t exp_len, + chunk_t g, chunk_t p) +{ + CK_BBOOL ck_true = CK_TRUE; + CK_ATTRIBUTE pub_attr[] = { + { CKA_DERIVE, &ck_true, sizeof(ck_true) }, + { CKA_PRIME, p.ptr, p.len }, + { CKA_BASE, g.ptr, g.len }, + }; + CK_ULONG bits = exp_len * 8; + CK_ATTRIBUTE pri_attr[] = { + { CKA_DERIVE, &ck_true, sizeof(ck_true) }, + { CKA_VALUE_BITS, &bits, sizeof(bits) }, + }; + return generate_key_pair(this, pub_attr, countof(pub_attr), pri_attr, + countof(pri_attr), CKA_VALUE); +} + +/** + * Generate ECDH key pair. + */ +static bool generate_key_pair_ecp(private_pkcs11_dh_t *this, + chunk_t ecparams) +{ + CK_BBOOL ck_true = CK_TRUE; + CK_ATTRIBUTE pub_attr[] = { + { CKA_DERIVE, &ck_true, sizeof(ck_true) }, + { CKA_EC_PARAMS, ecparams.ptr, ecparams.len }, + }; + CK_ATTRIBUTE pri_attr[] = { + { CKA_DERIVE, &ck_true, sizeof(ck_true) }, + }; + chunk_t pub_key; + if (!generate_key_pair(this, pub_attr, countof(pub_attr), pri_attr, + countof(pri_attr), CKA_EC_POINT)) + { + return FALSE; + } + if (this->pub_key.len <= 0 || this->pub_key.ptr[0] != 0x04) + { /* we currently only support the point in uncompressed form which + * looks like this: 0x04 || x || y */ + chunk_clear(&this->pub_key); + return FALSE; + } + pub_key = chunk_clone(chunk_skip(this->pub_key, 1)); + chunk_clear(&this->pub_key); + this->pub_key = pub_key; + return TRUE; +} + +/** + * Find a token we can use for DH/ECDH algorithm + */ +static pkcs11_library_t *find_token(private_pkcs11_dh_t *this, + CK_SESSION_HANDLE *session) +{ + enumerator_t *tokens, *mechs; + pkcs11_manager_t *manager; + pkcs11_library_t *current, *found = NULL; + CK_MECHANISM_TYPE type; + CK_SLOT_ID slot; + + manager = lib->get(lib, "pkcs11-manager"); + if (!manager) + { + return NULL; + } + tokens = manager->create_token_enumerator(manager); + while (tokens->enumerate(tokens, ¤t, &slot)) + { + mechs = current->create_mechanism_enumerator(current, slot); + while (mechs->enumerate(mechs, &type, NULL)) + { /* we assume we can generate key pairs if the derive mechanism + * is supported */ + if (type == this->mech_derive) + { + if (current->f->C_OpenSession(slot, CKF_SERIAL_SESSION, + NULL, NULL, session) == CKR_OK) + { + found = current; + break; + } + } + } + mechs->destroy(mechs); + if (found) + { + break; + } + } + tokens->destroy(tokens); + return found; +} + +/** + * Generic internal constructor + */ +static private_pkcs11_dh_t *create_generic(diffie_hellman_group_t group, + CK_MECHANISM_TYPE key, + CK_MECHANISM_TYPE derive) +{ + private_pkcs11_dh_t *this; + + INIT(this, + .public = { + .dh = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + }, + .group = group, + .mech_key = key, + .mech_derive = derive, + ); + + this->lib = find_token(this, &this->session); + if (!this->lib) + { + free(this); + return NULL; + } + return this; +} + +static pkcs11_dh_t *create_ecp(diffie_hellman_group_t group, chunk_t ecparam) +{ + private_pkcs11_dh_t *this = create_generic(group, CKM_EC_KEY_PAIR_GEN, + CKM_ECDH1_DERIVE); + + if (this) + { + if (generate_key_pair_ecp(this, ecparam)) + { + chunk_free(&ecparam); + return &this->public; + } + chunk_free(&ecparam); + free(this); + } + return NULL; +} + +/** + * Constructor for MODP DH + */ +static pkcs11_dh_t *create_modp(diffie_hellman_group_t group, size_t exp_len, + chunk_t g, chunk_t p) +{ + private_pkcs11_dh_t *this = create_generic(group, CKM_DH_PKCS_KEY_PAIR_GEN, + CKM_DH_PKCS_DERIVE); + + if (this) + { + if (generate_key_pair_modp(this, exp_len, g, p)) + { + return &this->public; + } + free(this); + } + return NULL; +} + +/** + * Lookup the EC params for the given group. + */ +static chunk_t ecparams_lookup(diffie_hellman_group_t group) +{ + switch (group) + { + case ECP_192_BIT: + return asn1_build_known_oid(OID_PRIME192V1); + case ECP_224_BIT: + return asn1_build_known_oid(OID_SECT224R1); + case ECP_256_BIT: + return asn1_build_known_oid(OID_PRIME256V1); + case ECP_384_BIT: + return asn1_build_known_oid(OID_SECT384R1); + case ECP_521_BIT: + return asn1_build_known_oid(OID_SECT521R1); + default: + break; + } + return chunk_empty; +} + +/** + * Described in header. + */ +pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group, + chunk_t g, chunk_t p) +{ + switch (group) + { + case MODP_CUSTOM: + { + return create_modp(group, p.len, g, p); + } + case ECP_192_BIT: + case ECP_224_BIT: + case ECP_256_BIT: + case ECP_384_BIT: + case ECP_521_BIT: + { + chunk_t params = ecparams_lookup(group); + if (params.ptr) + { + return create_ecp(group, params); + } + break; + } + default: + { + diffie_hellman_params_t *params = diffie_hellman_get_params(group); + if (params) + { + return create_modp(group, params->exp_len, params->generator, + params->prime); + } + break; + } + } + return NULL; +} + diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h new file mode 100644 index 000000000..2654130c0 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.h @@ -0,0 +1,51 @@ +/* + * Copyright (C) 2011 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs11_dh pkcs11_dh + * @{ @ingroup pkcs11 + */ + +#ifndef PKCS11_DH_H_ +#define PKCS11_DH_H_ + +typedef struct pkcs11_dh_t pkcs11_dh_t; + +#include <library.h> + +/** + * Implementation of the Diffie-Hellman algorithm via PKCS#11. + */ +struct pkcs11_dh_t { + + /** + * Implements diffie_hellman_t interface. + */ + diffie_hellman_t dh; +}; + +/** + * Creates a new pkcs11_dh_t object. + * + * @param group Diffie Hellman group number to use + * @param g generator in case group is MODP_CUSTOM + * @param p prime in case group is MODP_CUSTOM + * @return pkcs11_dh_t object, NULL if not supported + */ +pkcs11_dh_t *pkcs11_dh_create(diffie_hellman_group_t group, + chunk_t g, chunk_t p); + +#endif /** PKCS11_DH_H_ @}*/ + diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c index 6d327be40..069fa98b6 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c @@ -260,7 +260,7 @@ static pkcs11_library_t* find_token(hash_algorithm_t algo, { return NULL; } - manager = pkcs11_manager_get(); + manager = lib->get(lib, "pkcs11-manager"); if (!manager) { return NULL; @@ -315,6 +315,7 @@ pkcs11_hasher_t *pkcs11_hasher_create(hash_algorithm_t algo) this->lib = find_token(algo, &this->session, &this->mech, &this->size); if (!this->lib) { + this->mutex->destroy(this->mutex); free(this); return NULL; } diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c index 6f7926808..97c3d2fcf 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2011 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -447,6 +450,123 @@ ENUM_NEXT(ck_mech_names, CKM_DSA_PARAMETER_GEN, CKM_X9_42_DH_PARAMETER_GEN, "X9_42_DH_PARAMETER_GEN"); ENUM_END(ck_mech_names, CKM_X9_42_DH_PARAMETER_GEN); + +ENUM_BEGIN(ck_attr_names, CKA_CLASS, CKA_LABEL, + "CLASS", + "TOKEN", + "PRIVATE", + "LABEL"); +ENUM_NEXT(ck_attr_names, CKA_APPLICATION, CKA_OBJECT_ID, CKA_LABEL, + "APPLICATION", + "VALUE", + "OBJECT_ID"); +ENUM_NEXT(ck_attr_names, CKA_CERTIFICATE_TYPE, CKA_HASH_OF_ISSUER_PUBLIC_KEY, + CKA_OBJECT_ID, + "CERTIFICATE_TYPE", + "ISSUER", + "SERIAL_NUMBER", + "AC_ISSUER", + "OWNER", + "ATTR_TYPES", + "TRUSTED", + "CERTIFICATE_CATEGORY", + "JAVA_MIDP_SECURITY_DOMAIN", + "URL", + "HASH_OF_SUBJECT_PUBLIC_KEY", + "HASH_OF_ISSUER_PUBLIC_KEY"); +ENUM_NEXT(ck_attr_names, CKA_CHECK_VALUE, CKA_CHECK_VALUE, + CKA_HASH_OF_ISSUER_PUBLIC_KEY, + "CHECK_VALUE"); +ENUM_NEXT(ck_attr_names, CKA_KEY_TYPE, CKA_DERIVE, CKA_CHECK_VALUE, + "KEY_TYPE", + "SUBJECT", + "ID", + "SENSITIVE", + "ENCRYPT", + "DECRYPT", + "WRAP", + "UNWRAP", + "SIGN", + "SIGN_RECOVER", + "VERIFY", + "VERIFY_RECOVER", + "DERIVE"); +ENUM_NEXT(ck_attr_names, CKA_START_DATE, CKA_END_DATE, CKA_DERIVE, + "START_DATE", + "END_DATE"); +ENUM_NEXT(ck_attr_names, CKA_MODULUS, CKA_COEFFICIENT, CKA_END_DATE, + "MODULUS", + "MODULUS_BITS", + "PUBLIC_EXPONENT", + "PRIVATE_EXPONENT", + "PRIME_1", + "PRIME_2", + "EXPONENT_1", + "EXPONENT_2", + "COEFFICIENT"); +ENUM_NEXT(ck_attr_names, CKA_PRIME, CKA_SUB_PRIME_BITS, CKA_COEFFICIENT, + "PRIME", + "SUBPRIME", + "BASE", + "PRIME_BITS", + "SUB_PRIME_BITS"); +ENUM_NEXT(ck_attr_names, CKA_VALUE_BITS, CKA_KEY_GEN_MECHANISM, + CKA_SUB_PRIME_BITS, + "VALUE_BITS", + "VALUE_LEN", + "EXTRACTABLE", + "LOCAL", + "NEVER_EXTRACTABLE", + "ALWAYS_SENSITIVE", + "KEY_GEN_MECHANISM"); +ENUM_NEXT(ck_attr_names, CKA_MODIFIABLE, CKA_MODIFIABLE, CKA_KEY_GEN_MECHANISM, + "MODIFIABLE"); +ENUM_NEXT(ck_attr_names, CKA_EC_PARAMS, CKA_EC_POINT, CKA_MODIFIABLE, + "EC_PARAMS", + "EC_POINT"); +ENUM_NEXT(ck_attr_names, CKA_SECONDARY_AUTH, CKA_ALWAYS_AUTHENTICATE, + CKA_EC_POINT, + "SECONDARY_AUTH", + "AUTH_PIN_FLAGS", + "ALWAYS_AUTHENTICATE"); +ENUM_NEXT(ck_attr_names, CKA_WRAP_WITH_TRUSTED, CKA_WRAP_WITH_TRUSTED, + CKA_ALWAYS_AUTHENTICATE, + "WRAP_WITH_TRUSTED"); +ENUM_NEXT(ck_attr_names, CKA_HW_FEATURE_TYPE, CKA_HAS_RESET, + CKA_WRAP_WITH_TRUSTED, + "HW_FEATURE_TYPE", + "RESET_ON_INIT", + "HAS_RESET"); +ENUM_NEXT(ck_attr_names, CKA_PIXEL_X, CKA_BITS_PER_PIXEL, CKA_HAS_RESET, + "PIXEL_X", + "RESOLUTION", + "CHAR_ROWS", + "CHAR_COLUMNS", + "COLOR", + "BITS_PER_PIXEL"); +ENUM_NEXT(ck_attr_names, CKA_CHAR_SETS, CKA_MIME_TYPES, CKA_BITS_PER_PIXEL, + "CHAR_SETS", + "ENCODING_METHODS", + "MIME_TYPES"); +ENUM_NEXT(ck_attr_names, CKA_MECHANISM_TYPE, CKA_SUPPORTED_CMS_ATTRIBUTES, + CKA_MIME_TYPES, + "MECHANISM_TYPE", + "REQUIRED_CMS_ATTRIBUTES", + "DEFAULT_CMS_ATTRIBUTES", + "SUPPORTED_CMS_ATTRIBUTES"); +ENUM_NEXT(ck_attr_names, CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, + CKA_SUPPORTED_CMS_ATTRIBUTES, + "WRAP_TEMPLATE", + "UNWRAP_TEMPLATE"); +ENUM_NEXT(ck_attr_names, CKA_ALLOWED_MECHANISMS, CKA_ALLOWED_MECHANISMS, + CKA_UNWRAP_TEMPLATE, + "ALLOWED_MECHANISMS"); +ENUM_END(ck_attr_names, CKA_ALLOWED_MECHANISMS); +/* the values in an enum_name_t are stored as int, thus CKA_VENDOR_DEFINED + * will overflow and is thus not defined here */ + + + /** * Private data of an pkcs11_library_t object. */ @@ -495,10 +615,12 @@ typedef struct { CK_SESSION_HANDLE session; /* pkcs11 library */ pkcs11_library_t *lib; - /* attributes to retreive */ + /* attributes to retrieve */ CK_ATTRIBUTE_PTR attr; /* number of attributes */ CK_ULONG count; + /* object handle in case of a single object */ + CK_OBJECT_HANDLE object; /* currently allocated attributes, to free */ linked_list_t *freelist; } object_enumerator_t; @@ -552,7 +674,7 @@ static bool get_attributes(object_enumerator_t *this, CK_OBJECT_HANDLE object) if (rv != CKR_OK) { free_attrs(this); - DBG1(DBG_CFG, "C_GetAttributeValue(NULL) error: %N", ck_rv_names, rv); + DBG1(DBG_CFG, "C_GetAttributeValue() error: %N", ck_rv_names, rv); return FALSE; } return TRUE; @@ -565,11 +687,19 @@ METHOD(enumerator_t, object_enumerate, bool, CK_ULONG found; CK_RV rv; - rv = this->lib->f->C_FindObjects(this->session, &object, 1, &found); - if (rv != CKR_OK) + if (!this->object) { - DBG1(DBG_CFG, "C_FindObjects() failed: %N", ck_rv_names, rv); - return FALSE; + rv = this->lib->f->C_FindObjects(this->session, &object, 1, &found); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_FindObjects() failed: %N", ck_rv_names, rv); + return FALSE; + } + } + else + { + object = this->object; + found = 1; } if (found) { @@ -580,7 +710,10 @@ METHOD(enumerator_t, object_enumerate, bool, return FALSE; } } - *out = object; + if (out) + { + *out = object; + } return TRUE; } return FALSE; @@ -589,7 +722,10 @@ METHOD(enumerator_t, object_enumerate, bool, METHOD(enumerator_t, object_destroy, void, object_enumerator_t *this) { - this->lib->f->C_FindObjectsFinal(this->session); + if (!this->object) + { + this->lib->f->C_FindObjectsFinal(this->session); + } free_attrs(this); this->freelist->destroy(this->freelist); free(this); @@ -624,6 +760,27 @@ METHOD(pkcs11_library_t, create_object_enumerator, enumerator_t*, return &enumerator->public; } +METHOD(pkcs11_library_t, create_object_attr_enumerator, enumerator_t*, + private_pkcs11_library_t *this, CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE object, CK_ATTRIBUTE_PTR attr, CK_ULONG count) +{ + object_enumerator_t *enumerator; + + INIT(enumerator, + .public = { + .enumerate = (void*)_object_enumerate, + .destroy = _object_destroy, + }, + .session = session, + .lib = &this->public, + .attr = attr, + .count = count, + .object = object, + .freelist = linked_list_create(), + ); + return &enumerator->public; +} + /** * Enumerator over mechanisms */ @@ -707,6 +864,32 @@ METHOD(pkcs11_library_t, create_mechanism_enumerator, enumerator_t*, return &enumerator->public; } +METHOD(pkcs11_library_t, get_ck_attribute, bool, + private_pkcs11_library_t *this, CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_TYPE type, chunk_t *data) +{ + CK_ATTRIBUTE attr = { type, NULL, 0 }; + CK_RV rv; + rv = this->public.f->C_GetAttributeValue(session, obj, &attr, 1); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GetAttributeValue(%N) error: %N", ck_attr_names, type, + ck_rv_names, rv); + return FALSE; + } + *data = chunk_alloc(attr.ulValueLen); + attr.pValue = data->ptr; + rv = this->public.f->C_GetAttributeValue(session, obj, &attr, 1); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GetAttributeValue(%N) error: %N", ck_attr_names, type, + ck_rv_names, rv); + chunk_free(data); + return FALSE; + } + return TRUE; +} + METHOD(pkcs11_library_t, destroy, void, private_pkcs11_library_t *this) { @@ -739,7 +922,7 @@ void pkcs11_library_trim(char *str, int len) */ static CK_RV CreateMutex(CK_VOID_PTR_PTR data) { - *data = mutex_create(MUTEX_TYPE_DEFAULT); + *data = mutex_create(MUTEX_TYPE_RECURSIVE); return CKR_OK; } @@ -889,7 +1072,9 @@ pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking) .get_name = _get_name, .get_features = _get_features, .create_object_enumerator = _create_object_enumerator, + .create_object_attr_enumerator = _create_object_attr_enumerator, .create_mechanism_enumerator = _create_mechanism_enumerator, + .get_ck_attribute = _get_ck_attribute, .destroy = _destroy, }, .name = name, diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h index abe023448..e76e65e07 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h @@ -1,4 +1,7 @@ /* + * Copyright (C) 2011 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -27,6 +30,7 @@ typedef struct pkcs11_library_t pkcs11_library_t; #include "pkcs11.h" #include <enum.h> +#include <chunk.h> #include <utils/enumerator.h> /** @@ -72,7 +76,7 @@ struct pkcs11_library_t { * * @param session session to use * @param tmpl search template - * @param tcount number of attributes in the search template + * @param tcount number of attributes in the search template * @param attr attributes to read from object * @param acount number of attributes to read */ @@ -81,6 +85,24 @@ struct pkcs11_library_t { CK_ATTRIBUTE_PTR attr, CK_ULONG acount); /** + * This is very similar to the object enumerator but is only used to + * easily retrieve multiple attributes from a single object for which + * a handle is already known. + * + * The given attribute array is automatically filled in with the + * associated attributes. If the value of an output attribute is NULL, + * the required memory gets allocated/freed during enumeration. + * + * @param session session to use + * @param object object handle + * @param attr attributes to read from object + * @param count number of attributes to read + */ + enumerator_t* (*create_object_attr_enumerator)(pkcs11_library_t *this, + CK_SESSION_HANDLE session, CK_OBJECT_HANDLE object, + CK_ATTRIBUTE_PTR attr, CK_ULONG count); + + /** * Create an enumerator over supported mechanisms of a token. * * The resulting enumerator enumerates over the mechanism type, and if @@ -93,6 +115,21 @@ struct pkcs11_library_t { CK_SLOT_ID slot); /** + * Retrieve a single attribute from the given object. + * + * Memory for the data is allocated. + * + * @param session session with the PKCS#11 library + * @param obj object handle + * @param type attribute type to extract + * @param data extracted data + * @return TRUE if successful + */ + bool (*get_ck_attribute)(pkcs11_library_t *this, CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE obj, CK_ATTRIBUTE_TYPE type, + chunk_t *data); + + /** * Destroy a pkcs11_library_t. */ void (*destroy)(pkcs11_library_t *this); @@ -109,7 +146,12 @@ extern enum_name_t *ck_rv_names; extern enum_name_t *ck_mech_names; /** - * Trim/null terminate a string returned by the varius PKCS#11 functions. + * Enum names for CK_ATTRIBUTE_TYPE values + */ +extern enum_name_t *ck_attr_names; + +/** + * Trim/null terminate a string returned by the various PKCS#11 functions. * * @param str string to trim * @param len max length of the string diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c index 431cd6a2c..5b321b26e 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c @@ -323,17 +323,11 @@ METHOD(pkcs11_manager_t, create_token_enumerator, enumerator_t*, return &enumerator->public; } -/** - * Singleton instance - */ -static private_pkcs11_manager_t *singleton = NULL; - METHOD(pkcs11_manager_t, destroy, void, private_pkcs11_manager_t *this) { this->libs->destroy_function(this->libs, (void*)lib_entry_destroy); free(this); - singleton = NULL; } /** @@ -386,14 +380,12 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, } enumerator->destroy(enumerator); - singleton = this; - enumerator = this->libs->create_enumerator(this->libs); while (enumerator->enumerate(enumerator, &entry)) { query_slots(entry); - entry->job = callback_job_create((void*)dispatch_slot_events, - entry, (void*)end_dispatch, NULL); + entry->job = callback_job_create_with_prio((void*)dispatch_slot_events, + entry, (void*)end_dispatch, NULL, JOB_PRIO_CRITICAL); lib->processor->queue_job(lib->processor, (job_t*)entry->job); } enumerator->destroy(enumerator); @@ -401,10 +393,3 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, return &this->public; } -/** - * See header - */ -pkcs11_manager_t *pkcs11_manager_get() -{ - return (pkcs11_manager_t*)singleton; -} diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h index b80d67324..2f51fb30e 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h @@ -32,7 +32,7 @@ typedef struct pkcs11_manager_t pkcs11_manager_t; * * @param data user supplied data, as passed to pkcs11_manager_create() * @param p11 loaded PKCS#11 library token belongs to - * @param slot slot number the event occured in + * @param slot slot number the event occurred in * @param add TRUE if token was added to the slot, FALSE if removed */ typedef void (*pkcs11_manager_token_event_t)(void *data, pkcs11_library_t *p11, @@ -67,12 +67,4 @@ struct pkcs11_manager_t { pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, void *data); - -/** - * Get the singleton instance of the manager - * - * @return instance, NULL if none available - */ -pkcs11_manager_t *pkcs11_manager_get(); - #endif /** PKCS11_MANAGER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c index 7b537cfa7..183fce53a 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2011 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -19,12 +22,15 @@ #include <debug.h> #include <utils/linked_list.h> #include <threading/mutex.h> +#include <threading/rwlock.h> #include "pkcs11_manager.h" #include "pkcs11_creds.h" #include "pkcs11_private_key.h" #include "pkcs11_public_key.h" #include "pkcs11_hasher.h" +#include "pkcs11_rng.h" +#include "pkcs11_dh.h" typedef struct private_pkcs11_plugin_t private_pkcs11_plugin_t; @@ -52,6 +58,16 @@ struct private_pkcs11_plugin_t { * mutex to lock list */ mutex_t *mutex; + + /** + * TRUE if events from tokens are to be handled + */ + bool handle_events; + + /** + * Lock for the above flag + */ + rwlock_t *handle_events_lock; }; /** @@ -61,9 +77,10 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11, CK_SLOT_ID slot, bool add) { enumerator_t *enumerator; - pkcs11_creds_t *creds, *found = NULL;; + pkcs11_creds_t *creds, *found = NULL; - if (add) + this->handle_events_lock->read_lock(this->handle_events_lock); + if (add && this->handle_events) { creds = pkcs11_creds_create(p11, slot); if (creds) @@ -74,7 +91,7 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11, lib->credmgr->add_set(lib->credmgr, &creds->set); } } - else + else if (this->handle_events) { this->mutex->lock(this->mutex); enumerator = this->creds->create_enumerator(this->creds); @@ -99,6 +116,7 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11, lib->credmgr->flush_cache(lib->credmgr, CERT_X509); } } + this->handle_events_lock->unlock(this->handle_events_lock); } METHOD(plugin_t, get_name, char*, @@ -107,23 +125,158 @@ METHOD(plugin_t, get_name, char*, return "pkcs11"; } -METHOD(plugin_t, destroy, void, - private_pkcs11_plugin_t *this) +/** + * Load/unload certificates from tokens. + */ +static bool handle_certs(private_pkcs11_plugin_t *this, + plugin_feature_t *feature, bool reg, void *data) { - pkcs11_creds_t *creds; + this->handle_events_lock->write_lock(this->handle_events_lock); + this->handle_events = reg; + this->handle_events_lock->unlock(this->handle_events_lock); + + if (reg) + { + enumerator_t *enumerator; + pkcs11_library_t *p11; + CK_SLOT_ID slot; + + enumerator = this->manager->create_token_enumerator(this->manager); + while (enumerator->enumerate(enumerator, &p11, &slot)) + { + token_event_cb(this, p11, slot, TRUE); + } + enumerator->destroy(enumerator); + } + else + { + pkcs11_creds_t *creds; - lib->creds->remove_builder(lib->creds, - (builder_function_t)pkcs11_private_key_connect); - while (this->creds->remove_last(this->creds, (void**)&creds) == SUCCESS) + while (this->creds->remove_last(this->creds, (void**)&creds) == SUCCESS) + { + lib->credmgr->remove_set(lib->credmgr, &creds->set); + creds->destroy(creds); + } + } + return TRUE; +} +/** + * Add a set of features + */ +static inline void add_features(plugin_feature_t *f, plugin_feature_t *n, + int count, int *pos) +{ + int i; + for (i = 0; i < count; i++) { - lib->credmgr->remove_set(lib->credmgr, &creds->set); - creds->destroy(creds); + f[(*pos)++] = n[i]; } - lib->crypto->remove_hasher(lib->crypto, - (hasher_constructor_t)pkcs11_hasher_create); - this->creds->destroy(this->creds); +} + +METHOD(plugin_t, get_features, int, + private_pkcs11_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f_hash[] = { + PLUGIN_REGISTER(HASHER, pkcs11_hasher_create), + PLUGIN_PROVIDE(HASHER, HASH_MD2), + PLUGIN_PROVIDE(HASHER, HASH_MD5), + PLUGIN_PROVIDE(HASHER, HASH_SHA1), + PLUGIN_PROVIDE(HASHER, HASH_SHA256), + PLUGIN_PROVIDE(HASHER, HASH_SHA384), + PLUGIN_PROVIDE(HASHER, HASH_SHA512), + }; + static plugin_feature_t f_dh[] = { + PLUGIN_REGISTER(DH, pkcs11_dh_create), + PLUGIN_PROVIDE(DH, MODP_2048_BIT), + PLUGIN_PROVIDE(DH, MODP_2048_224), + PLUGIN_PROVIDE(DH, MODP_2048_256), + PLUGIN_PROVIDE(DH, MODP_1536_BIT), + PLUGIN_PROVIDE(DH, MODP_3072_BIT), + PLUGIN_PROVIDE(DH, MODP_4096_BIT), + PLUGIN_PROVIDE(DH, MODP_6144_BIT), + PLUGIN_PROVIDE(DH, MODP_8192_BIT), + PLUGIN_PROVIDE(DH, MODP_1024_BIT), + PLUGIN_PROVIDE(DH, MODP_1024_160), + PLUGIN_PROVIDE(DH, MODP_768_BIT), + PLUGIN_PROVIDE(DH, MODP_CUSTOM), + }; + static plugin_feature_t f_ecdh[] = { + PLUGIN_REGISTER(DH, pkcs11_dh_create), + PLUGIN_PROVIDE(DH, ECP_192_BIT), + PLUGIN_PROVIDE(DH, ECP_224_BIT), + PLUGIN_PROVIDE(DH, ECP_256_BIT), + PLUGIN_PROVIDE(DH, ECP_384_BIT), + PLUGIN_PROVIDE(DH, ECP_521_BIT), + }; + static plugin_feature_t f_rng[] = { + PLUGIN_REGISTER(RNG, pkcs11_rng_create), + PLUGIN_PROVIDE(RNG, RNG_STRONG), + PLUGIN_PROVIDE(RNG, RNG_TRUE), + }; + static plugin_feature_t f_privkey[] = { + PLUGIN_REGISTER(PRIVKEY, pkcs11_private_key_connect, FALSE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), + }; + static plugin_feature_t f_pubkey[] = { + PLUGIN_REGISTER(PUBKEY, pkcs11_public_key_load, TRUE), + PLUGIN_PROVIDE(PUBKEY, KEY_RSA), + PLUGIN_PROVIDE(PUBKEY, KEY_ECDSA), + }; + static plugin_feature_t f_manager[] = { + PLUGIN_CALLBACK((plugin_feature_callback_t)handle_certs, NULL), + PLUGIN_PROVIDE(CUSTOM, "pkcs11-certs"), + PLUGIN_DEPENDS(CERT_DECODE, CERT_X509), + }; + static plugin_feature_t f[countof(f_hash) + countof(f_dh) + countof(f_rng) + + countof(f_ecdh) + countof(f_privkey) + + countof(f_pubkey) + countof(f_manager)] = {}; + static int count = 0; + + if (!count) + { /* initialize only once */ + bool use_ecc = lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.pkcs11.use_ecc", FALSE); + add_features(f, f_manager, countof(f_manager), &count); + /* private key handling for EC keys is not disabled by use_ecc */ + add_features(f, f_privkey, countof(f_privkey), &count); + if (lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.pkcs11.use_pubkey", FALSE)) + { + add_features(f, f_pubkey, countof(f_pubkey) - (use_ecc ? 0 : 1), + &count); + } + if (lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.pkcs11.use_hasher", FALSE)) + { + add_features(f, f_hash, countof(f_hash), &count); + } + if (lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.pkcs11.use_rng", FALSE)) + { + add_features(f, f_rng, countof(f_rng), &count); + } + if (lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.pkcs11.use_dh", FALSE)) + { + add_features(f, f_dh, countof(f_dh), &count); + if (use_ecc) + { + add_features(f, f_ecdh, countof(f_ecdh), &count); + } + } + } + *features = f; + return count; +} + +METHOD(plugin_t, destroy, void, + private_pkcs11_plugin_t *this) +{ + lib->set(lib, "pkcs11-manager", NULL); this->manager->destroy(this->manager); + this->creds->destroy(this->creds); this->mutex->destroy(this->mutex); + this->handle_events_lock->destroy(this->handle_events_lock); free(this); } @@ -133,52 +286,22 @@ METHOD(plugin_t, destroy, void, plugin_t *pkcs11_plugin_create() { private_pkcs11_plugin_t *this; - enumerator_t *enumerator; - pkcs11_library_t *p11; - CK_SLOT_ID slot; INIT(this, .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, .creds = linked_list_create(), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .handle_events_lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); this->manager = pkcs11_manager_create((void*)token_event_cb, this); - - if (lib->settings->get_bool(lib->settings, - "libstrongswan.plugins.pkcs11.use_hasher", FALSE)) - { - lib->crypto->add_hasher(lib->crypto, HASH_MD2, get_name(this), - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this), - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this), - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this), - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this), - (hasher_constructor_t)pkcs11_hasher_create); - } - - lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE, - (builder_function_t)pkcs11_private_key_connect); - lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, TRUE, - (builder_function_t)pkcs11_public_key_load); - - enumerator = this->manager->create_token_enumerator(this->manager); - while (enumerator->enumerate(enumerator, &p11, &slot)) - { - token_event_cb(this, p11, slot, TRUE); - } - enumerator->destroy(enumerator); + lib->set(lib, "pkcs11-manager", this->manager); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index b4cc7a805..b616abc38 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2011 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -19,7 +22,6 @@ #include "pkcs11_manager.h" #include <debug.h> -#include <threading/mutex.h> typedef struct private_pkcs11_private_key_t private_pkcs11_private_key_t; @@ -39,14 +41,14 @@ struct private_pkcs11_private_key_t { pkcs11_library_t *lib; /** - * Token session + * Slot the token is in */ - CK_SESSION_HANDLE session; + CK_SLOT_ID slot; /** - * Mutex to lock session + * Token session */ - mutex_t *mutex; + CK_SESSION_HANDLE session; /** * Key object on the token @@ -72,12 +74,24 @@ struct private_pkcs11_private_key_t { * References to this key */ refcount_t ref; + + /** + * Type of this private key + */ + key_type_t type; }; +/** + * Implemented in pkcs11_public_key.c + */ +public_key_t *pkcs11_public_key_connect(pkcs11_library_t *p11, + int slot, key_type_t type, chunk_t keyid); + + METHOD(private_key_t, get_type, key_type_t, private_pkcs11_private_key_t *this) { - return this->pubkey->get_type(this->pubkey); + return this->type; } METHOD(private_key_t, get_keysize, int, @@ -89,18 +103,45 @@ METHOD(private_key_t, get_keysize, int, /** * See header. */ -CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme) +CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme, + key_type_t type, size_t keylen, + hash_algorithm_t *hash) { static struct { signature_scheme_t scheme; CK_MECHANISM mechanism; + key_type_t type; + size_t keylen; + hash_algorithm_t hash; } mappings[] = { - {SIGN_RSA_EMSA_PKCS1_NULL, {CKM_RSA_PKCS, NULL, 0}}, - {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0}}, - {SIGN_RSA_EMSA_PKCS1_SHA256, {CKM_SHA256_RSA_PKCS, NULL, 0}}, - {SIGN_RSA_EMSA_PKCS1_SHA384, {CKM_SHA384_RSA_PKCS, NULL, 0}}, - {SIGN_RSA_EMSA_PKCS1_SHA512, {CKM_SHA512_RSA_PKCS, NULL, 0}}, - {SIGN_RSA_EMSA_PKCS1_MD5, {CKM_MD5_RSA_PKCS, NULL, 0}}, + {SIGN_RSA_EMSA_PKCS1_NULL, {CKM_RSA_PKCS, NULL, 0}, + KEY_RSA, 0, HASH_UNKNOWN}, + {SIGN_RSA_EMSA_PKCS1_SHA1, {CKM_SHA1_RSA_PKCS, NULL, 0}, + KEY_RSA, 0, HASH_UNKNOWN}, + {SIGN_RSA_EMSA_PKCS1_SHA256, {CKM_SHA256_RSA_PKCS, NULL, 0}, + KEY_RSA, 0, HASH_UNKNOWN}, + {SIGN_RSA_EMSA_PKCS1_SHA384, {CKM_SHA384_RSA_PKCS, NULL, 0}, + KEY_RSA, 0, HASH_UNKNOWN}, + {SIGN_RSA_EMSA_PKCS1_SHA512, {CKM_SHA512_RSA_PKCS, NULL, 0}, + KEY_RSA, 0, HASH_UNKNOWN}, + {SIGN_RSA_EMSA_PKCS1_MD5, {CKM_MD5_RSA_PKCS, NULL, 0}, + KEY_RSA, 0, HASH_UNKNOWN}, + {SIGN_ECDSA_WITH_NULL, {CKM_ECDSA, NULL, 0}, + KEY_ECDSA, 0, HASH_UNKNOWN}, + {SIGN_ECDSA_WITH_SHA1_DER, {CKM_ECDSA_SHA1, NULL, 0}, + KEY_ECDSA, 0, HASH_UNKNOWN}, + {SIGN_ECDSA_WITH_SHA256_DER, {CKM_ECDSA, NULL, 0}, + KEY_ECDSA, 0, HASH_SHA256}, + {SIGN_ECDSA_WITH_SHA384_DER, {CKM_ECDSA, NULL, 0}, + KEY_ECDSA, 0, HASH_SHA384}, + {SIGN_ECDSA_WITH_SHA512_DER, {CKM_ECDSA, NULL, 0}, + KEY_ECDSA, 0, HASH_SHA512}, + {SIGN_ECDSA_256, {CKM_ECDSA, NULL, 0}, + KEY_ECDSA, 256, HASH_SHA256}, + {SIGN_ECDSA_384, {CKM_ECDSA, NULL, 0}, + KEY_ECDSA, 384, HASH_SHA384}, + {SIGN_ECDSA_521, {CKM_ECDSA, NULL, 0}, + KEY_ECDSA, 521, HASH_SHA512}, }; int i; @@ -108,6 +149,15 @@ CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme) { if (mappings[i].scheme == scheme) { + size_t len = mappings[i].keylen; + if (mappings[i].type != type || (len && keylen != len)) + { + return NULL; + } + if (hash) + { + *hash = mappings[i].hash; + } return &mappings[i].mechanism; } } @@ -141,7 +191,8 @@ CK_MECHANISM_PTR pkcs11_encryption_scheme_to_mech(encryption_scheme_t scheme) /** * Reauthenticate to do a signature */ -static bool reauth(private_pkcs11_private_key_t *this) +static bool reauth(private_pkcs11_private_key_t *this, + CK_SESSION_HANDLE session) { enumerator_t *enumerator; shared_key_t *shared; @@ -155,7 +206,7 @@ static bool reauth(private_pkcs11_private_key_t *this) { found = TRUE; pin = shared->get_key(shared); - rv = this->lib->f->C_Login(this->session, CKU_CONTEXT_SPECIFIC, + rv = this->lib->f->C_Login(session, CKU_CONTEXT_SPECIFIC, pin.ptr, pin.len); if (rv == CKR_OK) { @@ -179,33 +230,61 @@ METHOD(private_key_t, sign, bool, chunk_t data, chunk_t *signature) { CK_MECHANISM_PTR mechanism; + CK_SESSION_HANDLE session; CK_BYTE_PTR buf; CK_ULONG len; CK_RV rv; + hash_algorithm_t hash_alg; + chunk_t hash = chunk_empty; - mechanism = pkcs11_signature_scheme_to_mech(scheme); + mechanism = pkcs11_signature_scheme_to_mech(scheme, this->type, + get_keysize(this), &hash_alg); if (!mechanism) { DBG1(DBG_LIB, "signature scheme %N not supported", signature_scheme_names, scheme); return FALSE; } - this->mutex->lock(this->mutex); - rv = this->lib->f->C_SignInit(this->session, mechanism, this->object); - if (this->reauth && !reauth(this)) + rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION, NULL, NULL, + &session); + if (rv != CKR_OK) { + DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv); + return FALSE; + } + rv = this->lib->f->C_SignInit(session, mechanism, this->object); + if (this->reauth && !reauth(this, session)) + { + this->lib->f->C_CloseSession(session); return FALSE; } if (rv != CKR_OK) { - this->mutex->unlock(this->mutex); + this->lib->f->C_CloseSession(session); DBG1(DBG_LIB, "C_SignInit() failed: %N", ck_rv_names, rv); return FALSE; } + if (hash_alg != HASH_UNKNOWN) + { + hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); + if (!hasher) + { + this->lib->f->C_CloseSession(session); + return FALSE; + } + hasher->allocate_hash(hasher, data, &hash); + hasher->destroy(hasher); + data = hash; + } len = (get_keysize(this) + 7) / 8; + if (this->type == KEY_ECDSA) + { /* signature is twice the length of the base point order */ + len *= 2; + } buf = malloc(len); - rv = this->lib->f->C_Sign(this->session, data.ptr, data.len, buf, &len); - this->mutex->unlock(this->mutex); + rv = this->lib->f->C_Sign(session, data.ptr, data.len, buf, &len); + this->lib->f->C_CloseSession(session); + chunk_free(&hash); if (rv != CKR_OK) { DBG1(DBG_LIB, "C_Sign() failed: %N", ck_rv_names, rv); @@ -221,6 +300,7 @@ METHOD(private_key_t, decrypt, bool, chunk_t crypt, chunk_t *plain) { CK_MECHANISM_PTR mechanism; + CK_SESSION_HANDLE session; CK_BYTE_PTR buf; CK_ULONG len; CK_RV rv; @@ -232,22 +312,29 @@ METHOD(private_key_t, decrypt, bool, encryption_scheme_names, scheme); return FALSE; } - this->mutex->lock(this->mutex); - rv = this->lib->f->C_DecryptInit(this->session, mechanism, this->object); - if (this->reauth && !reauth(this)) + rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION, NULL, NULL, + &session); + if (rv != CKR_OK) { + DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv); + return FALSE; + } + rv = this->lib->f->C_DecryptInit(session, mechanism, this->object); + if (this->reauth && !reauth(this, session)) + { + this->lib->f->C_CloseSession(session); return FALSE; } if (rv != CKR_OK) { - this->mutex->unlock(this->mutex); + this->lib->f->C_CloseSession(session); DBG1(DBG_LIB, "C_DecryptInit() failed: %N", ck_rv_names, rv); return FALSE; } len = (get_keysize(this) + 7) / 8; buf = malloc(len); - rv = this->lib->f->C_Decrypt(this->session, crypt.ptr, crypt.len, buf, &len); - this->mutex->unlock(this->mutex); + rv = this->lib->f->C_Decrypt(session, crypt.ptr, crypt.len, buf, &len); + this->lib->f->C_CloseSession(session); if (rv != CKR_OK) { DBG1(DBG_LIB, "C_Decrypt() failed: %N", ck_rv_names, rv); @@ -294,7 +381,6 @@ METHOD(private_key_t, destroy, void, { this->pubkey->destroy(this->pubkey); } - this->mutex->destroy(this->mutex); this->keyid->destroy(this->keyid); this->lib->f->C_CloseSession(this->session); free(this); @@ -311,7 +397,7 @@ static pkcs11_library_t* find_lib(char *module) pkcs11_library_t *p11, *found = NULL; CK_SLOT_ID slot; - manager = pkcs11_manager_get(); + manager = lib->get(lib, "pkcs11-manager"); if (!manager) { return NULL; @@ -339,7 +425,7 @@ static pkcs11_library_t* find_lib_by_keyid(chunk_t keyid, int *slot) pkcs11_library_t *p11, *found = NULL; CK_SLOT_ID current; - manager = pkcs11_manager_get(); + manager = lib->get(lib, "pkcs11-manager"); if (!manager) { return NULL; @@ -404,13 +490,11 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid) CK_BBOOL reauth = FALSE; CK_ATTRIBUTE attr[] = { {CKA_KEY_TYPE, &type, sizeof(type)}, - {CKA_MODULUS, NULL, 0}, - {CKA_PUBLIC_EXPONENT, NULL, 0}, {CKA_ALWAYS_AUTHENTICATE, &reauth, sizeof(reauth)}, }; enumerator_t *enumerator; - chunk_t modulus, pubexp; int count = countof(attr); + bool found = FALSE; /* do not use CKA_ALWAYS_AUTHENTICATE if not supported */ if (!