diff options
Diffstat (limited to 'src')
522 files changed, 22027 insertions, 3786 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 218c9434c..7d11893d1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -96,12 +96,12 @@ if USE_MEDSRV SUBDIRS += medsrv endif -if USE_INTEGRITY_TEST - SUBDIRS += checksum -endif - if USE_ATTR_SQL SUBDIRS += pool +else +if USE_SQL + SUBDIRS += pool +endif endif if USE_TKM @@ -116,8 +116,6 @@ if USE_LIBPTTLS SUBDIRS += pt-tls-client endif -EXTRA_DIST = strongswan.conf - -install-exec-local : - test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)" - test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true +if USE_INTEGRITY_TEST + SUBDIRS += checksum +endif diff --git a/src/Makefile.in b/src/Makefile.in index 42dfba38e..1c2a427f7 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -101,11 +101,12 @@ host_triplet = @host@ @USE_FAST_TRUE@am__append_22 = libfast @USE_MANAGER_TRUE@am__append_23 = manager @USE_MEDSRV_TRUE@am__append_24 = medsrv -@USE_INTEGRITY_TEST_TRUE@am__append_25 = checksum -@USE_ATTR_SQL_TRUE@am__append_26 = pool +@USE_ATTR_SQL_TRUE@am__append_25 = pool +@USE_ATTR_SQL_FALSE@@USE_SQL_TRUE@am__append_26 = pool @USE_TKM_TRUE@am__append_27 = charon-tkm @USE_CMD_TRUE@am__append_28 = charon-cmd @USE_LIBPTTLS_TRUE@am__append_29 = pt-tls-client +@USE_INTEGRITY_TEST_TRUE@am__append_30 = checksum subdir = src DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -183,8 +184,8 @@ DIST_SUBDIRS = . include libstrongswan libhydra libipsec libsimaka \ libtls libradius libtncif libtnccs libpttls libimcv libpts \ libcharon starter ipsec _copyright charon charon-nm stroke \ _updown _updown_espmark openac scepclient pki conftest dumm \ - libfast manager medsrv checksum pool charon-tkm charon-cmd \ - pt-tls-client + libfast manager medsrv pool charon-tkm charon-cmd \ + pt-tls-client checksum DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -225,8 +226,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -294,6 +293,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -382,12 +386,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -402,6 +410,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -421,8 +430,7 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_19) $(am__append_20) $(am__append_21) \ $(am__append_22) $(am__append_23) $(am__append_24) \ $(am__append_25) $(am__append_26) $(am__append_27) \ - $(am__append_28) $(am__append_29) -EXTRA_DIST = strongswan.conf + $(am__append_28) $(am__append_29) $(am__append_30) all: all-recursive .SUFFIXES: @@ -678,7 +686,7 @@ install-dvi: install-dvi-recursive install-dvi-am: -install-exec-am: install-exec-local +install-exec-am: install-html: install-html-recursive @@ -725,19 +733,14 @@ uninstall-am: ctags-am distclean distclean-generic distclean-libtool \ distclean-tags distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ - install-dvi-am install-exec install-exec-am install-exec-local \ - install-html install-html-am install-info install-info-am \ - install-man install-pdf install-pdf-am install-ps \ - install-ps-am install-strip installcheck installcheck-am \ - installdirs installdirs-am maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-generic \ - mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ - uninstall-am - - -install-exec-local : - test -e "$(DESTDIR)${sysconfdir}" || $(INSTALL) -d "$(DESTDIR)$(sysconfdir)" - test -e "$(DESTDIR)$(sysconfdir)/strongswan.conf" || $(INSTALL) -m 640 $(srcdir)/strongswan.conf $(DESTDIR)$(sysconfdir)/strongswan.conf || true + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am tags tags-am uninstall uninstall-am + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in index 8a57e13bc..0783f9e7b 100644 --- a/src/_copyright/Makefile.in +++ b/src/_copyright/Makefile.in @@ -184,8 +184,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -253,6 +251,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -341,12 +344,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -361,6 +368,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/_copyright/_copyright.c b/src/_copyright/_copyright.c index b20b17256..806f78062 100644 --- a/src/_copyright/_copyright.c +++ b/src/_copyright/_copyright.c @@ -24,7 +24,7 @@ #include <library.h> static const char *copyright[] = { - "Copyright (C) 1999-2012", + "Copyright (C) 1999-2013", " Henry Spencer, D. Hugh Redelmeier, Michael Richardson, Ken Bantoft,", " Stephen J. Bevan, JuanJo Ciarlante, Thomas Egerer, Heiko Hund,", " Mathieu Lafon, Stephane Laroche, Kai Martius, Stephan Scholz,", @@ -36,10 +36,12 @@ static const char *copyright[] = { " Roger Wegmann, Simon Zwahlen,", " ZHW Zuercher Hochschule Winterthur (Switzerland).", "", - " Philip Boetschi, Tobias Brunner, Sansar Choinyambuu, Adrian Doerig,", - " Andreas Eigenmann, Giuliano Grassi, Reto Guadagnini, Fabian Hartmann,", - " Noah Heusser, Jan Hutter, Thomas Kallenberg, Daniel Roethlisberger,", - " Ralf Sager, Joel Stillhart, Daniel Wydler, Andreas Steffen,", + " Philip Boetschi, Tobias Brunner, Christoph Buehler, Reto Buerki,", + " Sansar Choinyambuu, Adrian Doerig, Andreas Eigenmann, Giuliano Grassi,", + " Reto Guadagnini, Fabian Hartmann, Noah Heusser, Jan Hutter,", + " Thomas Kallenberg, Patrick Loetscher, Daniel Roethlisberger,", + " Adrian-Ken Rueegsegger, Ralf Sager, Joel Stillhart, Daniel Wydler,", + " Andreas Steffen,", " HSR Hochschule fuer Technik Rapperswil (Switzerland).", "", " Martin Willi (revosec AG), Clavister (Sweden).", @@ -74,7 +76,7 @@ main(int argc, char *argv[]) const char **notice = copyright; const char **co; - library_init(NULL); + library_init(NULL, "_copyright"); atexit(library_deinit); while ((opt = getopt_long(argc, argv, "", opts, NULL)) != EOF) diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in index 30f32b2b7..e77049543 100644 --- a/src/_updown/Makefile.in +++ b/src/_updown/Makefile.in @@ -165,8 +165,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -234,6 +232,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -322,12 +325,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -342,6 +349,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/_updown/_updown.in b/src/_updown/_updown.in index c68c23d8a..532bd2437 100644 --- a/src/_updown/_updown.in +++ b/src/_updown/_updown.in @@ -50,6 +50,9 @@ # PLUTO_PROTO # is the negotiated IPsec protocol, ah|esp # +# PLUTO_IPCOMP +# is not empty if IPComp was negotiated +# # PLUTO_UNIQUEID # is the unique identifier of the associated IKE_SA # @@ -411,6 +414,14 @@ up-host:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # allow IPIP traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed) + if [ -n "$PLUTO_IPCOMP" ] + then + iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection setup if [ $VPN_LOGGING ] then @@ -435,6 +446,13 @@ down-host:iptables) -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \ -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT # + # IPIP exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec host connection teardown if [ $VPN_LOGGING ] then @@ -474,6 +492,15 @@ up-client:iptables) -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT fi # + # allow IPIP traffic because of the implicit SA created by the kernel if + # IPComp is used (for small inbound packets that are not compressed). + # INPUT is correct here even for forwarded traffic. + if [ -n "$PLUTO_IPCOMP" ] + then + iptables -I INPUT 1 -i $PLUTO_INTERFACE -p 4 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection setup if [ $VPN_LOGGING ] then @@ -517,6 +544,13 @@ down-client:iptables) $IPSEC_POLICY_OUT -j ACCEPT fi # + # IPIP exception teardown + if [ -n "$PLUTO_IPCOMP" ] + then + iptables -D INPUT -i $PLUTO_INTERFACE -p 4 \ + -s $PLUTO_PEER -d $PLUTO_ME $IPSEC_POLICY_IN -j ACCEPT + fi + # # log IPsec client connection teardown if [ $VPN_LOGGING ] then diff --git a/src/_updown_espmark/Makefile.in b/src/_updown_espmark/Makefile.in index 42522f5e8..918bd6a89 100644 --- a/src/_updown_espmark/Makefile.in +++ b/src/_updown_espmark/Makefile.in @@ -165,8 +165,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -234,6 +232,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -322,12 +325,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -342,6 +349,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in index d484f6463..62d6cd725 100644 --- a/src/charon-cmd/Makefile.in +++ b/src/charon-cmd/Makefile.in @@ -221,8 +221,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/charon-cmd/charon-cmd.8.in b/src/charon-cmd/charon-cmd.8.in index 25d706995..a2d424e9a 100644 --- a/src/charon-cmd/charon-cmd.8.in +++ b/src/charon-cmd/charon-cmd.8.in @@ -116,6 +116,24 @@ address will always be proposed. .BI "\-\-remote\-ts " subnet Traffic selector to propose for remote side, defaults to 0.0.0.0/0. .TP +.BI "\-\-ike\-proposal " proposal +IKE proposal to offer instead of default. For IKEv1, a single proposal consists +of one encryption algorithm, an integrity/PRF algorithm and a DH group. IKEv2 +can propose multiple algorithms of the same kind. To specify multiple proposals, +repeat the option. +.TP +.BI "\-\-esp\-proposal " proposal +ESP proposal to offer instead of default. For IKEv1, a single proposal consists +of one encryption algorithm, an integrity algorithm and an optional DH group for +Perfect Forward Secrecy rekeying. IKEv2 can propose multiple algorithms of the +same kind. To specify multiple proposals, repeat the option. +.TP +.BI "\-\-ah\-proposal " proposal +AH proposal to offer instead of ESP. For IKEv1, a single proposal consists +of an integrity algorithm and an optional DH group for Perfect Forward Secrecy +rekeying. IKEv2 can propose multiple algorithms of the same kind. To specify +multiple proposals, repeat the option. +.TP .BI "\-\-profile " name Authentication profile to use, the list of supported profiles can be found in the diff --git a/src/charon-cmd/charon-cmd.c b/src/charon-cmd/charon-cmd.c index 5f4787b58..a70d314af 100644 --- a/src/charon-cmd/charon-cmd.c +++ b/src/charon-cmd/charon-cmd.c @@ -322,7 +322,7 @@ int main(int argc, char *argv[]) dbg = dbg_stderr; atexit(library_deinit); - if (!library_init(NULL)) + if (!library_init(NULL, "charon-cmd")) { exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } @@ -334,12 +334,12 @@ int main(int argc, char *argv[]) } } atexit(libhydra_deinit); - if (!libhydra_init("charon-cmd")) + if (!libhydra_init()) { exit(SS_RC_INITIALIZATION_FAILED); } atexit(libcharon_deinit); - if (!libcharon_init("charon-cmd")) + if (!libcharon_init()) { exit(SS_RC_INITIALIZATION_FAILED); } @@ -389,6 +389,7 @@ int main(int argc, char *argv[]) sigaddset(&action.sa_mask, SIGINT); sigaddset(&action.sa_mask, SIGTERM); sigaddset(&action.sa_mask, SIGHUP); + sigaddset(&action.sa_mask, SIGUSR1); sigaction(SIGSEGV, &action, NULL); sigaction(SIGILL, &action, NULL); sigaction(SIGBUS, &action, NULL); diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c index 180e8da98..ac085e131 100644 --- a/src/charon-cmd/cmd/cmd_connection.c +++ b/src/charon-cmd/cmd/cmd_connection.c @@ -87,6 +87,16 @@ struct private_cmd_connection_t { linked_list_t *remote_ts; /** + * List of IKE proposals + */ + linked_list_t *ike_proposals; + + /** + * List of CHILD proposals + */ + linked_list_t *child_proposals; + + /** * Hostname to connect to */ char *host; @@ -135,6 +145,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this) u_int16_t local_port, remote_port = IKEV2_UDP_PORT; ike_version_t version = IKE_ANY; bool aggressive = FALSE; + proposal_t *proposal; switch (this->profile) { @@ -165,7 +176,18 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this) } ike_cfg = ike_cfg_create(version, TRUE, FALSE, "0.0.0.0", local_port, this->host, remote_port, FRAGMENTATION_NO, 0); - ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); + if (this->ike_proposals->get_count(this->ike_proposals)) + { + while (this->ike_proposals->remove_first(this->ike_proposals, + (void**)&proposal) == SUCCESS) + { + ike_cfg->add_proposal(ike_cfg, proposal); + } + } + else + { + ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); + } peer_cfg = peer_cfg_create("cmd", ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ 36000, 0, /* rekey 10h, reauth none */ @@ -173,7 +195,6 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this) TRUE, aggressive, TRUE, /* mobike, aggressive, pull */ 30, 0, /* DPD delay, timeout */ FALSE, NULL, NULL); /* mediation */ - peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); return peer_cfg; } @@ -306,10 +327,13 @@ static bool add_auth_cfgs(private_cmd_connection_t *this, peer_cfg_t *peer_cfg) /** * Attach child config to peer config */ -static child_cfg_t* create_child_cfg(private_cmd_connection_t *this) +static child_cfg_t* create_child_cfg(private_cmd_connection_t *this, + peer_cfg_t *peer_cfg) { child_cfg_t *child_cfg; traffic_selector_t *ts; + proposal_t *proposal; + bool has_v4 = FALSE, has_v6 = FALSE; lifetime_cfg_t lifetime = { .time = { .life = 10800 /* 3h */, @@ -322,7 +346,18 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this) NULL, FALSE, MODE_TUNNEL, /* updown, hostaccess */ ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); - child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + if (this->child_proposals->get_count(this->child_proposals)) + { + while (this->child_proposals->remove_first(this->child_proposals, + (void**)&proposal) == SUCCESS) + { + child_cfg->add_proposal(child_cfg, proposal); + } + } + else + { + child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + } while (this->local_ts->remove_first(this->local_ts, (void**)&ts) == SUCCESS) { child_cfg->add_traffic_selector(child_cfg, TRUE, ts); @@ -333,12 +368,31 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this) ts = traffic_selector_create_from_string(0, TS_IPV4_ADDR_RANGE, "0.0.0.0", 0, "255.255.255.255", 65535); this->remote_ts->insert_last(this->remote_ts, ts); + has_v4 = TRUE; } while (this->remote_ts->remove_first(this->remote_ts, (void**)&ts) == SUCCESS) { + switch (ts->get_type(ts)) + { + case TS_IPV4_ADDR_RANGE: + has_v4 = TRUE; + break; + case TS_IPV6_ADDR_RANGE: + has_v6 = TRUE; + break; + } child_cfg->add_traffic_selector(child_cfg, FALSE, ts); } + if (has_v4) + { + peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); + } + if (has_v6) + { + peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("::", 0)); + } + peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg)); return child_cfg; } @@ -374,8 +428,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this) return JOB_REQUEUE_NONE; } - child_cfg = create_child_cfg(this); - peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg)); + child_cfg = create_child_cfg(this, peer_cfg); if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg, controller_cb_empty, NULL, 0) != SUCCESS) @@ -421,6 +474,8 @@ static void set_profile(private_cmd_connection_t *this, char *name) METHOD(cmd_connection_t, handle, bool, private_cmd_connection_t *this, cmd_option_type_t opt, char *arg) { + proposal_t *proposal; + switch (opt) { case CMD_OPT_HOST: @@ -447,6 +502,30 @@ METHOD(cmd_connection_t, handle, bool, case CMD_OPT_REMOTE_TS: add_ts(this, this->remote_ts, arg); break; + case CMD_OPT_IKE_PROPOSAL: + proposal = proposal_create_from_string(PROTO_IKE, arg); + if (!proposal) + { + exit(1); + } + this->ike_proposals->insert_last(this->ike_proposals, proposal); + break; + case CMD_OPT_ESP_PROPOSAL: + proposal = proposal_create_from_string(PROTO_ESP, arg); + if (!proposal) + { + exit(1); + } + this->child_proposals->insert_last(this->child_proposals, proposal); + break; + case CMD_OPT_AH_PROPOSAL: + proposal = proposal_create_from_string(PROTO_AH, arg); + if (!proposal) + { + exit(1); + } + this->child_proposals->insert_last(this->child_proposals, proposal); + break; case CMD_OPT_PROFILE: set_profile(this, arg); break; @@ -459,6 +538,10 @@ METHOD(cmd_connection_t, handle, bool, METHOD(cmd_connection_t, destroy, void, private_cmd_connection_t *this) { + this->ike_proposals->destroy_offset(this->ike_proposals, + offsetof(proposal_t, destroy)); + this->child_proposals->destroy_offset(this->child_proposals, + offsetof(proposal_t, destroy)); this->local_ts->destroy_offset(this->local_ts, offsetof(traffic_selector_t, destroy)); this->remote_ts->destroy_offset(this->remote_ts, @@ -481,6 +564,8 @@ cmd_connection_t *cmd_connection_create() .pid = getpid(), .local_ts = linked_list_create(), .remote_ts = linked_list_create(), + .ike_proposals = linked_list_create(), + .child_proposals = linked_list_create(), .profile = PROF_UNDEF, ); diff --git a/src/charon-cmd/cmd/cmd_options.c b/src/charon-cmd/cmd/cmd_options.c index 597ccda1f..5428941ff 100644 --- a/src/charon-cmd/cmd/cmd_options.c +++ b/src/charon-cmd/cmd/cmd_options.c @@ -56,6 +56,12 @@ cmd_option_t cmd_options[CMD_OPT_COUNT] = { "additional traffic selector to propose for our side", {}}, { CMD_OPT_REMOTE_TS, "remote-ts", required_argument, "subnet", "traffic selector to propose for remote side", {}}, + { CMD_OPT_IKE_PROPOSAL, "ike-proposal", required_argument, "proposal", + "a single IKE proposal to offer instead of the default", {}}, + { CMD_OPT_ESP_PROPOSAL, "esp-proposal", required_argument, "proposal", + "a single ESP proposal to offer instead of the default", {}}, + { CMD_OPT_AH_PROPOSAL, "ah-proposal", required_argument, "proposal", + "a single AH proposal to offer instead of the default", {}}, { CMD_OPT_PROFILE, "profile", required_argument, "name", "authentication profile to use, where name is one of:", { " ikev2-pub, ikev2-eap, ikev2-pub-eap", diff --git a/src/charon-cmd/cmd/cmd_options.h b/src/charon-cmd/cmd/cmd_options.h index 6b8b04cdf..c7441e795 100644 --- a/src/charon-cmd/cmd/cmd_options.h +++ b/src/charon-cmd/cmd/cmd_options.h @@ -45,6 +45,9 @@ enum cmd_option_type_t { CMD_OPT_AGENT, CMD_OPT_LOCAL_TS, CMD_OPT_REMOTE_TS, + CMD_OPT_IKE_PROPOSAL, + CMD_OPT_AH_PROPOSAL, + CMD_OPT_ESP_PROPOSAL, CMD_OPT_PROFILE, CMD_OPT_COUNT diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in index c204c8c3a..955d15313 100644 --- a/src/charon-nm/Makefile.in +++ b/src/charon-nm/Makefile.in @@ -192,8 +192,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -261,6 +259,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -349,12 +352,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -369,6 +376,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/charon-nm/charon-nm.c b/src/charon-nm/charon-nm.c index 9ce6dbaeb..32cec36ec 100644 --- a/src/charon-nm/charon-nm.c +++ b/src/charon-nm/charon-nm.c @@ -161,7 +161,7 @@ int main(int argc, char *argv[]) dbg = dbg_syslog; /* initialize library */ - if (!library_init(NULL)) + if (!library_init(NULL, "charon-nm")) { library_deinit(); exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); @@ -175,7 +175,7 @@ int main(int argc, char *argv[]) exit(SS_RC_DAEMON_INTEGRITY); } - if (!libhydra_init("charon-nm")) + if (!libhydra_init()) { dbg_syslog(DBG_DMN, 1, "initialization failed - aborting charon-nm"); libhydra_deinit(); @@ -183,7 +183,7 @@ int main(int argc, char *argv[]) exit(SS_RC_INITIALIZATION_FAILED); } - if (!libcharon_init("charon-nm")) + if (!libcharon_init()) { dbg_syslog(DBG_DMN, 1, "initialization failed - aborting charon-nm"); goto deinit; diff --git a/src/charon-nm/nm/nm_backend.c b/src/charon-nm/nm/nm_backend.c index f474dad60..ebebde2c0 100644 --- a/src/charon-nm/nm/nm_backend.c +++ b/src/charon-nm/nm/nm_backend.c @@ -22,10 +22,6 @@ #include <daemon.h> #include <processing/jobs/callback_job.h> -#ifndef CAP_DAC_OVERRIDE -#define CAP_DAC_OVERRIDE 1 -#endif - typedef struct nm_backend_t nm_backend_t; /** @@ -143,14 +139,6 @@ static bool nm_backend_init() return FALSE; } - /* bypass file permissions to read from users ssh-agent */ - if (!lib->caps->keep(lib->caps, CAP_DAC_OVERRIDE)) - { - DBG1(DBG_CFG, "NM backend requires CAP_DAC_OVERRIDE capability"); - nm_backend_deinit(); - return FALSE; - } - lib->processor->queue_job(lib->processor, (job_t*)callback_job_create_with_prio((callback_job_cb_t)run, this, NULL, (callback_job_cancel_t)cancel, JOB_PRIO_CRITICAL)); diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index f37367532..f0daff61e 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -412,9 +412,10 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, loose_gateway_id = TRUE; } - if (auth_class == AUTH_CLASS_EAP) + if (auth_class == AUTH_CLASS_EAP || + auth_class == AUTH_CLASS_PSK) { - /* username/password authentication ... */ + /* username/password or PSK authentication ... */ str = nm_setting_vpn_get_data_item(vpn, "user"); if (str) { @@ -548,7 +549,14 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, auth->add(auth, AUTH_RULE_IDENTITY, user); peer_cfg->add_auth_cfg(peer_cfg, auth, TRUE); auth = auth_cfg_create(); - auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); + if (auth_class == AUTH_CLASS_PSK) + { + auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); + } + else + { + auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); + } auth->add(auth, AUTH_RULE_IDENTITY, gateway); auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, loose_gateway_id); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); @@ -623,7 +631,7 @@ static gboolean need_secrets(NMVPNPlugin *plugin, NMConnection *connection, method = nm_setting_vpn_get_data_item(settings, "method"); if (method) { - if (streq(method, "eap")) + if (streq(method, "eap") || streq(method, "psk")) { if (nm_setting_vpn_get_secret(settings, "password")) { diff --git a/src/charon-tkm/Makefile.am b/src/charon-tkm/Makefile.am index 0fef1f62d..d2b81a3ea 100644 --- a/src/charon-tkm/Makefile.am +++ b/src/charon-tkm/Makefile.am @@ -1,26 +1,30 @@ -SRC = $(top_builddir)/src +SRC = $(abs_top_srcdir)/src +OBJ = $(abs_top_builddir)/src -# includes relative to obj directory AM_CPPFLAGS = \ - -include $(top_builddir)/config.h \ - -I../$(SRC)/libstrongswan \ - -I../$(SRC)/libhydra \ - -I../$(SRC)/libcharon + -include $(abs_top_builddir)/config.h \ + -I$(SRC)/libstrongswan \ + -I$(SRC)/libhydra \ + -I$(SRC)/libcharon LIBLD = \ - -L$(SRC)/libstrongswan/.libs \ - -L$(SRC)/libhydra/.libs \ - -L$(SRC)/libcharon/.libs -LIBPT = $(SRC)/libstrongswan/.libs:$(SRC)/libhydra/.libs:$(SRC)/libcharon/.libs + -L$(OBJ)/libstrongswan/.libs \ + -L$(OBJ)/libhydra/.libs \ + -L$(OBJ)/libcharon/.libs +LIBPT = $(OBJ)/libstrongswan/.libs:$(OBJ)/libhydra/.libs:$(OBJ)/libcharon/.libs LIBFL = -lstrongswan -lhydra -lcharon DEFS += -DPLUGINS=\""$(PLUGINS)\"" -DIPSEC_PIDDIR=\"${piddir}\" BUILD_OPTS = \ - -XOBJ_DIR=$(CURDIR)/obj \ + -XOBJ_DIR=$(abs_builddir)/obj \ -cargs $(AM_CPPFLAGS) $(DEFS) \ -largs $(LIBLD) $(LIBFL) +TEST_OPTS = \ + -cargs -DBUILDDIR=\"${abs_top_builddir}\" \ + -largs -L$(OBJ)/libstrongswan/tests/.libs -ltest + # plugins to enable PLUGINS = \ kernel-netlink \ @@ -35,15 +39,15 @@ build_charon: build_charon.gpr src/charon-tkm.c @$(GPRBUILD) -p $< $(BUILD_OPTS) build_tests: build_tests.gpr - @$(GPRBUILD) -p $< $(BUILD_OPTS) -cargs @CHECK_CFLAGS@ -largs @CHECK_LIBS@ + @$(GPRBUILD) -p $< $(BUILD_OPTS) $(TEST_OPTS) + +check-tkm: build_tests + @LD_LIBRARY_PATH=$(LIBPT) obj/tests -if UNITTESTS -check: build_tests - @LD_LIBRARY_PATH=$(LIBPT) obj/test_runner -else check: - @echo "reconfigure with --enable-unit-tests" -endif + @echo "TKM tests are not run automatically because they have to be run as root" >&2 + @echo "and require a properly configured TKM daemon to be running." >&2 + @echo "They can be run from '$(abs_builddir)' with 'make check-tkm'" >&2 install: build_charon $(INSTALL) -m 755 obj/charon-tkm $(DESTDIR)$(ipsecdir) diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in index 5f878acf9..15e654d00 100644 --- a/src/charon-tkm/Makefile.in +++ b/src/charon-tkm/Makefile.in @@ -131,8 +131,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -200,6 +198,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -288,12 +291,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -308,6 +315,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -318,27 +326,30 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -SRC = $(top_builddir)/src - -# includes relative to obj directory +SRC = $(abs_top_srcdir)/src +OBJ = $(abs_top_builddir)/src AM_CPPFLAGS = \ - -include $(top_builddir)/config.h \ - -I../$(SRC)/libstrongswan \ - -I../$(SRC)/libhydra \ - -I../$(SRC)/libcharon + -include $(abs_top_builddir)/config.h \ + -I$(SRC)/libstrongswan \ + -I$(SRC)/libhydra \ + -I$(SRC)/libcharon LIBLD = \ - -L$(SRC)/libstrongswan/.libs \ - -L$(SRC)/libhydra/.libs \ - -L$(SRC)/libcharon/.libs + -L$(OBJ)/libstrongswan/.libs \ + -L$(OBJ)/libhydra/.libs \ + -L$(OBJ)/libcharon/.libs -LIBPT = $(SRC)/libstrongswan/.libs:$(SRC)/libhydra/.libs:$(SRC)/libcharon/.libs +LIBPT = $(OBJ)/libstrongswan/.libs:$(OBJ)/libhydra/.libs:$(OBJ)/libcharon/.libs LIBFL = -lstrongswan -lhydra -lcharon BUILD_OPTS = \ - -XOBJ_DIR=$(CURDIR)/obj \ + -XOBJ_DIR=$(abs_builddir)/obj \ -cargs $(AM_CPPFLAGS) $(DEFS) \ -largs $(LIBLD) $(LIBFL) +TEST_OPTS = \ + -cargs -DBUILDDIR=\"${abs_top_builddir}\" \ + -largs -L$(OBJ)/libstrongswan/tests/.libs -ltest + # plugins to enable PLUGINS = \ @@ -543,12 +554,15 @@ build_charon: build_charon.gpr src/charon-tkm.c @$(GPRBUILD) -p $< $(BUILD_OPTS) build_tests: build_tests.gpr - @$(GPRBUILD) -p $< $(BUILD_OPTS) -cargs @CHECK_CFLAGS@ -largs @CHECK_LIBS@ + @$(GPRBUILD) -p $< $(BUILD_OPTS) $(TEST_OPTS) + +check-tkm: build_tests + @LD_LIBRARY_PATH=$(LIBPT) obj/tests -@UNITTESTS_TRUE@check: build_tests -@UNITTESTS_TRUE@ @LD_LIBRARY_PATH=$(LIBPT) obj/test_runner -@UNITTESTS_FALSE@check: -@UNITTESTS_FALSE@ @echo "reconfigure with --enable-unit-tests" +check: + @echo "TKM tests are not run automatically because they have to be run as root" >&2 + @echo "and require a properly configured TKM daemon to be running." >&2 + @echo "They can be run from '$(abs_builddir)' with 'make check-tkm'" >&2 install: build_charon $(INSTALL) -m 755 obj/charon-tkm $(DESTDIR)$(ipsecdir) diff --git a/src/charon-tkm/build_common.gpr b/src/charon-tkm/build_common.gpr index ac322d713..102f6b7a2 100644 --- a/src/charon-tkm/build_common.gpr +++ b/src/charon-tkm/build_common.gpr @@ -5,7 +5,7 @@ project Build_Common is for Source_Dirs use (); - Obj_Dir := "obj"; + Obj_Dir := external ("OBJ_DIR", "obj"); C_Compiler_Switches := ("-W", "-Wall", diff --git a/src/charon-tkm/build_tests.gpr b/src/charon-tkm/build_tests.gpr index 032c7969e..2bdc99650 100644 --- a/src/charon-tkm/build_tests.gpr +++ b/src/charon-tkm/build_tests.gpr @@ -4,11 +4,15 @@ project Build_Tests is for Languages use ("Ada", "C"); for Source_Dirs use ("src/ees", "src/ehandler", "src/tkm", "tests"); - for Main use ("test_runner"); + for Main use ("tests"); for Object_Dir use Build_Common.Obj_Dir; package Compiler is for Default_Switches ("c") use Build_Common.C_Compiler_Switches; end Compiler; + package Binder is + for Default_Switches ("ada") use Build_Common.Ada_Binder_Switches; + end Binder; + end Build_Tests; diff --git a/src/charon-tkm/src/charon-tkm.c b/src/charon-tkm/src/charon-tkm.c index 14a735590..9a22f9ad9 100644 --- a/src/charon-tkm/src/charon-tkm.c +++ b/src/charon-tkm/src/charon-tkm.c @@ -250,13 +250,13 @@ int main(int argc, char *argv[]) dbg = dbg_syslog; /* initialize library */ - if (!library_init(NULL)) + if (!library_init(NULL, dmn_name)) { library_deinit(); exit(status); } - if (!libhydra_init(dmn_name)) + if (!libhydra_init()) { dbg_syslog(DBG_DMN, 1, "initialization failed - aborting %s", dmn_name); libhydra_deinit(); @@ -264,7 +264,7 @@ int main(int argc, char *argv[]) exit(status); } - if (!libcharon_init(dmn_name)) + if (!libcharon_init()) { dbg_syslog(DBG_DMN, 1, "initialization failed - aborting %s", dmn_name); goto deinit; @@ -288,10 +288,6 @@ int main(int argc, char *argv[]) static plugin_feature_t features[] = { PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create), PLUGIN_PROVIDE(NONCE_GEN), - PLUGIN_REGISTER(DH, tkm_diffie_hellman_create), - PLUGIN_PROVIDE(DH, MODP_2048_BIT), - PLUGIN_PROVIDE(DH, MODP_3072_BIT), - PLUGIN_PROVIDE(DH, MODP_4096_BIT), PLUGIN_REGISTER(PUBKEY, tkm_public_key_load, TRUE), PLUGIN_PROVIDE(PUBKEY, KEY_RSA), PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), @@ -302,6 +298,12 @@ int main(int argc, char *argv[]) lib->plugins->add_static_features(lib->plugins, "tkm-backend", features, countof(features), TRUE); + if (!register_dh_mapping()) + { + DBG1(DBG_DMN, "no DH group mapping defined - aborting %s", dmn_name); + goto deinit; + } + /* register TKM keymat variant */ keymat_register_constructor(IKEV2, (keymat_constructor_t)tkm_keymat_create); @@ -380,6 +382,7 @@ int main(int argc, char *argv[]) lib->encoding->remove_encoder(lib->encoding, tkm_encoder_encode); deinit: + destroy_dh_mapping(); libcharon_deinit(); libhydra_deinit(); library_deinit(); diff --git a/src/charon-tkm/src/tkm/tkm.c b/src/charon-tkm/src/tkm/tkm.c index a39221dc2..61eb6056c 100644 --- a/src/charon-tkm/src/tkm/tkm.c +++ b/src/charon-tkm/src/tkm/tkm.c @@ -61,7 +61,7 @@ bool tkm_init() ehandler_init(); ikesock = lib->settings->get_str(lib->settings, "%s.ike_socket", IKE_SOCKET, - charon->name); + lib->ns); if (ike_init(ikesock) != TKM_OK) { tkmlib_final(); @@ -70,7 +70,7 @@ bool tkm_init() DBG1(DBG_DMN, "connected to TKM via socket '%s'", ikesock); eessock = lib->settings->get_str(lib->settings, "%s.ees_socket", EES_SOCKET, - charon->name); + lib->ns); ees_server_init(eessock); DBG1(DBG_DMN, "serving EES requests on socket '%s'", eessock); diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c index 19f57de01..a34d0b1d4 100644 --- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c +++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c @@ -21,10 +21,13 @@ #include "tkm_utils.h" #include "tkm_diffie_hellman.h" -#include <utils/debug.h> +#include <daemon.h> +#include <collections/hashtable.h> typedef struct private_tkm_diffie_hellman_t private_tkm_diffie_hellman_t; +static hashtable_t *group_map = NULL; + /** * Private data of a tkm_diffie_hellman_t object. */ @@ -102,6 +105,95 @@ METHOD(tkm_diffie_hellman_t, get_id, dh_id_type, return this->context_id; } +static u_int hash(void *key) +{ + diffie_hellman_group_t k = *(diffie_hellman_group_t*)key; + return chunk_hash(chunk_from_thing(k)); +} + +static bool equals(void *key, void *other_key) +{ + return *(diffie_hellman_group_t*)key == *(diffie_hellman_group_t*)other_key; +} + +/* + * Described in header. + */ +int register_dh_mapping() +{ + int count, i; + char *iana_id_str, *tkm_id_str; + diffie_hellman_group_t *iana_id; + u_int64_t *tkm_id; + hashtable_t *map; + enumerator_t *enumerator; + + map = hashtable_create((hashtable_hash_t)hash, + (hashtable_equals_t)equals, 16); + + enumerator = lib->settings->create_key_value_enumerator(lib->settings, + "%s.dh_mapping", + lib->ns); + + while (enumerator->enumerate(enumerator, &iana_id_str, &tkm_id_str)) + { + iana_id = malloc_thing(diffie_hellman_group_t); + *iana_id = settings_value_as_int(iana_id_str, 0); + tkm_id = malloc_thing(u_int64_t); + *tkm_id = settings_value_as_int(tkm_id_str, 0); + + map->put(map, iana_id, tkm_id); + } + enumerator->destroy(enumerator); + + count = map->get_count(map); + plugin_feature_t f[count + 1]; + f[0] = PLUGIN_REGISTER(DH, tkm_diffie_hellman_create); + + i = 1; + enumerator = map->create_enumerator(map); + while (enumerator->enumerate(enumerator, &iana_id, &tkm_id)) + { + f[i] = PLUGIN_PROVIDE(DH, *iana_id); + i++; + } + enumerator->destroy(enumerator); + + lib->plugins->add_static_features(lib->plugins, "tkm-dh", f, countof(f), TRUE); + + if (count > 0) + { + group_map = map; + } + else + { + map->destroy(map); + } + + return count; +} + +/* + * Described in header. + */ +void destroy_dh_mapping() +{ + enumerator_t *enumerator; + char *key, *value; + + if (group_map) + { + enumerator = group_map->create_enumerator(group_map); + while (enumerator->enumerate(enumerator, &key, &value)) + { + free(key); + free(value); + } + enumerator->destroy(enumerator); + group_map->destroy(group_map); + } +} + /* * Described in header. */ @@ -109,6 +201,11 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group) { private_tkm_diffie_hellman_t *this; + if (!group_map) + { + return NULL; + } + INIT(this, .public = { .dh = { @@ -130,7 +227,14 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group) return NULL; } - if (ike_dh_create(this->context_id, group, &this->pubvalue) != TKM_OK) + u_int64_t *dha_id = group_map->get(group_map, &group); + if (!dha_id) + { + free(this); + return NULL; + } + + if (ike_dh_create(this->context_id, *dha_id, &this->pubvalue) != TKM_OK) { free(this); return NULL; diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.h b/src/charon-tkm/src/tkm/tkm_diffie_hellman.h index a144303fa..d38a414d8 100644 --- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.h +++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.h @@ -47,6 +47,19 @@ struct tkm_diffie_hellman_t { }; /** + * Loads IANA DH group identifier to TKM id mapping from config and registers + * the corresponding DH features. + * + * @return number of registered mappings + */ +int register_dh_mapping(); + +/** + * Destroy IANA DH group identifier to TKM id mapping. + */ +void destroy_dh_mapping(); + +/** * Creates a new tkm_diffie_hellman_t object. * * @param group Diffie Hellman group number to use diff --git a/src/charon-tkm/src/tkm/tkm_id_manager.c b/src/charon-tkm/src/tkm/tkm_id_manager.c index 407d0a87f..0fadf1acf 100644 --- a/src/charon-tkm/src/tkm/tkm_id_manager.c +++ b/src/charon-tkm/src/tkm/tkm_id_manager.c @@ -17,7 +17,6 @@ #include "tkm_id_manager.h" #include <utils/debug.h> -#include <collections/linked_list.h> #include <threading/rwlock.h> #define TKM_LIMIT 100 diff --git a/src/charon-tkm/tests/chunk_map_tests.c b/src/charon-tkm/tests/chunk_map_tests.c index 6deef9a80..1283a787c 100644 --- a/src/charon-tkm/tests/chunk_map_tests.c +++ b/src/charon-tkm/tests/chunk_map_tests.c @@ -14,7 +14,7 @@ * for more details. */ -#include <check.h> +#include <tests/test_suite.h> #include "tkm_chunk_map.h" @@ -48,11 +48,20 @@ START_TEST(test_chunk_map_handling) } END_TEST -TCase *make_chunk_map_tests(void) +Suite *make_chunk_map_tests() { - TCase *tc = tcase_create("Chunk map tests"); + Suite *s; + TCase *tc; + + s = suite_create("chunk map"); + + tc = tcase_create("creating"); tcase_add_test(tc, test_chunk_map_creation); + suite_add_tcase(s, tc); + + tc = tcase_create("handling"); tcase_add_test(tc, test_chunk_map_handling); + suite_add_tcase(s, tc); - return tc; + return s; } diff --git a/src/charon-tkm/tests/diffie_hellman_tests.c b/src/charon-tkm/tests/diffie_hellman_tests.c index ffe99614d..89658a770 100644 --- a/src/charon-tkm/tests/diffie_hellman_tests.c +++ b/src/charon-tkm/tests/diffie_hellman_tests.c @@ -14,7 +14,8 @@ * for more details. */ -#include <check.h> +#include <daemon.h> +#include <tests/test_suite.h> #include "tkm_diffie_hellman.h" @@ -49,11 +50,20 @@ START_TEST(test_dh_get_my_pubvalue) } END_TEST -TCase *make_diffie_hellman_tests(void) +Suite *make_diffie_hellman_tests() { - TCase *tc = tcase_create("Diffie-Hellman tests"); + Suite *s; + TCase *tc; + + s = suite_create("Diffie-Hellman"); + + tc = tcase_create("creation"); tcase_add_test(tc, test_dh_creation); + suite_add_tcase(s, tc); + + tc = tcase_create("get_my_pubvalue"); tcase_add_test(tc, test_dh_get_my_pubvalue); + suite_add_tcase(s, tc); - return tc; + return s; } diff --git a/src/charon-tkm/tests/id_manager_tests.c b/src/charon-tkm/tests/id_manager_tests.c index 15522f118..8157496ca 100644 --- a/src/charon-tkm/tests/id_manager_tests.c +++ b/src/charon-tkm/tests/id_manager_tests.c @@ -14,7 +14,7 @@ * for more details. */ -#include <check.h> +#include <tests/test_suite.h> #include "tkm_id_manager.h" @@ -135,16 +135,28 @@ START_TEST(test_release_id_nonexistent) } END_TEST -TCase *make_id_manager_tests(void) +Suite *make_id_manager_tests() { - TCase *tc = tcase_create("Context id manager tests"); + Suite *s; + TCase *tc; + + s = suite_create("context id manager"); + + tc = tcase_create("creation"); tcase_add_test(tc, test_id_mgr_creation); + suite_add_tcase(s, tc); + + tc = tcase_create("acquire"); tcase_add_test(tc, test_acquire_id); tcase_add_test(tc, test_acquire_id_invalid_kind); tcase_add_test(tc, test_acquire_id_same); + suite_add_tcase(s, tc); + + tc = tcase_create("release"); tcase_add_test(tc, test_release_id); tcase_add_test(tc, test_release_id_invalid_kind); tcase_add_test(tc, test_release_id_nonexistent); + suite_add_tcase(s, tc); - return tc; + return s; } diff --git a/src/charon-tkm/tests/kernel_sad_tests.c b/src/charon-tkm/tests/kernel_sad_tests.c index 11785602d..6f0b396d3 100644 --- a/src/charon-tkm/tests/kernel_sad_tests.c +++ b/src/charon-tkm/tests/kernel_sad_tests.c @@ -14,7 +14,7 @@ * for more details. */ -#include <check.h> +#include <tests/test_suite.h> #include "tkm_kernel_sad.h" @@ -107,16 +107,31 @@ START_TEST(test_remove_nonexistent) } END_TEST -TCase *make_kernel_sad_tests(void) +Suite *make_kernel_sad_tests() { - TCase *tc = tcase_create("Kernel SAD tests"); + Suite *s; + TCase *tc; + + s = suite_create("kernel SAD tests"); + + tc = tcase_create("creation"); tcase_add_test(tc, test_sad_creation); + suite_add_tcase(s, tc); + + tc = tcase_create("insert"); tcase_add_test(tc, test_insert); tcase_add_test(tc, test_insert_duplicate); + suite_add_tcase(s, tc); + + tc = tcase_create("get_esa_id"); tcase_add_test(tc, test_get_esa_id); tcase_add_test(tc, test_get_esa_id_nonexistent); + suite_add_tcase(s, tc); + + tc = tcase_create("remove"); tcase_add_test(tc, test_remove); tcase_add_test(tc, test_remove_nonexistent); + suite_add_tcase(s, tc); - return tc; + return s; } diff --git a/src/charon-tkm/tests/keymat_tests.c b/src/charon-tkm/tests/keymat_tests.c index 2a7525d4e..1982671d3 100644 --- a/src/charon-tkm/tests/keymat_tests.c +++ b/src/charon-tkm/tests/keymat_tests.c @@ -14,7 +14,8 @@ * for more details. */ -#include <check.h> +#include <tests/test_suite.h> + #include <daemon.h> #include <hydra.h> #include <config/proposal.h> @@ -139,11 +140,20 @@ START_TEST(test_derive_child_keys) } END_TEST -TCase *make_keymat_tests(void) +Suite *make_keymat_tests() { - TCase *tc = tcase_create("Keymat tests"); + Suite *s; + TCase *tc; + + s = suite_create("keymat"); + + tc = tcase_create("derive IKE keys"); tcase_add_test(tc, test_derive_ike_keys); + suite_add_tcase(s, tc); + + tc = tcase_create("derive CHILD keys"); tcase_add_test(tc, test_derive_child_keys); + suite_add_tcase(s, tc); - return tc; + return s; } diff --git a/src/charon-tkm/tests/nonceg_tests.c b/src/charon-tkm/tests/nonceg_tests.c index 3a1effab8..6f524cb22 100644 --- a/src/charon-tkm/tests/nonceg_tests.c +++ b/src/charon-tkm/tests/nonceg_tests.c @@ -14,7 +14,8 @@ * for more details. */ -#include <check.h> +#include <tests/test_suite.h> + #include <tkm/client.h> #include "tkm.h" @@ -82,12 +83,24 @@ START_TEST(test_nonceg_get_nonce) } END_TEST -TCase *make_nonceg_tests(void) +Suite *make_nonceg_tests() { - TCase *tc = tcase_create("Nonce generator tests"); + Suite *s; + TCase *tc; + + s = suite_create("nonce generator"); + + tc = tcase_create("creation"); tcase_add_test(tc, test_nonceg_creation); + suite_add_tcase(s, tc); + + tc = tcase_create("allocate"); tcase_add_test(tc, test_nonceg_allocate_nonce); + suite_add_tcase(s, tc); + + tc = tcase_create("get"); tcase_add_test(tc, test_nonceg_get_nonce); + suite_add_tcase(s, tc); - return tc; + return s; } diff --git a/src/charon-tkm/tests/test_runner.c b/src/charon-tkm/tests/test_runner.c deleted file mode 100644 index 5ae032935..000000000 --- a/src/charon-tkm/tests/test_runner.c +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Copyright (C) 2012 Reto Buerki - * Copyright (C) 2012 Adrian-Ken Rueegsegger - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <library.h> -#include <hydra.h> -#include <daemon.h> - -#include "tkm.h" -#include "tkm_nonceg.h" -#include "tkm_diffie_hellman.h" -#include "tkm_kernel_ipsec.h" -#include "test_runner.h" - -int main(void) -{ - library_init(NULL); - libhydra_init("test_runner"); - libcharon_init("test_runner"); - - lib->settings->set_int(lib->settings, "test_runner.filelog.stdout.default", - 1); - charon->load_loggers(charon, NULL, FALSE); - - /* Register TKM specific plugins */ - static plugin_feature_t features[] = { - PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create), - PLUGIN_PROVIDE(NONCE_GEN), - PLUGIN_REGISTER(DH, tkm_diffie_hellman_create), - PLUGIN_PROVIDE(DH, MODP_3072_BIT), - PLUGIN_PROVIDE(DH, MODP_4096_BIT), - PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create), - PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"), - }; - lib->plugins->add_static_features(lib->plugins, "tkm-tests", features, - countof(features), TRUE); - - if (!charon->initialize(charon, PLUGINS)) - { - fprintf(stderr, "Unable to init charon"); - return EXIT_FAILURE; - } - - if (!tkm_init()) - { - fprintf(stderr, "Could not connect to TKM, aborting tests\n"); - return EXIT_FAILURE; - } - - int number_failed; - Suite *s = suite_create("TKM tests"); - suite_add_tcase(s, make_id_manager_tests()); - suite_add_tcase(s, make_chunk_map_tests()); - suite_add_tcase(s, make_utility_tests()); - suite_add_tcase(s, make_nonceg_tests()); - suite_add_tcase(s, make_diffie_hellman_tests()); - suite_add_tcase(s, make_keymat_tests()); - suite_add_tcase(s, make_kernel_sad_tests()); - - SRunner *sr = srunner_create(s); - - srunner_run_all(sr, CK_NORMAL); - number_failed = srunner_ntests_failed(sr); - - tkm_deinit(); - libcharon_deinit(); - libhydra_deinit(); - library_deinit(); - srunner_free(sr); - - return (number_failed == 0) ? EXIT_SUCCESS : EXIT_FAILURE; -} diff --git a/src/charon-tkm/tests/tests.c b/src/charon-tkm/tests/tests.c new file mode 100644 index 000000000..18754c717 --- /dev/null +++ b/src/charon-tkm/tests/tests.c @@ -0,0 +1,114 @@ +/* + * Copyright (C) 2013 Tobias Brunner + * Copyright (C) 2012 Reto Buerki + * Copyright (C) 2012 Adrian-Ken Rueegsegger + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <tests/test_runner.h> + +#include <library.h> +#include <hydra.h> +#include <daemon.h> + +#include "tkm.h" +#include "tkm_nonceg.h" +#include "tkm_diffie_hellman.h" +#include "tkm_kernel_ipsec.h" + +/* declare test suite constructors */ +#define TEST_SUITE(x) test_suite_t* x(); +#define TEST_SUITE_DEPEND(x, ...) TEST_SUITE(x) +#include "tests.h" +#undef TEST_SUITE +#undef TEST_SUITE_DEPEND + +static test_configuration_t tests[] = { +#define TEST_SUITE(x) \ + { .suite = x, }, +#define TEST_SUITE_DEPEND(x, type, args) \ + { .suite = x, .feature = PLUGIN_DEPENDS(type, args) }, +#include "tests.h" + { .suite = NULL, } +}; + +static bool tkm_initialized = false; + +static bool test_runner_init(bool init) +{ + bool result = TRUE; + + if (init) + { + libhydra_init(); + libcharon_init(); + lib->settings->set_int(lib->settings, + "test_runner.filelog.stdout.default", 0); + charon->load_loggers(charon, NULL, FALSE); + + /* Register TKM specific plugins */ + static plugin_feature_t features[] = { + PLUGIN_REGISTER(NONCE_GEN, tkm_nonceg_create), + PLUGIN_PROVIDE(NONCE_GEN), + PLUGIN_CALLBACK(kernel_ipsec_register, tkm_kernel_ipsec_create), + PLUGIN_PROVIDE(CUSTOM, "kernel-ipsec"), + }; + lib->plugins->add_static_features(lib->plugins, "tkm-tests", features, + countof(features), TRUE); + + lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 1, + lib->ns, MODP_3072_BIT); + lib->settings->set_int(lib->settings, "%s.dh_mapping.