(this->lib->get_features(this->lib) & PKCS11_ALWAYS_AUTH_KEYS)) @@ -421,26 +505,16 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid) this->session, tmpl, countof(tmpl), attr, count); if (enumerator->enumerate(enumerator, &object)) { + this->type = KEY_RSA; switch (type) { + case CKK_ECDSA: + this->type = KEY_ECDSA; + /* fall-through */ case CKK_RSA: - if (attr[1].ulValueLen == -1 || attr[2].ulValueLen == -1) - { - DBG1(DBG_CFG, "reading modulus/exponent from PKCS#1 failed"); - break; - } - modulus = chunk_create(attr[1].pValue, attr[1].ulValueLen); - pubexp = chunk_create(attr[2].pValue, attr[2].ulValueLen); - this->pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, - KEY_RSA, BUILD_RSA_MODULUS, modulus, - BUILD_RSA_PUB_EXP, pubexp, BUILD_END); - if (!this->pubkey) - { - DBG1(DBG_CFG, "extracting public key from PKCS#11 RSA " - "private key failed"); - } this->reauth = reauth; this->object = object; + found = TRUE; break; default: DBG1(DBG_CFG, "PKCS#11 key type %d not supported", type); @@ -448,7 +522,7 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid) } } enumerator->destroy(enumerator); - return this->pubkey != NULL; + return found; } /** @@ -587,7 +661,7 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args) return NULL; } - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); + this->slot = slot; this->keyid = identification_create_from_encoding(ID_KEY_ID, keyid); if (!login(this, slot)) @@ -602,5 +676,13 @@ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args) return NULL; } + this->pubkey = pkcs11_public_key_connect(this->lib, slot, this->type, + keyid); + if (!this->pubkey) + { + destroy(this); + return NULL; + } + return &this->public; } diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h index 428913f0a..6d3a9556e 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.h @@ -1,4 +1,7 @@ /* + * Copyright (C) 2011 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -46,14 +49,23 @@ struct pkcs11_private_key_t { * * @param type type of the key * @param args builder_part_t argument list - * @return loaded key, NULL on failure + * @return loaded key, NULL on failure */ pkcs11_private_key_t *pkcs11_private_key_connect(key_type_t type, va_list args); /** * Get the Cryptoki mechanism for a signature scheme. + * + * Verifies that the given key is usable for this scheme. + * + * @param scheme signature scheme + * @param type key type + * @param keylen key length in bits + * @param hash hash algorithm to apply first (HASH_UNKNOWN if none) */ -CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme); +CK_MECHANISM_PTR pkcs11_signature_scheme_to_mech(signature_scheme_t scheme, + key_type_t type, size_t keylen, + hash_algorithm_t *hash); /** * Get the Cryptoki mechanism for a encryption scheme. diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c index 8d32d9a3f..d4ec9235d 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2011 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -19,8 +22,10 @@ #include "pkcs11_private_key.h" #include "pkcs11_manager.h" +#include <asn1/oid.h> +#include <asn1/asn1.h> +#include <asn1/asn1_parser.h> #include <debug.h> -#include <threading/mutex.h> typedef struct private_pkcs11_public_key_t private_pkcs11_public_key_t; @@ -40,7 +45,7 @@ struct private_pkcs11_public_key_t { key_type_t type; /** - * Key size in bytes + * Key size in bits */ size_t k; @@ -65,16 +70,121 @@ struct private_pkcs11_public_key_t { CK_OBJECT_HANDLE object; /** - * Mutex to lock session - */ - mutex_t *mutex; - - /** * References to this key */ refcount_t ref; }; +/** + * Helper function that returns the base point order length in bits of the + * given named curve. + * + * Currently only a subset of defined curves is supported (namely the 5 curves + * over Fp recommended by NIST). IKEv2 only supports 3 out of these. + * + * 0 is returned if the given curve is not supported. + */ +static size_t basepoint_order_len(int oid) +{ + switch (oid) + { + case OID_PRIME192V1: + return 192; + case OID_SECT224R1: + return 224; + case OID_PRIME256V1: + return 256; + case OID_SECT384R1: + return 384; + case OID_SECT521R1: + return 521; + default: + return 0; + } +} + +/** + * Parses the given ecParameters (ASN.1) and returns the key length. + */ +static bool keylen_from_ecparams(chunk_t ecparams, size_t *keylen) +{ + if (!asn1_parse_simple_object(&ecparams, ASN1_OID, 0, "named curve")) + { + return FALSE; + } + *keylen = basepoint_order_len(asn1_known_oid(ecparams)); + return *keylen > 0; +} + +/** + * ASN.1 definition of a subjectPublicKeyInfo structure when used with ECDSA + * we currently only support named curves. + */ +static const asn1Object_t pkinfoObjects[] = { + { 0, "subjectPublicKeyInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "algorithmIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ + { 2, "algorithm", ASN1_OID, ASN1_BODY }, /* 2 */ + { 2, "namedCurve", ASN1_OID, ASN1_RAW }, /* 3 */ + { 1, "subjectPublicKey", ASN1_BIT_STRING, ASN1_BODY }, /* 4 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM 2 +#define PKINFO_SUBJECT_PUBLIC_KEY_NAMEDCURVE 3 +#define PKINFO_SUBJECT_PUBLIC_KEY 4 + +/** + * Extract the DER encoded Parameters and ECPoint from the given DER encoded + * subjectPublicKeyInfo. + */ +static bool parse_ecdsa_public_key(chunk_t blob, chunk_t *ecparams, + chunk_t *ecpoint, size_t *keylen) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID; + bool success = FALSE; + + parser = asn1_parser_create(pkinfoObjects, blob); + + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case PKINFO_SUBJECT_PUBLIC_KEY_ALGORITHM: + { + if (asn1_known_oid(object) != OID_EC_PUBLICKEY) + { + goto end; + } + break; + } + case PKINFO_SUBJECT_PUBLIC_KEY_NAMEDCURVE: + { + *ecparams = object; + if (!keylen_from_ecparams(object, keylen)) + { + goto end; + } + break; + } + case PKINFO_SUBJECT_PUBLIC_KEY: + { + if (object.len > 0 && *object.ptr == 0x00) + { /* skip initial bit string octet defining 0 unused bits */ + object = chunk_skip(object, 1); + } + *ecpoint = object; + break; + } + } + } + success = parser->success(parser); +end: + parser->destroy(parser); + return success; +} + + METHOD(public_key_t, get_type, key_type_t, private_pkcs11_public_key_t *this) { @@ -84,7 +194,7 @@ METHOD(public_key_t, get_type, key_type_t, METHOD(public_key_t, get_keysize, int, private_pkcs11_public_key_t *this) { - return this->k * 8; + return this->k; } METHOD(public_key_t, verify, bool, @@ -92,9 +202,13 @@ METHOD(public_key_t, verify, bool, chunk_t data, chunk_t sig) { CK_MECHANISM_PTR mechanism; + CK_SESSION_HANDLE session; CK_RV rv; + hash_algorithm_t hash_alg; + chunk_t hash = chunk_empty; - mechanism = pkcs11_signature_scheme_to_mech(scheme); + mechanism = pkcs11_signature_scheme_to_mech(scheme, this->type, this->k, + &hash_alg); if (!mechanism) { DBG1(DBG_LIB, "signature scheme %N not supported", @@ -105,17 +219,35 @@ METHOD(public_key_t, verify, bool, { /* trim leading zero byte in sig */ sig = chunk_skip(sig, 1); } - this->mutex->lock(this->mutex); - rv = this->lib->f->C_VerifyInit(this->session, mechanism, this->object); + rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION, NULL, NULL, + &session); if (rv != CKR_OK) { - this->mutex->unlock(this->mutex); + DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv); + return FALSE; + } + rv = this->lib->f->C_VerifyInit(session, mechanism, this->object); + if (rv != CKR_OK) + { + this->lib->f->C_CloseSession(session); DBG1(DBG_LIB, "C_VerifyInit() failed: %N", ck_rv_names, rv); return FALSE; } - rv = this->lib->f->C_Verify(this->session, data.ptr, data.len, - sig.ptr, sig.len); - this->mutex->unlock(this->mutex); + if (hash_alg != HASH_UNKNOWN) + { + hasher_t *hasher = lib->crypto->create_hasher(lib->crypto, hash_alg); + if (!hasher) + { + this->lib->f->C_CloseSession(session); + return FALSE; + } + hasher->allocate_hash(hasher, data, &hash); + hasher->destroy(hasher); + data = hash; + } + rv = this->lib->f->C_Verify(session, data.ptr, data.len, sig.ptr, sig.len); + this->lib->f->C_CloseSession(session); + chunk_free(&hash); if (rv != CKR_OK) { DBG1(DBG_LIB, "C_Verify() failed: %N", ck_rv_names, rv); @@ -129,6 +261,7 @@ METHOD(public_key_t, encrypt, bool, chunk_t plain, chunk_t *crypt) { CK_MECHANISM_PTR mechanism; + CK_SESSION_HANDLE session; CK_BYTE_PTR buf; CK_ULONG len; CK_RV rv; @@ -140,18 +273,24 @@ METHOD(public_key_t, encrypt, bool, encryption_scheme_names, scheme); return FALSE; } - this->mutex->lock(this->mutex); - rv = this->lib->f->C_EncryptInit(this->session, mechanism, this->object); + rv = this->lib->f->C_OpenSession(this->slot, CKF_SERIAL_SESSION, NULL, NULL, + &session); if (rv != CKR_OK) { - this->mutex->unlock(this->mutex); + DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv); + return FALSE; + } + rv = this->lib->f->C_EncryptInit(session, mechanism, this->object); + if (rv != CKR_OK) + { + this->lib->f->C_CloseSession(session); DBG1(DBG_LIB, "C_EncryptInit() failed: %N", ck_rv_names, rv); return FALSE; } len = (get_keysize(this) + 7) / 8; buf = malloc(len); - rv = this->lib->f->C_Encrypt(this->session, plain.ptr, plain.len, buf, &len); - this->mutex->unlock(this->mutex); + rv = this->lib->f->C_Encrypt(session, plain.ptr, plain.len, buf, &len); + this->lib->f->C_CloseSession(session); if (rv != CKR_OK) { DBG1(DBG_LIB, "C_Encrypt() failed: %N", ck_rv_names, rv); @@ -163,40 +302,119 @@ METHOD(public_key_t, encrypt, bool, } /** + * Encode ECDSA key using a given encoding type + */ +static bool encode_ecdsa(private_pkcs11_public_key_t *this, + cred_encoding_type_t type, chunk_t *encoding) +{ + enumerator_t *enumerator; + bool success = FALSE; + CK_ATTRIBUTE attr[] = { + {CKA_EC_PARAMS, NULL, 0}, + {CKA_EC_POINT, NULL, 0}, + }; + + if (type != PUBKEY_SPKI_ASN1_DER && type != PUBKEY_PEM) + { + return FALSE; + } + + enumerator = this->lib->create_object_attr_enumerator(this->lib, + this->session, this->object, attr, countof(attr)); + if (enumerator && enumerator->enumerate(enumerator, NULL) && + attr[0].ulValueLen > 0 && attr[1].ulValueLen > 0) + { + chunk_t ecparams, ecpoint; + ecparams = chunk_create(attr[0].pValue, attr[0].ulValueLen); + ecpoint = chunk_create(attr[1].pValue, attr[1].ulValueLen); + /* encode as subjectPublicKeyInfo */ + *encoding = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_wrap(ASN1_SEQUENCE, "mc", + asn1_build_known_oid(OID_EC_PUBLICKEY), ecparams), + asn1_bitstring("c", ecpoint)); + success = TRUE; + if (type == PUBKEY_PEM) + { + chunk_t asn1 = *encoding; + success = lib->encoding->encode(lib->encoding, PUBKEY_PEM, + NULL, encoding, CRED_PART_ECDSA_PUB_ASN1_DER, + asn1, CRED_PART_END); + chunk_clear(&asn1); + } + } + DESTROY_IF(enumerator); + return success; +} + +/** + * Compute fingerprint of an ECDSA key + */ +static bool fingerprint_ecdsa(private_pkcs11_public_key_t *this, + cred_encoding_type_t type, chunk_t *fp) +{ + hasher_t *hasher; + chunk_t asn1; + + switch (type) + { + case KEYID_PUBKEY_SHA1: + if (!this->lib->get_ck_attribute(this->lib, this->session, + this->object, CKA_EC_POINT, &asn1)) + { + return FALSE; + } + break; + case KEYID_PUBKEY_INFO_SHA1: + if (!encode_ecdsa(this, PUBKEY_SPKI_ASN1_DER, &asn1)) + { + return FALSE; + } + break; + default: + return FALSE; + } + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (!hasher) + { + chunk_clear(&asn1); + return FALSE; + } + hasher->allocate_hash(hasher, asn1, fp); + hasher->destroy(hasher); + chunk_clear(&asn1); + lib->encoding->cache(lib->encoding, type, this, *fp); + return TRUE; +} + +/** * Encode RSA key using a given encoding type */ static bool encode_rsa(private_pkcs11_public_key_t *this, cred_encoding_type_t type, void *cache, chunk_t *encoding) { - CK_RV rv; + enumerator_t *enumerator; bool success = FALSE; - chunk_t n, e; CK_ATTRIBUTE attr[] = { {CKA_MODULUS, NULL, 0}, {CKA_PUBLIC_EXPONENT, NULL, 0}, }; - rv = this->lib->f->C_GetAttributeValue(this->session, this->object, - attr, countof(attr)); - if (rv != CKR_OK || - attr[0].ulValueLen == 0 || attr[0].ulValueLen == -1 || - attr[1].ulValueLen == 0 || attr[1].ulValueLen == -1) - { - return FALSE; - } - attr[0].pValue = malloc(attr[0].ulValueLen); - attr[1].pValue = malloc(attr[1].ulValueLen); - rv = this->lib->f->C_GetAttributeValue(this->session, this->object, - attr, countof(attr)); - if (rv == CKR_OK) + enumerator = this->lib->create_object_attr_enumerator(this->lib, + this->session, this->object, attr, countof(attr)); + if (enumerator && enumerator->enumerate(enumerator, NULL) && + attr[0].ulValueLen > 0 && attr[1].ulValueLen > 0) { + chunk_t n, e; n = chunk_create(attr[0].pValue, attr[0].ulValueLen); + if (n.ptr[0] & 0x80) + { /* add leading 0x00, encoders expect it already like this */ + n = chunk_cata("cc", chunk_from_chars(0x00), n); + } e = chunk_create(attr[1].pValue, attr[1].ulValueLen); success = lib->encoding->encode(lib->encoding, type, cache, encoding, CRED_PART_RSA_MODULUS, n, CRED_PART_RSA_PUB_EXP, e, CRED_PART_END); } - free(attr[0].pValue); - free(attr[1].pValue); + DESTROY_IF(enumerator); return success; } @@ -208,6 +426,8 @@ METHOD(public_key_t, get_encoding, bool, { case KEY_RSA: return encode_rsa(this, type, NULL, encoding); + case KEY_ECDSA: + return encode_ecdsa(this, type, encoding); default: return FALSE; } @@ -224,6 +444,8 @@ METHOD(public_key_t, get_fingerprint, bool, { case KEY_RSA: return encode_rsa(this, type, this, fp); + case KEY_ECDSA: + return fingerprint_ecdsa(this, type, fp); default: return FALSE; } @@ -243,7 +465,6 @@ METHOD(public_key_t, destroy, void, { lib->encoding->clear_cache(lib->encoding, this); this->lib->f->C_CloseSession(this->session); - this->mutex->destroy(this->mutex); free(this); } } @@ -278,7 +499,6 @@ static private_pkcs11_public_key_t *create(key_type_t type, size_t k, .slot = slot, .session = session, .object = object, - .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .ref = 1, ); @@ -288,7 +508,8 @@ static private_pkcs11_public_key_t *create(key_type_t type, size_t k, /** * Find a key object, including PKCS11 library and slot */ -static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e) +static private_pkcs11_public_key_t* find_key(key_type_t type, size_t keylen, + CK_ATTRIBUTE_PTR tmpl, int count) { private_pkcs11_public_key_t *this = NULL; pkcs11_manager_t *manager; @@ -296,7 +517,7 @@ static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e) pkcs11_library_t *p11; CK_SLOT_ID slot; - manager = pkcs11_manager_get(); + manager = lib->get(lib, "pkcs11-manager"); if (!manager) { return NULL; @@ -305,14 +526,6 @@ static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e) enumerator = manager->create_token_enumerator(manager); while (enumerator->enumerate(enumerator, &p11, &slot)) { - CK_OBJECT_CLASS class = CKO_PUBLIC_KEY; - CK_KEY_TYPE type = CKK_RSA; - CK_ATTRIBUTE tmpl[] = { - {CKA_CLASS, &class, sizeof(class)}, - {CKA_KEY_TYPE, &type, sizeof(type)}, - {CKA_MODULUS, n.ptr, n.len}, - {CKA_PUBLIC_EXPONENT, e.ptr, e.len}, - }; CK_OBJECT_HANDLE object; CK_SESSION_HANDLE session; CK_RV rv; @@ -324,11 +537,11 @@ static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e) DBG1(DBG_CFG, "opening PKCS#11 session failed: %N", ck_rv_names, rv); continue; } - keys = p11->create_object_enumerator(p11, session, - tmpl, countof(tmpl), NULL, 0); + keys = p11->create_object_enumerator(p11, session, tmpl, count, + NULL, 0); if (keys->enumerate(keys, &object)) { - this = create(KEY_RSA, n.len, p11, slot, session, object); + this = create(type, keylen, p11, slot, session, object); keys->destroy(keys); break; } @@ -340,9 +553,46 @@ static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e) } /** + * Find an RSA key object + */ +static private_pkcs11_public_key_t* find_rsa_key(chunk_t n, chunk_t e, + size_t keylen) +{ + CK_OBJECT_CLASS class = CKO_PUBLIC_KEY; + CK_KEY_TYPE type = CKK_RSA; + CK_ATTRIBUTE tmpl[] = { + {CKA_CLASS, &class, sizeof(class)}, + {CKA_KEY_TYPE, &type, sizeof(type)}, + {CKA_MODULUS, n.ptr, n.len}, + {CKA_PUBLIC_EXPONENT, e.ptr, e.len}, + }; + return find_key(KEY_RSA, keylen, tmpl, countof(tmpl)); +} + +/** + * Find an ECDSA key object + */ +static private_pkcs11_public_key_t* find_ecdsa_key(chunk_t ecparams, + chunk_t ecpoint, + size_t keylen) +{ + CK_OBJECT_CLASS class = CKO_PUBLIC_KEY; + CK_KEY_TYPE type = CKK_ECDSA; + CK_ATTRIBUTE tmpl[] = { + {CKA_CLASS, &class, sizeof(class)}, + {CKA_KEY_TYPE, &type, sizeof(type)}, + {CKA_EC_PARAMS, ecparams.ptr, ecparams.len}, + {CKA_EC_POINT, ecpoint.ptr, ecpoint.len}, + }; + return find_key(KEY_ECDSA, keylen, tmpl, countof(tmpl)); +} + +/** * Create a key object in a suitable token session */ -static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e) +static private_pkcs11_public_key_t* create_key(key_type_t type, size_t keylen, + CK_MECHANISM_TYPE_PTR mechanisms, int mcount, + CK_ATTRIBUTE_PTR tmpl, int count) { private_pkcs11_public_key_t *this = NULL; pkcs11_manager_t *manager; @@ -350,7 +600,7 @@ static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e) pkcs11_library_t *p11; CK_SLOT_ID slot; - manager = pkcs11_manager_get(); + manager = lib->get(lib, "pkcs11-manager"); if (!manager) { return NULL; @@ -361,14 +611,6 @@ static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e) { CK_MECHANISM_TYPE mech; CK_MECHANISM_INFO info; - CK_OBJECT_CLASS class = CKO_PUBLIC_KEY; - CK_KEY_TYPE type = CKK_RSA; - CK_ATTRIBUTE tmpl[] = { - {CKA_CLASS, &class, sizeof(class)}, - {CKA_KEY_TYPE, &type, sizeof(type)}, - {CKA_MODULUS, n.ptr, n.len}, - {CKA_PUBLIC_EXPONENT, e.ptr, e.len} - }; CK_OBJECT_HANDLE object; CK_SESSION_HANDLE session; CK_RV rv; @@ -376,21 +618,23 @@ static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e) mechs = p11->create_mechanism_enumerator(p11, slot); while (mechs->enumerate(mechs, &mech, &info)) { + bool found = FALSE; + int i; if (!(info.flags & CKF_VERIFY)) { continue; } - switch (mech) + for (i = 0; i < mcount; i++) { - case CKM_RSA_PKCS: - case CKM_SHA1_RSA_PKCS: - case CKM_SHA256_RSA_PKCS: - case CKM_SHA384_RSA_PKCS: - case CKM_SHA512_RSA_PKCS: - case CKM_MD5_RSA_PKCS: + if (mechanisms[i] == mech) + { + found = TRUE; break; - default: - continue; + } + } + if (!found) + { + continue; } rv = p11->f->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL, &session); @@ -400,20 +644,21 @@ static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e) ck_rv_names, rv); continue; } - rv = p11->f->C_CreateObject(session, tmpl, countof(tmpl), &object); + rv = p11->f->C_CreateObject(session, tmpl, count, &object); if (rv == CKR_OK) { - this = create(KEY_RSA, n.len, p11, slot, session, object); - DBG2(DBG_CFG, "created RSA public key on token '%s':%d ", - p11->get_name(p11), slot); - break; + this = create(type, keylen, p11, slot, session, object); + DBG2(DBG_CFG, "created %N public key on token '%s':%d ", + key_type_names, type, p11->get_name(p11), slot); } else { - DBG1(DBG_CFG, "creating RSA public key on token '%s':%d " - "failed: %N", p11->get_name(p11), slot, ck_rv_names, rv); + DBG1(DBG_CFG, "creating %N public key on token '%s':%d " + "failed: %N", key_type_names, type, p11->get_name(p11), + slot, ck_rv_names, rv); p11->f->C_CloseSession(session); } + break; } mechs->destroy(mechs); if (this) @@ -426,18 +671,71 @@ static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e) } /** + * Create an RSA key object in a suitable token session + */ +static private_pkcs11_public_key_t* create_rsa_key(chunk_t n, chunk_t e, + size_t keylen) +{ + CK_OBJECT_CLASS class = CKO_PUBLIC_KEY; + CK_KEY_TYPE type = CKK_RSA; + CK_ATTRIBUTE tmpl[] = { + {CKA_CLASS, &class, sizeof(class)}, + {CKA_KEY_TYPE, &type, sizeof(type)}, + {CKA_MODULUS, n.ptr, n.len}, + {CKA_PUBLIC_EXPONENT, e.ptr, e.len}, + }; + CK_MECHANISM_TYPE mechs[] = { + CKM_RSA_PKCS, + CKM_SHA1_RSA_PKCS, + CKM_SHA256_RSA_PKCS, + CKM_SHA384_RSA_PKCS, + CKM_SHA512_RSA_PKCS, + CKM_MD5_RSA_PKCS, + }; + return create_key(KEY_RSA, keylen, mechs, countof(mechs), tmpl, + countof(tmpl)); +} + +/** + * Create an ECDSA key object in a suitable token session + */ +static private_pkcs11_public_key_t* create_ecdsa_key(chunk_t ecparams, + chunk_t ecpoint, + size_t keylen) +{ + CK_OBJECT_CLASS class = CKO_PUBLIC_KEY; + CK_KEY_TYPE type = CKK_ECDSA; + CK_ATTRIBUTE tmpl[] = { + {CKA_CLASS, &class, sizeof(class)}, + {CKA_KEY_TYPE, &type, sizeof(type)}, + {CKA_EC_PARAMS, ecparams.ptr, ecparams.len}, + {CKA_EC_POINT, ecpoint.ptr, ecpoint.len}, + }; + CK_MECHANISM_TYPE mechs[] = { + CKM_ECDSA, + CKM_ECDSA_SHA1, + }; + return create_key(KEY_ECDSA, keylen, mechs, + countof(mechs), tmpl, countof(tmpl)); +} + +/** * See header */ pkcs11_public_key_t *pkcs11_public_key_load(key_type_t type, va_list args) { private_pkcs11_public_key_t *this; - chunk_t n, e; + chunk_t n, e, blob; + size_t keylen = 0; - n = e = chunk_empty; + n = e = blob = chunk_empty; while (TRUE) { switch (va_arg(args, builder_part_t)) { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; case BUILD_RSA_MODULUS: n = va_arg(args, chunk_t); continue; @@ -457,17 +755,152 @@ pkcs11_public_key_t *pkcs11_public_key_load(key_type_t type, va_list args) { /* trim leading zero byte in modulus */ n = chunk_skip(n, 1); } - this = find_rsa_key(n, e); + keylen = n.len * 8; + this = find_rsa_key(n, e, keylen); if (this) { return &this->public; } - this = create_rsa_key(n, e); + this = create_rsa_key(n, e, keylen); if (this) { return &this->public; } } + else if (type == KEY_ECDSA && blob.ptr) + { + chunk_t ecparams, ecpoint; + ecparams = ecpoint = chunk_empty; + if (parse_ecdsa_public_key(blob, &ecparams, &ecpoint, &keylen)) + { + this = find_ecdsa_key(ecparams, ecpoint, keylen); + if (this) + { + return &this->public; + } + this = create_ecdsa_key(ecparams, ecpoint, keylen); + if (this) + { + return &this->public; + } + } + } return NULL; } +static private_pkcs11_public_key_t *find_key_by_keyid(pkcs11_library_t *p11, + int slot, key_type_t key_type, + chunk_t keyid) +{ + CK_OBJECT_CLASS class = CKO_PUBLIC_KEY; + CK_KEY_TYPE type; + CK_ATTRIBUTE tmpl[] = { + {CKA_CLASS, &class, sizeof(class)}, + {CKA_ID, keyid.ptr, keyid.len}, + {CKA_KEY_TYPE, &type, sizeof(type)}, + }; + CK_OBJECT_HANDLE object; + CK_ATTRIBUTE attr[] = { + {CKA_KEY_TYPE, &type, sizeof(type)}, + }; + CK_SESSION_HANDLE session; + CK_RV rv; + enumerator_t *enumerator; + int count = countof(tmpl); + bool found = FALSE; + size_t keylen; + + switch (key_type) + { + case KEY_RSA: + type = CKK_RSA; + break; + case KEY_ECDSA: + type = CKK_ECDSA; + break; + default: + /* don't specify key type on KEY_ANY */ + count--; + break; + } + + rv = p11->f->C_OpenSession(slot, CKF_SERIAL_SESSION, NULL, NULL, &session); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "opening public key session on '%s':%d failed: %N", + p11->get_name(p11), slot, ck_rv_names, rv); + return NULL; + } + + enumerator = p11->create_object_enumerator(p11, session, tmpl, count, attr, + countof(attr)); + if (enumerator->enumerate(enumerator, &object)) + { + switch (type) + { + case CKK_ECDSA: + { + chunk_t ecparams; + if (p11->get_ck_attribute(p11, session, object, CKA_EC_PARAMS, + &ecparams) && + keylen_from_ecparams(ecparams, &keylen)) + { + chunk_free(&ecparams); + key_type = KEY_ECDSA; + found = TRUE; + } + break; + } + case CKK_RSA: + { + chunk_t n; + if (p11->get_ck_attribute(p11, session, object, CKA_MODULUS, + &n) && n.len > 0) + { + keylen = n.len * 8; + chunk_free(&n); + key_type = KEY_RSA; + found = TRUE; + } + break; + } + default: + DBG1(DBG_CFG, "PKCS#11 key type %d not supported", type); + break; + } + } + enumerator->destroy(enumerator); + + if (found) + { + return create(key_type, keylen, p11, slot, session, object); + } + p11->f->C_CloseSession(session); + return NULL; +} + +/** + * Find a public key on the given token with a specific keyid. + * + * Used by pkcs11_private_key_t. + * + * TODO: if no public key is found, we should perhaps search for a certificate + * with the given keyid and extract the key from there + * + * @param p11 PKCS#11 module + * @param slot slot id + * @param type type of the key + * @param keyid key id + */ +pkcs11_public_key_t *pkcs11_public_key_connect(pkcs11_library_t *p11, + int slot, key_type_t type, chunk_t keyid) +{ + private_pkcs11_public_key_t *this; + + this = find_key_by_keyid(p11, slot, type, keyid); + if (!this) + { + return NULL; + } + return &this->public; +} diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h index 4fd94620e..b3ea725a2 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_public_key.h @@ -42,7 +42,7 @@ struct pkcs11_public_key_t { * * @param type type of the key * @param args builder_part_t argument list - * @return loaded key, NULL on failure + * @return loaded key, NULL on failure */ pkcs11_public_key_t *pkcs11_public_key_load(key_type_t type, va_list args); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c new file mode 100644 index 000000000..45cf0b7c2 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c @@ -0,0 +1,137 @@ +/* + * Copyright (C) 2011 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs11_rng.h" + +#include <debug.h> + +#include "pkcs11_manager.h" + +typedef struct private_pkcs11_rng_t private_pkcs11_rng_t; + +/** + * Private data of an pkcs11_rng_t object. + */ +struct private_pkcs11_rng_t { + + /** + * Public interface. + */ + pkcs11_rng_t public; + + /** + * PKCS#11 library + */ + pkcs11_library_t *lib; + + /** + * Mechanism for this rng + */ + CK_SESSION_HANDLE session; + +}; + +METHOD(rng_t, get_bytes, void, + private_pkcs11_rng_t *this, size_t bytes, u_int8_t *buffer) +{ + CK_RV rv; + rv = this->lib->f->C_GenerateRandom(this->session, buffer, bytes); + if (rv != CKR_OK) + { + DBG1(DBG_CFG, "C_GenerateRandom() failed: %N", ck_rv_names, rv); + abort(); + } +} + +METHOD(rng_t, allocate_bytes, void, + private_pkcs11_rng_t *this, size_t bytes, chunk_t *chunk) +{ + *chunk = chunk_alloc(bytes); + get_bytes(this, chunk->len, chunk->ptr); +} + +METHOD(rng_t, destroy, void, + private_pkcs11_rng_t *this) +{ + this->lib->f->C_CloseSession(this->session); + free(this); +} + +/** + * Find a token with its own RNG + */ +static pkcs11_library_t *find_token(CK_SESSION_HANDLE *session) +{ + enumerator_t *tokens; + pkcs11_manager_t *manager; + pkcs11_library_t *current, *found = NULL; + CK_SLOT_ID slot; + + manager = lib->get(lib, "pkcs11-manager"); + if (!manager) + { + return NULL; + } + tokens = manager->create_token_enumerator(manager); + while (tokens->enumerate(tokens, ¤t, &slot)) + { + CK_TOKEN_INFO info; + CK_RV rv; + rv = current->f->C_GetTokenInfo(slot, &info); + if (rv != CKR_OK) + { + continue; + } + if (info.flags & CKF_RNG) + { + if (current->f->C_OpenSession(slot, CKF_SERIAL_SESSION, + NULL, NULL, session) == CKR_OK) + { + found = current; + break; + } + } + } + tokens->destroy(tokens); + return found; +} + +/* + * Described in header. + */ +pkcs11_rng_t *pkcs11_rng_create(rng_quality_t quality) +{ + private_pkcs11_rng_t *this; + + INIT(this, + .public = { + .rng = { + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .destroy = _destroy, + }, + }, + ); + + this->lib = find_token(&this->session); + if (!this->lib) + { + free(this); + return NULL; + } + + return &this->public; +} + diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.h b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.h new file mode 100644 index 000000000..998631f7e --- /dev/null +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.h @@ -0,0 +1,47 @@ +/* + * Copyright (C) 2011 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs11_rng pkcs11_rng + * @{ @ingroup pkcs11 + */ + +#ifndef PKCS11_RNG_H_ +#define PKCS11_RNG_H_ + +typedef struct pkcs11_rng_t pkcs11_rng_t; + +#include <library.h> + +/** + * rng_t implementation via PKCS#11 + */ +struct pkcs11_rng_t { + + /** + * Implements rng_t. + */ + rng_t rng; +}; + +/** + * Creates a pkcs11_rng_t instance. + * + * @param quality required quality of randomness + * @return created pkcs11_rng_t + */ +pkcs11_rng_t *pkcs11_rng_create(rng_quality_t quality); + +#endif /** PKCS11_RNG_H_ @} */ diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.am b/src/libstrongswan/plugins/pkcs8/Makefile.am new file mode 100644 index 000000000..bcaf2c6a5 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs8/Makefile.am @@ -0,0 +1,16 @@ + +INCLUDES = -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = -rdynamic + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-pkcs8.la +else +plugin_LTLIBRARIES = libstrongswan-pkcs8.la +endif + +libstrongswan_pkcs8_la_SOURCES = \ + pkcs8_plugin.h pkcs8_plugin.c \ + pkcs8_builder.h pkcs8_builder.c + +libstrongswan_pkcs8_la_LDFLAGS = -module -avoid-version diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in new file mode 100644 index 000000000..2b9c6cf95 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs8/Makefile.in @@ -0,0 +1,611 @@ +# Makefile.in generated by automake 1.11.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/pkcs8 +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.in +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_pkcs8_la_LIBADD = +am_libstrongswan_pkcs8_la_OBJECTS = pkcs8_plugin.lo pkcs8_builder.lo +libstrongswan_pkcs8_la_OBJECTS = $(am_libstrongswan_pkcs8_la_OBJECTS) +libstrongswan_pkcs8_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_pkcs8_la_LDFLAGS) $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_pkcs8_la_rpath = -rpath \ +@MONOLITHIC_FALSE@ $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_pkcs8_la_rpath = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ + --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ + $(LDFLAGS) -o $@ +SOURCES = $(libstrongswan_pkcs8_la_SOURCES) +DIST_SOURCES = $(libstrongswan_pkcs8_la_SOURCES) +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GPERF = @GPERF@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +default_pkcs11 = @default_pkcs11@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +libcharon_plugins = @libcharon_plugins@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +lt_ECHO = @lt_ECHO@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pluto_plugins = @pluto_plugins@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +INCLUDES = -I$(top_srcdir)/src/libstrongswan +AM_CFLAGS = -rdynamic +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-pkcs8.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-pkcs8.la +libstrongswan_pkcs8_la_SOURCES = \ + pkcs8_plugin.h pkcs8_plugin.c \ + pkcs8_builder.h pkcs8_builder.c + +libstrongswan_pkcs8_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs8/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs8/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \ + test "$$dir" != "$$p" || dir=.; \ + echo "rm -f \"$${dir}/so_locations\""; \ + rm -f "$${dir}/so_locations"; \ + done +libstrongswan-pkcs8.la: $(libstrongswan_pkcs8_la_OBJECTS) $(libstrongswan_pkcs8_la_DEPENDENCIES) + $(libstrongswan_pkcs8_la_LINK) $(am_libstrongswan_pkcs8_la_rpath) $(libstrongswan_pkcs8_la_OBJECTS) $(libstrongswan_pkcs8_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs8_builder.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs8_plugin.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c $< + +.c.obj: +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + mkid -fID $$unique +tags: TAGS + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + set x; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: CTAGS +CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in files) print i; }; }'`; \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + `test -z '$(STRIP)' || \ + echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + ctags distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-pluginLTLIBRARIES install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags uninstall uninstall-am \ + uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c new file mode 100644 index 000000000..346240ae1 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c @@ -0,0 +1,632 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs8_builder.h" + +#include <debug.h> +#include <asn1/oid.h> +#include <asn1/asn1.h> +#include <asn1/asn1_parser.h> +#include <credentials/keys/private_key.h> + +/** + * ASN.1 definition of a privateKeyInfo structure + */ +static const asn1Object_t pkinfoObjects[] = { + { 0, "privateKeyInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */ + { 1, "privateKeyAlgorithm", ASN1_EOC, ASN1_RAW }, /* 2 */ + { 1, "privateKey", ASN1_OCTET_STRING, ASN1_BODY }, /* 3 */ + { 1, "attributes", ASN1_CONTEXT_C_0, ASN1_OPT }, /* 4 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 5 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PKINFO_PRIVATE_KEY_ALGORITHM 2 +#define PKINFO_PRIVATE_KEY 3 + +/** + * Load a generic private key from an ASN.1 encoded blob + */ +static private_key_t *parse_private_key(chunk_t blob) +{ + asn1_parser_t *parser; + chunk_t object, params = chunk_empty; + int objectID; + private_key_t *key = NULL; + key_type_t type = KEY_ANY; + + parser = asn1_parser_create(pkinfoObjects, blob); + parser->set_flags(parser, FALSE, TRUE); + + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case PKINFO_PRIVATE_KEY_ALGORITHM: + { + int oid = asn1_parse_algorithmIdentifier(object, + parser->get_level(parser) + 1, ¶ms); + + switch (oid) + { + case OID_RSA_ENCRYPTION: + type = KEY_RSA; + break; + case OID_EC_PUBLICKEY: + type = KEY_ECDSA; + break; + default: + /* key type not supported */ + goto end; + } + break; + } + case PKINFO_PRIVATE_KEY: + { + DBG2(DBG_ASN, "-- > --"); + if (params.ptr) + { + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, + type, BUILD_BLOB_ALGID_PARAMS, + params, BUILD_BLOB_ASN1_DER, + object, BUILD_END); + } + else + { + key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, + type, BUILD_BLOB_ASN1_DER, object, + BUILD_END); + } + DBG2(DBG_ASN, "-- < --"); + break; + } + } + } + +end: + parser->destroy(parser); + return key; +} + +/** + * Verify padding of decrypted blob. + * Length of blob is adjusted accordingly. + */ +static bool verify_padding(chunk_t *blob) +{ + u_int8_t padding, count; + + padding = count = blob->ptr[blob->len - 1]; + if (padding > 8) + { + return FALSE; + } + for (; blob->len && count; --blob->len, --count) + { + if (blob->ptr[blob->len - 1] != padding) + { + return FALSE; + } + } + return TRUE; +} + +/** + * Prototype for key derivation functions. + */ +typedef void (*kdf_t)(void *generator, chunk_t password, chunk_t salt, + u_int64_t iterations, chunk_t key); + +/** + * Try to decrypt the given blob with multiple passwords using the given + * key derivation function. keymat is where the kdf function writes the key + * to, key and iv point to the actual keys and initialization vectors resp. + */ +static private_key_t *decrypt_private_key(chunk_t blob, + encryption_algorithm_t encr, size_t key_len, kdf_t kdf, + void *generator, chunk_t salt, u_int64_t iterations, + chunk_t keymat, chunk_t key, chunk_t iv) +{ + enumerator_t *enumerator; + shared_key_t *shared; + crypter_t *crypter; + private_key_t *private_key = NULL; + + crypter = lib->crypto->create_crypter(lib->crypto, encr, key_len); + if (!crypter) + { + DBG1(DBG_ASN, " %N encryption algorithm not available", + encryption_algorithm_names, encr); + return NULL; + } + if (blob.len % crypter->get_block_size(crypter)) + { + DBG1(DBG_ASN, " data size is not a multiple of block size"); + crypter->destroy(crypter); + return NULL; + } + + enumerator = lib->credmgr->create_shared_enumerator(lib->credmgr, + SHARED_PRIVATE_KEY_PASS, NULL, NULL); + while (enumerator->enumerate(enumerator, &shared, NULL, NULL)) + { + chunk_t decrypted; + + kdf(generator, shared->get_key(shared), salt, iterations, keymat); + + crypter->set_key(crypter, key); + crypter->decrypt(crypter, blob, iv, &decrypted); + if (verify_padding(&decrypted)) + { + private_key = parse_private_key(decrypted); + if (private_key) + { + chunk_clear(&decrypted); + break; + } + } + chunk_free(&decrypted); + } + enumerator->destroy(enumerator); + crypter->destroy(crypter); + + return private_key; +} + +/** + * Function F of PBKDF2 + */ +static void pbkdf2_f(chunk_t block, prf_t *prf, chunk_t seed, + u_int64_t iterations) +{ + chunk_t u; + u_int64_t i; + + u = chunk_alloca(prf->get_block_size(prf)); + prf->get_bytes(prf, seed, u.ptr); + memcpy(block.ptr, u.ptr, block.len); + + for (i = 1; i < iterations; i++) + { + prf->get_bytes(prf, u, u.ptr); + memxor(block.ptr, u.ptr, block.len); + } +} + +/** + * PBKDF2 key derivation function + */ +static void pbkdf2(prf_t *prf, chunk_t password, chunk_t salt, + u_int64_t iterations, chunk_t key) +{ + chunk_t keymat, block, seed; + size_t blocks; + u_int32_t i = 0, *ni; + + prf->set_key(prf, password); + + block.len = prf->get_block_size(prf); + blocks = (key.len - 1) / block.len + 1; + keymat = chunk_alloca(blocks * block.len); + + seed = chunk_cata("cc", salt, chunk_from_thing(i)); + ni = (u_int32_t*)(seed.ptr + salt.len); + + for (; i < blocks; i++) + { + *ni = htonl(i + 1); + block.ptr = keymat.ptr + (i * block.len); + pbkdf2_f(block, prf, seed, iterations); + } + + memcpy(key.ptr, keymat.ptr, key.len); +} + +/** + * Decrypt an encrypted PKCS#8 encoded private key according to PBES2 + */ +static private_key_t *decrypt_private_key_pbes2(chunk_t blob, + encryption_algorithm_t encr, size_t key_len, + chunk_t iv, pseudo_random_function_t prf_func, + chunk_t salt, u_int64_t iterations) +{ + private_key_t *private_key; + prf_t *prf; + chunk_t key; + + prf = lib->crypto->create_prf(lib->crypto, prf_func); + if (!prf) + { + DBG1(DBG_ASN, " %N prf algorithm not available", + pseudo_random_function_names, prf_func); + return NULL; + } + + key = chunk_alloca(key_len); + + private_key = decrypt_private_key(blob, encr, key_len, (kdf_t)pbkdf2, prf, + salt, iterations, key, key, iv); + + prf->destroy(prf); + return private_key; +} + +/** + * PBKDF1 key derivation function + */ +static void pbkdf1(hasher_t *hasher, chunk_t password, chunk_t salt, + u_int64_t iterations, chunk_t key) +{ + chunk_t hash; + u_int64_t i; + + hash = chunk_alloca(hasher->get_hash_size(hasher)); + hasher->get_hash(hasher, password, NULL); + hasher->get_hash(hasher, salt, hash.ptr); + + for (i = 1; i < iterations; i++) + { + hasher->get_hash(hasher, hash, hash.ptr); + } + + memcpy(key.ptr, hash.ptr, key.len); +} + +/** + * Decrypt an encrypted PKCS#8 encoded private key according to PBES1 + */ +static private_key_t *decrypt_private_key_pbes1(chunk_t blob, + encryption_algorithm_t encr, size_t key_len, + hash_algorithm_t hash, chunk_t salt, + u_int64_t iterations) +{ + private_key_t *private_key = NULL; + hasher_t *hasher = NULL; + chunk_t keymat, key, iv; + + hasher = lib->crypto->create_hasher(lib->crypto, hash); + if (!hasher) + { + DBG1(DBG_ASN, " %N hash algorithm not available", + hash_algorithm_names, hash); + goto end; + } + if (hasher->get_hash_size(hasher) < key_len) + { + goto end; + } + + keymat = chunk_alloca(key_len * 2); + key.len = key_len; + key.ptr = keymat.ptr; + iv.len = key_len; + iv.ptr = keymat.ptr + key_len; + + private_key = decrypt_private_key(blob, encr, key_len, (kdf_t)pbkdf1, + hasher, salt, iterations, keymat, + key, iv); + +end: + DESTROY_IF(hasher); + return private_key; +} + +/** + * Parse an ASN1_INTEGER to a u_int64_t. + */ +static u_int64_t parse_asn1_integer_uint64(chunk_t blob) +{ + u_int64_t val = 0; + int i; + + for (i = 0; i < blob.len; i++) + { /* if it is longer than 8 bytes, we just use the 8 LSBs */ + val <<= 8; + val |= (u_int64_t)blob.ptr[i]; + } + return val; +} + +/** + * ASN.1 definition of a PBKDF2-params structure + * The salt is actually a CHOICE and could be an AlgorithmIdentifier from + * PBKDF2-SaltSources (but as per RFC 2898 that's for future versions). + */ +static const asn1Object_t pbkdf2ParamsObjects[] = { + { 0, "PBKDF2-params", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "salt", ASN1_OCTET_STRING, ASN1_BODY }, /* 1 */ + { 1, "iterationCount",ASN1_INTEGER, ASN1_BODY }, /* 2 */ + { 1, "keyLength", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 3 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */ + { 1, "prf", ASN1_EOC, ASN1_DEF|ASN1_RAW }, /* 5 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PBKDF2_SALT 1 +#define PBKDF2_ITERATION_COUNT 2 +#define PBKDF2_KEY_LENGTH 3 +#define PBKDF2_PRF 5 + +/** + * Parse a PBKDF2-params structure + */ +static void parse_pbkdf2_params(chunk_t blob, chunk_t *salt, + u_int64_t *iterations, size_t *key_len, + pseudo_random_function_t *prf) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID; + + parser = asn1_parser_create(pbkdf2ParamsObjects, blob); + + *key_len = 0; /* key_len is optional */ + + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case PBKDF2_SALT: + { + *salt = object; + break; + } + case PBKDF2_ITERATION_COUNT: + { + *iterations = parse_asn1_integer_uint64(object); + break; + } + case PBKDF2_KEY_LENGTH: + { + *key_len = (size_t)parse_asn1_integer_uint64(object); + break; + } + case PBKDF2_PRF: + { /* defaults to id-hmacWithSHA1 */ + *prf = PRF_HMAC_SHA1; + break; + } + } + } + + parser->destroy(parser); +} + +/** + * ASN.1 definition of a PBES2-params structure + */ +static const asn1Object_t pbes2ParamsObjects[] = { + { 0, "PBES2-params", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "keyDerivationFunc", ASN1_EOC, ASN1_RAW }, /* 1 */ + { 1, "encryptionScheme", ASN1_EOC, ASN1_RAW }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PBES2PARAMS_KEY_DERIVATION_FUNC 1 +#define PBES2PARAMS_ENCRYPTION_SCHEME 2 + +/** + * Parse a PBES2-params structure + */ +static void parse_pbes2_params(chunk_t blob, chunk_t *salt, + u_int64_t *iterations, size_t *key_len, + pseudo_random_function_t *prf, + encryption_algorithm_t *encr, chunk_t *iv) +{ + asn1_parser_t *parser; + chunk_t object, params; + int objectID; + + parser = asn1_parser_create(pbes2ParamsObjects, blob); + + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case PBES2PARAMS_KEY_DERIVATION_FUNC: + { + int oid = asn1_parse_algorithmIdentifier(object, + parser->get_level(parser) + 1, ¶ms); + if (oid != OID_PBKDF2) + { /* unsupported key derivation function */ + goto end; + } + parse_pbkdf2_params(params, salt, iterations, key_len, prf); + break; + } + case PBES2PARAMS_ENCRYPTION_SCHEME: + { + int oid = asn1_parse_algorithmIdentifier(object, + parser->get_level(parser) + 1, ¶ms); + if (oid != OID_3DES_EDE_CBC) + { /* unsupported encryption scheme */ + goto end; + } + if (*key_len <= 0) + { /* default key len for DES-EDE3-CBC-Pad */ + *key_len = 24; + } + if (!asn1_parse_simple_object(¶ms, ASN1_OCTET_STRING, + parser->get_level(parser) + 1, "IV")) + { + goto end; + } + *encr = ENCR_3DES; + *iv = params; + break; + } + } + } + +end: + parser->destroy(parser); +} + +/** + * ASN.1 definition of a PBEParameter structure + */ +static const asn1Object_t pbeParameterObjects[] = { + { 0, "PBEParameter", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "salt", ASN1_OCTET_STRING, ASN1_BODY }, /* 1 */ + { 1, "iterationCount", ASN1_INTEGER, ASN1_BODY }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define PBEPARAM_SALT 1 +#define PBEPARAM_ITERATION_COUNT 2 + +/** + * Parse a PBEParameter structure + */ +static void parse_pbe_parameters(chunk_t blob, chunk_t *salt, + u_int64_t *iterations) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID; + + parser = asn1_parser_create(pbeParameterObjects, blob); + + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case PBEPARAM_SALT: + { + *salt = object; + break; + } + case PBEPARAM_ITERATION_COUNT: + { + *iterations = parse_asn1_integer_uint64(object); + break; + } + } + } + + parser->destroy(parser); +} + +/** + * ASN.1 definition of an encryptedPrivateKeyInfo structure + */ +static const asn1Object_t encryptedPKIObjects[] = { + { 0, "encryptedPrivateKeyInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 1, "encryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 1 */ + { 1, "encryptedData", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; +#define EPKINFO_ENCRYPTION_ALGORITHM 1 +#define EPKINFO_ENCRYPTED_DATA 2 + +/** + * Load an encrypted private key from an ASN.1 encoded blob + * Schemes per PKCS#5 (RFC 2898) + */ +static private_key_t *parse_encrypted_private_key(chunk_t blob) +{ + asn1_parser_t *parser; + chunk_t object, params, salt, iv; + u_int64_t iterations = 0; + int objectID; + encryption_algorithm_t encr = ENCR_UNDEFINED; + hash_algorithm_t hash = HASH_UNKNOWN; + pseudo_random_function_t prf = PRF_UNDEFINED; + private_key_t *key = NULL; + size_t key_len = 8; + + parser = asn1_parser_create(encryptedPKIObjects, blob); + + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case EPKINFO_ENCRYPTION_ALGORITHM: + { + int oid = asn1_parse_algorithmIdentifier(object, + parser->get_level(parser) + 1, ¶ms); + + switch (oid) + { + case OID_PBE_MD5_DES_CBC: + encr = ENCR_DES; + hash = HASH_MD5; + parse_pbe_parameters(params, &salt, &iterations); + break; + case OID_PBE_SHA1_DES_CBC: + encr = ENCR_DES; + hash = HASH_SHA1; + parse_pbe_parameters(params, &salt, &iterations); + break; + case OID_PBES2: + parse_pbes2_params(params, &salt, &iterations, + &key_len, &prf, &encr, &iv); + break; + default: + /* encryption scheme not supported */ + goto end; + } + break; + } + case EPKINFO_ENCRYPTED_DATA: + { + if (prf != PRF_UNDEFINED) + { + key = decrypt_private_key_pbes2(object, encr, key_len, iv, + prf, salt, iterations); + } + else + { + key = decrypt_private_key_pbes1(object, encr, key_len, hash, + salt, iterations); + } + break; + } + } + } + +end: + parser->destroy(parser); + return key; +} + +/** + * See header. + */ +private_key_t *pkcs8_private_key_load(key_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + private_key_t *key; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + /* we don't know whether it is encrypted or not, try both ways */ + key = parse_encrypted_private_key(blob); + if (!key) + { + key = parse_private_key(blob); + } + return key; +} + diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h new file mode 100644 index 000000000..b07f2d927 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.h @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs8_builder pkcs8_builder + * @{ @ingroup pkcs8 + */ + +#ifndef PKCS8_BUILDER_H_ +#define PKCS8_BUILDER_H_ + +#include <credentials/builder.h> +#include <credentials/keys/private_key.h> + +/** + * Load an RSA or ECDSA private key from PKCS#8 data. + * + * @param type type of the key, KEY_RSA or KEY_ECDSA + * @param args builder_part_t argument list + * @return private key, NULL on failure + */ +private_key_t *pkcs8_private_key_load(key_type_t type, va_list args); + +#endif /** PKCS8_BUILDER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c new file mode 100644 index 000000000..f78c83054 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.c @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "pkcs8_plugin.h" + +#include <library.h> + +#include "pkcs8_builder.h" + +typedef struct private_pkcs8_plugin_t private_pkcs8_plugin_t; + +/** + * private data of pkcs8_plugin + */ +struct private_pkcs8_plugin_t { + + /** + * public functions + */ + pkcs8_plugin_t public; +}; + +METHOD(plugin_t, get_name, char*, + private_pkcs8_plugin_t *this) +{ + return "pkcs8"; +} + +METHOD(plugin_t, get_features, int, + private_pkcs8_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(PRIVKEY, pkcs8_private_key_load, FALSE), + PLUGIN_PROVIDE(PRIVKEY, KEY_RSA), + PLUGIN_PROVIDE(PRIVKEY, KEY_ECDSA), + }; + *features = f; + return countof(f); +} + +METHOD(plugin_t, destroy, void, + private_pkcs8_plugin_t *this) +{ + free(this); +} + +/* + * see header file + */ +plugin_t *pkcs8_plugin_create() +{ + private_pkcs8_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + ); + + return &this->public.plugin; +} + diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h new file mode 100644 index 000000000..03ca950a3 --- /dev/null +++ b/src/libstrongswan/plugins/pkcs8/pkcs8_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup pkcs8 pkcs8 + * @ingroup plugins + * + * @defgroup pkcs8_plugin pkcs8_plugin + * @{ @ingroup pkcs8 + */ + +#ifndef PKCS8_PLUGIN_H_ +#define PKCS8_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct pkcs8_plugin_t pkcs8_plugin_t; + +/** + * Plugin providing PKCS#8 private key decoding functions + */ +struct pkcs8_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** PKCS8_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/plugin.h b/src/libstrongswan/plugins/plugin.h index 5c92fd1d8..7bfbdf1d4 100644 --- a/src/libstrongswan/plugins/plugin.h +++ b/src/libstrongswan/plugins/plugin.h @@ -21,10 +21,11 @@ #ifndef PLUGIN_H_ #define PLUGIN_H_ -#include <utils.h> - typedef struct plugin_t plugin_t; +#include <library.h> +#include <plugins/plugin_feature.h> + /** * Interface definition of a plugin. */ @@ -38,6 +39,17 @@ struct plugin_t { char* (*get_name)(plugin_t *this); /** + * Get plugin features with dependencies. + * + * The returned array contains features provided by the plugin and + * dependencies for that feature. See plugin_feature_t for details. + * + * @param features pointer receiving plugin features + * @return number of features + */ + int (*get_features)(plugin_t *this, plugin_feature_t *features[]); + + /** * Try to reload plugin configuration. * * @return TRUE if reloaded, FALSE if reloading not supporty by plugin @@ -52,7 +64,7 @@ struct plugin_t { /** - * Plugin constructor function definiton. + * Plugin constructor function definition. * * Each plugin has a constructor function. This function is called on daemon * startup to initialize each plugin. diff --git a/src/libstrongswan/plugins/plugin_feature.c b/src/libstrongswan/plugins/plugin_feature.c new file mode 100644 index 000000000..2a97205bb --- /dev/null +++ b/src/libstrongswan/plugins/plugin_feature.c @@ -0,0 +1,383 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#define _GNU_SOURCE +#include <stdio.h> + +#include "plugin_feature.h" + +#include <debug.h> + +ENUM(plugin_feature_names, FEATURE_NONE, FEATURE_CUSTOM, + "NONE", + "CRYPTER", + "AEAD", + "SIGNER", + "HASHER", + "PRF", + "DH", + "RNG", + "PRIVKEY", + "PRIVKEY_GEN", + "PRIVKEY_SIGN", + "PRIVKEY_DECRYPT", + "PUBKEY", + "PUBKEY_VERIFY", + "PUBKEY_ENCRYPT", + "CERT_DECODE", + "CERT_ENCODE", + "EAP_SERVER", + "EAP_CLIENT", + "DATABASE", + "FETCHER", + "CUSTOM", +); + +/** + * See header. + */ +bool plugin_feature_matches(plugin_feature_t *a, plugin_feature_t *b) +{ + if (a->type == b->type) + { + switch (a->type) + { + case FEATURE_NONE: + return FALSE; + case FEATURE_CRYPTER: + return a->arg.crypter.alg == b->arg.crypter.alg && + a->arg.crypter.key_size == b->arg.crypter.key_size; + case FEATURE_AEAD: + return a->arg.aead.alg == b->arg.aead.alg && + a->arg.aead.key_size == b->arg.aead.key_size; + case FEATURE_SIGNER: + return a->arg.signer == b->arg.signer; + case FEATURE_HASHER: + return a->arg.hasher == b->arg.hasher; + case FEATURE_PRF: + return a->arg.prf == b->arg.prf; + case FEATURE_DH: + return a->arg.dh_group == b->arg.dh_group; + case FEATURE_RNG: + return a->arg.rng_quality <= b->arg.rng_quality; + case FEATURE_PRIVKEY: + case FEATURE_PRIVKEY_GEN: + case FEATURE_PUBKEY: + return a->arg.privkey == b->arg.privkey; + case FEATURE_PRIVKEY_SIGN: + case FEATURE_PUBKEY_VERIFY: + return a->arg.privkey_sign == b->arg.privkey_sign; + case FEATURE_PRIVKEY_DECRYPT: + case FEATURE_PUBKEY_ENCRYPT: + return a->arg.privkey_decrypt == b->arg.privkey_decrypt; + case FEATURE_CERT_DECODE: + case FEATURE_CERT_ENCODE: + return a->arg.cert == b->arg.cert; + case FEATURE_EAP_SERVER: + case FEATURE_EAP_PEER: + return a->arg.eap == b->arg.eap; + case FEATURE_DATABASE: + return a->arg.database == DB_ANY || + a->arg.database == b->arg.database; + case FEATURE_FETCHER: + return a->arg.fetcher == NULL || + streq(a->arg.fetcher, b->arg.fetcher); + case FEATURE_CUSTOM: + return streq(a->arg.custom, b->arg.custom); + } + } + return FALSE; +} + +/** + * See header. + */ +char* plugin_feature_get_string(plugin_feature_t *feature) +{ + char *str = NULL; + + if (feature->kind == FEATURE_REGISTER) + { + return strdup("(register function)"); + } + switch (feature->type) + { + case FEATURE_NONE: + return strdup("NONE"); + case FEATURE_CRYPTER: + if (asprintf(&str, "%N:%N-%d", plugin_feature_names, feature->type, + encryption_algorithm_names, feature->arg.crypter.alg, + feature->arg.crypter.key_size) > 0) + { + return str; + } + break; + case FEATURE_AEAD: + if (asprintf(&str, "%N:%N-%d", plugin_feature_names, feature->type, + encryption_algorithm_names, feature->arg.aead.alg, + feature->arg.aead.key_size) > 0) + { + return str; + } + break; + case FEATURE_SIGNER: + if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, + integrity_algorithm_names, feature->arg.signer) > 0) + { + return str; + } + break; + case FEATURE_HASHER: + if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, + hash_algorithm_names, feature->arg.hasher) > 0) + { + return str; + } + break; + case FEATURE_PRF: + if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, + pseudo_random_function_names, feature->arg.prf) > 0) + { + return str; + } + break; + case FEATURE_DH: + if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, + diffie_hellman_group_names, feature->arg.dh_group) > 0) + { + return str; + } + break; + case FEATURE_RNG: + if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, + rng_quality_names, feature->arg.rng_quality) > 0) + { + return str; + } + break; + case FEATURE_PRIVKEY: + case FEATURE_PRIVKEY_GEN: + case FEATURE_PUBKEY: + if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, + key_type_names, feature->arg.privkey) > 0) + { + return str; + } + break; + case FEATURE_PRIVKEY_SIGN: + case FEATURE_PUBKEY_VERIFY: + if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, + signature_scheme_names, feature->arg.privkey_sign) > 0) + { + return str; + } + break; + case FEATURE_PRIVKEY_DECRYPT: + case FEATURE_PUBKEY_ENCRYPT: + if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, + encryption_scheme_names, feature->arg.privkey_decrypt) > 0) + { + return str; + } + break; + case FEATURE_CERT_DECODE: + case FEATURE_CERT_ENCODE: + if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, + certificate_type_names, feature->arg.cert) > 0) + { + return str; + } + break; + case FEATURE_EAP_SERVER: + case FEATURE_EAP_PEER: + if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, + eap_type_short_names, feature->arg.eap) > 0) + { + return str; + } + break; + case FEATURE_DATABASE: + if (asprintf(&str, "%N:%N", plugin_feature_names, feature->type, + db_driver_names, feature->arg.database) > 0) + { + return str; + } + break; + case FEATURE_FETCHER: + if (asprintf(&str, "%N:%s", plugin_feature_names, feature->type, + feature->arg.fetcher) > 0) + { + return str; + } + break; + case FEATURE_CUSTOM: + if (asprintf(&str, "%N:%s", plugin_feature_names, feature->type, + feature->arg.custom) > 0) + { + return str; + } + break; + } + if (!str) + { + str = strdup("(invalid)"); + } + return str; +} + +/** + * See header. + */ +bool plugin_feature_load(plugin_t *plugin, plugin_feature_t *feature, + plugin_feature_t *reg) +{ + char *name; + + if (!reg) + { /* noting to do for this feature */ + return TRUE; + } + if (reg->kind == FEATURE_CALLBACK) + { + if (reg->arg.cb.f(plugin, feature, TRUE, reg->arg.cb.data)) + { + return TRUE; + } + return FALSE; + } + name = plugin->get_name(plugin); + switch (feature->type) + { + case FEATURE_CRYPTER: + lib->crypto->add_crypter(lib->crypto, feature->arg.crypter.alg, + name, reg->arg.reg.f); + break; + case FEATURE_AEAD: + lib->crypto->add_aead(lib->crypto, feature->arg.aead.alg, + name, reg->arg.reg.f); + break; + case FEATURE_SIGNER: + lib->crypto->add_signer(lib->crypto, feature->arg.signer, + name, reg->arg.reg.f); + break; + case FEATURE_HASHER: + lib->crypto->add_hasher(lib->crypto, feature->arg.hasher, + name, reg->arg.reg.f); + break; + case FEATURE_PRF: + lib->crypto->add_prf(lib->crypto, feature->arg.prf, + name, reg->arg.reg.f); + break; + case FEATURE_DH: + lib->crypto->add_dh(lib->crypto, feature->arg.dh_group, + name, reg->arg.reg.f); + break; + case FEATURE_RNG: + lib->crypto->add_rng(lib->crypto, feature->arg.rng_quality, + name, reg->arg.reg.f); + break; + case FEATURE_PRIVKEY: + case FEATURE_PRIVKEY_GEN: + lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, + feature->arg.privkey, reg->arg.reg.final, + reg->arg.reg.f); + break; + case FEATURE_PUBKEY: + lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, + feature->arg.pubkey, reg->arg.reg.final, + reg->arg.reg.f); + break; + case FEATURE_CERT_DECODE: + case FEATURE_CERT_ENCODE: + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, + feature->arg.cert, reg->arg.reg.final, + reg->arg.reg.f); + break; + case FEATURE_DATABASE: + lib->db->add_database(lib->db, reg->arg.reg.f); + break; + case FEATURE_FETCHER: + lib->fetcher->add_fetcher(lib->fetcher, reg->arg.reg.f, + feature->arg.fetcher); + break; + default: + break; + } + return TRUE; +} + +/** + * See header. + */ +bool plugin_feature_unload(plugin_t *plugin, plugin_feature_t *feature, + plugin_feature_t *reg) +{ + if (!reg) + { /* noting to do for this feature */ + return TRUE; + } + if (reg->kind == FEATURE_CALLBACK) + { + if (reg->arg.cb.f(plugin, feature, FALSE, reg->arg.cb.data)) + { + return TRUE; + } + return FALSE; + } + switch (feature->type) + { + case FEATURE_CRYPTER: + lib->crypto->remove_crypter(lib->crypto, reg->arg.reg.f); + break; + case FEATURE_AEAD: + lib->crypto->remove_aead(lib->crypto, reg->arg.reg.f); + break; + case FEATURE_SIGNER: + lib->crypto->remove_signer(lib->crypto, reg->arg.reg.f); + break; + case FEATURE_HASHER: + lib->crypto->remove_hasher(lib->crypto, reg->arg.reg.f); + break; + case FEATURE_PRF: + lib->crypto->remove_prf(lib->crypto, reg->arg.reg.f); + break; + case FEATURE_DH: + lib->crypto->remove_dh(lib->crypto, reg->arg.reg.f); + break; + case FEATURE_RNG: + lib->crypto->remove_rng(lib->crypto, reg->arg.reg.f); + break; + case FEATURE_PRIVKEY: + case FEATURE_PRIVKEY_GEN: + lib->creds->remove_builder(lib->creds, reg->arg.reg.f); + break; + case FEATURE_PUBKEY: + lib->creds->remove_builder(lib->creds, reg->arg.reg.f); + break; + case FEATURE_CERT_DECODE: + case FEATURE_CERT_ENCODE: + lib->creds->remove_builder(lib->creds, reg->arg.reg.f); + break; + case FEATURE_DATABASE: + lib->db->remove_database(lib->db, reg->arg.reg.f); + break; + case FEATURE_FETCHER: + lib->fetcher->remove_fetcher(lib->fetcher, reg->arg.reg.f); + break; + default: + break; + } + return TRUE; +} diff --git a/src/libstrongswan/plugins/plugin_feature.h b/src/libstrongswan/plugins/plugin_feature.h new file mode 100644 index 000000000..b1500feba --- /dev/null +++ b/src/libstrongswan/plugins/plugin_feature.h @@ -0,0 +1,331 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup plugin_feature plugin_feature + * @{ @ingroup plugins + */ + +#ifndef PLUGIN_FEATURE_H_ +#define PLUGIN_FEATURE_H_ + +typedef struct plugin_feature_t plugin_feature_t; + +#include <library.h> +#include <eap/eap.h> +#include <plugins/plugin.h> + +/** + * Callback function of a plugin to (un-)register a specified feature. + * + * @param plugin plugin instance + * @param feature feature to register + * @param reg TRUE to register, FALSE to unregister + * @param cb_data user data passed with callback function + * @return TRUE if registered successfully + */ +typedef bool (*plugin_feature_callback_t)(plugin_t *plugin, + plugin_feature_t *feature, + bool reg,void *cb_data); + +/** + * Feature a plugin provides or depends on, including registration functions. + * + * Each plugin returns a list of plugin features, allowing the plugin loader + * to resolve dependencies and register the feature. FEATURE_PROVIDE defines + * features provided by the plugin, hard (DEPENDS) or soft (SDEPEND) dependency + * specified is related to the previously defined PROVIDE feature. + * If a plugin feature requires to hook in functionality into the library + * or a daemon, it can use REGISTER or CALLBACK entries. Each PROVIDED feature + * uses the REGISTER/CALLBACK entry defined previously. The REGISTER entry + * defines a common feature registration function directly passed to the + * associated manager or factory (crypto/credential factory etc.). A callback + * function is more generic allows the loader to invoke a callback to do + * the registration. + * + * To conviently create feature lists, use the four macros PLUGIN_REGISTER, + * PLUGIN_CALLBACK, PLUGIN_PROVIDE, PLUGIN_DEPENDS and PLUGIN_SDEPEND. Use + * identation to show how the registration functions and dependencies are + * related to a provided feature, such as: + * + * @verbatim + // two features, one with two dependencies, both use a callback to register + PLUGIN_CALLBACK(...), + PLUGIN_PROVIDE(...), + PLUGIN_DEPENDS(...), + PLUGIN_SDEPEND(...), + PLUGIN_PROVIDE(...), + // common constructor to register for a feature with one dependency + PLUGIN_REGISTER(...), + PLUGIN_PROVIDE(...), + PLUGIN_DEPENDS(...), + // feature that does not use a registration function + PLUGIN_PROVIDE(...), + @endverbatim + */ +struct plugin_feature_t { + /** kind of entry */ + enum { + /* plugin provides this feature */ + FEATURE_PROVIDE, + /* a feature depends on this feature, hard dependency */ + FEATURE_DEPENDS, + /* a feature can optionally use this feature, soft dependency */ + FEATURE_SDEPEND, + /* register the specified function for all following features */ + FEATURE_REGISTER, + /* use a callback to register all following features */ + FEATURE_CALLBACK, + } kind; + /* type of feature */ + enum { + /** not a feature */ + FEATURE_NONE, + /** crypter_t */ + FEATURE_CRYPTER, + /** aead_t */ + FEATURE_AEAD, + /** signer_t */ + FEATURE_SIGNER, + /** hasher_t */ + FEATURE_HASHER, + /** prf_t */ + FEATURE_PRF, + /** diffie_hellman_t */ + FEATURE_DH, + /** rng_t */ + FEATURE_RNG, + /** generic private key support */ + FEATURE_PRIVKEY, + /** generating new private keys */ + FEATURE_PRIVKEY_GEN, + /** private_key_t->sign() */ + FEATURE_PRIVKEY_SIGN, + /** private_key_t->decrypt() */ + FEATURE_PRIVKEY_DECRYPT, + /** generic public key support */ + FEATURE_PUBKEY, + /** public_key_t->verify() */ + FEATURE_PUBKEY_VERIFY, + /** public_key_t->encrypt() */ + FEATURE_PUBKEY_ENCRYPT, + /** parsing certificates */ + FEATURE_CERT_DECODE, + /** generating certificates */ + FEATURE_CERT_ENCODE, + /** EAP server implementation */ + FEATURE_EAP_SERVER, + /** EAP peer implementation */ + FEATURE_EAP_PEER, + /** database_t */ + FEATURE_DATABASE, + /** fetcher_t */ + FEATURE_FETCHER, + /** custom feature, described with a string */ + FEATURE_CUSTOM, + } type; + /** More specific data for each type */ + union { + /** FEATURE_CRYPTER */ + struct { + encryption_algorithm_t alg; + size_t key_size; + } crypter; + /** FEATURE_AEAD */ + struct { + encryption_algorithm_t alg; + size_t key_size; + } aead; + /** FEATURE_SIGNER */ + integrity_algorithm_t signer; + /** FEATURE_PRF */ + pseudo_random_function_t prf; + /** FEATURE_HASHER */ + hash_algorithm_t hasher; + /** FEATURE_DH */ + diffie_hellman_group_t dh_group; + /** FEATURE_RNG */ + rng_quality_t rng_quality; + /** FEATURE_PRIVKEY */ + key_type_t privkey; + /** FEATURE_PRIVKEY_GEN */ + key_type_t privkey_gen; + /** FEATURE_PRIVKEY_SIGN */ + signature_scheme_t privkey_sign; + /** FEATURE_PRIVKEY_DECRYPT */ + encryption_scheme_t privkey_decrypt; + /** FEATURE_PUBKEY */ + key_type_t pubkey; + /** FEATURE_PUBKEY_VERIFY */ + signature_scheme_t pubkey_verify; + /** FEATURE_PUBKEY_ENCRYPT */ + encryption_scheme_t pubkey_encrypt; + /** FEATURE_CERT_DECODE/ENCODE */ + certificate_type_t cert; + /** FEATURE_EAP_SERVER/CLIENT */ + eap_type_t eap; + /** FEATURE_DATABASE */ + db_driver_t database; + /** FEATURE_FETCHER */ + char *fetcher; + /** FEATURE_CUSTOM */ + char *custom; + + /** FEATURE_REGISTER */ + struct { + /** final flag to pass for builder_function_t */ + bool final; + /** feature specific function to register for this type */ + void *f; + } reg; + + /** FEATURE_CALLBACK */ + struct { + /** callback function to invoke for registration */ + plugin_feature_callback_t f; + /** data to pass to callback */ + void *data; + } cb; + } arg; +}; + +#define FEATURE(kind, type, ...) _PLUGIN_FEATURE_##type(kind, __VA_ARGS__) + +/** + * Define function to register directly for all upcoming features. + * + * @param type feature type to register + * @param f type specific function to register + * @param ... type specific additional arguments + */ +#define PLUGIN_REGISTER(type, f, ...) _PLUGIN_FEATURE_REGISTER_##type(type, f, ##__VA_ARGS__) + +/** + * Define a callback to invoke for registering all upcoming features. + * + * @param cb type specific callback function to register + * @param data data pointer to pass to callback + */ +#define PLUGIN_CALLBACK(cb, data) _PLUGIN_FEATURE_CALLBACK(cb, data) + +/** + * Define a feature the plugin provides. + * + * @param type feature type to provide + * @param ... type specific arguments + */ +#define PLUGIN_PROVIDE(type, ...) _PLUGIN_FEATURE_##type(PROVIDE, __VA_ARGS__) + +/** + * Define a hard dependency for the previously defined feature. + * + * @param type feature type to provide + * @param ... type specific arguments + */ +#define PLUGIN_DEPENDS(type, ...) _PLUGIN_FEATURE_##type(DEPENDS, __VA_ARGS__) + +/** + * Define a soft dependency for the previously defined feature. + * + * @param type feature type to provide + * @param ... type specific arguments + */ +#define PLUGIN_SDEPEND(type, ...) _PLUGIN_FEATURE_##type(SDEPEND, __VA_ARGS__) + +#define __PLUGIN_FEATURE(kind, type, ...) (plugin_feature_t){ FEATURE_##kind, FEATURE_##type, { __VA_ARGS__ }} +#define _PLUGIN_FEATURE_CRYPTER(kind, alg, size) __PLUGIN_FEATURE(kind, CRYPTER, .crypter = { alg, size }) +#define _PLUGIN_FEATURE_AEAD(kind, alg, size) __PLUGIN_FEATURE(kind, AEAD, .aead = { alg, size }) +#define _PLUGIN_FEATURE_SIGNER(kind, alg) __PLUGIN_FEATURE(kind, SIGNER, .signer = alg) +#define _PLUGIN_FEATURE_HASHER(kind, alg) __PLUGIN_FEATURE(kind, HASHER, .hasher = alg) +#define _PLUGIN_FEATURE_PRF(kind, alg) __PLUGIN_FEATURE(kind, PRF, .prf = alg) +#define _PLUGIN_FEATURE_DH(kind, group) __PLUGIN_FEATURE(kind, DH, .dh_group = group) +#define _PLUGIN_FEATURE_RNG(kind, quality) __PLUGIN_FEATURE(kind, RNG, .rng_quality = quality) +#define _PLUGIN_FEATURE_PRIVKEY(kind, type) __PLUGIN_FEATURE(kind, PRIVKEY, .privkey = type) +#define _PLUGIN_FEATURE_PRIVKEY_GEN(kind, type) __PLUGIN_FEATURE(kind, PRIVKEY_GEN, .privkey_gen = type) +#define _PLUGIN_FEATURE_PRIVKEY_SIGN(kind, scheme) __PLUGIN_FEATURE(kind, PRIVKEY_SIGN, .privkey_sign = scheme) +#define _PLUGIN_FEATURE_PRIVKEY_DECRYPT(kind, scheme) __PLUGIN_FEATURE(kind, PRIVKEY_DECRYPT, .privkey_decrypt = scheme) +#define _PLUGIN_FEATURE_PUBKEY(kind, type) __PLUGIN_FEATURE(kind, PUBKEY, .pubkey = type) +#define _PLUGIN_FEATURE_PUBKEY_VERIFY(kind, scheme) __PLUGIN_FEATURE(kind, PUBKEY_VERIFY, .pubkey_verify = scheme) +#define _PLUGIN_FEATURE_PUBKEY_ENCRYPT(kind, scheme) __PLUGIN_FEATURE(kind, PUBKEY_ENCRYPT, .pubkey_encrypt = scheme) +#define _PLUGIN_FEATURE_CERT_DECODE(kind, type) __PLUGIN_FEATURE(kind, CERT_DECODE, .cert = type) +#define _PLUGIN_FEATURE_CERT_ENCODE(kind, type) __PLUGIN_FEATURE(kind, CERT_ENCODE, .cert = type) +#define _PLUGIN_FEATURE_EAP_SERVER(kind, type) __PLUGIN_FEATURE(kind, EAP_SERVER, .eap = type) +#define _PLUGIN_FEATURE_EAP_PEER(kind, type) __PLUGIN_FEATURE(kind, EAP_PEER, .eap = type) +#define _PLUGIN_FEATURE_DATABASE(kind, type) __PLUGIN_FEATURE(kind, DATABASE, .database = type) +#define _PLUGIN_FEATURE_FETCHER(kind, type) __PLUGIN_FEATURE(kind, FETCHER, .fetcher = type) +#define _PLUGIN_FEATURE_CUSTOM(kind, name) __PLUGIN_FEATURE(kind, CUSTOM, .custom = name) + +#define __PLUGIN_FEATURE_REGISTER(type, _f) (plugin_feature_t){ FEATURE_REGISTER, FEATURE_##type, .arg.reg.f = _f } +#define __PLUGIN_FEATURE_REGISTER_BUILDER(type, _f, _final) (plugin_feature_t){ FEATURE_REGISTER, FEATURE_##type, .arg.reg = {.f = _f, .final = _final, }} +#define _PLUGIN_FEATURE_REGISTER_CRYPTER(type, f) __PLUGIN_FEATURE_REGISTER(type, f) +#define _PLUGIN_FEATURE_REGISTER_AEAD(type, f) __PLUGIN_FEATURE_REGISTER(type, f) +#define _PLUGIN_FEATURE_REGISTER_SIGNER(type, f) __PLUGIN_FEATURE_REGISTER(type, f) +#define _PLUGIN_FEATURE_REGISTER_HASHER(type, f) __PLUGIN_FEATURE_REGISTER(type, f) +#define _PLUGIN_FEATURE_REGISTER_PRF(type, f) __PLUGIN_FEATURE_REGISTER(type, f) +#define _PLUGIN_FEATURE_REGISTER_DH(type, f) __PLUGIN_FEATURE_REGISTER(type, f) +#define _PLUGIN_FEATURE_REGISTER_RNG(type, f) __PLUGIN_FEATURE_REGISTER(type, f) +#define _PLUGIN_FEATURE_REGISTER_PRIVKEY(type, f, final) __PLUGIN_FEATURE_REGISTER_BUILDER(type, f, final) +#define _PLUGIN_FEATURE_REGISTER_PRIVKEY_GEN(type, f, final)__PLUGIN_FEATURE_REGISTER_BUILDER(type, f, final) +#define _PLUGIN_FEATURE_REGISTER_PUBKEY(type, f, final) __PLUGIN_FEATURE_REGISTER_BUILDER(type, f, final) +#define _PLUGIN_FEATURE_REGISTER_CERT_DECODE(type, f, final)__PLUGIN_FEATURE_REGISTER_BUILDER(type, f, final) +#define _PLUGIN_FEATURE_REGISTER_CERT_ENCODE(type, f, final)__PLUGIN_FEATURE_REGISTER_BUILDER(type, f, final) +#define _PLUGIN_FEATURE_REGISTER_DATABASE(type, f) __PLUGIN_FEATURE_REGISTER(type, f) +#define _PLUGIN_FEATURE_REGISTER_FETCHER(type, f) __PLUGIN_FEATURE_REGISTER(type, f) + +#define _PLUGIN_FEATURE_CALLBACK(_cb, _data) (plugin_feature_t){ FEATURE_CALLBACK, FEATURE_NONE, .arg.cb = { .f = _cb, .data = _data } } + +/** + * Names for plugin_feature_t types. + */ +extern enum_name_t *plugin_feature_names; + +/** + * Check if feature a matches to feature b. + * + * @param a feature to check + * @param b feature to match against + * @return TRUE if a matches b + */ +bool plugin_feature_matches(plugin_feature_t *a, plugin_feature_t *b); + +/** + * Get a string describing feature. + * + * @param feature feature to describe + * @return allocated string describing feature + */ +char* plugin_feature_get_string(plugin_feature_t *feature); + +/** + * Load a plugin feature using a REGISTER/CALLBACK feature entry. + * + * @param plugin plugin providing feature + * @param feature feature to load + * @param reg REGISTER/CALLBACK feature entry to use for registration + */ +bool plugin_feature_load(plugin_t *plugin, plugin_feature_t *feature, + plugin_feature_t *reg); + +/** + * Unload a plugin feature using a REGISTER/CALLBACK feature entry. + * + * @param plugin plugin providing feature + * @param feature feature to unload + * @param reg REGISTER/CALLBACK feature entry to use for deregistration + */ +bool plugin_feature_unload(plugin_t *plugin, plugin_feature_t *feature, + plugin_feature_t *reg); + +#endif /** PLUGIN_FEATURE_H_ @}*/ diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index b4d7bf7c7..f97cbb31f 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Tobias Brunner + * Copyright (C) 2010-2012 Tobias Brunner * Copyright (C) 2007 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -23,11 +23,13 @@ #include <stdio.h> #include <debug.h> +#include <library.h> #include <integrity_checker.h> #include <utils/linked_list.h> #include <plugins/plugin.h> typedef struct private_plugin_loader_t private_plugin_loader_t; +typedef struct plugin_entry_t plugin_entry_t; /** * private data of plugin_loader @@ -40,20 +42,67 @@ struct private_plugin_loader_t { plugin_loader_t public; /** - * list of loaded plugins + * List of plugins, as plugin_entry_t */ linked_list_t *plugins; + + /** + * List of names of loaded plugins + */ + char *loaded_plugins; +}; + +/** + * Entry for a plugin + */ +struct plugin_entry_t { + + /** + * Plugin instance + */ + plugin_t *plugin; + + /** + * dlopen handle, if in separate lib + */ + void *handle; + + /** + * List of loaded features + */ + linked_list_t *loaded; + + /** + * List features failed to load + */ + linked_list_t *failed; }; /** + * Destroy a plugin entry + */ +static void plugin_entry_destroy(plugin_entry_t *entry) +{ + DESTROY_IF(entry->plugin); + if (entry->handle) + { + dlclose(entry->handle); + } + entry->loaded->destroy(entry->loaded); + entry->failed->destroy(entry->failed); + free(entry); +} + +/** * create a plugin * returns: NOT_FOUND, if the constructor was not found * FAILED, if the plugin could not be constructed */ static status_t create_plugin(private_plugin_loader_t *this, void *handle, - char *name, bool integrity, plugin_t **plugin) + char *name, bool integrity, plugin_entry_t **entry) { char create[128]; + plugin_t *plugin; plugin_constructor_t constructor; if (snprintf(create, sizeof(create), "%s_plugin_create", @@ -77,13 +126,18 @@ static status_t create_plugin(private_plugin_loader_t *this, void *handle, DBG1(DBG_LIB, "plugin '%s': passed file and segment integrity tests", name); } - *plugin = constructor(); - if (*plugin == NULL) + plugin = constructor(); + if (plugin == NULL) { DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name, create); return FAILED; } + INIT(*entry, + .plugin = plugin, + .loaded = linked_list_create(), + .failed = linked_list_create(), + ); DBG2(DBG_LIB, "plugin '%s': loaded successfully", name); return SUCCESS; } @@ -91,28 +145,21 @@ static status_t create_plugin(private_plugin_loader_t *this, void *handle, /** * load a single plugin */ -static plugin_t* load_plugin(private_plugin_loader_t *this, - char *path, char *name) +static bool load_plugin(private_plugin_loader_t *this, char *name, char *file) { - char file[PATH_MAX]; + plugin_entry_t *entry; void *handle; - plugin_t *plugin; - switch (create_plugin(this, RTLD_DEFAULT, name, FALSE, &plugin)) + switch (create_plugin(this, RTLD_DEFAULT, name, FALSE, &entry)) { case SUCCESS: - return plugin; + this->plugins->insert_last(this->plugins, entry); + return TRUE; case NOT_FOUND: /* try to load the plugin from a file */ break; default: - return NULL; - } - - if (snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, - name) >= sizeof(file)) - { - return NULL; + return FALSE; } if (lib->integrity) { @@ -120,26 +167,80 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, { DBG1(DBG_LIB, "plugin '%s': failed file integrity test of '%s'", name, file); - return NULL; + return FALSE; } } handle = dlopen(file, RTLD_LAZY); if (handle == NULL) { DBG1(DBG_LIB, "plugin '%s' failed to load: %s", name, dlerror()); - return NULL; + return FALSE; } - if (create_plugin(this, handle, name, TRUE, &plugin) != SUCCESS) + if (create_plugin(this, handle, name, TRUE, &entry) != SUCCESS) { dlclose(handle); - return NULL; + return FALSE; } - /* we do not store or free dlopen() handles, leak_detective requires - * the modules to keep loaded until leak report */ - return plugin; + entry->handle = handle; + this->plugins->insert_last(this->plugins, entry); + return TRUE; } /** + * Convert enumerated entries to plugin_t + */ +static bool plugin_filter(void *null, plugin_entry_t **entry, plugin_t **plugin, + void *in, linked_list_t **list) +{ + *plugin = (*entry)->plugin; + if (list) + { + *list = (*entry)->loaded; + } + return TRUE; +} + +METHOD(plugin_loader_t, create_plugin_enumerator, enumerator_t*, + private_plugin_loader_t *this) +{ + return enumerator_create_filter( + this->plugins->create_enumerator(this->plugins), + (void*)plugin_filter, NULL, NULL); +} + +/** + * Create a list of the names of all loaded plugins + */ +static char* loaded_plugins_list(private_plugin_loader_t *this) +{ + int buf_len = 128, len = 0; + char *buf, *name; + enumerator_t *enumerator; + plugin_t *plugin; + + buf = malloc(buf_len); + buf[0] = '\0'; + enumerator = create_plugin_enumerator(this); + while (enumerator->enumerate(enumerator, &plugin, NULL)) + { + name = plugin->get_name(plugin); + if (len + (strlen(name) + 1) >= buf_len) + { + buf_len <<= 1; + buf = realloc(buf, buf_len); + } + len += snprintf(&buf[len], buf_len - len, "%s ", name); + } + enumerator->destroy(enumerator); + if (len > 0 && buf[len - 1] == ' ') + { + buf[len - 1] = '\0'; + } + return buf; +} + + +/** * Check if a plugin is already loaded */ static bool plugin_loaded(private_plugin_loader_t *this, char *name) @@ -148,8 +249,8 @@ static bool plugin_loaded(private_plugin_loader_t *this, char *name) bool found = FALSE; plugin_t *plugin; - enumerator = this->plugins->create_enumerator(this->plugins); - while (enumerator->enumerate(enumerator, &plugin)) + enumerator = create_plugin_enumerator(this); + while (enumerator->enumerate(enumerator, &plugin, NULL)) { if (streq(plugin->get_name(plugin), name)) { @@ -161,6 +262,235 @@ static bool plugin_loaded(private_plugin_loader_t *this, char *name) return found; } +/** + * Check if a feature of a plugin is already loaded + */ +static bool feature_loaded(private_plugin_loader_t *this, plugin_entry_t *entry, + plugin_feature_t *feature) +{ + return entry->loaded->find_first(entry->loaded, NULL, + (void**)&feature) == SUCCESS; +} + +/** + * Check if loading a feature of a plugin failed + */ +static bool feature_failed(private_plugin_loader_t *this, plugin_entry_t *entry, + plugin_feature_t *feature) +{ + return entry->failed->find_first(entry->failed, NULL, + (void**)&feature) == SUCCESS; +} + +/** + * Check if dependencies are satisfied + */ +static bool dependencies_satisfied(private_plugin_loader_t *this, + plugin_entry_t *entry, bool soft, bool report, + plugin_feature_t *features, int count) +{ + int i; + + /* first entry is provided feature, followed by dependencies */ + for (i = 1; i < count; i++) + { + enumerator_t *entries, *loaded; + plugin_feature_t *feature; + plugin_entry_t *current; + bool found = FALSE; + + if (features[i].kind != FEATURE_DEPENDS && + features[i].kind != FEATURE_SDEPEND) + { /* end of dependencies */ + break; + } + entries = this->plugins->create_enumerator(this->plugins); + while (entries->enumerate(entries, ¤t)) + { + loaded = current->loaded->create_enumerator(current->loaded); + while (loaded->enumerate(loaded, &feature)) + { + if (plugin_feature_matches(&features[i], feature)) + { + found = TRUE; + break; + } + } + loaded->destroy(loaded); + } + entries->destroy(entries); + + if (!found && (features[i].kind != FEATURE_SDEPEND || soft)) + { + if (report) + { + char *provide, *depend, *name; + + name = entry->plugin->get_name(entry->plugin); + provide = plugin_feature_get_string(&features[0]); + depend = plugin_feature_get_string(&features[i]); + DBG2(DBG_LIB, "feature %s in '%s' plugin has unsatisfied " + "dependency: %s", provide, name, depend); + free(provide); + free(depend); + } + return FALSE; + } + } + return TRUE; +} + +/** + * Check if a given feature is still required as dependency + */ +static bool dependency_required(private_plugin_loader_t *this, + plugin_feature_t *dep) +{ + enumerator_t *enumerator; + plugin_feature_t *features; + plugin_entry_t *entry; + int count, i; + + enumerator = this->plugins->create_enumerator(this->plugins); + while (enumerator->enumerate(enumerator, &entry)) + { + if (!entry->plugin->get_features) + { /* features not supported */ + continue; + } + count = entry->plugin->get_features(entry->plugin, &features); + for (i = 0; i < count; i++) + { + if (feature_loaded(this, entry, &features[i])) + { + while (++i < count && (features[i].kind == FEATURE_DEPENDS || + features[i].kind == FEATURE_SDEPEND)) + { + if (plugin_feature_matches(&features[i], dep)) + { + enumerator->destroy(enumerator); + return TRUE; + } + } + } + } + } + enumerator->destroy(enumerator); + return FALSE; +} + +/** + * Load plugin features in correct order + */ +static int load_features(private_plugin_loader_t *this, bool soft, bool report) +{ + enumerator_t *enumerator; + plugin_feature_t *feature, *reg; + plugin_entry_t *entry; + int count, i, loaded = 0; + + enumerator = this->plugins->create_enumerator(this->plugins); + while (enumerator->enumerate(enumerator, &entry)) + { + if (!entry->plugin->get_features) + { /* feature interface not supported */ + continue; + } + reg = NULL; + count = entry->plugin->get_features(entry->plugin, &feature); + for (i = 0; i < count; i++) + { + switch (feature->kind) + { + case FEATURE_PROVIDE: + if (!feature_loaded(this, entry, feature) && + !feature_failed(this, entry, feature) && + dependencies_satisfied(this, entry, soft, report, + feature, count - i)) + { + if (plugin_feature_load(entry->plugin, feature, reg)) + { + entry->loaded->insert_last(entry->loaded, feature); + loaded++; + } + else + { + entry->failed->insert_last(entry->failed, feature); + } + } + break; + case FEATURE_REGISTER: + case FEATURE_CALLBACK: + reg = feature; + break; + default: + break; + } + feature++; + } + } + enumerator->destroy(enumerator); + return loaded; +} + +/** + * Try to unload plugin features on which is not depended anymore + */ +static int unload_features(private_plugin_loader_t *this, plugin_entry_t *entry) +{ + plugin_feature_t *feature, *reg = NULL; + int count, i, unloaded = 0; + + count = entry->plugin->get_features(entry->plugin, &feature); + for (i = 0; i < count; i++) + { + switch (feature->kind) + { + case FEATURE_PROVIDE: + if (feature_loaded(this, entry, feature) && + !dependency_required(this, feature) && + plugin_feature_unload(entry->plugin, feature, reg)) + { + entry->loaded->remove(entry->loaded, feature, NULL); + unloaded++; + } + break; + case FEATURE_REGISTER: + case FEATURE_CALLBACK: + reg = feature; + break; + default: + break; + } + feature++; + } + return unloaded; +} + +/** + * Remove plugins that we were not able to load any features from. + */ +static void purge_plugins(private_plugin_loader_t *this) +{ + enumerator_t *enumerator; + plugin_entry_t *entry; + + enumerator = this->plugins->create_enumerator(this->plugins); + while (enumerator->enumerate(enumerator, &entry)) + { + if (!entry->plugin->get_features) + { /* feature interface not supported */ + continue; + } + if (!entry->loaded->get_count(entry->loaded)) + { + this->plugins->remove_at(this->plugins, enumerator); + plugin_entry_destroy(entry); + } + } + enumerator->destroy(enumerator); +} + METHOD(plugin_loader_t, load_plugins, bool, private_plugin_loader_t *this, char *path, char *list) { @@ -176,8 +506,8 @@ METHOD(plugin_loader_t, load_plugins, bool, enumerator = enumerator_create_token(list, " ", " "); while (!critical_failed && enumerator->enumerate(enumerator, &token)) { - plugin_t *plugin; bool critical = FALSE; + char file[PATH_MAX]; int len; token = strdup(token); @@ -192,42 +522,86 @@ METHOD(plugin_loader_t, load_plugins, bool, free(token); continue; } - plugin = load_plugin(this, path, token); - if (plugin) + if (snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", + path, token) >= sizeof(file)) { - this->plugins->insert_last(this->plugins, plugin); + return FALSE; } - else + if (!load_plugin(this, token, file) && critical) { - if (critical) - { - critical_failed = TRUE; - DBG1(DBG_LIB, "loading critical plugin '%s' failed", token); - } + critical_failed = TRUE; + DBG1(DBG_LIB, "loading critical plugin '%s' failed", token); } free(token); + /* TODO: we currently load features after each plugin is loaded. This + * will not be necessary once we have features support in all plugins. + */ + while (load_features(this, TRUE, FALSE)) + { + /* try load new features until we don't get new ones */ + } } enumerator->destroy(enumerator); + if (!critical_failed) + { + while (load_features(this, FALSE, FALSE)) + { + /* enforce loading features, ignoring soft dependencies */ + } + /* report missing dependencies */ + load_features(this, FALSE, TRUE); + /* unload plugins that we were not able to load any features for */ + purge_plugins(this); + } + if (!critical_failed) + { + free(this->loaded_plugins); + this->loaded_plugins = loaded_plugins_list(this); + } return !critical_failed; } METHOD(plugin_loader_t, unload, void, private_plugin_loader_t *this) { - plugin_t *plugin; + enumerator_t *enumerator; + plugin_entry_t *entry; + linked_list_t *list; - /* unload plugins in reverse order */ - while (this->plugins->remove_last(this->plugins, - (void**)&plugin) == SUCCESS) + /* unload plugins in reverse order, for those not supporting features */ + list = linked_list_create(); + while (this->plugins->remove_last(this->plugins, (void**)&entry) == SUCCESS) { - plugin->destroy(plugin); + list->insert_last(list, entry); } -} - -METHOD(plugin_loader_t, create_plugin_enumerator, enumerator_t*, - private_plugin_loader_t *this) -{ - return this->plugins->create_enumerator(this->plugins); + while (list->remove_last(list, (void**)&entry) == SUCCESS) + { + this->plugins->insert_first(this->plugins, entry); + } + list->destroy(list); + while (this->plugins->get_count(this->plugins)) + { + enumerator = this->plugins->create_enumerator(this->plugins); + while (enumerator->enumerate(enumerator, &entry)) + { + if (entry->plugin->get_features) + { /* supports features */ + while (unload_features(this, entry)); + } + if (entry->loaded->get_count(entry->loaded) == 0) + { + if (lib->leak_detective) + { /* keep handle to report leaks properly */ + entry->handle = NULL; + } + this->plugins->remove_at(this->plugins, enumerator); + plugin_entry_destroy(entry); + } + } + enumerator->destroy(enumerator); + } + free(this->loaded_plugins); + this->loaded_plugins = NULL; } /** @@ -240,11 +614,11 @@ static u_int reload_by_name(private_plugin_loader_t *this, char *name) plugin_t *plugin; enumerator = create_plugin_enumerator(this); - while (enumerator->enumerate(enumerator, &plugin)) + while (enumerator->enumerate(enumerator, &plugin, NULL)) { if (name == NULL || streq(name, plugin->get_name(plugin))) { - if (plugin->reload(plugin)) + if (plugin->reload && plugin->reload(plugin)) { DBG2(DBG_LIB, "reloaded configuration of '%s' plugin", plugin->get_name(plugin)); @@ -276,10 +650,18 @@ METHOD(plugin_loader_t, reload, u_int, return reloaded; } +METHOD(plugin_loader_t, loaded_plugins, char*, + private_plugin_loader_t *this) +{ + return this->loaded_plugins ?: ""; +} + METHOD(plugin_loader_t, destroy, void, private_plugin_loader_t *this) { - this->plugins->destroy_offset(this->plugins, offsetof(plugin_t, destroy)); + unload(this); + this->plugins->destroy(this->plugins); + free(this->loaded_plugins); free(this); } @@ -296,6 +678,7 @@ plugin_loader_t *plugin_loader_create() .reload = _reload, .unload = _unload, .create_plugin_enumerator = _create_plugin_enumerator, + .loaded_plugins = _loaded_plugins, .destroy = _destroy, }, .plugins = linked_list_create(), diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h index e03da4543..7fd07044d 100644 --- a/src/libstrongswan/plugins/plugin_loader.h +++ b/src/libstrongswan/plugins/plugin_loader.h @@ -1,4 +1,5 @@ /* + * Copyright (C) 2012 Tobias Brunner * Copyright (C) 2007 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -15,7 +16,7 @@ /** * @defgroup plugin_loader plugin_loader - * @{ @ingroup plugin + * @{ @ingroup plugins */ #ifndef PLUGIN_LOADER_H_ @@ -59,11 +60,24 @@ struct plugin_loader_t { /** * Create an enumerator over all loaded plugins. * - * @return enumerator over plugin_t* + * In addition to the plugin, the enumerator returns a list of pointers to + * plugin features currently loaded (if the argument is not NULL). + * This list is to be read only. + * + * @return enumerator over plugin_t*, linked_list_t* */ enumerator_t* (*create_plugin_enumerator)(plugin_loader_t *this); /** + * Get a simple list the names of all loaded plugins. + * + * The function returns internal data, do not free. + * + * @return list of the names of all loaded plugins + */ + char* (*loaded_plugins)(plugin_loader_t *this); + + /** * Unload loaded plugins, destroy plugin_loader instance. */ void (*destroy)(plugin_loader_t *this); diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index 97fba22fc..0de048791 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -193,6 +193,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -201,6 +204,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -217,11 +221,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,6 +271,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/pubkey/pubkey_cert.c b/src/libstrongswan/plugins/pubkey/pubkey_cert.c index c50189a8b..67240fe0c 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_cert.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_cert.c @@ -15,6 +15,8 @@ #include "pubkey_cert.h" +#include <time.h> + #include <debug.h> typedef struct private_pubkey_cert_t private_pubkey_cert_t; @@ -45,40 +47,41 @@ struct private_pubkey_cert_t { identification_t *subject; /** + * key inception time + */ + time_t notBefore; + + /** + * key expiration time + */ + time_t notAfter; + + /** * reference count */ refcount_t ref; }; -/** - * Implementation of certificate_t.get_type - */ -static certificate_type_t get_type(private_pubkey_cert_t *this) +METHOD(certificate_t, get_type, certificate_type_t, + private_pubkey_cert_t *this) { return CERT_TRUSTED_PUBKEY; } -/** - * Implementation of certificate_t.get_subject - */ -static identification_t* get_subject(private_pubkey_cert_t *this) +METHOD(certificate_t, get_subject, identification_t*, + private_pubkey_cert_t *this) { return this->subject; } -/** - * Implementation of certificate_t.get_issuer - */ -static identification_t* get_issuer(private_pubkey_cert_t *this) +METHOD(certificate_t, get_issuer, identification_t*, + private_pubkey_cert_t *this) { return this->issuer; } -/** - * Implementation of certificate_t.has_subject. - */ -static id_match_t has_subject(private_pubkey_cert_t *this, - identification_t *subject) +METHOD(certificate_t, has_subject, id_match_t, + private_pubkey_cert_t *this, identification_t *subject) { if (subject->get_type(subject) == ID_KEY_ID) { @@ -94,22 +97,18 @@ static id_match_t has_subject(private_pubkey_cert_t *this, } } } - return ID_MATCH_NONE; + + return this->subject->matches(this->subject, subject); } -/** - * Implementation of certificate_t.has_subject. - */ -static id_match_t has_issuer(private_pubkey_cert_t *this, - identification_t *issuer) +METHOD(certificate_t, has_issuer, id_match_t, + private_pubkey_cert_t *this, identification_t *issuer) { return ID_MATCH_NONE; } -/** - * Implementation of certificate_t.equals. - */ -static bool equals(private_pubkey_cert_t *this, certificate_t *other) +METHOD(certificate_t, equals, bool, + private_pubkey_cert_t *this, certificate_t *other) { public_key_t *other_key; @@ -126,62 +125,52 @@ static bool equals(private_pubkey_cert_t *this, certificate_t *other) return FALSE; } -/** - * Implementation of certificate_t.issued_by - */ -static bool issued_by(private_pubkey_cert_t *this, certificate_t *issuer) +METHOD(certificate_t, issued_by, bool, + private_pubkey_cert_t *this, certificate_t *issuer) { return equals(this, issuer); } -/** - * Implementation of certificate_t.get_public_key - */ -static public_key_t* get_public_key(private_pubkey_cert_t *this) +METHOD(certificate_t, get_public_key, public_key_t*, + private_pubkey_cert_t *this) { this->key->get_ref(this->key); return this->key; } -/** - * Implementation of certificate_t.get_validity. - */ -static bool get_validity(private_pubkey_cert_t *this, time_t *when, - time_t *not_before, time_t *not_after) +METHOD(certificate_t, get_validity, bool, + private_pubkey_cert_t *this, time_t *when, time_t *not_before, + time_t *not_after) { + time_t t = when ? *when : time(NULL); + if (not_before) { - *not_before = 0; + *not_before = this->notBefore; } if (not_after) { - *not_after = ~0; + *not_after = this->notAfter; } - return TRUE; + return ((this->notBefore == UNDEFINED_TIME || t >= this->notBefore) && + (this->notAfter == UNDEFINED_TIME || t <= this->notAfter)); } -/** - * Implementation of certificate_t.get_encoding. - */ -static bool get_encoding(private_pubkey_cert_t *this, cred_encoding_type_t type, - chunk_t *encoding) +METHOD(certificate_t, get_encoding, bool, + private_pubkey_cert_t *this, cred_encoding_type_t type, chunk_t *encoding) { - return this->key->get_encoding(this->key, PUBKEY_ASN1_DER, encoding); + return this->key->get_encoding(this->key, type, encoding); } -/** - * Implementation of certificate_t.get_ref - */ -static private_pubkey_cert_t* get_ref(private_pubkey_cert_t *this) +METHOD(certificate_t, get_ref, certificate_t*, + private_pubkey_cert_t *this) { ref_get(&this->ref); - return this; + return &this->public.interface; } -/** - * Implementation of pubkey_cert_t.destroy - */ -static void destroy(private_pubkey_cert_t *this) +METHOD(certificate_t, destroy, void, + private_pubkey_cert_t *this) { if (ref_put(&this->ref)) { @@ -195,28 +184,42 @@ static void destroy(private_pubkey_cert_t *this) /* * see header file */ -static pubkey_cert_t *pubkey_cert_create(public_key_t *key) +static pubkey_cert_t *pubkey_cert_create(public_key_t *key, + time_t notBefore, time_t notAfter, + identification_t *subject) { - private_pubkey_cert_t *this = malloc_thing(private_pubkey_cert_t); + private_pubkey_cert_t *this; chunk_t fingerprint; - this->public.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type; - this->public.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject; - this->public.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; - this->public.interface.has_subject = (id_match_t (*)(certificate_t*, identification_t *subject))has_subject; - this->public.interface.has_issuer = (id_match_t (*)(certificate_t*, identification_t *issuer))has_issuer; - this->public.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by; - this->public.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key; - this->public.interface.get_validity = (bool (*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity; - this->public.interface.get_encoding = (bool (*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding; - this->public.interface.equals = (bool (*)(certificate_t*, certificate_t *other))equals; - this->public.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref; - this->public.interface.destroy = (void (*)(certificate_t *this))destroy; - - this->ref = 1; - this->key = key; - this->issuer = identification_create_from_encoding(ID_ANY, chunk_empty); - if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &fingerprint)) + INIT(this, + .public = { + .interface = { + .get_type = _get_type, + .get_subject = _get_subject, + .get_issuer = _get_issuer, + .has_subject = _has_subject, + .has_issuer = _has_issuer, + .issued_by = _issued_by, + .get_public_key = _get_public_key, + .get_validity = _get_validity, + .get_encoding = _get_encoding, + .equals = _equals, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + .ref = 1, + .key = key, + .notBefore = notBefore, + .notAfter = notAfter, + .issuer = identification_create_from_encoding(ID_ANY, chunk_empty), + ); + + if (subject) + { + this->subject = subject->clone(subject); + } + else if (key->get_fingerprint(key, KEYID_PUBKEY_INFO_SHA1, &fingerprint)) { this->subject = identification_create_from_encoding(ID_KEY_ID, fingerprint); } @@ -235,6 +238,8 @@ pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args) { public_key_t *key = NULL; chunk_t blob = chunk_empty; + identification_t *subject = NULL; + time_t notBefore = UNDEFINED_TIME, notAfter = UNDEFINED_TIME; while (TRUE) { @@ -246,6 +251,15 @@ pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args) case BUILD_PUBLIC_KEY: key = va_arg(args, public_key_t*); continue; + case BUILD_NOT_BEFORE_TIME: + notBefore = va_arg(args, time_t); + continue; + case BUILD_NOT_AFTER_TIME: + notAfter = va_arg(args, time_t); + continue; + case BUILD_SUBJECT: + subject = va_arg(args, identification_t*); + continue; case BUILD_END: break; default: @@ -264,7 +278,7 @@ pubkey_cert_t *pubkey_cert_wrap(certificate_type_t type, va_list args) } if (key) { - return pubkey_cert_create(key); + return pubkey_cert_create(key, notBefore, notAfter, subject); } return NULL; } diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c index ae6607e5a..92bfc2e63 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c @@ -37,11 +37,19 @@ METHOD(plugin_t, get_name, char*, return "pubkey"; } +METHOD(plugin_t, get_features, int, + private_pubkey_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(CERT_ENCODE, pubkey_cert_wrap, FALSE), + PLUGIN_PROVIDE(CERT_ENCODE, CERT_TRUSTED_PUBKEY), + }; + *features = f; + return countof(f); +} METHOD(plugin_t, destroy, void, private_pubkey_plugin_t *this) { - lib->creds->remove_builder(lib->creds, - (builder_function_t)pubkey_cert_wrap); free(this); } @@ -56,15 +64,12 @@ plugin_t *pubkey_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, FALSE, - (builder_function_t)pubkey_cert_wrap); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index 761d2c96e..9b549b071 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -193,6 +193,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -201,6 +204,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -217,11 +221,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,6 +271,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c index 00202a5a6..7f81e2622 100644 --- a/src/libstrongswan/plugins/random/random_plugin.c +++ b/src/libstrongswan/plugins/random/random_plugin.c @@ -37,11 +37,21 @@ METHOD(plugin_t, get_name, char*, return "random"; } +METHOD(plugin_t, get_features, int, + private_random_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(RNG, random_rng_create), + PLUGIN_PROVIDE(RNG, RNG_STRONG), + PLUGIN_PROVIDE(RNG, RNG_TRUE), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_random_plugin_t *this) { - lib->crypto->remove_rng(lib->crypto, - (rng_constructor_t)random_rng_create); free(this); } @@ -56,17 +66,12 @@ plugin_t *random_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, get_name(this), - (rng_constructor_t)random_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, get_name(this), - (rng_constructor_t)random_rng_create); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index e8856b7d7..a78762c82 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -195,6 +195,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -203,6 +206,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -219,11 +223,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -267,6 +273,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index def169275..34f347d1a 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -404,7 +404,15 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, { DBG1(DBG_CFG, "certificate was revoked on %T, reason: %N", &revocation, TRUE, crl_reason_names, reason); - *valid = VALIDATION_REVOKED; + if (reason != CRL_REASON_CERTIFICATE_HOLD) + { + *valid = VALIDATION_REVOKED; + } + else + { + /* if the cert is on hold, a newer CRL might not contain it */ + *valid = VALIDATION_ON_HOLD; + } enumerator->destroy(enumerator); DESTROY_IF(best); return cand; @@ -681,6 +689,7 @@ METHOD(cert_validator_t, validate, bool, DBG1(DBG_CFG, "certificate status is good"); return TRUE; case VALIDATION_REVOKED: + case VALIDATION_ON_HOLD: /* has already been logged */ return FALSE; case VALIDATION_SKIPPED: @@ -700,6 +709,7 @@ METHOD(cert_validator_t, validate, bool, DBG1(DBG_CFG, "certificate status is good"); return TRUE; case VALIDATION_REVOKED: + case VALIDATION_ON_HOLD: /* has already been logged */ return FALSE; case VALIDATION_FAILED: diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index b4b275648..f59c7516d 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -200,6 +203,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -216,11 +220,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.c b/src/libstrongswan/plugins/sha1/sha1_hasher.c index 85bc89f37..4d69ad5a4 100644 --- a/src/libstrongswan/plugins/sha1/sha1_hasher.c +++ b/src/libstrongswan/plugins/sha1/sha1_hasher.c @@ -175,10 +175,8 @@ static void SHA1Final(private_sha1_hasher_t *this, u_int8_t *digest) } } -/** - * Implementation of hasher_t.reset. - */ -static void reset(private_sha1_hasher_t *this) +METHOD(hasher_t, reset, void, + private_sha1_hasher_t *this) { this->state[0] = 0x67452301; this->state[1] = 0xEFCDAB89; @@ -189,10 +187,8 @@ static void reset(private_sha1_hasher_t *this) this->count[1] = 0; } -/** - * Implementation of hasher_t.get_hash. - */ -static void get_hash(private_sha1_hasher_t *this, chunk_t chunk, u_int8_t *buffer) +METHOD(hasher_t, get_hash, void, + private_sha1_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { SHA1Update(this, chunk.ptr, chunk.len); if (buffer != NULL) @@ -202,10 +198,8 @@ static void get_hash(private_sha1_hasher_t *this, chunk_t chunk, u_int8_t *buffe } } -/** - * Implementation of hasher_t.allocate_hash. - */ -static void allocate_hash(private_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash) +METHOD(hasher_t, allocate_hash, void, + private_sha1_hasher_t *this, chunk_t chunk, chunk_t *hash) { SHA1Update(this, chunk.ptr, chunk.len); if (hash != NULL) @@ -218,18 +212,14 @@ static void allocate_hash(private_sha1_hasher_t *this, chunk_t chunk, chunk_t *h } } -/** - * Implementation of hasher_t.get_hash_size. - */ -static size_t get_hash_size(private_sha1_hasher_t *this) +METHOD(hasher_t, get_hash_size, size_t, + private_sha1_hasher_t *this) { return HASH_SIZE_SHA1; } -/** - * Implementation of hasher_t.destroy. - */ -static void destroy(private_sha1_hasher_t *this) +METHOD(hasher_t, destroy, void, + private_sha1_hasher_t *this) { free(this); } @@ -240,16 +230,23 @@ static void destroy(private_sha1_hasher_t *this) sha1_hasher_t *sha1_hasher_create(hash_algorithm_t algo) { private_sha1_hasher_t *this; + if (algo != HASH_SHA1) { return NULL; } - this = malloc_thing(private_sha1_hasher_t); - this->public.hasher_interface.get_hash = (void (*) (hasher_t*, chunk_t, u_int8_t*))get_hash; - this->public.hasher_interface.allocate_hash = (void (*) (hasher_t*, chunk_t, chunk_t*))allocate_hash; - this->public.hasher_interface.get_hash_size = (size_t (*) (hasher_t*))get_hash_size; - this->public.hasher_interface.reset = (void (*) (hasher_t*))reset; - this->public.hasher_interface.destroy = (void (*) (hasher_t*))destroy; + + INIT(this, + .public = { + .hasher_interface = { + .get_hash = _get_hash, + .allocate_hash = _allocate_hash, + .get_hash_size = _get_hash_size, + .reset = _reset, + .destroy = _destroy, + }, + }, + ); /* initialize */ reset(this); diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.c b/src/libstrongswan/plugins/sha1/sha1_plugin.c index a9b84e790..66c80b292 100644 --- a/src/libstrongswan/plugins/sha1/sha1_plugin.c +++ b/src/libstrongswan/plugins/sha1/sha1_plugin.c @@ -38,13 +38,22 @@ METHOD(plugin_t, get_name, char*, return "sha1"; } +METHOD(plugin_t, get_features, int, + private_sha1_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(HASHER, sha1_hasher_create), + PLUGIN_PROVIDE(HASHER, HASH_SHA1), + PLUGIN_REGISTER(PRF, sha1_prf_create), + PLUGIN_PROVIDE(PRF, PRF_KEYED_SHA1), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_sha1_plugin_t *this) { - lib->crypto->remove_hasher(lib->crypto, - (hasher_constructor_t)sha1_hasher_create); - lib->crypto->remove_prf(lib->crypto, - (prf_constructor_t)sha1_prf_create); free(this); } @@ -59,17 +68,12 @@ plugin_t *sha1_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), - (hasher_constructor_t)sha1_hasher_create); - lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, get_name(this), - (prf_constructor_t)sha1_prf_create); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.c b/src/libstrongswan/plugins/sha1/sha1_prf.c index a68779d37..11f588c9d 100644 --- a/src/libstrongswan/plugins/sha1/sha1_prf.c +++ b/src/libstrongswan/plugins/sha1/sha1_prf.c @@ -59,10 +59,8 @@ struct private_sha1_prf_t { */ extern void SHA1Update(private_sha1_hasher_t* this, u_int8_t *data, u_int32_t len); -/** - * Implementation of prf_t.get_bytes. - */ -static void get_bytes(private_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes) +METHOD(prf_t, get_bytes, void, + private_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes) { u_int32_t *hash = (u_int32_t*)bytes; @@ -75,35 +73,27 @@ static void get_bytes(private_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes) hash[4] = htonl(this->hasher->state[4]); } -/** - * Implementation of prf_t.get_block_size. - */ -static size_t get_block_size(private_sha1_prf_t *this) +METHOD(prf_t, get_block_size, size_t, + private_sha1_prf_t *this) { return HASH_SIZE_SHA1; } -/** - * Implementation of prf_t.allocate_bytes. - */ -static void allocate_bytes(private_sha1_prf_t *this, chunk_t seed, chunk_t *chunk) +METHOD(prf_t, allocate_bytes, void, + private_sha1_prf_t *this, chunk_t seed, chunk_t *chunk) { *chunk = chunk_alloc(HASH_SIZE_SHA1); get_bytes(this, seed, chunk->ptr); } -/** - * Implementation of prf_t.get_key_size. - */ -static size_t get_key_size(private_sha1_prf_t *this) +METHOD(prf_t, get_key_size, size_t, + private_sha1_prf_t *this) { return sizeof(this->hasher->state); } -/** - * Implementation of prf_t.set_key. - */ -static void set_key(private_sha1_prf_t *this, chunk_t key) +METHOD(prf_t, set_key, void, + private_sha1_prf_t *this, chunk_t key) { int i, rounds; u_int32_t *iv = (u_int32_t*)key.ptr; @@ -116,10 +106,8 @@ static void set_key(private_sha1_prf_t *this, chunk_t key) } } -/** - * Implementation of prf_t.destroy. - */ -static void destroy(private_sha1_prf_t *this) +METHOD(prf_t, destroy, void, + private_sha1_prf_t *this) { this->hasher->public.hasher_interface.destroy(&this->hasher->public.hasher_interface); free(this); @@ -131,19 +119,25 @@ static void destroy(private_sha1_prf_t *this) sha1_prf_t *sha1_prf_create(pseudo_random_function_t algo) { private_sha1_prf_t *this; + if (algo != PRF_KEYED_SHA1) { return NULL; } - this = malloc_thing(private_sha1_prf_t); - this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes; - this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes; - this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size; - this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; - this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; - this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; - - this->hasher = (private_sha1_hasher_t*)sha1_hasher_create(HASH_SHA1); + + INIT(this, + .public = { + .prf_interface = { + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .get_block_size = _get_block_size, + .get_key_size = _get_key_size, + .set_key = _set_key, + .destroy = _destroy, + }, + }, + .hasher = (private_sha1_hasher_t*)sha1_hasher_create(HASH_SHA1), + ); return &this->public; } diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index bdc235555..c99f30e43 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -191,6 +191,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -199,6 +202,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -215,11 +219,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -263,6 +269,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.c b/src/libstrongswan/plugins/sha2/sha2_hasher.c index d407fad1b..60fe4bd20 100644 --- a/src/libstrongswan/plugins/sha2/sha2_hasher.c +++ b/src/libstrongswan/plugins/sha2/sha2_hasher.c @@ -426,71 +426,90 @@ static void sha512_final(private_sha512_hasher_t *ctx) } while(++j < 8); } -/** - * Implementation of hasher_t.get_hash for SHA224. - */ -static void get_hash224(private_sha256_hasher_t *this, - chunk_t chunk, u_int8_t *buffer) +METHOD(hasher_t, reset224, void, + private_sha256_hasher_t *this) +{ + memcpy(&this->sha_H[0], &sha224_hashInit[0], sizeof(this->sha_H)); + this->sha_blocks = 0; + this->sha_bufCnt = 0; +} + +METHOD(hasher_t, reset256, void, + private_sha256_hasher_t *this) +{ + memcpy(&this->sha_H[0], &sha256_hashInit[0], sizeof(this->sha_H)); + this->sha_blocks = 0; + this->sha_bufCnt = 0; +} + +METHOD(hasher_t, reset384, void, + private_sha512_hasher_t *this) +{ + memcpy(&this->sha_H[0], &sha384_hashInit[0], sizeof(this->sha_H)); + this->sha_blocks = 0; + this->sha_blocksMSB = 0; + this->sha_bufCnt = 0; +} + +METHOD(hasher_t, reset512, void, + private_sha512_hasher_t *this) +{ + memcpy(&this->sha_H[0], &sha512_hashInit[0], sizeof(this->sha_H)); + this->sha_blocks = 0; + this->sha_blocksMSB = 0; + this->sha_bufCnt = 0; +} + +METHOD(hasher_t, get_hash224, void, + private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { sha256_write(this, chunk.ptr, chunk.len); if (buffer != NULL) { sha256_final(this); memcpy(buffer, this->sha_out, HASH_SIZE_SHA224); - this->public.hasher_interface.reset(&(this->public.hasher_interface)); + reset224(this); } } -/** - * Implementation of hasher_t.get_hash for SHA256. - */ -static void get_hash256(private_sha256_hasher_t *this, - chunk_t chunk, u_int8_t *buffer) +METHOD(hasher_t, get_hash256, void, + private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { sha256_write(this, chunk.ptr, chunk.len); if (buffer != NULL) { sha256_final(this); memcpy(buffer, this->sha_out, HASH_SIZE_SHA256); - this->public.hasher_interface.reset(&(this->public.hasher_interface)); + reset256(this); } } -/** - * Implementation of hasher_t.get_hash for SHA384. - */ -static void get_hash384(private_sha512_hasher_t *this, - chunk_t chunk, u_int8_t *buffer) +METHOD(hasher_t, get_hash384, void, + private_sha512_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { sha512_write(this, chunk.ptr, chunk.len); if (buffer != NULL) { sha512_final(this); memcpy(buffer, this->sha_out, HASH_SIZE_SHA384); - this->public.hasher_interface.reset(&(this->public.hasher_interface)); + reset384(this); } } -/** - * Implementation of hasher_t.get_hash for SHA512. - */ -static void get_hash512(private_sha512_hasher_t *this, - chunk_t chunk, u_int8_t *buffer) +METHOD(hasher_t, get_hash512, void, + private_sha512_hasher_t *this, chunk_t chunk, u_int8_t *buffer) { sha512_write(this, chunk.ptr, chunk.len); if (buffer != NULL) { sha512_final(this); memcpy(buffer, this->sha_out, HASH_SIZE_SHA512); - this->public.hasher_interface.reset(&(this->public.hasher_interface)); + reset512(this); } } -/** - * Implementation of hasher_t.allocate_hash for SHA224. - */ -static void allocate_hash224(private_sha256_hasher_t *this, - chunk_t chunk, chunk_t *hash) +METHOD(hasher_t, allocate_hash224, void, + private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; @@ -500,16 +519,13 @@ static void allocate_hash224(private_sha256_hasher_t *this, sha256_final(this); allocated_hash = chunk_alloc(HASH_SIZE_SHA224); memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA224); - this->public.hasher_interface.reset(&(this->public.hasher_interface)); + reset224(this); *hash = allocated_hash; } } -/** - * Implementation of hasher_t.allocate_hash for SHA256. - */ -static void allocate_hash256(private_sha256_hasher_t *this, - chunk_t chunk, chunk_t *hash) +METHOD(hasher_t, allocate_hash256, void, + private_sha256_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; @@ -519,16 +535,13 @@ static void allocate_hash256(private_sha256_hasher_t *this, sha256_final(this); allocated_hash = chunk_alloc(HASH_SIZE_SHA256); memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA256); - this->public.hasher_interface.reset(&(this->public.hasher_interface)); + reset256(this); *hash = allocated_hash; } } -/** - * Implementation of hasher_t.allocate_hash for SHA384. - */ -static void allocate_hash384(private_sha512_hasher_t *this, - chunk_t chunk, chunk_t *hash) +METHOD(hasher_t, allocate_hash384, void, + private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; @@ -538,16 +551,13 @@ static void allocate_hash384(private_sha512_hasher_t *this, sha512_final(this); allocated_hash = chunk_alloc(HASH_SIZE_SHA384); memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA384); - this->public.hasher_interface.reset(&(this->public.hasher_interface)); + reset384(this); *hash = allocated_hash; } } -/** - * Implementation of hasher_t.allocate_hash for SHA512. - */ -static void allocate_hash512(private_sha512_hasher_t *this, - chunk_t chunk, chunk_t *hash) +METHOD(hasher_t, allocate_hash512, void, + private_sha512_hasher_t *this, chunk_t chunk, chunk_t *hash) { chunk_t allocated_hash; @@ -557,89 +567,37 @@ static void allocate_hash512(private_sha512_hasher_t *this, sha512_final(this); allocated_hash = chunk_alloc(HASH_SIZE_SHA512); memcpy(allocated_hash.ptr, this->sha_out, HASH_SIZE_SHA512); - this->public.hasher_interface.reset(&(this->public.hasher_interface)); + reset512(this); *hash = allocated_hash; } } -/** - * Implementation of hasher_t.get_hash_size for SHA224. - */ -static size_t get_hash_size224(private_sha256_hasher_t *this) +METHOD(hasher_t, get_hash_size224, size_t, + private_sha256_hasher_t *this) { return HASH_SIZE_SHA224; } -/** - * Implementation of hasher_t.get_hash_size for SHA256. - */ -static size_t get_hash_size256(private_sha256_hasher_t *this) +METHOD(hasher_t, get_hash_size256, size_t, + private_sha256_hasher_t *this) { return HASH_SIZE_SHA256; } -/** - * Implementation of hasher_t.get_hash_size for SHA384. - */ -static size_t get_hash_size384(private_sha512_hasher_t *this) +METHOD(hasher_t, get_hash_size384, size_t, + private_sha512_hasher_t *this) { return HASH_SIZE_SHA384; } -/** - * Implementation of hasher_t.get_hash_size for SHA512. - */ -static size_t get_hash_size512(private_sha512_hasher_t *this) +METHOD(hasher_t, get_hash_size512, size_t, + private_sha512_hasher_t *this) { return HASH_SIZE_SHA512; } -/** - * Implementation of hasher_t.reset for SHA224 - */ -static void reset224(private_sha256_hasher_t *ctx) -{ - memcpy(&ctx->sha_H[0], &sha224_hashInit[0], sizeof(ctx->sha_H)); - ctx->sha_blocks = 0; - ctx->sha_bufCnt = 0; -} - -/** - * Implementation of hasher_t.reset for SHA256 - */ -static void reset256(private_sha256_hasher_t *ctx) -{ - memcpy(&ctx->sha_H[0], &sha256_hashInit[0], sizeof(ctx->sha_H)); - ctx->sha_blocks = 0; - ctx->sha_bufCnt = 0; -} - -/** - * Implementation of hasher_t.reset for SHA384 - */ -static void reset384(private_sha512_hasher_t *ctx) -{ - memcpy(&ctx->sha_H[0], &sha384_hashInit[0], sizeof(ctx->sha_H)); - ctx->sha_blocks = 0; - ctx->sha_blocksMSB = 0; - ctx->sha_bufCnt = 0; -} - -/** - * Implementation of hasher_t.reset for SHA512 - */ -static void reset512(private_sha512_hasher_t *ctx) -{ - memcpy(&ctx->sha_H[0], &sha512_hashInit[0], sizeof(ctx->sha_H)); - ctx->sha_blocks = 0; - ctx->sha_blocksMSB = 0; - ctx->sha_bufCnt = 0; -} - -/** - * Implementation of hasher_t.destroy. - */ -static void destroy(sha2_hasher_t *this) +METHOD(hasher_t, destroy, void, + sha2_hasher_t *this) { free(this); } @@ -649,46 +607,81 @@ static void destroy(sha2_hasher_t *this) */ sha2_hasher_t *sha2_hasher_create(hash_algorithm_t algorithm) { - sha2_hasher_t *this; - switch (algorithm) { case HASH_SHA224: - this = (sha2_hasher_t*)malloc_thing(private_sha256_hasher_t); - this->hasher_interface.reset = (void(*)(hasher_t*))reset224; - this->hasher_interface.get_hash_size = (size_t(*)(hasher_t*))get_hash_size224; - this->hasher_interface.get_hash = (void(*)(hasher_t*,chunk_t,u_int8_t*))get_hash224; - this->hasher_interface.allocate_hash = (void(*)(hasher_t*,chunk_t,chunk_t*))allocate_hash224; - break; + { + private_sha256_hasher_t *this; + + INIT(this, + .public = { + .hasher_interface = { + .reset = _reset224, + .get_hash_size = _get_hash_size224, + .get_hash = _get_hash224, + .allocate_hash = _allocate_hash224, + .destroy = _destroy, + }, + }, + ); + reset224(this); + return &this->public; + } case HASH_SHA256: - this = (sha2_hasher_t*)malloc_thing(private_sha256_hasher_t); - this->hasher_interface.reset = (void(*)(hasher_t*))reset256; - this->hasher_interface.get_hash_size = (size_t(*)(hasher_t*))get_hash_size256; - this->hasher_interface.get_hash = (void(*)(hasher_t*,chunk_t,u_int8_t*))get_hash256; - this->hasher_interface.allocate_hash = (void(*)(hasher_t*,chunk_t,chunk_t*))allocate_hash256; - break; + { + private_sha256_hasher_t *this; + + INIT(this, + .public = { + .hasher_interface = { + .reset = _reset256, + .get_hash_size = _get_hash_size256, + .get_hash = _get_hash256, + .allocate_hash = _allocate_hash256, + .destroy = _destroy, + }, + }, + ); + reset256(this); + return &this->public; + } case HASH_SHA384: - /* uses SHA512 data structure */ - this = (sha2_hasher_t*)malloc_thing(private_sha512_hasher_t); - this->hasher_interface.reset = (void(*)(hasher_t*))reset384; - this->hasher_interface.get_hash_size = (size_t(*)(hasher_t*))get_hash_size384; - this->hasher_interface.get_hash = (void(*)(hasher_t*,chunk_t,u_int8_t*))get_hash384; - this->hasher_interface.allocate_hash = (void(*)(hasher_t*,chunk_t,chunk_t*))allocate_hash384; - break; + { + private_sha512_hasher_t *this; + + INIT(this, + .public = { + .hasher_interface = { + .reset = _reset384, + .get_hash_size = _get_hash_size384, + .get_hash = _get_hash384, + .allocate_hash = _allocate_hash384, + .destroy = _destroy, + }, + }, + ); + reset384(this); + return &this->public; + } case HASH_SHA512: - this = (sha2_hasher_t*)malloc_thing(private_sha512_hasher_t); - this->hasher_interface.reset = (void(*)(hasher_t*))reset512; - this->hasher_interface.get_hash_size = (size_t(*)(hasher_t*))get_hash_size512; - this->hasher_interface.get_hash = (void(*)(hasher_t*,chunk_t,u_int8_t*))get_hash512; - this->hasher_interface.allocate_hash = (void(*)(hasher_t*,chunk_t,chunk_t*))allocate_hash512; - break; + { + private_sha512_hasher_t *this; + + INIT(this, + .public = { + .hasher_interface = { + .reset = _reset512, + .get_hash_size = _get_hash_size512, + .get_hash = _get_hash512, + .allocate_hash = _allocate_hash512, + .destroy = _destroy, + }, + }, + ); + reset512(this); + return &this->public; + } default: return NULL; } - this->hasher_interface.destroy = (void(*)(hasher_t*))destroy; - - /* initialize */ - this->hasher_interface.reset(&this->hasher_interface); - - return this; } diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.c b/src/libstrongswan/plugins/sha2/sha2_plugin.c index 4ec03a268..94a7ccd61 100644 --- a/src/libstrongswan/plugins/sha2/sha2_plugin.c +++ b/src/libstrongswan/plugins/sha2/sha2_plugin.c @@ -37,11 +37,23 @@ METHOD(plugin_t, get_name, char*, return "sha2"; } +METHOD(plugin_t, get_features, int, + private_sha2_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(HASHER, sha2_hasher_create), + PLUGIN_PROVIDE(HASHER, HASH_SHA224), + PLUGIN_PROVIDE(HASHER, HASH_SHA256), + PLUGIN_PROVIDE(HASHER, HASH_SHA384), + PLUGIN_PROVIDE(HASHER, HASH_SHA512), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_sha2_plugin_t *this) { - lib->crypto->remove_hasher(lib->crypto, - (hasher_constructor_t)sha2_hasher_create); free(this); } @@ -56,21 +68,12 @@ plugin_t *sha2_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, get_name(this), - (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this), - (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this), - (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this), - (hasher_constructor_t)sha2_hasher_create); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in index ec370d38c..ce4b07769 100644 --- a/src/libstrongswan/plugins/soup/Makefile.in +++ b/src/libstrongswan/plugins/soup/Makefile.in @@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -200,6 +203,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -216,11 +220,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/soup/soup_plugin.c b/src/libstrongswan/plugins/soup/soup_plugin.c index 22c8762e0..b21b28b9f 100644 --- a/src/libstrongswan/plugins/soup/soup_plugin.c +++ b/src/libstrongswan/plugins/soup/soup_plugin.c @@ -40,11 +40,21 @@ METHOD(plugin_t, get_name, char*, return "soup"; } +METHOD(plugin_t, get_features, int, + private_soup_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(FETCHER, soup_fetcher_create), + PLUGIN_PROVIDE(FETCHER, "http://"), + PLUGIN_PROVIDE(FETCHER, "https://"), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_soup_plugin_t *this) { - lib->fetcher->remove_fetcher(lib->fetcher, - (fetcher_constructor_t)soup_fetcher_create); free(this); } @@ -65,16 +75,11 @@ plugin_t *soup_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->fetcher->add_fetcher(lib->fetcher, - (fetcher_constructor_t)soup_fetcher_create, "http://"); - lib->fetcher->add_fetcher(lib->fetcher, - (fetcher_constructor_t)soup_fetcher_create, "https://"); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index e2ec799a9..391827724 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -194,6 +194,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -202,6 +205,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -218,11 +222,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -266,6 +272,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c index d8c6a560c..f554a9e4f 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c @@ -37,11 +37,20 @@ METHOD(plugin_t, get_name, char*, return "sqlite"; } +METHOD(plugin_t, get_features, int, + private_sqlite_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(DATABASE, sqlite_database_create), + PLUGIN_PROVIDE(DATABASE, DB_SQLITE), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_sqlite_plugin_t *this) { - lib->db->remove_database(lib->db, - (database_constructor_t)sqlite_database_create); free(this); } @@ -56,15 +65,12 @@ plugin_t *sqlite_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->db->add_database(lib->db, - (database_constructor_t)sqlite_database_create); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.am b/src/libstrongswan/plugins/test_vectors/Makefile.am index 049301977..5280300a8 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.am +++ b/src/libstrongswan/plugins/test_vectors/Makefile.am @@ -15,6 +15,7 @@ libstrongswan_test_vectors_la_SOURCES = \ test_vectors/aes_cbc.c \ test_vectors/aes_ctr.c \ test_vectors/aes_xcbc.c \ + test_vectors/aes_cmac.c \ test_vectors/aes_ccm.c \ test_vectors/aes_gcm.c \ test_vectors/blowfish.c \ diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 70cdfd600..7e0271b13 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -76,11 +76,12 @@ am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_test_vectors_la_LIBADD = am_libstrongswan_test_vectors_la_OBJECTS = test_vectors_plugin.lo \ - 3des_cbc.lo aes_cbc.lo aes_ctr.lo aes_xcbc.lo aes_ccm.lo \ - aes_gcm.lo blowfish.lo camellia_cbc.lo camellia_ctr.lo \ - camellia_xcbc.lo cast.lo des.lo idea.lo null.lo rc5.lo \ - serpent_cbc.lo twofish_cbc.lo md2.lo md4.lo md5.lo md5_hmac.lo \ - sha1.lo sha1_hmac.lo sha2.lo sha2_hmac.lo fips_prf.lo rng.lo + 3des_cbc.lo aes_cbc.lo aes_ctr.lo aes_xcbc.lo aes_cmac.lo \ + aes_ccm.lo aes_gcm.lo blowfish.lo camellia_cbc.lo \ + camellia_ctr.lo camellia_xcbc.lo cast.lo des.lo idea.lo \ + null.lo rc5.lo serpent_cbc.lo twofish_cbc.lo md2.lo md4.lo \ + md5.lo md5_hmac.lo sha1.lo sha1_hmac.lo sha2.lo sha2_hmac.lo \ + fips_prf.lo rng.lo libstrongswan_test_vectors_la_OBJECTS = \ $(am_libstrongswan_test_vectors_la_OBJECTS) libstrongswan_test_vectors_la_LINK = $(LIBTOOL) --tag=CC \ @@ -199,6 +200,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -207,6 +211,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -223,11 +228,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -271,6 +278,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ @@ -291,6 +299,7 @@ libstrongswan_test_vectors_la_SOURCES = \ test_vectors/aes_cbc.c \ test_vectors/aes_ctr.c \ test_vectors/aes_xcbc.c \ + test_vectors/aes_cmac.c \ test_vectors/aes_ccm.c \ test_vectors/aes_gcm.c \ test_vectors/blowfish.c \ @@ -402,6 +411,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/3des_cbc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_cbc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_ccm.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_cmac.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_ctr.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_gcm.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aes_xcbc.Plo@am__quote@ @@ -477,6 +487,13 @@ aes_xcbc.lo: test_vectors/aes_xcbc.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_xcbc.lo `test -f 'test_vectors/aes_xcbc.c' || echo '$(srcdir)/'`test_vectors/aes_xcbc.c +aes_cmac.lo: test_vectors/aes_cmac.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_cmac.lo -MD -MP -MF $(DEPDIR)/aes_cmac.Tpo -c -o aes_cmac.lo `test -f 'test_vectors/aes_cmac.c' || echo '$(srcdir)/'`test_vectors/aes_cmac.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_cmac.Tpo $(DEPDIR)/aes_cmac.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='test_vectors/aes_cmac.c' object='aes_cmac.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_cmac.lo `test -f 'test_vectors/aes_cmac.c' || echo '$(srcdir)/'`test_vectors/aes_cmac.c + aes_ccm.lo: test_vectors/aes_ccm.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_ccm.lo -MD -MP -MF $(DEPDIR)/aes_ccm.Tpo -c -o aes_ccm.lo `test -f 'test_vectors/aes_ccm.c' || echo '$(srcdir)/'`test_vectors/aes_ccm.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/aes_ccm.Tpo $(DEPDIR)/aes_ccm.Plo diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors.h b/src/libstrongswan/plugins/test_vectors/test_vectors.h index ab4689c1c..40fb51da6 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors.h +++ b/src/libstrongswan/plugins/test_vectors/test_vectors.h @@ -91,6 +91,10 @@ TEST_VECTOR_SIGNER(aes_xcbc_s2) TEST_VECTOR_SIGNER(aes_xcbc_s3) TEST_VECTOR_SIGNER(aes_xcbc_s4) TEST_VECTOR_SIGNER(aes_xcbc_s5) +TEST_VECTOR_SIGNER(aes_cmac_s1) +TEST_VECTOR_SIGNER(aes_cmac_s2) +TEST_VECTOR_SIGNER(aes_cmac_s3) +TEST_VECTOR_SIGNER(aes_cmac_s4) TEST_VECTOR_SIGNER(camellia_xcbc_s1) TEST_VECTOR_SIGNER(md5_hmac_s1) TEST_VECTOR_SIGNER(md5_hmac_s2) @@ -156,6 +160,13 @@ TEST_VECTOR_PRF(aes_xcbc_p4) TEST_VECTOR_PRF(aes_xcbc_p5) TEST_VECTOR_PRF(aes_xcbc_p6) TEST_VECTOR_PRF(aes_xcbc_p7) +TEST_VECTOR_PRF(aes_cmac_p1) +TEST_VECTOR_PRF(aes_cmac_p2) +TEST_VECTOR_PRF(aes_cmac_p3) +TEST_VECTOR_PRF(aes_cmac_p4) +TEST_VECTOR_PRF(aes_cmac_p5) +TEST_VECTOR_PRF(aes_cmac_p6) +TEST_VECTOR_PRF(aes_cmac_p7) TEST_VECTOR_PRF(camellia_xcbc_p1) TEST_VECTOR_PRF(camellia_xcbc_p2) TEST_VECTOR_PRF(camellia_xcbc_p3) diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c new file mode 100644 index 000000000..cc4121424 --- /dev/null +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/aes_cmac.c @@ -0,0 +1,141 @@ +/* + * Copyright (C) 2012 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the Licenseor (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be usefulbut + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <crypto/crypto_tester.h> + +/** + * RFC 4493 Example #1: AES-CMAC with 0-byte input + */ +prf_test_vector_t aes_cmac_p1 = { + .alg = PRF_AES128_CMAC, .key_size = 16, .len = 0, + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .seed = "", + .out = "\xbb\x1d\x69\x29\xe9\x59\x37\x28\x7f\xa3\x7d\x12\x9b\x75\x67\x46" +}; + +/** + * RFC 4493 Example #2: AES-CMAC with 16-byte input + */ +prf_test_vector_t aes_cmac_p2 = { + .alg = PRF_AES128_CMAC, .key_size = 16, .len = 16, + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .seed = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", + .out = "\x07\x0a\x16\xb4\x6b\x4d\x41\x44\xf7\x9b\xdd\x9d\xd0\x4a\x28\x7c" +}; + +/** + * RFC 4493 Example #3: AES-CMAC with 40-byte input + */ +prf_test_vector_t aes_cmac_p3 = { + .alg = PRF_AES128_CMAC, .key_size = 16, .len = 40, + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .seed = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", + .out = "\xdf\xa6\x67\x47\xde\x9a\xe6\x30\x30\xca\x32\x61\x14\x97\xc8\x27" +}; + +/** + * RFC 4493 Example #4: AES-CMAC with 64-byte input + */ +prf_test_vector_t aes_cmac_p4 = { + .alg = PRF_AES128_CMAC, .key_size = 16, .len = 64, + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .seed = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" + "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", + .out = "\x51\xf0\xbe\xbf\x7e\x3b\x9d\x92\xfc\x49\x74\x17\x79\x36\x3c\xfe" +}; + +/** + * RFC 4615 Test Case #1: AES-CMAC with 20-byte input, 18-byte key + */ +prf_test_vector_t aes_cmac_p5 = { + .alg = PRF_AES128_CMAC, .key_size = 18, .len = 20, + .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\xed\xcb", + .