%d", 2, + lib->ns, MODP_4096_BIT); + register_dh_mapping(); + + plugin_loader_add_plugindirs(BUILDDIR "/src/libstrongswan/plugins", + PLUGINS); + plugin_loader_add_plugindirs(BUILDDIR "/src/libhydra/plugins", + PLUGINS); + plugin_loader_add_plugindirs(BUILDDIR "/src/libcharon/plugins", + PLUGINS); + if (charon->initialize(charon, PLUGINS)) + { + if (!tkm_initialized) + { + if (!tkm_init()) + { + return FALSE; + } + tkm_initialized = true; + } + return TRUE; + } + result = FALSE; + } + + destroy_dh_mapping(); + libcharon_deinit(); + libhydra_deinit(); + return result; +} + +int main(int argc, char *argv[]) +{ + bool result; + + /* disable leak detective because of how tkm_init/deinit is called, which + * does not work otherwise due to limitations of the external libraries */ + setenv("LEAK_DETECTIVE_DISABLE", "1", 1); + + result = test_runner_run("tkm", tests, test_runner_init); + tkm_deinit(); + + return result; +} diff --git a/src/charon-tkm/tests/test_runner.h b/src/charon-tkm/tests/tests.h index 236a7f2a6..fb5e96a9c 100644 --- a/src/charon-tkm/tests/test_runner.h +++ b/src/charon-tkm/tests/tests.h @@ -14,17 +14,10 @@ * for more details. */ -#ifndef TEST_RUNNER_H_ -#define TEST_RUNNER_H_ - -#include <check.h> - -TCase *make_id_manager_tests(void); -TCase *make_chunk_map_tests(void); -TCase *make_utility_tests(void); -TCase *make_nonceg_tests(void); -TCase *make_diffie_hellman_tests(void); -TCase *make_keymat_tests(void); -TCase *make_kernel_sad_tests(void); - -#endif /** TEST_RUNNER_H_ */ +TEST_SUITE(make_id_manager_tests) +TEST_SUITE(make_chunk_map_tests) +TEST_SUITE(make_utility_tests) +TEST_SUITE(make_nonceg_tests) +TEST_SUITE(make_diffie_hellman_tests) +TEST_SUITE(make_keymat_tests) +TEST_SUITE(make_kernel_sad_tests) diff --git a/src/charon-tkm/tests/utils_tests.c b/src/charon-tkm/tests/utils_tests.c index b3ead7633..0a4d6fbd2 100644 --- a/src/charon-tkm/tests/utils_tests.c +++ b/src/charon-tkm/tests/utils_tests.c @@ -14,7 +14,8 @@ * for more details. */ -#include <check.h> +#include <tests/test_suite.h> + #include <tkm/types.h> #include "tkm_utils.h" @@ -53,11 +54,17 @@ START_TEST(test_chunk_to_sequence) } END_TEST -TCase *make_utility_tests(void) +Suite *make_utility_tests() { - TCase *tc = tcase_create("Utility tests"); + Suite *s; + TCase *tc; + + s = suite_create("utility tests"); + + tc = tcase_create("chunk<->sequence"); tcase_add_test(tc, test_sequence_to_chunk); tcase_add_test(tc, test_chunk_to_sequence); + suite_add_tcase(s, tc); - return tc; + return s; } diff --git a/src/charon/Android.mk b/src/charon/Android.mk index 1dd27d534..852d73c10 100644 --- a/src/charon/Android.mk +++ b/src/charon/Android.mk @@ -8,7 +8,6 @@ charon.c # build charon ----------------------------------------------------------------- LOCAL_C_INCLUDES += \ - $(libvstr_PATH) \ $(strongswan_PATH)/src/libhydra \ $(strongswan_PATH)/src/libcharon \ $(strongswan_PATH)/src/libstrongswan diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index 0bb2e67bf..f3b7cfd56 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -188,8 +188,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -257,6 +255,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -345,12 +348,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -365,6 +372,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/charon/charon.c b/src/charon/charon.c index 340f852cd..089ac4570 100644 --- a/src/charon/charon.c +++ b/src/charon/charon.c @@ -289,7 +289,7 @@ int main(int argc, char *argv[]) dbg = dbg_stderr; /* initialize library */ - if (!library_init(NULL)) + if (!library_init(NULL, "charon")) { library_deinit(); exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); @@ -303,7 +303,7 @@ int main(int argc, char *argv[]) exit(SS_RC_DAEMON_INTEGRITY); } - if (!libhydra_init("charon")) + if (!libhydra_init()) { dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon"); libhydra_deinit(); @@ -311,7 +311,7 @@ int main(int argc, char *argv[]) exit(SS_RC_INITIALIZATION_FAILED); } - if (!libcharon_init("charon")) + if (!libcharon_init()) { dbg_stderr(DBG_DMN, 1, "initialization failed - aborting charon"); goto deinit; diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am index a22e91ed1..d172b1545 100644 --- a/src/checksum/Makefile.am +++ b/src/checksum/Makefile.am @@ -4,15 +4,16 @@ ipseclib_LTLIBRARIES = $(LIBCHECKSUM_LIBS) nodist_libchecksum_la_SOURCES = checksum.c libchecksum_la_LDFLAGS = -module -avoid-version -rpath '$(ipseclibdir)' -noinst_PROGRAMS = checksum_builder +EXTRA_PROGRAMS = checksum_builder checksum_builder_SOURCES = checksum_builder.c checksum_builder_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libhydra/libhydra.la \ $(top_builddir)/src/libcharon/libcharon.la \ $(DLLIB) +checksum_builder_LDFLAGS = -rpath '$(DESTDIR)$(ipseclibdir)' -CLEANFILES = checksum.c +CLEANFILES = checksum.c $(EXTRA_PROGRAMS) AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ @@ -88,28 +89,28 @@ endif if USE_CHARON deps += $(top_builddir)/src/libcharon/libcharon.la libs += $(DESTDIR)$(ipseclibdir)/libcharon.so - exes += $(top_builddir)/src/charon/.libs/charon + exes += $(DESTDIR)$(ipsecdir)/charon if !MONOLITHIC AM_CPPFLAGS += -DC_PLUGINS=\""${c_plugins}\"" endif endif if USE_CMD - exes += $(top_builddir)/src/charon-cmd/.libs/charon-cmd + exes += $(DESTDIR)$(sbindir)/charon-cmd endif if USE_TOOLS - exes += $(top_builddir)/src/openac/.libs/openac - exes += $(top_builddir)/src/pki/.libs/pki - exes += $(top_builddir)/src/scepclient/.libs/scepclient + exes += $(DESTDIR)$(ipsecdir)/openac + exes += $(DESTDIR)$(ipsecdir)/scepclient + exes += $(DESTDIR)$(bindir)/pki endif if USE_ATTR_SQL - exes += $(top_builddir)/src/pool/.libs/pool + exes += $(DESTDIR)$(ipsecdir)/pool endif if USE_IMV_ATTESTATION - exes += $(top_builddir)/src/libpts/plugins/imv_attestation/.libs/attest + exes += $(DESTDIR)$(ipsecdir)/attest endif checksum.c : checksum_builder $(deps) $(exes) diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in index 738133643..cdfbf1016 100644 --- a/src/checksum/Makefile.in +++ b/src/checksum/Makefile.in @@ -14,7 +14,6 @@ @SET_MAKE@ - VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ @@ -79,7 +78,7 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -noinst_PROGRAMS = checksum_builder$(EXEEXT) +EXTRA_PROGRAMS = checksum_builder$(EXEEXT) @MONOLITHIC_FALSE@am__append_1 = -DS_PLUGINS=\""${s_plugins}\"" @USE_LIBHYDRA_TRUE@am__append_2 = $(top_builddir)/src/libhydra/libhydra.la @USE_LIBHYDRA_TRUE@am__append_3 = $(DESTDIR)$(ipseclibdir)/libhydra.so @@ -103,15 +102,14 @@ noinst_PROGRAMS = checksum_builder$(EXEEXT) @USE_PTS_TRUE@am__append_21 = $(DESTDIR)$(ipseclibdir)/libpts.so @USE_CHARON_TRUE@am__append_22 = $(top_builddir)/src/libcharon/libcharon.la @USE_CHARON_TRUE@am__append_23 = $(DESTDIR)$(ipseclibdir)/libcharon.so -@USE_CHARON_TRUE@am__append_24 = $(top_builddir)/src/charon/.libs/charon +@USE_CHARON_TRUE@am__append_24 = $(DESTDIR)$(ipsecdir)/charon @MONOLITHIC_FALSE@@USE_CHARON_TRUE@am__append_25 = -DC_PLUGINS=\""${c_plugins}\"" -@USE_CMD_TRUE@am__append_26 = $(top_builddir)/src/charon-cmd/.libs/charon-cmd -@USE_TOOLS_TRUE@am__append_27 = \ -@USE_TOOLS_TRUE@ $(top_builddir)/src/openac/.libs/openac \ -@USE_TOOLS_TRUE@ $(top_builddir)/src/pki/.libs/pki \ -@USE_TOOLS_TRUE@ $(top_builddir)/src/scepclient/.libs/scepclient -@USE_ATTR_SQL_TRUE@am__append_28 = $(top_builddir)/src/pool/.libs/pool -@USE_IMV_ATTESTATION_TRUE@am__append_29 = $(top_builddir)/src/libpts/plugins/imv_attestation/.libs/attest +@USE_CMD_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/charon-cmd +@USE_TOOLS_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/openac \ +@USE_TOOLS_TRUE@ $(DESTDIR)$(ipsecdir)/scepclient \ +@USE_TOOLS_TRUE@ $(DESTDIR)$(bindir)/pki +@USE_ATTR_SQL_TRUE@am__append_28 = $(DESTDIR)$(ipsecdir)/pool +@USE_IMV_ATTESTATION_TRUE@am__append_29 = $(DESTDIR)$(ipsecdir)/attest subdir = src/checksum DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/depcomp @@ -172,7 +170,6 @@ libchecksum_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(AM_CFLAGS) $(CFLAGS) $(libchecksum_la_LDFLAGS) $(LDFLAGS) -o \ $@ -PROGRAMS = $(noinst_PROGRAMS) am_checksum_builder_OBJECTS = checksum_builder.$(OBJEXT) checksum_builder_OBJECTS = $(am_checksum_builder_OBJECTS) am__DEPENDENCIES_1 = @@ -181,6 +178,10 @@ checksum_builder_DEPENDENCIES = \ $(top_builddir)/src/libhydra/libhydra.la \ $(top_builddir)/src/libcharon/libcharon.la \ $(am__DEPENDENCIES_1) +checksum_builder_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(checksum_builder_LDFLAGS) $(LDFLAGS) \ + -o $@ AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -256,8 +257,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -325,6 +324,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -413,12 +417,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -433,6 +441,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -456,7 +465,8 @@ checksum_builder_LDADD = \ $(top_builddir)/src/libcharon/libcharon.la \ $(DLLIB) -CLEANFILES = checksum.c +checksum_builder_LDFLAGS = -rpath '$(DESTDIR)$(ipseclibdir)' +CLEANFILES = checksum.c $(EXTRA_PROGRAMS) AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libhydra -I$(top_srcdir)/src/libcharon \ -DPLUGINDIR=\"${DESTDIR}${plugindir}\" $(am__append_1) \ @@ -552,18 +562,9 @@ clean-ipseclibLTLIBRARIES: libchecksum.la: $(libchecksum_la_OBJECTS) $(libchecksum_la_DEPENDENCIES) $(EXTRA_libchecksum_la_DEPENDENCIES) $(AM_V_CCLD)$(libchecksum_la_LINK) $(libchecksum_la_OBJECTS) $(libchecksum_la_LIBADD) $(LIBS) -clean-noinstPROGRAMS: - @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ - echo " rm -f" $$list; \ - rm -f $$list || exit $$?; \ - test -n "$(EXEEXT)" || exit 0; \ - list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ - echo " rm -f" $$list; \ - rm -f $$list - checksum_builder$(EXEEXT): $(checksum_builder_OBJECTS) $(checksum_builder_DEPENDENCIES) $(EXTRA_checksum_builder_DEPENDENCIES) @rm -f checksum_builder$(EXEEXT) - $(AM_V_CCLD)$(LINK) $(checksum_builder_OBJECTS) $(checksum_builder_LDADD) $(LIBS) + $(AM_V_CCLD)$(checksum_builder_LINK) $(checksum_builder_OBJECTS) $(checksum_builder_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -688,7 +689,7 @@ distdir: $(DISTFILES) done check-am: all-am check: check-am -all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) +all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(ipseclibdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ @@ -727,7 +728,7 @@ maintainer-clean-generic: clean: clean-am clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \ - clean-local clean-noinstPROGRAMS mostlyclean-am + clean-local mostlyclean-am distclean: distclean-am -rm -rf ./$(DEPDIR) @@ -801,19 +802,19 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES .PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ clean-ipseclibLTLIBRARIES clean-libtool clean-local \ - clean-noinstPROGRAMS cscopelist-am ctags ctags-am distclean \ - distclean-compile distclean-generic distclean-libtool \ - distclean-tags distdir dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am \ - install-data-hook install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-ipseclibLTLIBRARIES install-man \ - install-pdf install-pdf-am install-ps install-ps-am \ - install-strip installcheck installcheck-am installdirs \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ - pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ - uninstall-hook uninstall-ipseclibLTLIBRARIES + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-data-hook install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am \ + install-ipseclibLTLIBRARIES install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am uninstall-hook \ + uninstall-ipseclibLTLIBRARIES checksum.c : checksum_builder $(deps) $(exes) diff --git a/src/checksum/checksum_builder.c b/src/checksum/checksum_builder.c index bccd269cf..cc8185ecd 100644 --- a/src/checksum/checksum_builder.c +++ b/src/checksum/checksum_builder.c @@ -23,9 +23,6 @@ #include <daemon.h> #include <collections/enumerator.h> -/* we need to fake the pluto symbol to dlopen() the xauth plugin */ -void *pluto; - /** * Integrity checker */ @@ -139,7 +136,7 @@ int main(int argc, char* argv[]) /* avoid confusing leak reports in build process */ setenv("LEAK_DETECTIVE_DISABLE", "1", 0); /* don't use a strongswan.conf, forces integrity check to disabled */ - library_init(""); + library_init("", "checksum_builder"); atexit(library_deinit); integrity = integrity_checker_create(NULL); diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in index 73bf7240c..ee6bf57f5 100644 --- a/src/conftest/Makefile.in +++ b/src/conftest/Makefile.in @@ -202,8 +202,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -271,6 +269,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -359,12 +362,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -379,6 +386,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/conftest/conftest.c b/src/conftest/conftest.c index faf9df91f..584a2698a 100644 --- a/src/conftest/conftest.c +++ b/src/conftest/conftest.c @@ -81,7 +81,7 @@ static bool load_configs(char *suite_file, char *test_file) } conftest->test = settings_create(suite_file); conftest->test->load_files(conftest->test, test_file, TRUE); - conftest->suite_dir = strdup(dirname(suite_file)); + conftest->suite_dir = path_dirname(suite_file); return TRUE; } @@ -435,18 +435,18 @@ int main(int argc, char *argv[]) char *suite_file = "suite.conf", *test_file = NULL, *preload, *plugins; file_logger_t *logger; - if (!library_init(NULL)) + if (!library_init(NULL, "conftest")) { library_deinit(); return SS_RC_LIBSTRONGSWAN_INTEGRITY; } - if (!libhydra_init("conftest")) + if (!libhydra_init()) { libhydra_deinit(); library_deinit(); return SS_RC_INITIALIZATION_FAILED; } - if (!libcharon_init("conftest")) + if (!libcharon_init()) { libcharon_deinit(); libhydra_deinit(); diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in index ab818f1be..f1628ef69 100644 --- a/src/dumm/Makefile.in +++ b/src/dumm/Makefile.in @@ -223,8 +223,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -292,6 +290,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -380,12 +383,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -400,6 +407,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/dumm/cowfs.h b/src/dumm/cowfs.h index b9334dc96..6869e3563 100644 --- a/src/dumm/cowfs.h +++ b/src/dumm/cowfs.h @@ -64,7 +64,7 @@ struct cowfs_t { * @param master read only master file system directory * @param host copy on write host directory * @param mount mountpoint where union is mounted - * @return instance, or NULL if FUSE initalization failed + * @return instance, or NULL if FUSE initialization failed */ cowfs_t *cowfs_create(char *master, char *host, char *mount); diff --git a/src/dumm/ext/dumm.c b/src/dumm/ext/dumm.c index 5acda3a9c..03ecbe40d 100644 --- a/src/dumm/ext/dumm.c +++ b/src/dumm/ext/dumm.c @@ -774,7 +774,7 @@ void Init_dumm() /* there are too many to report, rubyruby... */ setenv("LEAK_DETECTIVE_DISABLE", "1", 1); - library_init(NULL); + library_init(NULL, "dumm"); dumm = dumm_create(NULL); diff --git a/src/dumm/main.c b/src/dumm/main.c index 4cdf4682f..a53e1f67c 100644 --- a/src/dumm/main.c +++ b/src/dumm/main.c @@ -479,7 +479,7 @@ int main(int argc, char *argv[]) enumerator_t *enumerator; guest_t *guest; - library_init(NULL); + library_init(NULL, "dumm"); gtk_init(&argc, &argv); pages = linked_list_create(); diff --git a/src/include/Makefile.in b/src/include/Makefile.in index 1e301feb0..1987dbde5 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -131,8 +131,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -200,6 +198,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -288,12 +291,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -308,6 +315,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in index 091519292..69b736a7a 100644 --- a/src/ipsec/Makefile.in +++ b/src/ipsec/Makefile.in @@ -165,8 +165,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -234,6 +232,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -322,12 +325,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -342,6 +349,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8 index 9548f9b15..b7d820e21 100644 --- a/src/ipsec/_ipsec.8 +++ b/src/ipsec/_ipsec.8 @@ -1,4 +1,4 @@ -.TH IPSEC 8 "2013-10-29" "5.1.1" "strongSwan" +.TH IPSEC 8 "2013-10-29" "5.1.2rc2" "strongSwan" . .SH NAME . diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk index 0fe88efb4..cc5220973 100644 --- a/src/libcharon/Android.mk +++ b/src/libcharon/Android.mk @@ -217,7 +217,6 @@ endif # build libcharon -------------------------------------------------------------- LOCAL_C_INCLUDES += \ - $(libvstr_PATH) \ $(strongswan_PATH)/src/include \ $(strongswan_PATH)/src/libhydra \ $(strongswan_PATH)/src/libstrongswan diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in index 4413d69c0..5f8453616 100644 --- a/src/libcharon/Makefile.in +++ b/src/libcharon/Makefile.in @@ -715,8 +715,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -784,6 +782,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -872,12 +875,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -892,6 +899,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index cb6f6ca0e..c74daa0cc 100644 --- a/src/libcharon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -14,12 +14,12 @@ * for more details. */ -#include "ike_cfg.h" - +#define _GNU_SOURCE /* for stdndup() */ #include <string.h> -#include <daemon.h> +#include "ike_cfg.h" +#include <daemon.h> ENUM(ike_version_names, IKE_ANY, IKEV2, "IKEv1/2", diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index 1f3f2ba8b..891d1be84 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -741,6 +741,10 @@ static void proposal_add_supported_ike(private_proposal_t *this) case ECP_256_BP: case ECP_384_BP: case ECP_512_BP: + case NTRU_112_BIT: + case NTRU_128_BIT: + case NTRU_192_BIT: + case NTRU_256_BIT: add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0); break; default: diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index 5e3ae72b9..0cecd1d3b 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -181,7 +181,7 @@ static void handle_syslog_identifier(private_daemon_t *this) char *identifier; identifier = lib->settings->get_str(lib->settings, "%s.syslog.identifier", - NULL, charon->name); + NULL, lib->ns); if (identifier) { /* set identifier, which is prepended to each log line */ if (!this->syslog_identifier || @@ -292,15 +292,15 @@ static void load_sys_logger(private_daemon_t *this, char *facility, sys_logger = add_sys_logger(this, facility, current_loggers); sys_logger->set_options(sys_logger, lib->settings->get_bool(lib->settings, "%s.syslog.%s.ike_name", - FALSE, charon->name, facility)); + FALSE, lib->ns, facility)); def = lib->settings->get_int(lib->settings, "%s.syslog.%s.default", 1, - charon->name, facility); + lib->ns, facility); for (group = 0; group < DBG_MAX; group++) { sys_logger->set_level(sys_logger, group, lib->settings->get_int(lib->settings, "%s.syslog.%s.%N", def, - charon->name, facility, debug_lower_names, group)); + lib->ns, facility, debug_lower_names, group)); } charon->bus->add_logger(charon->bus, &sys_logger->logger); } @@ -318,25 +318,25 @@ static void load_file_logger(private_daemon_t *this, char *filename, char *time_format; time_format = lib->settings->get_str(lib->settings, - "%s.filelog.%s.time_format", NULL, charon->name, filename); + "%s.filelog.%s.time_format", NULL, lib->ns, filename); ike_name = lib->settings->get_bool(lib->settings, - "%s.filelog.%s.ike_name", FALSE, charon->name, filename); + "%s.filelog.%s.ike_name", FALSE, lib->ns, filename); flush_line = lib->settings->get_bool(lib->settings, - "%s.filelog.%s.flush_line", FALSE, charon->name, filename); + "%s.filelog.%s.flush_line", FALSE, lib->ns, filename); append = lib->settings->get_bool(lib->settings, - "%s.filelog.%s.append", TRUE, charon->name, filename); + "%s.filelog.%s.append", TRUE, lib->ns, filename); file_logger = add_file_logger(this, filename, current_loggers); file_logger->set_options(file_logger, time_format, ike_name); file_logger->open(file_logger, flush_line, append); def = lib->settings->get_int(lib->settings, "%s.filelog.%s.default", 1, - charon->name, filename); + lib->ns, filename); for (group = 0; group < DBG_MAX; group++) { file_logger->set_level(file_logger, group, lib->settings->get_int(lib->settings, "%s.filelog.%s.%N", def, - charon->name, filename, debug_lower_names, group)); + lib->ns, filename, debug_lower_names, group)); } charon->bus->add_logger(charon->bus, &file_logger->logger); } @@ -353,7 +353,7 @@ METHOD(daemon_t, load_loggers, void, current_loggers = this->loggers; this->loggers = linked_list_create(); enumerator = lib->settings->create_section_enumerator(lib->settings, - "%s.syslog", charon->name); + "%s.syslog", lib->ns); while (enumerator->enumerate(enumerator, &target)) { load_sys_logger(this, target, current_loggers); @@ -361,7 +361,7 @@ METHOD(daemon_t, load_loggers, void, enumerator->destroy(enumerator); enumerator = lib->settings->create_section_enumerator(lib->settings, - "%s.filelog", charon->name); + "%s.filelog", lib->ns); while (enumerator->enumerate(enumerator, &target)) { load_file_logger(this, target, current_loggers); @@ -473,7 +473,6 @@ static void destroy(private_daemon_t *this) DESTROY_IF(this->public.bus); this->loggers->destroy_function(this->loggers, (void*)logger_entry_destroy); this->mutex->destroy(this->mutex); - free((void*)this->public.name); free(this); } @@ -483,7 +482,7 @@ METHOD(daemon_t, start, void, /* start the engine, go multithreaded */ lib->processor->set_threads(lib->processor, lib->settings->get_int(lib->settings, "%s.threads", - DEFAULT_THREADS, charon->name)); + DEFAULT_THREADS, lib->ns)); } @@ -525,7 +524,7 @@ METHOD(daemon_t, initialize, bool, PLUGIN_DEPENDS(RNG, RNG_STRONG), PLUGIN_DEPENDS(CUSTOM, "socket"), }; - lib->plugins->add_static_features(lib->plugins, charon->name, features, + lib->plugins->add_static_features(lib->plugins, lib->ns, features, countof(features), TRUE); /* load plugins, further infrastructure may need it */ @@ -558,7 +557,7 @@ METHOD(daemon_t, initialize, bool, /** * Create the daemon. */ -private_daemon_t *daemon_create(const char *name) +private_daemon_t *daemon_create() { private_daemon_t *this; @@ -569,7 +568,6 @@ private_daemon_t *daemon_create(const char *name) .load_loggers = _load_loggers, .set_level = _set_level, .bus = bus_create(), - .name = strdup(name ?: "libcharon"), }, .loggers = linked_list_create(), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), @@ -607,7 +605,7 @@ void libcharon_deinit() /** * Described in header. */ -bool libcharon_init(const char *name) +bool libcharon_init() { private_daemon_t *this; @@ -618,7 +616,7 @@ bool libcharon_init(const char *name) return !this->integrity_failed; } - this = daemon_create(name); + this = daemon_create(); /* for uncritical pseudo random numbers */ srandom(time(NULL) + getpid()); diff --git a/src/libcharon/daemon.h b/src/libcharon/daemon.h index 24e623c44..36242bb04 100644 --- a/src/libcharon/daemon.h +++ b/src/libcharon/daemon.h @@ -272,11 +272,6 @@ struct daemon_t { #endif /* ME */ /** - * Name of the binary that uses the library (used for settings etc.) - */ - const char *name; - - /** * Initialize the daemon. * * @param plugins list of plugins to load @@ -324,12 +319,11 @@ extern daemon_t *charon; * calling initialize(). * * libcharon_init() may be called multiple times in a single process, but each - * caller should call libcharon_deinit() for each call to libcharon_init(). + * caller must call libcharon_deinit() for each call to libcharon_init(). * - * @param name name of the binary that uses the library * @return FALSE if integrity check failed */ -bool libcharon_init(const char *name); +bool libcharon_init(); /** * Deinitialize libcharon and destroy the "charon" instance of daemon_t. diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index f7a13d728..889ad6358 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -65,7 +65,7 @@ ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_SA_NOT_ "ME_CONNECT_FAILED"); ENUM_NEXT(notify_type_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED, "MS_NOTIFY_STATUS"); -ENUM_NEXT(notify_type_names, INITIAL_CONTACT, ERX_SUPPORTED, MS_NOTIFY_STATUS, +ENUM_NEXT(notify_type_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS, "INITIAL_CONTACT", "SET_WINDOW_SIZE", "ADDITIONAL_TS_POSSIBLE", @@ -109,8 +109,9 @@ ENUM_NEXT(notify_type_names, INITIAL_CONTACT, ERX_SUPPORTED, MS_NOTIFY_STATUS, "SECURE PASSWORD_METHOD", "PSK_PERSIST", "PSK_CONFIRM", - "ERX_SUPPORTED"); -ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, ERX_SUPPORTED, + "ERX_SUPPORTED", + "IFOM_CAPABILITY"); +ENUM_NEXT(notify_type_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IFOM_CAPABILITY, "INITIAL_CONTACT"); ENUM_NEXT(notify_type_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1, "DPD_R_U_THERE", @@ -171,7 +172,7 @@ ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, CHILD_S "ME_CONN_FAIL"); ENUM_NEXT(notify_type_short_names, MS_NOTIFY_STATUS, MS_NOTIFY_STATUS, ME_CONNECT_FAILED, "MS_STATUS"); -ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, ERX_SUPPORTED, MS_NOTIFY_STATUS, +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, IFOM_CAPABILITY, MS_NOTIFY_STATUS, "INIT_CONTACT", "SET_WINSIZE", "ADD_TS_POSS", @@ -215,8 +216,9 @@ ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, ERX_SUPPORTED, MS_NOTIFY_STA "SEC_PASSWD", "PSK_PST", "PSK_CFM", - "ERX_SUP"); -ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, ERX_SUPPORTED, + "ERX_SUP", + "IFOM_CAP"); +ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT_IKEV1, INITIAL_CONTACT_IKEV1, IFOM_CAPABILITY, "INITIAL_CONTACT"); ENUM_NEXT(notify_type_short_names, DPD_R_U_THERE, DPD_R_U_THERE_ACK, INITIAL_CONTACT_IKEV1, "DPD", diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index 847fddc69..c67644a01 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -145,6 +145,8 @@ enum notify_type_t { PSK_CONFIRM = 16426, /* EAP Re-authentication Extension, RFC 6867 */ ERX_SUPPORTED = 16427, + /* IFOM capability, 3GPP TS 24.303, annex B.2 */ + IFOM_CAPABILITY = 16428, /* IKEv1 initial contact */ INITIAL_CONTACT_IKEV1 = 24578, /* IKEv1 DPD */ diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index 2209f1997..8dfb47b69 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -633,27 +633,27 @@ receiver_t *receiver_create() ); if (lib->settings->get_bool(lib->settings, - "%s.dos_protection", TRUE, charon->name)) + "%s.dos_protection", TRUE, lib->ns)) { this->cookie_threshold = lib->settings->get_int(lib->settings, - "%s.cookie_threshold", COOKIE_THRESHOLD_DEFAULT, charon->name); + "%s.cookie_threshold", COOKIE_THRESHOLD_DEFAULT, lib->ns); this->block_threshold = lib->settings->get_int(lib->settings, - "%s.block_threshold", BLOCK_THRESHOLD_DEFAULT, charon->name); + "%s.block_threshold", BLOCK_THRESHOLD_DEFAULT, lib->ns); } this->init_limit_job_load = lib->settings->get_int(lib->settings, - "%s.init_limit_job_load", 0, charon->name); + "%s.init_limit_job_load", 0, lib->ns); this->init_limit_half_open = lib->settings->get_int(lib->settings, - "%s.init_limit_half_open", 0, charon->name); + "%s.init_limit_half_open", 0, lib->ns); this->receive_delay = lib->settings->get_int(lib->settings, - "%s.receive_delay", 0, charon->name); + "%s.receive_delay", 0, lib->ns); this->receive_delay_type = lib->settings->get_int(lib->settings, - "%s.receive_delay_type", 0, charon->name), + "%s.receive_delay_type", 0, lib->ns), this->receive_delay_request = lib->settings->get_bool(lib->settings, - "%s.receive_delay_request", TRUE, charon->name), + "%s.receive_delay_request", TRUE, lib->ns), this->receive_delay_response = lib->settings->get_bool(lib->settings, - "%s.receive_delay_response", TRUE, charon->name), + "%s.receive_delay_response", TRUE, lib->ns), this->initiator_only = lib->settings->get_bool(lib->settings, - "%s.initiator_only", FALSE, charon->name), + "%s.initiator_only", FALSE, lib->ns), this->hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!this->hasher) diff --git a/src/libcharon/network/sender.c b/src/libcharon/network/sender.c index dd8efc1ec..bed4f35ce 100644 --- a/src/libcharon/network/sender.c +++ b/src/libcharon/network/sender.c @@ -204,13 +204,13 @@ sender_t * sender_create() .got = condvar_create(CONDVAR_TYPE_DEFAULT), .sent = condvar_create(CONDVAR_TYPE_DEFAULT), .send_delay = lib->settings->get_int(lib->settings, - "%s.send_delay", 0, charon->name), + "%s.send_delay", 0, lib->ns), .send_delay_type = lib->settings->get_int(lib->settings, - "%s.send_delay_type", 0, charon->name), + "%s.send_delay_type", 0, lib->ns), .send_delay_request = lib->settings->get_bool(lib->settings, - "%s.send_delay_request", TRUE, charon->name), + "%s.send_delay_request", TRUE, lib->ns), .send_delay_response = lib->settings->get_bool(lib->settings, - "%s.send_delay_response", TRUE, charon->name), + "%s.send_delay_response", TRUE, lib->ns), ); lib->processor->queue_job(lib->processor, diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in index 4a8150291..bc32b5ade 100644 --- a/src/libcharon/plugins/addrblock/Makefile.in +++ b/src/libcharon/plugins/addrblock/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in index f2147f694..6278a6234 100644 --- a/src/libcharon/plugins/android_dns/Makefile.in +++ b/src/libcharon/plugins/android_dns/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in index 7d8d12d3b..ae64a8758 100644 --- a/src/libcharon/plugins/android_log/Makefile.in +++ b/src/libcharon/plugins/android_log/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/android_log/android_log_logger.c b/src/libcharon/plugins/android_log/android_log_logger.c index 48bcaa577..99eb66bb1 100644 --- a/src/libcharon/plugins/android_log/android_log_logger.c +++ b/src/libcharon/plugins/android_log/android_log_logger.c @@ -100,7 +100,7 @@ android_log_logger_t *android_log_logger_create() }, .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .level = lib->settings->get_int(lib->settings, - "%s.plugins.android_log.loglevel", 1, charon->name), + "%s.plugins.android_log.loglevel", 1, lib->ns), ); return &this->public; diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in index 8fcd0f19f..f812770f3 100644 --- a/src/libcharon/plugins/certexpire/Makefile.in +++ b/src/libcharon/plugins/certexpire/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/certexpire/certexpire_export.c b/src/libcharon/plugins/certexpire/certexpire_export.c index f1205cfd8..4aa84904b 100644 --- a/src/libcharon/plugins/certexpire/certexpire_export.c +++ b/src/libcharon/plugins/certexpire/certexpire_export.c @@ -430,31 +430,31 @@ certexpire_export_t *certexpire_export_create() (hashtable_equals_t)equals, 32), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .local_path = lib->settings->get_str(lib->settings, - "%s.plugins.certexpire.csv.local", - NULL, charon->name), + "%s.plugins.certexpire.csv.local", + NULL, lib->ns), .remote_path = lib->settings->get_str(lib->settings, - "%s.plugins.certexpire.csv.remote", - NULL, charon->name), + "%s.plugins.certexpire.csv.remote", + NULL, lib->ns), .separator = lib->settings->get_str(lib->settings, - "%s.plugins.certexpire.csv.separator", - ",", charon->name), + "%s.plugins.certexpire.csv.separator", + ",", lib->ns), .format = lib->settings->get_str(lib->settings, - "%s.plugins.certexpire.csv.format", - "%d:%m:%Y", charon->name), + "%s.plugins.certexpire.csv.format", + "%d:%m:%Y", lib->ns), .fixed_fields = lib->settings->get_bool(lib->settings, - "%s.plugins.certexpire.csv.fixed_fields", - TRUE, charon->name), + "%s.plugins.certexpire.csv.fixed_fields", + TRUE, lib->ns), .empty_string = lib->settings->get_str(lib->settings, - "%s.plugins.certexpire.csv.empty_string", - "", charon->name), + "%s.plugins.certexpire.csv.empty_string", + "", lib->ns), .force = lib->settings->get_bool(lib->settings, - "%s.plugins.certexpire.csv.force", - TRUE, charon->name), + "%s.plugins.certexpire.csv.force", + TRUE, lib->ns), ); cron = lib->settings->get_str(lib->settings, "%s.plugins.certexpire.csv.cron", - NULL, charon->name); + NULL, lib->ns); if (cron) { this->cron = certexpire_cron_create(cron, diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in index 48492595d..d8eb802b7 100644 --- a/src/libcharon/plugins/coupling/Makefile.in +++ b/src/libcharon/plugins/coupling/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/coupling/coupling_validator.c b/src/libcharon/plugins/coupling/coupling_validator.c index 958bd2b6d..fc35462e3 100644 --- a/src/libcharon/plugins/coupling/coupling_validator.c +++ b/src/libcharon/plugins/coupling/coupling_validator.c @@ -214,12 +214,11 @@ coupling_validator_t *coupling_validator_create() .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .max_couplings = lib->settings->get_int(lib->settings, "%s.plugins.coupling.max", 1, - charon->name), + lib->ns), ); hash = lib->settings->get_str(lib->settings, - "%s.plugins.coupling.hash", "sha1", - charon->name); + "%s.plugins.coupling.hash", "sha1", lib->ns); this->hasher = lib->crypto->create_hasher(lib->crypto, enum_from_name(hash_algorithm_short_names, hash)); if (!this->hasher) @@ -230,8 +229,7 @@ coupling_validator_t *coupling_validator_create() } path = lib->settings->get_str(lib->settings, - "%s.plugins.coupling.file", NULL, - charon->name); + "%s.plugins.coupling.file", NULL, lib->ns); if (!path) { DBG1(DBG_CFG, "coupling file path unspecified"); diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in index 4a2ebe7f4..395cd76ea 100644 --- a/src/libcharon/plugins/dhcp/Makefile.in +++ b/src/libcharon/plugins/dhcp/Makefile.in @@ -216,8 +216,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c index 044c8a819..b8c1b4059 100644 --- a/src/libcharon/plugins/dhcp/dhcp_socket.c +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -643,6 +643,28 @@ METHOD(dhcp_socket_t, destroy, void, } /** + * Bind a socket to a particular interface name + */ +static bool bind_to_device(int fd, char *iface) +{ + struct ifreq ifreq; + + if (strlen(iface) > sizeof(ifreq.ifr_name)) + { + DBG1(DBG_CFG, "name for DHCP interface too long: '%s'", iface); + return FALSE; + } + memcpy(ifreq.ifr_name, iface, sizeof(ifreq.ifr_name)); + if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifreq, sizeof(ifreq))) + { + DBG1(DBG_CFG, "binding DHCP socket to '%s' failed: %s", + iface, strerror(errno)); + return FALSE; + } + return TRUE; +} + +/** * See header */ dhcp_socket_t *dhcp_socket_create() @@ -655,6 +677,7 @@ dhcp_socket_t *dhcp_socket_create() .s_addr = INADDR_ANY, }, }; + char *iface; int on = 1; struct sock_filter dhcp_filter_code[] = { BPF_STMT(BPF_LD+BPF_B+BPF_ABS, @@ -711,13 +734,15 @@ dhcp_socket_t *dhcp_socket_create() } this->identity_lease = lib->settings->get_bool(lib->settings, "%s.plugins.dhcp.identity_lease", FALSE, - charon->name); + lib->ns); this->force_dst = lib->settings->get_str(lib->settings, "%s.plugins.dhcp.force_server_address", FALSE, - charon->name); + lib->ns); this->dst = host_create_from_string(lib->settings->get_str(lib->settings, "%s.plugins.dhcp.server", "255.255.255.255", - charon->name), DHCP_SERVER_PORT); + lib->ns), DHCP_SERVER_PORT); + iface = lib->settings->get_str(lib->settings, "%s.plugins.dhcp.interface", + NULL, lib->ns); if (!this->dst) { DBG1(DBG_CFG, "configured DHCP server address invalid"); @@ -766,6 +791,15 @@ dhcp_socket_t *dhcp_socket_create() destroy(this); return NULL; } + if (iface) + { + if (!bind_to_device(this->send, iface) || + !bind_to_device(this->receive, iface)) + { + destroy(this); + return NULL; + } + } lib->watcher->add(lib->watcher, this->receive, WATCHER_READ, (watcher_cb_t)receive_dhcp, this); diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in index c9222c202..4be453ea8 100644 --- a/src/libcharon/plugins/dnscert/Makefile.in +++ b/src/libcharon/plugins/dnscert/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/dnscert/dnscert_plugin.c b/src/libcharon/plugins/dnscert/dnscert_plugin.c index 713bc9e3b..1b93480cf 100644 --- a/src/libcharon/plugins/dnscert/dnscert_plugin.c +++ b/src/libcharon/plugins/dnscert/dnscert_plugin.c @@ -74,7 +74,7 @@ METHOD(plugin_t, reload, bool, private_dnscert_plugin_t *this) { bool enabled = lib->settings->get_bool(lib->settings, - "%s.plugins.dnscert.enable", FALSE, charon->name); + "%s.plugins.dnscert.enable", FALSE, lib->ns); if (enabled != this->enabled) { diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in index bac7d846f..e9da68ee8 100644 --- a/src/libcharon/plugins/duplicheck/Makefile.in +++ b/src/libcharon/plugins/duplicheck/Makefile.in @@ -225,8 +225,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -294,6 +292,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -382,12 +385,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -402,6 +409,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/duplicheck/duplicheck_notify.c b/src/libcharon/plugins/duplicheck/duplicheck_notify.c index e3a4e17b7..f77b48b09 100644 --- a/src/libcharon/plugins/duplicheck/duplicheck_notify.c +++ b/src/libcharon/plugins/duplicheck/duplicheck_notify.c @@ -130,7 +130,7 @@ duplicheck_notify_t *duplicheck_notify_create() uri = lib->settings->get_str(lib->settings, "%s.plugins.duplicheck.socket", "unix://" DUPLICHECK_SOCKET, - charon->name); + lib->ns); this->service = lib->streams->create_service(lib->streams, uri, 3); if (!this->service) { diff --git a/src/libcharon/plugins/duplicheck/duplicheck_plugin.c b/src/libcharon/plugins/duplicheck/duplicheck_plugin.c index 4d018dbef..689c795d8 100644 --- a/src/libcharon/plugins/duplicheck/duplicheck_plugin.c +++ b/src/libcharon/plugins/duplicheck/duplicheck_plugin.c @@ -93,7 +93,7 @@ plugin_t *duplicheck_plugin_create() private_duplicheck_plugin_t *this; if (!lib->settings->get_bool(lib->settings, - "%s.plugins.duplicheck.enable", TRUE, charon->name)) + "%s.plugins.duplicheck.enable", TRUE, lib->ns)) { return NULL; } diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in index 139ce1483..67cf66720 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.in +++ b/src/libcharon/plugins/eap_aka/Makefile.in @@ -219,8 +219,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_aka/eap_aka_server.c b/src/libcharon/plugins/eap_aka/eap_aka_server.c index b7608382d..eba7af874 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_server.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_server.c @@ -721,7 +721,7 @@ eap_aka_server_t *eap_aka_server_create(identification_t *server, this->permanent = peer->clone(peer); this->use_reauth = this->use_pseudonym = this->use_permanent = lib->settings->get_bool(lib->settings, - "%s.plugins.eap-aka.request_identity", TRUE, charon->name); + "%s.plugins.eap-aka.request_identity", TRUE, lib->ns); /* generate a non-zero identifier */ do { diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in index 9fb9ef709..7d6ae956c 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in @@ -220,8 +220,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c index 1bfc39e5a..a71dae78a 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c @@ -177,7 +177,7 @@ eap_aka_3gpp2_card_t *eap_aka_3gpp2_card_create(eap_aka_3gpp2_functions_t *f) #else /* !SEQ_CHECK */ FALSE, #endif /* SEQ_CHECK */ - charon->name), + lib->ns), ); eap_aka_3gpp2_get_sqn(this->sqn, 0); diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in index 61a9da187..6ff0acb32 100644 --- a/src/libcharon/plugins/eap_dynamic/Makefile.in +++ b/src/libcharon/plugins/eap_dynamic/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c index d24cbd128..3216446af 100644 --- a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c +++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c @@ -377,14 +377,14 @@ eap_dynamic_t *eap_dynamic_create(identification_t *server, .server = server->clone(server), .types = linked_list_create(), .prefer_peer = lib->settings->get_bool(lib->settings, - "%s.plugins.eap-dynamic.prefer_peer", FALSE, charon->name), + "%s.plugins.eap-dynamic.prefer_peer", FALSE, lib->ns), ); /* get all supported EAP methods */ get_supported_eap_types(this); /* move preferred methods to the front */ preferred = lib->settings->get_str(lib->settings, - "%s.plugins.eap-dynamic.preferred", NULL, charon->name); + "%s.plugins.eap-dynamic.preferred", NULL, lib->ns); if (preferred) { handle_preferred_eap_types(this, preferred); diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in index c48d95527..99ae94e37 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.in +++ b/src/libcharon/plugins/eap_gtc/Makefile.in @@ -217,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c index 2f64f325c..e751b51b6 100644 --- a/src/libcharon/plugins/eap_gtc/eap_gtc.c +++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c @@ -149,7 +149,7 @@ METHOD(eap_method_t, process_server, status_t, /* get XAuth backend to use for credential verification. Default to PAM * to support legacy EAP-GTC configurations */ backend = lib->settings->get_str(lib->settings, - "%s.plugins.eap-gtc.backend", "pam", charon->name); + "%s.plugins.eap-gtc.backend", "pam", lib->ns); xauth = charon->xauth->create_instance(charon->xauth, backend, XAUTH_SERVER, this->server, this->peer); if (!xauth) diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in index 01fbe22a5..688879a82 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.in +++ b/src/libcharon/plugins/eap_identity/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in index 6ae97da15..150b131f0 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.in +++ b/src/libcharon/plugins/eap_md5/Makefile.in @@ -217,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in index bdc6a9d1d..d52f26a9a 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.in +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in index 35ec4db8b..7ac4a6edf 100644 --- a/src/libcharon/plugins/eap_peap/Makefile.in +++ b/src/libcharon/plugins/eap_peap/Makefile.in @@ -219,8 +219,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_peap/eap_peap.c b/src/libcharon/plugins/eap_peap/eap_peap.c index 8aba703c5..c24dd578c 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap.c +++ b/src/libcharon/plugins/eap_peap/eap_peap.c @@ -157,18 +157,18 @@ static eap_peap_t *eap_peap_create(private_eap_peap_t * this, if (is_server && !lib->settings->get_bool(lib->settings, "%s.plugins.eap-peap.request_peer_auth", FALSE, - charon->name)) + lib->ns)) { peer = NULL; } frag_size = lib->settings->get_int(lib->settings, "%s.plugins.eap-peap.fragment_size", MAX_FRAGMENT_LEN, - charon->name); + lib->ns); max_msg_count = lib->settings->get_int(lib->settings, "%s.plugins.eap-peap.max_message_count", MAX_MESSAGE_COUNT, - charon->name); + lib->ns); include_length = lib->settings->get_bool(lib->settings, - "%s.plugins.eap-peap.include_length", FALSE, charon->name); + "%s.plugins.eap-peap.include_length", FALSE, lib->ns); tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_PEAP, application, NULL); this->tls_eap = tls_eap_create(EAP_PEAP, tls, frag_size, max_msg_count, diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c index 5237cb62c..33b01e95e 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_server.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c @@ -92,7 +92,7 @@ static status_t start_phase2_auth(private_eap_peap_server_t *this) eap_type_str = lib->settings->get_str(lib->settings, "%s.plugins.eap-peap.phase2_method", "mschapv2", - charon->name); + lib->ns); type = eap_type_from_string(eap_type_str); if (type == 0) { @@ -129,7 +129,7 @@ static status_t start_phase2_auth(private_eap_peap_server_t *this) static status_t start_phase2_tnc(private_eap_peap_server_t *this) { if (this->start_phase2_tnc && lib->settings->get_bool(lib->settings, - "%s.plugins.eap-peap.phase2_tnc", FALSE, charon->name)) + "%s.plugins.eap-peap.phase2_tnc", FALSE, lib->ns)) { DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, EAP_TNC); this->ph2_method = charon->eap->create_instance(charon->eap, EAP_TNC, @@ -274,7 +274,7 @@ METHOD(tls_application_t, process, status_t, /* Start Phase 2 of EAP-PEAP authentication */ if (lib->settings->get_bool(lib->settings, - "%s.plugins.eap-peap.request_peer_auth", FALSE, charon->name)) + "%s.plugins.eap-peap.request_peer_auth", FALSE, lib->ns)) { return start_phase2_tnc(this); } @@ -425,7 +425,7 @@ eap_peap_server_t *eap_peap_server_create(identification_t *server, .start_phase2_tnc = TRUE, .start_phase2_id = lib->settings->get_bool(lib->settings, "%s.plugins.eap-peap.phase2_piggyback", - FALSE, charon->name), + FALSE, lib->ns), .phase2_result = EAP_FAILURE, .avp = eap_peap_avp_create(TRUE), ); diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in index 3064ceadb..3e2bf046d 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.in +++ b/src/libcharon/plugins/eap_radius/Makefile.in @@ -220,8 +220,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c index 6087a528f..6719497d3 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius.c +++ b/src/libcharon/plugins/eap_radius/eap_radius.c @@ -188,7 +188,7 @@ void eap_radius_build_attributes(radius_message_t *request) } if (lib->settings->get_bool(lib->settings, "%s.plugins.eap-radius.station_id_with_port", - TRUE, charon->name)) + TRUE, lib->ns)) { station_id_fmt = "%#H"; } @@ -573,12 +573,12 @@ static void process_cfg_attributes(radius_message_t *msg) void eap_radius_process_attributes(radius_message_t *message) { if (lib->settings->get_bool(lib->settings, - "%s.plugins.eap-radius.class_group", FALSE, charon->name)) + "%s.plugins.eap-radius.class_group", FALSE, lib->ns)) { process_class(message); } if (lib->settings->get_bool(lib->settings, - "%s.plugins.eap-radius.filter_id", FALSE, charon->name)) + "%s.plugins.eap-radius.filter_id", FALSE, lib->ns)) { process_filter_id(message); } @@ -720,10 +720,10 @@ eap_radius_t *eap_radius_create(identification_t *server, identification_t *peer .type = EAP_RADIUS, .eap_start = lib->settings->get_bool(lib->settings, "%s.plugins.eap-radius.eap_start", FALSE, - charon->name), + lib->ns), .id_prefix = lib->settings->get_str(lib->settings, "%s.plugins.eap-radius.id_prefix", "", - charon->name), + lib->ns), ); this->client = eap_radius_create_client(); if (!this->client) diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c index afb661e19..8c780e78d 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c @@ -712,7 +712,7 @@ eap_radius_accounting_t *eap_radius_accounting_create() .mutex = mutex_create(MUTEX_TYPE_DEFAULT), ); if (lib->settings->get_bool(lib->settings, - "%s.plugins.eap-radius.station_id_with_port", TRUE, charon->name)) + "%s.plugins.eap-radius.station_id_with_port", TRUE, lib->ns)) { this->station_id_fmt = "%#H"; } @@ -721,14 +721,14 @@ eap_radius_accounting_t *eap_radius_accounting_create() this->station_id_fmt = "%H"; } if (lib->settings->get_bool(lib->settings, - "%s.plugins.eap-radius.accounting", FALSE, charon->name)) + "%s.plugins.eap-radius.accounting", FALSE, lib->ns)) { singleton = this; charon->bus->add_listener(charon->bus, &this->public.listener); } this->acct_req_vip = lib->settings->get_bool(lib->settings, "%s.plugins.eap-radius.accounting_requires_vip", - FALSE, charon->name); + FALSE, lib->ns); return &this->public; } diff --git a/src/libcharon/plugins/eap_radius/eap_radius_dae.c b/src/libcharon/plugins/eap_radius/eap_radius_dae.c index f22ddc56f..a0bf99efd 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_dae.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_dae.c @@ -452,11 +452,11 @@ static bool open_socket(private_eap_radius_dae_t *this) host = host_create_from_string( lib->settings->get_str(lib->settings, - "%s.plugins.eap-radius.dae.listen", "0.0.0.0", - charon->name), + "%s.plugins.eap-radius.dae.listen", "0.0.0.0", + lib->ns), lib->settings->get_int(lib->settings, - "%s.plugins.eap-radius.dae.port", RADIUS_DAE_PORT, - charon->name)); + "%s.plugins.eap-radius.dae.port", RADIUS_DAE_PORT, + lib->ns)); if (!host) { DBG1(DBG_CFG, "invalid RADIUS DAE listen address"); @@ -504,7 +504,7 @@ eap_radius_dae_t *eap_radius_dae_create(eap_radius_accounting_t *accounting) .secret = { .ptr = lib->settings->get_str(lib->settings, "%s.plugins.eap-radius.dae.secret", NULL, - charon->name), + lib->ns), }, .hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5), .signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128), diff --git a/src/libcharon/plugins/eap_radius/eap_radius_forward.c b/src/libcharon/plugins/eap_radius/eap_radius_forward.c index 3e80e8918..b873e1d69 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_forward.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_forward.c @@ -438,10 +438,10 @@ eap_radius_forward_t *eap_radius_forward_create() }, .from_attr = parse_selector(lib->settings->get_str(lib->settings, "%s.plugins.eap-radius.forward.ike_to_radius", "", - charon->name)), + lib->ns)), .to_attr = parse_selector(lib->settings->get_str(lib->settings, "%s.plugins.eap-radius.forward.radius_to_ike", "", - charon->name)), + lib->ns)), .from = hashtable_create((hashtable_hash_t)hash, (hashtable_equals_t)equals, 8), .to = hashtable_create((hashtable_hash_t)hash, diff --git a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c index 90a4ef6de..1a48c07e5 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_plugin.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_plugin.c @@ -100,23 +100,23 @@ static void load_configs(private_eap_radius_plugin_t *this) int auth_port, acct_port, sockets, preference; address = lib->settings->get_str(lib->settings, - "%s.plugins.eap-radius.server", NULL, charon->name); + "%s.plugins.eap-radius.server", NULL, lib->ns); if (address) { /* legacy configuration */ secret = lib->settings->get_str(lib->settings, - "%s.plugins.eap-radius.secret", NULL, charon->name); + "%s.plugins.eap-radius.secret", NULL, lib->ns); if (!secret) { DBG1(DBG_CFG, "no RADIUS secret defined"); return; } nas_identifier = lib->settings->get_str(lib->settings, - "%s.plugins.eap-radius.nas_identifier", "strongSwan", - charon->name); + "%s.plugins.eap-radius.nas_identifier", "strongSwan", + lib->ns); auth_port = lib->settings->get_int(lib->settings, - "%s.plugins.eap-radius.port", AUTH_PORT, charon->name); + "%s.plugins.eap-radius.port", AUTH_PORT, lib->ns); sockets = lib->settings->get_int(lib->settings, - "%s.plugins.eap-radius.sockets", 1, charon->name); + "%s.plugins.eap-radius.sockets", 1, lib->ns); config = radius_config_create(address, address, auth_port, ACCT_PORT, nas_identifier, secret, sockets, 0); if (!config) @@ -129,12 +129,12 @@ static void load_configs(private_eap_radius_plugin_t *this) } enumerator = lib->settings->create_section_enumerator(lib->settings, - "%s.plugins.eap-radius.servers", charon->name); + "%s.plugins.eap-radius.servers", lib->ns); while (enumerator->enumerate(enumerator, §ion)) { address = lib->settings->get_str(lib->settings, "%s.plugins.eap-radius.servers.%s.address", NULL, - charon->name, section); + lib->ns, section); if (!address) { DBG1(DBG_CFG, "RADIUS server '%s' misses address, skipped", section); @@ -142,7 +142,7 @@ static void load_configs(private_eap_radius_plugin_t *this) } secret = lib->settings->get_str(lib->settings, "%s.plugins.eap-radius.servers.%s.secret", NULL, - charon->name, section); + lib->ns, section); if (!secret) { DBG1(DBG_CFG, "RADIUS server '%s' misses secret, skipped", section); @@ -150,22 +150,22 @@ static void load_configs(private_eap_radius_plugin_t *this) } nas_identifier = lib->settings->get_str(lib->settings, "%s.plugins.eap-radius.servers.%s.nas_identifier", "strongSwan", - charon->name, section); + lib->ns, section); auth_port = lib->settings->get_int(lib->settings, "%s.plugins.eap-radius.servers.%s.auth_port", lib->settings->get_int(lib->settings, "%s.plugins.eap-radius.servers.%s.port", - AUTH_PORT, charon->name, section), - charon->name, section); + AUTH_PORT, lib->ns, section), + lib->ns, section); acct_port = lib->settings->get_int(lib->settings, "%s.plugins.eap-radius.servers.%s.acct_port", ACCT_PORT, - charon->name, section); + lib->ns, section); sockets = lib->settings->get_int(lib->settings, "%s.plugins.eap-radius.servers.%s.sockets", 1, - charon->name, section); + lib->ns, section); preference = lib->settings->get_int(lib->settings, "%s.plugins.eap-radius.servers.%s.preference", 0, - charon->name, section); + lib->ns, section); config = radius_config_create(section, address, auth_port, acct_port, nas_identifier, secret, sockets, preference); if (!config) @@ -203,7 +203,7 @@ static bool plugin_cb(private_eap_radius_plugin_t *this, load_configs(this); if (lib->settings->get_bool(lib->settings, - "%s.plugins.eap-radius.dae.enable", FALSE, charon->name)) + "%s.plugins.eap-radius.dae.enable", FALSE, lib->ns)) { this->dae = eap_radius_dae_create(this->accounting); } @@ -368,7 +368,7 @@ void eap_radius_handle_timeout(ike_sa_id_t *id) if (lib->settings->get_bool(lib->settings, "%s.plugins.eap-radius.close_all_on_timeout", - FALSE, charon->name)) + FALSE, lib->ns)) { DBG1(DBG_CFG, "deleting all IKE_SAs after RADIUS timeout"); lib->processor->queue_job(lib->processor, diff --git a/src/libcharon/plugins/eap_radius/eap_radius_xauth.c b/src/libcharon/plugins/eap_radius/eap_radius_xauth.c index e66bbf38f..d00f6bb2c 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_xauth.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_xauth.c @@ -256,7 +256,7 @@ static bool parse_rounds(private_eap_radius_xauth_t *this, char *profile) } enumerator = lib->settings->create_key_value_enumerator(lib->settings, - "%s.plugins.eap-radius.xauth.%s", charon->name, profile); + "%s.plugins.eap-radius.xauth.%s", lib->ns, profile); while (enumerator->enumerate(enumerator, &type, &message)) { bool invalid = TRUE; diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in index c9d80681a..3707f64f3 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.in +++ b/src/libcharon/plugins/eap_sim/Makefile.in @@ -219,8 +219,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c index 334e2df1d..f22266bda 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_server.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c @@ -635,7 +635,7 @@ eap_sim_server_t *eap_sim_server_create(identification_t *server, this->use_reauth = this->use_pseudonym = this->use_permanent = lib->settings->get_bool(lib->settings, "%s.plugins.eap-sim.request_identity", TRUE, - charon->name); + lib->ns); /* generate a non-zero identifier */ do { diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in index 39995495e..05bbc3129 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.in +++ b/src/libcharon/plugins/eap_sim_file/Makefile.in @@ -220,8 +220,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in index 2723f4059..a22a5c355 100644 --- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in +++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in @@ -221,8 +221,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in index 27a9f0c09..189baacbc 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in @@ -221,8 +221,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in index 5c136cec4..33443a1d2 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in @@ -220,8 +220,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in index 86cf3a752..02cf1532c 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in @@ -219,8 +219,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c b/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c index 6bcc58e66..176321833 100644 --- a/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c +++ b/src/libcharon/plugins/eap_simaka_sql/eap_simaka_sql_plugin.c @@ -66,7 +66,7 @@ static bool load_db(private_eap_simaka_sql_t *this, uri = lib->settings->get_str(lib->settings, "%s.plugins.eap-simaka-sql.database", NULL, - charon->name); + lib->ns); if (!uri) { DBG1(DBG_CFG, "eap-simaka-sql database URI missing"); @@ -80,7 +80,7 @@ static bool load_db(private_eap_simaka_sql_t *this, } remove_used = lib->settings->get_bool(lib->settings, "%s.plugins.eap-simaka-sql.remove_used", FALSE, - charon->name); + lib->ns); this->provider = eap_simaka_sql_provider_create(this->db, remove_used); this->card = eap_simaka_sql_card_create(this->db, remove_used); diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in index 7be65990c..ec189f895 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.in +++ b/src/libcharon/plugins/eap_tls/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c index 48e38755d..dffbaf266 100644 --- a/src/libcharon/plugins/eap_tls/eap_tls.c +++ b/src/libcharon/plugins/eap_tls/eap_tls.c @@ -145,12 +145,12 @@ static eap_tls_t *eap_tls_create(identification_t *server, frag_size = lib->settings->get_int(lib->settings, "%s.plugins.eap-tls.fragment_size", MAX_FRAGMENT_LEN, - charon->name); + lib->ns); max_msg_count = lib->settings->get_int(lib->settings, "%s.plugins.eap-tls.max_message_count", MAX_MESSAGE_COUNT, - charon->name); + lib->ns); include_length = lib->settings->get_bool(lib->settings, - "%s.plugins.eap-tls.include_length", TRUE, charon->name); + "%s.plugins.eap-tls.include_length", TRUE, lib->ns); tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TLS, NULL, NULL); this->tls_eap = tls_eap_create(EAP_TLS, tls, frag_size, max_msg_count, include_length); diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in index e482a7148..6d4ff8756 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.in +++ b/src/libcharon/plugins/eap_tnc/Makefile.in @@ -219,8 +219,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_tnc/eap_tnc.c b/src/libcharon/plugins/eap_tnc/eap_tnc.c index f9ab74258..2147c0482 100644 --- a/src/libcharon/plugins/eap_tnc/eap_tnc.c +++ b/src/libcharon/plugins/eap_tnc/eap_tnc.c @@ -273,10 +273,10 @@ static eap_tnc_t *eap_tnc_create(identification_t *server, ); max_msg_count = lib->settings->get_int(lib->settings, - "%s.plugins.eap-tnc.max_message_count", - EAP_TNC_MAX_MESSAGE_COUNT, charon->name); + "%s.plugins.eap-tnc.max_message_count", + EAP_TNC_MAX_MESSAGE_COUNT, lib->ns); protocol = lib->settings->get_str(lib->settings, - "%s.plugins.eap-tnc.protocol", "tnccs-1.1", charon->name); + "%s.plugins.eap-tnc.protocol", "tnccs-1.1", lib->ns); if (strcaseeq(protocol, "tnccs-2.0")) { type = TNCCS_2_0; diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in index a774ad609..a22b1e220 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.in +++ b/src/libcharon/plugins/eap_ttls/Makefile.in @@ -220,8 +220,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c index ebd1c5479..703cd3f29 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c @@ -147,18 +147,18 @@ static eap_ttls_t *eap_ttls_create(identification_t *server, ); if (is_server && !lib->settings->get_bool(lib->settings, "%s.plugins.eap-ttls.request_peer_auth", FALSE, - charon->name)) + lib->ns)) { peer = NULL; } frag_size = lib->settings->get_int(lib->settings, "%s.plugins.eap-ttls.fragment_size", MAX_FRAGMENT_LEN, - charon->name); + lib->ns); max_msg_count = lib->settings->get_int(lib->settings, "%s.plugins.eap-ttls.max_message_count", MAX_MESSAGE_COUNT, - charon->name); + lib->ns); include_length = lib->settings->get_bool(lib->settings, - "%s.plugins.eap-ttls.include_length", TRUE, charon->name); + "%s.plugins.eap-ttls.include_length", TRUE, lib->ns); tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TTLS, application, NULL); this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size, max_msg_count, diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c index eef8d6682..88c2b88c6 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_server.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_server.c @@ -80,7 +80,7 @@ static status_t start_phase2_auth(private_eap_ttls_server_t *this) eap_type_str = lib->settings->get_str(lib->settings, "%s.plugins.eap-ttls.phase2_method", "md5", - charon->name); + lib->ns); type = eap_type_from_string(eap_type_str); if (type == 0) { @@ -115,7 +115,7 @@ static status_t start_phase2_tnc(private_eap_ttls_server_t *this, eap_inner_method_t *inner_method; if (this->start_phase2_tnc && lib->settings->get_bool(lib->settings, - "%s.plugins.eap-ttls.phase2_tnc", FALSE, charon->name)) + "%s.plugins.eap-ttls.phase2_tnc", FALSE, lib->ns)) { DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, EAP_TNC); this->method = charon->eap->create_instance(charon->eap, EAP_TNC, @@ -242,7 +242,7 @@ METHOD(tls_application_t, process, status_t, /* Start Phase 2 of EAP-TTLS authentication */ if (lib->settings->get_bool(lib->settings, - "%s.plugins.eap-ttls.request_peer_auth", FALSE, charon->name)) + "%s.plugins.eap-ttls.request_peer_auth", FALSE, lib->ns)) { return start_phase2_tnc(this, EAP_TLS); } @@ -301,7 +301,7 @@ METHOD(tls_application_t, build, status_t, if (this->method == NULL && this->start_phase2 && lib->settings->get_bool(lib->settings, - "%s.plugins.eap-ttls.phase2_piggyback", FALSE, charon->name)) + "%s.plugins.eap-ttls.phase2_piggyback", FALSE, lib->ns)) { /* generate an EAP Identity request which will be piggybacked right * onto the TLS Finished message thus initiating EAP-TTLS phase2 diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in index ad8aba11e..d8a135cc1 100644 --- a/src/libcharon/plugins/error_notify/Makefile.in +++ b/src/libcharon/plugins/error_notify/Makefile.in @@ -226,8 +226,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -295,6 +293,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -383,12 +386,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -403,6 +410,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/error_notify/error_notify_socket.c b/src/libcharon/plugins/error_notify/error_notify_socket.c index aafd0a4cd..959c4c67d 100644 --- a/src/libcharon/plugins/error_notify/error_notify_socket.c +++ b/src/libcharon/plugins/error_notify/error_notify_socket.c @@ -142,7 +142,7 @@ error_notify_socket_t *error_notify_socket_create() uri = lib->settings->get_str(lib->settings, "%s.plugins.error-notify.socket", "unix://" ERROR_NOTIFY_SOCKET, - charon->name); + lib->ns); this->service = lib->streams->create_service(lib->streams, uri, 10); if (!this->service) { diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in index 4d2a32e6f..60c55f01e 100644 --- a/src/libcharon/plugins/farp/Makefile.in +++ b/src/libcharon/plugins/farp/Makefile.in @@ -216,8 +216,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in index 9948ab3db..2f3263064 100644 --- a/src/libcharon/plugins/ha/Makefile.in +++ b/src/libcharon/plugins/ha/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/ha/ha_attribute.c b/src/libcharon/plugins/ha/ha_attribute.c index d26c38325..dd55fae8b 100644 --- a/src/libcharon/plugins/ha/ha_attribute.c +++ b/src/libcharon/plugins/ha/ha_attribute.c @@ -309,7 +309,7 @@ static void load_pools(private_ha_attribute_t *this) pool_t *pool; enumerator = lib->settings->create_key_value_enumerator(lib->settings, - "%s.plugins.ha.pools", charon->name); + "%s.plugins.ha.pools", lib->ns); while (enumerator->enumerate(enumerator, &name, &net)) { net = strdup(net); diff --git a/src/libcharon/plugins/ha/ha_plugin.c b/src/libcharon/plugins/ha/ha_plugin.c index 5d4cc6184..493cad5ec 100644 --- a/src/libcharon/plugins/ha/ha_plugin.c +++ b/src/libcharon/plugins/ha/ha_plugin.c @@ -160,19 +160,19 @@ plugin_t *ha_plugin_create() bool fifo, monitor, resync; local = lib->settings->get_str(lib->settings, - "%s.plugins.ha.local", NULL, charon->name); + "%s.plugins.ha.local", NULL, lib->ns); remote = lib->settings->get_str(lib->settings, - "%s.plugins.ha.remote", NULL, charon->name); + "%s.plugins.ha.remote", NULL, lib->ns); secret = lib->settings->get_str(lib->settings, - "%s.plugins.ha.secret", NULL, charon->name); + "%s.plugins.ha.secret", NULL, lib->ns); fifo = lib->settings->get_bool(lib->settings, - "%s.plugins.ha.fifo_interface", TRUE, charon->name); + "%s.plugins.ha.fifo_interface", TRUE, lib->ns); monitor = lib->settings->get_bool(lib->settings, - "%s.plugins.ha.monitor", TRUE, charon->name); + "%s.plugins.ha.monitor", TRUE, lib->ns); resync = lib->settings->get_bool(lib->settings, - "%s.plugins.ha.resync", TRUE, charon->name); + "%s.plugins.ha.resync", TRUE, lib->ns); count = min(SEGMENTS_MAX, lib->settings->get_int(lib->settings, - "%s.plugins.ha.segment_count", 1, charon->name)); + "%s.plugins.ha.segment_count", 1, lib->ns)); if (!local || !remote) { DBG1(DBG_CFG, "HA config misses local/remote address"); diff --git a/src/libcharon/plugins/ha/ha_segments.c b/src/libcharon/plugins/ha/ha_segments.c index cab38c63d..fc7d7a8b4 100644 --- a/src/libcharon/plugins/ha/ha_segments.c +++ b/src/libcharon/plugins/ha/ha_segments.c @@ -470,12 +470,12 @@ ha_segments_t *ha_segments_create(ha_socket_t *socket, ha_kernel_t *kernel, .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), .heartbeat_delay = lib->settings->get_int(lib->settings, "%s.plugins.ha.heartbeat_delay", DEFAULT_HEARTBEAT_DELAY, - charon->name), + lib->ns), .heartbeat_timeout = lib->settings->get_int(lib->settings, "%s.plugins.ha.heartbeat_timeout", DEFAULT_HEARTBEAT_TIMEOUT, - charon->name), + lib->ns), .autobalance = lib->settings->get_int(lib->settings, - "%s.plugins.ha.autobalance", 0, charon->name), + "%s.plugins.ha.autobalance", 0, lib->ns), ); if (monitor) diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in index 5c3d01558..2ee5a49f1 100644 --- a/src/libcharon/plugins/ipseckey/Makefile.in +++ b/src/libcharon/plugins/ipseckey/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c index 9bc49ba28..9f00abe8b 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey_plugin.c +++ b/src/libcharon/plugins/ipseckey/ipseckey_plugin.c @@ -53,7 +53,7 @@ METHOD(plugin_t, reload, bool, private_ipseckey_plugin_t *this) { bool enabled = lib->settings->get_bool(lib->settings, - "%s.plugins.ipseckey.enable", FALSE, charon->name); + "%s.plugins.ipseckey.enable", FALSE, lib->ns); if (enabled != this->enabled) { diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in index fa28babe4..1726c689c 100644 --- a/src/libcharon/plugins/kernel_libipsec/Makefile.in +++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in @@ -220,8 +220,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c index d0744e300..b33580700 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c @@ -695,7 +695,7 @@ kernel_libipsec_ipsec_t *kernel_libipsec_ipsec_create() .policies = linked_list_create(), .excludes = linked_list_create(), .allow_peer_ts = lib->settings->get_bool(lib->settings, - "%s.plugins.kernel-libipsec.allow_peer_ts", FALSE, hydra->daemon), + "%s.plugins.kernel-libipsec.allow_peer_ts", FALSE, lib->ns), ); ipsec->events->register_listener(ipsec->events, &this->ipsec_listener); diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c index 56f526217..e3b688dd6 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_plugin.c @@ -144,6 +144,6 @@ plugin_t *kernel_libipsec_plugin_create() /* set TUN device as default to install VIPs */ lib->settings->set_str(lib->settings, "%s.install_virtual_ip_on", - this->tun->get_name(this->tun), charon->name); + this->tun->get_name(this->tun), lib->ns); return &this->public.plugin; } diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in index 9373703a2..48163aff2 100644 --- a/src/libcharon/plugins/led/Makefile.in +++ b/src/libcharon/plugins/led/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/led/led_listener.c b/src/libcharon/plugins/led/led_listener.c index be80bcde2..3351f6614 100644 --- a/src/libcharon/plugins/led/led_listener.c +++ b/src/libcharon/plugins/led/led_listener.c @@ -230,12 +230,12 @@ led_listener_t *led_listener_create() }, .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .blink_time = lib->settings->get_int(lib->settings, - "%s.plugins.led.blink_time", 50, charon->name), + "%s.plugins.led.blink_time", 50, lib->ns), ); this->activity = open_led(lib->settings->get_str(lib->settings, - "%s.plugins.led.activity_led", NULL, charon->name), - &this->activity_max); + "%s.plugins.led.activity_led", NULL, lib->ns), + &this->activity_max); set_led(this->activity, 0); return &this->public; diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index 93dd6b486..2369044dd 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -228,8 +228,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -297,6 +295,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -385,12 +388,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -405,6 +412,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index e4e47c1ac..e133190b4 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -236,11 +236,11 @@ static void load_addrs(private_load_tester_config_t *this) mem_pool_t *pool; this->keep = lib->settings->get_bool(lib->settings, - "%s.plugins.load-tester.addrs_keep", FALSE, charon->name); + "%s.plugins.load-tester.addrs_keep", FALSE, lib->ns); this->prefix = lib->settings->get_int(lib->settings, - "%s.plugins.load-tester.addrs_prefix", 16, charon->name); + "%s.plugins.load-tester.addrs_prefix", 16, lib->ns); enumerator = lib->settings->create_key_value_enumerator(lib->settings, - "%s.plugins.load-tester.addrs", charon->name); + "%s.plugins.load-tester.addrs", lib->ns); while (enumerator->enumerate(enumerator, &iface, &token)) { tokens = enumerator_create_token(token, ",", " "); @@ -917,72 +917,71 @@ load_tester_config_t *load_tester_config_create() ); if (lib->settings->get_bool(lib->settings, - "%s.plugins.load-tester.request_virtual_ip", FALSE, charon->name)) + "%s.plugins.load-tester.request_virtual_ip", FALSE, lib->ns)) { this->vip = host_create_from_string("0.0.0.0", 0); } this->pool = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.pool", NULL, charon->name); + "%s.plugins.load-tester.pool", NULL, lib->ns); this->initiator = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.initiator", "0.0.0.0", charon->name); + "%s.plugins.load-tester.initiator", "0.0.0.0", lib->ns); this->responder = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.responder", "127.0.0.1", charon->name); + "%s.plugins.load-tester.responder", "127.0.0.1", lib->ns); this->proposal = proposal_create_from_string(PROTO_IKE, lib->settings->get_str(lib->settings, "%s.plugins.load-tester.proposal", "aes128-sha1-modp768", - charon->name)); + lib->ns)); if (!this->proposal) { /* fallback */ this->proposal = proposal_create_from_string(PROTO_IKE, "aes128-sha1-modp768"); } this->esp = proposal_create_from_string(PROTO_ESP, - lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.esp", "aes128-sha1", - charon->name)); + lib->settings->get_str(lib->settings, + "%s.plugins.load-tester.esp", "aes128-sha1", lib->ns)); if (!this->esp) { /* fallback */ this->esp = proposal_create_from_string(PROTO_ESP, "aes128-sha1"); } this->ike_rekey = lib->settings->get_int(lib->settings, - "%s.plugins.load-tester.ike_rekey", 0, charon->name); + "%s.plugins.load-tester.ike_rekey", 0, lib->ns); this->child_rekey = lib->settings->get_int(lib->settings, - "%s.plugins.load-tester.child_rekey", 600, charon->name); + "%s.plugins.load-tester.child_rekey", 600, lib->ns); this->dpd_delay = lib->settings->get_int(lib->settings, - "%s.plugins.load-tester.dpd_delay", 0, charon->name); + "%s.plugins.load-tester.dpd_delay", 0, lib->ns); this->dpd_timeout = lib->settings->get_int(lib->settings, - "%s.plugins.load-tester.dpd_timeout", 0, charon->name); + "%s.plugins.load-tester.dpd_timeout", 0, lib->ns); this->initiator_auth = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.initiator_auth", "pubkey", charon->name); + "%s.plugins.load-tester.initiator_auth", "pubkey", lib->ns); this->responder_auth = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.responder_auth", "pubkey", charon->name); + "%s.plugins.load-tester.responder_auth", "pubkey", lib->ns); this->initiator_id = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.initiator_id", NULL, charon->name); + "%s.plugins.load-tester.initiator_id", NULL, lib->ns); this->initiator_match = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.initiator_match", NULL, charon->name); + "%s.plugins.load-tester.initiator_match", NULL, lib->ns); this->responder_id = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.responder_id", NULL, charon->name); + "%s.plugins.load-tester.responder_id", NULL, lib->ns); this->mode = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.mode", NULL, charon->name); + "%s.plugins.load-tester.mode", NULL, lib->ns); this->initiator_tsi = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.initiator_tsi", NULL, charon->name); + "%s.plugins.load-tester.initiator_tsi", NULL, lib->ns); this->responder_tsi =lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.responder_tsi", - this->initiator_tsi, charon->name); + "%s.plugins.load-tester.responder_tsi", + this->initiator_tsi, lib->ns); this->initiator_tsr = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.initiator_tsr", NULL, charon->name); + "%s.plugins.load-tester.initiator_tsr", NULL, lib->ns); this->responder_tsr =lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.responder_tsr", - this->initiator_tsr, charon->name); + "%s.plugins.load-tester.responder_tsr", + this->initiator_tsr, lib->ns); this->port = lib->settings->get_int(lib->settings, - "%s.plugins.load-tester.dynamic_port", 0, charon->name); + "%s.plugins.load-tester.dynamic_port", 0, lib->ns); this->version = lib->settings->get_int(lib->settings, - "%s.plugins.load-tester.version", IKE_ANY, charon->name); + "%s.plugins.load-tester.version", IKE_ANY, lib->ns); load_addrs(this); diff --git a/src/libcharon/plugins/load_tester/load_tester_control.c b/src/libcharon/plugins/load_tester/load_tester_control.c index f9ec9142f..5f089f5db 100644 --- a/src/libcharon/plugins/load_tester/load_tester_control.c +++ b/src/libcharon/plugins/load_tester/load_tester_control.c @@ -302,7 +302,7 @@ load_tester_control_t *load_tester_control_create() uri = lib->settings->get_str(lib->settings, "%s.plugins.load-tester.socket", "unix://" LOAD_TESTER_SOCKET, - charon->name); + lib->ns); this->service = lib->streams->create_service(lib->streams, uri, 10); if (this->service) { diff --git a/src/libcharon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c index 028205bd2..f17d41f46 100644 --- a/src/libcharon/plugins/load_tester/load_tester_creds.c +++ b/src/libcharon/plugins/load_tester/load_tester_creds.c @@ -202,7 +202,7 @@ static private_key_t *load_issuer_key() char *path; path = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.issuer_key", NULL, charon->name); + "%s.plugins.load-tester.issuer_key", NULL, lib->ns); if (!path) { return lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, @@ -222,7 +222,7 @@ static certificate_t *load_issuer_cert() char *path; path = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.issuer_cert", NULL, charon->name); + "%s.plugins.load-tester.issuer_cert", NULL, lib->ns); if (!path) { return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, @@ -246,7 +246,7 @@ static void load_ca_certs(private_load_tester_creds_t *this) char *path; path = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.ca_dir", NULL, charon->name); + "%s.plugins.load-tester.ca_dir", NULL, lib->ns); if (path) { enumerator = enumerator_create_directory(path); @@ -445,11 +445,11 @@ load_tester_creds_t *load_tester_creds_create() char *pwd, *psk, *digest; psk = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.preshared_key", default_psk, charon->name); + "%s.plugins.load-tester.preshared_key", default_psk, lib->ns); pwd = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.eap_password", default_pwd, charon->name); + "%s.plugins.load-tester.eap_password", default_pwd, lib->ns); digest = lib->settings->get_str(lib->settings, - "%s.plugins.load-tester.digest", "sha1", charon->name); + "%s.plugins.load-tester.digest", "sha1", lib->ns); INIT(this, .public = { diff --git a/src/libcharon/plugins/load_tester/load_tester_listener.c b/src/libcharon/plugins/load_tester/load_tester_listener.c index 7e832ddc0..068020ef7 100644 --- a/src/libcharon/plugins/load_tester/load_tester_listener.c +++ b/src/libcharon/plugins/load_tester/load_tester_listener.c @@ -126,7 +126,7 @@ load_tester_listener_t *load_tester_listener_create(u_int shutdown_on, }, .delete_after_established = lib->settings->get_bool(lib->settings, "%s.plugins.load-tester.delete_after_established", FALSE, - charon->name), + lib->ns), .shutdown_on = shutdown_on, .config = config, ); diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c index 03557a269..e684f22ce 100644 --- a/src/libcharon/plugins/load_tester/load_tester_plugin.c +++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c @@ -193,7 +193,7 @@ static bool register_load_tester(private_load_tester_plugin_t *this, lib->credmgr->add_set(lib->credmgr, &this->creds->credential_set); if (lib->settings->get_bool(lib->settings, - "%s.plugins.load-tester.shutdown_when_complete", 0, charon->name)) + "%s.plugins.load-tester.shutdown_when_complete", 0, lib->ns)) { shutdown_on = this->iterations * this->initiators; } @@ -262,8 +262,8 @@ plugin_t *load_tester_plugin_create() { private_load_tester_plugin_t *this; - if (!lib->settings->get_bool(lib->settings, - "%s.plugins.load-tester.enable", FALSE, charon->name)) + if (!lib->settings->get_bool(lib->settings, "%s.plugins.load-tester.enable", + FALSE, lib->ns)) { DBG1(DBG_CFG, "disabling load-tester plugin, not configured"); return NULL; @@ -279,19 +279,19 @@ plugin_t *load_tester_plugin_create() }, }, .delay = lib->settings->get_int(lib->settings, - "%s.plugins.load-tester.delay", 0, charon->name), + "%s.plugins.load-tester.delay", 0, lib->ns), .iterations = lib->settings->get_int(lib->settings, - "%s.plugins.load-tester.iterations", 1, charon->name), + "%s.plugins.load-tester.iterations", 1, lib->ns), .initiators = lib->settings->get_int(lib->settings, - "%s.plugins.load-tester.initiators", 0, charon->name), + "%s.plugins.load-tester.initiators", 0, lib->ns), .init_limit = lib->settings->get_int(lib->settings, - "%s.plugins.load-tester.init_limit", 0, charon->name), + "%s.plugins.load-tester.init_limit", 0, lib->ns), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), ); if (lib->settings->get_bool(lib->settings, - "%s.plugins.load-tester.fake_kernel", FALSE, charon->name)) + "%s.plugins.load-tester.fake_kernel", FALSE, lib->ns)) { hydra->kernel_interface->add_ipsec_interface(hydra->kernel_interface, (kernel_ipsec_constructor_t)load_tester_ipsec_create); diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in index d74ce4668..4b6d214de 100644 --- a/src/libcharon/plugins/lookip/Makefile.in +++ b/src/libcharon/plugins/lookip/Makefile.in @@ -224,8 +224,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -293,6 +291,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -381,12 +384,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -401,6 +408,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/lookip/lookip_socket.c b/src/libcharon/plugins/lookip/lookip_socket.c index d25573bf4..4b33e3e31 100644 --- a/src/libcharon/plugins/lookip/lookip_socket.c +++ b/src/libcharon/plugins/lookip/lookip_socket.c @@ -87,10 +87,21 @@ static void entry_destroy(entry_t *entry) } /** - * Disconnect a stream, remove connection entry + * Data for async disconnect job */ -static void disconnect(private_lookip_socket_t *this, stream_t *stream) +typedef struct { + /** socket ref */ + private_lookip_socket_t *this; + /** stream to disconnect */ + stream_t *stream; +} disconnect_data_t; + +/** + * Disconnect a stream asynchronously, remove connection entry + */ +static job_requeue_t disconnect_async(disconnect_data_t *data) { + private_lookip_socket_t *this = data->this; enumerator_t *enumerator; entry_t *entry; @@ -98,7 +109,7 @@ static void disconnect(private_lookip_socket_t *this, stream_t *stream) enumerator = this->connected->create_enumerator(this->connected); while (enumerator->enumerate(enumerator, &entry)) { - if (entry->stream == stream) + if (entry->stream == data->stream) { this->connected->remove_at(this->connected, enumerator); if (entry->up || entry->down) @@ -111,6 +122,24 @@ static void disconnect(private_lookip_socket_t *this, stream_t *stream) } enumerator->destroy(enumerator); this->mutex->unlock(this->mutex); + return JOB_REQUEUE_NONE; +} + +/** + * Queue async disconnect job + */ +static void disconnect(private_lookip_socket_t *this, stream_t *stream) +{ + disconnect_data_t *data; + + INIT(data, + .this = this, + .stream = stream, + ); + + lib->processor->queue_job(lib->processor, + (job_t*)callback_job_create((void*)disconnect_async, data, + free, NULL)); } /** @@ -393,8 +422,8 @@ lookip_socket_t *lookip_socket_create(lookip_listener_t *listener) ); uri = lib->settings->get_str(lib->settings, - "%s.plugins.lookip.socket", "unix://" LOOKIP_SOCKET, - charon->name); + "%s.plugins.lookip.socket", "unix://" LOOKIP_SOCKET, + lib->ns); this->service = lib->streams->create_service(lib->streams, uri, 10); if (!this->service) { diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in index a8b793f6f..314088a25 100644 --- a/src/libcharon/plugins/maemo/Makefile.in +++ b/src/libcharon/plugins/maemo/Makefile.in @@ -220,8 +220,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in index 76b05c634..8d7ca04e6 100644 --- a/src/libcharon/plugins/medcli/Makefile.in +++ b/src/libcharon/plugins/medcli/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in index 20e3553e7..7abc23e50 100644 --- a/src/libcharon/plugins/medsrv/Makefile.in +++ b/src/libcharon/plugins/medsrv/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in index 9e794cec3..b891f55f1 100644 --- a/src/libcharon/plugins/osx_attr/Makefile.in +++ b/src/libcharon/plugins/osx_attr/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in index c8d8fae1c..bf85d5713 100644 --- a/src/libcharon/plugins/radattr/Makefile.in +++ b/src/libcharon/plugins/radattr/Makefile.in @@ -219,8 +219,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/radattr/radattr_listener.c b/src/libcharon/plugins/radattr/radattr_listener.c index 5443800e5..aca83aafc 100644 --- a/src/libcharon/plugins/radattr/radattr_listener.c +++ b/src/libcharon/plugins/radattr/radattr_listener.c @@ -19,7 +19,6 @@ #include <sys/stat.h> #include <unistd.h> #include <fcntl.h> -#include <sys/mman.h> #include <errno.h> #include <daemon.h> @@ -110,10 +109,7 @@ static void add_radius_attribute(private_radattr_listener_t *this, identification_t *id; auth_cfg_t *auth; char path[PATH_MAX]; - chunk_t data; - struct stat sb; - void *addr; - int fd; + chunk_t *data; auth = ike_sa->get_auth_cfg(ike_sa, TRUE); id = auth->get(auth, AUTH_RULE_EAP_IDENTITY); @@ -123,44 +119,16 @@ static void add_radius_attribute(private_radattr_listener_t *this, } snprintf(path, sizeof(path), "%s/%Y", this->dir, id); - fd = open(path, O_RDONLY); - if (fd != -1) + data = chunk_map(path, FALSE); + if (data) { - if (fstat(fd, &sb) != -1) + if (data->len >= 2) { - if (sb.st_size <= MAX_ATTR_SIZE) - { - addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); - if (addr != MAP_FAILED) - { - data = chunk_create(addr, sb.st_size); - if (data.len >= 2) - { - DBG1(DBG_CFG, "adding RADIUS %N attribute", - radius_attribute_type_names, data.ptr[0]); - message->add_notify(message, FALSE, - RADIUS_ATTRIBUTE, data); - } - munmap(addr, sb.st_size); - } - else - { - DBG1(DBG_CFG, "mapping RADIUS attribute '%s' failed: %s", - path, strerror(errno)); - } - } - else - { - DBG1(DBG_CFG, "RADIUS attribute '%s' exceeds size limit", - path); - } - } - else - { - DBG1(DBG_CFG, "fstat RADIUS attribute '%s' failed: %s", - path, strerror(errno)); + DBG1(DBG_CFG, "adding RADIUS %N attribute", + radius_attribute_type_names, data->ptr[0]); + message->add_notify(message, FALSE, RADIUS_ATTRIBUTE, *data); } - close(fd); + chunk_unmap(data); } else { @@ -212,9 +180,9 @@ radattr_listener_t *radattr_listener_create() .destroy = _destroy, }, .dir = lib->settings->get_str(lib->settings, - "%s.plugins.radattr.dir", NULL, charon->name), + "%s.plugins.radattr.dir", NULL, lib->ns), .mid = lib->settings->get_int(lib->settings, - "%s.plugins.radattr.message_id", -1, charon->name), + "%s.plugins.radattr.message_id", -1, lib->ns), ); return &this->public; diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in index f56840410..43f3c6fbf 100644 --- a/src/libcharon/plugins/smp/Makefile.in +++ b/src/libcharon/plugins/smp/Makefile.in @@ -216,8 +216,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in index cfcee2f79..155113e48 100644 --- a/src/libcharon/plugins/socket_default/Makefile.in +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index ea976dfe9..081d3efc7 100644 --- a/src/libcharon/plugins/socket_default/socket_default_socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -617,7 +617,7 @@ static int open_socket(private_socket_default_socket_t *this, mark_t mark; fwmark = lib->settings->get_str(lib->settings, - "%s.plugins.socket-default.fwmark", NULL, charon->name); + "%s.plugins.socket-default.fwmark", NULL, lib->ns); if (fwmark && mark_from_string(fwmark, &mark)) { if (setsockopt(skt, SOL_SOCKET, SO_MARK, &mark.value, @@ -657,10 +657,10 @@ static bool use_family(int family) { case AF_INET: return lib->settings->get_bool(lib->settings, - "%s.plugins.socket-default.use_ipv4", TRUE, charon->name); + "%s.plugins.socket-default.use_ipv4", TRUE, lib->ns); case AF_INET6: return lib->settings->get_bool(lib->settings, - "%s.plugins.socket-default.use_ipv6", TRUE, charon->name); + "%s.plugins.socket-default.use_ipv6", TRUE, lib->ns); default: return FALSE; } @@ -735,14 +735,14 @@ socket_default_socket_t *socket_default_socket_create() }, }, .port = lib->settings->get_int(lib->settings, - "%s.port", CHARON_UDP_PORT, charon->name), + "%s.port", CHARON_UDP_PORT, lib->ns), .natt = lib->settings->get_int(lib->settings, - "%s.port_nat_t", CHARON_NATT_PORT, charon->name), + "%s.port_nat_t", CHARON_NATT_PORT, lib->ns), .max_packet = lib->settings->get_int(lib->settings, - "%s.max_packet", MAX_PACKET, charon->name), + "%s.max_packet", MAX_PACKET, lib->ns), .set_source = lib->settings->get_bool(lib->settings, "%s.plugins.socket-default.set_source", TRUE, - charon->name), + lib->ns), ); if (this->port && this->port == this->natt) diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in index 1efbdabbc..da40a433b 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.in +++ b/src/libcharon/plugins/socket_dynamic/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c index 012f18e31..3161a709f 100644 --- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c +++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c @@ -668,7 +668,7 @@ socket_dynamic_socket_t *socket_dynamic_socket_create() }, .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), .max_packet = lib->settings->get_int(lib->settings, - "%s.max_packet", MAX_PACKET, charon->name), + "%s.max_packet", MAX_PACKET, lib->ns), ); if (pipe(this->notify) != 0) diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in index 18461fa04..963804932 100644 --- a/src/libcharon/plugins/sql/Makefile.in +++ b/src/libcharon/plugins/sql/Makefile.in @@ -216,8 +216,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/sql/sql_logger.c b/src/libcharon/plugins/sql/sql_logger.c index 547e7691e..9a7a6e0ff 100644 --- a/src/libcharon/plugins/sql/sql_logger.c +++ b/src/libcharon/plugins/sql/sql_logger.c @@ -141,7 +141,7 @@ sql_logger_t *sql_logger_create(database_t *db) .db = db, .recursive = thread_value_create(NULL), .level = lib->settings->get_int(lib->settings, - "%s.plugins.sql.loglevel", -1, charon->name), + "%s.plugins.sql.loglevel", -1, lib->ns), ); return &this->public; diff --git a/src/libcharon/plugins/sql/sql_plugin.c b/src/libcharon/plugins/sql/sql_plugin.c index c1b4461d2..c5dd6e8b3 100644 --- a/src/libcharon/plugins/sql/sql_plugin.c +++ b/src/libcharon/plugins/sql/sql_plugin.c @@ -73,7 +73,7 @@ static bool open_database(private_sql_plugin_t *this, char *uri; uri = lib->settings->get_str(lib->settings, "%s.plugins.sql.database", - NULL, charon->name); + NULL, lib->ns); if (!uri) { DBG1(DBG_CFG, "sql plugin: database URI not set"); diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index a913e063e..11a8771cc 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -220,8 +220,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index 2e10f324b..e5e6d9246 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -880,7 +880,7 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, else { vip = host_create_from_string(token, 0); - if (vip) + if (!vip) { DBG1(DBG_CFG, "ignored invalid subnet token: %s", token); } diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c index b583bfc53..f770d7c9e 100644 --- a/src/libcharon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c @@ -778,7 +778,7 @@ stroke_control_t *stroke_control_create() .destroy = _destroy, }, .timeout = lib->settings->get_int(lib->settings, - "%s.plugins.stroke.timeout", 0, charon->name), + "%s.plugins.stroke.timeout", 0, lib->ns), ); return &this->public; diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index 8d0001271..f908219ed 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -17,8 +17,6 @@ #include <sys/types.h> #include <sys/stat.h> #include <limits.h> -#include <libgen.h> -#include <sys/mman.h> #include <fcntl.h> #include <errno.h> #include <unistd.h> @@ -521,7 +519,16 @@ METHOD(stroke_cred_t, cache_cert, void, if (cert->get_encoding(cert, CERT_ASN1_DER, &chunk)) { - chunk_write(chunk, buf, "crl", 022, TRUE); + if (chunk_write(chunk, buf, 022, TRUE)) + { + DBG1(DBG_CFG, " written crl file '%s' (%d bytes)", + buf, chunk.len); + } + else + { + DBG1(DBG_CFG, " writing crl file '%s' failed: %s", + buf, strerror(errno)); + } free(chunk.ptr); } } @@ -1092,46 +1099,24 @@ static bool load_shared(mem_cred_t *secrets, chunk_t line, int line_nr, static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets, char *file, int level, FILE *prompt) { - int line_nr = 0, fd; - chunk_t src, line; - struct stat sb; - void *addr; + int line_nr = 0; + chunk_t *src, line; DBG1(DBG_CFG, "loading secrets from '%s'", file); - fd = open(file, O_RDONLY); - if (fd == -1) + src = chunk_map(file, FALSE); + if (!src) { DBG1(DBG_CFG, "opening secrets file '%s' failed: %s", file, strerror(errno)); return; } - if (fstat(fd, &sb) == -1) - { - DBG1(DBG_LIB, "getting file size of '%s' failed: %s", file, - strerror(errno)); - close(fd); - return; - } - if (sb.st_size == 0) - { /* skip empty files, as mmap() complains */ - close(fd); - return; - } - addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); - if (addr == MAP_FAILED) - { - DBG1(DBG_LIB, "mapping '%s' failed: %s", file, strerror(errno)); - close(fd); - return; - } - src = chunk_create(addr, sb.st_size); if (!secrets) { secrets = mem_cred_create(); } - while (fetchline(&src, &line)) + while (fetchline(src, &line)) { chunk_t ids, token; shared_key_type_t type; @@ -1172,8 +1157,7 @@ static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets, } else { /* use directory of current file if relative */ - dir = strdup(file); - dir = dirname(dir); + dir = path_dirname(file); if (line.len + 1 + strlen(dir) + 1 > sizeof(pattern)) { @@ -1272,8 +1256,7 @@ static void load_secrets(private_stroke_cred_t *this, mem_cred_t *secrets, break; } } - munmap(addr, sb.st_size); - close(fd); + chunk_unmap(src); if (level == 0) { /* replace secrets in active credential set */ @@ -1394,7 +1377,7 @@ stroke_cred_t *stroke_cred_create() this->force_ca_cert = lib->settings->get_bool(lib->settings, "%s.plugins.stroke.ignore_missing_ca_basic_constraint", - FALSE, charon->name); + FALSE, lib->ns); load_certs(this); load_secrets(this, NULL, SECRETS_FILE, 0, NULL); diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index 3adebb523..169ff2bf6 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Tobias Brunner + * Copyright (C) 2011-2013 Tobias Brunner * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -99,6 +99,11 @@ struct private_stroke_socket_t { * Counter values for IKE events */ stroke_counter_t *counter; + + /** + * TRUE if log level changes are not allowed + */ + bool prevent_loglevel_changes; }; /** @@ -490,6 +495,25 @@ static void stroke_leases(private_stroke_socket_t *this, } /** + * Callback function for usage report + */ +static void report_usage(FILE *out, int count, size_t bytes, + backtrace_t *bt, bool detailed) +{ + fprintf(out, "%zu bytes total, %d allocations, %zu bytes average:\n", + bytes, count, bytes / count); + bt->log(bt, out, detailed); +} + +/** + * Callback function for memusage summary + */ +static void sum_usage(FILE *out, int count, size_t bytes, int whitelisted) +{ + fprintf(out, "Total memory usage: %zu\n", bytes); +} + +/** * Show memory usage */ static void stroke_memusage(private_stroke_socket_t *this, @@ -497,7 +521,9 @@ static void stroke_memusage(private_stroke_socket_t *this, { if (lib->leak_detective) { - lib->leak_detective->usage(lib->leak_detective, out); + lib->leak_detective->usage(lib->leak_detective, + (leak_detective_report_cb_t)report_usage, + (leak_detective_summary_cb_t)sum_usage, out); } } @@ -546,6 +572,12 @@ static void stroke_loglevel(private_stroke_socket_t *this, DBG1(DBG_CFG, "received stroke: loglevel %d for %s", msg->loglevel.level, msg->loglevel.type); + if (this->prevent_loglevel_changes) + { + DBG1(DBG_CFG, "prevented log level change"); + fprintf(out, "command not allowed!\n"); + return; + } if (strcaseeq(msg->loglevel.type, "any")) { group = DBG_ANY; @@ -555,7 +587,7 @@ static void stroke_loglevel(private_stroke_socket_t *this, group = enum_from_name(debug_names, msg->loglevel.type); if ((int)group < 0) { - fprintf(out, "invalid type (%s)!\n", msg->loglevel.type); + fprintf(out, "unknown type '%s'!\n", msg->loglevel.type); return; } } @@ -591,8 +623,8 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream) return FALSE; } - /* read message */ - msg = malloc(len); + /* read message (we need an additional byte to terminate the buffer) */ + msg = malloc(len + 1); msg->length = len; if (!stream->read_all(stream, (char*)msg + sizeof(len), len - sizeof(len))) { @@ -603,6 +635,9 @@ static bool on_accept(private_stroke_socket_t *this, stream_t *stream) free(msg); return FALSE; } + /* make sure even incorrectly unterminated strings don't extend over the + * message boundaries */ + ((char*)msg)[len] = '\0'; DBG3(DBG_CFG, "stroke message %b", (void*)msg, len); @@ -727,6 +762,8 @@ stroke_socket_t *stroke_socket_create() .public = { .destroy = _destroy, }, + .prevent_loglevel_changes = lib->settings->get_bool(lib->settings, + "%s.plugins.stroke.prevent_loglevel_changes", FALSE, lib->ns), ); this->cred = stroke_cred_create(); @@ -746,10 +783,10 @@ stroke_socket_t *stroke_socket_create() charon->bus->add_listener(charon->bus, &this->counter->listener); max_concurrent = lib->settings->get_int(lib->settings, - "%s.plugins.stroke.max_concurrent", MAX_CONCURRENT_DEFAULT, - charon->name); + "%s.plugins.stroke.max_concurrent", MAX_CONCURRENT_DEFAULT, + lib->ns); uri = lib->settings->get_str(lib->settings, - "%s.plugins.stroke.socket", "unix://" STROKE_SOCKET, charon->name); + "%s.plugins.stroke.socket", "unix://" STROKE_SOCKET, lib->ns); this->service = lib->streams->create_service(lib->streams, uri, 10); if (!this->service) { diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in index 8ad5c88ba..63724728a 100644 --- a/src/libcharon/plugins/systime_fix/Makefile.in +++ b/src/libcharon/plugins/systime_fix/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/systime_fix/systime_fix_plugin.c b/src/libcharon/plugins/systime_fix/systime_fix_plugin.c index c8596114c..c1594b0b2 100644 --- a/src/libcharon/plugins/systime_fix/systime_fix_plugin.c +++ b/src/libcharon/plugins/systime_fix/systime_fix_plugin.c @@ -178,9 +178,9 @@ static bool load_validator(private_systime_fix_plugin_t *this) char *str, *fmt; fmt = lib->settings->get_str(lib->settings, - "%s.plugins.%s.threshold_format", "%Y", charon->name, get_name(this)); + "%s.plugins.%s.threshold_format", "%Y", lib->ns, get_name(this)); str = lib->settings->get_str(lib->settings, - "%s.plugins.%s.threshold", NULL, charon->name, get_name(this)); + "%s.plugins.%s.threshold", NULL, lib->ns, get_name(this)); if (!str) { DBG1(DBG_CFG, "no threshold configured for %s, disabled", @@ -274,9 +274,9 @@ plugin_t *systime_fix_plugin_create() }, }, .interval = lib->settings->get_int(lib->settings, - "%s.plugins.%s.interval", 0, charon->name, get_name(this)), + "%s.plugins.%s.interval", 0, lib->ns, get_name(this)), .reauth = lib->settings->get_bool(lib->settings, - "%s.plugins.%s.reauth", FALSE, charon->name, get_name(this)), + "%s.plugins.%s.reauth", FALSE, lib->ns, get_name(this)), ); return &this->public.plugin; diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in index ca995b01f..ace18e77c 100644 --- a/src/libcharon/plugins/tnc_ifmap/Makefile.in +++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in @@ -221,8 +221,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c index 4ad19c530..d2ba2e345 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c @@ -191,8 +191,8 @@ tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload) /* schedule periodic transmission of IF-MAP renewSession request */ reschedule = lib->settings->get_int(lib->settings, - "%s.plugins.tnc-ifmap.renew_session_interval", - IFMAP_RENEW_SESSION_INTERVAL, charon->name); + "%s.plugins.tnc-ifmap.renew_session_interval", + IFMAP_RENEW_SESSION_INTERVAL, lib->ns); job = (job_t*)tnc_ifmap_renew_session_job_create( this->ifmap->get_ref(this->ifmap), reschedule); diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c index df7d2e2a1..8f24daea3 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c @@ -134,8 +134,8 @@ METHOD(tnc_ifmap_soap_t, newSession, bool, /* set PEP and PDP device name (defaults to IF-MAP Publisher ID) */ this->device_name = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-ifmap.device_name", - this->ifmap_publisher_id, charon->name); + "%s.plugins.tnc-ifmap.device_name", + this->ifmap_publisher_id, lib->ns); this->device_name = strdup(this->device_name); return this->session_id && this->ifmap_publisher_id; @@ -731,15 +731,15 @@ static bool soap_init(private_tnc_ifmap_soap_t *this) /* getting configuration parameters from strongswan.conf */ server_uri = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-ifmap.server_uri", IFMAP_URI, charon->name); + "%s.plugins.tnc-ifmap.server_uri", IFMAP_URI, lib->ns); server_cert = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-ifmap.server_cert", NULL, charon->name); + "%s.plugins.tnc-ifmap.server_cert", NULL, lib->ns); client_cert = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-ifmap.client_cert", NULL, charon->name); + "%s.plugins.tnc-ifmap.client_cert", NULL, lib->ns); client_key = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-ifmap.client_key", NULL, charon->name); + "%s.plugins.tnc-ifmap.client_key", NULL, lib->ns); user_pass = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-ifmap.username_password", NULL, charon->name); + "%s.plugins.tnc-ifmap.username_password", NULL, lib->ns); /* load [self-signed] MAP server certificate */ if (!server_cert) diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in index d263bdec4..b2958efdb 100644 --- a/src/libcharon/plugins/tnc_pdp/Makefile.in +++ b/src/libcharon/plugins/tnc_pdp/Makefile.in @@ -222,8 +222,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -291,6 +289,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -379,12 +382,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -399,6 +406,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c index 31cee9e2b..89237f564 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c @@ -758,19 +758,19 @@ tnc_pdp_t *tnc_pdp_create(void) bool radius_enable, pt_tls_enable; server = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-pdp.server", NULL, charon->name); + "%s.plugins.tnc-pdp.server", NULL, lib->ns); pt_tls_enable = lib->settings->get_bool(lib->settings, - "%s.plugins.tnc-pdp.pt_tls.enable", TRUE, charon->name); + "%s.plugins.tnc-pdp.pt_tls.enable", TRUE, lib->ns); pt_tls_port = lib->settings->get_int(lib->settings, - "%s.plugins.tnc-pdp.pt_tls.port", PT_TLS_PORT, charon->name); + "%s.plugins.tnc-pdp.pt_tls.port", PT_TLS_PORT, lib->ns); radius_enable = lib->settings->get_bool(lib->settings, - "%s.plugins.tnc-pdp.radius.enable", TRUE, charon->name); + "%s.plugins.tnc-pdp.radius.enable", TRUE, lib->ns); radius_port = lib->settings->get_int(lib->settings, - "%s.plugins.tnc-pdp.radius.port", RADIUS_PORT, charon->name); + "%s.plugins.tnc-pdp.radius.port", RADIUS_PORT, lib->ns); secret = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-pdp.radius.secret", NULL, charon->name); + "%s.plugins.tnc-pdp.radius.secret", NULL, lib->ns); eap_type_str = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-pdp.radius.method", "ttls", charon->name); + "%s.plugins.tnc-pdp.radius.method", "ttls", lib->ns); if (!pt_tls_enable && !radius_enable) { diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c index f789c31d2..6c7659bb1 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp_connections.c @@ -298,7 +298,7 @@ tnc_pdp_connections_t *tnc_pdp_connections_create(void) .list = linked_list_create(), .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), .timeout = lib->settings->get_int(lib->settings, - "%s.plugins.tnc-pdp.timeout", DEFAULT_TIMEOUT, charon->name), + "%s.plugins.tnc-pdp.timeout", DEFAULT_TIMEOUT, lib->ns), ); return &this->public; diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in index b36a53394..b2b473c32 100644 --- a/src/libcharon/plugins/uci/Makefile.in +++ b/src/libcharon/plugins/uci/Makefile.in @@ -216,8 +216,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/unit_tester/Makefile.in b/src/libcharon/plugins/unit_tester/Makefile.in index 2f8a65c07..2d9f59678 100644 --- a/src/libcharon/plugins/unit_tester/Makefile.in +++ b/src/libcharon/plugins/unit_tester/Makefile.in @@ -221,8 +221,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in index 11d6091db..65fe14e1d 100644 --- a/src/libcharon/plugins/unity/Makefile.in +++ b/src/libcharon/plugins/unity/Makefile.in @@ -217,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c index edff51a08..9f72a80da 100644 --- a/src/libcharon/plugins/unity/unity_narrow.c +++ b/src/libcharon/plugins/unity/unity_narrow.c @@ -97,9 +97,9 @@ static void narrow_initiator(private_unity_narrow_t *this, ike_sa_t *ike_sa, } /** - * As initiator, bump up TS to 0.0.0.0/0 for on-the-wire bits + * As initiator and responder, bump up TS to 0.0.0.0/0 for on-the-wire bits */ -static void narrow_initiator_pre(linked_list_t *list) +static void narrow_pre(linked_list_t *list, char *side) { traffic_selector_t *ts; @@ -112,7 +112,7 @@ static void narrow_initiator_pre(linked_list_t *list) "255.255.255.255", 65535); if (ts) { - DBG2(DBG_CFG, "changing proposed traffic selectors for other:"); + DBG2(DBG_CFG, "changing proposed traffic selectors for %s:", side); DBG2(DBG_CFG, " %R", ts); list->insert_last(list, ts); } @@ -149,12 +149,15 @@ METHOD(listener_t, narrow, bool, switch (type) { case NARROW_INITIATOR_PRE_AUTH: - narrow_initiator_pre(remote); + narrow_pre(remote, "other"); break; case NARROW_INITIATOR_POST_AUTH: narrow_initiator(this, ike_sa, child_sa->get_config(child_sa), remote); break; + case NARROW_RESPONDER: + narrow_pre(local, "us"); + break; case NARROW_RESPONDER_POST: narrow_responder_post(child_sa->get_config(child_sa), local); break; diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c index ac6f93d69..86f81fcfb 100644 --- a/src/libcharon/plugins/unity/unity_provider.c +++ b/src/libcharon/plugins/unity/unity_provider.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2012 Martin Willi * Copyright (C) 2012 revosec AG * @@ -16,6 +19,7 @@ #include "unity_provider.h" #include <daemon.h> +#include <bio/bio_writer.h> typedef struct private_unity_provider_t private_unity_provider_t; @@ -31,58 +35,70 @@ struct private_unity_provider_t { }; /** - * Attribute enumerator for traffic selector list + * Attribute enumerator for UNITY_SPLIT_INCLUDE attribute */ typedef struct { /** Implements enumerator_t */ enumerator_t public; /** list of traffic selectors to enumerate */ linked_list_t *list; - /** currently enumerating subnet */ - u_char subnet[4]; - /** currently enumerating subnet mask */ - u_char mask[4]; + /** attribute value */ + chunk_t attr; } attribute_enumerator_t; +/** + * Append data from the given traffic selector to the attribute data + */ +static void append_ts(bio_writer_t *writer, traffic_selector_t *ts) +{ + host_t *net, *mask; + chunk_t padding; + u_int8_t bits; + + if (!ts->to_subnet(ts, &net, &bits)) + { + return; + } + mask = host_create_netmask(AF_INET, bits); + if (!mask) + { + net->destroy(net); + return; + } + writer->write_data(writer, net->get_address(net)); + writer->write_data(writer, mask->get_address(mask)); + /* the Cisco client parses the "padding" as protocol, src and dst port, the + * first two in network order the last in host order - no other clients seem + * to support these fields so we don't use them either */ + padding = writer->skip(writer, 6); + memset(padding.ptr, 0, padding.len); + mask->destroy(mask); + net->destroy(net); +} + METHOD(enumerator_t, attribute_enumerate, bool, attribute_enumerator_t *this, configuration_attribute_type_t *type, chunk_t *attr) { traffic_selector_t *ts; - u_int8_t i, mask; - host_t *net; + bio_writer_t *writer; - while (TRUE) + if (this->list->get_count(this->list) == 0) { - if (this->list->remove_first(this->list, (void**)&ts) != SUCCESS) - { - return FALSE; - } - if (ts->to_subnet(ts, &net, &mask)) - { - ts->destroy(ts); - break; - } - ts->destroy(ts); + return FALSE; } - memset(this->mask, 0, sizeof(this->mask)); - for (i = 0; i < sizeof(this->mask); i++) + writer = bio_writer_create(14); + while (this->list->remove_first(this->list, (void**)&ts) == SUCCESS) { - if (mask < 8) - { - this->mask[i] = 0xFF << (8 - mask); - break; - } - this->mask[i] = 0xFF; - mask -= 8; + append_ts(writer, ts); + ts->destroy(ts); } - memcpy(this->subnet, net->get_address(net).ptr, sizeof(this->subnet)); - net->destroy(net); *type = UNITY_SPLIT_INCLUDE; - *attr = chunk_create(this->subnet, sizeof(this->subnet) + sizeof(this->mask)); + *attr = this->attr = writer->extract_buf(writer); + writer->destroy(writer); return TRUE; } @@ -90,6 +106,7 @@ METHOD(enumerator_t, attribute_destroy, void, attribute_enumerator_t *this) { this->list->destroy_offset(this->list, offsetof(traffic_selector_t, destroy)); + chunk_free(&this->attr); free(this); } diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in index 697c95917..e2d6d32fb 100644 --- a/src/libcharon/plugins/updown/Makefile.in +++ b/src/libcharon/plugins/updown/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/updown/updown_handler.c b/src/libcharon/plugins/updown/updown_handler.c index 3a644380a..0894d2d07 100644 --- a/src/libcharon/plugins/updown/updown_handler.c +++ b/src/libcharon/plugins/updown/updown_handler.c @@ -188,7 +188,7 @@ METHOD(updown_handler_t, create_dns_enumerator, enumerator_t*, ike_sa = charon->bus->get_sa(charon->bus); if (!ike_sa) { - return FALSE; + return enumerator_create_empty(); } this->lock->read_lock(this->lock); diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c index 81adfdb13..2c3f93298 100644 --- a/src/libcharon/plugins/updown/updown_listener.c +++ b/src/libcharon/plugins/updown/updown_listener.c @@ -1,4 +1,5 @@ /* + * Copyright (C) 2013 Tobias Brunner * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -218,12 +219,12 @@ METHOD(listener_t, child_updown, bool, enumerator = child_sa->create_policy_enumerator(child_sa); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { - char command[1024]; + char command[2048]; host_t *my_client, *other_client; u_int8_t my_client_mask, other_client_mask; char *virtual_ip, *iface, *mark_in, *mark_out, *udp_enc, *dns, *xauth; mark_t mark; - bool is_host, is_ipv6; + bool is_host, is_ipv6, use_ipcomp; FILE *shell; my_ts->to_subnet(my_ts, &my_client, &my_client_mask); @@ -322,6 +323,9 @@ METHOD(listener_t, child_updown, bool, dns = make_dns_vars(this, ike_sa); + /* check for IPComp */ + use_ipcomp = child_sa->get_ipcomp(child_sa) != IPCOMP_NONE; + /* determine IPv4/IPv6 and client/host situation */ is_host = my_ts->is_host(my_ts, me); is_ipv6 = is_host ? (me->get_family(me) == AF_INET6) : @@ -355,6 +359,7 @@ METHOD(listener_t, child_updown, bool, "%s" "%s" "%s" + "%s" "%s", up ? "up" : "down", is_host ? "-host" : "-client", @@ -377,6 +382,7 @@ METHOD(listener_t, child_updown, bool, mark_in, mark_out, udp_enc, + use_ipcomp ? "PLUTO_IPCOMP='1' " : "", config->get_hostaccess(config) ? "PLUTO_HOST_ACCESS='1' " : "", dns, script); diff --git a/src/libcharon/plugins/updown/updown_plugin.c b/src/libcharon/plugins/updown/updown_plugin.c index 3c1aba5cc..d30267dee 100644 --- a/src/libcharon/plugins/updown/updown_plugin.c +++ b/src/libcharon/plugins/updown/updown_plugin.c @@ -58,7 +58,7 @@ static bool plugin_cb(private_updown_plugin_t *this, if (reg) { if (lib->settings->get_bool(lib->settings, - "charon.plugins.updown.dns_handler", FALSE)) + "%s.plugins.updown.dns_handler", FALSE, lib->ns)) { this->handler = updown_handler_create(); hydra->attributes->add_handler(hydra->attributes, diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in index 218ecaaf7..aa8ad2e10 100644 --- a/src/libcharon/plugins/whitelist/Makefile.in +++ b/src/libcharon/plugins/whitelist/Makefile.in @@ -225,8 +225,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -294,6 +292,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -382,12 +385,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -402,6 +409,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/whitelist/whitelist_control.c b/src/libcharon/plugins/whitelist/whitelist_control.c index 996f263c9..c1b619c3c 100644 --- a/src/libcharon/plugins/whitelist/whitelist_control.c +++ b/src/libcharon/plugins/whitelist/whitelist_control.c @@ -157,7 +157,7 @@ whitelist_control_t *whitelist_control_create(whitelist_listener_t *listener) uri = lib->settings->get_str(lib->settings, "%s.plugins.whitelist.socket", "unix://" WHITELIST_SOCKET, - charon->name); + lib->ns); this->service = lib->streams->create_service(lib->streams, uri, 10); if (!this->service) { diff --git a/src/libcharon/plugins/whitelist/whitelist_listener.c b/src/libcharon/plugins/whitelist/whitelist_listener.c index 382ee3b8b..d0357b410 100644 --- a/src/libcharon/plugins/whitelist/whitelist_listener.c +++ b/src/libcharon/plugins/whitelist/whitelist_listener.c @@ -206,7 +206,7 @@ whitelist_listener_t *whitelist_listener_create() .ids = hashtable_create((hashtable_hash_t)hash, (hashtable_equals_t)equals, 32), .enabled = lib->settings->get_bool(lib->settings, - "%s.plugins.whitelist.enable", FALSE, charon->name), + "%s.plugins.whitelist.enable", FALSE, lib->ns), ); return &this->public; diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in index c5eba1467..cf0c326e3 100644 --- a/src/libcharon/plugins/xauth_eap/Makefile.in +++ b/src/libcharon/plugins/xauth_eap/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/xauth_eap/xauth_eap.c b/src/libcharon/plugins/xauth_eap/xauth_eap.c index 5ac4f10d2..f597bb7ae 100644 --- a/src/libcharon/plugins/xauth_eap/xauth_eap.c +++ b/src/libcharon/plugins/xauth_eap/xauth_eap.c @@ -224,7 +224,7 @@ METHOD(xauth_method_t, process, status_t, name = lib->settings->get_str(lib->settings, "%s.plugins.xauth-eap.backend", "radius", - charon->name); + lib->ns); type = eap_type_from_string(name); if (!type) { diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in index 47c216177..2d18f60df 100644 --- a/src/libcharon/plugins/xauth_generic/Makefile.in +++ b/src/libcharon/plugins/xauth_generic/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in index 22244930d..8173631ae 100644 --- a/src/libcharon/plugins/xauth_noauth/Makefile.in +++ b/src/libcharon/plugins/xauth_noauth/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libcharon/plugins/xauth_pam/Makefile.am b/src/libcharon/plugins/xauth_pam/Makefile.am index a7d4f6436..1875f81d3 100644 --- a/src/libcharon/plugins/xauth_pam/Makefile.am +++ b/src/libcharon/plugins/xauth_pam/Makefile.am @@ -14,6 +14,7 @@ endif libstrongswan_xauth_pam_la_SOURCES = \ xauth_pam_plugin.h xauth_pam_plugin.c \ + xauth_pam_listener.h xauth_pam_listener.c \ xauth_pam.h xauth_pam.c libstrongswan_xauth_pam_la_LDFLAGS = -module -avoid-version -lpam diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in index dbcc4f405..1ee269e04 100644 --- a/src/libcharon/plugins/xauth_pam/Makefile.in +++ b/src/libcharon/plugins/xauth_pam/Makefile.in @@ -129,7 +129,7 @@ am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) libstrongswan_xauth_pam_la_LIBADD = am_libstrongswan_xauth_pam_la_OBJECTS = xauth_pam_plugin.lo \ - xauth_pam.lo + xauth_pam_listener.lo xauth_pam.lo libstrongswan_xauth_pam_la_OBJECTS = \ $(am_libstrongswan_xauth_pam_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -417,6 +425,7 @@ AM_CFLAGS = \ @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-xauth-pam.la libstrongswan_xauth_pam_la_SOURCES = \ xauth_pam_plugin.h xauth_pam_plugin.c \ + xauth_pam_listener.h xauth_pam_listener.c \ xauth_pam.h xauth_pam.c libstrongswan_xauth_pam_la_LDFLAGS = -module -avoid-version -lpam @@ -511,6 +520,7 @@ distclean-compile: -rm -f *.tab.c @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xauth_pam.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xauth_pam_listener.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xauth_pam_plugin.Plo@am__quote@ .c.o: diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam.c b/src/libcharon/plugins/xauth_pam/xauth_pam.c index 8ba2c764d..71c79ecc0 100644 --- a/src/libcharon/plugins/xauth_pam/xauth_pam.c +++ b/src/libcharon/plugins/xauth_pam/xauth_pam.c @@ -116,7 +116,11 @@ static void attr2string(char *buf, size_t len, chunk_t chunk) { if (chunk.len && chunk.len < len) { - snprintf(buf, len, "%.