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13", + .out = "\x84\xa3\x48\xa4\xa4\x5d\x23\x5b\xab\xff\xfc\x0d\x2b\x4d\xa0\x9a" +}; + +/** + * RFC 4615 Test Case #2: AES-CMAC with 20-byte input, 16-byte key + */ +prf_test_vector_t aes_cmac_p6 = { + .alg = PRF_AES128_CMAC, .key_size = 16, .len = 20, + .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13", + .out = "\x98\x0a\xe8\x7b\x5f\x4c\x9c\x52\x14\xf5\xb6\xa8\x45\x5e\x4c\x2d" +}; + +/** + * RFC 4615 Test Case #3: AES-CMAC with 20-byte input, 10-byte key + */ +prf_test_vector_t aes_cmac_p7 = { + .alg = PRF_AES128_CMAC, .key_size = 10, .len = 20, + .key = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09", + .seed = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13", + .out = "\x29\x0d\x9e\x11\x2e\xdb\x09\xee\x14\x1f\xcf\x64\xc0\xb7\x2f\x3d" +}; + +/** + * RFC 4494 Test Case #1: AES-CMAC-96 with 0-byte input + */ +signer_test_vector_t aes_cmac_s1 = { + .alg = AUTH_AES_CMAC_96, .len = 0, + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .data = "", + .mac = "\xbb\x1d\x69\x29\xe9\x59\x37\x28\x7f\xa3\x7d\x12" +}; + + +/** + * RFC 4494 Test Case #2: AES-CMAC-96 with 16-byte input + */ +signer_test_vector_t aes_cmac_s2 = { + .alg = AUTH_AES_CMAC_96, .len = 16, + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .data = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a", + .mac = "\x07\x0a\x16\xb4\x6b\x4d\x41\x44\xf7\x9b\xdd\x9d" +}; + +/** + * RFC 4494 Test Case #3: AES-CMAC-96 with 40-byte input + */ +signer_test_vector_t aes_cmac_s3 = { + .alg = AUTH_AES_CMAC_96, .len = 40, + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .data = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11", + .mac = "\xdf\xa6\x67\x47\xde\x9a\xe6\x30\x30\xca\x32\x61" +}; + +/** + * RFC 4494 Test Case #4: AES-CMAC-96 with 64-byte input + */ +signer_test_vector_t aes_cmac_s4 = { + .alg = AUTH_AES_CMAC_96, .len = 64, + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .data = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae\x2d\x8a\x57\x1e\x03\xac\x9c\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" + "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" + "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17\xad\x2b\x41\x7b\xe6\x6c\x37\x10", + .mac = "\x51\xf0\xbe\xbf\x7e\x3b\x9d\x92\xfc\x49\x74\x17" +}; diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 58cdf2c7c..8c05cb22d 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -193,6 +193,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -201,6 +204,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -217,11 +221,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,6 +271,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index ba0357cc4..a2cb589e0 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -179,11 +179,11 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi if (has_directoryName) { - iterator_t *iterator = list->create_iterator(list, TRUE); + enumerator_t *enumerator = list->create_enumerator(list); identification_t *directoryName; bool first = TRUE; - while (iterator->iterate(iterator, (void**)&directoryName)) + while (enumerator->enumerate(enumerator, (void**)&directoryName)) { if (first) { @@ -192,15 +192,15 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi } else { - DBG1(DBG_LIB, "more than one directory name - first selected"); + DBG1(DBG_ASN, "more than one directory name - first selected"); directoryName->destroy(directoryName); } } - iterator->destroy(iterator); + enumerator->destroy(enumerator); } else { - DBG1(DBG_LIB, "no directoryName found"); + DBG1(DBG_ASN, "no directoryName found"); } list->destroy(list); @@ -359,10 +359,10 @@ static bool parse_certificate(private_x509_ac_t *this) break; case AC_OBJ_VERSION: this->version = (object.len) ? (1 + (u_int)*object.ptr) : 1; - DBG2(DBG_LIB, " v%d", this->version); + DBG2(DBG_ASN, " v%d", this->version); if (this->version != 2) { - DBG1(DBG_LIB, "v%d attribute certificates are not " + DBG1(DBG_ASN, "v%d attribute certificates are not " "supported", this->version); goto end; } @@ -408,20 +408,20 @@ static bool parse_certificate(private_x509_ac_t *this) switch (type) { case OID_AUTHENTICATION_INFO: - DBG2(DBG_LIB, " need to parse authenticationInfo"); + DBG2(DBG_ASN, " need to parse authenticationInfo"); break; case OID_ACCESS_IDENTITY: - DBG2(DBG_LIB, " need to parse accessIdentity"); + DBG2(DBG_ASN, " need to parse accessIdentity"); break; case OID_CHARGING_IDENTITY: - DBG2(DBG_LIB, "-- > --"); + DBG2(DBG_ASN, "-- > --"); this->charging = ietf_attributes_create_from_encoding(object); - DBG2(DBG_LIB, "-- < --"); + DBG2(DBG_ASN, "-- < --"); break; case OID_GROUP: - DBG2(DBG_LIB, "-- > --"); + DBG2(DBG_ASN, "-- > --"); this->groups = ietf_attributes_create_from_encoding(object); - DBG2(DBG_LIB, "-- < --"); + DBG2(DBG_ASN, "-- < --"); break; case OID_ROLE: parse_roleSyntax(object, level); @@ -436,21 +436,21 @@ static bool parse_certificate(private_x509_ac_t *this) break; case AC_OBJ_CRITICAL: critical = object.len && *object.ptr; - DBG2(DBG_LIB, " %s",(critical)?"TRUE":"FALSE"); + DBG2(DBG_ASN, " %s",(critical)?"TRUE":"FALSE"); break; case AC_OBJ_EXTN_VALUE: { switch (extn_oid) { case OID_CRL_DISTRIBUTION_POINTS: - DBG2(DBG_LIB, " need to parse crlDistributionPoints"); + DBG2(DBG_ASN, " need to parse crlDistributionPoints"); break; case OID_AUTHORITY_KEY_ID: this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, level, &this->authKeySerialNumber); break; case OID_TARGET_INFORMATION: - DBG2(DBG_LIB, " need to parse targetInformation"); + DBG2(DBG_ASN, " need to parse targetInformation"); break; case OID_NO_REV_AVAIL: this->noRevAvail = TRUE; @@ -465,7 +465,7 @@ static bool parse_certificate(private_x509_ac_t *this) NULL); if (this->algorithm != sig_alg) { - DBG1(DBG_LIB, " signature algorithms do not agree"); + DBG1(DBG_ASN, " signature algorithms do not agree"); success = FALSE; goto end; } @@ -528,7 +528,7 @@ static chunk_t build_attr_cert_validity(private_x509_ac_t *this) { return asn1_wrap(ASN1_SEQUENCE, "mm", asn1_from_time(&this->notBefore, ASN1_GENERALIZEDTIME), - asn1_from_time(&this->notAfter, ASN1_GENERALIZEDTIME)); + asn1_from_time(&this->notAfter, ASN1_GENERALIZEDTIME)); } @@ -616,7 +616,6 @@ static chunk_t build_attr_cert_info(private_x509_ac_t *this) build_extensions(this)); } - /** * build an X.509 attribute certificate */ @@ -636,82 +635,62 @@ static chunk_t build_ac(private_x509_ac_t *this) asn1_bitstring("m", signatureValue)); } -/** - * Implementation of ac_t.get_serial. - */ -static chunk_t get_serial(private_x509_ac_t *this) +METHOD(ac_t, get_serial, chunk_t, + private_x509_ac_t *this) { return this->serialNumber; } -/** - * Implementation of ac_t.get_holderSerial. - */ -static chunk_t get_holderSerial(private_x509_ac_t *this) +METHOD(ac_t, get_holderSerial, chunk_t, + private_x509_ac_t *this) { return this->holderSerial; } -/** - * Implementation of ac_t.get_holderIssuer. - */ -static identification_t* get_holderIssuer(private_x509_ac_t *this) +METHOD(ac_t, get_holderIssuer, identification_t*, + private_x509_ac_t *this) { return this->holderIssuer; } -/** - * Implementation of ac_t.get_authKeyIdentifier. - */ -static chunk_t get_authKeyIdentifier(private_x509_ac_t *this) +METHOD(ac_t, get_authKeyIdentifier, chunk_t, + private_x509_ac_t *this) { return this->authKeyIdentifier; } -/** - * Implementation of certificate_t.get_groups. - */ -static ietf_attributes_t* get_groups(private_x509_ac_t *this) +METHOD(ac_t, get_groups, ietf_attributes_t*, + private_x509_ac_t *this) { return this->groups ? this->groups->get_ref(this->groups) : NULL; } -/** - * Implementation of certificate_t.get_type - */ -static certificate_type_t get_type(private_x509_ac_t *this) +METHOD(certificate_t, get_type, certificate_type_t, + private_x509_ac_t *this) { return CERT_X509_AC; } -/** - * Implementation of certificate_t.get_subject - */ -static identification_t* get_subject(private_x509_ac_t *this) +METHOD(certificate_t, get_subject, identification_t*, + private_x509_ac_t *this) { return this->entityName; } -/** - * Implementation of certificate_t.get_issuer - */ -static identification_t* get_issuer(private_x509_ac_t *this) +METHOD(certificate_t, get_issuer, identification_t*, + private_x509_ac_t *this) { return this->issuerName; } -/** - * Implementation of certificate_t.has_subject. - */ -static id_match_t has_subject(private_x509_ac_t *this, identification_t *subject) +METHOD(certificate_t, has_subject, id_match_t, + private_x509_ac_t *this, identification_t *subject) { return ID_MATCH_NONE; } -/** - * Implementation of certificate_t.has_issuer. - */ -static id_match_t has_issuer(private_x509_ac_t *this, identification_t *issuer) +METHOD(certificate_t, has_issuer, id_match_t, + private_x509_ac_t *this, identification_t *issuer) { if (issuer->get_type(issuer) == ID_KEY_ID && this->authKeyIdentifier.ptr && chunk_equals(this->authKeyIdentifier, issuer->get_encoding(issuer))) @@ -721,10 +700,8 @@ static id_match_t has_issuer(private_x509_ac_t *this, identification_t *issuer) return this->issuerName->matches(this->issuerName, issuer); } -/** - * Implementation of certificate_t.issued_by - */ -static bool issued_by(private_x509_ac_t *this, certificate_t *issuer) +METHOD(certificate_t, issued_by, bool, + private_x509_ac_t *this, certificate_t *issuer) { public_key_t *key; signature_scheme_t scheme; @@ -776,28 +753,21 @@ static bool issued_by(private_x509_ac_t *this, certificate_t *issuer) return valid; } -/** - * Implementation of certificate_t.get_public_key. - */ -static public_key_t* get_public_key(private_x509_ac_t *this) +METHOD(certificate_t, get_public_key, public_key_t*, + private_x509_ac_t *this) { return NULL; } -/** - * Implementation of certificate_t.get_ref. - */ -static private_x509_ac_t* get_ref(private_x509_ac_t *this) +METHOD(certificate_t, get_ref, certificate_t*, + private_x509_ac_t *this) { ref_get(&this->ref); - return this; + return &this->public.interface.certificate; } -/** - * Implementation of certificate_t.get_validity. - */ -static bool get_validity(private_x509_ac_t *this, time_t *when, - time_t *not_before, time_t *not_after) +METHOD(certificate_t, get_validity, bool, + private_x509_ac_t *this, time_t *when, time_t *not_before, time_t *not_after) { time_t t = when ? *when : time(NULL); @@ -812,11 +782,8 @@ static bool get_validity(private_x509_ac_t *this, time_t *when, return (t >= this->notBefore && t <= this->notAfter); } -/** - * Implementation of certificate_t.get_encoding. - */ -static bool get_encoding(private_x509_ac_t *this, cred_encoding_type_t type, - chunk_t *encoding) +METHOD(certificate_t, get_encoding, bool, + private_x509_ac_t *this, cred_encoding_type_t type, chunk_t *encoding) { if (type == CERT_ASN1_DER) { @@ -827,10 +794,8 @@ static bool get_encoding(private_x509_ac_t *this, cred_encoding_type_t type, CRED_PART_X509_AC_ASN1_DER, this->encoding, CRED_PART_END); } -/** - * Implementation of certificate_t.equals. - */ -static bool equals(private_x509_ac_t *this, certificate_t *other) +METHOD(certificate_t, equals, bool, + private_x509_ac_t *this, certificate_t *other) { chunk_t encoding; bool equal; @@ -852,10 +817,8 @@ static bool equals(private_x509_ac_t *this, certificate_t *other) return equal; } -/** - * Implementation of x509_ac_t.destroy - */ -static void destroy(private_x509_ac_t *this) +METHOD(certificate_t, destroy, void, + private_x509_ac_t *this) { if (ref_put(&this->ref)) { @@ -879,41 +842,34 @@ static void destroy(private_x509_ac_t *this) */ static private_x509_ac_t *create_empty(void) { - private_x509_ac_t *this = malloc_thing(private_x509_ac_t); - - /* public functions */ - this->public.interface.get_serial = (chunk_t (*)(ac_t*))get_serial; - this->public.interface.get_holderSerial = (chunk_t (*)(ac_t*))get_holderSerial; - this->public.interface.get_holderIssuer = (identification_t* (*)(ac_t*))get_holderIssuer; - this->public.interface.get_authKeyIdentifier = (chunk_t (*)(ac_t*))get_authKeyIdentifier; - this->public.interface.get_groups = (ietf_attributes_t* (*)(ac_t*))get_groups; - this->public.interface.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type; - this->public.interface.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_subject; - this->public.interface.certificate.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; - this->public.interface.certificate.has_subject = (id_match_t(*)(certificate_t*, identification_t *subject))has_subject; - this->public.interface.certificate.has_issuer = (id_match_t(*)(certificate_t*, identification_t *issuer))has_issuer; - this->public.interface.certificate.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by; - this->public.interface.certificate.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key; - this->public.interface.certificate.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity; - this->public.interface.certificate.get_encoding = (bool(*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding; - this->public.interface.certificate.equals = (bool(*)(certificate_t*, certificate_t *other))equals; - this->public.interface.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref; - this->public.interface.certificate.destroy = (void (*)(certificate_t *this))destroy; - - /* initialize */ - this->encoding = chunk_empty; - this->serialNumber = chunk_empty; - this->holderSerial = chunk_empty; - this->authKeyIdentifier = chunk_empty; - this->holderIssuer = NULL; - this->entityName = NULL; - this->issuerName = NULL; - this->holderCert = NULL; - this->signerCert = NULL; - this->signerKey = NULL; - this->charging = NULL; - this->groups = NULL; - this->ref = 1; + private_x509_ac_t *this; + + INIT(this, + .public = { + .interface = { + .certificate = { + .get_type = _get_type, + .get_subject = _get_subject, + .get_issuer = _get_issuer, + .has_subject = _has_subject, + .has_issuer = _has_issuer, + .issued_by = _issued_by, + .get_public_key = _get_public_key, + .get_validity = _get_validity, + .get_encoding = _get_encoding, + .equals = _equals, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_serial = _get_serial, + .get_holderSerial = _get_holderSerial, + .get_holderIssuer = _get_holderIssuer, + .get_authKeyIdentifier = _get_authKeyIdentifier, + .get_groups = _get_groups, + }, + }, + .ref = 1, + ); return this; } diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 8b228a2b6..4859f4310 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -275,8 +275,8 @@ static const asn1Object_t basicConstraintsObjects[] = { { 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ { 1, "CA", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 1 */ { 1, "pathLenConstraint", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 2 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define BASIC_CONSTRAINTS_CA 1 #define BASIC_CONSTRAINTS_PATH_LEN 2 @@ -301,7 +301,7 @@ static void parse_basicConstraints(chunk_t blob, int level0, { case BASIC_CONSTRAINTS_CA: isCA = object.len && *object.ptr; - DBG2(DBG_LIB, " %s", isCA ? "TRUE" : "FALSE"); + DBG2(DBG_ASN, " %s", isCA ? "TRUE" : "FALSE"); if (isCA) { this->flags |= X509_CA; @@ -394,7 +394,7 @@ static const asn1Object_t generalNameObjects[] = { { 0, "otherName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_BODY }, /* 0 */ { 0, "end choice", ASN1_EOC, ASN1_END }, /* 1 */ { 0, "rfc822Name", ASN1_CONTEXT_S_1, ASN1_OPT|ASN1_BODY }, /* 2 */ - { 0, "end choice", ASN1_EOC, ASN1_END }, /* 3 */ + { 0, "end choice", ASN1_EOC, ASN1_END }, /* 3 */ { 0, "dnsName", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 4 */ { 0, "end choice", ASN1_EOC, ASN1_END }, /* 5 */ { 0, "x400Address", ASN1_CONTEXT_S_3, ASN1_OPT|ASN1_BODY }, /* 6 */ @@ -482,7 +482,7 @@ static identification_t *parse_generalName(chunk_t blob, int level0) if (id_type != ID_ANY) { gn = identification_create_from_encoding(id_type, object); - DBG2(DBG_LIB, " '%Y'", gn); + DBG2(DBG_ASN, " '%Y'", gn); goto end; } } @@ -536,14 +536,14 @@ void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_lis * ASN.1 definition of a authorityKeyIdentifier extension */ static const asn1Object_t authKeyIdentifierObjects[] = { - { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ + { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ { 1, "keyIdentifier", ASN1_CONTEXT_S_0, ASN1_OPT|ASN1_BODY }, /* 1 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */ { 1, "authorityCertIssuer", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_OBJ }, /* 3 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */ { 1, "authorityCertSerialNumber", ASN1_CONTEXT_S_2, ASN1_OPT|ASN1_BODY }, /* 5 */ - { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */ - { 0, "exit", ASN1_EOC, ASN1_EXIT } + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } }; #define AUTH_KEY_ID_KEY_ID 1 #define AUTH_KEY_ID_CERT_ISSUER 3 @@ -638,7 +638,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, /* parsing went wrong - abort */ goto end; } - DBG2(DBG_LIB, " '%Y'", id); + DBG2(DBG_ASN, " '%Y'", id); if (accessMethod == OID_OCSP && asprintf(&uri, "%Y", id) > 0) { @@ -1107,10 +1107,10 @@ static void parse_policyConstraints(chunk_t blob, int level0, static const asn1Object_t ipAddrBlocksObjects[] = { { 0, "ipAddrBlocks", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ { 1, "ipAddressFamily", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ - { 2, "addressFamily", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ + { 2, "addressFamily", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */ { 2, "inherit", ASN1_NULL, ASN1_OPT|ASN1_NONE }, /* 3 */ { 2, "end choice", ASN1_EOC, ASN1_END }, /* 4 */ - { 2, "addressesOrRanges", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 5 */ + { 2, "addressesOrRanges", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 5 */ { 3, "addressPrefix", ASN1_BIT_STRING, ASN1_OPT|ASN1_BODY }, /* 6 */ { 3, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ { 3, "addressRange", ASN1_SEQUENCE, ASN1_OPT|ASN1_NONE }, /* 8 */ @@ -1134,36 +1134,36 @@ static bool check_address_object(ts_type_t ts_type, chunk_t object) case TS_IPV4_ADDR_RANGE: if (object.len > 5) { - DBG1(DBG_LIB, "IPv4 address object is larger than 5 octets"); + DBG1(DBG_ASN, "IPv4 address object is larger than 5 octets"); return FALSE; } break; case TS_IPV6_ADDR_RANGE: if (object.len > 17) { - DBG1(DBG_LIB, "IPv6 address object is larger than 17 octets"); + DBG1(DBG_ASN, "IPv6 address object is larger than 17 octets"); return FALSE; } break; default: - DBG1(DBG_LIB, "unknown address family"); + DBG1(DBG_ASN, "unknown address family"); return FALSE; } if (object.len == 0) { - DBG1(DBG_LIB, "An ASN.1 bit string must contain at least the " + DBG1(DBG_ASN, "An ASN.1 bit string must contain at least the " "initial octet"); return FALSE; } if (object.len == 1 && object.ptr[0] != 0) { - DBG1(DBG_LIB, "An empty ASN.1 bit string must contain a zero " + DBG1(DBG_ASN, "An empty ASN.1 bit string must contain a zero " "initial octet"); return FALSE; } if (object.ptr[0] > 7) { - DBG1(DBG_LIB, "number of unused bits is too large"); + DBG1(DBG_ASN, "number of unused bits is too large"); return FALSE; } return TRUE; @@ -1201,11 +1201,11 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0, { break; } - DBG2(DBG_LIB, " %N", ts_type_name, ts_type); + DBG2(DBG_ASN, " %N", ts_type_name, ts_type); } break; case IP_ADDR_BLOCKS_INHERIT: - DBG1(DBG_LIB, "inherit choice is not supported"); + DBG1(DBG_ASN, "inherit choice is not supported"); break; case IP_ADDR_BLOCKS_PREFIX: if (!check_address_object(ts_type, object)) @@ -1214,7 +1214,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0, } ts = traffic_selector_create_from_rfc3779_format(ts_type, object, object); - DBG2(DBG_LIB, " %R", ts); + DBG2(DBG_ASN, " %R", ts); this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts); break; case IP_ADDR_BLOCKS_MIN: @@ -1231,7 +1231,7 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0, } ts = traffic_selector_create_from_rfc3779_format(ts_type, min_object, object); - DBG2(DBG_LIB, " %R", ts); + DBG2(DBG_ASN, " %R", ts); this->ipAddrBlocks->insert_last(this->ipAddrBlocks, ts); break; default: @@ -1280,7 +1280,7 @@ static const asn1Object_t certObjects[] = { #define X509_OBJ_VERSION 3 #define X509_OBJ_SERIAL_NUMBER 4 #define X509_OBJ_SIG_ALG 5 -#define X509_OBJ_ISSUER 6 +#define X509_OBJ_ISSUER 6 #define X509_OBJ_NOT_BEFORE 8 #define X509_OBJ_NOT_AFTER 9 #define X509_OBJ_SUBJECT 10 @@ -1320,12 +1320,12 @@ static bool parse_certificate(private_x509_cert_t *this) this->version = (object.len) ? (1+(u_int)*object.ptr) : 1; if (this->version < 1 || this->version > 3) { - DBG1(DBG_LIB, "X.509v%d not supported", this->version); + DBG1(DBG_ASN, "X.509v%d not supported", this->version); goto end; } else { - DBG2(DBG_LIB, " X.509v%d", this->version); + DBG2(DBG_ASN, " X.509v%d", this->version); } break; case X509_OBJ_SERIAL_NUMBER: @@ -1336,7 +1336,7 @@ static bool parse_certificate(private_x509_cert_t *this) break; case X509_OBJ_ISSUER: this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object); - DBG2(DBG_LIB, " '%Y'", this->issuer); + DBG2(DBG_ASN, " '%Y'", this->issuer); break; case X509_OBJ_NOT_BEFORE: this->notBefore = asn1_parse_time(object, level); @@ -1346,13 +1346,13 @@ static bool parse_certificate(private_x509_cert_t *this) break; case X509_OBJ_SUBJECT: this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object); - DBG2(DBG_LIB, " '%Y'", this->subject); + DBG2(DBG_ASN, " '%Y'", this->subject); break; case X509_OBJ_SUBJECT_PUBLIC_KEY_INFO: - DBG2(DBG_LIB, "-- > --"); + DBG2(DBG_ASN, "-- > --"); this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, BUILD_BLOB_ASN1_DER, object, BUILD_END); - DBG2(DBG_LIB, "-- < --"); + DBG2(DBG_ASN, "-- < --"); if (this->public_key == NULL) { goto end; @@ -1361,7 +1361,7 @@ static bool parse_certificate(private_x509_cert_t *this) case X509_OBJ_OPTIONAL_EXTENSIONS: if (this->version != 3) { - DBG1(DBG_LIB, "Only X.509v3 certificates have extensions"); + DBG1(DBG_ASN, "Only X.509v3 certificates have extensions"); goto end; } break; @@ -1370,7 +1370,7 @@ static bool parse_certificate(private_x509_cert_t *this) break; case X509_OBJ_CRITICAL: critical = object.len && *object.ptr; - DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE"); + DBG2(DBG_ASN, " %s", critical ? "TRUE" : "FALSE"); break; case X509_OBJ_EXTN_VALUE: { @@ -1445,7 +1445,7 @@ static bool parse_certificate(private_x509_cert_t *this) if (critical && lib->settings->get_bool(lib->settings, "libstrongswan.x509.enforce_critical", TRUE)) { - DBG1(DBG_LIB, "critical '%s' extension not supported", + DBG1(DBG_ASN, "critical '%s' extension not supported", (extn_oid == OID_UNKNOWN) ? "unknown" : (char*)oid_names[extn_oid].name); goto end; @@ -1458,7 +1458,7 @@ static bool parse_certificate(private_x509_cert_t *this) this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); if (this->algorithm != sig_alg) { - DBG1(DBG_LIB, " signature algorithms do not agree"); + DBG1(DBG_ASN, " signature algorithms do not agree"); goto end; } break; @@ -1488,8 +1488,8 @@ end: hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { - DBG1(DBG_LIB, " unable to create hash of certificate, SHA1 not supported"); - return NULL; + DBG1(DBG_ASN, " unable to create hash of certificate, SHA1 not supported"); + return FALSE; } hasher->allocate_hash(hasher, this->encoding, &this->encoding_hash); hasher->destroy(hasher); @@ -1706,7 +1706,7 @@ METHOD(x509_t, get_subjectKeyIdentifier, chunk_t, chunk_t fingerprint; if (this->public_key->get_fingerprint(this->public_key, - KEYID_PUBKEY_SHA1, &fingerprint)) + KEYID_PUBKEY_SHA1, &fingerprint)) { return fingerprint; } @@ -1901,7 +1901,7 @@ chunk_t build_generalName(identification_t *id) context = ASN1_CONTEXT_S_7; break; default: - DBG1(DBG_LIB, "encoding %N as generalName not supported", + DBG1(DBG_ASN, "encoding %N as generalName not supported", id_type_names, id->get_type(id)); return chunk_empty; } diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index 758505ab5..7bcca16a3 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -242,14 +242,14 @@ static bool parse(private_x509_crl_t *this) break; case CRL_OBJ_VERSION: this->version = (object.len) ? (1+(u_int)*object.ptr) : 1; - DBG2(DBG_LIB, " v%d", this->version); + DBG2(DBG_ASN, " v%d", this->version); break; case CRL_OBJ_SIG_ALG: sig_alg = asn1_parse_algorithmIdentifier(object, level, NULL); break; case CRL_OBJ_ISSUER: this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object); - DBG2(DBG_LIB, " '%Y'", this->issuer); + DBG2(DBG_ASN, " '%Y'", this->issuer); break; case CRL_OBJ_THIS_UPDATE: this->thisUpdate = asn1_parse_time(object, level); @@ -274,7 +274,7 @@ static bool parse(private_x509_crl_t *this) case CRL_OBJ_CRL_ENTRY_CRITICAL: case CRL_OBJ_CRITICAL: critical = object.len && *object.ptr; - DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE"); + DBG2(DBG_ASN, " %s", critical ? "TRUE" : "FALSE"); break; case CRL_OBJ_CRL_ENTRY_EXTN_VALUE: case CRL_OBJ_EXTN_VALUE: @@ -291,7 +291,7 @@ static bool parse(private_x509_crl_t *this) { revoked->reason = *object.ptr; } - DBG2(DBG_LIB, " '%N'", crl_reason_names, + DBG2(DBG_ASN, " '%N'", crl_reason_names, revoked->reason); } break; @@ -324,7 +324,7 @@ static bool parse(private_x509_crl_t *this) if (critical && lib->settings->get_bool(lib->settings, "libstrongswan.x509.enforce_critical", TRUE)) { - DBG1(DBG_LIB, "critical '%s' extension not supported", + DBG1(DBG_ASN, "critical '%s' extension not supported", (extn_oid == OID_UNKNOWN) ? "unknown" : (char*)oid_names[extn_oid].name); goto end; @@ -338,7 +338,7 @@ static bool parse(private_x509_crl_t *this) this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); if (this->algorithm != sig_alg) { - DBG1(DBG_LIB, " signature algorithms do not agree"); + DBG1(DBG_ASN, " signature algorithms do not agree"); goto end; } break; diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index ea02cbab5..33d0aa792 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -304,18 +304,14 @@ static chunk_t build_OCSPRequest(private_x509_ocsp_request_t *this) } -/** - * Implementation of certificate_t.get_type - */ -static certificate_type_t get_type(private_x509_ocsp_request_t *this) +METHOD(certificate_t, get_type, certificate_type_t, + private_x509_ocsp_request_t *this) { return CERT_X509_OCSP_REQUEST; } -/** - * Implementation of certificate_t.get_subject - */ -static identification_t* get_subject(private_x509_ocsp_request_t *this) +METHOD(certificate_t, get_subject, identification_t*, + private_x509_ocsp_request_t *this) { certificate_t *ca = (certificate_t*)this->ca; @@ -330,21 +326,16 @@ static identification_t* get_subject(private_x509_ocsp_request_t *this) return ca->get_subject(ca); } -/** - * Implementation of certificate_t.get_issuer - */ -static identification_t* get_issuer(private_x509_ocsp_request_t *this) +METHOD(certificate_t, get_issuer, identification_t*, + private_x509_ocsp_request_t *this) { certificate_t *ca = (certificate_t*)this->ca; return ca->get_subject(ca); } -/** - * Implementation of certificate_t.has_subject. - */ -static id_match_t has_subject(private_x509_ocsp_request_t *this, - identification_t *subject) +METHOD(certificate_t, has_subject, id_match_t, + private_x509_ocsp_request_t *this, identification_t *subject) { certificate_t *current; enumerator_t *enumerator; @@ -363,10 +354,8 @@ static id_match_t has_subject(private_x509_ocsp_request_t *this, return best; } -/** - * Implementation of certificate_t.has_subject. - */ -static id_match_t has_issuer(private_x509_ocsp_request_t *this, +METHOD(certificate_t, has_issuer, id_match_t, + private_x509_ocsp_request_t *this, identification_t *issuer) { certificate_t *ca = (certificate_t*)this->ca; @@ -374,28 +363,22 @@ static id_match_t has_issuer(private_x509_ocsp_request_t *this, return ca->has_subject(ca, issuer); } -/** - * Implementation of certificate_t.issued_by - */ -static bool issued_by(private_x509_ocsp_request_t *this, certificate_t *issuer) +METHOD(certificate_t, issued_by, bool, + private_x509_ocsp_request_t *this, certificate_t *issuer) { DBG1(DBG_LIB, "OCSP request validation not implemented!"); return FALSE; } -/** - * Implementation of certificate_t.get_public_key - */ -static public_key_t* get_public_key(private_x509_ocsp_request_t *this) +METHOD(certificate_t, get_public_key, public_key_t*, + private_x509_ocsp_request_t *this) { return NULL; } -/** - * Implementation of x509_cert_t.get_validity. - */ -static bool get_validity(private_x509_ocsp_request_t *this, time_t *when, - time_t *not_before, time_t *not_after) +METHOD(certificate_t, get_validity, bool, + private_x509_ocsp_request_t *this, time_t *when, time_t *not_before, + time_t *not_after) { certificate_t *cert; @@ -410,11 +393,9 @@ static bool get_validity(private_x509_ocsp_request_t *this, time_t *when, return cert->get_validity(cert, when, not_before, not_after); } -/** - * Implementation of certificate_t.get_encoding. - */ -static bool get_encoding(private_x509_ocsp_request_t *this, - cred_encoding_type_t type, chunk_t *encoding) +METHOD(certificate_t, get_encoding, bool, + private_x509_ocsp_request_t *this, cred_encoding_type_t type, + chunk_t *encoding) { if (type == CERT_ASN1_DER) { @@ -425,10 +406,8 @@ static bool get_encoding(private_x509_ocsp_request_t *this, CRED_PART_X509_OCSP_REQ_ASN1_DER, this->encoding, CRED_PART_END); } -/** - * Implementation of certificate_t.equals. - */ -static bool equals(private_x509_ocsp_request_t *this, certificate_t *other) +METHOD(certificate_t, equals, bool, + private_x509_ocsp_request_t *this, certificate_t *other) { chunk_t encoding; bool equal; @@ -454,19 +433,15 @@ static bool equals(private_x509_ocsp_request_t *this, certificate_t *other) return equal; } -/** - * Implementation of certificate_t.asdf - */ -static private_x509_ocsp_request_t* get_ref(private_x509_ocsp_request_t *this) +METHOD(certificate_t, get_ref, certificate_t*, + private_x509_ocsp_request_t *this) { ref_get(&this->ref); - return this; + return &this->public.interface.interface; } -/** - * Implementation of x509_ocsp_request_t.destroy - */ -static void destroy(private_x509_ocsp_request_t *this) +METHOD(certificate_t, destroy, void, + private_x509_ocsp_request_t *this) { if (ref_put(&this->ref)) { @@ -486,29 +461,30 @@ static void destroy(private_x509_ocsp_request_t *this) */ static private_x509_ocsp_request_t *create_empty() { - private_x509_ocsp_request_t *this = malloc_thing(private_x509_ocsp_request_t); - - this->public.interface.interface.get_type = (certificate_type_t (*)(certificate_t *this))get_type; - this->public.interface.interface.get_subject = (identification_t* (*)(certificate_t *this))get_subject; - this->public.interface.interface.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; - this->public.interface.interface.has_subject = (id_match_t(*)(certificate_t*, identification_t *subject))has_subject; - this->public.interface.interface.has_issuer = (id_match_t(*)(certificate_t*, identification_t *issuer))has_issuer; - this->public.interface.interface.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by; - this->public.interface.interface.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key; - this->public.interface.interface.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity; - this->public.interface.interface.get_encoding = (bool(*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding; - this->public.interface.interface.equals = (bool(*)(certificate_t*, certificate_t *other))equals; - this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t *this))get_ref; - this->public.interface.interface.destroy = (void (*)(certificate_t *this))destroy; - - this->ca = NULL; - this->requestor = NULL; - this->cert = NULL; - this->key = NULL; - this->nonce = chunk_empty; - this->encoding = chunk_empty; - this->candidates = linked_list_create(); - this->ref = 1; + private_x509_ocsp_request_t *this; + + INIT(this, + .public = { + .interface = { + .interface = { + .get_type = _get_type, + .get_subject = _get_subject, + .get_issuer = _get_issuer, + .has_subject = _has_subject, + .has_issuer = _has_issuer, + .issued_by = _issued_by, + .get_public_key = _get_public_key, + .get_validity = _get_validity, + .get_encoding = _get_encoding, + .equals = _equals, + .get_ref = _get_ref, + .destroy = _destroy, + }, + }, + }, + .candidates = linked_list_create(), + .ref = 1, + ); return this; } diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index 4cbe3f718..7dfef3993 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -148,14 +148,10 @@ static const chunk_t ASN1_response_content = chunk_from_chars( 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01 ); -/** - * Implementaiton of ocsp_response_t.get_status - */ -static cert_validation_t get_status(private_x509_ocsp_response_t *this, - x509_t *subject, x509_t *issuer, - time_t *revocation_time, - crl_reason_t *revocation_reason, - time_t *this_update, time_t *next_update) +METHOD(ocsp_response_t, get_status, cert_validation_t, + private_x509_ocsp_response_t *this, x509_t *subject, x509_t *issuer, + time_t *revocation_time, crl_reason_t *revocation_reason, + time_t *this_update, time_t *next_update) { enumerator_t *enumerator; single_response_t *response; @@ -236,10 +232,8 @@ static cert_validation_t get_status(private_x509_ocsp_response_t *this, return status; } -/** - * Implementation of ocsp_response_t.create_cert_enumerator. - */ -static enumerator_t* create_cert_enumerator(private_x509_ocsp_response_t *this) +METHOD(ocsp_response_t, create_cert_enumerator, enumerator_t*, + private_x509_ocsp_response_t *this) { return this->certs->create_enumerator(this->certs); } @@ -379,6 +373,10 @@ static bool parse_singleResponse(private_x509_ocsp_response_t *this, } this->responses->insert_last(this->responses, response); } + else + { + free(response); + } return success; } @@ -509,7 +507,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, if (version != OCSP_BASIC_RESPONSE_VERSION) { - DBG1(DBG_LIB, " ocsp ResponseData version %d not " + DBG1(DBG_ASN, " ocsp ResponseData version %d not " "supported", version); goto end; } @@ -518,12 +516,12 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, case BASIC_RESPONSE_ID_BY_NAME: this->responderId = identification_create_from_encoding( ID_DER_ASN1_DN, object); - DBG2(DBG_LIB, " '%Y'", this->responderId); + DBG2(DBG_ASN, " '%Y'", this->responderId); break; case BASIC_RESPONSE_ID_BY_KEY: this->responderId = identification_create_from_encoding( ID_KEY_ID, object); - DBG2(DBG_LIB, " '%Y'", this->responderId); + DBG2(DBG_ASN, " '%Y'", this->responderId); break; case BASIC_RESPONSE_PRODUCED_AT: this->producedAt = asn1_to_time(&object, ASN1_GENERALIZEDTIME); @@ -537,7 +535,7 @@ static bool parse_basicOCSPResponse(private_x509_ocsp_response_t *this, break; case BASIC_RESPONSE_CRITICAL: critical = object.len && *object.ptr; - DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE"); + DBG2(DBG_ASN, " %s", critical ? "TRUE" : "FALSE"); break; case BASIC_RESPONSE_EXT_VALUE: if (extn_oid == OID_NONCE) @@ -653,35 +651,26 @@ end: return success; } -/** - * Implementation of certificate_t.get_type - */ -static certificate_type_t get_type(private_x509_ocsp_response_t *this) +METHOD(certificate_t, get_type, certificate_type_t, + private_x509_ocsp_response_t *this) { return CERT_X509_OCSP_RESPONSE; } -/** - * Implementation of certificate_t.get_issuer - */ -static identification_t* get_issuer(private_x509_ocsp_response_t *this) +METHOD(certificate_t, get_issuer, identification_t*, + private_x509_ocsp_response_t *this) { return this->responderId; } -/** - * Implementation of certificate_t.has_subject. - */ -static id_match_t has_issuer(private_x509_ocsp_response_t *this, - identification_t *issuer) +METHOD(certificate_t, has_issuer, id_match_t, + private_x509_ocsp_response_t *this, identification_t *issuer) { return this->responderId->matches(this->responderId, issuer); } -/** - * Implementation of certificate_t.issued_by - */ -static bool issued_by(private_x509_ocsp_response_t *this, certificate_t *issuer) +METHOD(certificate_t, issued_by, bool, + private_x509_ocsp_response_t *this, certificate_t *issuer) { public_key_t *key; signature_scheme_t scheme; @@ -736,19 +725,15 @@ static bool issued_by(private_x509_ocsp_response_t *this, certificate_t *issuer) return valid; } -/** - * Implementation of certificate_t.get_public_key - */ -static public_key_t* get_public_key(private_x509_ocsp_response_t *this) +METHOD(certificate_t, get_public_key, public_key_t*, + private_x509_ocsp_response_t *this) { return NULL; } -/** - * Implementation of certificate_t.get_validity. - */ -static bool get_validity(private_x509_ocsp_response_t *this, time_t *when, - time_t *not_before, time_t *not_after) +METHOD(certificate_t, get_validity, bool, + private_x509_ocsp_response_t *this, time_t *when, + time_t *not_before, time_t *not_after) { time_t t = when ? *when : time(NULL); @@ -763,11 +748,9 @@ static bool get_validity(private_x509_ocsp_response_t *this, time_t *when, return (t < this->usableUntil); } -/** - * Implementation of certificate_t.get_encoding. - */ -static bool get_encoding(private_x509_ocsp_response_t *this, - cred_encoding_type_t type, chunk_t *encoding) +METHOD(certificate_t, get_encoding, bool, + private_x509_ocsp_response_t *this, cred_encoding_type_t type, + chunk_t *encoding) { if (type == CERT_ASN1_DER) { @@ -778,10 +761,8 @@ static bool get_encoding(private_x509_ocsp_response_t *this, CRED_PART_X509_OCSP_RES_ASN1_DER, this->encoding, CRED_PART_END); } -/** - * Implementation of certificate_t.equals. - */ -static bool equals(private_x509_ocsp_response_t *this, certificate_t *other) +METHOD(certificate_t, equals, bool, + private_x509_ocsp_response_t *this, certificate_t *other) { chunk_t encoding; bool equal; @@ -807,19 +788,15 @@ static bool equals(private_x509_ocsp_response_t *this, certificate_t *other) return equal; } -/** - * Implementation of certificate_t.get_ref - */ -static private_x509_ocsp_response_t* get_ref(private_x509_ocsp_response_t *this) +METHOD(certificate_t, get_ref, certificate_t*, + private_x509_ocsp_response_t *this) { ref_get(&this->ref); - return this; + return &this->public.interface.certificate; } -/** - * Implements ocsp_t.destroy. - */ -static void destroy(private_x509_ocsp_response_t *this) +METHOD(certificate_t, destroy, void, + private_x509_ocsp_response_t *this) { if (ref_put(&this->ref)) { @@ -838,34 +815,35 @@ static x509_ocsp_response_t *load(chunk_t blob) { private_x509_ocsp_response_t *this; - this = malloc_thing(private_x509_ocsp_response_t); - - this->public.interface.certificate.get_type = (certificate_type_t (*)(certificate_t *this))get_type; - this->public.interface.certificate.get_subject = (identification_t* (*)(certificate_t *this))get_issuer; - this->public.interface.certificate.get_issuer = (identification_t* (*)(certificate_t *this))get_issuer; - this->public.interface.certificate.has_subject = (id_match_t(*)(certificate_t*, identification_t *subject))has_issuer; - this->public.interface.certificate.has_issuer = (id_match_t(*)(certificate_t*, identification_t *issuer))has_issuer; - this->public.interface.certificate.issued_by = (bool (*)(certificate_t *this, certificate_t *issuer))issued_by; - this->public.interface.certificate.get_public_key = (public_key_t* (*)(certificate_t *this))get_public_key; - this->public.interface.certificate.get_validity = (bool(*)(certificate_t*, time_t *when, time_t *, time_t*))get_validity; - this->public.interface.certificate.get_encoding = (bool(*)(certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding; - this->public.interface.certificate.equals = (bool(*)(certificate_t*, certificate_t *other))equals; - this->public.interface.certificate.get_ref = (certificate_t* (*)(certificate_t *this))get_ref; - this->public.interface.certificate.destroy = (void (*)(certificate_t *this))destroy; - this->public.interface.get_status = (cert_validation_t(*)(ocsp_response_t*, x509_t *subject, x509_t *issuer, time_t *revocation_time,crl_reason_t *revocation_reason,time_t *this_update, time_t *next_update))get_status; - this->public.interface.create_cert_enumerator = (enumerator_t*(*)(ocsp_response_t*))create_cert_enumerator; - - this->ref = 1; - this->encoding = chunk_clone(blob); - this->tbsResponseData = chunk_empty; - this->responderId = NULL; - this->producedAt = UNDEFINED_TIME; - this->usableUntil = UNDEFINED_TIME; - this->responses = linked_list_create(); - this->nonce = chunk_empty; - this->signatureAlgorithm = OID_UNKNOWN; - this->signature = chunk_empty; - this->certs = linked_list_create(); + INIT(this, + .public = { + .interface = { + .certificate = { + .get_type = _get_type, + .get_subject = _get_issuer, + .get_issuer = _get_issuer, + .has_subject = _has_issuer, + .has_issuer = _has_issuer, + .issued_by = _issued_by, + .get_public_key = _get_public_key, + .get_validity = _get_validity, + .get_encoding = _get_encoding, + .equals = _equals, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_status = _get_status, + .create_cert_enumerator = _create_cert_enumerator, + }, + }, + .ref = 1, + .encoding = chunk_clone(blob), + .producedAt = UNDEFINED_TIME, + .usableUntil = UNDEFINED_TIME, + .responses = linked_list_create(), + .signatureAlgorithm = OID_UNKNOWN, + .certs = linked_list_create(), + ); if (!parse_OCSPResponse(this)) { diff --git a/src/libstrongswan/plugins/x509/x509_pkcs10.c b/src/libstrongswan/plugins/x509/x509_pkcs10.c index 7b488484e..ca08db2c6 100644 --- a/src/libstrongswan/plugins/x509/x509_pkcs10.c +++ b/src/libstrongswan/plugins/x509/x509_pkcs10.c @@ -104,34 +104,26 @@ struct private_x509_pkcs10_t { extern void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list); extern chunk_t x509_build_subjectAltNames(linked_list_t *list); -/** - * Implementation of certificate_t.get_type. - */ -static certificate_type_t get_type(private_x509_pkcs10_t *this) +METHOD(certificate_t, get_type, certificate_type_t, + private_x509_pkcs10_t *this) { return CERT_PKCS10_REQUEST; } -/** - * Implementation of certificate_t.get_subject and get_issuer. - */ -static identification_t* get_subject(private_x509_pkcs10_t *this) +METHOD(certificate_t, get_subject, identification_t*, + private_x509_pkcs10_t *this) { return this->subject; } -/** - * Implementation of certificate_t.has_subject and has_issuer. - */ -static id_match_t has_subject(private_x509_pkcs10_t *this, identification_t *subject) +METHOD(certificate_t, has_subject, id_match_t, + private_x509_pkcs10_t *this, identification_t *subject) { return this->subject->matches(this->subject, subject); } -/** - * Implementation of certificate_t.issued_by. - */ -static bool issued_by(private_x509_pkcs10_t *this, certificate_t *issuer) +METHOD(certificate_t, issued_by, bool, + private_x509_pkcs10_t *this, certificate_t *issuer) { public_key_t *key; signature_scheme_t scheme; @@ -162,20 +154,16 @@ static bool issued_by(private_x509_pkcs10_t *this, certificate_t *issuer) this->signature); } -/** - * Implementation of certificate_t.get_public_key. - */ -static public_key_t* get_public_key(private_x509_pkcs10_t *this) +METHOD(certificate_t, get_public_key, public_key_t*, + private_x509_pkcs10_t *this) { this->public_key->get_ref(this->public_key); return this->public_key; } -/** - * Implementation of certificate_t.get_validity. - */ -static bool get_validity(private_x509_pkcs10_t *this, time_t *when, - time_t *not_before, time_t *not_after) +METHOD(certificate_t, get_validity, bool, + private_x509_pkcs10_t *this, time_t *when, time_t *not_before, + time_t *not_after) { if (not_before) { @@ -188,11 +176,8 @@ static bool get_validity(private_x509_pkcs10_t *this, time_t *when, return TRUE; } -/** - * Implementation of certificate_t.get_encoding. - */ -static bool get_encoding(private_x509_pkcs10_t *this, cred_encoding_type_t type, - chunk_t *encoding) +METHOD(certificate_t, get_encoding, bool, + private_x509_pkcs10_t *this, cred_encoding_type_t type, chunk_t *encoding) { if (type == CERT_ASN1_DER) { @@ -203,10 +188,8 @@ static bool get_encoding(private_x509_pkcs10_t *this, cred_encoding_type_t type, CRED_PART_PKCS10_ASN1_DER, this->encoding, CRED_PART_END); } -/** - * Implementation of certificate_t.equals. - */ -static bool equals(private_x509_pkcs10_t *this, certificate_t *other) +METHOD(certificate_t, equals, bool, + private_x509_pkcs10_t *this, certificate_t *other) { chunk_t encoding; bool equal; @@ -232,27 +215,21 @@ static bool equals(private_x509_pkcs10_t *this, certificate_t *other) return equal; } -/** - * Implementation of certificate_t.get_ref - */ -static private_x509_pkcs10_t* get_ref(private_x509_pkcs10_t *this) +METHOD(certificate_t, get_ref, certificate_t*, + private_x509_pkcs10_t *this) { ref_get(&this->ref); - return this; + return &this->public.interface.interface; } -/** - * Implementation of certificate_t.get_challengePassword. - */ -static chunk_t get_challengePassword(private_x509_pkcs10_t *this) +METHOD(pkcs10_t, get_challengePassword, chunk_t, + private_x509_pkcs10_t *this) { return this->challengePassword; } -/** - * Implementation of pkcs10_t.create_subjectAltName_enumerator. - */ -static enumerator_t* create_subjectAltName_enumerator(private_x509_pkcs10_t *this) +METHOD(pkcs10_t, create_subjectAltName_enumerator, enumerator_t*, + private_x509_pkcs10_t *this) { return this->subjectAltNames->create_enumerator(this->subjectAltNames); } @@ -299,7 +276,7 @@ static bool parse_extension_request(private_x509_pkcs10_t *this, chunk_t blob, i break; case PKCS10_EXTN_CRITICAL: critical = object.len && *object.ptr; - DBG2(DBG_LIB, " %s", critical ? "TRUE" : "FALSE"); + DBG2(DBG_ASN, " %s", critical ? "TRUE" : "FALSE"); break; case PKCS10_EXTN_VALUE: { @@ -332,25 +309,25 @@ static bool parse_challengePassword(private_x509_pkcs10_t *this, chunk_t blob, i if (blob.len < 2) { - DBG1(DBG_LIB, "L%d - challengePassword: ASN.1 object smaller " + DBG1(DBG_ASN, "L%d - challengePassword: ASN.1 object smaller " "than 2 octets", level); return FALSE; } tag = *blob.ptr; if (tag < ASN1_UTF8STRING || tag > ASN1_IA5STRING) { - DBG1(DBG_LIB, "L%d - challengePassword: ASN.1 object is not " + DBG1(DBG_ASN, "L%d - challengePassword: ASN.1 object is not " "a character string", level); return FALSE; } if (asn1_length(&blob) == ASN1_INVALID_LENGTH) { - DBG1(DBG_LIB, "L%d - challengePassword: ASN.1 object has an " + DBG1(DBG_ASN, "L%d - challengePassword: ASN.1 object has an " "invalid length", level); return FALSE; } - DBG2(DBG_LIB, "L%d - challengePassword:", level); - DBG4(DBG_LIB, " '%.