*s", (int)chunk.len, chunk.ptr); + chunk_t sane; + + chunk_printable(chunk, &sane, '?'); + snprintf(buf, len, "%.*s", (int)sane.len, sane.ptr); + chunk_clear(&sane); } } @@ -138,7 +142,7 @@ METHOD(xauth_method_t, process, status_t, /* trim to username part if email address given */ if (lib->settings->get_bool(lib->settings, "%s.plugins.xauth-pam.trim_email", - TRUE, charon->name)) + TRUE, lib->ns)) { pos = memchr(chunk.ptr, '@', chunk.len); if (pos) @@ -171,9 +175,8 @@ METHOD(xauth_method_t, process, status_t, service = lib->settings->get_str(lib->settings, "%s.plugins.xauth-pam.pam_service", lib->settings->get_str(lib->settings, - "%s.plugins.eap-gtc.pam_service", - "login", charon->name), - charon->name); + "%s.plugins.eap-gtc.pam_service", "login", lib->ns), + lib->ns); if (authenticate(service, user, pass)) { diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_listener.c b/src/libcharon/plugins/xauth_pam/xauth_pam_listener.c new file mode 100644 index 000000000..eb06f54bb --- /dev/null +++ b/src/libcharon/plugins/xauth_pam/xauth_pam_listener.c @@ -0,0 +1,144 @@ +/* + * Copyright (C) 2013 Endian srl + * Author: Andrea Bonomi - <a.bonomi@endian.com> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#define _GNU_SOURCE +#include <stdio.h> + +#include "xauth_pam_listener.h" + +#include <daemon.h> +#include <library.h> + +#include <security/pam_appl.h> + +typedef struct private_xauth_pam_listener_t private_xauth_pam_listener_t; + +/** + * Private data of an xauth_pam_listener_t object. + */ +struct private_xauth_pam_listener_t { + + /** + * Public xauth_pam_listener_t interface. + */ + xauth_pam_listener_t public; + + /** + * PAM service + */ + char *service; +}; + +/** + * PAM conv callback function + */ +static int conv(int num_msg, const struct pam_message **msg, + struct pam_response **resp, void *data) +{ + int i; + + for (i = 0; i < num_msg; i++) + { + /* ignore any text info, but fail on any interaction request */ + if (msg[i]->msg_style != PAM_TEXT_INFO) + { + return PAM_CONV_ERR; + } + } + return PAM_SUCCESS; +} + +METHOD(listener_t, ike_updown, bool, + private_xauth_pam_listener_t *this, ike_sa_t *ike_sa, bool up) +{ + struct pam_conv null_conv = { + .conv = conv, + }; + pam_handle_t *pamh = NULL; + char *user; + int ret; + + if (asprintf(&user, "%Y", ike_sa->get_other_eap_id(ike_sa)) != -1) + { + ret = pam_start(this->service, user, &null_conv, &pamh); + if (ret == PAM_SUCCESS) + { + if (up) + { + ret = pam_open_session(pamh, 0); + if (ret != PAM_SUCCESS) + { + DBG1(DBG_IKE, "XAuth pam_open_session for '%s' failed: %s", + user, pam_strerror(pamh, ret)); + } + } + else + { + ret = pam_close_session(pamh, 0); + if (ret != PAM_SUCCESS) + { + DBG1(DBG_IKE, "XAuth pam_close_session for '%s' failed: %s", + user, pam_strerror(pamh, ret)); + } + } + } + else + { + DBG1(DBG_IKE, "XAuth pam_start for '%s' failed: %s", + user, pam_strerror(pamh, ret)); + } + pam_end(pamh, ret); + free(user); + } + return TRUE; +} + +METHOD(xauth_pam_listener_t, listener_destroy, void, + private_xauth_pam_listener_t *this) +{ + free(this); +} + +xauth_pam_listener_t *xauth_pam_listener_create() +{ + private_xauth_pam_listener_t *this; + + INIT(this, + .public = { + .listener = { + .ike_updown = _ike_updown, + }, + .destroy = _listener_destroy, + }, + /* Look for PAM service, with a legacy fallback for the eap-gtc plugin. + * Default to "login". */ + .service = lib->settings->get_str(lib->settings, + "%s.plugins.xauth-pam.pam_service", + lib->settings->get_str(lib->settings, + "%s.plugins.eap-gtc.pam_service", + "login", lib->ns), + lib->ns), + ); + + return &this->public; +} diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_listener.h b/src/libcharon/plugins/xauth_pam/xauth_pam_listener.h new file mode 100644 index 000000000..5b15410f4 --- /dev/null +++ b/src/libcharon/plugins/xauth_pam/xauth_pam_listener.h @@ -0,0 +1,58 @@ +/* + * Copyright (C) 2013 Endian srl + * Author: Andrea Bonomi - <a.bonomi@endian.com> + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +/** + * @defgroup xauth_pam_i xauth_pam + * @{ @ingroup xauth_pam + */ + +#ifndef XAUTH_PAM_LISENER_H_ +#define XAUTH_PAM_LISTENER_H_ + +typedef struct xauth_pam_listener_t xauth_pam_listener_t; + +#include <bus/listeners/listener.h> + +/** + * Listener + */ +struct xauth_pam_listener_t { + + /** + * Implements listener_t interface. + */ + listener_t listener; + + /** + * Destroy a xauth_pam_listener_t. + */ + void (*destroy)(xauth_pam_listener_t *this); +}; + +/** + * Create a xauth_pam_listener instance. + */ +xauth_pam_listener_t *xauth_pam_listener_create(); + + +#endif /** XAUTH_PAM_LISTENER_H_ @}*/ diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c index 2ef9a6c8f..497ad3dd9 100644 --- a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c +++ b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c @@ -15,6 +15,7 @@ #include "xauth_pam_plugin.h" #include "xauth_pam.h" +#include "xauth_pam_listener.h" #include <daemon.h> @@ -22,26 +23,73 @@ #define CAP_AUDIT_WRITE 29 #endif +typedef struct private_xauth_pam_plugin_t private_xauth_pam_plugin_t; + +/** + * private data of xauth_pam plugin + */ +struct private_xauth_pam_plugin_t { + + /** + * implements plugin interface + */ + xauth_pam_plugin_t public; + + /** + * Listener + */ + xauth_pam_listener_t *listener; + + /** + * Do PAM session management? + */ + bool session; +}; + +/** + * Register XAuth method and listener + */ +static bool register_listener(private_xauth_pam_plugin_t *this, + plugin_feature_t *feature, bool reg, void *data) +{ + if (reg) + { + charon->bus->add_listener(charon->bus, &this->listener->listener); + } + else + { + charon->bus->remove_listener(charon->bus, &this->listener->listener); + } + return TRUE; +} + METHOD(plugin_t, get_name, char*, - xauth_pam_plugin_t *this) + private_xauth_pam_plugin_t *this) { return "xauth-pam"; } METHOD(plugin_t, get_features, int, - xauth_pam_plugin_t *this, plugin_feature_t *features[]) + private_xauth_pam_plugin_t *this, plugin_feature_t *features[]) { static plugin_feature_t f[] = { PLUGIN_CALLBACK(xauth_method_register, xauth_pam_create_server), PLUGIN_PROVIDE(XAUTH_SERVER, "pam"), + PLUGIN_CALLBACK((plugin_feature_callback_t)register_listener, NULL), + PLUGIN_PROVIDE(CUSTOM, "pam-session"), }; *features = f; + if (!this->session) + { + return 2; + } return countof(f); } METHOD(plugin_t, destroy, void, - xauth_pam_plugin_t *this) + private_xauth_pam_plugin_t *this) { + this->listener->destroy(this->listener), free(this); } @@ -50,7 +98,7 @@ METHOD(plugin_t, destroy, void, */ plugin_t *xauth_pam_plugin_create() { - xauth_pam_plugin_t *this; + private_xauth_pam_plugin_t *this; /* required for PAM authentication */ if (!lib->caps->keep(lib->caps, CAP_AUDIT_WRITE)) @@ -60,12 +108,17 @@ plugin_t *xauth_pam_plugin_create() } INIT(this, - .plugin = { - .get_name = _get_name, - .get_features = _get_features, - .destroy = _destroy, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, }, + .session = lib->settings->get_str(lib->settings, + "%s.plugins.xauth-pam.session", FALSE, lib->ns), + .listener = xauth_pam_listener_create(), ); - return &this->plugin; + return &this->public.plugin; } diff --git a/src/libcharon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c index 9ab69b417..197733979 100644 --- a/src/libcharon/processing/jobs/inactivity_job.c +++ b/src/libcharon/processing/jobs/inactivity_job.c @@ -73,12 +73,13 @@ METHOD(job_t, execute, job_requeue_t, { if (child_sa->get_reqid(child_sa) == this->reqid) { - time_t in, out, diff; + time_t in, out, install, diff; child_sa->get_usestats(child_sa, TRUE, &in, NULL, NULL); child_sa->get_usestats(child_sa, FALSE, &out, NULL, NULL); + install = child_sa->get_installtime(child_sa); - diff = time_monotonic(NULL) - max(in, out); + diff = time_monotonic(NULL) - max(max(in, out), install); if (diff >= this->timeout) { diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 9c3876a94..720a58553 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -120,6 +120,11 @@ struct private_child_sa_t { time_t expire_time; /** + * absolute time when SA has been installed + */ + time_t install_time; + + /** * state of the CHILD_SA */ child_sa_state_t state; @@ -586,6 +591,12 @@ METHOD(child_sa_t, get_lifetime, time_t, return hard ? this->expire_time : this->rekey_time; } +METHOD(child_sa_t, get_installtime, time_t, + private_child_sa_t *this) +{ + return this->install_time; +} + METHOD(child_sa_t, alloc_spi, u_int32_t, private_child_sa_t *this, protocol_id_t protocol) { @@ -1140,6 +1151,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, .get_proposal = _get_proposal, .set_proposal = _set_proposal, .get_lifetime = _get_lifetime, + .get_installtime = _get_installtime, .get_usestats = _get_usestats, .get_mark = _get_mark, .has_encap = _has_encap, @@ -1170,6 +1182,7 @@ child_sa_t * child_sa_create(host_t *me, host_t* other, .reqid = config->get_reqid(config), .mark_in = config->get_mark(config, TRUE), .mark_out = config->get_mark(config, FALSE), + .install_time = time_monotonic(NULL), ); this->config = config; diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index ed52d60b1..a0c6c357f 100644 --- a/src/libcharon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -265,6 +265,13 @@ struct child_sa_t { time_t (*get_lifetime)(child_sa_t *this, bool hard); /** + * Get the absolute time when this SA has been installed. + * + * @return monotonic absolute install time + */ + time_t (*get_installtime)(child_sa_t *this); + + /** * Get last use time and the number of bytes processed. * * @param inbound TRUE for inbound traffic, FALSE for outbound diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index 028208782..2c15dc5eb 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -687,6 +687,14 @@ METHOD(ike_sa_t, set_state, void, DBG1(DBG_IKE, "maximum IKE_SA lifetime %ds", t); } trigger_dpd = this->peer_cfg->get_dpd(this->peer_cfg); + if (trigger_dpd) + { + /* Some peers delay the DELETE after rekeying an IKE_SA. + * If this delay is longer than our DPD delay, we would + * send a DPD request here. The IKE_SA is not ready to do + * so yet, so prevent that. */ + this->stats[STAT_INBOUND] = this->stats[STAT_ESTABLISHED]; + } } break; } @@ -1162,26 +1170,13 @@ METHOD(ike_sa_t, initiate, status_t, #endif /* ME */ ) { - bool is_anyaddr; - host_t *host; char *addr; - addr = this->ike_cfg->get_my_addr(this->ike_cfg); - host = this->ike_cfg->resolve_other(this->ike_cfg, AF_UNSPEC); - is_anyaddr = host && host->is_anyaddr(host); - DESTROY_IF(host); - - if (is_anyaddr || !this->retry_initiate_interval) + addr = this->ike_cfg->get_other_addr(this->ike_cfg); + if (!this->retry_initiate_interval) { - if (is_anyaddr) - { - DBG1(DBG_IKE, "unable to initiate to %s", addr); - } - else - { - DBG1(DBG_IKE, "unable to resolve %s, initiate aborted", - addr); - } + DBG1(DBG_IKE, "unable to resolve %s, initiate aborted", + addr); DESTROY_IF(child_cfg); charon->bus->alert(charon->bus, ALERT_PEER_ADDR_FAILED); return DESTROY_ME; @@ -2130,7 +2125,10 @@ METHOD(ike_sa_t, destroy, void, charon->bus->set_sa(charon->bus, &this->public); set_state(this, IKE_DESTROYING); - DESTROY_IF(this->task_manager); + if (this->task_manager) + { + this->task_manager->flush(this->task_manager); + } /* remove attributes first, as we pass the IKE_SA to the handler */ while (array_remove(this->attributes, ARRAY_TAIL, &entry)) @@ -2174,6 +2172,7 @@ METHOD(ike_sa_t, destroy, void, charon->bus->set_sa(charon->bus, NULL); array_destroy(this->child_sas); + DESTROY_IF(this->task_manager); DESTROY_IF(this->keymat); array_destroy(this->attributes); array_destroy(this->my_vips); @@ -2330,11 +2329,11 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator, .attributes = array_create(sizeof(attribute_entry_t), 0), .unique_id = ref_get(&unique_id), .keepalive_interval = lib->settings->get_time(lib->settings, - "%s.keep_alive", KEEPALIVE_INTERVAL, charon->name), + "%s.keep_alive", KEEPALIVE_INTERVAL, lib->ns), .retry_initiate_interval = lib->settings->get_time(lib->settings, - "%s.retry_initiate_interval", 0, charon->name), + "%s.retry_initiate_interval", 0, lib->ns), .flush_auth_cfg = lib->settings->get_bool(lib->settings, - "%s.flush_auth_cfg", FALSE, charon->name), + "%s.flush_auth_cfg", FALSE, lib->ns), ); if (version == IKEV2) diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 5768803aa..f2f81cf33 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -2150,17 +2150,17 @@ ike_sa_manager_t *ike_sa_manager_create() } this->ikesa_limit = lib->settings->get_int(lib->settings, - "%s.ikesa_limit", 0, charon->name); + "%s.ikesa_limit", 0, lib->ns); this->table_size = get_nearest_powerof2(lib->settings->get_int( lib->settings, "%s.ikesa_table_size", - DEFAULT_HASHTABLE_SIZE, charon->name)); + DEFAULT_HASHTABLE_SIZE, lib->ns)); this->table_size = max(1, min(this->table_size, MAX_HASHTABLE_SIZE)); this->table_mask = this->table_size - 1; this->segment_count = get_nearest_powerof2(lib->settings->get_int( lib->settings, "%s.ikesa_table_segments", - DEFAULT_SEGMENT_COUNT, charon->name)); + DEFAULT_SEGMENT_COUNT, lib->ns)); this->segment_count = max(1, min(this->segment_count, this->table_size)); this->segment_mask = this->segment_count - 1; @@ -2200,6 +2200,6 @@ ike_sa_manager_t *ike_sa_manager_create() } this->reuse_ikesa = lib->settings->get_bool(lib->settings, - "%s.reuse_ikesa", TRUE, charon->name); + "%s.reuse_ikesa", TRUE, lib->ns); return &this->public; } diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 597416e36..8fc158bba 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -339,10 +339,8 @@ METHOD(task_manager_t, flush_queue, void, } } -/** - * flush all tasks in the task manager - */ -static void flush(private_task_manager_t *this) +METHOD(task_manager_t, flush, void, + private_task_manager_t *this) { flush_queue(this, TASK_QUEUE_QUEUED); flush_queue(this, TASK_QUEUE_PASSIVE); @@ -1581,7 +1579,7 @@ METHOD(task_manager_t, process_message, status_t, lib->scheduler->schedule_job(lib->scheduler, job, lib->settings->get_int(lib->settings, "%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT, - charon->name)); + lib->ns)); } this->ike_sa->update_hosts(this->ike_sa, me, other, TRUE); charon->bus->message(charon->bus, msg, TRUE, TRUE); @@ -2070,6 +2068,7 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa) .adopt_child_tasks = _adopt_child_tasks, .busy = _busy, .create_task_enumerator = _create_task_enumerator, + .flush = _flush, .flush_queue = _flush_queue, .destroy = _destroy, }, @@ -2083,9 +2082,9 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa) .frag = { .exchange = ID_PROT, .max_packet = lib->settings->get_int(lib->settings, - "%s.max_packet", MAX_PACKET, charon->name), + "%s.max_packet", MAX_PACKET, lib->ns), .size = lib->settings->get_int(lib->settings, - "%s.fragment_size", MAX_FRAGMENT_SIZE, charon->name), + "%s.fragment_size", MAX_FRAGMENT_SIZE, lib->ns), }, .ike_sa = ike_sa, .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK), @@ -2093,11 +2092,11 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa) .active_tasks = linked_list_create(), .passive_tasks = linked_list_create(), .retransmit_tries = lib->settings->get_int(lib->settings, - "%s.retransmit_tries", RETRANSMIT_TRIES, charon->name), + "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns), .retransmit_timeout = lib->settings->get_double(lib->settings, - "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, charon->name), + "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns), .retransmit_base = lib->settings->get_double(lib->settings, - "%s.retransmit_base", RETRANSMIT_BASE, charon->name), + "%s.retransmit_base", RETRANSMIT_BASE, lib->ns), ); if (!this->rng) diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 46cbb879b..6cc3e04b3 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -421,7 +421,7 @@ METHOD(task_t, process_r, status_t, case AUTH_PSK: if (!lib->settings->get_bool(lib->settings, "%s.i_dont_care" "_about_security_and_use_aggressive_mode_psk", - FALSE, charon->name)) + FALSE, lib->ns)) { DBG1(DBG_IKE, "Aggressive Mode PSK disabled for " "security reasons"); @@ -478,7 +478,7 @@ METHOD(task_t, process_r, status_t, while (TRUE) { if (this->ph1->verify_auth(this->ph1, this->method, message, - this->id_data)) + chunk_clone(this->id_data))) { break; } @@ -487,12 +487,10 @@ METHOD(task_t, process_r, status_t, this->method, TRUE, NULL); if (!this->peer_cfg) { - this->id_data = chunk_empty; return send_delete(this); } this->ike_sa->set_peer_cfg(this->ike_sa, this->peer_cfg); } - this->id_data = chunk_empty; if (!charon->bus->authorize(charon->bus, FALSE)) { diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c index 11155b287..e07ac0ab4 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c @@ -191,9 +191,9 @@ static void build(private_isakmp_vendor_t *this, message_t *message) int i; strongswan = lib->settings->get_bool(lib->settings, - "%s.send_vendor_id", FALSE, charon->name); + "%s.send_vendor_id", FALSE, lib->ns); cisco_unity = lib->settings->get_bool(lib->settings, - "%s.cisco_unity", FALSE, charon->name); + "%s.cisco_unity", FALSE, lib->ns); ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); fragmentation = ike_cfg->fragmentation(ike_cfg) != FRAGMENTATION_NO; if (!this->initiator && fragmentation) diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 12ee594b9..6e7da9852 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -194,7 +194,7 @@ static void schedule_inactivity_timeout(private_quick_mode_t *this) if (timeout) { close_ike = lib->settings->get_bool(lib->settings, - "%s.inactivity_close_ike", FALSE, charon->name); + "%s.inactivity_close_ike", FALSE, lib->ns); lib->scheduler->schedule_job(lib->scheduler, (job_t*) inactivity_job_create(this->child_sa->get_reqid(this->child_sa), timeout, close_ike), timeout); diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 4d0683f0a..8c7ba8d55 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -278,6 +278,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, { DBG1(DBG_IKE, "no %N selected", transform_type_names, PSEUDO_RANDOM_FUNCTION); + chunk_clear(&secret); return FALSE; } this->prf_alg = alg; @@ -287,6 +288,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, DBG1(DBG_IKE, "%N %N not supported!", transform_type_names, PSEUDO_RANDOM_FUNCTION, pseudo_random_function_names, alg); + chunk_clear(&secret); return FALSE; } DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &secret); @@ -339,6 +341,7 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, { DBG1(DBG_IKE, "PRF of old SA %N not supported!", pseudo_random_function_names, rekey_function); + chunk_clear(&secret); chunk_free(&full_nonce); chunk_free(&fixed_nonce); chunk_clear(&prf_plus_seed); @@ -450,17 +453,6 @@ METHOD(keymat_v2_t, derive_child_keys, bool, chunk_t seed, secret = chunk_empty; prf_plus_t *prf_plus; - if (dh) - { - if (dh->get_shared_secret(dh, &secret) != SUCCESS) - { - return FALSE; - } - DBG4(DBG_CHD, "DH secret %B", &secret); - } - seed = chunk_cata("mcc", secret, nonce_i, nonce_r); - DBG4(DBG_CHD, "seed %B", &seed); - if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &enc_alg, &enc_size)) { @@ -527,7 +519,21 @@ METHOD(keymat_v2_t, derive_child_keys, bool, { return FALSE; } + + if (dh) + { + if (dh->get_shared_secret(dh, &secret) != SUCCESS) + { + return FALSE; + } + DBG4(DBG_CHD, "DH secret %B", &secret); + } + seed = chunk_cata("scc", secret, nonce_i, nonce_r); + DBG4(DBG_CHD, "seed %B", &seed); + prf_plus = prf_plus_create(this->prf, TRUE, seed); + memwipe(seed.ptr, seed.len); + if (!prf_plus) { return FALSE; @@ -590,7 +596,7 @@ METHOD(keymat_v2_t, get_auth_octets, bool, idx = chunk_cata("cc", chunk, id->get_encoding(id)); DBG3(DBG_IKE, "IDx' %B", &idx); - DBG3(DBG_IKE, "SK_p %B", &skp); + DBG4(DBG_IKE, "SK_p %B", &skp); if (!this->prf->set_key(this->prf, skp) || !this->prf->allocate_bytes(this->prf, idx, &chunk)) { diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index 8e6da1609..ac3be900f 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -184,10 +184,8 @@ METHOD(task_manager_t, flush_queue, void, } } -/** - * flush all tasks in the task manager - */ -static void flush(private_task_manager_t *this) +METHOD(task_manager_t, flush, void, + private_task_manager_t *this) { flush_queue(this, TASK_QUEUE_QUEUED); flush_queue(this, TASK_QUEUE_PASSIVE); @@ -1231,7 +1229,7 @@ METHOD(task_manager_t, process_message, status_t, lib->scheduler->schedule_job(lib->scheduler, job, lib->settings->get_int(lib->settings, "%s.half_open_timeout", HALF_OPEN_IKE_SA_TIMEOUT, - charon->name)); + lib->ns)); } return SUCCESS; } @@ -1569,6 +1567,7 @@ task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa) .adopt_child_tasks = _adopt_child_tasks, .busy = _busy, .create_task_enumerator = _create_task_enumerator, + .flush = _flush, .flush_queue = _flush_queue, .destroy = _destroy, }, @@ -1579,11 +1578,11 @@ task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa) .active_tasks = array_create(0, 0), .passive_tasks = array_create(0, 0), .retransmit_tries = lib->settings->get_int(lib->settings, - "%s.retransmit_tries", RETRANSMIT_TRIES, charon->name), + "%s.retransmit_tries", RETRANSMIT_TRIES, lib->ns), .retransmit_timeout = lib->settings->get_double(lib->settings, - "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, charon->name), + "%s.retransmit_timeout", RETRANSMIT_TIMEOUT, lib->ns), .retransmit_base = lib->settings->get_double(lib->settings, - "%s.retransmit_base", RETRANSMIT_BASE, charon->name), + "%s.retransmit_base", RETRANSMIT_BASE, lib->ns), ); return &this->public; diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 7cfa537a9..df7bc96d6 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -293,7 +293,7 @@ static void schedule_inactivity_timeout(private_child_create_t *this) if (timeout) { close_ike = lib->settings->get_bool(lib->settings, - "%s.inactivity_close_ike", FALSE, charon->name); + "%s.inactivity_close_ike", FALSE, lib->ns); lib->scheduler->schedule_job(lib->scheduler, (job_t*) inactivity_job_create(this->child_sa->get_reqid(this->child_sa), timeout, close_ike), timeout); @@ -1072,7 +1072,7 @@ static void handle_child_sa_failure(private_child_create_t *this, { if (message->get_exchange_type(message) == IKE_AUTH && lib->settings->get_bool(lib->settings, - "%s.close_ike_on_child_failure", FALSE, charon->name)) + "%s.close_ike_on_child_failure", FALSE, lib->ns)) { /* we delay the delete for 100ms, as the IKE_AUTH response must arrive * first */ diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index 8f83c4884..800dab07e 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -120,7 +120,7 @@ struct private_ike_auth_t { static bool multiple_auth_enabled() { return lib->settings->get_bool(lib->settings, - "%s.multiple_authentication", TRUE, charon->name); + "%s.multiple_authentication", TRUE, lib->ns); } /** diff --git a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c index 2cbe8f8c5..bd28b29d7 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c +++ b/src/libcharon/sa/ikev2/tasks/ike_cert_pre.c @@ -428,7 +428,7 @@ static void build_certreqs(private_ike_cert_pre_t *this, message_t *message) message->add_payload(message, (payload_t*)req); if (lib->settings->get_bool(lib->settings, - "%s.hash_and_url", FALSE, charon->name)) + "%s.hash_and_url", FALSE, lib->ns)) { message->add_notify(message, FALSE, HTTP_CERT_LOOKUP_SUPPORTED, chunk_empty); diff --git a/src/libcharon/sa/ikev2/tasks/ike_vendor.c b/src/libcharon/sa/ikev2/tasks/ike_vendor.c index 2730f5876..16ac16673 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_vendor.c +++ b/src/libcharon/sa/ikev2/tasks/ike_vendor.c @@ -42,24 +42,60 @@ struct private_ike_vendor_t { }; /** - * strongSwan specific vendor ID without version, MD5("strongSwan") + * Vendor ID database entry */ -static chunk_t strongswan_vid = chunk_from_chars( - 0x88,0x2f,0xe5,0x6d,0x6f,0xd2,0x0d,0xbc, - 0x22,0x51,0x61,0x3b,0x2e,0xbe,0x5b,0xeb -); +typedef struct { + /* Description */ + char *desc; + /* extension flag negotiated with vendor ID, if any */ + ike_extension_t extension; + /* length of vendor ID string, 0 for NULL terminated */ + int len; + /* vendor ID string */ + char *id; +} vid_data_t; + +/** + * Get the data of a vendor ID as a chunk + */ +static chunk_t get_vid_data(vid_data_t *data) +{ + return chunk_create(data->id, data->len ?: strlen(data->id)); +} + +/** + * IKEv2 Vendor ID database entry + */ +static vid_data_t vids[] = { + /* strongSwan MD5("strongSwan") */ + { "strongSwan", EXT_STRONGSWAN, 16, + "\x88\x2f\xe5\x6d\x6f\xd2\x0d\xbc\x22\x51\x61\x3b\x2e\xbe\x5b\xeb"}, + { "Cisco Delete Reason", 0, 0, + "CISCO-DELETE-REASON" }, + { "Cisco Copyright (c) 2009", 0, 0, + "CISCO(COPYRIGHT)&Copyright (c) 2009 Cisco Systems, Inc." }, + { "FRAGMENTATION", 0, 16, + "\x40\x48\xb7\xd5\x6e\xbc\xe8\x85\x25\xe7\xde\x7f\x00\xd6\xc2\xd3"}, +}; METHOD(task_t, build, status_t, private_ike_vendor_t *this, message_t *message) { - if (lib->settings->get_bool(lib->settings, - "%s.send_vendor_id", FALSE, charon->name)) - { - vendor_id_payload_t *vid; + vendor_id_payload_t *vid; + bool strongswan; + int i; - vid = vendor_id_payload_create_data(VENDOR_ID, - chunk_clone(strongswan_vid)); - message->add_payload(message, &vid->payload_interface); + strongswan = lib->settings->get_bool(lib->settings, + "%s.send_vendor_id", FALSE, lib->ns); + for (i = 0; i < countof(vids); i++) + { + if (vids[i].extension == EXT_STRONGSWAN && strongswan) + { + DBG2(DBG_IKE, "sending %s vendor ID", vids[i].desc); + vid = vendor_id_payload_create_data(VENDOR_ID, + chunk_clone(get_vid_data(&vids[i]))); + message->add_payload(message, &vid->payload_interface); + } } return this->initiator ? NEED_MORE : SUCCESS; @@ -70,6 +106,7 @@ METHOD(task_t, process, status_t, { enumerator_t *enumerator; payload_t *payload; + int i; enumerator = message->create_payload_enumerator(message); while (enumerator->enumerate(enumerator, &payload)) @@ -78,16 +115,26 @@ METHOD(task_t, process, status_t, { vendor_id_payload_t *vid; chunk_t data; + bool found = FALSE; vid = (vendor_id_payload_t*)payload; data = vid->get_data(vid); - if (chunk_equals(data, strongswan_vid)) + for (i = 0; i < countof(vids); i++) { - DBG1(DBG_IKE, "received strongSwan vendor ID"); - this->ike_sa->enable_extension(this->ike_sa, EXT_STRONGSWAN); + if (chunk_equals(get_vid_data(&vids[i]), data)) + { + DBG1(DBG_IKE, "received %s vendor ID", vids[i].desc); + if (vids[i].extension) + { + this->ike_sa->enable_extension(this->ike_sa, + vids[i].extension); + } + found = TRUE; + break; + } } - else + if (!found) { DBG1(DBG_ENC, "received unknown vendor ID: %#B", &data); } diff --git a/src/libcharon/sa/task_manager.h b/src/libcharon/sa/task_manager.h index a1ebb4117..e7a6bf463 100644 --- a/src/libcharon/sa/task_manager.h +++ b/src/libcharon/sa/task_manager.h @@ -261,6 +261,11 @@ struct task_manager_t { task_queue_t queue); /** + * Flush all tasks, regardless of the queue. + */ + void (*flush)(task_manager_t *this); + + /** * Flush a queue, cancelling all tasks. * * @param queue queue to flush diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c index 1f66d6ceb..7e55d6b0f 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c @@ -19,7 +19,6 @@ #include <hydra.h> #include <daemon.h> #include <threading/rwlock.h> -#include <threading/thread_value.h> #include <collections/linked_list.h> @@ -63,11 +62,6 @@ struct private_trap_manager_t { rwlock_t *lock; /** - * track if the current thread is installing a trap policy - */ - thread_value_t *installing; - - /** * listener to track acquiring IKE_SAs */ trap_listener_t listener; @@ -77,6 +71,8 @@ struct private_trap_manager_t { * A installed trap entry */ typedef struct { + /** name of the trapped CHILD_SA */ + char *name; /** ref to peer_cfg to initiate */ peer_cfg_t *peer_cfg; /** ref to instanciated CHILD_SA */ @@ -94,6 +90,7 @@ static void destroy_entry(entry_t *entry) { entry->child_sa->destroy(entry->child_sa); entry->peer_cfg->destroy(entry->peer_cfg); + free(entry->name); free(entry); } @@ -137,27 +134,42 @@ METHOD(trap_manager_t, install, u_int32_t, } this->lock->write_lock(this->lock); - this->installing->set(this->installing, this); enumerator = this->traps->create_enumerator(this->traps); while (enumerator->enumerate(enumerator, &entry)) { - if (streq(entry->child_sa->get_name(entry->child_sa), - child->get_name(child))) + if (streq(entry->name, child->get_name(child))) { - this->traps->remove_at(this->traps, enumerator); found = entry; + if (entry->child_sa) + { /* replace it with an updated version, if already installed */ + this->traps->remove_at(this->traps, enumerator); + } break; } } enumerator->destroy(enumerator); if (found) - { /* config might have changed so update everything */ - DBG1(DBG_CFG, "updating already routed CHILD_SA '%s'", - child->get_name(child)); + { + if (!found->child_sa) + { + DBG1(DBG_CFG, "CHILD_SA '%s' is already being routed", found->name); + this->lock->unlock(this->lock); + return 0; + } + /* config might have changed so update everything */ + DBG1(DBG_CFG, "updating already routed CHILD_SA '%s'", found->name); reqid = found->child_sa->get_reqid(found->child_sa); } + INIT(entry, + .name = strdup(child->get_name(child)), + .peer_cfg = peer->get_ref(peer), + ); + this->traps->insert_first(this->traps, entry); + /* don't hold lock while creating CHILD_SA and installing policies */ + this->lock->unlock(this->lock); + /* create and route CHILD_SA */ child_sa = child_sa_create(me, other, child, reqid, FALSE); @@ -185,24 +197,19 @@ METHOD(trap_manager_t, install, u_int32_t, if (status != SUCCESS) { DBG1(DBG_CFG, "installing trap failed"); + this->lock->write_lock(this->lock); + this->traps->remove(this->traps, entry, NULL); + this->lock->unlock(this->lock); + entry->child_sa = child_sa; + destroy_entry(entry); reqid = 0; - /* hold off destroying the CHILD_SA until we released the lock */ } else { - INIT(entry, - .child_sa = child_sa, - .peer_cfg = peer->get_ref(peer), - ); - this->traps->insert_last(this->traps, entry); reqid = child_sa->get_reqid(child_sa); - } - this->installing->set(this->installing, NULL); - this->lock->unlock(this->lock); - - if (status != SUCCESS) - { - child_sa->destroy(child_sa); + this->lock->write_lock(this->lock); + entry->child_sa = child_sa; + this->lock->unlock(this->lock); } if (found) { @@ -221,7 +228,8 @@ METHOD(trap_manager_t, uninstall, bool, enumerator = this->traps->create_enumerator(this->traps); while (enumerator->enumerate(enumerator, &entry)) { - if (entry->child_sa->get_reqid(entry->child_sa) == reqid) + if (entry->child_sa && + entry->child_sa->get_reqid(entry->child_sa) == reqid) { this->traps->remove_at(this->traps, enumerator); found = entry; @@ -236,7 +244,6 @@ METHOD(trap_manager_t, uninstall, bool, DBG1(DBG_CFG, "trap %d not found to uninstall", reqid); return FALSE; } - destroy_entry(found); return TRUE; } @@ -247,6 +254,10 @@ METHOD(trap_manager_t, uninstall, bool, static bool trap_filter(rwlock_t *lock, entry_t **entry, peer_cfg_t **peer_cfg, void *none, child_sa_t **child_sa) { + if (!(*entry)->child_sa) + { /* skip entries that are currently being installed */ + return FALSE; + } if (peer_cfg) { *peer_cfg = (*entry)->peer_cfg; @@ -271,28 +282,24 @@ METHOD(trap_manager_t, find_reqid, u_int32_t, private_trap_manager_t *this, child_cfg_t *child) { enumerator_t *enumerator; - child_cfg_t *current; entry_t *entry; u_int32_t reqid = 0; - if (this->installing->get(this->installing)) - { /* current thread holds the lock */ - return reqid; - } this->lock->read_lock(this->lock); enumerator = this->traps->create_enumerator(this->traps); while (enumerator->enumerate(enumerator, &entry)) { - current = entry->child_sa->get_config(entry->child_sa); - if (streq(current->get_name(current), child->get_name(child))) + if (streq(entry->name, child->get_name(child))) { - reqid = entry->child_sa->get_reqid(entry->child_sa); + if (entry->child_sa) + { + reqid = entry->child_sa->get_reqid(entry->child_sa); + } break; } } enumerator->destroy(enumerator); this->lock->unlock(this->lock); - return reqid; } @@ -310,7 +317,8 @@ METHOD(trap_manager_t, acquire, void, enumerator = this->traps->create_enumerator(this->traps); while (enumerator->enumerate(enumerator, &entry)) { - if (entry->child_sa->get_reqid(entry->child_sa) == reqid) + if (entry->child_sa && + entry->child_sa->get_reqid(entry->child_sa) == reqid) { found = entry; break; @@ -365,6 +373,7 @@ METHOD(trap_manager_t, acquire, void, else { ike_sa->destroy(ike_sa); + charon->bus->set_sa(charon->bus, NULL); } } peer->destroy(peer); @@ -445,7 +454,6 @@ METHOD(trap_manager_t, destroy, void, { charon->bus->remove_listener(charon->bus, &this->listener.listener); this->traps->destroy_function(this->traps, (void*)destroy_entry); - this->installing->destroy(this->installing); this->lock->destroy(this->lock); free(this); } @@ -476,7 +484,6 @@ trap_manager_t *trap_manager_create(void) }, .traps = linked_list_create(), .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), - .installing = thread_value_create(NULL), ); charon->bus->add_listener(charon->bus, &this->listener.listener); diff --git a/src/libcharon/sa/xauth/xauth_manager.c b/src/libcharon/sa/xauth/xauth_manager.c index 17eecc2c9..3aabe7eae 100644 --- a/src/libcharon/sa/xauth/xauth_manager.c +++ b/src/libcharon/sa/xauth/xauth_manager.c @@ -13,6 +13,9 @@ * for more details. */ +#define _GNU_SOURCE /* for stdndup() */ +#include <string.h> + #include "xauth_manager.h" #include <collections/linked_list.h> diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in index 032385431..dbfb9889b 100644 --- a/src/libfast/Makefile.in +++ b/src/libfast/Makefile.in @@ -219,8 +219,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libfast/fast_request.c b/src/libfast/fast_request.c index 0673750b7..a56a59167 100644 --- a/src/libfast/fast_request.c +++ b/src/libfast/fast_request.c @@ -23,7 +23,6 @@ #include <pthread.h> #include <string.h> #include <unistd.h> -#include <sys/mman.h> #include <sys/stat.h> #include <fcntl.h> @@ -294,31 +293,17 @@ METHOD(fast_request_t, serve, void, METHOD(fast_request_t, sendfile, bool, private_fast_request_t *this, char *path, char *mime) { - struct stat sb; - chunk_t data; - void *addr; - int fd, written; + chunk_t *data; + int written; char buf[24]; - fd = open(path, O_RDONLY); - if (fd == -1) + data = chunk_map(path, FALSE); + if (!data) { return FALSE; } - if (fstat(fd, &sb) == -1) - { - close(fd); - return FALSE; - } - addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); - if (addr == MAP_FAILED) - { - close(fd); - return FALSE; - } - /* FCGX does not like large integers, print to a buffer using libc */ - snprintf(buf, sizeof(buf), "%lld", (int64_t)sb.st_size); + snprintf(buf, sizeof(buf), "%lld", (int64_t)data->len); FCGX_FPrintF(this->req.out, "Content-Length: %s\n", buf); if (mime) { @@ -326,22 +311,18 @@ METHOD(fast_request_t, sendfile, bool, } FCGX_FPrintF(this->req.out, "\n"); - data = chunk_create(addr, sb.st_size); - - while (data.len) + while (data->len) { - written = FCGX_PutStr(data.ptr, data.len, this->req.out); + written = FCGX_PutStr(data->ptr, data->len, this->req.out); if (written == -1) { - munmap(addr, sb.st_size); - close(fd); + chunk_unmap(data); return FALSE; } - data = chunk_skip(data, written); + *data = chunk_skip(*data, written); } - munmap(addr, sb.st_size); - close(fd); + chunk_unmap(data); return TRUE; } diff --git a/src/libhydra/Android.mk b/src/libhydra/Android.mk index 429feed55..ff134da7b 100644 --- a/src/libhydra/Android.mk +++ b/src/libhydra/Android.mk @@ -26,7 +26,6 @@ LOCAL_SRC_FILES += $(call add_plugin, kernel-netlink) # build libhydra --------------------------------------------------------------- LOCAL_C_INCLUDES += \ - $(libvstr_PATH) \ $(strongswan_PATH)/src/include \ $(strongswan_PATH)/src/libstrongswan diff --git a/src/libhydra/Makefile.in b/src/libhydra/Makefile.in index d3c3ed459..5e0bf3f17 100644 --- a/src/libhydra/Makefile.in +++ b/src/libhydra/Makefile.in @@ -275,8 +275,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -344,6 +342,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -432,12 +435,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -452,6 +459,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libhydra/attributes/mem_pool.c b/src/libhydra/attributes/mem_pool.c index 77567ce48..cc45e5629 100644 --- a/src/libhydra/attributes/mem_pool.c +++ b/src/libhydra/attributes/mem_pool.c @@ -573,7 +573,7 @@ static private_mem_pool_t *create_generic(char *name) (hashtable_equals_t)id_equals, 16), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .reassign_online = lib->settings->get_bool(lib->settings, - "%s.mem-pool.reassign_online", FALSE, hydra->daemon), + "%s.mem-pool.reassign_online", FALSE, lib->ns), ); return this; diff --git a/src/libhydra/hydra.c b/src/libhydra/hydra.c index f531bd5f4..1b5065081 100644 --- a/src/libhydra/hydra.c +++ b/src/libhydra/hydra.c @@ -59,7 +59,6 @@ void libhydra_deinit() this->public.attributes->destroy(this->public.attributes); this->public.kernel_interface->destroy(this->public.kernel_interface); - free((void*)this->public.daemon); free(this); hydra = NULL; } @@ -67,7 +66,7 @@ void libhydra_deinit() /** * Described in header. */ -bool libhydra_init(const char *daemon) +bool libhydra_init() { private_hydra_t *this; @@ -81,7 +80,6 @@ bool libhydra_init(const char *daemon) INIT(this, .public = { .attributes = attribute_manager_create(), - .daemon = strdup(daemon ?: "libhydra"), }, .ref = 1, ); diff --git a/src/libhydra/hydra.h b/src/libhydra/hydra.h index 2a8709d72..94209ff59 100644 --- a/src/libhydra/hydra.h +++ b/src/libhydra/hydra.h @@ -53,11 +53,6 @@ struct hydra_t { * kernel interface to communicate with kernel */ kernel_interface_t *kernel_interface; - - /** - * name of the daemon that initialized the library - */ - const char *daemon; }; /** @@ -70,15 +65,12 @@ extern hydra_t *hydra; /** * Initialize libhydra. * - * The daemon's name is used to load daemon-specific settings. - * * libhydra_init() may be called multiple times in a single process, but each - * caller should call libhydra_deinit() for each call to libhydra_init(). + * caller must call libhydra_deinit() for each call to libhydra_init(). * - * @param daemon name of the daemon that initializes the library * @return FALSE if integrity check failed */ -bool libhydra_init(const char *daemon); +bool libhydra_init(); /** * Deinitialize libhydra. diff --git a/src/libhydra/kernel/kernel_interface.c b/src/libhydra/kernel/kernel_interface.c index cbfddd03b..3e34d20a6 100644 --- a/src/libhydra/kernel/kernel_interface.c +++ b/src/libhydra/kernel/kernel_interface.c @@ -796,12 +796,12 @@ kernel_interface_t *kernel_interface_create() ); ifaces = lib->settings->get_str(lib->settings, - "%s.interfaces_use", NULL, hydra->daemon); + "%s.interfaces_use", NULL, lib->ns); if (!ifaces) { this->ifaces_exclude = TRUE; ifaces = lib->settings->get_str(lib->settings, - "%s.interfaces_ignore", NULL, hydra->daemon); + "%s.interfaces_ignore", NULL, lib->ns); } if (ifaces) { diff --git a/src/libhydra/plugins/attr/Makefile.in b/src/libhydra/plugins/attr/Makefile.in index af0a77fe3..e762b7757 100644 --- a/src/libhydra/plugins/attr/Makefile.in +++ b/src/libhydra/plugins/attr/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libhydra/plugins/attr/attr_provider.c b/src/libhydra/plugins/attr/attr_provider.c index 1a2fa7f28..a27fd57b1 100644 --- a/src/libhydra/plugins/attr/attr_provider.c +++ b/src/libhydra/plugins/attr/attr_provider.c @@ -109,7 +109,7 @@ static void add_legacy_entry(private_attr_provider_t *this, char *key, int nr, host_t *host; char *str; - str = lib->settings->get_str(lib->settings, "%s.%s%d", NULL, hydra->daemon, + str = lib->settings->get_str(lib->settings, "%s.%s%d", NULL, lib->ns, key, nr); if (str) { @@ -179,7 +179,7 @@ static void load_entries(private_attr_provider_t *this) } enumerator = lib->settings->create_key_value_enumerator(lib->settings, - "%s.plugins.attr", hydra->daemon); + "%s.plugins.attr", lib->ns); while (enumerator->enumerate(enumerator, &key, &value)) { configuration_attribute_type_t type; @@ -190,6 +190,10 @@ static void load_entries(private_attr_provider_t *this) char *pos; int i, mask = -1, family; + if (streq(key, "load")) + { + continue; + } type = atoi(key); if (!type) { diff --git a/src/libhydra/plugins/attr_sql/Makefile.in b/src/libhydra/plugins/attr_sql/Makefile.in index 7b7b5de05..1d258f2fb 100644 --- a/src/libhydra/plugins/attr_sql/Makefile.in +++ b/src/libhydra/plugins/attr_sql/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c index 702872c57..dde90051a 100644 --- a/src/libhydra/plugins/attr_sql/attr_sql_plugin.c +++ b/src/libhydra/plugins/attr_sql/attr_sql_plugin.c @@ -61,7 +61,7 @@ static bool open_database(private_attr_sql_plugin_t *this, char *uri; uri = lib->settings->get_str(lib->settings, - "libhydra.plugins.attr-sql.database", NULL); + "%s.plugins.attr-sql.database", NULL, lib->ns); if (!uri) { DBG1(DBG_CFG, "attr-sql plugin: database URI not set"); @@ -122,6 +122,8 @@ plugin_t *attr_sql_plugin_create() }, }, ); + lib->settings->add_fallback(lib->settings, "%s.plugins.attr-sql", + "libhydra.plugins.attr-sql", lib->ns); return &this->public.plugin; } diff --git a/src/libhydra/plugins/attr_sql/sql_attribute.c b/src/libhydra/plugins/attr_sql/sql_attribute.c index 0a06c419f..d527c3fba 100644 --- a/src/libhydra/plugins/attr_sql/sql_attribute.c +++ b/src/libhydra/plugins/attr_sql/sql_attribute.c @@ -457,7 +457,7 @@ sql_attribute_t *sql_attribute_create(database_t *db) }, .db = db, .history = lib->settings->get_bool(lib->settings, - "libhydra.plugins.attr-sql.lease_history", TRUE), + "%s.plugins.attr-sql.lease_history", TRUE, lib->ns), ); /* close any "online" leases in the case we crashed */ diff --git a/src/libhydra/plugins/kernel_klips/Makefile.in b/src/libhydra/plugins/kernel_klips/Makefile.in index a639ef6c3..c804c8e81 100644 --- a/src/libhydra/plugins/kernel_klips/Makefile.in +++ b/src/libhydra/plugins/kernel_klips/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c index a226162c3..a75ccf3b6 100644 --- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c +++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c @@ -311,8 +311,8 @@ static status_t attach_ipsec_dev(char* name, char *phys_name) } mtu = lib->settings->get_int(lib->settings, - "%s.plugins.kernel-klips.ipsec_dev_mtu", 0, - hydra->daemon); + "%s.plugins.kernel-klips.ipsec_dev_mtu", 0, + lib->ns); if (mtu <= 0) { /* guess MTU as physical MTU - ESP overhead [- NAT-T overhead] @@ -2505,8 +2505,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t, static void init_ipsec_devices(private_kernel_klips_ipsec_t *this) { int i, count = lib->settings->get_int(lib->settings, - "%s.plugins.kernel-klips.ipsec_dev_count", - DEFAULT_IPSEC_DEV_COUNT, hydra->daemon); + "%s.plugins.kernel-klips.ipsec_dev_count", + DEFAULT_IPSEC_DEV_COUNT, lib->ns); for (i = 0; i < count; ++i) { @@ -2611,7 +2611,7 @@ kernel_klips_ipsec_t *kernel_klips_ipsec_create() .mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT), .install_routes = lib->settings->get_bool(lib->settings, "%s.install_routes", TRUE, - hydra->daemon), + lib->ns), ); /* initialize ipsec devices */ diff --git a/src/libhydra/plugins/kernel_netlink/Makefile.in b/src/libhydra/plugins/kernel_netlink/Makefile.in index 5f85da653..5910cfd92 100644 --- a/src/libhydra/plugins/kernel_netlink/Makefile.in +++ b/src/libhydra/plugins/kernel_netlink/Makefile.in @@ -219,8 +219,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c index 8352b9311..c864a92f4 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1203,6 +1203,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, struct nlmsghdr *hdr; struct xfrm_usersa_info *sa; u_int16_t icv_size = 64; + ipsec_mode_t original_mode = mode; status_t status = FAILED; /* if IPComp is used, we install an additional IPComp SA. if the cpi is 0 @@ -1213,7 +1214,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, tfc, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, chunk_empty, mode, ipcomp, 0, initiator, FALSE, FALSE, inbound, - NULL, NULL); + src_ts, dst_ts); ipcomp = IPCOMP_NONE; /* use transport mode ESP SA, IPComp uses tunnel mode */ mode = MODE_TRANSPORT; @@ -1243,7 +1244,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t, break; case MODE_BEET: case MODE_TRANSPORT: - if(src_ts && dst_ts) + if (original_mode == MODE_TUNNEL) + { /* don't install selectors for switched SAs. because only one + * selector can be installed other traffic would get dropped */ + break; + } + if (src_ts && dst_ts) { sa->sel = ts2selector(src_ts, dst_ts); /* don't install proto/port on SA. This would break @@ -1459,8 +1465,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t, goto failed; } - if (tfc) - { + if (tfc && protocol == IPPROTO_ESP && mode == MODE_TUNNEL) + { /* the kernel supports TFC padding only for tunnel mode ESP SAs */ u_int32_t *tfcpad; tfcpad = netlink_reserve(hdr, sizeof(request), XFRMA_TFCPAD, @@ -2679,15 +2685,15 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .policy_history = TRUE, .install_routes = lib->settings->get_bool(lib->settings, - "%s.install_routes", TRUE, hydra->daemon), + "%s.install_routes", TRUE, lib->ns), .replay_window = lib->settings->get_int(lib->settings, - "%s.replay_window", DEFAULT_REPLAY_WINDOW, hydra->daemon), + "%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns), ); this->replay_bmp = (this->replay_window + sizeof(u_int32_t) * 8 - 1) / (sizeof(u_int32_t) * 8); - if (streq(hydra->daemon, "starter")) + if (streq(lib->ns, "starter")) { /* starter has no threads, so we do not register for kernel events */ register_for_events = FALSE; } @@ -2697,7 +2703,7 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() { fprintf(f, "%u", lib->settings->get_int(lib->settings, "%s.plugins.kernel-netlink.xfrm_acq_expires", - DEFAULT_ACQUIRE_LIFETIME, hydra->daemon)); + DEFAULT_ACQUIRE_LIFETIME, lib->ns)); fclose(f); } diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c index d27075082..3cf317634 100644 --- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_net.c @@ -1962,10 +1962,13 @@ METHOD(kernel_net_t, add_route, status_t, this->routes_lock->unlock(this->routes_lock); return ALREADY_DONE; } - found = route_entry_clone(&route); - this->routes->put(this->routes, found, found); status = manage_srcroute(this, RTM_NEWROUTE, NLM_F_CREATE | NLM_F_EXCL, dst_net, prefixlen, gateway, src_ip, if_name); + if (status == SUCCESS) + { + found = route_entry_clone(&route); + this->routes->put(this->routes, found, found); + } this->routes_lock->unlock(this->routes_lock); return status; } @@ -2122,7 +2125,7 @@ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, netlink_add_attribute(hdr, RTA_PRIORITY, chunk, sizeof(request)); fwmark = lib->settings->get_str(lib->settings, - "%s.plugins.kernel-netlink.fwmark", NULL, hydra->daemon); + "%s.plugins.kernel-netlink.fwmark", NULL, lib->ns); if (fwmark) { #ifdef HAVE_LINUX_FIB_RULES_H @@ -2282,30 +2285,30 @@ kernel_netlink_net_t *kernel_netlink_net_create() .condvar = rwlock_condvar_create(), .roam_lock = spinlock_create(), .routing_table = lib->settings->get_int(lib->settings, - "%s.routing_table", ROUTING_TABLE, hydra->daemon), + "%s.routing_table", ROUTING_TABLE, lib->ns), .routing_table_prio = lib->settings->get_int(lib->settings, - "%s.routing_table_prio", ROUTING_TABLE_PRIO, hydra->daemon), + "%s.routing_table_prio", ROUTING_TABLE_PRIO, lib->ns), .process_route = lib->settings->get_bool(lib->settings, - "%s.process_route", TRUE, hydra->daemon), + "%s.process_route", TRUE, lib->ns), .install_virtual_ip = lib->settings->get_bool(lib->settings, - "%s.install_virtual_ip", TRUE, hydra->daemon), + "%s.install_virtual_ip", TRUE, lib->ns), .install_virtual_ip_on = lib->settings->get_str(lib->settings, - "%s.install_virtual_ip_on", NULL, hydra->daemon), + "%s.install_virtual_ip_on", NULL, lib->ns), .roam_events = lib->settings->get_bool(lib->settings, - "%s.plugins.kernel-netlink.roam_events", TRUE, hydra->daemon), + "%s.plugins.kernel-netlink.roam_events", TRUE, lib->ns), ); timerclear(&this->last_route_reinstall); timerclear(&this->next_roam); check_kernel_features(this); - if (streq(hydra->daemon, "starter")) + if (streq(lib->ns, "starter")) { /* starter has no threads, so we do not register for kernel events */ register_for_events = FALSE; } exclude = lib->settings->get_str(lib->settings, - "%s.ignore_routing_tables", NULL, hydra->daemon); + "%s.ignore_routing_tables", NULL, lib->ns); if (exclude) { char *token; diff --git a/src/libhydra/plugins/kernel_pfkey/Makefile.in b/src/libhydra/plugins/kernel_pfkey/Makefile.in index 8903a460e..5d0e927de 100644 --- a/src/libhydra/plugins/kernel_pfkey/Makefile.in +++ b/src/libhydra/plugins/kernel_pfkey/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index 98a6f81d5..4704d419f 100644 --- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -2861,10 +2861,10 @@ kernel_pfkey_ipsec_t *kernel_pfkey_ipsec_create() .mutex_pfkey = mutex_create(MUTEX_TYPE_DEFAULT), .install_routes = lib->settings->get_bool(lib->settings, "%s.install_routes", TRUE, - hydra->daemon), + lib->ns), ); - if (streq(hydra->daemon, "starter")) + if (streq(lib->ns, "starter")) { /* starter has no threads, so we do not register for kernel events */ register_for_events = FALSE; } diff --git a/src/libhydra/plugins/kernel_pfroute/Makefile.in b/src/libhydra/plugins/kernel_pfroute/Makefile.in index 29a70799f..8e01d2992 100644 --- a/src/libhydra/plugins/kernel_pfroute/Makefile.in +++ b/src/libhydra/plugins/kernel_pfroute/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c index bc10610cd..a8a57a5a2 100644 --- a/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libhydra/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -1420,9 +1420,12 @@ METHOD(kernel_net_t, add_route, status_t, this->routes_lock->unlock(this->routes_lock); return ALREADY_DONE; } - found = route_entry_clone(&route); - this->routes->put(this->routes, found, found); status = manage_route(this, RTM_ADD, dst_net, prefixlen, gateway, if_name); + if (status == SUCCESS) + { + found = route_entry_clone(&route); + this->routes->put(this->routes, found, found); + } this->routes_lock->unlock(this->routes_lock); return status; } @@ -1782,7 +1785,7 @@ kernel_pfroute_net_t *kernel_pfroute_net_create() .net_changes_lock = mutex_create(MUTEX_TYPE_DEFAULT), .roam_lock = spinlock_create(), .vip_wait = lib->settings->get_int(lib->settings, - "%s.plugins.kernel-pfroute.vip_wait", 1000, hydra->daemon), + "%s.plugins.kernel-pfroute.vip_wait", 1000, lib->ns), ); timerclear(&this->last_route_reinstall); timerclear(&this->next_roam); @@ -1796,7 +1799,7 @@ kernel_pfroute_net_t *kernel_pfroute_net_create() return NULL; } - if (streq(hydra->daemon, "starter")) + if (streq(lib->ns, "starter")) { /* starter has no threads, so we do not register for kernel events */ if (shutdown(this->socket, SHUT_RD) != 0) diff --git a/src/libhydra/plugins/resolve/Makefile.in b/src/libhydra/plugins/resolve/Makefile.in index 28b4b8fcf..0e520f126 100644 --- a/src/libhydra/plugins/resolve/Makefile.in +++ b/src/libhydra/plugins/resolve/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libhydra/plugins/resolve/resolve_handler.c b/src/libhydra/plugins/resolve/resolve_handler.c index 2eee854a9..069466ab5 100644 --- a/src/libhydra/plugins/resolve/resolve_handler.c +++ b/src/libhydra/plugins/resolve/resolve_handler.c @@ -361,7 +361,7 @@ resolve_handler_t *resolve_handler_create() }, .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .file = lib->settings->get_str(lib->settings, "%s.plugins.resolve.file", - RESOLV_CONF, hydra->daemon), + RESOLV_CONF, lib->ns), ); if (stat(RESOLVCONF_EXEC, &st) == 0) @@ -369,7 +369,7 @@ resolve_handler_t *resolve_handler_create() this->use_resolvconf = TRUE; this->iface_prefix = lib->settings->get_str(lib->settings, "%s.plugins.resolve.resolvconf.iface_prefix", - RESOLVCONF_PREFIX, hydra->daemon); + RESOLVCONF_PREFIX, lib->ns); } return &this->public; diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index 86f172dd8..96e759724 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -24,7 +24,6 @@ libimcv_la_SOURCES = \ imv/imv_remediation_string.h imv/imv_remediation_string.c \ imv/imv_session.h imv/imv_session.c \ imv/imv_workitem.h imv/imv_workitem.c \ - imv/tables.sql imv/data.sql \ ietf/ietf_attr.h ietf/ietf_attr.c \ ietf/ietf_attr_assess_result.h ietf/ietf_attr_assess_result.c \ ietf/ietf_attr_attr_request.h ietf/ietf_attr_attr_request.c \ @@ -53,6 +52,9 @@ libimcv_la_SOURCES = \ ipsec_SCRIPTS = imv/_imv_policy EXTRA_DIST = imv/_imv_policy +templatesdir = $(pkgdatadir)/templates/database/imv +dist_templates_DATA = imv/tables.sql imv/data.sql + ipsec_PROGRAMS = imv_policy_manager imv_policy_manager_SOURCES = \ imv/imv_policy_manager.c \ diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in index 2d488eabb..4c8287b70 100644 --- a/src/libimcv/Makefile.in +++ b/src/libimcv/Makefile.in @@ -16,6 +16,7 @@ + VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ @@ -89,7 +90,7 @@ ipsec_PROGRAMS = imv_policy_manager$(EXEEXT) @USE_IMV_OS_TRUE@am__append_6 = plugins/imv_os subdir = src/libimcv DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp + $(top_srcdir)/depcomp $(dist_templates_DATA) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -135,7 +136,7 @@ am__uninstall_files_from_dir = { \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)" \ - "$(DESTDIR)$(ipsecdir)" + "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(templatesdir)" LTLIBRARIES = $(ipseclib_LTLIBRARIES) libimcv_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ @@ -224,6 +225,7 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +DATA = $(dist_templates_DATA) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ @@ -293,8 +295,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -362,6 +362,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -450,12 +455,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -470,6 +479,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -505,7 +515,6 @@ libimcv_la_SOURCES = \ imv/imv_remediation_string.h imv/imv_remediation_string.c \ imv/imv_session.h imv/imv_session.c \ imv/imv_workitem.h imv/imv_workitem.c \ - imv/tables.sql imv/data.sql \ ietf/ietf_attr.h ietf/ietf_attr.c \ ietf/ietf_attr_assess_result.h ietf/ietf_attr_assess_result.c \ ietf/ietf_attr_attr_request.h ietf/ietf_attr_attr_request.c \ @@ -533,6 +542,8 @@ libimcv_la_SOURCES = \ ipsec_SCRIPTS = imv/_imv_policy EXTRA_DIST = imv/_imv_policy +templatesdir = $(pkgdatadir)/templates/database/imv +dist_templates_DATA = imv/tables.sql imv/data.sql imv_policy_manager_SOURCES = \ imv/imv_policy_manager.c \ imv/imv_policy_manager_usage.h imv/imv_policy_manager_usage.c @@ -891,6 +902,27 @@ clean-libtool: -rm -rf ita/.libs ita/_libs -rm -rf os_info/.libs os_info/_libs -rm -rf pa_tnc/.libs pa_tnc/_libs +install-dist_templatesDATA: $(dist_templates_DATA) + @$(NORMAL_INSTALL) + @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(templatesdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(templatesdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(templatesdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(templatesdir)" || exit $$?; \ + done + +uninstall-dist_templatesDATA: + @$(NORMAL_UNINSTALL) + @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(templatesdir)'; $(am__uninstall_files_from_dir) # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. @@ -1048,10 +1080,10 @@ distdir: $(DISTFILES) done check-am: all-am check: check-recursive -all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) +all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(DATA) installdirs: installdirs-recursive installdirs-am: - for dir in "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(ipsecdir)"; do \ + for dir in "$(DESTDIR)$(ipseclibdir)" "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(templatesdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-recursive @@ -1119,8 +1151,8 @@ info: info-recursive info-am: -install-data-am: install-ipsecPROGRAMS install-ipsecSCRIPTS \ - install-ipseclibLTLIBRARIES +install-data-am: install-dist_templatesDATA install-ipsecPROGRAMS \ + install-ipsecSCRIPTS install-ipseclibLTLIBRARIES install-dvi: install-dvi-recursive @@ -1166,8 +1198,8 @@ ps: ps-recursive ps-am: -uninstall-am: uninstall-ipsecPROGRAMS uninstall-ipsecSCRIPTS \ - uninstall-ipseclibLTLIBRARIES +uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \ + uninstall-ipsecSCRIPTS uninstall-ipseclibLTLIBRARIES .MAKE: $(am__recursive_targets) install-am install-strip @@ -1177,17 +1209,18 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-ipsecSCRIPTS \ ctags-am distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-ipsecPROGRAMS install-ipsecSCRIPTS \ + install-data-am install-dist_templatesDATA install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am \ + install-ipsecPROGRAMS install-ipsecSCRIPTS \ install-ipseclibLTLIBRARIES install-man install-pdf \ install-pdf-am install-ps install-ps-am install-strip \ installcheck installcheck-am installdirs installdirs-am \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ - uninstall-ipsecPROGRAMS uninstall-ipsecSCRIPTS \ - uninstall-ipseclibLTLIBRARIES + uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \ + uninstall-ipsecSCRIPTS uninstall-ipseclibLTLIBRARIES # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libimcv/imcv.c b/src/libimcv/imcv.c index b5862daee..2a4fd33df 100644 --- a/src/libimcv/imcv.c +++ b/src/libimcv/imcv.c @@ -109,7 +109,7 @@ bool libimcv_init(bool is_imv) else { /* we are the first to initialize libstrongswan */ - if (!library_init(NULL)) + if (!library_init(NULL, "libimcv")) { return FALSE; } @@ -134,6 +134,10 @@ bool libimcv_init(bool is_imv) } ref_get(&libstrongswan_ref); + lib->settings->add_fallback(lib->settings, "%s.imcv", "libimcv", lib->ns); + lib->settings->add_fallback(lib->settings, "%s.plugins", "libimcv.plugins", + lib->ns); + if (libimcv_ref == 0) { char *uri, *script; @@ -149,9 +153,10 @@ bool libimcv_init(bool is_imv) if (is_imv) { uri = lib->settings->get_str(lib->settings, - "libimcv.database", NULL); + "%s.imcv.database", NULL, lib->ns); script = lib->settings->get_str(lib->settings, - "libimcv.policy_script", IMCV_DEFAULT_POLICY_SCRIPT); + "%s.imcv.policy_script", IMCV_DEFAULT_POLICY_SCRIPT, + lib->ns); if (uri) { imcv_db = imv_database_create(uri, script); diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql index 241a99645..9d938b9b8 100644 --- a/src/libimcv/imv/data.sql +++ b/src/libimcv/imv/data.sql @@ -168,6 +168,42 @@ INSERT INTO products ( /* 28 */ 'Debian 7.2 x86_64' ); +INSERT INTO products ( /* 29 */ + name +) VALUES ( + 'Android 4.1.2' +); + +INSERT INTO products ( /* 30 */ + name +) VALUES ( + 'Android 4.2.2' +); + +INSERT INTO products ( /* 31 */ + name +) VALUES ( + 'Android 4.3.1' +); + +INSERT INTO products ( /* 32 */ + name +) VALUES ( + 'Android 4.4' +); + +INSERT INTO products ( /* 33 */ + name +) VALUES ( + 'Android 4.4.1' +); + +INSERT INTO products ( /* 34 */ + name +) VALUES ( + 'Android 4.4.2' +); + /* Directories */ INSERT INTO directories ( /* 1 */ @@ -568,6 +604,24 @@ INSERT INTO groups ( /* 10 */ 'Ref. Linux', 8 ); +INSERT INTO groups ( /* 11 */ + name +) VALUES ( + 'TPM BIOS' +); + +INSERT INTO groups ( /* 12 */ + name +) VALUES ( + 'TPM IMA' +); + +INSERT INTO groups ( /* 13 */ + name +) VALUES ( + 'TPM BIOS/IMA' +); + /* Default Product Groups */ INSERT INTO groups_product_defaults ( @@ -732,6 +786,42 @@ INSERT INTO groups_product_defaults ( 3, 22 ); +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 3, 29 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 3, 30 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 3, 31 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 3, 32 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 3, 33 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 3, 34 +); + /* Policies */ INSERT INTO policies ( /* 1 */ @@ -842,6 +932,24 @@ INSERT INTO policies ( /* 18 */ 15, 'SWID Tags', '', 2, 2 ); +INSERT INTO policies ( /* 19 */ + type, name, argument, rec_fail, rec_noresult +) VALUES ( + 16, 'TPM BIOS Measurements', 'B', 2, 2 +); + +INSERT INTO policies ( /* 20 */ + type, name, argument, rec_fail, rec_noresult +) VALUES ( + 16, 'TPM IMA Measurements', 'I', 2, 2 +); + +INSERT INTO policies ( /* 21 */ + type, name, argument, rec_fail, rec_noresult +) VALUES ( + 16, 'TPM BIOS/IMA Measurements', 'BI', 2, 2 +); + /* Enforcements */ INSERT INTO enforcements ( /* 1 */ @@ -928,6 +1036,24 @@ INSERT INTO enforcements ( /* 14 */ 15, 9, 0 ); +INSERT INTO enforcements ( /* 15 */ + policy, group_id, max_age +) VALUES ( + 19, 11, 60 +); + +INSERT INTO enforcements ( /* 16 */ + policy, group_id, max_age +) VALUES ( + 20, 12, 60 +); + +INSERT INTO enforcements ( /* 17 */ + policy, group_id, max_age +) VALUES ( + 21, 13, 60 +); + /* regids */ INSERT INTO regids ( /* 1 */ @@ -1058,3 +1184,9 @@ INSERT INTO tags ( 10, 'strongSwan-5-1-1' ); +INSERT INTO tags ( + regid, unique_sw_id +) VALUES ( + 10, 'strongSwan-5-1-2' +); + diff --git a/src/libimcv/imv/imv_msg.c b/src/libimcv/imv/imv_msg.c index 642b47935..e7181750c 100644 --- a/src/libimcv/imv/imv_msg.c +++ b/src/libimcv/imv/imv_msg.c @@ -208,8 +208,8 @@ METHOD(imv_msg_t, send_assessment, TNC_Result, } /* Send an IETF Assessment Result attribute if enabled */ - if (lib->settings->get_bool(lib->settings, "libimcv.assessment_result", - TRUE)) + if (lib->settings->get_bool(lib->settings, "%s.imcv.assessment_result", + TRUE, lib->ns)) { this->state->get_recommendation(this->state, &rec, &eval); attr = ietf_attr_assess_result_create(eval); diff --git a/src/libimcv/imv/imv_policy_manager.c b/src/libimcv/imv/imv_policy_manager.c index 61e0cd05b..028721af3 100644 --- a/src/libimcv/imv/imv_policy_manager.c +++ b/src/libimcv/imv/imv_policy_manager.c @@ -188,7 +188,7 @@ static bool policy_start(database_t *db, int session_id) e->destroy(e); /* if a device ID with a creation date exists, get all group memberships */ - if (device_id & created) + if (device_id && created) { e = db->query(db, "SELECT group_id FROM groups_members WHERE device_id = ?", @@ -288,7 +288,7 @@ int main(int argc, char *argv[]) atexit(library_deinit); /* initialize library */ - if (!library_init(NULL)) + if (!library_init(NULL, "imv_policy_manager")) { exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } @@ -328,7 +328,12 @@ int main(int argc, char *argv[]) session_id = atoi(tnc_session_id); /* attach IMV database */ - uri = lib->settings->get_str(lib->settings, "libimcv.database", NULL); + uri = lib->settings->get_str(lib->settings, + "imv_policy_manager.database", + lib->settings->get_str(lib->settings, + "charon.imcv.database", + lib->settings->get_str(lib->settings, + "libimcv.database", NULL))); if (!uri) { fprintf(stderr, "database uri not defined.\n"); diff --git a/src/libimcv/imv/imv_reason_string.c b/src/libimcv/imv/imv_reason_string.c index d1447ec35..c09b7bdba 100644 --- a/src/libimcv/imv/imv_reason_string.c +++ b/src/libimcv/imv/imv_reason_string.c @@ -35,6 +35,11 @@ struct private_imv_reason_string_t { char *lang; /** + * Separator concatenating multiple reasons + */ + char *separator; + + /** * Contains the concatenated reasons */ chunk_t reasons; @@ -51,7 +56,8 @@ METHOD(imv_reason_string_t, add_reason, void, if (this->reasons.len) { /* append any further reasons */ - this->reasons = chunk_cat("mcc", this->reasons, chunk_from_chars('\n'), + this->reasons = chunk_cat("mcc", this->reasons, + chunk_from_str(this->separator), chunk_create(s_reason, strlen(s_reason))); } else @@ -77,7 +83,7 @@ METHOD(imv_reason_string_t, destroy, void, /** * Described in header. */ -imv_reason_string_t *imv_reason_string_create(char *lang) +imv_reason_string_t *imv_reason_string_create(char *lang, char *separator) { private_imv_reason_string_t *this; @@ -88,6 +94,7 @@ imv_reason_string_t *imv_reason_string_create(char *lang) .destroy = _destroy, }, .lang = lang, + .separator = separator, ); return &this->public; diff --git a/src/libimcv/imv/imv_reason_string.h b/src/libimcv/imv/imv_reason_string.h index cb4c27f93..c35ec36cc 100644 --- a/src/libimcv/imv/imv_reason_string.h +++ b/src/libimcv/imv/imv_reason_string.h @@ -58,7 +58,8 @@ struct imv_reason_string_t { * Creates an Reason String object * * @param lang Preferred language + * @param separator String separating multiple reasons */ - imv_reason_string_t* imv_reason_string_create(char *lang); + imv_reason_string_t* imv_reason_string_create(char *lang, char *separator); #endif /** IMV_REASON_STRING_H_ @}*/ diff --git a/src/libimcv/imv/imv_workitem.c b/src/libimcv/imv/imv_workitem.c index 2141f73e6..8784a0ccf 100644 --- a/src/libimcv/imv/imv_workitem.c +++ b/src/libimcv/imv/imv_workitem.c @@ -20,7 +20,7 @@ typedef struct private_imv_workitem_t private_imv_workitem_t; -ENUM(imv_workitem_type_names, IMV_WORKITEM_PACKAGES, IMV_WORKITEM_SWID_TAGS, +ENUM(imv_workitem_type_names, IMV_WORKITEM_PACKAGES, IMV_WORKITEM_TPM_ATTEST, "PCKGS", "UNSRC", "FWDEN", @@ -35,7 +35,8 @@ ENUM(imv_workitem_type_names, IMV_WORKITEM_PACKAGES, IMV_WORKITEM_SWID_TAGS, "TCPBL", "UDPOP", "UDPBL", - "SWIDT" + "SWIDT", + "TPMRA" ); /** diff --git a/src/libimcv/imv/imv_workitem.h b/src/libimcv/imv/imv_workitem.h index 868997797..93a4b5874 100644 --- a/src/libimcv/imv/imv_workitem.h +++ b/src/libimcv/imv/imv_workitem.h @@ -44,7 +44,8 @@ enum imv_workitem_type_t { IMV_WORKITEM_TCP_PORT_BLOCK = 12, IMV_WORKITEM_UDP_PORT_OPEN = 13, IMV_WORKITEM_UDP_PORT_BLOCK = 14, - IMV_WORKITEM_SWID_TAGS = 15 + IMV_WORKITEM_SWID_TAGS = 15, + IMV_WORKITEM_TPM_ATTEST = 16 }; extern enum_name_t *imv_workitem_type_names; diff --git a/src/libimcv/ita/ita_attr_command.c b/src/libimcv/ita/ita_attr_command.c index f32ab2bfe..9692e1ffd 100644 --- a/src/libimcv/ita/ita_attr_command.c +++ b/src/libimcv/ita/ita_attr_command.c @@ -13,14 +13,15 @@ * for more details. */ +#define _GNU_SOURCE /* for stdndup() */ +#include <string.h> + #include "ita_attr.h" #include "ita_attr_command.h" #include <pen/pen.h> #include <utils/debug.h> -#include <string.h> - typedef struct private_ita_attr_command_t private_ita_attr_command_t; /** diff --git a/src/libimcv/ita/ita_attr_get_settings.c b/src/libimcv/ita/ita_attr_get_settings.c index 196613153..d0bc31d32 100644 --- a/src/libimcv/ita/ita_attr_get_settings.c +++ b/src/libimcv/ita/ita_attr_get_settings.c @@ -13,6 +13,9 @@ * for more details. */ +#define _GNU_SOURCE /* for stdndup() */ +#include <string.h> + #include "ita_attr.h" #include "ita_attr_get_settings.h" @@ -22,8 +25,6 @@ #include <pen/pen.h> #include <utils/debug.h> -#include <string.h> - typedef struct private_ita_attr_get_settings_t private_ita_attr_get_settings_t; /** @@ -166,7 +167,7 @@ METHOD(pa_tnc_attr_t, process, status_t, status = SUCCESS; end: - reader->destroy(reader); + reader->destroy(reader); return status; } @@ -182,7 +183,7 @@ METHOD(pa_tnc_attr_t, destroy, void, { if (ref_put(&this->ref)) { - this->list->destroy_function(this->list, free); + this->list->destroy_function(this->list, free); free(this->value.ptr); free(this); } diff --git a/src/libimcv/ita/ita_attr_settings.c b/src/libimcv/ita/ita_attr_settings.c index 9ce253d28..0d2967e66 100644 --- a/src/libimcv/ita/ita_attr_settings.c +++ b/src/libimcv/ita/ita_attr_settings.c @@ -13,6 +13,9 @@ * for more details. */ +#define _GNU_SOURCE /* for stdndup() */ +#include <string.h> + #include "ita_attr.h" #include "ita_attr_settings.h" @@ -22,8 +25,6 @@ #include <pen/pen.h> #include <utils/debug.h> -#include <string.h> - typedef struct private_ita_attr_settings_t private_ita_attr_settings_t; typedef struct entry_t entry_t; @@ -211,7 +212,7 @@ METHOD(pa_tnc_attr_t, process, status_t, status = SUCCESS; end: - reader->destroy(reader); + reader->destroy(reader); return status; } @@ -227,7 +228,7 @@ METHOD(pa_tnc_attr_t, destroy, void, { if (ref_put(&this->ref)) { - this->list->destroy_function(this->list, (void*)free_entry); + this->list->destroy_function(this->list, (void*)free_entry); free(this->value.ptr); free(this); } diff --git a/src/libimcv/os_info/os_info.c b/src/libimcv/os_info/os_info.c index 17000cd27..06427575c 100644 --- a/src/libimcv/os_info/os_info.c +++ b/src/libimcv/os_info/os_info.c @@ -560,9 +560,9 @@ os_info_t *os_info_create(void) /* As an option OS name and OS version can be configured manually */ name.ptr = lib->settings->get_str(lib->settings, - "libimcv.os_info.name", NULL); + "%s.imcv.os_info.name", NULL, lib->ns); version.ptr = lib->settings->get_str(lib->settings, - "libimcv.os_info.version", NULL); + "%s.imcv.os_info.version", NULL, lib->ns); if (name.ptr && version.ptr) { name.len = strlen(name.ptr); diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in index a44721b04..bfb3f0022 100644 --- a/src/libimcv/plugins/imc_os/Makefile.in +++ b/src/libimcv/plugins/imc_os/Makefile.in @@ -213,8 +213,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -282,6 +280,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -370,12 +373,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -390,6 +397,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index 2558be9f8..647a44957 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -387,7 +387,7 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, return TNC_RESULT_FATAL; } if (lib->settings->get_bool(lib->settings, - "libimcv.plugins.imc-os.push_info", TRUE)) + "%s.plugins.imc-os.push_info", TRUE, lib->ns)) { out_msg = imc_msg_create(imc_os, state, connection_id, imc_id, TNC_IMVID_ANY, msg_types[0]); diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in index 44b50e69b..3db0f2ba2 100644 --- a/src/libimcv/plugins/imc_scanner/Makefile.in +++ b/src/libimcv/plugins/imc_scanner/Makefile.in @@ -214,8 +214,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c index c87e827cd..2be6a87df 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c @@ -274,7 +274,7 @@ TNC_Result TNC_IMC_BeginHandshake(TNC_IMCID imc_id, return TNC_RESULT_FATAL; } if (lib->settings->get_bool(lib->settings, - "libimcv.plugins.imc-scanner.push_info", TRUE)) + "%s.plugins.imc-scanner.push_info", TRUE, lib->ns)) { out_msg = imc_msg_create(imc_scanner, state, connection_id, imc_id, TNC_IMVID_ANY, msg_types[0]); diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in index afbd244c9..64e1c271c 100644 --- a/src/libimcv/plugins/imc_test/Makefile.in +++ b/src/libimcv/plugins/imc_test/Makefile.in @@ -213,8 +213,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -282,6 +280,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -370,12 +373,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -390,6 +397,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libimcv/plugins/imc_test/imc_test.c b/src/libimcv/plugins/imc_test/imc_test.c index c97d41628..ee982d93b 100644 --- a/src/libimcv/plugins/imc_test/imc_test.c +++ b/src/libimcv/plugins/imc_test/imc_test.c @@ -91,11 +91,11 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, { case TNC_CONNECTION_STATE_CREATE: command = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-test.command", "none"); + "%s.plugins.imc-test.command", "none", lib->ns); dummy_size = lib->settings->get_int(lib->settings, - "libimcv.plugins.imc-test.dummy_size", 0); + "%s.plugins.imc-test.dummy_size", 0, lib->ns); retry = lib->settings->get_bool(lib->settings, - "libimcv.plugins.imc-test.retry", FALSE); + "%s.plugins.imc-test.retry", FALSE, lib->ns); state = imc_test_state_create(connection_id, command, dummy_size, retry); @@ -107,7 +107,7 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, /* Optionally reserve additional IMC IDs */ additional_ids = lib->settings->get_int(lib->settings, - "libimcv.plugins.imc-test.additional_ids", 0); + "%s.plugins.imc-test.additional_ids", 0, lib->ns); imc_test->reserve_additional_ids(imc_test, additional_ids - imc_test->count_additional_ids(imc_test)); @@ -127,8 +127,8 @@ TNC_Result TNC_IMC_NotifyConnectionChange(TNC_IMCID imc_id, if (!test_state->is_first_handshake(test_state)) { command = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-test.retry_command", - test_state->get_command(test_state)); + "%s.plugins.imc-test.retry_command", + test_state->get_command(test_state), lib->ns); test_state->set_command(test_state, command); } diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in index ed3fbb285..856ced897 100644 --- a/src/libimcv/plugins/imv_os/Makefile.in +++ b/src/libimcv/plugins/imv_os/Makefile.in @@ -221,8 +221,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libimcv/plugins/imv_os/imv_os_database.c b/src/libimcv/plugins/imv_os/imv_os_database.c index d2a08b0fa..12cf207d8 100644 --- a/src/libimcv/plugins/imv_os/imv_os_database.c +++ b/src/libimcv/plugins/imv_os/imv_os_database.c @@ -13,12 +13,13 @@ * for more details. */ +#define _GNU_SOURCE /* for stdndup() */ +#include <string.h> + #include "imv_os_database.h" #include <utils/debug.h> -#include <string.h> - typedef struct private_imv_os_database_t private_imv_os_database_t; /** diff --git a/src/libimcv/plugins/imv_os/imv_os_state.c b/src/libimcv/plugins/imv_os/imv_os_state.c index f6d904c3c..4f5a4b039 100644 --- a/src/libimcv/plugins/imv_os/imv_os_state.c +++ b/src/libimcv/plugins/imv_os/imv_os_state.c @@ -421,7 +421,7 @@ METHOD(imv_state_t, get_reason_string, bool, /* Instantiate a TNC Reason String object */ DESTROY_IF(this->reason_string); - this->reason_string = imv_reason_string_create(*reason_language); + this->reason_string = imv_reason_string_create(*reason_language, "\n"); if (this->count_update || this->count_blacklist) { @@ -494,7 +494,7 @@ METHOD(imv_state_t, get_remediation_instructions, bool, *string = this->remediation_string->get_encoding(this->remediation_string); *uri = lib->settings->get_str(lib->settings, - "libimcv.plugins.imv-os.remediation_uri", NULL); + "%s.plugins.imv-os.remediation_uri", NULL, lib->ns); return TRUE; } diff --git a/src/libimcv/plugins/imv_os/pacman.c b/src/libimcv/plugins/imv_os/pacman.c index 57cc62a08..019e2adb8 100644 --- a/src/libimcv/plugins/imv_os/pacman.c +++ b/src/libimcv/plugins/imv_os/pacman.c @@ -466,12 +466,12 @@ int main(int argc, char *argv[]) atexit(cleanup); /* initialize library */ - if (!library_init(NULL)) + if (!library_init(NULL, "pacman")) { exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } if (!lib->plugins->load(lib->plugins, - lib->settings->get_str(lib->settings, "attest.load", "sqlite"))) + lib->settings->get_str(lib->settings, "pacman.load", "sqlite"))) { exit(SS_RC_INITIALIZATION_FAILED); } diff --git a/src/libimcv/plugins/imv_os/pacman.sh b/src/libimcv/plugins/imv_os/pacman.sh index 621905edf..3dfea3905 100755 --- a/src/libimcv/plugins/imv_os/pacman.sh +++ b/src/libimcv/plugins/imv_os/pacman.sh @@ -13,6 +13,7 @@ DEBIAN_ARCH="binary-amd64 binary-i386" PACMAN=/usr/libexec/ipsec/pacman PACMAN_LOG="$DIR/$DATE-pacman.log" +mkdir -p $DIR/dists cd $DIR/dists for v in $UBUNTU_VERSIONS diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in index 52ac0144f..748b9a72d 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.in +++ b/src/libimcv/plugins/imv_scanner/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c index 4c570c46a..90475d34d 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_state.