*s'", blob.len, blob.ptr); + DBG2(DBG_ASN, "L%d - challengePassword:", level); + DBG4(DBG_ASN, " '%.*s'", blob.len, blob.ptr); return TRUE; } @@ -408,14 +385,14 @@ static bool parse_certificate_request(private_x509_pkcs10_t *this) case PKCS10_VERSION: if (object.len > 0 && *object.ptr != 0) { - DBG1(DBG_LIB, "PKCS#10 certificate request format is " + DBG1(DBG_ASN, "PKCS#10 certificate request format is " "not version 1"); goto end; } break; case PKCS10_SUBJECT: this->subject = identification_create_from_encoding(ID_DER_ASN1_DN, object); - DBG2(DBG_LIB, " '%Y'", this->subject); + DBG2(DBG_ASN, " '%Y'", this->subject); break; case PKCS10_SUBJECT_PUBLIC_KEY_INFO: this->public_key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, @@ -477,10 +454,8 @@ end: return success; } -/** - * Implementation of certificate_t.destroy - */ -static void destroy(private_x509_pkcs10_t *this) +METHOD(certificate_t, destroy, void, + private_x509_pkcs10_t *this) { if (ref_put(&this->ref)) { @@ -504,33 +479,32 @@ static void destroy(private_x509_pkcs10_t *this) */ static private_x509_pkcs10_t* create_empty(void) { - private_x509_pkcs10_t *this = malloc_thing(private_x509_pkcs10_t); - - this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type; - this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject; - this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_subject; - this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject; - this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_subject; - this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by; - this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key; - this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity; - this->public.interface.interface.get_encoding = (bool (*) (certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding; - this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals; - this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref; - this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy; - this->public.interface.get_challengePassword = (chunk_t (*)(pkcs10_t*))get_challengePassword; - this->public.interface.create_subjectAltName_enumerator = (enumerator_t* (*)(pkcs10_t*))create_subjectAltName_enumerator; - - this->encoding = chunk_empty; - this->certificationRequestInfo = chunk_empty; - this->subject = NULL; - this->public_key = NULL; - this->subjectAltNames = linked_list_create(); - this->challengePassword = chunk_empty; - this->signature = chunk_empty; - this->ref = 1; - this->self_signed = FALSE; - this->parsed = FALSE; + private_x509_pkcs10_t *this; + + INIT(this, + .public = { + .interface = { + .interface = { + .get_type = _get_type, + .get_subject = _get_subject, + .get_issuer = _get_subject, + .has_subject = _has_subject, + .has_issuer = _has_subject, + .issued_by = _issued_by, + .get_public_key = _get_public_key, + .get_validity = _get_validity, + .get_encoding = _get_encoding, + .equals = _equals, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .get_challengePassword = _get_challengePassword, + .create_subjectAltName_enumerator = _create_subjectAltName_enumerator, + }, + }, + .subjectAltNames = linked_list_create(), + .ref = 1, + ); return this; } diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c index bfeb74b0e..ed6fbfd91 100644 --- a/src/libstrongswan/plugins/x509/x509_plugin.c +++ b/src/libstrongswan/plugins/x509/x509_plugin.c @@ -42,29 +42,46 @@ METHOD(plugin_t, get_name, char*, return "x509"; } +METHOD(plugin_t, get_features, int, + private_x509_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(CERT_ENCODE, x509_cert_gen, FALSE), + PLUGIN_PROVIDE(CERT_ENCODE, CERT_X509), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), + PLUGIN_REGISTER(CERT_DECODE, x509_cert_load, TRUE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_X509), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), + + PLUGIN_REGISTER(CERT_ENCODE, x509_ac_gen, FALSE), + PLUGIN_PROVIDE(CERT_ENCODE, CERT_X509_AC), + PLUGIN_REGISTER(CERT_DECODE, x509_ac_load, TRUE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_AC), + + PLUGIN_REGISTER(CERT_ENCODE, x509_crl_gen, FALSE), + PLUGIN_PROVIDE(CERT_ENCODE, CERT_X509_CRL), + PLUGIN_REGISTER(CERT_DECODE, x509_crl_load, TRUE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_CRL), + + PLUGIN_REGISTER(CERT_ENCODE, x509_ocsp_request_gen, FALSE), + PLUGIN_PROVIDE(CERT_ENCODE, CERT_X509_OCSP_REQUEST), + PLUGIN_DEPENDS(HASHER, HASH_SHA1), + PLUGIN_DEPENDS(RNG, RNG_WEAK), + PLUGIN_REGISTER(CERT_DECODE, x509_ocsp_response_load, TRUE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_X509_OCSP_RESPONSE), + + PLUGIN_REGISTER(CERT_ENCODE, x509_pkcs10_gen, FALSE), + PLUGIN_PROVIDE(CERT_ENCODE, CERT_PKCS10_REQUEST), + PLUGIN_REGISTER(CERT_DECODE, x509_pkcs10_load, TRUE), + PLUGIN_PROVIDE(CERT_DECODE, CERT_PKCS10_REQUEST), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_x509_plugin_t *this) { - lib->creds->remove_builder(lib->creds, - (builder_function_t)x509_cert_gen); - lib->creds->remove_builder(lib->creds, - (builder_function_t)x509_cert_load); - lib->creds->remove_builder(lib->creds, - (builder_function_t)x509_ac_gen); - lib->creds->remove_builder(lib->creds, - (builder_function_t)x509_ac_load); - lib->creds->remove_builder(lib->creds, - (builder_function_t)x509_crl_load); - lib->creds->remove_builder(lib->creds, - (builder_function_t)x509_crl_gen); - lib->creds->remove_builder(lib->creds, - (builder_function_t)x509_ocsp_request_gen); - lib->creds->remove_builder(lib->creds, - (builder_function_t)x509_ocsp_response_load); - lib->creds->remove_builder(lib->creds, - (builder_function_t)x509_pkcs10_gen); - lib->creds->remove_builder(lib->creds, - (builder_function_t)x509_pkcs10_load); free(this); } @@ -79,33 +96,12 @@ plugin_t *x509_plugin_create() .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, FALSE, - (builder_function_t)x509_cert_gen); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, TRUE, - (builder_function_t)x509_cert_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, FALSE, - (builder_function_t)x509_ac_gen); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_AC, TRUE, - (builder_function_t)x509_ac_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, TRUE, - (builder_function_t)x509_crl_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, FALSE, - (builder_function_t)x509_crl_gen); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST, FALSE, - (builder_function_t)x509_ocsp_request_gen); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE, TRUE, - (builder_function_t)x509_ocsp_response_load); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, FALSE, - (builder_function_t)x509_pkcs10_gen); - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, TRUE, - (builder_function_t)x509_pkcs10_load); - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 35f868de4..ae23ce730 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -192,6 +192,9 @@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +axis2c_CFLAGS = @axis2c_CFLAGS@ +axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -200,6 +203,7 @@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ c_plugins = @c_plugins@ +clearsilver_LIBS = @clearsilver_LIBS@ datadir = @datadir@ datarootdir = @datarootdir@ dbusservicedir = @dbusservicedir@ @@ -216,11 +220,13 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ +imcvdir = @imcvdir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -264,6 +270,7 @@ sharedstatedir = @sharedstatedir@ soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ +starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c index 8ddde962c..53629abe5 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc.c +++ b/src/libstrongswan/plugins/xcbc/xcbc.c @@ -3,13 +3,13 @@ * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General xcbc License as published by the + * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General xcbc License + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ diff --git a/src/libstrongswan/plugins/xcbc/xcbc.h b/src/libstrongswan/plugins/xcbc/xcbc.h index f28e0b8e0..5d5eb04fb 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc.h +++ b/src/libstrongswan/plugins/xcbc/xcbc.h @@ -28,7 +28,7 @@ typedef struct xcbc_t xcbc_t; /** * Message authentication using CBC crypter. * - * This class implements the message authenticaion algorithm + * This class implements the message authentication algorithm * described in RFC3566. */ struct xcbc_t { diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c index 0fcb093c8..3c3b9d12a 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c @@ -38,13 +38,28 @@ METHOD(plugin_t, get_name, char*, return "xcbc"; } +METHOD(plugin_t, get_features, int, + private_xcbc_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(PRF, xcbc_prf_create), + PLUGIN_PROVIDE(PRF, PRF_AES128_XCBC), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), + PLUGIN_PROVIDE(PRF, PRF_CAMELLIA128_XCBC), + PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 16), + PLUGIN_REGISTER(SIGNER, xcbc_signer_create), + PLUGIN_PROVIDE(SIGNER, AUTH_CAMELLIA_XCBC_96), + PLUGIN_DEPENDS(CRYPTER, ENCR_CAMELLIA_CBC, 16), + PLUGIN_PROVIDE(SIGNER, AUTH_AES_XCBC_96), + PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), + }; + *features = f; + return countof(f); +} + METHOD(plugin_t, destroy, void, private_xcbc_plugin_t *this) { - lib->crypto->remove_prf(lib->crypto, - (prf_constructor_t)xcbc_prf_create); - lib->crypto->remove_signer(lib->crypto, - (signer_constructor_t)xcbc_signer_create); free(this); } @@ -54,36 +69,17 @@ METHOD(plugin_t, destroy, void, plugin_t *xcbc_plugin_create() { private_xcbc_plugin_t *this; - crypter_t *crypter; INIT(this, .public = { .plugin = { .get_name = _get_name, - .reload = (void*)return_false, + .get_features = _get_features, .destroy = _destroy, }, }, ); - crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16); - if (crypter) - { - crypter->destroy(crypter); - lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, get_name(this), - (prf_constructor_t)xcbc_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, get_name(this), - (signer_constructor_t)xcbc_signer_create); - } - crypter = lib->crypto->create_crypter(lib->crypto, ENCR_CAMELLIA_CBC, 16); - if (crypter) - { - crypter->destroy(crypter); - lib->crypto->add_prf(lib->crypto, PRF_CAMELLIA128_XCBC, get_name(this), - (prf_constructor_t)xcbc_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96, get_name(this), - (signer_constructor_t)xcbc_signer_create); - } return &this->public.plugin; } diff --git a/src/libstrongswan/printf_hook.c b/src/libstrongswan/printf_hook.c index 7e7045d69..c3b5191fd 100644 --- a/src/libstrongswan/printf_hook.c +++ b/src/libstrongswan/printf_hook.c @@ -173,7 +173,7 @@ static int custom_fmt_cb(Vstr_base *base, size_t pos, Vstr_fmt_spec *fmt_spec) { vstr_add_buf(base, pos, buf, written); } - return TRUE; + return 1; } /** diff --git a/src/libstrongswan/processing/jobs/callback_job.c b/src/libstrongswan/processing/jobs/callback_job.c index 0043a9cdb..13f22e69c 100644 --- a/src/libstrongswan/processing/jobs/callback_job.c +++ b/src/libstrongswan/processing/jobs/callback_job.c @@ -62,7 +62,7 @@ struct private_callback_job_t { mutex_t *mutex; /** - * list of asociated child jobs + * list of associated child jobs */ linked_list_t *children; @@ -88,6 +88,11 @@ struct private_callback_job_t { * without risking that it gets freed too early during destruction. */ sem_t *terminated; + + /** + * Priority of this job + */ + job_priority_t prio; }; /** @@ -227,12 +232,18 @@ METHOD(job_t, execute, void, thread_cleanup_pop(cleanup); } +METHOD(job_t, get_priority, job_priority_t, + private_callback_job_t *this) +{ + return this->prio; +} + /* * Described in header. */ -callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, - callback_job_cleanup_t cleanup, - callback_job_t *parent) +callback_job_t *callback_job_create_with_prio(callback_job_cb_t cb, void *data, + callback_job_cleanup_t cleanup, callback_job_t *parent, + job_priority_t prio) { private_callback_job_t *this; @@ -240,6 +251,7 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, .public = { .job = { .execute = _execute, + .get_priority = _get_priority, .destroy = _destroy, }, .cancel = _cancel, @@ -251,6 +263,7 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, .children = linked_list_create(), .parent = (private_callback_job_t*)parent, .destroyable = condvar_create(CONDVAR_TYPE_DEFAULT), + .prio = prio, ); /* register us at parent */ @@ -264,3 +277,13 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, return &this->public; } +/* + * Described in header. + */ +callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, + callback_job_cleanup_t cleanup, + callback_job_t *parent) +{ + return callback_job_create_with_prio(cb, data, cleanup, parent, + JOB_PRIO_MEDIUM); +} diff --git a/src/libstrongswan/processing/jobs/callback_job.h b/src/libstrongswan/processing/jobs/callback_job.h index 1eb5664d3..3e92b01c0 100644 --- a/src/libstrongswan/processing/jobs/callback_job.h +++ b/src/libstrongswan/processing/jobs/callback_job.h @@ -120,4 +120,20 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, callback_job_cleanup_t cleanup, callback_job_t *parent); +/** + * Creates a callback job, with priority. + * + * Same as callback_job_create(), but with different priorities than default. + * + * @param cb callback to call from the processor + * @param data user data to supply to callback + * @param cleanup destructor for data on destruction, or NULL + * @param parent parent of this job + * @param prio job priority + * @return callback_job_t object + */ +callback_job_t *callback_job_create_with_prio(callback_job_cb_t cb, void *data, + callback_job_cleanup_t cleanup, callback_job_t *parent, + job_priority_t prio); + #endif /** CALLBACK_JOB_H_ @}*/ diff --git a/src/libstrongswan/processing/jobs/job.c b/src/libstrongswan/processing/jobs/job.c new file mode 100644 index 000000000..ccb897173 --- /dev/null +++ b/src/libstrongswan/processing/jobs/job.c @@ -0,0 +1,23 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "job.h" + +ENUM(job_priority_names, JOB_PRIO_CRITICAL, JOB_PRIO_LOW, + "critical", + "high", + "medium", + "low", +); diff --git a/src/libstrongswan/processing/jobs/job.h b/src/libstrongswan/processing/jobs/job.h index 0f1c16ebe..d25cee03e 100644 --- a/src/libstrongswan/processing/jobs/job.h +++ b/src/libstrongswan/processing/jobs/job.h @@ -23,11 +23,32 @@ #define JOB_H_ typedef struct job_t job_t; +typedef enum job_priority_t job_priority_t; #include <library.h> /** - * Job-Interface as it is stored in the job queue. + * Priority classes of jobs + */ +enum job_priority_t { + /** Critical infrastructure jobs that should always been served */ + JOB_PRIO_CRITICAL = 0, + /** Short jobs executed with highest priority */ + JOB_PRIO_HIGH, + /** Default job priority */ + JOB_PRIO_MEDIUM, + /** Low priority jobs with thread blocking operations */ + JOB_PRIO_LOW, + JOB_PRIO_MAX +}; + +/** + * Enum names for job priorities + */ +extern enum_name_t *job_priority_names; + +/** + * Job interface as it is stored in the job queue. */ struct job_t { @@ -41,12 +62,19 @@ struct job_t { void (*execute) (job_t *this); /** + * Get the priority of a job. + * + * @return job priority + */ + job_priority_t (*get_priority)(job_t *this); + + /** * Destroy a job. * * Is only called whenever a job was not executed (e.g. due daemon shutdown). * After execution, jobs destroy themself. */ - void (*destroy) (job_t *job); + void (*destroy) (job_t *this); }; #endif /** JOB_H_ @}*/ diff --git a/src/libstrongswan/processing/processor.c b/src/libstrongswan/processing/processor.c index de556f86b..222f1a535 100644 --- a/src/libstrongswan/processing/processor.c +++ b/src/libstrongswan/processing/processor.c @@ -1,6 +1,7 @@ /* * Copyright (C) 2005-2011 Martin Willi * Copyright (C) 2011 revosec AG + * Copyright (C) 2008-2011 Tobias Brunner * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -25,15 +26,16 @@ #include <threading/thread.h> #include <threading/condvar.h> #include <threading/mutex.h> +#include <threading/thread_value.h> #include <utils/linked_list.h> - typedef struct private_processor_t private_processor_t; /** * Private data of processor_t class. */ struct private_processor_t { + /** * Public processor_t interface. */ @@ -50,9 +52,9 @@ struct private_processor_t { u_int desired_threads; /** - * Number of threads waiting for work + * Number of threads currently working, for each priority */ - u_int idle_threads; + u_int working_threads[JOB_PRIO_MAX]; /** * All threads managed in the pool (including threads that have been @@ -61,12 +63,22 @@ struct private_processor_t { linked_list_t *threads; /** - * The jobs are stored in a linked list + * A list of queued jobs for each priority + */ + linked_list_t *jobs[JOB_PRIO_MAX]; + + /** + * Threads reserved for each priority + */ + int prio_threads[JOB_PRIO_MAX]; + + /** + * Priority of the job executed by a thread */ - linked_list_t *list; + thread_value_t *priority; /** - * access to linked_list is locked through this mutex + * access to job lists is locked through this mutex */ mutex_t *mutex; @@ -90,7 +102,7 @@ static void restart(private_processor_t *this) { thread_t *thread; - DBG2(DBG_JOB, "terminated worker thread, ID: %u", thread_current_id()); + DBG2(DBG_JOB, "terminated worker thread %.2u", thread_current_id()); /* respawn thread if required */ this->mutex->lock(this->mutex); @@ -108,6 +120,31 @@ static void restart(private_processor_t *this) } /** + * Decrement working thread count of a priority class + */ +static void decrement_working_threads(private_processor_t *this) +{ + this->mutex->lock(this->mutex); + this->working_threads[(intptr_t)this->priority->get(this->priority)]--; + this->mutex->unlock(this->mutex); +} + +/** + * Get number of idle threads, non-locking variant + */ +static u_int get_idle_threads_nolock(private_processor_t *this) +{ + u_int count, i; + + count = this->total_threads; + for (i = 0; i < JOB_PRIO_MAX; i++) + { + count -= this->working_threads[i]; + } + return count; +} + +/** * Process queued jobs, called by the worker threads */ static void process_jobs(private_processor_t *this) @@ -115,27 +152,51 @@ static void process_jobs(private_processor_t *this) /* worker threads are not cancellable by default */ thread_cancelability(FALSE); - DBG2(DBG_JOB, "started worker thread, ID: %u", thread_current_id()); + DBG2(DBG_JOB, "started worker thread %.2u", thread_current_id()); this->mutex->lock(this->mutex); while (this->desired_threads >= this->total_threads) { - job_t *job; + job_t *job = NULL; + int i, reserved = 0, idle; - if (this->list->get_count(this->list) == 0) + idle = get_idle_threads_nolock(this); + + for (i = 0; i < JOB_PRIO_MAX; i++) + { + if (reserved && reserved >= idle) + { + DBG2(DBG_JOB, "delaying %N priority jobs: %d threads idle, " + "but %d reserved for higher priorities", + job_priority_names, i, idle, reserved); + break; + } + if (this->working_threads[i] < this->prio_threads[i]) + { + reserved += this->prio_threads[i] - this->working_threads[i]; + } + if (this->jobs[i]->remove_first(this->jobs[i], + (void**)&job) == SUCCESS) + { + this->working_threads[i]++; + this->mutex->unlock(this->mutex); + this->priority->set(this->priority, (void*)(intptr_t)i); + /* terminated threads are restarted to get a constant pool */ + thread_cleanup_push((thread_cleanup_t)restart, this); + thread_cleanup_push((thread_cleanup_t)decrement_working_threads, + this); + job->execute(job); + thread_cleanup_pop(FALSE); + thread_cleanup_pop(FALSE); + this->mutex->lock(this->mutex); + this->working_threads[i]--; + break; + } + } + if (!job) { - this->idle_threads++; this->job_added->wait(this->job_added, this->mutex); - this->idle_threads--; - continue; } - this->list->remove_first(this->list, (void**)&job); - this->mutex->unlock(this->mutex); - /* terminated threads are restarted, so we have a constant pool */ - thread_cleanup_push((thread_cleanup_t)restart, this); - job->execute(job); - thread_cleanup_pop(FALSE); - this->mutex->lock(this->mutex); } this->total_threads--; this->thread_terminated->signal(this->thread_terminated); @@ -159,18 +220,42 @@ METHOD(processor_t, get_idle_threads, u_int, u_int count; this->mutex->lock(this->mutex); - count = this->idle_threads; + count = get_idle_threads_nolock(this); + this->mutex->unlock(this->mutex); + return count; +} + +/** + * Check priority bounds + */ +static job_priority_t sane_prio(job_priority_t prio) +{ + if ((int)prio < 0 || prio >= JOB_PRIO_MAX) + { + return JOB_PRIO_MAX - 1; + } + return prio; +} + +METHOD(processor_t, get_working_threads, u_int, + private_processor_t *this, job_priority_t prio) +{ + u_int count; + + this->mutex->lock(this->mutex); + count = this->working_threads[sane_prio(prio)]; this->mutex->unlock(this->mutex); return count; } METHOD(processor_t, get_job_load, u_int, - private_processor_t *this) + private_processor_t *this, job_priority_t prio) { u_int load; + prio = sane_prio(prio); this->mutex->lock(this->mutex); - load = this->list->get_count(this->list); + load = this->jobs[prio]->get_count(this->jobs[prio]); this->mutex->unlock(this->mutex); return load; } @@ -178,8 +263,11 @@ METHOD(processor_t, get_job_load, u_int, METHOD(processor_t, queue_job, void, private_processor_t *this, job_t *job) { + job_priority_t prio; + + prio = sane_prio(job->get_priority(job)); this->mutex->lock(this->mutex); - this->list->insert_last(this->list, job); + this->jobs[prio]->insert_last(this->jobs[prio], job); this->job_added->signal(this->job_added); this->mutex->unlock(this->mutex); } @@ -217,6 +305,7 @@ METHOD(processor_t, destroy, void, private_processor_t *this) { thread_t *current; + int i; set_threads(this, 0); this->mutex->lock(this->mutex); @@ -231,10 +320,14 @@ METHOD(processor_t, destroy, void, current->join(current); } this->mutex->unlock(this->mutex); + this->priority->destroy(this->priority); this->thread_terminated->destroy(this->thread_terminated); this->job_added->destroy(this->job_added); this->mutex->destroy(this->mutex); - this->list->destroy_offset(this->list, offsetof(job_t, destroy)); + for (i = 0; i < JOB_PRIO_MAX; i++) + { + this->jobs[i]->destroy_offset(this->jobs[i], offsetof(job_t, destroy)); + } this->threads->destroy(this->threads); free(this); } @@ -245,22 +338,31 @@ METHOD(processor_t, destroy, void, processor_t *processor_create() { private_processor_t *this; + int i; INIT(this, .public = { .get_total_threads = _get_total_threads, .get_idle_threads = _get_idle_threads, + .get_working_threads = _get_working_threads, .get_job_load = _get_job_load, .queue_job = _queue_job, .set_threads = _set_threads, .destroy = _destroy, }, - .list = linked_list_create(), .threads = linked_list_create(), + .priority = thread_value_create(NULL), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .job_added = condvar_create(CONDVAR_TYPE_DEFAULT), .thread_terminated = condvar_create(CONDVAR_TYPE_DEFAULT), ); + for (i = 0; i < JOB_PRIO_MAX; i++) + { + this->jobs[i] = linked_list_create(); + this->prio_threads[i] = lib->settings->get_int(lib->settings, + "libstrongswan.processor.priority_threads.%N", 0, + job_priority_names, i); + } return &this->public; } diff --git a/src/libstrongswan/processing/processor.h b/src/libstrongswan/processing/processor.h index bebbe3a15..5db42c04c 100644 --- a/src/libstrongswan/processing/processor.h +++ b/src/libstrongswan/processing/processor.h @@ -42,18 +42,27 @@ struct processor_t { u_int (*get_total_threads) (processor_t *this); /** - * Get the number of threads currently waiting. + * Get the number of threads currently waiting for work. * * @return number of idle threads */ u_int (*get_idle_threads) (processor_t *this); /** - * Get the number of queued jobs. + * Get the number of threads currently working, per priority class. * + * @param prioritiy to check + * @return number of threads in priority working + */ + u_int (*get_working_threads)(processor_t *this, job_priority_t prio); + + /** + * Get the number of queued jobs for a specified priority. + * + * @param prio priority class to get job load for * @return number of items in queue */ - u_int (*get_job_load) (processor_t *this); + u_int (*get_job_load) (processor_t *this, job_priority_t prio); /** * Adds a job to the queue. diff --git a/src/libstrongswan/processing/scheduler.c b/src/libstrongswan/processing/scheduler.c index 7d9bcd70f..f3cc1164a 100644 --- a/src/libstrongswan/processing/scheduler.c +++ b/src/libstrongswan/processing/scheduler.c @@ -341,7 +341,8 @@ scheduler_t * scheduler_create() this->heap = (event_t**)calloc(this->heap_size + 1, sizeof(event_t*)); - this->job = callback_job_create((callback_job_cb_t)schedule, this, NULL, NULL); + this->job = callback_job_create_with_prio((callback_job_cb_t)schedule, + this, NULL, NULL, JOB_PRIO_CRITICAL); lib->processor->queue_job(lib->processor, (job_t*)this->job); return &this->public; diff --git a/src/libstrongswan/processing/scheduler.h b/src/libstrongswan/processing/scheduler.h index f2c72550f..abbf74e2c 100644 --- a/src/libstrongswan/processing/scheduler.h +++ b/src/libstrongswan/processing/scheduler.h @@ -35,7 +35,7 @@ typedef struct scheduler_t scheduler_t; * based data structure that satisfies the following property: if B is a child * node of A, then key(A) >= (or <=) key(B). So either the element with the * greatest (max-heap) or the smallest (min-heap) key is the root of the heap. - * We use a min-heap whith the key being the absolute unix time at which an + * We use a min-heap with the key being the absolute unix time at which an * event is scheduled. So the root is always the event that will fire next. * * An earlier implementation of the scheduler used a sorted linked list to store diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c index 32da194ef..b1bcf1b2d 100644 --- a/src/libstrongswan/selectors/traffic_selector.c +++ b/src/libstrongswan/selectors/traffic_selector.c @@ -24,6 +24,7 @@ #include <utils/linked_list.h> #include <utils/identification.h> +#include <debug.h> #define NON_SUBNET_ADDRESS_RANGE 255 @@ -61,7 +62,7 @@ struct private_traffic_selector_t { bool dynamic; /** - * subnet size in CIDR notation, 255 means a non-subnet address range + * subnet size in CIDR notation, 255 means a non-subnet address range */ u_int8_t netbits; @@ -129,12 +130,12 @@ static void calc_range(private_traffic_selector_t *this, u_int8_t netbits) static u_int8_t calc_netbits(private_traffic_selector_t *this) { int byte, bit; - u_int8_t netbits; + u_int8_t netbits; size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; bool prefix = TRUE; - + /* a perfect match results in a single address with a /32 or /128 netmask */ - netbits = (size * 8); + netbits = (size * 8); this->netbits = netbits; /* go through all bits of the addresses, beginning in the front. @@ -152,7 +153,7 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this) { /* store the common prefix which might be a true subnet */ netbits = (7 - bit) + (byte * 8); - this->netbits = netbits; + this->netbits = netbits; prefix = FALSE; } } @@ -164,7 +165,7 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this) return netbits; /* return a pseudo subnet */ } - } + } } } return netbits; /* return a true subnet */ @@ -183,7 +184,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec { private_traffic_selector_t *this = *((private_traffic_selector_t**)(args[0])); linked_list_t *list = *((linked_list_t**)(args[0])); - iterator_t *iterator; + enumerator_t *enumerator; char from_str[INET6_ADDRSTRLEN] = ""; char to_str[INET6_ADDRSTRLEN] = ""; char *serv_proto = NULL; @@ -199,13 +200,13 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec if (spec->hash) { - iterator = list->create_iterator(list, TRUE); - while (iterator->iterate(iterator, (void**)&this)) + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, (void**)&this)) { /* call recursivly */ written += print_in_hook(dst, len, "%R ", this); } - iterator->destroy(iterator); + enumerator->destroy(enumerator); return written; } @@ -305,7 +306,7 @@ int traffic_selector_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec } /** - * implements traffic_selector_t.get_subset + * Implements traffic_selector_t.get_subset */ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_traffic_selector_t *other) { @@ -376,7 +377,7 @@ static traffic_selector_t *get_subset(private_traffic_selector_t *this, private_ } /** - * implements traffic_selector_t.equals + * Implements traffic_selector_t.equals */ static bool equals(private_traffic_selector_t *this, private_traffic_selector_t *other) { @@ -412,10 +413,8 @@ static bool equals(private_traffic_selector_t *this, private_traffic_selector_t return FALSE; } -/** - * Implements traffic_selector_t.get_from_address. - */ -static chunk_t get_from_address(private_traffic_selector_t *this) +METHOD(traffic_selector_t, get_from_address, chunk_t, + private_traffic_selector_t *this) { switch (this->type) { @@ -428,10 +427,8 @@ static chunk_t get_from_address(private_traffic_selector_t *this) } } -/** - * Implements traffic_selector_t.get_to_address. - */ -static chunk_t get_to_address(private_traffic_selector_t *this) +METHOD(traffic_selector_t, get_to_address, chunk_t, + private_traffic_selector_t *this) { switch (this->type) { @@ -444,42 +441,32 @@ static chunk_t get_to_address(private_traffic_selector_t *this) } } -/** - * Implements traffic_selector_t.get_from_port. - */ -static u_int16_t get_from_port(private_traffic_selector_t *this) +METHOD(traffic_selector_t, get_from_port, u_int16_t, + private_traffic_selector_t *this) { return this->from_port; } -/** - * Implements traffic_selector_t.get_to_port. - */ -static u_int16_t get_to_port(private_traffic_selector_t *this) +METHOD(traffic_selector_t, get_to_port, u_int16_t, + private_traffic_selector_t *this) { return this->to_port; } -/** - * Implements traffic_selector_t.get_type. - */ -static ts_type_t get_type(private_traffic_selector_t *this) +METHOD(traffic_selector_t, get_type, ts_type_t, + private_traffic_selector_t *this) { return this->type; } -/** - * Implements traffic_selector_t.get_protocol. - */ -static u_int8_t get_protocol(private_traffic_selector_t *this) +METHOD(traffic_selector_t, get_protocol, u_int8_t, + private_traffic_selector_t *this) { return this->protocol; } -/** - * Implements traffic_selector_t.is_host. - */ -static bool is_host(private_traffic_selector_t *this, host_t *host) +METHOD(traffic_selector_t, is_host, bool, + private_traffic_selector_t *this, host_t *host) { if (host) { @@ -514,18 +501,14 @@ static bool is_host(private_traffic_selector_t *this, host_t *host) return FALSE; } -/** - * Implementation of traffic_selector_t.is_dynamic - */ -static bool is_dynamic(private_traffic_selector_t *this) +METHOD(traffic_selector_t, is_dynamic, bool, + private_traffic_selector_t *this) { return this->dynamic; } -/** - * Implements traffic_selector_t.set_address. - */ -static void set_address(private_traffic_selector_t *this, host_t *host) +METHOD(traffic_selector_t, set_address, void, + private_traffic_selector_t *this, host_t *host) { if (this->dynamic) { @@ -570,10 +553,8 @@ static bool is_contained_in(private_traffic_selector_t *this, return contained_in; } -/** - * Implements traffic_selector_t.includes. - */ -static bool includes(private_traffic_selector_t *this, host_t *host) +METHOD(traffic_selector_t, includes, bool, + private_traffic_selector_t *this, host_t *host) { chunk_t addr; int family = host->get_family(host); @@ -590,16 +571,14 @@ static bool includes(private_traffic_selector_t *this, host_t *host) return FALSE; } -/** - * Implements traffic_selector_t.to_subnet. - */ -static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t *mask) +METHOD(traffic_selector_t, to_subnet, void, + private_traffic_selector_t *this, host_t **net, u_int8_t *mask) { /* there is no way to do this cleanly, as the address range may * be anything else but a subnet. We use from_addr as subnet * and try to calculate a usable subnet mask. */ - int family, byte; + int family, non_zero_bytes; u_int16_t port = 0; chunk_t net_chunk; @@ -622,12 +601,12 @@ static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t * } net_chunk.ptr = malloc(net_chunk.len); - memcpy(net_chunk.ptr, this->from, net_chunk.len); - - for (byte = net_chunk.len - 1; byte >= (*mask / 8); --byte) + memset(net_chunk.ptr, 0x00, net_chunk.len); + if (*mask) { - int shift = (byte + 1) * 8 - *mask; - net_chunk.ptr[byte] = net_chunk.ptr[byte] & (0xFF << shift); + non_zero_bytes = (*mask + 7) / 8; + memcpy(net_chunk.ptr, this->from, non_zero_bytes); + net_chunk.ptr[non_zero_bytes-1] &= 0xFF << (8 * non_zero_bytes - *mask); } if (this->to_port == this->from_port) @@ -639,10 +618,8 @@ static void to_subnet(private_traffic_selector_t *this, host_t **net, u_int8_t * chunk_free(&net_chunk); } -/** - * Implements traffic_selector_t.clone. - */ -static traffic_selector_t *clone_(private_traffic_selector_t *this) +METHOD(traffic_selector_t, clone_, traffic_selector_t*, + private_traffic_selector_t *this) { private_traffic_selector_t *clone; @@ -667,10 +644,8 @@ static traffic_selector_t *clone_(private_traffic_selector_t *this) } } -/** - * Implements traffic_selector_t.destroy. - */ -static void destroy(private_traffic_selector_t *this) +METHOD(traffic_selector_t, destroy, void, + private_traffic_selector_t *this) { free(this); } @@ -887,31 +862,32 @@ traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, ts_type_t type, u_int16_t from_port, u_int16_t to_port) { - private_traffic_selector_t *this = malloc_thing(private_traffic_selector_t); - - /* public functions */ - this->public.get_subset = (traffic_selector_t*(*)(traffic_selector_t*,traffic_selector_t*))get_subset; - this->public.equals = (bool(*)(traffic_selector_t*,traffic_selector_t*))equals; - this->public.get_from_address = (chunk_t(*)(traffic_selector_t*))get_from_address; - this->public.get_to_address = (chunk_t(*)(traffic_selector_t*))get_to_address; - this->public.get_from_port = (u_int16_t(*)(traffic_selector_t*))get_from_port; - this->public.get_to_port = (u_int16_t(*)(traffic_selector_t*))get_to_port; - this->public.get_type = (ts_type_t(*)(traffic_selector_t*))get_type; - this->public.get_protocol = (u_int8_t(*)(traffic_selector_t*))get_protocol; - this->public.is_host = (bool(*)(traffic_selector_t*,host_t*))is_host; - this->public.is_dynamic = (bool(*)(traffic_selector_t*))is_dynamic; - this->public.is_contained_in = (bool(*)(traffic_selector_t*,traffic_selector_t*))is_contained_in; - this->public.includes = (bool(*)(traffic_selector_t*,host_t*))includes; - this->public.set_address = (void(*)(traffic_selector_t*,host_t*))set_address; - this->public.to_subnet = (void(*)(traffic_selector_t*,host_t**,u_int8_t*))to_subnet; - this->public.clone = (traffic_selector_t*(*)(traffic_selector_t*))clone_; - this->public.destroy = (void(*)(traffic_selector_t*))destroy; - - this->from_port = from_port; - this->to_port = to_port; - this->protocol = protocol; - this->type = type; - this->dynamic = FALSE; + private_traffic_selector_t *this; + + INIT(this, + .public = { + .get_subset = (traffic_selector_t*(*)(traffic_selector_t*,traffic_selector_t*))get_subset, + .equals = (bool(*)(traffic_selector_t*,traffic_selector_t*))equals, + .get_from_address = _get_from_address, + .get_to_address = _get_to_address, + .get_from_port = _get_from_port, + .get_to_port = _get_to_port, + .get_type = _get_type, + .get_protocol = _get_protocol, + .is_host = _is_host, + .is_dynamic = _is_dynamic, + .is_contained_in = (bool(*)(traffic_selector_t*,traffic_selector_t*))is_contained_in, + .includes = _includes, + .set_address = _set_address, + .to_subnet = _to_subnet, + .clone = _clone_, + .destroy = _destroy, + }, + .from_port = from_port, + .to_port = to_port, + .protocol = protocol, + .type = type, + ); return this; } diff --git a/src/libstrongswan/settings.c b/src/libstrongswan/settings.c index 8a2248b46..b26fbebb4 100644 --- a/src/libstrongswan/settings.c +++ b/src/libstrongswan/settings.c @@ -965,6 +965,7 @@ static bool parse_file(linked_list_t *contents, char *file, int level, if (fread(text, 1, len, fd) != len) { free(text); + fclose(fd); return FALSE; } fclose(fd); diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h index 9ccd02327..a864779f1 100644 --- a/src/libstrongswan/settings.h +++ b/src/libstrongswan/settings.h @@ -110,7 +110,7 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def); * already existing values are replaced. * * All settings included from files are added relative to the section the - * include statment is in. + * include statement is in. * * The following files result in the same final config as above: * diff --git a/src/libstrongswan/threading/mutex.c b/src/libstrongswan/threading/mutex.c index 8597abb44..3bdb3bf29 100644 --- a/src/libstrongswan/threading/mutex.c +++ b/src/libstrongswan/threading/mutex.c @@ -96,11 +96,8 @@ struct private_condvar_t { }; - -/** - * Implementation of mutex_t.lock. - */ -static void lock(private_mutex_t *this) +METHOD(mutex_t, lock, void, + private_mutex_t *this) { int err; @@ -113,10 +110,8 @@ static void lock(private_mutex_t *this) profiler_end(&this->profile); } -/** - * Implementation of mutex_t.unlock. - */ -static void unlock(private_mutex_t *this) +METHOD(mutex_t, unlock, void, + private_mutex_t *this) { int err; @@ -127,10 +122,8 @@ static void unlock(private_mutex_t *this) } } -/** - * Implementation of mutex_t.lock. - */ -static void lock_r(private_r_mutex_t *this) +METHOD(mutex_t, lock_r, void, + private_r_mutex_t *this) { pthread_t self = pthread_self(); @@ -151,10 +144,8 @@ static void lock_r(private_r_mutex_t *this) } } -/** - * Implementation of mutex_t.unlock. - */ -static void unlock_r(private_r_mutex_t *this) +METHOD(mutex_t, unlock_r, void, + private_r_mutex_t *this) { uintptr_t times; @@ -169,20 +160,16 @@ static void unlock_r(private_r_mutex_t *this) } } -/** - * Implementation of mutex_t.destroy - */ -static void mutex_destroy(private_mutex_t *this) +METHOD(mutex_t, mutex_destroy, void, + private_mutex_t *this) { profiler_cleanup(&this->profile); pthread_mutex_destroy(&this->mutex); free(this); } -/** - * Implementation of mutex_t.destroy for recursive mutex' - */ -static void mutex_destroy_r(private_r_mutex_t *this) +METHOD(mutex_t, mutex_destroy_r, void, + private_r_mutex_t *this) { profiler_cleanup(&this->generic.profile); pthread_mutex_destroy(&this->generic.mutex); @@ -199,31 +186,39 @@ mutex_t *mutex_create(mutex_type_t type) { case MUTEX_TYPE_RECURSIVE: { - private_r_mutex_t *this = malloc_thing(private_r_mutex_t); - - this->generic.public.lock = (void(*)(mutex_t*))lock_r; - this->generic.public.unlock = (void(*)(mutex_t*))unlock_r; - this->generic.public.destroy = (void(*)(mutex_t*))mutex_destroy_r; + private_r_mutex_t *this; + + INIT(this, + .generic = { + .public = { + .lock = _lock_r, + .unlock = _unlock_r, + .destroy = _mutex_destroy_r, + }, + .recursive = TRUE, + }, + ); pthread_mutex_init(&this->generic.mutex, NULL); pthread_key_create(&this->times, NULL); - this->generic.recursive = TRUE; profiler_init(&this->generic.profile); - this->thread = 0; return &this->generic.public; } case MUTEX_TYPE_DEFAULT: default: { - private_mutex_t *this = malloc_thing(private_mutex_t); + private_mutex_t *this; - this->public.lock = (void(*)(mutex_t*))lock; - this->public.unlock = (void(*)(mutex_t*))unlock; - this->public.destroy = (void(*)(mutex_t*))mutex_destroy; + INIT(this, + .public = { + .lock = _lock, + .unlock = _unlock, + .destroy = _mutex_destroy, + }, + ); pthread_mutex_init(&this->mutex, NULL); - this->recursive = FALSE; profiler_init(&this->profile); return &this->public; @@ -232,11 +227,8 @@ mutex_t *mutex_create(mutex_type_t type) } - -/** - * Implementation of condvar_t.wait. - */ -static void _wait(private_condvar_t *this, private_mutex_t *mutex) +METHOD(condvar_t, wait_, void, + private_condvar_t *this, private_mutex_t *mutex) { if (mutex->recursive) { @@ -258,11 +250,8 @@ static void _wait(private_condvar_t *this, private_mutex_t *mutex) #define pthread_cond_timedwait pthread_cond_timedwait_monotonic #endif -/** - * Implementation of condvar_t.timed_wait_abs. - */ -static bool timed_wait_abs(private_condvar_t *this, private_mutex_t *mutex, - timeval_t time) +METHOD(condvar_t, timed_wait_abs, bool, + private_condvar_t *this, private_mutex_t *mutex, timeval_t time) { struct timespec ts; bool timed_out; @@ -287,11 +276,8 @@ static bool timed_wait_abs(private_condvar_t *this, private_mutex_t *mutex, return timed_out; } -/** - * Implementation of condvar_t.timed_wait. - */ -static bool timed_wait(private_condvar_t *this, private_mutex_t *mutex, - u_int timeout) +METHOD(condvar_t, timed_wait, bool, + private_condvar_t *this, private_mutex_t *mutex, u_int timeout) { timeval_t tv; u_int s, ms; @@ -312,26 +298,20 @@ static bool timed_wait(private_condvar_t *this, private_mutex_t *mutex, return timed_wait_abs(this, mutex, tv); } -/** - * Implementation of condvar_t.signal. - */ -static void _signal(private_condvar_t *this) +METHOD(condvar_t, signal_, void, + private_condvar_t *this) { pthread_cond_signal(&this->condvar); } -/** - * Implementation of condvar_t.broadcast. - */ -static void broadcast(private_condvar_t *this) +METHOD(condvar_t, broadcast, void, + private_condvar_t *this) { pthread_cond_broadcast(&this->condvar); } -/** - * Implementation of condvar_t.destroy - */ -static void condvar_destroy(private_condvar_t *this) +METHOD(condvar_t, condvar_destroy, void, + private_condvar_t *this) { pthread_cond_destroy(&this->condvar); free(this); @@ -347,14 +327,18 @@ condvar_t *condvar_create(condvar_type_t type) case CONDVAR_TYPE_DEFAULT: default: { - private_condvar_t *this = malloc_thing(private_condvar_t); - - this->public.wait = (void(*)(condvar_t*, mutex_t *mutex))_wait; - this->public.timed_wait = (bool(*)(condvar_t*, mutex_t *mutex, u_int timeout))timed_wait; - this->public.timed_wait_abs = (bool(*)(condvar_t*, mutex_t *mutex, timeval_t time))timed_wait_abs; - this->public.signal = (void(*)(condvar_t*))_signal; - this->public.broadcast = (void(*)(condvar_t*))broadcast; - this->public.destroy = (void(*)(condvar_t*))condvar_destroy; + private_condvar_t *this; + + INIT(this, + .public = { + .wait = (void*)_wait_, + .timed_wait = (void*)_timed_wait, + .timed_wait_abs = (void*)_timed_wait_abs, + .signal = _signal_, + .broadcast = _broadcast, + .destroy = _condvar_destroy, + } + ); #ifdef HAVE_PTHREAD_CONDATTR_INIT { diff --git a/src/libstrongswan/threading/rwlock.c b/src/libstrongswan/threading/rwlock.c index cec43f59c..15dc0b334 100644 --- a/src/libstrongswan/threading/rwlock.c +++ b/src/libstrongswan/threading/rwlock.c @@ -87,10 +87,8 @@ struct private_rwlock_t { #ifdef HAVE_PTHREAD_RWLOCK_INIT -/** - * Implementation of rwlock_t.read_lock - */ -static void read_lock(private_rwlock_t *this) +METHOD(rwlock_t, read_lock, void, + private_rwlock_t *this) { int err; @@ -103,10 +101,8 @@ static void read_lock(private_rwlock_t *this) profiler_end(&this->profile); } -/** - * Implementation of rwlock_t.write_lock - */ -static void write_lock(private_rwlock_t *this) +METHOD(rwlock_t, write_lock, void, + private_rwlock_t *this) { int err; @@ -119,18 +115,14 @@ static void write_lock(private_rwlock_t *this) profiler_end(&this->profile); } -/** - * Implementation of rwlock_t.try_write_lock - */ -static bool try_write_lock(private_rwlock_t *this) +METHOD(rwlock_t, try_write_lock, bool, + private_rwlock_t *this) { return pthread_rwlock_trywrlock(&this->rwlock) == 0; } -/** - * Implementation of rwlock_t.unlock - */ -static void rw_unlock(private_rwlock_t *this) +METHOD(rwlock_t, unlock, void, + private_rwlock_t *this) { int err; @@ -141,10 +133,8 @@ static void rw_unlock(private_rwlock_t *this) } } -/** - * Implementation of rwlock_t.destroy - */ -static void rw_destroy(private_rwlock_t *this) +METHOD(rwlock_t, destroy, void, + private_rwlock_t *this) { pthread_rwlock_destroy(&this->rwlock); profiler_cleanup(&this->profile); @@ -161,13 +151,17 @@ rwlock_t *rwlock_create(rwlock_type_t type) case RWLOCK_TYPE_DEFAULT: default: { - private_rwlock_t *this = malloc_thing(private_rwlock_t); - - this->public.read_lock = (void(*)(rwlock_t*))read_lock; - this->public.write_lock = (void(*)(rwlock_t*))write_lock; - this->public.try_write_lock = (bool(*)(rwlock_t*))try_write_lock; - this->public.unlock = (void(*)(rwlock_t*))rw_unlock; - this->public.destroy = (void(*)(rwlock_t*))rw_destroy; + private_rwlock_t *this; + + INIT(this, + .public = { + .read_lock = _read_lock, + .write_lock = _write_lock, + .try_write_lock = _try_write_lock, + .unlock = _unlock, + .destroy = _destroy, + } + ); pthread_rwlock_init(&this->rwlock, NULL); profiler_init(&this->profile); @@ -200,10 +194,8 @@ rwlock_t *rwlock_create(rwlock_type_t type) * checked or enforced so behave yourself to prevent deadlocks). */ -/** - * Implementation of rwlock_t.read_lock - */ -static void read_lock(private_rwlock_t *this) +METHOD(rwlock_t, read_lock, void, + private_rwlock_t *this) { profiler_start(&this->profile); this->mutex->lock(this->mutex); @@ -216,10 +208,8 @@ static void read_lock(private_rwlock_t *this) this->mutex->unlock(this->mutex); } -/** - * Implementation of rwlock_t.write_lock - */ -static void write_lock(private_rwlock_t *this) +METHOD(rwlock_t, write_lock, void, + private_rwlock_t *this) { profiler_start(&this->profile); this->mutex->lock(this->mutex); @@ -234,10 +224,8 @@ static void write_lock(private_rwlock_t *this) this->mutex->unlock(this->mutex); } -/** - * Implementation of rwlock_t.try_write_lock - */ -static bool try_write_lock(private_rwlock_t *this) +METHOD(rwlock_t, try_write_lock, bool, + private_rwlock_t *this) { bool res = FALSE; this->mutex->lock(this->mutex); @@ -250,10 +238,8 @@ static bool try_write_lock(private_rwlock_t *this) return res; } -/** - * Implementation of rwlock_t.unlock - */ -static void rw_unlock(private_rwlock_t *this) +METHOD(rwlock_t, unlock, void, + private_rwlock_t *this) { this->mutex->lock(this->mutex); if (this->writer == pthread_self()) @@ -279,10 +265,8 @@ static void rw_unlock(private_rwlock_t *this) this->mutex->unlock(this->mutex); } -/** - * Implementation of rwlock_t.destroy - */ -static void rw_destroy(private_rwlock_t *this) +METHOD(rwlock_t, destroy, void, + private_rwlock_t *this) { this->mutex->destroy(this->mutex); this->writers->destroy(this->writers); @@ -301,20 +285,20 @@ rwlock_t *rwlock_create(rwlock_type_t type) case RWLOCK_TYPE_DEFAULT: default: { - private_rwlock_t *this = malloc_thing(private_rwlock_t); - - this->public.read_lock = (void(*)(rwlock_t*))read_lock; - this->public.write_lock = (void(*)(rwlock_t*))write_lock; - this->public.try_write_lock = (bool(*)(rwlock_t*))try_write_lock; - this->public.unlock = (void(*)(rwlock_t*))rw_unlock; - this->public.destroy = (void(*)(rwlock_t*))rw_destroy; - - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->writers = condvar_create(CONDVAR_TYPE_DEFAULT); - this->readers = condvar_create(CONDVAR_TYPE_DEFAULT); - this->waiting_writers = 0; - this->reader_count = 0; - this->writer = 0; + private_rwlock_t *this; + + INIT(this, + .public = { + .read_lock = _read_lock, + .write_lock = _write_lock, + .try_write_lock = _try_write_lock, + .unlock = _unlock, + .destroy = _destroy, + }, + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .writers = condvar_create(CONDVAR_TYPE_DEFAULT), + .readers = condvar_create(CONDVAR_TYPE_DEFAULT), + ); profiler_init(&this->profile); diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c index fcc0019d8..49a1b8430 100644 --- a/src/libstrongswan/threading/thread.c +++ b/src/libstrongswan/threading/thread.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009 Tobias Brunner + * Copyright (C) 2009-2012 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -18,6 +18,19 @@ #include <signal.h> #include <semaphore.h> +#ifdef HAVE_GETTID +#include <sys/types.h> +#include <unistd.h> +#endif + +#ifdef HAVE_SYS_GETTID +#include <sys/syscall.h> +static inline pid_t gettid() +{ + return syscall(SYS_gettid); +} +#endif + #include <library.h> #include <debug.h> @@ -113,6 +126,7 @@ static mutex_t *id_mutex; */ static thread_value_t *current_thread; + #ifndef HAVE_PTHREAD_CANCEL /* if pthread_cancel is not available, we emulate it using a signal */ #define SIG_CANCEL (SIGRTMIN+7) @@ -146,10 +160,8 @@ static void thread_destroy(private_thread_t *this) free(this); } -/** - * Implementation of thread_t.cancel. - */ -static void cancel(private_thread_t *this) +METHOD(thread_t, cancel, void, + private_thread_t *this) { this->mutex->lock(this->mutex); if (pthread_equal(this->thread_id, pthread_self())) @@ -166,10 +178,8 @@ static void cancel(private_thread_t *this) this->mutex->unlock(this->mutex); } -/** - * Implementation of thread_t.kill. - */ -static void _kill(private_thread_t *this, int sig) +METHOD(thread_t, kill_, void, + private_thread_t *this, int sig) { this->mutex->lock(this->mutex); if (pthread_equal(this->thread_id, pthread_self())) @@ -187,10 +197,8 @@ static void _kill(private_thread_t *this, int sig) this->mutex->unlock(this->mutex); } -/** - * Implementation of thread_t.detach. - */ -static void detach(private_thread_t *this) +METHOD(thread_t, detach, void, + private_thread_t *this) { this->mutex->lock(this->mutex); pthread_detach(this->thread_id); @@ -198,10 +206,8 @@ static void detach(private_thread_t *this) thread_destroy(this); } -/** - * Implementation of thread_t.join. - */ -static void *join(private_thread_t *this) +METHOD(thread_t, join, void*, + private_thread_t *this) { pthread_t thread_id; void *val; @@ -241,22 +247,19 @@ static void *join(private_thread_t *this) */ static private_thread_t *thread_create_internal() { - private_thread_t *this = malloc_thing(private_thread_t); - - this->public.cancel = (void(*)(thread_t*))cancel; - this->public.kill = (void(*)(thread_t*,int))_kill; - this->public.detach = (void(*)(thread_t*))detach; - this->public.join = (void*(*)(thread_t*))join; - - this->id = 0; - this->thread_id = 0; - this->main = NULL; - this->arg = NULL; - this->cleanup_handlers = linked_list_create(); - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); + private_thread_t *this; + + INIT(this, + .public = { + .cancel = _cancel, + .kill = _kill_, + .detach = _detach, + .join = _join, + }, + .cleanup_handlers = linked_list_create(), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + ); sem_init(&this->created, FALSE, 0); - this->detached_or_joined = FALSE; - this->terminated = FALSE; return this; } @@ -288,6 +291,17 @@ static void *thread_main(private_thread_t *this) sem_wait(&this->created); current_thread->set(current_thread, this); pthread_cleanup_push((thread_cleanup_t)thread_cleanup, this); + + /* TODO: this is not 100% portable as pthread_t is an opaque type (i.e. + * could be of any size, or even a struct) */ +#ifdef HAVE_GETTID + DBG2(DBG_LIB, "created thread %.2d [%u]", + this->id, gettid()); +#else + DBG2(DBG_LIB, "created thread %.2d [%lx]", + this->id, (u_long)this->thread_id); +#endif + res = this->main(this->arg); pthread_cleanup_pop(TRUE); @@ -344,10 +358,12 @@ void thread_cleanup_push(thread_cleanup_t cleanup, void *arg) private_thread_t *this = (private_thread_t*)thread_current(); cleanup_handler_t *handler; + INIT(handler, + .cleanup = cleanup, + .arg = arg, + ); + this->mutex->lock(this->mutex); - handler = malloc_thing(cleanup_handler_t); - handler->cleanup = cleanup; - handler->arg = arg; this->cleanup_handlers->insert_last(this->cleanup_handlers, handler); this->mutex->unlock(this->mutex); } @@ -422,12 +438,20 @@ void thread_exit(void *val) } /** + * A dummy thread value that reserved pthread_key_t value "0". A buggy PKCS#11 + * library mangles this key, without owning it, so we allocate it for them. + */ +static thread_value_t *dummy1; + +/** * Described in header. */ void threads_init() { private_thread_t *main_thread = thread_create_internal(); + dummy1 = thread_value_create(NULL); + main_thread->id = 0; main_thread->thread_id = pthread_self(); current_thread = thread_value_create(NULL); @@ -451,6 +475,8 @@ void threads_deinit() { private_thread_t *main_thread = (private_thread_t*)thread_current(); + dummy1->destroy(dummy1); + main_thread->mutex->lock(main_thread->mutex); thread_destroy(main_thread); current_thread->destroy(current_thread); diff --git a/src/libstrongswan/threading/thread_value.c b/src/libstrongswan/threading/thread_value.c index 8f2a8846c..3fa70acb2 100644 --- a/src/libstrongswan/threading/thread_value.c +++ b/src/libstrongswan/threading/thread_value.c @@ -35,27 +35,20 @@ struct private_thread_value_t { }; - -/** - * Implementation of thread_value_t.set. - */ -static void set(private_thread_value_t *this, void *val) +METHOD(thread_value_t, set, void, + private_thread_value_t *this, void *val) { pthread_setspecific(this->key, val); } -/** - * Implementation of thread_value_t.get. - */ -static void *get(private_thread_value_t *this) +METHOD(thread_value_t, get, void*, + private_thread_value_t *this) { return pthread_getspecific(this->key); } -/** - * Implementation of thread_value_t.destroy. - */ -static void destroy(private_thread_value_t *this) +METHOD(thread_value_t, destroy, void, + private_thread_value_t *this) { pthread_key_delete(this->key); free(this); @@ -67,10 +60,15 @@ static void destroy(private_thread_value_t *this) */ thread_value_t *thread_value_create(thread_cleanup_t destructor) { - private_thread_value_t *this = malloc_thing(private_thread_value_t); - this->public.set = (void(*)(thread_value_t*,void*))set; - this->public.get = (void*(*)(thread_value_t*))get; - this->public.destroy = (void(*)(thread_value_t*))destroy; + private_thread_value_t *this; + + INIT(this, + .public = { + .set = _set, + .get = _get, + .destroy = _destroy, + }, + ); pthread_key_create(&this->key, destructor); return &this->public; diff --git a/src/libstrongswan/utils.c b/src/libstrongswan/utils.c index 6ffb62aaf..f76245a19 100644 --- a/src/libstrongswan/utils.c +++ b/src/libstrongswan/utils.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2010 Tobias Brunner + * Copyright (C) 2008-2011 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -20,6 +20,7 @@ #include <string.h> #include <stdio.h> #include <unistd.h> +#include <inttypes.h> #include <stdint.h> #include <limits.h> #include <dirent.h> @@ -27,6 +28,7 @@ #include "enum.h" #include "debug.h" +#include "utils/enumerator.h" ENUM(status_names, SUCCESS, NEED_MORE, "SUCCESS", @@ -192,6 +194,49 @@ bool mkdir_p(const char *path, mode_t mode) return TRUE; } +#ifndef HAVE_CLOSEFROM +/** + * Described in header. + */ +void closefrom(int lowfd) +{ + char fd_dir[PATH_MAX]; + int maxfd, fd, len; + + /* try to close only open file descriptors on Linux... */ + len = snprintf(fd_dir, sizeof(fd_dir), "/proc/%u/fd", getpid()); + if (len > 0 && len < sizeof(fd_dir) && access(fd_dir, F_OK) == 0) + { + enumerator_t *enumerator = enumerator_create_directory(fd_dir); + if (enumerator) + { + char *rel; + while (enumerator->enumerate(enumerator, &rel, NULL, NULL)) + { + fd = atoi(rel); + if (fd >= lowfd) + { + close(fd); + } + } + enumerator->destroy(enumerator); + return; + } + } + + /* ...fall back to closing all fds otherwise */ + maxfd = (int)sysconf(_SC_OPEN_MAX); + if (maxfd < 0) + { + maxfd = 256; + } + for (fd = lowfd; fd < maxfd; fd++) + { + close(fd); + } +} +#endif /* HAVE_CLOSEFROM */ + /** * Return monotonic time */ @@ -299,6 +344,28 @@ bool ref_put(refcount_t *ref) pthread_mutex_unlock(&ref_mutex); return !more_refs; } + +/** + * Single mutex for all compare and swap operations. + */ +static pthread_mutex_t cas_mutex = PTHREAD_MUTEX_INITIALIZER; + +/** + * Compare and swap if equal to old value + */ +#define _cas_impl(name, type) \ +bool cas_##name(type *ptr, type oldval, type newval) \ +{ \ + bool swapped; \ + pthread_mutex_lock(&cas_mutex); \ + if ((swapped = (*ptr == oldval))) { *ptr = newval; } \ + pthread_mutex_unlock(&cas_mutex); \ + return swapped; \ +} + +_cas_impl(bool, bool) +_cas_impl(ptr, void*) + #endif /* HAVE_GCC_ATOMIC_OPERATIONS */ /** @@ -342,7 +409,7 @@ int time_delta_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, char* unit = "second"; time_t *arg1 = *((time_t**)(args[0])); time_t *arg2 = *((time_t**)(args[1])); - time_t delta = abs(*arg1 - *arg2); + u_int64_t delta = llabs(*arg1 - *arg2); if (delta > 2 * 60 * 60 * 24) { @@ -359,7 +426,8 @@ int time_delta_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, delta /= 60; unit = "minute"; } - return print_in_hook(dst, len, "%d %s%s", delta, unit, (delta == 1)? "":"s"); + return print_in_hook(dst, len, "%" PRIu64 " %s%s", delta, unit, + (delta == 1) ? "" : "s"); } /** @@ -376,7 +444,7 @@ int mem_printf_hook(char *dst, size_t dstlen, printf_hook_spec_t *spec, const void *const *args) { char *bytes = *((void**)(args[0])); - int len = *((size_t*)(args[1])); + u_int len = *((int*)(args[1])); char buffer[BYTES_PER_LINE * 3]; char ascii_buffer[BYTES_PER_LINE + 1]; @@ -387,7 +455,7 @@ int mem_printf_hook(char *dst, size_t dstlen, int i = 0; int written = 0; - written += print_in_hook(dst, dstlen, "=> %d bytes @ %p", len, bytes); + written += print_in_hook(dst, dstlen, "=> %u bytes @ %p", len, bytes); while (bytes_pos < bytes_roof) { diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h index a334954ae..cedfe8fd1 100644 --- a/src/libstrongswan/utils.h +++ b/src/libstrongswan/utils.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2010 Tobias Brunner + * Copyright (C) 2008-2011 Tobias Brunner * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -121,8 +121,9 @@ /** * Object allocation/initialization macro, using designated initializer. */ -#define INIT(this, ...) { (this) = malloc(sizeof(*this)); \ - *(this) = (typeof(*this)){ __VA_ARGS__ }; } +#define INIT(this, ...) ({ (this) = malloc(sizeof(*(this))); \ + *(this) = (typeof(*(this))){ __VA_ARGS__ }; \ + (this); }) /** * Method declaration/definition macro, providing private and public interface. @@ -347,17 +348,20 @@ void memwipe_noinline(void *ptr, size_t n); static inline void memwipe_inline(void *ptr, size_t n) { volatile char *c = (volatile char*)ptr; - int m, i; + size_t m, i; /* byte wise until long aligned */ - for (i = 0; (uintptr_t)&c % sizeof(long) && i < n; i++) + for (i = 0; (uintptr_t)&c[i] % sizeof(long) && i < n; i++) { c[i] = 0; } - /* word wize */ - for (m = n - sizeof(long); i <= m; i += sizeof(long)) + /* word wise */ + if (n >= sizeof(long)) { - *(volatile long*)&c[i] = 0; + for (m = n - sizeof(long); i <= m; i += sizeof(long)) + { + *(volatile long*)&c[i] = 0; + } } /* byte wise of the rest */ for (; i < n; i++) @@ -404,6 +408,15 @@ char *translate(char *str, const char *from, const char *to); */ bool mkdir_p(const char *path, mode_t mode); +#ifndef HAVE_CLOSEFROM +/** + * Close open file descriptors greater than or equal to lowfd. + * + * @param lowfd start closing file descriptoros from here + */ +void closefrom(int lowfd); +#endif + /** * Get a timestamp from a monotonic time source. * @@ -470,6 +483,27 @@ static inline void htoun32(void *network, u_int32_t host) } /** + * Write a 64-bit host order value in network order to an unaligned address. + * + * @param host host order 64-bit value + * @param network unaligned address to write network order value to + */ +static inline void htoun64(void *network, u_int64_t host) +{ + char *unaligned = (char*)network; + u_int32_t high_part, low_part; + + high_part = host >> 32; + high_part = htonl(high_part); + low_part = host & 0xFFFFFFFFLL; + low_part = htonl(low_part); + + memcpy(unaligned, &high_part, sizeof(high_part)); + unaligned += sizeof(high_part); + memcpy(unaligned, &low_part, sizeof(low_part)); +} + +/** * Read a 16-bit value in network order from an unaligned address to host order. * * @param network unaligned address to read network order value from @@ -500,6 +534,27 @@ static inline u_int32_t untoh32(void *network) } /** + * Read a 64-bit value in network order from an unaligned address to host order. + * + * @param network unaligned address to read network order value from + * @return host order value + */ +static inline u_int64_t untoh64(void *network) +{ + char *unaligned = (char*)network; + u_int32_t high_part, low_part; + + memcpy(&high_part, unaligned, sizeof(high_part)); + unaligned += sizeof(high_part); + memcpy(&low_part, unaligned, sizeof(low_part)); + + high_part = ntohl(high_part); + low_part = ntohl(low_part); + + return (((u_int64_t)high_part) << 32) + low_part; +} + +/** * Special type to count references */ typedef volatile u_int refcount_t; @@ -510,6 +565,11 @@ typedef volatile u_int refcount_t; #define ref_get(ref) {__sync_fetch_and_add(ref, 1); } #define ref_put(ref) (!__sync_sub_and_fetch(ref, 1)) +#define cas_bool(ptr, oldval, newval) \ + (__sync_bool_compare_and_swap(ptr, oldval, newval)) +#define cas_ptr(ptr, oldval, newval) \ + (__sync_bool_compare_and_swap(ptr, oldval, newval)) + #else /* !HAVE_GCC_ATOMIC_OPERATIONS */ /** @@ -532,6 +592,27 @@ void ref_get(refcount_t *ref); */ bool ref_put(refcount_t *ref); +/** + * Atomically replace value of ptr with newval if it currently equals oldval. + * + * @param ptr pointer to variable + * @param oldval old value of the variable + * @param newval new value set if possible + * @return TRUE if value equaled oldval and newval was written + */ +bool cas_bool(bool *ptr, bool oldval, bool newval); + +/** + * Atomically replace value of ptr with newval if it currently equals oldval. + * + * @param ptr pointer to variable + * @param oldval old value of the variable + * @param newval new value set if possible + * @return TRUE if value equaled oldval and newval was written + */ +bool cas_ptr(void **ptr, void *oldval, void *newval); + + #endif /* HAVE_GCC_ATOMIC_OPERATIONS */ /** @@ -556,7 +637,7 @@ int time_delta_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, * printf hook for memory areas. * * Arguments are: - * u_char *ptr, int len + * u_char *ptr, u_int len */ int mem_printf_hook(char *dst, size_t len, printf_hook_spec_t *spec, const void *const *args); diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index 5744439f8..cb83d9830 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -50,10 +50,8 @@ struct private_backtrace_t { void *frames[]; }; -/** - * Implementation of backtrace_t.log - */ -static void log_(private_backtrace_t *this, FILE *file, bool detailed) +METHOD(backtrace_t, log_, void, + private_backtrace_t *this, FILE *file, bool detailed) { #ifdef HAVE_BACKTRACE size_t i; @@ -129,11 +127,8 @@ static void log_(private_backtrace_t *this, FILE *file, bool detailed) #endif /* HAVE_BACKTRACE */ } -/** - * Implementation of backtrace_t.contains_function - */ -static bool contains_function(private_backtrace_t *this, - char *function[], int count) +METHOD(backtrace_t, contains_function, bool, + private_backtrace_t *this, char *function[], int count) { #ifdef HAVE_DLADDR int i, j; @@ -157,10 +152,70 @@ static bool contains_function(private_backtrace_t *this, return FALSE; } +METHOD(backtrace_t, equals, bool, + private_backtrace_t *this, backtrace_t *other_public) +{ + private_backtrace_t *other = (private_backtrace_t*)other_public; + int i; + + if (this == other) + { + return TRUE; + } + if (this->frame_count != other->frame_count) + { + return FALSE; + } + for (i = 0; i < this->frame_count; i++) + { + if (this->frames[i] != other->frames[i]) + { + return FALSE; + } + } + return TRUE; +} + /** - * Implementation of backtrace_t.destroy. + * Frame enumerator */ -static void destroy(private_backtrace_t *this) +typedef struct { + /** implements enumerator_t */ + enumerator_t public; + /** reference to backtrace */ + private_backtrace_t *bt; + /** current position */ + int i; +} frame_enumerator_t; + +METHOD(enumerator_t, frame_enumerate, bool, + frame_enumerator_t *this, void **addr) +{ + if (this->i < this->bt->frame_count) + { + *addr = this->bt->frames[this->i++]; + return TRUE; + } + return FALSE; +} + +METHOD(backtrace_t, create_frame_enumerator, enumerator_t*, + private_backtrace_t *this) +{ + frame_enumerator_t *enumerator; + + INIT(enumerator, + .public = { + .enumerate = (void*)_frame_enumerate, + .destroy = (void*)free, + }, + .bt = this, + ); + return &enumerator->public; +} + +METHOD(backtrace_t, destroy, void, + private_backtrace_t *this) { free(this); } @@ -182,9 +237,13 @@ backtrace_t *backtrace_create(int skip) memcpy(this->frames, frames + skip, frame_count * sizeof(void*)); this->frame_count = frame_count; - this->public.log = (void(*)(backtrace_t*,FILE*,bool))log_; - this->public.contains_function = (bool(*)(backtrace_t*, char *function[], int count))contains_function; - this->public.destroy = (void(*)(backtrace_t*))destroy; + this->public = (backtrace_t) { + .log = _log_, + .contains_function = _contains_function, + .equals = _equals, + .create_frame_enumerator = _create_frame_enumerator, + .destroy = _destroy, + }; return &this->public; } diff --git a/src/libstrongswan/utils/backtrace.h b/src/libstrongswan/utils/backtrace.h index e8ccfc1bd..9d59d2503 100644 --- a/src/libstrongswan/utils/backtrace.h +++ b/src/libstrongswan/utils/backtrace.h @@ -50,6 +50,20 @@ struct backtrace_t { bool (*contains_function)(backtrace_t *this, char *function[], int count); /** + * Check two backtraces for equality. + * + * @param other backtrace to compare to this + * @return TRUE if backtraces are equal + */ + bool (*equals)(backtrace_t *this, backtrace_t *other); + /** + * Create an enumerator over the stack frame addresses. + * + * @return enumerator_t over void* + */ + enumerator_t* (*create_frame_enumerator)(backtrace_t *this); + + /** * Destroy a backtrace instance. */ void (*destroy)(backtrace_t *this); diff --git a/src/libstrongswan/utils/enumerator.h b/src/libstrongswan/utils/enumerator.h index 537bf69e1..12b5712ae 100644 --- a/src/libstrongswan/utils/enumerator.h +++ b/src/libstrongswan/utils/enumerator.h @@ -26,7 +26,7 @@ typedef struct enumerator_t enumerator_t; #include "../utils.h" /** - * Enumerate is simpler, but more flexible than iterator. + * Enumerator interface, allows enumeration over collections. */ struct enumerator_t { @@ -36,7 +36,7 @@ struct enumerator_t { * The enumerate function takes a variable argument list containing * pointers where the enumerated values get written. * - * @param ... variable list of enumerated items, implementation dependant + * @param ... variable list of enumerated items, implementation dependent * @return TRUE if pointers returned */ bool (*enumerate)(enumerator_t *this, ...); diff --git a/src/libstrongswan/utils/hashtable.c b/src/libstrongswan/utils/hashtable.c index 49b0bb68c..33f645170 100644 --- a/src/libstrongswan/utils/hashtable.c +++ b/src/libstrongswan/utils/hashtable.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2010 Tobias Brunner + * Copyright (C) 2008-2011 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -13,7 +13,6 @@ * for more details. */ -#include <utils/linked_list.h> #include "hashtable.h" @@ -40,12 +39,17 @@ struct pair_t { * Cached hash (used in case of a resize). */ u_int hash; + + /** + * Next pair in an overflow list. + */ + pair_t *next; }; /** * Creates an empty pair object. */ -pair_t *pair_create(void *key, void *value, u_int hash) +static inline pair_t *pair_create(void *key, void *value, u_int hash) { pair_t *this; @@ -93,7 +97,7 @@ struct private_hashtable_t { /** * The actual table. */ - linked_list_t **table; + pair_t **table; /** * The hashing function. @@ -129,23 +133,21 @@ struct private_enumerator_t { u_int row; /** + * number of remaining items in hashtable + */ + u_int count; + + /** * current pair */ - pair_t *pair; + pair_t *current; /** - * enumerator for the current row + * previous pair (used by remove_at) */ - enumerator_t *current; -}; + pair_t *prev; -/** - * Compare a pair in a list with the given key. - */ -static inline bool pair_equals(pair_t *pair, private_hashtable_t *this, void *key) -{ - return this->equals(key, pair->key); -} +}; /** * This function returns the next-highest power of two for the given number. @@ -175,7 +177,7 @@ static void init_hashtable(private_hashtable_t *this, u_int capacity) this->mask = this->capacity - 1; this->load_factor = 0.75; - this->table = calloc(this->capacity, sizeof(linked_list_t*)); + this->table = calloc(this->capacity, sizeof(pair_t*)); } /** @@ -183,7 +185,7 @@ static void init_hashtable(private_hashtable_t *this, u_int capacity) */ static void rehash(private_hashtable_t *this) { - linked_list_t **old_table; + pair_t **old_table; u_int row, old_capacity; if (this->capacity >= MAX_CAPACITY) @@ -198,29 +200,17 @@ static void rehash(private_hashtable_t *this) for (row = 0; row < old_capacity; row++) { - enumerator_t *enumerator; - linked_list_t *list, *new_list; - pair_t *pair; + pair_t *pair, *next; u_int new_row; - list = old_table[row]; - if (list) - { - enumerator = list->create_enumerator(list); - while (enumerator->enumerate(enumerator, &pair)) - { - new_row = pair->hash & this->mask; - - list->remove_at(list, enumerator); - new_list = this->table[new_row]; - if (!new_list) - { - new_list = this->table[new_row] = linked_list_create(); - } - new_list->insert_last(new_list, pair); - } - enumerator->destroy(enumerator); - list->destroy(list); + pair = old_table[row]; + while (pair) + { /* insert pair at the front of new bucket*/ + next = pair->next; + new_row = pair->hash & this->mask; + pair->next = this->table[new_row]; + this->table[new_row] = pair; + pair = next; } } free(old_table); @@ -230,38 +220,28 @@ METHOD(hashtable_t, put, void*, private_hashtable_t *this, void *key, void *value) { void *old_value = NULL; - linked_list_t *list; - u_int hash; - u_int row; + pair_t *pair; + u_int hash, row; hash = this->hash(key); row = hash & this->mask; - list = this->table[row]; - if (list) - { - enumerator_t *enumerator; - pair_t *pair; - - enumerator = list->create_enumerator(list); - while (enumerator->enumerate(enumerator, &pair)) + pair = this->table[row]; + while (pair) + { /* search existing bucket for key */ + if (this->equals(key, pair->key)) { - if (pair_equals(pair, this, key)) - { - old_value = pair->value; - pair->value = value; - pair->key = key; - break; - } + old_value = pair->value; + pair->value = value; + pair->key = key; + break; } - enumerator->destroy(enumerator); - } - else - { - list = this->table[row] = linked_list_create(); + pair = pair->next; } - if (!old_value) - { - list->insert_last(list, pair_create(key, value, hash)); + if (!pair) + { /* insert at the front of bucket */ + pair = pair_create(key, value, hash); + pair->next = this->table[row]; + this->table[row] = pair; this->count++; } if (this->count >= this->capacity * this->load_factor) @@ -275,17 +255,17 @@ METHOD(hashtable_t, get, void*, private_hashtable_t *this, void *key) { void *value = NULL; - linked_list_t *list; pair_t *pair; - list = this->table[this->hash(key) & this->mask]; - if (list) + pair = this->table[this->hash(key) & this->mask]; + while (pair) { - if (list->find_first(list, (linked_list_match_t)pair_equals, - (void**)&pair, this, key) == SUCCESS) + if (this->equals(key, pair->key)) { value = pair->value; + break; } + pair = pair->next; } return value; } @@ -294,27 +274,30 @@ METHOD(hashtable_t, remove_, void*, private_hashtable_t *this, void *key) { void *value = NULL; - linked_list_t *list; + pair_t *pair, *prev = NULL; + u_int row; - list = this->table[this->hash(key) & this->mask]; - if (list) + row = this->hash(key) & this->mask; + pair = this->table[row]; + while (pair) { - enumerator_t *enumerator; - pair_t *pair; - - enumerator = list->create_enumerator(list); - while (enumerator->enumerate(enumerator, &pair)) + if (this->equals(key, pair->key)) { - if (pair_equals(pair, this, key)) + if (prev) { - list->remove_at(list, enumerator); - value = pair->value; - this->count--; - free(pair); - break; + prev->next = pair->next; } + else + { + this->table[row] = pair->next; + } + value = pair->value; + this->count--; + free(pair); + break; } - enumerator->destroy(enumerator); + prev = pair; + pair = pair->next; } return value; } @@ -324,14 +307,18 @@ METHOD(hashtable_t, remove_at, void, { if (enumerator->table == this && enumerator->current) { - linked_list_t *list; - list = this->table[enumerator->row]; - if (list) + pair_t *current = enumerator->current; + if (enumerator->prev) { - list->remove_at(list, enumerator->current); - free(enumerator->pair); - this->count--; + enumerator->prev->next = current->next; + } + else + { + this->table[enumerator->row] = current->next; } + enumerator->current = enumerator->prev; + free(current); + this->count--; } } @@ -344,50 +331,35 @@ METHOD(hashtable_t, get_count, u_int, METHOD(enumerator_t, enumerate, bool, private_enumerator_t *this, void **key, void **value) { - while (this->row < this->table->capacity) + while (this->count && this->row < this->table->capacity) { + this->prev = this->current; if (this->current) { - if (this->current->enumerate(this->current, &this->pair)) - { - if (key) - { - *key = this->pair->key; - } - if (value) - { - *value = this->pair->value; - } - return TRUE; - } - this->current->destroy(this->current); - this->current = NULL; + this->current = this->current->next; } else { - linked_list_t *list; - list = this->table->table[this->row]; - if (list) + this->current = this->table->table[this->row]; + } + if (this->current) + { + if (key) { - this->current = list->create_enumerator(list); - continue; + *key = this->current->key; } + if (value) + { + *value = this->current->value; + } + this->count--; + return TRUE; } this->row++; } return FALSE; } -METHOD(enumerator_t, enumerator_destroy, void, - private_enumerator_t *this) -{ - if (this->current) - { - this->current->destroy(this->current); - } - free(this); -} - METHOD(hashtable_t, create_enumerator, enumerator_t*, private_hashtable_t *this) { @@ -396,9 +368,10 @@ METHOD(hashtable_t, create_enumerator, enumerator_t*, INIT(enumerator, .enumerator = { .enumerate = (void*)_enumerate, - .destroy = (void*)_enumerator_destroy, + .destroy = (void*)free, }, .table = this, + .count = this->count, ); return &enumerator->enumerator; @@ -407,15 +380,17 @@ METHOD(hashtable_t, create_enumerator, enumerator_t*, METHOD(hashtable_t, destroy, void, private_hashtable_t *this) { - linked_list_t *list; + pair_t *pair, *next; u_int row; for (row = 0; row < this->capacity; row++) { - list = this->table[row]; - if (list) + pair = this->table[row]; + while (pair) { - list->destroy_function(list, free); + next = pair->next; + free(pair); + pair = next; } } free(this->table); diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c index 615d85c95..d3020a5d0 100644 --- a/src/libstrongswan/utils/host.c +++ b/src/libstrongswan/utils/host.c @@ -40,7 +40,7 @@ struct private_host_t { host_t public; /** - * low-lewel structure, wich stores the address + * low-lewel structure, which stores the address */ union { /** generic type */ @@ -59,26 +59,20 @@ struct private_host_t { }; -/** - * implements host_t.get_sockaddr - */ -static sockaddr_t *get_sockaddr(private_host_t *this) +METHOD(host_t, get_sockaddr, sockaddr_t*, + private_host_t *this) { return &(this->address); } -/** - * implements host_t.get_sockaddr_len - */ -static socklen_t *get_sockaddr_len(private_host_t *this) +METHOD(host_t, get_sockaddr_len, socklen_t*, + private_host_t *this) { return &(this->socklen); } -/** - * Implementation of host_t.is_anyaddr. - */ -static bool is_anyaddr(private_host_t *this) +METHOD(host_t, is_anyaddr, bool, + private_host_t *this) { switch (this->address.sa_family) { @@ -163,10 +157,8 @@ int host_printf_hook(char *dst, size_t dstlen, printf_hook_spec_t *spec, return print_in_hook(dst, dstlen, "%*s", spec->width, buffer); } -/** - * Implementation of host_t.get_address. - */ -static chunk_t get_address(private_host_t *this) +METHOD(host_t, get_address, chunk_t, + private_host_t *this) { chunk_t address = chunk_empty; @@ -192,18 +184,14 @@ static chunk_t get_address(private_host_t *this) } } -/** - * implements host_t.get_family - */ -static int get_family(private_host_t *this) +METHOD(host_t, get_family, int, + private_host_t *this) { return this->address.sa_family; } -/** - * implements host_t.get_port - */ -static u_int16_t get_port(private_host_t *this) +METHOD(host_t, get_port, u_int16_t, + private_host_t *this) { switch (this->address.sa_family) { @@ -222,10 +210,8 @@ static u_int16_t get_port(private_host_t *this) } } -/** - * implements host_t.set_port - */ -static void set_port(private_host_t *this, u_int16_t port) +METHOD(host_t, set_port, void, + private_host_t *this, u_int16_t port) { switch (this->address.sa_family) { @@ -246,19 +232,19 @@ static void set_port(private_host_t *this, u_int16_t port) } } -/** - * Implements host_t.clone. - */ -static private_host_t *clone_(private_host_t *this) +METHOD(host_t, clone_, host_t*, + private_host_t *this) { - private_host_t *new = malloc_thing(private_host_t); + private_host_t *new; + new = malloc_thing(private_host_t); memcpy(new, this, sizeof(private_host_t)); - return new; + + return &new->public; } /** - * Impelements host_t.ip_equals + * Implements host_t.ip_equals */ static bool ip_equals(private_host_t *this, private_host_t *other) { @@ -332,10 +318,8 @@ static bool equals(private_host_t *this, private_host_t *other) return FALSE; } -/** - * Implements host_t.destroy - */ -static void destroy(private_host_t *this) +METHOD(host_t, destroy, void, + private_host_t *this) { free(this); } @@ -345,20 +329,24 @@ static void destroy(private_host_t *this) */ static private_host_t *host_create_empty(void) { - private_host_t *this = malloc_thing(private_host_t); - - this->public.get_sockaddr = (sockaddr_t* (*) (host_t*))get_sockaddr; - this->public.get_sockaddr_len = (socklen_t*(*) (host_t*))get_sockaddr_len; - this->public.clone = (host_t* (*) (host_t*))clone_; - this->public.get_family = (int (*) (host_t*))get_family; - this->public.get_address = (chunk_t (*) (host_t *)) get_address; - this->public.get_port = (u_int16_t (*) (host_t *))get_port; - this->public.set_port = (void (*) (host_t *,u_int16_t))set_port; - this->public.get_differences = get_differences; - this->public.ip_equals = (bool (*) (host_t *,host_t *)) ip_equals; - this->public.equals = (bool (*) (host_t *,host_t *)) equals; - this->public.is_anyaddr = (bool (*) (host_t *)) is_anyaddr; - this->public.destroy = (void (*) (host_t*))destroy; + private_host_t *this; + + INIT(this, + .public = { + .get_sockaddr = _get_sockaddr, + .get_sockaddr_len = _get_sockaddr_len, + .clone = _clone_, + .get_family = _get_family, + .get_address = _get_address, + .get_port = _get_port, + .set_port = _set_port, + .get_differences = get_differences, + .ip_equals = (bool (*)(host_t *,host_t *))ip_equals, + .equals = (bool (*)(host_t *,host_t *)) equals, + .is_anyaddr = _is_anyaddr, + .destroy = _destroy, + }, + ); return this; } @@ -585,7 +573,7 @@ host_t *host_create_from_subnet(char *string, int *bits) *bits = atoi(pos + 1); return host_create_from_string(buf, 0); } - net = host_create_from_string(buf, 0); + net = host_create_from_string(string, 0); if (net) { if (net->get_family(net) == AF_INET) diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index 252cfa28e..9f0007f78 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -81,6 +81,7 @@ static const x501rdn_t x501rdns[] = { {"N", OID_NAME, ASN1_PRINTABLESTRING}, {"G", OID_GIVEN_NAME, ASN1_PRINTABLESTRING}, {"I", OID_INITIALS, ASN1_PRINTABLESTRING}, + {"dnQualifier", OID_DN_QUALIFIER, ASN1_PRINTABLESTRING}, {"ID", OID_UNIQUE_IDENTIFIER, ASN1_PRINTABLESTRING}, {"EN", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING}, {"employeeNumber", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING}, @@ -219,6 +220,7 @@ METHOD(enumerator_t, rdn_part_enumerate, bool, {OID_NAME, ID_PART_RDN_N}, {OID_GIVEN_NAME, ID_PART_RDN_G}, {OID_INITIALS, ID_PART_RDN_I}, + {OID_DN_QUALIFIER, ID_PART_RDN_DNQ}, {OID_UNIQUE_IDENTIFIER, ID_PART_RDN_ID}, {OID_EMAIL_ADDRESS, ID_PART_RDN_E}, {OID_EMPLOYEE_NUMBER, ID_PART_RDN_EN}, diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h index c463b0274..3978b23f3 100644 --- a/src/libstrongswan/utils/identification.h +++ b/src/libstrongswan/utils/identification.h @@ -171,6 +171,8 @@ enum id_part_t { ID_PART_RDN_G, /** Initials RDN of a DN */ ID_PART_RDN_I, + /** DN Qualifier RDN of a DN */ + ID_PART_RDN_DNQ, /** UniqueIdentifier RDN of a DN */ ID_PART_RDN_ID, /** Locality RDN of a DN */ @@ -293,12 +295,12 @@ struct identification_t { * * In favour of pluto, domainnames are prepended with an @, since * pluto resolves domainnames without an @ to IPv4 addresses. Since - * we use a seperate host_t class for addresses, this doesn't + * we use a separate host_t class for addresses, this doesn't * make sense for us. * * A distinguished name may contain one or more of the following RDNs: * ND, UID, DC, CN, S, SN, serialNumber, C, L, ST, O, OU, T, D, - * N, G, I, ID, EN, EmployeeNumber, E, Email, emailAddress, UN, + * N, G, I, dnQualifier, ID, EN, EmployeeNumber, E, Email, emailAddress, UN, * unstructuredName, TCGID. * * This constructor never returns NULL. If it does not find a suitable diff --git a/src/libstrongswan/utils/iterator.h b/src/libstrongswan/utils/iterator.h deleted file mode 100644 index 9be65b229..000000000 --- a/src/libstrongswan/utils/iterator.h +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright (C) 2005-2006 Martin Willi - * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup iterator iterator - * @{ @ingroup utils - */ - -#ifndef ITERATOR_H_ -#define ITERATOR_H_ - -#include <library.h> - - -typedef struct iterator_t iterator_t; - -/** - * Iterator interface, allows iteration over collections. - * - * iterator_t defines an interface for iterating over collections. - * It allows searching, deleting, updating and inserting. - * - * @deprecated Use enumerator instead. - */ -struct iterator_t { - - /** - * Return number of list items. - * - * @return number of list items - */ - int (*get_count) (iterator_t *this); - - /** - * Iterate over all items. - * - * The easy way to iterate over items. - * - * @param value item - * @return TRUE, if there was an element available, FALSE otherwise - */ - bool (*iterate) (iterator_t *this, void** value); - - /** - * Inserts a new item before the given iterator position. - * - * The iterator position is not changed after inserting - * - * @param item value to insert in list - */ - void (*insert_before) (iterator_t *this, void *item); - - /** - * Inserts a new item after the given iterator position. - * - * The iterator position is not changed after inserting. - * - * @param this calling iterator - * @param item value to insert in list - */ - void (*insert_after) (iterator_t *this, void *item); - - /** - * Replace the current item at current iterator position. - * - * The iterator position is not changed after replacing. - * - * @param this calling iterator - * @param old old value will be written here(can be NULL) - * @param new new value - * @return SUCCESS, FAILED if iterator is on an invalid position - */ - status_t (*replace) (iterator_t *this, void **old, void *new); - - /** - * Removes an element from list at the given iterator position. - * - * The iterator is set the the following position: - * - to the item before, if available - * - it gets reseted, otherwise - * - * @return SUCCESS, FAILED if iterator is on an invalid position - */ - status_t (*remove) (iterator_t *this); - - /** - * Resets the iterator position. - * - * After reset, the iterator_t objects doesn't point to an element. - * A call to iterator_t.has_next is necessary to do any other operations - * with the resetted iterator. - */ - void (*reset) (iterator_t *this); - - /** - * Destroys an iterator. - */ - void (*destroy) (iterator_t *this); -}; - -#endif /** ITERATOR_H_ @}*/ diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index 39505d3f3..0a8789335 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -34,6 +34,7 @@ #include <library.h> #include <debug.h> #include <utils/backtrace.h> +#include <utils/hashtable.h> typedef struct private_leak_detective_t private_leak_detective_t; @@ -92,11 +93,6 @@ typedef struct memory_tail_t memory_tail_t; struct memory_header_t { /** - * Number of bytes following after the header - */ - u_int bytes; - - /** * Pointer to previous entry in linked list */ memory_header_t *previous; @@ -112,6 +108,11 @@ struct memory_header_t { backtrace_t *backtrace; /** + * Number of bytes following after the header + */ + u_int32_t bytes; + + /** * magic bytes to detect bad free or heap underflow, MEMORY_HEADER_MAGIC */ u_int32_t magic; @@ -148,6 +149,37 @@ static memory_header_t first_header = { static bool installed = FALSE; /** + * Installs the malloc hooks, enables leak detection + */ +static void install_hooks() +{ + if (!installed) + { + old_malloc_hook = __malloc_hook; + old_realloc_hook = __realloc_hook; + old_free_hook = __free_hook; + __malloc_hook = malloc_hook; + __realloc_hook = realloc_hook; + __free_hook = free_hook; + installed = TRUE; + } +} + +/** + * Uninstalls the malloc hooks, disables leak detection + */ +static void uninstall_hooks() +{ + if (installed) + { + __malloc_hook = old_malloc_hook; + __free_hook = old_free_hook; + __realloc_hook = old_realloc_hook; + installed = FALSE; + } +} + +/** * Leak report white list * * List of functions using static allocation buffers or should be suppressed @@ -162,6 +194,7 @@ char *whitelist[] = { "__pthread_setspecific", /* glibc functions */ "mktime", + "ctime", "__gmtime_r", "localtime_r", "tzset", @@ -172,6 +205,7 @@ char *whitelist[] = { "getprotobynumber", "getservbyport", "getservbyname", + "gethostbyname", "gethostbyname2", "gethostbyname_r", "gethostbyname2_r", @@ -187,6 +221,9 @@ char *whitelist[] = { "getaddrinfo", "setlocale", "getpass", + "getpwent_r", + "setpwent", + "endpwent", /* ignore dlopen, as we do not dlclose to get proper leak reports */ "dlopen", "dlerror", @@ -236,31 +273,109 @@ char *whitelist[] = { "gnutls_global_init", }; + /** - * Report leaks at library destruction + * Hashtable hash function */ -static void report(private_leak_detective_t *this, bool detailed) +static u_int hash(backtrace_t *key) { - if (lib->leak_detective) + enumerator_t *enumerator; + void *addr; + u_int hash = 0; + + enumerator = key->create_frame_enumerator(key); + while (enumerator->enumerate(enumerator, &addr)) { - memory_header_t *hdr; - int leaks = 0, whitelisted = 0; + hash = chunk_hash_inc(chunk_from_thing(addr), hash); + } + enumerator->destroy(enumerator); + + return hash; +} + +/** + * Hashtable equals function + */ +static bool equals(backtrace_t *a, backtrace_t *b) +{ + return a->equals(a, b); +} - for (hdr = first_header.next; hdr != NULL; hdr = hdr->next) +/** + * Summarize and print backtraces + */ +static int print_traces(private_leak_detective_t *this, + FILE *out, int thresh, bool detailed, int *whitelisted) +{ + int leaks = 0; + memory_header_t *hdr; + enumerator_t *enumerator; + hashtable_t *entries; + struct { + /** associated backtrace */ + backtrace_t *backtrace; + /** total size of all allocations */ + size_t bytes; + /** number of allocations */ + u_int count; + } *entry; + + uninstall_hooks(); + + entries = hashtable_create((hashtable_hash_t)hash, + (hashtable_equals_t)equals, 1024); + for (hdr = first_header.next; hdr != NULL; hdr = hdr->next) + { + if (whitelisted && + hdr->backtrace->contains_function(hdr->backtrace, + whitelist, countof(whitelist))) { - if (hdr->backtrace->contains_function(hdr->backtrace, - whitelist, countof(whitelist))) - { - whitelisted++; - } - else - { - fprintf(stderr, "Leak (%d bytes at %p):\n", hdr->bytes, hdr + 1); - /* skip the first frame, contains leak detective logic */ - hdr->backtrace->log(hdr->backtrace, stderr, detailed); - leaks++; - } + (*whitelisted)++; + continue; + } + entry = entries->get(entries, hdr->backtrace); + if (entry) + { + entry->bytes += hdr->bytes; + entry->count++; + } + else + { + INIT(entry, + .backtrace = hdr->backtrace, + .bytes = hdr->bytes, + .count = 1, + ); + entries->put(entries, hdr->backtrace, entry); } + leaks++; + } + enumerator = entries->create_enumerator(entries); + while (enumerator->enumerate(enumerator, NULL, &entry)) + { + if (!thresh || entry->bytes >= thresh) + { + fprintf(out, "%d bytes total, %d allocations, %d bytes average:\n", + entry->bytes, entry->count, entry->bytes / entry->count); + entry->backtrace->log(entry->backtrace, out, detailed); + } + free(entry); + } + enumerator->destroy(enumerator); + entries->destroy(entries); + + install_hooks(); + return leaks; +} + +METHOD(leak_detective_t, report, void, + private_leak_detective_t *this, bool detailed) +{ + if (lib->leak_detective) + { + int leaks = 0, whitelisted = 0; + + leaks = print_traces(this, stderr, 0, detailed, &whitelisted); switch (leaks) { case 0: @@ -281,35 +396,26 @@ static void report(private_leak_detective_t *this, bool detailed) } } -/** - * Installs the malloc hooks, enables leak detection - */ -static void install_hooks() +METHOD(leak_detective_t, usage, void, + private_leak_detective_t *this, FILE *out) { - if (!installed) - { - old_malloc_hook = __malloc_hook; - old_realloc_hook = __realloc_hook; - old_free_hook = __free_hook; - __malloc_hook = malloc_hook; - __realloc_hook = realloc_hook; - __free_hook = free_hook; - installed = TRUE; - } -} + int oldpolicy, thresh; + bool detailed; + pthread_t thread_id = pthread_self(); + struct sched_param oldparams, params; -/** - * Uninstalls the malloc hooks, disables leak detection - */ -static void uninstall_hooks() -{ - if (installed) - { - __malloc_hook = old_malloc_hook; - __free_hook = old_free_hook; - __realloc_hook = old_realloc_hook; - installed = FALSE; - } + thresh = lib->settings->get_int(lib->settings, + "libstrongswan.leak_detective.usage_threshold", 10240); + detailed = lib->settings->get_bool(lib->settings, + "libstrongswan.leak_detective.detailed", TRUE); + + pthread_getschedparam(thread_id, &oldpolicy, &oldparams); + params.__sched_priority = sched_get_priority_max(SCHED_FIFO); + pthread_setschedparam(thread_id, SCHED_FIFO, ¶ms); + + print_traces(this, out, thresh, detailed, NULL); + + pthread_setschedparam(thread_id, oldpolicy, &oldparams); } /** @@ -492,10 +598,8 @@ void *realloc_hook(void *old, size_t bytes, const void *caller) return hdr + 1; } -/** - * Implementation of leak_detective_t.destroy - */ -static void destroy(private_leak_detective_t *this) +METHOD(leak_detective_t, destroy, void, + private_leak_detective_t *this) { if (installed) { @@ -509,10 +613,15 @@ static void destroy(private_leak_detective_t *this) */ leak_detective_t *leak_detective_create() { - private_leak_detective_t *this = malloc_thing(private_leak_detective_t); + private_leak_detective_t *this; - this->public.report = (void(*)(leak_detective_t*,bool))report; - this->public.destroy = (void(*)(leak_detective_t*))destroy; + INIT(this, + .public = { + .report = _report, + .usage = _usage, + .destroy = _destroy, + }, + ); if (getenv("LEAK_DETECTIVE_DISABLE") == NULL) { @@ -526,7 +635,6 @@ leak_detective_t *leak_detective_create() fprintf(stderr, "setting CPU affinity failed: %m"); } - lib->leak_detective = TRUE; install_hooks(); } return &this->public; diff --git a/src/libstrongswan/utils/leak_detective.h b/src/libstrongswan/utils/leak_detective.h index fa45a6076..8c80d2532 100644 --- a/src/libstrongswan/utils/leak_detective.h +++ b/src/libstrongswan/utils/leak_detective.h @@ -43,6 +43,13 @@ struct leak_detective_t { void (*report)(leak_detective_t *this, bool detailed); /** + * Report current memory usage to out. + * + * @param out target to write usage report to + */ + void (*usage)(leak_detective_t *this, FILE *out); + + /** * Destroy a leak_detective instance. */ void (*destroy)(leak_detective_t *this); diff --git a/src/libstrongswan/utils/linked_list.c b/src/libstrongswan/utils/linked_list.c index 9b37359dc..59d416f2f 100644 --- a/src/libstrongswan/utils/linked_list.c +++ b/src/libstrongswan/utils/linked_list.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2008 Tobias Brunner + * Copyright (C) 2007-2011 Tobias Brunner * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -51,13 +51,11 @@ struct element_t { */ element_t *element_create(void *value) { - element_t *this = malloc_thing(element_t); - - this->previous = NULL; - this->next = NULL; - this->value = value; - - return (this); + element_t *this; + INIT(this, + .value = value, + ); + return this; } @@ -91,34 +89,6 @@ struct private_linked_list_t { element_t *last; }; - -typedef struct private_iterator_t private_iterator_t; - -/** - * Private variables and functions of linked list iterator. - */ -struct private_iterator_t { - /** - * Public part of linked list iterator. - */ - iterator_t public; - - /** - * Associated linked list. - */ - private_linked_list_t * list; - - /** - * Current element of the iterator. - */ - element_t *current; - - /** - * Direction of iterator. - */ - bool forward; -}; - typedef struct private_enumerator_t private_enumerator_t; /** @@ -140,241 +110,78 @@ struct private_enumerator_t { * current item */ element_t *current; + + /** + * enumerator has enumerated all items + */ + bool finished; }; -/** - * Implementation of private_enumerator_t.enumerator.enumerate. - */ -static bool enumerate(private_enumerator_t *this, void **item) +METHOD(enumerator_t, enumerate, bool, + private_enumerator_t *this, void **item) { + if (this->finished) + { + return FALSE; + } if (!this->current) { - if (!this->list->first) - { - return FALSE; - } this->current = this->list->first; } else { - if (!this->current->next) - { - return FALSE; - } this->current = this->current->next; } - *item = this->current->value; - return TRUE; -} - -/** - * Implementation of linked_list_t.create_enumerator. - */ -static enumerator_t* create_enumerator(private_linked_list_t *this) -{ - private_enumerator_t *enumerator = malloc_thing(private_enumerator_t); - - enumerator->enumerator.enumerate = (void*)enumerate; - enumerator->enumerator.destroy = (void*)free; - enumerator->list = this; - enumerator->current = NULL; - - return &enumerator->enumerator; -} - -/** - * Implementation of iterator_t.get_count. - */ -static int get_list_count(private_iterator_t *this) -{ - return this->list->count; -} - -/** - * Implementation of iterator_t.iterate. - */ -static bool iterate(private_iterator_t *this, void** value) -{ - if (this->forward) - { - this->current = this->current ? this->current->next : this->list->first; - } - else - { - this->current = this->current ? this->current->previous : this->list->last; - } - if (this->current == NULL) + if (!this->current) { + this->finished = TRUE; return FALSE; } - *value = this->current->value; + *item = this->current->value; return TRUE; } -/** - * Implementation of iterator_t.reset. - */ -static void iterator_reset(private_iterator_t *this) +METHOD(linked_list_t, create_enumerator, enumerator_t*, + private_linked_list_t *this) { - this->current = NULL; -} + private_enumerator_t *enumerator; -/** - * Implementation of iterator_t.remove. - */ -static status_t iterator_remove(private_iterator_t *this) -{ - element_t *new_current; + INIT(enumerator, + .enumerator = { + .enumerate = (void*)_enumerate, + .destroy = (void*)free, + }, + .list = this, + ); - if (this->current == NULL) - { - return NOT_FOUND; - } - - if (this->list->count == 0) - { - return NOT_FOUND; - } - /* find out the new iterator position, depending on iterator direction */ - if (this->forward && this->current->previous != NULL) - { - new_current = this->current->previous; - } - else if (!this->forward && this->current->next != NULL) - { - new_current = this->current->next; - } - else - { - new_current = NULL; - } - - /* now delete the entry :-) */ - if (this->current->previous == NULL) - { - if (this->current->next == NULL) - { - this->list->first = NULL; - this->list->last = NULL; - } - else - { - this->current->next->previous = NULL; - this->list->first = this->current->next; - } - } - else if (this->current->next == NULL) - { - this->current->previous->next = NULL; - this->list->last = this->current->previous; - } - else - { - this->current->previous->next = this->current->next; - this->current->next->previous = this->current->previous; - } - - this->list->count--; - free(this->current); - /* set the new iterator position */ - this->current = new_current; - return SUCCESS; -} - -/** - * Implementation of iterator_t.insert_before. - */ -static void insert_before(private_iterator_t * iterator, void *item) -{ - if (iterator->current == NULL) - { - iterator->list->public.insert_first(&(iterator->list->public), item); - return; - } - - element_t *element = element_create(item); - if (iterator->current->previous == NULL) - { - iterator->current->previous = element; - element->next = iterator->current; - iterator->list->first = element; - } - else - { - iterator->current->previous->next = element; - element->previous = iterator->current->previous; - iterator->current->previous = element; - element->next = iterator->current; - } - iterator->list->count++; + return &enumerator->enumerator; } -/** - * Implementation of iterator_t.replace. - */ -static status_t replace(private_iterator_t *this, void **old_item, void *new_item) +METHOD(linked_list_t, reset_enumerator, void, + private_linked_list_t *this, private_enumerator_t *enumerator) { - if (this->current == NULL) - { - return NOT_FOUND; - } - if (old_item != NULL) - { - *old_item = this->current->value; - } - this->current->value = new_item; - - return SUCCESS; + enumerator->current = NULL; + enumerator->finished = FALSE; } -/** - * Implementation of iterator_t.insert_after. - */ -static void insert_after(private_iterator_t *iterator, void *item) +METHOD(linked_list_t, has_more, bool, + private_linked_list_t *this, private_enumerator_t *enumerator) { - if (iterator->current == NULL) - { - iterator->list->public.insert_first(&(iterator->list->public),item); - return; - } - - element_t *element = element_create(item); - if (iterator->current->next == NULL) - { - iterator->current->next = element; - element->previous = iterator->current; - iterator->list->last = element; - } - else + if (enumerator->current) { - iterator->current->next->previous = element; - element->next = iterator->current->next; - iterator->current->next = element; - element->previous = iterator->current; + return enumerator->current->next != NULL; } - iterator->list->count++; + return !enumerator->finished && this->first != NULL; } -/** - * Implementation of iterator_t.destroy. - */ -static void iterator_destroy(private_iterator_t *this) -{ - free(this); -} - -/** - * Implementation of linked_list_t.get_count. - */ -static int get_count(private_linked_list_t *this) +METHOD(linked_list_t, get_count, int, + private_linked_list_t *this) { return this->count; } -/** - * Implementation of linked_list_t.insert_first. - */ -static void insert_first(private_linked_list_t *this, void *item) +METHOD(linked_list_t, insert_first, void, + private_linked_list_t *this, void *item) { element_t *element; @@ -384,15 +191,11 @@ static void insert_first(private_linked_list_t *this, void *item) /* first entry in list */ this->first = element; this->last = element; - element->previous = NULL; - element->next = NULL; } else { - element_t *old_first_element = this->first; - element->next = old_first_element; - element->previous = NULL; - old_first_element->previous = element; + element->next = this->first; + this->first->previous = element; this->first = element; } this->count++; @@ -401,7 +204,8 @@ static void insert_first(private_linked_list_t *this, void *item) /** * unlink an element form the list, returns following element */ -static element_t* remove_element(private_linked_list_t *this, element_t *element) +static element_t* remove_element(private_linked_list_t *this, + element_t *element) { element_t *next, *previous; @@ -432,10 +236,8 @@ static element_t* remove_element(private_linked_list_t *this, element_t *element return next; } -/** - * Implementation of linked_list_t.get_first. - */ -static status_t get_first(private_linked_list_t *this, void **item) +METHOD(linked_list_t, get_first, status_t, + private_linked_list_t *this, void **item) { if (this->count == 0) { @@ -445,10 +247,8 @@ static status_t get_first(private_linked_list_t *this, void **item) return SUCCESS; } -/** - * Implementation of linked_list_t.remove_first. - */ -static status_t remove_first(private_linked_list_t *this, void **item) +METHOD(linked_list_t, remove_first, status_t, + private_linked_list_t *this, void **item) { if (get_first(this, item) == SUCCESS) { @@ -458,36 +258,79 @@ static status_t remove_first(private_linked_list_t *this, void **item) return NOT_FOUND; } -/** - * Implementation of linked_list_t.insert_last. - */ -static void insert_last(private_linked_list_t *this, void *item) +METHOD(linked_list_t, insert_last, void, + private_linked_list_t *this, void *item) { - element_t *element = element_create(item); + element_t *element; + element = element_create(item); if (this->count == 0) { /* first entry in list */ this->first = element; this->last = element; - element->previous = NULL; - element->next = NULL; } else { - element_t *old_last_element = this->last; - element->previous = old_last_element; - element->next = NULL; - old_last_element->next = element; + element->previous = this->last; + this->last->next = element; this->last = element; } this->count++; } -/** - * Implementation of linked_list_t.get_last. - */ -static status_t get_last(private_linked_list_t *this, void **item) +METHOD(linked_list_t, insert_before, void, + private_linked_list_t *this, private_enumerator_t *enumerator, + void *item) +{ + element_t *current, *element; + + current = enumerator->current; + if (!current) + { + if (enumerator->finished) + { + this->public.insert_last(&this->public, item); + } + else + { + this->public.insert_first(&this->public, item); + } + return; + } + element = element_create(item); + if (current->previous) + { + current->previous->next = element; + element->previous = current->previous; + current->previous = element; + element->next = current; + } + else + { + current->previous = element; + element->next = current; + this->first = element; + } + this->count++; +} + +METHOD(linked_list_t, replace, void*, + private_linked_list_t *this, private_enumerator_t *enumerator, + void *item) +{ + void *old = NULL; + + if (enumerator->current) + { + old = enumerator->current->value; + enumerator->current->value = item; + } + return old; +} + +METHOD(linked_list_t, get_last, status_t, + private_linked_list_t *this, void **item) { if (this->count == 0) { @@ -497,10 +340,8 @@ static status_t get_last(private_linked_list_t *this, void **item) return SUCCESS; } -/** - * Implementation of linked_list_t.remove_last. - */ -static status_t remove_last(private_linked_list_t *this, void **item) +METHOD(linked_list_t, remove_last, status_t, + private_linked_list_t *this, void **item) { if (get_last(this, item) == SUCCESS) { @@ -510,11 +351,8 @@ static status_t remove_last(private_linked_list_t *this, void **item) return NOT_FOUND; } -/** - * Implementation of linked_list_t.remove. - */ -static int remove_(private_linked_list_t *this, void *item, - bool (*compare)(void *,void*)) +METHOD(linked_list_t, remove_, int, + private_linked_list_t *this, void *item, bool (*compare)(void*,void*)) { element_t *current = this->first; int removed = 0; @@ -535,10 +373,8 @@ static int remove_(private_linked_list_t *this, void *item, return removed; } -/** - * Implementation of linked_list_t.remove_at. - */ -static void remove_at(private_linked_list_t *this, private_enumerator_t *enumerator) +METHOD(linked_list_t, remove_at, void, + private_linked_list_t *this, private_enumerator_t *enumerator) { element_t *current; @@ -550,11 +386,9 @@ static void remove_at(private_linked_list_t *this, private_enumerator_t *enumera } } -/** - * Implementation of linked_list_t.find_first. - */ -static status_t find_first(private_linked_list_t *this, linked_list_match_t match, - void **item, void *d1, void *d2, void *d3, void *d4, void *d5) +METHOD(linked_list_t, find_first, status_t, + private_linked_list_t *this, linked_list_match_t match, + void **item, void *d1, void *d2, void *d3, void *d4, void *d5) { element_t *current = this->first; @@ -574,11 +408,9 @@ static status_t find_first(private_linked_list_t *this, linked_list_match_t matc return NOT_FOUND; } -/** - * Implementation of linked_list_t.find_last. - */ -static status_t find_last(private_linked_list_t *this, linked_list_match_t match, - void **item, void *d1, void *d2, void *d3, void *d4, void *d5) +METHOD(linked_list_t, find_last, status_t, + private_linked_list_t *this, linked_list_match_t match, + void **item, void *d1, void *d2, void *d3, void *d4, void *d5) { element_t *current = this->last; @@ -598,27 +430,24 @@ static status_t find_last(private_linked_list_t *this, linked_list_match_t match return NOT_FOUND; } -/** - * Implementation of linked_list_t.invoke_offset. - */ -static void invoke_offset(private_linked_list_t *this, size_t offset, - void *d1, void *d2, void *d3, void *d4, void *d5) +METHOD(linked_list_t, invoke_offset, void, + private_linked_list_t *this, size_t offset, + void *d1, void *d2, void *d3, void *d4, void *d5) { element_t *current = this->first; + linked_list_invoke_t *method; while (current) { - linked_list_invoke_t *method = current->value + offset; + method = current->value + offset; (*method)(current->value, d1, d2, d3, d4, d5); current = current->next; } } -/** - * Implementation of linked_list_t.invoke_function. - */ -static void invoke_function(private_linked_list_t *this, linked_list_invoke_t fn, - void *d1, void *d2, void *d3, void *d4, void *d5) +METHOD(linked_list_t, invoke_function, void, + private_linked_list_t *this, linked_list_invoke_t fn, + void *d1, void *d2, void *d3, void *d4, void *d5) { element_t *current = this->first; @@ -629,14 +458,13 @@ static void invoke_function(private_linked_list_t *this, linked_list_invoke_t fn } } -/** - * Implementation of linked_list_t.clone_offset - */ -static linked_list_t *clone_offset(private_linked_list_t *this, size_t offset) +METHOD(linked_list_t, clone_offset, linked_list_t*, + private_linked_list_t *this, size_t offset) { - linked_list_t *clone = linked_list_create(); element_t *current = this->first; + linked_list_t *clone; + clone = linked_list_create(); while (current) { void* (**method)(void*) = current->value + offset; @@ -647,29 +475,26 @@ static linked_list_t *clone_offset(private_linked_list_t *this, size_t offset) return clone; } -/** - * Implementation of linked_list_t.clone_function - */ -static linked_list_t *clone_function(private_linked_list_t *this, void* (*fn)(void*)) +METHOD(linked_list_t, clone_function, linked_list_t*, + private_linked_list_t *this, void* (*fn)(void*)) { - linked_list_t *clone = linked_list_create(); element_t *current = this->first; + linked_list_t *clone; + clone = linked_list_create(); while (current) { clone->insert_last(clone, fn(current->value)); current = current->next; } - return clone; } -/** - * Implementation of linked_list_t.destroy. - */ -static void destroy(private_linked_list_t *this) +METHOD(linked_list_t, destroy, void, + private_linked_list_t *this) { void *value; + /* Remove all list items before destroying list */ while (remove_first(this, &value) == SUCCESS) { @@ -679,10 +504,8 @@ static void destroy(private_linked_list_t *this) free(this); } -/** - * Implementation of linked_list_t.destroy_offset. - */ -static void destroy_offset(private_linked_list_t *this, size_t offset) +METHOD(linked_list_t, destroy_offset, void, + private_linked_list_t *this, size_t offset) { element_t *current = this->first, *next; @@ -697,10 +520,8 @@ static void destroy_offset(private_linked_list_t *this, size_t offset) free(this); } -/** - * Implementation of linked_list_t.destroy_function. - */ -static void destroy_function(private_linked_list_t *this, void (*fn)(void*)) +METHOD(linked_list_t, destroy_function, void, + private_linked_list_t *this, void (*fn)(void*)) { element_t *current = this->first, *next; @@ -714,60 +535,40 @@ static void destroy_function(private_linked_list_t *this, void (*fn)(void*)) free(this); } -/** - * Implementation of linked_list_t.create_iterator. - */ -static iterator_t *create_iterator(private_linked_list_t *linked_list, bool forward) -{ - private_iterator_t *this = malloc_thing(private_iterator_t); - - this->public.get_count = (int (*) (iterator_t*)) get_list_count; - this->public.iterate = (bool (*) (iterator_t*, void **value)) iterate; - this->public.insert_before = (void (*) (iterator_t*, void *item)) insert_before; - this->public.insert_after = (void (*) (iterator_t*, void *item)) insert_after; - this->public.replace = (status_t (*) (iterator_t*, void **, void *)) replace; - this->public.remove = (status_t (*) (iterator_t*)) iterator_remove; - this->public.reset = (void (*) (iterator_t*)) iterator_reset; - this->public.destroy = (void (*) (iterator_t*)) iterator_destroy; - - this->forward = forward; - this->current = NULL; - this->list = linked_list; - - return &this->public; -} - /* * Described in header. */ linked_list_t *linked_list_create() { - private_linked_list_t *this = malloc_thing(private_linked_list_t); - - this->public.get_count = (int (*) (linked_list_t *)) get_count; - this->public.create_iterator = (iterator_t * (*) (linked_list_t *,bool))create_iterator; - this->public.create_enumerator = (enumerator_t*(*)(linked_list_t*))create_enumerator; - this->public.get_first = (status_t (*) (linked_list_t *, void **item))get_first; - this->public.get_last = (status_t (*) (linked_list_t *, void **item))get_last; - this->public.find_first = (status_t (*) (linked_list_t *, linked_list_match_t,void**,...))find_first; - this->public.find_last = (status_t (*) (linked_list_t *, linked_list_match_t,void**,...))find_last; - this->public.insert_first = (void (*) (linked_list_t *, void *item))insert_first; - this->public.insert_last = (void (*) (linked_list_t *, void *item))insert_last; - this->public.remove_first = (status_t (*) (linked_list_t *, void **item))remove_first; - this->public.remove_last = (status_t (*) (linked_list_t *, void **item))remove_last; - this->public.remove = (int(*)(linked_list_t*, void *item, bool (*compare)(void *,void*)))remove_; - this->public.remove_at = (void(*)(linked_list_t*, enumerator_t *enumerator))remove_at; - this->public.invoke_offset = (void (*)(linked_list_t*,size_t,...))invoke_offset; - this->public.invoke_function = (void (*)(linked_list_t*,linked_list_invoke_t,...))invoke_function; - this->public.clone_offset = (linked_list_t * (*)(linked_list_t*,size_t))clone_offset; - this->public.clone_function = (linked_list_t * (*)(linked_list_t*,void*(*)(void*)))clone_function; - this->public.destroy = (void (*) (linked_list_t *))destroy; - this->public.destroy_offset = (void (*) (linked_list_t *,size_t))destroy_offset; - this->public.destroy_function = (void (*)(linked_list_t*,void(*)(void*)))destroy_function; - - this->count = 0; - this->first = NULL; - this->last = NULL; + private_linked_list_t *this; + + INIT(this, + .public = { + .get_count = _get_count, + .create_enumerator = _create_enumerator, + .reset_enumerator = (void*)_reset_enumerator, + .has_more = (void*)_has_more, + .get_first = _get_first, + .get_last = _get_last, + .find_first = (void*)_find_first, + .find_last = (void*)_find_last, + .insert_first = _insert_first, + .insert_last = _insert_last, + .insert_before = (void*)_insert_before, + .replace = (void*)_replace, + .remove_first = _remove_first, + .remove_last = _remove_last, + .remove = _remove_, + .remove_at = (void*)_remove_at, + .invoke_offset = (void*)_invoke_offset, + .invoke_function = (void*)_invoke_function, + .clone_offset = _clone_offset, + .clone_function = _clone_function, + .destroy = _destroy, + .destroy_offset = _destroy_offset, + .destroy_function = _destroy_function, + }, + ); return &this->public; } diff --git a/src/libstrongswan/utils/linked_list.h b/src/libstrongswan/utils/linked_list.h index 1444c93fc..293ca8661 100644 --- a/src/libstrongswan/utils/linked_list.h +++ b/src/libstrongswan/utils/linked_list.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2007-2008 Tobias Brunner + * Copyright (C) 2007-2011 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -25,7 +25,6 @@ typedef struct linked_list_t linked_list_t; -#include <utils/iterator.h> #include <utils/enumerator.h> /** @@ -62,27 +61,29 @@ struct linked_list_t { int (*get_count) (linked_list_t *this); /** - * Creates a iterator for the given list. - * - * @warning Created iterator_t object has to get destroyed by the caller. + * Create an enumerator over the list. * - * @deprecated Iterator is obsolete and will disappear, it is too - * complicated to implement. Use enumerator instead. + * @note The enumerator's position is invalid before the first call + * to enumerate(). * - * @param forward iterator direction (TRUE: front to end) - * @return new iterator_t object + * @return enumerator over list items */ - iterator_t *(*create_iterator) (linked_list_t *this, bool forward); + enumerator_t* (*create_enumerator)(linked_list_t *this); /** - * Create an enumerator over the list. + * Resets the enumerator's current position to the beginning of the list. * - * The enumerator is a "lightweight" iterator. It only has two methods - * and should therefore be much easier to implement. + * @param enumerator enumerator to reset + */ + void (*reset_enumerator)(linked_list_t *this, enumerator_t *enumerator); + + /** + * Checks if there are more elements following after the enumerator's + * current position. * - * @return enumerator over list items + * @param enumerator enumerator to check */ - enumerator_t* (*create_enumerator)(linked_list_t *this); + bool (*has_more)(linked_list_t *this, enumerator_t *enumerator); /** * Inserts a new item at the beginning of the list. @@ -100,6 +101,32 @@ struct linked_list_t { status_t (*remove_first) (linked_list_t *this, void **item); /** + * Inserts a new item before the item the enumerator currently points to. + * + * If this method is called before starting the enumeration the item is + * inserted first. If it is called after all items have been enumerated + * the item is inserted last. This is helpful when inserting items into + * a sorted list. + * + * @note The position of the enumerator is not changed. + * + * @param enumerator enumerator with position + * @param item item value to insert in list + */ + void (*insert_before)(linked_list_t *this, enumerator_t *enumerator, + void *item); + + /** + * Replaces the item the enumerator currently points to with the given item. + * + * @param enumerator enumerator with position + * @param item item value to replace current item with + * @return current item or NULL if the enumerator is at an + * invalid position + */ + void *(*replace)(linked_list_t *this, enumerator_t *enumerator, void *item); + + /** * Remove an item from the list where the enumerator points to. * * @param enumerator enumerator with position @@ -125,7 +152,6 @@ struct linked_list_t { /** * Returns the value of the first list item without removing it. * - * @param this calling object * @param item returned value of first item * @return SUCCESS, NOT_FOUND if list is empty */ @@ -141,7 +167,6 @@ struct linked_list_t { /** * Removes the last item in the list and returns its value. * - * @param this calling object * @param item returned value of last item, or NULL * @return SUCCESS, NOT_FOUND if list is empty */ @@ -150,7 +175,6 @@ struct linked_list_t { /** * Returns the value of the last list item without removing it. * - * @param this calling object * @param item returned value of last item * @return SUCCESS, NOT_FOUND if list is empty */ diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c index e51780290..5fd4cfd4d 100644 --- a/src/libstrongswan/utils/optionsfrom.c +++ b/src/libstrongswan/utils/optionsfrom.c @@ -67,7 +67,6 @@ METHOD(options_t, from, bool, int newargc; int next; /* place for next argument */ char **newargv; - size_t bytes; chunk_t src, line, token; bool good = TRUE; int linepos = 0; @@ -99,7 +98,14 @@ METHOD(options_t, from, bool, src.ptr = this->buffers[this->nuses] = malloc(src.len + 1); /* read the whole file into a chunk */ - bytes = fread(src.ptr, 1, src.len, fd); + if (fread(src.ptr, 1, src.len, fd) != src.len) + { + DBG1(DBG_LIB, "optionsfrom: unable to read file '%s': %s", + filename, strerror(errno)); + free(src.ptr); + fclose(fd); + return FALSE; + } fclose(fd); if (this->room) |