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_state.c @@ -281,7 +281,7 @@ METHOD(imv_state_t, get_reason_string, bool, /* Instantiate a TNC Reason String object */ DESTROY_IF(this->reason_string); - this->reason_string = imv_reason_string_create(*reason_language); + this->reason_string = imv_reason_string_create(*reason_language, "\n"); if (this->rec != TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION) { this->reason_string->add_reason(this->reason_string, reasons); @@ -314,7 +314,7 @@ METHOD(imv_state_t, get_remediation_instructions, bool, this->violating_ports); *string = this->remediation_string->get_encoding(this->remediation_string); *uri = lib->settings->get_str(lib->settings, - "libimcv.plugins.imv-scanner.remediation_uri", NULL); + "%s.plugins.imv-scanner.remediation_uri", NULL, lib->ns); return TRUE; } diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in index ec5bb8332..3c73e8f95 100644 --- a/src/libimcv/plugins/imv_test/Makefile.in +++ b/src/libimcv/plugins/imv_test/Makefile.in @@ -214,8 +214,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libimcv/plugins/imv_test/imv_test_agent.c b/src/libimcv/plugins/imv_test/imv_test_agent.c index cdf0e18cd..42630003b 100644 --- a/src/libimcv/plugins/imv_test/imv_test_agent.c +++ b/src/libimcv/plugins/imv_test/imv_test_agent.c @@ -103,7 +103,7 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state /* add any new IMC and set its number of rounds */ rounds = lib->settings->get_int(lib->settings, - "libimcv.plugins.imv-test.rounds", 0); + "%s.plugins.imv-test.rounds", 0, lib->ns); test_state = (imv_test_state_t*)state; test_state->add_imc(test_state, in_msg->get_src_id(in_msg), rounds); @@ -178,7 +178,7 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state if (result != TNC_RESULT_SUCCESS) { return result; - } + } return this->agent->provide_recommendation(this->agent, state); } @@ -200,7 +200,7 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state out_msg->add_attribute(out_msg, attr); /* send PA-TNC message with excl flag set */ - result = out_msg->send(out_msg, TRUE); + result = out_msg->send(out_msg, TRUE); out_msg->destroy(out_msg); return result; @@ -214,11 +214,11 @@ static TNC_Result receive_msg(private_imv_test_agent_t *this, imv_state_t *state if (result != TNC_RESULT_SUCCESS) { return result; - } + } return this->agent->provide_recommendation(this->agent, state); } else - { + { return TNC_RESULT_SUCCESS; } } diff --git a/src/libimcv/plugins/imv_test/imv_test_state.c b/src/libimcv/plugins/imv_test/imv_test_state.c index 0da09df67..f05db8027 100644 --- a/src/libimcv/plugins/imv_test/imv_test_state.c +++ b/src/libimcv/plugins/imv_test/imv_test_state.c @@ -228,7 +228,7 @@ METHOD(imv_state_t, get_reason_string, bool, /* Instantiate a TNC Reason String object */ DESTROY_IF(this->reason_string); - this->reason_string = imv_reason_string_create(*reason_language); + this->reason_string = imv_reason_string_create(*reason_language, "\n"); this->reason_string->add_reason(this->reason_string, reasons); *reason_string = this->reason_string->get_encoding(this->reason_string); diff --git a/src/libipsec/Android.mk b/src/libipsec/Android.mk index 37f400fc3..c5d987977 100644 --- a/src/libipsec/Android.mk +++ b/src/libipsec/Android.mk @@ -20,7 +20,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(libipsec_la_SOURCES)) # build libipsec --------------------------------------------------------------- LOCAL_C_INCLUDES += \ - $(libvstr_PATH) \ $(strongswan_PATH)/src/include \ $(strongswan_PATH)/src/libstrongswan diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in index cf44fc6f8..737edad3f 100644 --- a/src/libipsec/Makefile.in +++ b/src/libipsec/Makefile.in @@ -255,8 +255,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -324,6 +322,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -412,12 +415,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -432,6 +439,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libpts/Makefile.in b/src/libpts/Makefile.in index a9b3f19ef..05c27d9cb 100644 --- a/src/libpts/Makefile.in +++ b/src/libpts/Makefile.in @@ -293,8 +293,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -362,6 +360,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -450,12 +453,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -470,6 +477,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libpts/plugins/imc_attestation/Makefile.in b/src/libpts/plugins/imc_attestation/Makefile.in index 2d9279119..7a539ef22 100644 --- a/src/libpts/plugins/imc_attestation/Makefile.in +++ b/src/libpts/plugins/imc_attestation/Makefile.in @@ -217,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libpts/plugins/imc_attestation/imc_attestation_process.c b/src/libpts/plugins/imc_attestation/imc_attestation_process.c index 92e2e3abe..fbe81ee48 100644 --- a/src/libpts/plugins/imc_attestation/imc_attestation_process.c +++ b/src/libpts/plugins/imc_attestation/imc_attestation_process.c @@ -109,8 +109,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, int nonce_len, min_nonce_len; nonce_len = lib->settings->get_int(lib->settings, - "libimcv.plugins.imc-attestation.nonce_len", - DEFAULT_NONCE_LEN); + "%s.plugins.imc-attestation.nonce_len", + DEFAULT_NONCE_LEN, lib->ns); attr_cast = (tcg_pts_attr_dh_nonce_params_req_t*)attr; min_nonce_len = attr_cast->get_min_nonce_len(attr_cast); @@ -165,8 +165,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, initiator_nonce = attr_cast->get_initiator_nonce(attr_cast); nonce_len = lib->settings->get_int(lib->settings, - "libimcv.plugins.imc-attestation.nonce_len", - DEFAULT_NONCE_LEN); + "%s.plugins.imc-attestation.nonce_len", + DEFAULT_NONCE_LEN, lib->ns); if (nonce_len != initiator_nonce.len) { DBG1(DBG_IMC, "initiator and responder DH nonces " @@ -428,7 +428,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, } use_quote2 = lib->settings->get_bool(lib->settings, - "libimcv.plugins.imc-attestation.use_quote2", TRUE); + "%s.plugins.imc-attestation.use_quote2", TRUE, + lib->ns); if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, "e_sig)) { DBG1(DBG_IMC, "error occurred during TPM quote operation"); diff --git a/src/libpts/plugins/imc_swid/Makefile.in b/src/libpts/plugins/imc_swid/Makefile.in index f62c05a3e..e1c932e45 100644 --- a/src/libpts/plugins/imc_swid/Makefile.in +++ b/src/libpts/plugins/imc_swid/Makefile.in @@ -217,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libpts/plugins/imc_swid/imc_swid.c b/src/libpts/plugins/imc_swid/imc_swid.c index e1305805a..d4aaeff4d 100644 --- a/src/libpts/plugins/imc_swid/imc_swid.c +++ b/src/libpts/plugins/imc_swid/imc_swid.c @@ -181,8 +181,8 @@ static TNC_Result receive_message(imc_state_t *state, imc_msg_t *in_msg) full_tags = (flags & TCG_SWID_ATTR_REQ_FLAG_R) == 0; swid_directory = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-swid.swid_directory", - SWID_DIRECTORY); + "%s.plugins.imc-swid.swid_directory", + SWID_DIRECTORY, lib->ns); swid_inventory = swid_inventory_create(full_tags); if (!swid_inventory->collect(swid_inventory, swid_directory, targets)) { diff --git a/src/libpts/plugins/imv_attestation/Makefile.in b/src/libpts/plugins/imv_attestation/Makefile.in index 032d07a38..c1c14d476 100644 --- a/src/libpts/plugins/imv_attestation/Makefile.in +++ b/src/libpts/plugins/imv_attestation/Makefile.in @@ -227,8 +227,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -296,6 +294,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -384,12 +387,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -404,6 +411,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libpts/plugins/imv_attestation/attest.c b/src/libpts/plugins/imv_attestation/attest.c index 4d25df3f4..b8a6854cb 100644 --- a/src/libpts/plugins/imv_attestation/attest.c +++ b/src/libpts/plugins/imv_attestation/attest.c @@ -266,19 +266,20 @@ static void do_args(int argc, char *argv[]) continue; case 'F': { - char *path = strdup(optarg); - char *dir = dirname(path); - char *file = basename(optarg); + char *dir = path_dirname(optarg); + char *file = path_basename(optarg); if (*dir != '.') { if (!attest->set_directory(attest, dir, op == OP_ADD)) { - free(path); + free(file); + free(dir); exit(EXIT_FAILURE); } } - free(path); + free(file); + free(dir); if (!attest->set_file(attest, file, op == OP_ADD)) { exit(EXIT_FAILURE); @@ -439,7 +440,7 @@ int main(int argc, char *argv[]) atexit(library_deinit); /* initialize library */ - if (!library_init(NULL)) + if (!library_init(NULL, "attest")) { exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } diff --git a/src/libpts/plugins/imv_attestation/attest_db.c b/src/libpts/plugins/imv_attestation/attest_db.c index d7654ab43..7a8a1135a 100644 --- a/src/libpts/plugins/imv_attestation/attest_db.c +++ b/src/libpts/plugins/imv_attestation/attest_db.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011-2012 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -1555,7 +1555,7 @@ METHOD(attest_db_t, list_sessions, void, device_len = min(strlen(device), DEVICE_MAX_LEN); identity = identity.len ? identity : chunk_from_str("-"); printf("%4d: %T %2d %-20s %.*s%*s%.*s - %N\n", session_id, &created, - FALSE, conn_id, product, device_len, device, + this->utc, conn_id, product, device_len, device, DEVICE_MAX_LEN - device_len + 1, " ", (int)identity.len, identity.ptr, TNC_IMV_Action_Recommendation_names, rec); } diff --git a/src/libpts/plugins/imv_attestation/attest_usage.c b/src/libpts/plugins/imv_attestation/attest_usage.c index 324fcafc3..8f4afdbad 100644 --- a/src/libpts/plugins/imv_attestation/attest_usage.c +++ b/src/libpts/plugins/imv_attestation/attest_usage.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -24,7 +24,7 @@ void usage(void) { printf("\ Usage:\n\ - ipsec attest --components|--devices|--files|--hashes|--keys [options]\n\ + ipsec attest --components|--devices|--sessions|--files|--hashes|--keys [options]\n\ \n\ ipsec attest --measurements|--packages|--products|--add|--del [options]\n\ \n\ @@ -35,6 +35,9 @@ Usage:\n\ ipsec attest --devices [--utc]\n\ Show a list of registered devices and associated collected information\n\ \n\ + ipsec attest --sessions [--utc]\n\ + Show a chronologically sorted list of all TNC sessions\n\ + \n\ ipsec attest --files [--product <name>|--pid <id>]\n\ Show a list of files with a software product name or\n\ its primary key as an optional selector.\n\ diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c index 978c74001..e8c3c5e40 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c +++ b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c @@ -14,6 +14,9 @@ * for more details. */ +#define _GNU_SOURCE /* for stdndup() */ +#include <string.h> + #include "imv_attestation_agent.h" #include "imv_attestation_state.h" #include "imv_attestation_process.h" @@ -33,8 +36,11 @@ #include <pts/pts.h> #include <pts/pts_database.h> #include <pts/pts_creds.h> +#include <pts/components/ita/ita_comp_func_name.h> #include <tcg/tcg_attr.h> +#include <tcg/pts/tcg_pts_attr_meas_algo.h> +#include <tcg/pts/tcg_pts_attr_proto_caps.h> #include <tcg/pts/tcg_pts_attr_req_file_meas.h> #include <tcg/pts/tcg_pts_attr_req_file_meta.h> @@ -289,10 +295,15 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, imv_state_t *state; imv_session_t *session; imv_attestation_state_t *attestation_state; + imv_attestation_handshake_state_t handshake_state; + imv_workitem_t *workitem; + TNC_IMV_Action_Recommendation rec; + TNC_IMV_Evaluation_Result eval; TNC_IMVID imv_id; TNC_Result result = TNC_RESULT_SUCCESS; pts_t *pts; char *platform_info; + enumerator_t *enumerator; if (!this->agent->get_state(this->agent, id, &state)) { @@ -300,6 +311,7 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, } attestation_state = (imv_attestation_state_t*)state; pts = attestation_state->get_pts(attestation_state); + handshake_state = attestation_state->get_handshake_state(attestation_state); platform_info = pts->get_platform_info(pts); session = state->get_session(state); imv_id = this->agent->get_id(this->agent); @@ -336,21 +348,57 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, state->set_action_flags(state, IMV_ATTESTATION_FLAG_ATTR_REQ); } + if (handshake_state == IMV_ATTESTATION_STATE_INIT) + { + pa_tnc_attr_t *attr; + pts_proto_caps_flag_t flags; + + out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY, + msg_types[0]); + + /* Send Request Protocol Capabilities attribute */ + flags = pts->get_proto_caps(pts); + attr = tcg_pts_attr_proto_caps_create(flags, TRUE); + attr->set_noskip_flag(attr, TRUE); + out_msg->add_attribute(out_msg, attr); + + /* Send Measurement Algorithms attribute */ + attr = tcg_pts_attr_meas_algo_create(this->supported_algorithms, FALSE); + attr->set_noskip_flag(attr, TRUE); + out_msg->add_attribute(out_msg, attr); + + attestation_state->set_handshake_state(attestation_state, + IMV_ATTESTATION_STATE_DISCOVERY); + + /* send these initial PTS attributes and exit */ + result = out_msg->send(out_msg, FALSE); + out_msg->destroy(out_msg); + + return result; + } + + /* exit if we are not ready yet for PTS measurements */ + if (!platform_info || !session || + !(state->get_action_flags(state) & IMV_ATTESTATION_FLAG_ALGO)) + { + return TNC_RESULT_SUCCESS; + } + /* create an empty out message - we might need it */ out_msg = imv_msg_create(this->agent, state, id, imv_id, TNC_IMCID_ANY, msg_types[0]); - if (platform_info && session && - (state->get_action_flags(state) & IMV_ATTESTATION_FLAG_ALGO) && - !(state->get_action_flags(state) & IMV_ATTESTATION_FLAG_FILE_MEAS)) + /* establish the PTS measurements to be taken */ + if (!(state->get_action_flags(state) & IMV_ATTESTATION_FLAG_FILE_MEAS)) { - imv_workitem_t *workitem; bool is_dir, no_workitems = TRUE; u_int32_t delimiter = SOLIDUS_UTF; u_int16_t request_id; pa_tnc_attr_t *attr; char *pathname; - enumerator_t *enumerator; + + attestation_state->set_handshake_state(attestation_state, + IMV_ATTESTATION_STATE_END); enumerator = session->create_workitem_enumerator(session); if (enumerator) @@ -374,10 +422,75 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, case IMV_WORKITEM_DIR_META: is_dir = TRUE; break; + case IMV_WORKITEM_TPM_ATTEST: + { + pts_component_t *comp; + pts_comp_func_name_t *comp_name; + bool no_d_flag, no_t_flag; + char result_str[BUF_LEN]; + + workitem->set_imv_id(workitem, imv_id); + no_workitems = FALSE; + no_d_flag = !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D); + no_t_flag = !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T); + if (no_d_flag || no_t_flag) + { + snprintf(result_str, BUF_LEN, "%s%s%s", + (no_t_flag) ? "no TPM available" : "", + (no_t_flag && no_d_flag) ? ", " : "", + (no_d_flag) ? "no DH nonce negotiation" : ""); + eval = TNC_IMV_EVALUATION_RESULT_ERROR; + session->remove_workitem(session, enumerator); + rec = workitem->set_result(workitem, result_str, eval); + state->update_recommendation(state, rec, eval); + imcv_db->finalize_workitem(imcv_db, workitem); + workitem->destroy(workitem); + continue; + } + + /* do TPM BIOS measurements */ + if (strchr(workitem->get_arg_str(workitem), 'B')) + { + comp_name = pts_comp_func_name_create(PEN_ITA, + PTS_ITA_COMP_FUNC_NAME_IMA, + PTS_ITA_QUALIFIER_FLAG_KERNEL | + PTS_ITA_QUALIFIER_TYPE_TRUSTED); + comp = attestation_state->create_component( + attestation_state, comp_name, + 0, this->pts_db); + if (!comp) + { + comp_name->log(comp_name, "unregistered "); + comp_name->destroy(comp_name); + } + } + + /* do TPM IMA measurements */ + if (strchr(workitem->get_arg_str(workitem), 'I')) + { + comp_name = pts_comp_func_name_create(PEN_ITA, + PTS_ITA_COMP_FUNC_NAME_IMA, + PTS_ITA_QUALIFIER_FLAG_KERNEL | + PTS_ITA_QUALIFIER_TYPE_OS); + comp = attestation_state->create_component( + attestation_state, comp_name, + 0, this->pts_db); + if (!comp) + { + comp_name->log(comp_name, "unregistered "); + comp_name->destroy(comp_name); + } + } + + attestation_state->set_handshake_state(attestation_state, + IMV_ATTESTATION_STATE_NONCE_REQ); + continue; + } default: continue; } + /* initiate file and directory measurements */ pathname = this->pts_db->get_pathname(this->pts_db, is_dir, workitem->get_arg_int(workitem)); if (!pathname) @@ -440,22 +553,35 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, } /* check the IMV state for the next PA-TNC attributes to send */ - if (!imv_attestation_build(out_msg, state, this->supported_algorithms, - this->supported_dh_groups, this->pts_db)) + enumerator = session->create_workitem_enumerator(session); + while (enumerator->enumerate(enumerator, &workitem)) { - state->set_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_NO_RECOMMENDATION, - TNC_IMV_EVALUATION_RESULT_ERROR); - result = out_msg->send_assessment(out_msg); - out_msg->destroy(out_msg); - state->set_action_flags(state, IMV_ATTESTATION_FLAG_REC); - - if (result != TNC_RESULT_SUCCESS) + if (workitem->get_type(workitem) == IMV_WORKITEM_TPM_ATTEST) { - return result; + if (!imv_attestation_build(out_msg, state, + this->supported_dh_groups, this->pts_db)) + { + imv_reason_string_t *reason_string; + chunk_t result; + char *result_str; + + reason_string = imv_reason_string_create("en", ", "); + attestation_state->add_comp_evid_reasons(attestation_state, + reason_string); + result = reason_string->get_encoding(reason_string); + result_str = strndup(result.ptr, result.len); + reason_string->destroy(reason_string); + + eval = TNC_IMV_EVALUATION_RESULT_ERROR; + session->remove_workitem(session, enumerator); + rec = workitem->set_result(workitem, result_str, eval); + state->update_recommendation(state, rec, eval); + imcv_db->finalize_workitem(imcv_db, workitem); + } + break; } - return this->agent->provide_recommendation(this->agent, state); } + enumerator->destroy(enumerator); /* finalized all workitems? */ if (session && session->get_policy_started(session) && @@ -524,18 +650,22 @@ METHOD(imv_agent_if_t, solicit_recommendation, TNC_Result, case IMV_WORKITEM_FILE_MEAS: case IMV_WORKITEM_DIR_REF_MEAS: case IMV_WORKITEM_DIR_MEAS: - session->remove_workitem(session, enumerator); - result_str = "pending file measurements"; - eval = TNC_IMV_EVALUATION_RESULT_ERROR; - rec = workitem->set_result(workitem, result_str, eval); - state->update_recommendation(state, rec, eval); - imcv_db->finalize_workitem(imcv_db, workitem); - workitem->destroy(workitem); + result_str = "Pending file measurements"; pending_file_meas++; break; - default: + case IMV_WORKITEM_TPM_ATTEST: + attestation_state->finalize_components(attestation_state); + result_str = "Pending component evidence"; break; + default: + continue; } + session->remove_workitem(session, enumerator); + eval = TNC_IMV_EVALUATION_RESULT_ERROR; + rec = workitem->set_result(workitem, result_str, eval); + state->update_recommendation(state, rec, eval); + imcv_db->finalize_workitem(imcv_db, workitem); + workitem->destroy(workitem); } enumerator->destroy(enumerator); @@ -585,11 +715,11 @@ imv_agent_if_t *imv_attestation_agent_create(const char *name, TNC_IMVID id, } hash_alg = lib->settings->get_str(lib->settings, - "libimcv.plugins.imv-attestation.hash_algorithm", "sha256"); + "%s.plugins.imv-attestation.hash_algorithm", "sha256", lib->ns); dh_group = lib->settings->get_str(lib->settings, - "libimcv.plugins.imv-attestation.dh_group", "ecp256"); + "%s.plugins.imv-attestation.dh_group", "ecp256", lib->ns); cadir = lib->settings->get_str(lib->settings, - "libimcv.plugins.imv-attestation.cadir", NULL); + "%s.plugins.imv-attestation.cadir", NULL, lib->ns); INIT(this, .public = { diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.c b/src/libpts/plugins/imv_attestation/imv_attestation_build.c index 1fbde2c6d..84023c6c6 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_build.c +++ b/src/libpts/plugins/imv_attestation/imv_attestation_build.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -16,8 +17,6 @@ #include "imv_attestation_build.h" #include "imv_attestation_state.h" -#include <tcg/pts/tcg_pts_attr_proto_caps.h> -#include <tcg/pts/tcg_pts_attr_meas_algo.h> #include <tcg/pts/tcg_pts_attr_dh_nonce_params_req.h> #include <tcg/pts/tcg_pts_attr_dh_nonce_finish.h> #include <tcg/pts/tcg_pts_attr_get_tpm_version_info.h> @@ -27,9 +26,7 @@ #include <utils/debug.h> -bool imv_attestation_build(imv_msg_t *out_msg, - imv_state_t *state, - pts_meas_algorithms_t supported_algorithms, +bool imv_attestation_build(imv_msg_t *out_msg, imv_state_t *state, pts_dh_group_t supported_dh_groups, pts_database_t *pts_db) { @@ -42,67 +39,15 @@ bool imv_attestation_build(imv_msg_t *out_msg, handshake_state = attestation_state->get_handshake_state(attestation_state); pts = attestation_state->get_pts(attestation_state); - /** - * Received a response form the Attestation IMC so we can proceeed - */ - if (handshake_state == IMV_ATTESTATION_STATE_DISCOVERY && - (state->get_action_flags(state) & IMV_ATTESTATION_FLAG_ALGO)) - { - handshake_state = IMV_ATTESTATION_STATE_NONCE_REQ; - } - - /** - * Skip DH Nonce Parameters Request attribute when - * DH Nonce Exchange is not selected by PTS-IMC side - */ - if (handshake_state == IMV_ATTESTATION_STATE_NONCE_REQ && - !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D)) - { - DBG2(DBG_IMV, "PTS-IMC does not support DH Nonce negotiation"); - handshake_state = IMV_ATTESTATION_STATE_TPM_INIT; - } - - /** - * Skip TPM Version Info and AIK attributes when - * no TPM is available on the PTS-IMC side - */ - if (handshake_state == IMV_ATTESTATION_STATE_TPM_INIT && - !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T)) - { - DBG2(DBG_IMV, "PTS-IMC made no TPM available"); - handshake_state = IMV_ATTESTATION_STATE_END; - } - switch (handshake_state) { - case IMV_ATTESTATION_STATE_INIT: - { - pts_proto_caps_flag_t flags; - - /* Send Request Protocol Capabilities attribute */ - flags = pts->get_proto_caps(pts); - attr = tcg_pts_attr_proto_caps_create(flags, TRUE); - attr->set_noskip_flag(attr, TRUE); - out_msg->add_attribute(out_msg, attr); - - /* Send Measurement Algorithms attribute */ - attr = tcg_pts_attr_meas_algo_create(supported_algorithms, FALSE); - attr->set_noskip_flag(attr, TRUE); - out_msg->add_attribute(out_msg, attr); - - attestation_state->set_handshake_state(attestation_state, - IMV_ATTESTATION_STATE_DISCOVERY); - break; - } - case IMV_ATTESTATION_STATE_DISCOVERY: - break; case IMV_ATTESTATION_STATE_NONCE_REQ: { int min_nonce_len; /* Send DH nonce parameters request attribute */ min_nonce_len = lib->settings->get_int(lib->settings, - "libimcv.plugins.imv-attestation.min_nonce_len", 0); + "%s.plugins.imv-attestation.min_nonce_len", 0, lib->ns); attr = tcg_pts_attr_dh_nonce_params_req_create(min_nonce_len, supported_dh_groups); attr->set_noskip_flag(attr, TRUE); @@ -117,16 +62,13 @@ bool imv_attestation_build(imv_msg_t *out_msg, pts_meas_algorithms_t selected_algorithm; chunk_t initiator_value, initiator_nonce; - if ((pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D)) - { - /* Send DH nonce finish attribute */ - selected_algorithm = pts->get_meas_algorithm(pts); - pts->get_my_public_value(pts, &initiator_value, &initiator_nonce); - attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm, + /* Send DH nonce finish attribute */ + selected_algorithm = pts->get_meas_algorithm(pts); + pts->get_my_public_value(pts, &initiator_value, &initiator_nonce); + attr = tcg_pts_attr_dh_nonce_finish_create(selected_algorithm, initiator_value, initiator_nonce); - attr->set_noskip_flag(attr, TRUE); - out_msg->add_attribute(out_msg, attr); - } + attr->set_noskip_flag(attr, TRUE); + out_msg->add_attribute(out_msg, attr); /* Send Get TPM Version attribute */ attr = tcg_pts_attr_get_tpm_version_info_create(); @@ -146,73 +88,40 @@ bool imv_attestation_build(imv_msg_t *out_msg, { tcg_pts_attr_req_func_comp_evid_t *attr_cast; enumerator_t *enumerator; - pts_component_t *comp; - pts_comp_func_name_t *comp_name; + pts_comp_func_name_t *name; chunk_t keyid; - int kid, vid, name, qualifier; + int kid; u_int8_t flags; u_int32_t depth; - bool first = TRUE, first_component = TRUE; + bool first_component = TRUE; attestation_state->set_handshake_state(attestation_state, IMV_ATTESTATION_STATE_END); - if (!(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_T) || - !(pts->get_proto_caps(pts) & PTS_PROTO_CAPS_D)) - { - DBG2(DBG_IMV, "PTS-IMC made no TPM available - " - "skipping Component Measurements"); - break; - } - if (!pts->get_aik_keyid(pts, &keyid)) - { - DBG1(DBG_IMV, "retrieval of AIK keyid failed"); - return FALSE; - } - if (!pts_db) - { - DBG1(DBG_IMV, "pts database not available"); - break; - } - if (pts_db->check_aik_keyid(pts_db, keyid, &kid) != SUCCESS) + if (!pts->get_aik_keyid(pts, &keyid) || + pts_db->check_aik_keyid(pts_db, keyid, &kid) != SUCCESS) { + attestation_state->set_measurement_error(attestation_state, + IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK); return FALSE; } - enumerator = pts_db->create_comp_evid_enumerator(pts_db, kid); - if (!enumerator) - { - break; - } - while (enumerator->enumerate(enumerator, &vid, &name, - &qualifier, &depth)) - { - if (first) - { - DBG2(DBG_IMV, "evidence request by"); - first = FALSE; - } - comp_name = pts_comp_func_name_create(vid, name, qualifier); - comp_name->log(comp_name, " "); - comp = attestation_state->create_component(attestation_state, - comp_name, depth, pts_db); - if (!comp) - { - DBG2(DBG_IMV, " not registered or duplicate" - " - removed from request"); - comp_name->destroy(comp_name); - continue; - } + enumerator = attestation_state->create_component_enumerator( + attestation_state); + while (enumerator->enumerate(enumerator, &flags, &depth, &name)) + { if (first_component) { attr = tcg_pts_attr_req_func_comp_evid_create(); attr->set_noskip_flag(attr, TRUE); first_component = FALSE; + DBG2(DBG_IMV, "evidence request by"); } - flags = comp->get_evidence_flags(comp); + name->log(name, " "); + /* TODO check flags against negotiated_caps */ attr_cast = (tcg_pts_attr_req_func_comp_evid_t *)attr; - attr_cast->add_component(attr_cast, flags, depth, comp_name); + attr_cast->add_component(attr_cast, flags, depth, name); } enumerator->destroy(enumerator); @@ -231,17 +140,9 @@ bool imv_attestation_build(imv_msg_t *out_msg, } break; } - case IMV_ATTESTATION_STATE_EVID_FINAL: - if (attestation_state->components_finalized(attestation_state)) - { - attestation_state->set_handshake_state(attestation_state, - IMV_ATTESTATION_STATE_END); - } - break; - case IMV_ATTESTATION_STATE_END: - attestation_state->set_handshake_state(attestation_state, - IMV_ATTESTATION_STATE_END); + default: break; } + return TRUE; } diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_build.h b/src/libpts/plugins/imv_attestation/imv_attestation_build.h index 0cee49b34..88538b198 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_build.h +++ b/src/libpts/plugins/imv_attestation/imv_attestation_build.h @@ -35,14 +35,11 @@ * * @param out_msg outbound PA-TNC message to be built * @param state state of a given connection - * @param supported_algorithms supported PTS measurement algorithms * @param supported_dh_groups supported DH groups * @param pts_db PTS configuration database * @return TRUE if successful */ -bool imv_attestation_build(imv_msg_t *out_msg, - imv_state_t *state, - pts_meas_algorithms_t supported_algorithms, +bool imv_attestation_build(imv_msg_t *out_msg, imv_state_t *state, pts_dh_group_t supported_dh_groups, pts_database_t *pts_db); diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_process.c b/src/libpts/plugins/imv_attestation/imv_attestation_process.c index 5137d64fe..e40c92a24 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_process.c +++ b/src/libpts/plugins/imv_attestation/imv_attestation_process.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2013 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -13,6 +14,9 @@ * for more details. */ +#define _GNU_SOURCE /* for stdndup() */ +#include <string.h> + #include "imv_attestation_process.h" #include <imcv.h> @@ -92,7 +96,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, /* check compliance of responder nonce length */ min_nonce_len = lib->settings->get_int(lib->settings, - "libimcv.plugins.imv-attestation.min_nonce_len", 0); + "%s.plugins.imv-attestation.min_nonce_len", 0, lib->ns); nonce_len = responder_nonce.len; if (nonce_len < PTS_MIN_NONCE_LEN || (min_nonce_len > 0 && nonce_len < min_nonce_len)) @@ -162,7 +166,9 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, if (!aik) { DBG1(DBG_IMV, "AIK unavailable"); - return FALSE; + attestation_state->set_measurement_error(attestation_state, + IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK); + break; } if (aik->get_type(aik) == CERT_X509) { @@ -186,7 +192,9 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, trusted ? "" : "not "); if (!trusted) { - return FALSE; + attestation_state->set_measurement_error(attestation_state, + IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK); + break; } } pts->set_aik(pts, aik); @@ -242,7 +250,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, } type = found->get_type(found); arg_int = found->get_arg_int(found); - + switch (type) { default: @@ -295,7 +303,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, e = measurements->create_enumerator(measurements); while (e->enumerate(e, &filename, &measurement)) { - if (pts_db->add_file_measurement(pts_db, + if (pts_db->add_file_measurement(pts_db, platform_info, algo, measurement, filename, is_dir, arg_int) != SUCCESS) { @@ -366,6 +374,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, pts_comp_evidence_t *evidence; pts_component_t *comp; u_int32_t depth; + status_t status; attr_cast = (tcg_pts_attr_simple_comp_evid_t*)attr; evidence = attr_cast->get_comp_evidence(attr_cast); @@ -377,12 +386,9 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, DBG1(DBG_IMV, " no entry found for component evidence request"); break; } - if (comp->verify(comp, name->get_qualifier(name), pts, - evidence) != SUCCESS) + status = comp->verify(comp, name->get_qualifier(name), pts, evidence); + if (status == VERIFY_ERROR || status == FAILED) { - state->update_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_ISOLATE, - TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR); attestation_state->set_measurement_error(attestation_state, IMV_ATTESTATION_ERROR_COMP_EVID_FAIL); name->log(name, " measurement mismatch for "); @@ -396,6 +402,9 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, pts_meas_algorithms_t comp_hash_algorithm; chunk_t pcr_comp, tpm_quote_sig, evid_sig; chunk_t pcr_composite, quote_info; + imv_session_t *session; + imv_workitem_t *workitem; + enumerator_t *enumerator; bool use_quote2, use_ver_info; attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr; @@ -420,9 +429,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, { DBG1(DBG_IMV, "received PCR Composite does not match " "constructed one"); - state->update_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_ISOLATE, - TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR); attestation_state->set_measurement_error(attestation_state, IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL); goto quote_error; @@ -431,9 +437,6 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig)) { - state->update_recommendation(state, - TNC_IMV_ACTION_RECOMMENDATION_ISOLATE, - TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR); attestation_state->set_measurement_error(attestation_state, IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL); goto quote_error; @@ -449,6 +452,52 @@ quote_error: * if all expected component measurements were received */ attestation_state->finalize_components(attestation_state); + + session = state->get_session(state); + enumerator = session->create_workitem_enumerator(session); + while (enumerator->enumerate(enumerator, &workitem)) + { + if (workitem->get_type(workitem) == IMV_WORKITEM_TPM_ATTEST) + { + TNC_IMV_Action_Recommendation rec; + TNC_IMV_Evaluation_Result eval; + char *result_str; + u_int32_t error; + + error = attestation_state->get_measurement_error( + attestation_state); + if (error & (IMV_ATTESTATION_ERROR_COMP_EVID_FAIL | + IMV_ATTESTATION_ERROR_COMP_EVID_PEND | + IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL)) + { + imv_reason_string_t *reason_string; + chunk_t result; + + reason_string = imv_reason_string_create("en", ", "); + attestation_state->add_comp_evid_reasons( + attestation_state, reason_string); + result = reason_string->get_encoding(reason_string); + result_str = strndup(result.ptr, result.len); + reason_string->destroy(reason_string); + eval = TNC_IMV_EVALUATION_RESULT_NONCOMPLIANT_MINOR; + } + else + { + result_str = strdup("attestation successful"); + eval = TNC_IMV_EVALUATION_RESULT_COMPLIANT; + } + session->remove_workitem(session, enumerator); + rec = workitem->set_result(workitem, result_str, eval); + state->update_recommendation(state, rec, eval); + imcv_db->finalize_workitem(imcv_db, workitem); + workitem->destroy(workitem); + free(result_str); + attestation_state->set_handshake_state(attestation_state, + IMV_ATTESTATION_STATE_END); + break; + } + } + enumerator->destroy(enumerator); } if (attr_cast->get_evid_sig(attr_cast, &evid_sig)) diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.c b/src/libpts/plugins/imv_attestation/imv_attestation_state.c index 47011751d..9304b9a13 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_state.c +++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Sansar Choinyambuu - * Copyright (C) 2011-2013 Andreas Steffen + * Copyright (C) 2011-2014 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -127,7 +127,7 @@ struct private_imv_attestation_state_t { */ struct func_comp_t { pts_component_t *comp; - u_int8_t qualifier; + pts_comp_func_name_t* name; }; /** @@ -136,6 +136,7 @@ struct func_comp_t { static void free_func_comp(func_comp_t *this) { this->comp->destroy(this->comp); + this->name->destroy(this->name); free(this); } @@ -161,6 +162,12 @@ static imv_lang_string_t reason_file_meas_pend[] = { { NULL, NULL } }; +static imv_lang_string_t reason_no_trusted_aik[] = { + { "en", "No trusted AIK available" }, + { "de", "Kein vetrauenswürdiger AIK verfügbar" }, + { NULL, NULL } +}; + static imv_lang_string_t reason_comp_evid_fail[] = { { "en", "Incorrect component evidence" }, { "de", "Falsche Komponenten-Evidenz" }, @@ -290,42 +297,52 @@ METHOD(imv_state_t, update_recommendation, void, this->eval = tncif_policy_update_evaluation(this->eval, eval); } -METHOD(imv_state_t, get_reason_string, bool, - private_imv_attestation_state_t *this, enumerator_t *language_enumerator, - chunk_t *reason_string, char **reason_language) +METHOD(imv_attestation_state_t, add_file_meas_reasons, void, + private_imv_attestation_state_t *this, imv_reason_string_t *reason_string) { - *reason_language = imv_lang_string_select_lang(language_enumerator, - languages, countof(languages)); - - /* Instantiate a TNC Reason String object */ - DESTROY_IF(this->reason_string); - this->reason_string = imv_reason_string_create(*reason_language); - if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL) { - this->reason_string->add_reason(this->reason_string, - reason_file_meas_fail); + reason_string->add_reason(reason_string, reason_file_meas_fail); } if (this->measurement_error & IMV_ATTESTATION_ERROR_FILE_MEAS_PEND) { - this->reason_string->add_reason(this->reason_string, - reason_file_meas_pend); + reason_string->add_reason(reason_string, reason_file_meas_pend); + } +} + +METHOD(imv_attestation_state_t, add_comp_evid_reasons, void, + private_imv_attestation_state_t *this, imv_reason_string_t *reason_string) +{ + if (this->measurement_error & IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK) + { + reason_string->add_reason(reason_string, reason_no_trusted_aik); } if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_FAIL) { - this->reason_string->add_reason(this->reason_string, - reason_comp_evid_fail); + reason_string->add_reason(reason_string, reason_comp_evid_fail); } if (this->measurement_error & IMV_ATTESTATION_ERROR_COMP_EVID_PEND) { - this->reason_string->add_reason(this->reason_string, - reason_comp_evid_pend); + reason_string->add_reason(reason_string, reason_comp_evid_pend); } if (this->measurement_error & IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL) { - this->reason_string->add_reason(this->reason_string, - reason_tpm_quote_fail); + reason_string->add_reason(reason_string, reason_tpm_quote_fail); } +} + +METHOD(imv_state_t, get_reason_string, bool, + private_imv_attestation_state_t *this, enumerator_t *language_enumerator, + chunk_t *reason_string, char **reason_language) +{ + *reason_language = imv_lang_string_select_lang(language_enumerator, + languages, countof(languages)); + + /* Instantiate a TNC Reason String object */ + DESTROY_IF(this->reason_string); + this->reason_string = imv_reason_string_create(*reason_language, "\n"); + add_file_meas_reasons(this, this->reason_string); + add_comp_evid_reasons(this, this->reason_string); *reason_string = this->reason_string->get_encoding(this->reason_string); return TRUE; @@ -390,13 +407,13 @@ METHOD(imv_attestation_state_t, create_component, pts_component_t*, if (found) { - if (name->get_qualifier(name) == entry->qualifier) + if (name->equals(name, entry->name)) { /* duplicate entry */ return NULL; } new_entry = malloc_thing(func_comp_t); - new_entry->qualifier = name->get_qualifier(name); + new_entry->name = name->clone(name); new_entry->comp = entry->comp->get_ref(entry->comp); this->components->insert_last(this->components, new_entry); return entry->comp; @@ -410,13 +427,41 @@ METHOD(imv_attestation_state_t, create_component, pts_component_t*, return NULL; } new_entry = malloc_thing(func_comp_t); - new_entry->qualifier = name->get_qualifier(name); + new_entry->name = name->clone(name); new_entry->comp = component; this->components->insert_last(this->components, new_entry); return component; } } +/** + * Enumerate file measurement entries + */ +static bool entry_filter(void *null, func_comp_t **entry, u_int8_t *flags, + void *i2, u_int32_t *depth, + void *i3, pts_comp_func_name_t **comp_name) +{ + pts_component_t *comp; + pts_comp_func_name_t *name; + + comp = (*entry)->comp; + name = (*entry)->name; + + *flags = comp->get_evidence_flags(comp); + *depth = comp->get_depth(comp); + *comp_name = name; + + return TRUE; +} + +METHOD(imv_attestation_state_t, create_component_enumerator, enumerator_t*, + private_imv_attestation_state_t *this) +{ + return enumerator_create_filter( + this->components->create_enumerator(this->components), + (void*)entry_filter, NULL, NULL); +} + METHOD(imv_attestation_state_t, get_component, pts_component_t*, private_imv_attestation_state_t *this, pts_comp_func_name_t *name) { @@ -427,8 +472,7 @@ METHOD(imv_attestation_state_t, get_component, pts_component_t*, enumerator = this->components->create_enumerator(this->components); while (enumerator->enumerate(enumerator, &entry)) { - if (name->equals(name, entry->comp->get_comp_func_name(entry->comp)) && - name->get_qualifier(name) == entry->qualifier) + if (name->equals(name, entry->name)) { found = entry->comp; break; @@ -458,23 +502,15 @@ METHOD(imv_attestation_state_t, finalize_components, void, while (this->components->remove_last(this->components, (void**)&entry) == SUCCESS) { - if (!entry->comp->finalize(entry->comp, entry->qualifier)) + if (!entry->comp->finalize(entry->comp, + entry->name->get_qualifier(entry->name))) { set_measurement_error(this, IMV_ATTESTATION_ERROR_COMP_EVID_PEND); - update_recommendation(this, - TNC_IMV_ACTION_RECOMMENDATION_ISOLATE, - TNC_IMV_EVALUATION_RESULT_ERROR); } free_func_comp(entry); } } -METHOD(imv_attestation_state_t, components_finalized, bool, - private_imv_attestation_state_t *this) -{ - return this->components->get_count(this->components) == 0; -} - /** * Described in header. */ @@ -509,11 +545,13 @@ imv_state_t *imv_attestation_state_create(TNC_ConnectionID connection_id) .set_handshake_state = _set_handshake_state, .get_pts = _get_pts, .create_component = _create_component, + .create_component_enumerator = _create_component_enumerator, .get_component = _get_component, .finalize_components = _finalize_components, - .components_finalized = _components_finalized, .get_measurement_error = _get_measurement_error, .set_measurement_error = _set_measurement_error, + .add_file_meas_reasons = _add_file_meas_reasons, + .add_comp_evid_reasons = _add_comp_evid_reasons, }, .connection_id = connection_id, .state = TNC_CONNECTION_STATE_CREATE, diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_state.h b/src/libpts/plugins/imv_attestation/imv_attestation_state.h index 27d1ae8db..9369d30a2 100644 --- a/src/libpts/plugins/imv_attestation/imv_attestation_state.h +++ b/src/libpts/plugins/imv_attestation/imv_attestation_state.h @@ -25,6 +25,7 @@ #define IMV_ATTESTATION_STATE_H_ #include <imv/imv_state.h> +#include <imv/imv_reason_string.h> #include <pts/pts.h> #include <pts/pts_database.h> #include <pts/components/pts_component.h> @@ -64,9 +65,10 @@ enum imv_attestation_handshake_state_t { enum imv_meas_error_t { IMV_ATTESTATION_ERROR_FILE_MEAS_FAIL = 1, IMV_ATTESTATION_ERROR_FILE_MEAS_PEND = 2, - IMV_ATTESTATION_ERROR_COMP_EVID_FAIL = 4, - IMV_ATTESTATION_ERROR_COMP_EVID_PEND = 8, - IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL = 16 + IMV_ATTESTATION_ERROR_NO_TRUSTED_AIK = 4, + IMV_ATTESTATION_ERROR_COMP_EVID_FAIL = 8, + IMV_ATTESTATION_ERROR_COMP_EVID_PEND = 16, + IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL = 32 }; /** @@ -116,6 +118,13 @@ struct imv_attestation_state_t { pts_database_t *pts_db); /** + * Enumerate over all Functional Components + * + * @return Functional Component enumerator + */ + enumerator_t* (*create_component_enumerator)(imv_attestation_state_t *this); + + /** * Get a Functional Component with a given name * * @param name Name of the requested Functional Component @@ -131,11 +140,6 @@ struct imv_attestation_state_t { void (*finalize_components)(imv_attestation_state_t *this); /** - * Have the Functional Component measurements been finalized? - */ - bool (*components_finalized)(imv_attestation_state_t *this); - - /** * Indicates the types of measurement errors that occurred * * @return Measurement error flags @@ -150,6 +154,21 @@ struct imv_attestation_state_t { void (*set_measurement_error)(imv_attestation_state_t *this, u_int32_t error); + /** + * Returns a concatenation of File Measurement reason strings + * + * @param reason_string Concatenated reason strings + */ + void (*add_file_meas_reasons)(imv_attestation_state_t *this, + imv_reason_string_t *reason_string); + + /** + * Returns a concatenation of Component Evidence reason strings + * + * @param reason_string Concatenated reason strings + */ + void (*add_comp_evid_reasons)(imv_attestation_state_t *this, + imv_reason_string_t *reason_string); }; /** diff --git a/src/libpts/plugins/imv_swid/Makefile.in b/src/libpts/plugins/imv_swid/Makefile.in index 852cd3d04..b92f7d4d0 100644 --- a/src/libpts/plugins/imv_swid/Makefile.in +++ b/src/libpts/plugins/imv_swid/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libpts/pts/components/ita/ita_comp_ima.c b/src/libpts/pts/components/ita/ita_comp_ima.c index 02470f5f5..c6b4131bf 100644 --- a/src/libpts/pts/components/ita/ita_comp_ima.c +++ b/src/libpts/pts/components/ita/ita_comp_ima.c @@ -683,7 +683,7 @@ METHOD(pts_component_t, verify, status_t, status = this->pts_db->check_comp_measurement(this->pts_db, measurement, this->bios_cid, this->kid, ++this->seq_no, pcr, algo); - if (status != SUCCESS) + if (status == FAILED) { return status; } @@ -803,7 +803,7 @@ METHOD(pts_component_t, verify, status_t, } if (pcrs->set(pcrs, pcr, pcr_after)) { - return SUCCESS; + return status; } } else @@ -811,7 +811,7 @@ METHOD(pts_component_t, verify, status_t, pcr_after = pcrs->extend(pcrs, pcr, measurement); if (pcr_after.ptr) { - return SUCCESS; + return status; } } return FAILED; @@ -951,7 +951,7 @@ pts_component_t *pts_ita_comp_ima_create(u_int32_t depth, .bios_list = linked_list_create(), .ima_list = linked_list_create(), .pcr_info = lib->settings->get_bool(lib->settings, - "libimcv.plugins.imc-attestation.pcr_info", TRUE), + "%s.plugins.imc-attestation.pcr_info", TRUE, lib->ns), .ref = 1, ); diff --git a/src/libpts/pts/components/ita/ita_comp_tboot.c b/src/libpts/pts/components/ita/ita_comp_tboot.c index 8fb5abddf..f4859f801 100644 --- a/src/libpts/pts/components/ita/ita_comp_tboot.c +++ b/src/libpts/pts/components/ita/ita_comp_tboot.c @@ -130,21 +130,21 @@ METHOD(pts_component_t, measure, status_t, /* dummy data since currently the TBOOT log is not retrieved */ time(&this->measurement_time); meas_hex = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.pcr17_meas", NULL); + "%s.plugins.imc-attestation.pcr17_meas", NULL, lib->ns); pcr_before_hex = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.pcr17_before", NULL); + "%s.plugins.imc-attestation.pcr17_before", NULL, lib->ns); pcr_after_hex = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.pcr17_after", NULL); + "%s.plugins.imc-attestation.pcr17_after", NULL, lib->ns); extended_pcr = PCR_TBOOT_POLICY; break; case 1: /* dummy data since currently the TBOOT log is not retrieved */ meas_hex = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.pcr18_meas", NULL); + "%s.plugins.imc-attestation.pcr18_meas", NULL, lib->ns); pcr_before_hex = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.pcr18_before", NULL); + "%s.plugins.imc-attestation.pcr18_before", NULL, lib->ns); pcr_after_hex = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.pcr18_after", NULL); + "%s.plugins.imc-attestation.pcr18_after", NULL, lib->ns); extended_pcr = PCR_TBOOT_MLE; break; default: diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c index f646d67e1..8699282f0 100644 --- a/src/libpts/pts/pts.c +++ b/src/libpts/pts/pts.c @@ -377,7 +377,7 @@ static void load_aik_blob(private_pts_t *this) u_int32_t aikBlobLen; blob_path = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.aik_blob", NULL); + "%s.plugins.imc-attestation.aik_blob", NULL, lib->ns); if (blob_path) { @@ -418,9 +418,9 @@ static void load_aik(private_pts_t *this) char *cert_path, *key_path; cert_path = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.aik_cert", NULL); + "%s.plugins.imc-attestation.aik_cert", NULL, lib->ns); key_path = lib->settings->get_str(lib->settings, - "libimcv.plugins.imc-attestation.aik_key", NULL); + "%s.plugins.imc-attestation.aik_key", NULL, lib->ns); if (cert_path) { @@ -627,7 +627,7 @@ METHOD(pts_t, get_metadata, pts_file_meta_t*, metadata->destroy(metadata); return NULL; } - entry->filename = strdup(basename(pathname)); + entry->filename = path_basename(pathname); metadata->add(metadata, entry); } diff --git a/src/libpts/pts/pts_database.c b/src/libpts/pts/pts_database.c index e5a06cc8d..07e8ae1da 100644 --- a/src/libpts/pts/pts_database.c +++ b/src/libpts/pts/pts_database.c @@ -15,6 +15,7 @@ #define _GNU_SOURCE #include <stdio.h> +#include <libgen.h> #include "pts_database.h" @@ -248,13 +249,62 @@ METHOD(pts_database_t, check_file_measurement, status_t, enumerator_t *e; chunk_t hash; status_t status = NOT_FOUND; + char *dir, *file; + + if (strlen(filename) < 1) + { + return INVALID_ARG; + } + + /* separate filename into directory and basename components */ + dir = path_dirname(filename); + file = path_basename(filename); + + if (*dir == '.') + { /* relative pathname */ + e = this->db->query(this->db, + "SELECT fh.hash FROM file_hashes AS fh " + "JOIN files AS f ON f.id = fh.file " + "JOIN products AS p ON p.id = fh.product " + "WHERE p.name = ? AND f.name = ? AND fh.algo = ?", + DB_TEXT, product, DB_TEXT, file, DB_INT, algo, DB_BLOB); + } + else + { /* absolute pathname */ + bool dir_found; + int did; + + /* find directory entry first */ + e = this->db->query(this->db, + "SELECT id FROM directories WHERE path = ?", + DB_TEXT, dir, DB_INT); + if (!e) + { + free(file); + free(dir); + return FAILED; + } + dir_found = e->enumerate(e, &did); + e->destroy(e); + + if (!dir_found) + { + free(file); + free(dir); + return NOT_FOUND; + } + + e = this->db->query(this->db, + "SELECT fh.hash FROM file_hashes AS fh " + "JOIN files AS f ON f.id = fh.file " + "JOIN products AS p ON p.id = fh.product " + "WHERE p.name = ? AND f.dir = ? AND f.name = ? AND fh.algo = ?", + DB_TEXT, product, DB_INT, did, DB_TEXT, file, DB_INT, algo, + DB_BLOB); + } + free(file); + free(dir); - e = this->db->query(this->db, - "SELECT fh.hash FROM file_hashes AS fh " - "JOIN files AS f ON f.id = fh.file " - "JOIN products AS p ON p.id = fh.product " - "WHERE p.name = ? AND f.path = ? AND fh.algo = ?", - DB_TEXT, product, DB_TEXT, filename, DB_INT, algo, DB_BLOB); if (!e) { return FAILED; diff --git a/src/libpts/pts/pts_file_meas.c b/src/libpts/pts/pts_file_meas.c index f684087d7..77a0957bb 100644 --- a/src/libpts/pts/pts_file_meas.c +++ b/src/libpts/pts/pts_file_meas.c @@ -341,9 +341,10 @@ pts_file_meas_t *pts_file_meas_create_from_path(u_int16_t request_id, success = FALSE; goto end; } - filename = use_rel_name ? basename(pathname) : pathname; + filename = use_rel_name ? path_basename(pathname) : strdup(pathname); DBG2(DBG_PTS, " %#B for '%s'", &measurement, filename); add(this, filename, measurement); + free(filename); } end: diff --git a/src/libpts/swid/swid_inventory.c b/src/libpts/swid/swid_inventory.c index a689ccdaa..a71682f43 100644 --- a/src/libpts/swid/swid_inventory.c +++ b/src/libpts/swid/swid_inventory.c @@ -24,7 +24,6 @@ #include <fcntl.h> #include <unistd.h> #include <sys/stat.h> -#include <sys/mman.h> #include <libgen.h> #include <errno.h> @@ -178,40 +177,19 @@ static bool collect_tags(private_swid_inventory_t *this, char *pathname, if (this->full_tags) { swid_tag_t *tag; - chunk_t xml_tag; - struct stat sb; - void *addr; - int fd; + chunk_t *xml_tag; - fd = open(abs_name, O_RDONLY); - if (fd == -1) + xml_tag = chunk_map(abs_name, FALSE); + if (!xml_tag) { DBG1(DBG_IMC, " opening '%s' failed: %s", abs_name, strerror(errno)); goto end; } - if (fstat(fd, &sb) == -1) - { - DBG1(DBG_IMC, " getting file size of '%s' failed: %s", abs_name, - strerror(errno)); - close(fd); - goto end; - } - - addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); - if (addr == MAP_FAILED) - { - DBG1(DBG_IMC, " mapping '%s' failed: %s", abs_name, - strerror(errno)); - close(fd); - goto end; - } - xml_tag = chunk_create(addr, sb.st_size); - tag = swid_tag_create(xml_tag, unique_seq_id); + tag = swid_tag_create(*xml_tag, unique_seq_id); this->list->insert_last(this->list, tag); - munmap(addr, sb.st_size); - close(fd); + chunk_unmap(xml_tag); } else { @@ -290,5 +268,3 @@ swid_inventory_t *swid_inventory_create(bool full_tags) return &this->public; } - - diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c index f0bc7cf60..c5a2f4b8a 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c +++ b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meas.c @@ -13,6 +13,9 @@ * for more details. */ +#define _GNU_SOURCE /* for stdndup() */ +#include <string.h> + #include "tcg_pts_attr_req_file_meas.h" #include <pa_tnc/pa_tnc_msg.h> @@ -20,8 +23,6 @@ #include <bio/bio_reader.h> #include <utils/debug.h> -#include <string.h> - typedef struct private_tcg_pts_attr_req_file_meas_t private_tcg_pts_attr_req_file_meas_t; /** diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c index e475cd35b..8d703af65 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c +++ b/src/libpts/tcg/pts/tcg_pts_attr_req_file_meta.c @@ -13,6 +13,9 @@ * for more details. */ +#define _GNU_SOURCE /* for stdndup() */ +#include <string.h> + #include "tcg_pts_attr_req_file_meta.h" #include <pa_tnc/pa_tnc_msg.h> @@ -20,8 +23,6 @@ #include <bio/bio_reader.h> #include <utils/debug.h> -#include <string.h> - typedef struct private_tcg_pts_attr_req_file_meta_t private_tcg_pts_attr_req_file_meta_t; /** diff --git a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c b/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c index 5249fa2ad..e10845bbb 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c +++ b/src/libpts/tcg/pts/tcg_pts_attr_req_func_comp_evid.c @@ -286,7 +286,7 @@ METHOD(tcg_pts_attr_req_func_comp_evid_t, add_component, void, entry = malloc_thing(entry_t); entry->flags = flags; entry->depth = depth; - entry->name = name; + entry->name = name->clone(name); this->list->insert_last(this->list, entry); } diff --git a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c b/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c index f96371b8b..eff64c229 100644 --- a/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c +++ b/src/libpts/tcg/pts/tcg_pts_attr_unix_file_meta.c @@ -13,6 +13,9 @@ * for more details. */ +#define _GNU_SOURCE /* for stdndup() */ +#include <string.h> + #include "tcg_pts_attr_unix_file_meta.h" #include <pa_tnc/pa_tnc_msg.h> @@ -21,8 +24,6 @@ #include <collections/linked_list.h> #include <utils/debug.h> -#include <string.h> - typedef struct private_tcg_pts_attr_file_meta_t private_tcg_pts_attr_file_meta_t; /** diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in index c9d6c3935..c827cb598 100644 --- a/src/libpttls/Makefile.in +++ b/src/libpttls/Makefile.in @@ -214,8 +214,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in index 8af48522c..d903de883 100644 --- a/src/libradius/Makefile.in +++ b/src/libradius/Makefile.in @@ -211,8 +211,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -280,6 +278,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -368,12 +371,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -388,6 +395,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in index 8e6050291..ee824abdb 100644 --- a/src/libsimaka/Makefile.in +++ b/src/libsimaka/Makefile.in @@ -211,8 +211,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -280,6 +278,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -368,12 +371,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -388,6 +395,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index 1a13fdd71..440913071 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -36,7 +36,8 @@ selectors/traffic_selector.c threading/thread.c threading/thread_value.c \ threading/mutex.c threading/semaphore.c threading/rwlock.c threading/spinlock.c \ utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \ utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \ -utils/printf_hook/printf_hook_vstr.c utils/settings.c +utils/printf_hook/printf_hook_builtin.c utils/settings.c utils/test.c \ +utils/utils/strerror.c # adding the plugin source files @@ -96,9 +97,6 @@ LOCAL_SRC_FILES += $(call add_plugin, xcbc) # build libstrongswan ---------------------------------------------------------- -LOCAL_C_INCLUDES += \ - $(libvstr_PATH) - LOCAL_CFLAGS := $(strongswan_CFLAGS) \ -include $(LOCAL_PATH)/AndroidConfigLocal.h @@ -110,6 +108,6 @@ LOCAL_ARM_MODE := arm LOCAL_PRELINK_MODULE := false -LOCAL_SHARED_LIBRARIES += libdl libvstr +LOCAL_SHARED_LIBRARIES += libdl include $(BUILD_SHARED_LIBRARY) diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 3804adb03..b3a4eda99 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -34,7 +34,8 @@ selectors/traffic_selector.c threading/thread.c threading/thread_value.c \ threading/mutex.c threading/semaphore.c threading/rwlock.c threading/spinlock.c \ utils/utils.c utils/chunk.c utils/debug.c utils/enum.c utils/identification.c \ utils/lexparser.c utils/optionsfrom.c utils/capabilities.c utils/backtrace.c \ -utils/settings.c +utils/settings.c utils/test.c \ +utils/utils/strerror.c if USE_DEV_HEADERS strongswan_includedir = ${dev_headers} @@ -82,7 +83,8 @@ utils/utils.h utils/chunk.h utils/debug.h utils/enum.h utils/identification.h \ utils/lexparser.h utils/optionsfrom.h utils/capabilities.h utils/backtrace.h \ utils/leak_detective.h utils/printf_hook/printf_hook.h \ utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \ -utils/settings.h utils/integrity_checker.h +utils/settings.h utils/test.h utils/integrity_checker.h \ +utils/utils/strerror.h endif library.lo : $(top_builddir)/config.status @@ -481,6 +483,13 @@ if MONOLITHIC endif endif +if USE_NTRU + SUBDIRS += plugins/ntru +if MONOLITHIC + libstrongswan_la_LIBADD += plugins/ntru/libstrongswan-ntru.la +endif +endif + if USE_TEST_VECTORS SUBDIRS += plugins/test_vectors if MONOLITHIC @@ -488,9 +497,7 @@ if MONOLITHIC endif endif -if UNITTESTS if MONOLITHIC SUBDIRS += . endif - SUBDIRS += tests -endif +SUBDIRS += tests diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index c9718e659..64396b51f 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -178,10 +178,10 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_97 = plugins/ccm/libstrongswan-ccm.la @USE_GCM_TRUE@am__append_98 = plugins/gcm @MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_99 = plugins/gcm/libstrongswan-gcm.la -@USE_TEST_VECTORS_TRUE@am__append_100 = plugins/test_vectors -@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_101 = plugins/test_vectors/libstrongswan-test-vectors.la -@MONOLITHIC_TRUE@@UNITTESTS_TRUE@am__append_102 = . -@UNITTESTS_TRUE@am__append_103 = tests +@USE_NTRU_TRUE@am__append_100 = plugins/ntru +@MONOLITHIC_TRUE@@USE_NTRU_TRUE@am__append_101 = plugins/ntru/libstrongswan-ntru.la +@USE_TEST_VECTORS_TRUE@am__append_102 = plugins/test_vectors +@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_103 = plugins/test_vectors/libstrongswan-test-vectors.la subdir = src/libstrongswan DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ $(top_srcdir)/depcomp \ @@ -254,7 +254,7 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__append_83) $(am__append_85) $(am__append_87) \ $(am__append_89) $(am__append_91) $(am__append_93) \ $(am__append_95) $(am__append_97) $(am__append_99) \ - $(am__append_101) + $(am__append_101) $(am__append_103) am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \ asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \ bio/bio_writer.c collections/blocking_queue.c \ @@ -300,8 +300,8 @@ am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \ utils/utils.c utils/chunk.c utils/debug.c utils/enum.c \ utils/identification.c utils/lexparser.c utils/optionsfrom.c \ utils/capabilities.c utils/backtrace.c utils/settings.c \ - utils/leak_detective.c utils/integrity_checker.c \ - utils/printf_hook/printf_hook_vstr.c \ + utils/test.c utils/utils/strerror.c utils/leak_detective.c \ + utils/integrity_checker.c utils/printf_hook/printf_hook_vstr.c \ utils/printf_hook/printf_hook_builtin.c \ utils/printf_hook/printf_hook_glibc.c am__dirstamp = $(am__leading_dot)dirstamp @@ -355,9 +355,9 @@ am_libstrongswan_la_OBJECTS = library.lo asn1/asn1.lo \ threading/spinlock.lo utils/utils.lo utils/chunk.lo \ utils/debug.lo utils/enum.lo utils/identification.lo \ utils/lexparser.lo utils/optionsfrom.lo utils/capabilities.lo \ - utils/backtrace.lo utils/settings.lo $(am__objects_1) \ - $(am__objects_2) $(am__objects_3) $(am__objects_4) \ - $(am__objects_5) + utils/backtrace.lo utils/settings.lo utils/test.lo \ + utils/utils/strerror.lo $(am__objects_1) $(am__objects_2) \ + $(am__objects_3) $(am__objects_4) $(am__objects_5) libstrongswan_la_OBJECTS = $(am_libstrongswan_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -468,7 +468,7 @@ am__nobase_strongswan_include_HEADERS_DIST = library.h asn1/asn1.h \ utils/printf_hook/printf_hook.h \ utils/printf_hook/printf_hook_vstr.h \ utils/printf_hook/printf_hook_builtin.h utils/settings.h \ - utils/integrity_checker.h + utils/test.h utils/integrity_checker.h utils/utils/strerror.h HEADERS = $(nobase_strongswan_include_HEADERS) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive @@ -508,7 +508,8 @@ DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ plugins/soup plugins/ldap plugins/mysql plugins/sqlite \ plugins/padlock plugins/openssl plugins/gcrypt \ plugins/fips_prf plugins/agent plugins/keychain plugins/pkcs11 \ - plugins/ctr plugins/ccm plugins/gcm plugins/test_vectors tests + plugins/ctr plugins/ccm plugins/gcm plugins/ntru \ + plugins/test_vectors tests DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -549,8 +550,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -618,6 +617,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -706,12 +710,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -726,6 +734,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -781,8 +790,9 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \ utils/utils.c utils/chunk.c utils/debug.c utils/enum.c \ utils/identification.c utils/lexparser.c utils/optionsfrom.c \ utils/capabilities.c utils/backtrace.c utils/settings.c \ - $(am__append_2) $(am__append_5) $(am__append_6) \ - $(am__append_8) $(am__append_10) + utils/test.c utils/utils/strerror.c $(am__append_2) \ + $(am__append_5) $(am__append_6) $(am__append_8) \ + $(am__append_10) @USE_DEV_HEADERS_TRUE@strongswan_includedir = ${dev_headers} @USE_DEV_HEADERS_TRUE@nobase_strongswan_include_HEADERS = \ @USE_DEV_HEADERS_TRUE@library.h \ @@ -828,7 +838,8 @@ libstrongswan_la_SOURCES = library.c asn1/asn1.c asn1/asn1_parser.c \ @USE_DEV_HEADERS_TRUE@utils/lexparser.h utils/optionsfrom.h utils/capabilities.h utils/backtrace.h \ @USE_DEV_HEADERS_TRUE@utils/leak_detective.h utils/printf_hook/printf_hook.h \ @USE_DEV_HEADERS_TRUE@utils/printf_hook/printf_hook_vstr.h utils/printf_hook/printf_hook_builtin.h \ -@USE_DEV_HEADERS_TRUE@utils/settings.h utils/integrity_checker.h +@USE_DEV_HEADERS_TRUE@utils/settings.h utils/test.h utils/integrity_checker.h \ +@USE_DEV_HEADERS_TRUE@utils/utils/strerror.h libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \ $(RTLIB) $(BFDLIB) $(UNWINDLIB) $(am__append_7) \ @@ -847,7 +858,7 @@ libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \ $(am__append_81) $(am__append_83) $(am__append_85) \ $(am__append_87) $(am__append_89) $(am__append_91) \ $(am__append_93) $(am__append_95) $(am__append_97) \ - $(am__append_99) $(am__append_101) + $(am__append_99) $(am__append_101) $(am__append_103) AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \ -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \ -DPLUGINDIR=\"${plugindir}\" \ @@ -894,8 +905,7 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c @MONOLITHIC_FALSE@ $(am__append_88) $(am__append_90) \ @MONOLITHIC_FALSE@ $(am__append_92) $(am__append_94) \ @MONOLITHIC_FALSE@ $(am__append_96) $(am__append_98) \ -@MONOLITHIC_FALSE@ $(am__append_100) $(am__append_102) \ -@MONOLITHIC_FALSE@ $(am__append_103) +@MONOLITHIC_FALSE@ $(am__append_100) $(am__append_102) tests # build plugins with their own Makefile ####################################### @@ -921,8 +931,7 @@ $(srcdir)/crypto/proposal/proposal_keywords_static.c @MONOLITHIC_TRUE@ $(am__append_88) $(am__append_90) \ @MONOLITHIC_TRUE@ $(am__append_92) $(am__append_94) \ @MONOLITHIC_TRUE@ $(am__append_96) $(am__append_98) \ -@MONOLITHIC_TRUE@ $(am__append_100) $(am__append_102) \ -@MONOLITHIC_TRUE@ $(am__append_103) +@MONOLITHIC_TRUE@ $(am__append_100) $(am__append_102) . tests all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -1354,6 +1363,15 @@ utils/backtrace.lo: utils/$(am__dirstamp) \ utils/$(DEPDIR)/$(am__dirstamp) utils/settings.lo: utils/$(am__dirstamp) \ utils/$(DEPDIR)/$(am__dirstamp) +utils/test.lo: utils/$(am__dirstamp) utils/$(DEPDIR)/$(am__dirstamp) +utils/utils/$(am__dirstamp): + @$(MKDIR_P) utils/utils + @: > utils/utils/$(am__dirstamp) +utils/utils/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) utils/utils/$(DEPDIR) + @: > utils/utils/$(DEPDIR)/$(am__dirstamp) +utils/utils/strerror.lo: utils/utils/$(am__dirstamp) \ + utils/utils/$(DEPDIR)/$(am__dirstamp) utils/leak_detective.lo: utils/$(am__dirstamp) \ utils/$(DEPDIR)/$(am__dirstamp) utils/integrity_checker.lo: utils/$(am__dirstamp) \ @@ -1443,6 +1461,8 @@ mostlyclean-compile: -rm -f utils/*.lo -rm -f utils/printf_hook/*.$(OBJEXT) -rm -f utils/printf_hook/*.lo + -rm -f utils/utils/*.$(OBJEXT) + -rm -f utils/utils/*.lo distclean-compile: -rm -f *.tab.c @@ -1536,10 +1556,12 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/lexparser.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/optionsfrom.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/settings.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/test.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/utils.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/printf_hook/$(DEPDIR)/printf_hook_builtin.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/printf_hook/$(DEPDIR)/printf_hook_glibc.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@utils/printf_hook/$(DEPDIR)/printf_hook_vstr.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/utils/$(DEPDIR)/strerror.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ @@ -1602,6 +1624,7 @@ clean-libtool: -rm -rf threading/.libs threading/_libs -rm -rf utils/.libs utils/_libs -rm -rf utils/printf_hook/.libs utils/printf_hook/_libs + -rm -rf utils/utils/.libs utils/utils/_libs install-nobase_strongswan_includeHEADERS: $(nobase_strongswan_include_HEADERS) @$(NORMAL_INSTALL) @list='$(nobase_strongswan_include_HEADERS)'; test -n "$(strongswan_includedir)" || list=; \ @@ -1881,6 +1904,8 @@ distclean-generic: -rm -f utils/$(am__dirstamp) -rm -f utils/printf_hook/$(DEPDIR)/$(am__dirstamp) -rm -f utils/printf_hook/$(am__dirstamp) + -rm -f utils/utils/$(DEPDIR)/$(am__dirstamp) + -rm -f utils/utils/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -1893,7 +1918,7 @@ clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \ mostlyclean-am distclean: distclean-recursive - -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/ietf_attributes/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) threading/$(DEPDIR) utils/$(DEPDIR) utils/printf_hook/$(DEPDIR) + -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/ietf_attributes/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) threading/$(DEPDIR) utils/$(DEPDIR) utils/printf_hook/$(DEPDIR) utils/utils/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1940,7 +1965,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive - -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/ietf_attributes/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) threading/$(DEPDIR) utils/$(DEPDIR) utils/printf_hook/$(DEPDIR) + -rm -rf ./$(DEPDIR) asn1/$(DEPDIR) bio/$(DEPDIR) collections/$(DEPDIR) credentials/$(DEPDIR) credentials/certificates/$(DEPDIR) credentials/containers/$(DEPDIR) credentials/ietf_attributes/$(DEPDIR) credentials/keys/$(DEPDIR) credentials/sets/$(DEPDIR) crypto/$(DEPDIR) crypto/crypters/$(DEPDIR) crypto/hashers/$(DEPDIR) crypto/iv/$(DEPDIR) crypto/prfs/$(DEPDIR) crypto/proposal/$(DEPDIR) crypto/rngs/$(DEPDIR) crypto/signers/$(DEPDIR) database/$(DEPDIR) eap/$(DEPDIR) fetcher/$(DEPDIR) ipsec/$(DEPDIR) networking/$(DEPDIR) networking/streams/$(DEPDIR) pen/$(DEPDIR) plugins/$(DEPDIR) processing/$(DEPDIR) processing/jobs/$(DEPDIR) resolver/$(DEPDIR) selectors/$(DEPDIR) threading/$(DEPDIR) utils/$(DEPDIR) utils/printf_hook/$(DEPDIR) utils/utils/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index d860ad9a2..38a6ad688 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -88,7 +88,7 @@ int asn1_known_oid(chunk_t object) } } } - return -1; + return OID_UNKNOWN; } /* @@ -129,7 +129,8 @@ chunk_t asn1_build_known_oid(int n) chunk_t asn1_oid_from_string(char *str) { enumerator_t *enumerator; - u_char buf[64]; + size_t buf_len = 64; + u_char buf[buf_len]; char *end; int i = 0, pos = 0, shift; u_int val, shifted_val, first = 0; @@ -138,7 +139,7 @@ chunk_t asn1_oid_from_string(char *str) while (enumerator->enumerate(enumerator, &str)) { val = strtoul(str, &end, 10); - if (end == str || pos > countof(buf)) + if (end == str || pos > buf_len-4) { pos = 0; break; @@ -175,8 +176,9 @@ chunk_t asn1_oid_from_string(char *str) */ char *asn1_oid_to_string(chunk_t oid) { - char buf[64], *pos = buf; - int len; + size_t len = 64; + char buf[len], *pos = buf; + int written; u_int val; if (!oid.len) @@ -184,13 +186,14 @@ char *asn1_oid_to_string(chunk_t oid) return NULL; } val = oid.ptr[0] / 40; - len = snprintf(buf, sizeof(buf), "%u.%u", val, oid.ptr[0] - val * 40); + written = snprintf(buf, len, "%u.%u", val, oid.ptr[0] - val * 40); oid = chunk_skip(oid, 1); - if (len < 0 || len >= sizeof(buf)) + if (written < 0 || written >= len) { return NULL; } - pos += len; + pos += written; + len -= written; val = 0; while (oid.len) @@ -199,12 +202,13 @@ char *asn1_oid_to_string(chunk_t oid) if (oid.ptr[0] < 128) { - len = snprintf(pos, sizeof(buf) + buf - pos, ".%u", val); - if (len < 0 || len >= sizeof(buf) + buf - pos) + written = snprintf(pos, len, ".%u", val); + if (written < 0 || written >= len) { return NULL; } - pos += len; + pos += written; + len -= written; val = 0; } oid = chunk_skip(oid, 1); @@ -296,7 +300,7 @@ int asn1_unwrap(chunk_t *blob, chunk_t *inner) else { /* composite length, determine number of length octets */ len &= 0x7f; - if (len == 0 || len > sizeof(res.len)) + if (len == 0 || len > blob->len || len > sizeof(res.len)) { return ASN1_INVALID; } @@ -389,8 +393,8 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) tm_year += (tm_year < 50) ? 2000 : 1900; } - /* prevent large 32 bit integer overflows */ - if (sizeof(time_t) == 4 && tm_year > 2038) + /* prevent obvious 32 bit integer overflows */ + if (sizeof(time_t) == 4 && (tm_year > 2038 || tm_year < 1901)) { return TIME_32_BIT_SIGNED_MAX; } @@ -398,13 +402,24 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) /* representation of months as 0..11*/ if (tm_mon < 1 || tm_mon > 12) { - return 0; /* error in month format */ + return 0; } tm_mon--; /* representation of days as 0..30 */ + if (tm_day < 1 || tm_day > 31) + { /* we don't actually validate the day in relation to tm_year/tm_mon */ + return 0; + } tm_day--; + if (tm_hour < 0 || tm_hour > 23 || + tm_min < 0 || tm_min > 59 || + tm_sec < 0 || tm_sec > 60 /* allow leap seconds */) + { + return 0; + } + /* number of leap years between last year and 1970? */ tm_leap_4 = (tm_year - 1) / 4; tm_leap_100 = tm_leap_4 / 25; @@ -420,8 +435,20 @@ time_t asn1_to_time(const chunk_t *utctime, asn1_t type) tm_days = 365 * (tm_year - 1970) + days[tm_mon] + tm_day + tm_leap; tm_secs = 60 * (60 * (24 * tm_days + tm_hour) + tm_min) + tm_sec - tz_offset; - /* has a 32 bit signed integer overflow occurred? */ - return (tm_secs < 0) ? TIME_32_BIT_SIGNED_MAX : tm_secs; + if (sizeof(time_t) == 4) + { /* has a 32 bit signed integer overflow occurred? */ + if (tm_year > 1970 && tm_secs < 0) + { /* depending on the time zone, the first days in 1970 may result in + * a negative value, but dates after 1970 never will */ + return TIME_32_BIT_SIGNED_MAX; + } + if (tm_year < 1969 && tm_secs > 0) + { /* similarly, tm_secs is not positive for dates before 1970, except + * for the last days in 1969, depending on the time zone */ + return TIME_32_BIT_SIGNED_MAX; + } + } + return tm_secs; } /** @@ -537,7 +564,7 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c len = asn1_length(object); - if (len == ASN1_INVALID_LENGTH || object->len < len) + if (len == ASN1_INVALID_LENGTH) { DBG2(DBG_ASN, "L%d - %s: length of ASN.1 object invalid or too large", level, name); @@ -675,7 +702,9 @@ bool asn1_is_printablestring(chunk_t str) for (i = 0; i < str.len; i++) { if (strchr(printablestring_charset, str.ptr[i]) == NULL) + { return FALSE; + } } return TRUE; } @@ -781,10 +810,17 @@ chunk_t asn1_integer(const char *mode, chunk_t content) chunk_t object; size_t len; u_char *pos; + bool move; + if (content.len == 0) { /* make sure 0 is encoded properly */ content = chunk_from_chars(0x00); + move = FALSE; + } + else + { + move = (*mode == 'm'); } /* ASN.1 integers must be positive numbers in two's complement */ @@ -794,11 +830,9 @@ chunk_t asn1_integer(const char *mode, chunk_t content) { *pos++ = 0x00; } - if (len) - { - memcpy(pos, content.ptr, content.len); - } - if (*mode == 'm') + memcpy(pos, content.ptr, content.len); + + if (move) { free(content.ptr); } diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index a1d625380..7a48292af 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -191,6 +191,13 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private); /** * Converts an ASN.1 UTCTIME or GENERALIZEDTIME string to time_t * + * On systems where sizeof(time_t) == 4 there will be an overflow + * for dates + * > Tue, 19 Jan 2038 03:14:07 UTC (0x7fffffff) + * and + * < Fri, 13 Dec 1901 20:45:52 UTC (0x80000000) + * in both cases TIME_32_BIT_SIGNED_MAX is returned. + * * @param utctime body of an ASN.1 coded time object * @param type ASN1_UTCTIME or ASN1_GENERALIZEDTIME * @return time_t in UTC diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c index c31fb75f0..e7b7a428d 100644 --- a/src/libstrongswan/asn1/asn1_parser.c +++ b/src/libstrongswan/asn1/asn1_parser.c @@ -160,6 +160,7 @@ METHOD(asn1_parser_t, iterate, bool, DBG1(DBG_ASN, "L%d - %s: length of ASN.1 object invalid or too large", level, obj.name); this->success = FALSE; + goto end; } blob1->ptr = blob->ptr; diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index a0e882b2c..6fa8f4e54 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -75,7 +75,7 @@ const oid_t oid_names[] = { { 0x36, 63, 0, 2, "inhibitAnyPolicy" }, /* 62 */ { 0x37, 64, 0, 2, "targetInformation" }, /* 63 */ { 0x38, 0, 0, 2, "noRevAvail" }, /* 64 */ - {0x2A, 188, 1, 0, "" }, /* 65 */ + {0x2A, 189, 1, 0, "" }, /* 65 */ { 0x83, 78, 1, 1, "" }, /* 66 */ { 0x08, 0, 1, 2, "jp" }, /* 67 */ { 0x8C, 0, 1, 3, "" }, /* 68 */ @@ -90,7 +90,7 @@ const oid_t oid_names[] = { { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 77 */ { 0x86, 0, 1, 1, "" }, /* 78 */ { 0x48, 0, 1, 2, "us" }, /* 79 */ - { 0x86, 147, 1, 3, "" }, /* 80 */ + { 0x86, 148, 1, 3, "" }, /* 80 */ { 0xF6, 86, 1, 4, "" }, /* 81 */ { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 82 */ { 0x07, 0, 1, 6, "Entrust" }, /* 83 */ @@ -98,320 +98,344 @@ const oid_t oid_names[] = { { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 85 */ { 0xF7, 0, 1, 4, "" }, /* 86 */ { 0x0D, 0, 1, 5, "RSADSI" }, /* 87 */ - { 0x01, 142, 1, 6, "PKCS" }, /* 88 */ - { 0x01, 100, 1, 7, "PKCS-1" }, /* 89 */ + { 0x01, 143, 1, 6, "PKCS" }, /* 88 */ + { 0x01, 101, 1, 7, "PKCS-1" }, /* 89 */ { 0x01, 91, 0, 8, "rsaEncryption" }, /* 90 */ { 0x02, 92, 0, 8, "md2WithRSAEncryption" }, /* 91 */ { 0x04, 93, 0, 8, "md5WithRSAEncryption" }, /* 92 */ { 0x05, 94, 0, 8, "sha-1WithRSAEncryption" }, /* 93 */ { 0x07, 95, 0, 8, "id-RSAES-OAEP" }, /* 94 */ - { 0x09, 96, 0, 8, "id-pSpecified" }, /* 95 */ - { 0x0B, 97, 0, 8, "sha256WithRSAEncryption" }, /* 96 */ - { 0x0C, 98, 0, 8, "sha384WithRSAEncryption" }, /* 97 */ - { 0x0D, 99, 0, 8, "sha512WithRSAEncryption" }, /* 98 */ - { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 99 */ - { 0x05, 105, 1, 7, "PKCS-5" }, /* 100 */ - { 0x03, 102, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 101 */ - { 0x0A, 103, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 102 */ - { 0x0C, 104, 0, 8, "id-PBKDF2" }, /* 103 */ - { 0x0D, 0, 0, 8, "id-PBES2" }, /* 104 */ - { 0x07, 112, 1, 7, "PKCS-7" }, /* 105 */ - { 0x01, 107, 0, 8, "data" }, /* 106 */ - { 0x02, 108, 0, 8, "signedData" }, /* 107 */ - { 0x03, 109, 0, 8, "envelopedData" }, /* 108 */ - { 0x04, 110, 0, 8, "signedAndEnvelopedData" }, /* 109 */ - { 0x05, 111, 0, 8, "digestedData" }, /* 110 */ - { 0x06, 0, 0, 8, "encryptedData" }, /* 111 */ - { 0x09, 126, 1, 7, "PKCS-9" }, /* 112 */ - { 0x01, 114, 0, 8, "E" }, /* 113 */ - { 0x02, 115, 0, 8, "unstructuredName" }, /* 114 */ - { 0x03, 116, 0, 8, "contentType" }, /* 115 */ - { 0x04, 117, 0, 8, "messageDigest" }, /* 116 */ - { 0x05, 118, 0, 8, "signingTime" }, /* 117 */ - { 0x06, 119, 0, 8, "counterSignature" }, /* 118 */ - { 0x07, 120, 0, 8, "challengePassword" }, /* 119 */ - { 0x08, 121, 0, 8, "unstructuredAddress" }, /* 120 */ - { 0x0E, 122, 0, 8, "extensionRequest" }, /* 121 */ - { 0x0F, 123, 0, 8, "S/MIME Capabilities" }, /* 122 */ - { 0x16, 0, 1, 8, "certTypes" }, /* 123 */ - { 0x01, 125, 0, 9, "X.509" }, /* 124 */ - { 0x02, 0, 0, 9, "SDSI" }, /* 125 */ - { 0x0c, 0, 1, 7, "PKCS-12" }, /* 126 */ - { 0x01, 134, 1, 8, "pbeIds" }, /* 127 */ - { 0x01, 129, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 128 */ - { 0x02, 130, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 129 */ - { 0x03, 131, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 130 */ - { 0x04, 132, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 131 */ - { 0x05, 133, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 132 */ - { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 133 */ - { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 134 */ - { 0x01, 0, 1, 9, "bagIds" }, /* 135 */ - { 0x01, 137, 0, 10, "keyBag" }, /* 136 */ - { 0x02, 138, 0, 10, "pkcs8ShroudedKeyBag" }, /* 137 */ - { 0x03, 139, 0, 10, "certBag" }, /* 138 */ - { 0x04, 140, 0, 10, "crlBag" }, /* 139 */ - { 0x05, 141, 0, 10, "secretBag" }, /* 140 */ - { 0x06, 0, 0, 10, "safeContentsBag" }, /* 141 */ - { 0x02, 145, 1, 6, "digestAlgorithm" }, /* 142 */ - { 0x02, 144, 0, 7, "md2" }, /* 143 */ - { 0x05, 0, 0, 7, "md5" }, /* 144 */ - { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 145 */ - { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 146 */ - { 0xCE, 0, 1, 3, "" }, /* 147 */ - { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 148 */ - { 0x02, 151, 1, 5, "id-publicKeyType" }, /* 149 */ - { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 150 */ - { 0x03, 181, 1, 5, "ellipticCurve" }, /* 151 */ - { 0x00, 173, 1, 6, "c-TwoCurve" }, /* 152 */ - { 0x01, 154, 0, 7, "c2pnb163v1" }, /* 153 */ - { 0x02, 155, 0, 7, "c2pnb163v2" }, /* 154 */ - { 0x03, 156, 0, 7, "c2pnb163v3" }, /* 155 */ - { 0x04, 157, 0, 7, "c2pnb176w1" }, /* 156 */ - { 0x05, 158, 0, 7, "c2tnb191v1" }, /* 157 */ - { 0x06, 159, 0, 7, "c2tnb191v2" }, /* 158 */ - { 0x07, 160, 0, 7, "c2tnb191v3" }, /* 159 */ - { 0x08, 161, 0, 7, "c2onb191v4" }, /* 160 */ - { 0x09, 162, 0, 7, "c2onb191v5" }, /* 161 */ - { 0x0A, 163, 0, 7, "c2pnb208w1" }, /* 162 */ - { 0x0B, 164, 0, 7, "c2tnb239v1" }, /* 163 */ - { 0x0C, 165, 0, 7, "c2tnb239v2" }, /* 164 */ - { 0x0D, 166, 0, 7, "c2tnb239v3" }, /* 165 */ - { 0x0E, 167, 0, 7, "c2onb239v4" }, /* 166 */ - { 0x0F, 168, 0, 7, "c2onb239v5" }, /* 167 */ - { 0x10, 169, 0, 7, "c2pnb272w1" }, /* 168 */ - { 0x11, 170, 0, 7, "c2pnb304w1" }, /* 169 */ - { 0x12, 171, 0, 7, "c2tnb359v1" }, /* 170 */ - { 0x13, 172, 0, 7, "c2pnb368w1" }, /* 171 */ - { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 172 */ - { 0x01, 0, 1, 6, "primeCurve" }, /* 173 */ - { 0x01, 175, 0, 7, "prime192v1" }, /* 174 */ - { 0x02, 176, 0, 7, "prime192v2" }, /* 175 */ - { 0x03, 177, 0, 7, "prime192v3" }, /* 176 */ - { 0x04, 178, 0, 7, "prime239v1" }, /* 177 */ - { 0x05, 179, 0, 7, "prime239v2" }, /* 178 */ - { 0x06, 180, 0, 7, "prime239v3" }, /* 179 */ - { 0x07, 0, 0, 7, "prime256v1" }, /* 180 */ - { 0x04, 0, 1, 5, "id-ecSigType" }, /* 181 */ - { 0x01, 183, 0, 6, "ecdsa-with-SHA1" }, /* 182 */ - { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 183 */ - { 0x01, 185, 0, 7, "ecdsa-with-SHA224" }, /* 184 */ - { 0x02, 186, 0, 7, "ecdsa-with-SHA256" }, /* 185 */ - { 0x03, 187, 0, 7, "ecdsa-with-SHA384" }, /* 186 */ - { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 187 */ - {0x2B, 348, 1, 0, "" }, /* 188 */ - { 0x06, 262, 1, 1, "dod" }, /* 189 */ - { 0x01, 0, 1, 2, "internet" }, /* 190 */ - { 0x04, 213, 1, 3, "private" }, /* 191 */ - { 0x01, 0, 1, 4, "enterprise" }, /* 192 */ - { 0x82, 206, 1, 5, "" }, /* 193 */ - { 0x37, 203, 1, 6, "Microsoft" }, /* 194 */ - { 0x0A, 199, 1, 7, "" }, /* 195 */ - { 0x03, 0, 1, 8, "" }, /* 196 */ - { 0x03, 198, 0, 9, "msSGC" }, /* 197 */ - { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 198 */ - { 0x14, 0, 1, 7, "msEnrollmentInfrastructure" }, /* 199 */ - { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 200 */ - { 0x02, 202, 0, 9, "msSmartcardLogon" }, /* 201 */ - { 0x03, 0, 0, 9, "msUPN" }, /* 202 */ - { 0xA0, 0, 1, 6, "" }, /* 203 */ - { 0x2A, 0, 1, 7, "ITA" }, /* 204 */ - { 0x01, 0, 0, 8, "strongSwan" }, /* 205 */ - { 0x89, 0, 1, 5, "" }, /* 206 */ - { 0x31, 0, 1, 6, "" }, /* 207 */ - { 0x01, 0, 1, 7, "" }, /* 208 */ - { 0x01, 0, 1, 8, "" }, /* 209 */ - { 0x02, 0, 1, 9, "" }, /* 210 */ - { 0x02, 0, 1, 10, "" }, /* 211 */ - { 0x4B, 0, 0, 11, "TCGID" }, /* 212 */ - { 0x05, 0, 1, 3, "security" }, /* 213 */ - { 0x05, 0, 1, 4, "mechanisms" }, /* 214 */ - { 0x07, 259, 1, 5, "id-pkix" }, /* 215 */ - { 0x01, 220, 1, 6, "id-pe" }, /* 216 */ - { 0x01, 218, 0, 7, "authorityInfoAccess" }, /* 217 */ - { 0x03, 219, 0, 7, "qcStatements" }, /* 218 */ - { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 219 */ - { 0x02, 223, 1, 6, "id-qt" }, /* 220 */ - { 0x01, 222, 0, 7, "cps" }, /* 221 */ - { 0x02, 0, 0, 7, "unotice" }, /* 222 */ - { 0x03, 233, 1, 6, "id-kp" }, /* 223 */ - { 0x01, 225, 0, 7, "serverAuth" }, /* 224 */ - { 0x02, 226, 0, 7, "clientAuth" }, /* 225 */ - { 0x03, 227, 0, 7, "codeSigning" }, /* 226 */ - { 0x04, 228, 0, 7, "emailProtection" }, /* 227 */ - { 0x05, 229, 0, 7, "ipsecEndSystem" }, /* 228 */ - { 0x06, 230, 0, 7, "ipsecTunnel" }, /* 229 */ - { 0x07, 231, 0, 7, "ipsecUser" }, /* 230 */ - { 0x08, 232, 0, 7, "timeStamping" }, /* 231 */ - { 0x09, 0, 0, 7, "ocspSigning" }, /* 232 */ - { 0x08, 241, 1, 6, "id-otherNames" }, /* 233 */ - { 0x01, 235, 0, 7, "personalData" }, /* 234 */ - { 0x02, 236, 0, 7, "userGroup" }, /* 235 */ - { 0x03, 237, 0, 7, "id-on-permanentIdentifier" }, /* 236 */ - { 0x04, 238, 0, 7, "id-on-hardwareModuleName" }, /* 237 */ - { 0x05, 239, 0, 7, "xmppAddr" }, /* 238 */ - { 0x06, 240, 0, 7, "id-on-SIM" }, /* 239 */ - { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 240 */ - { 0x0A, 246, 1, 6, "id-aca" }, /* 241 */ - { 0x01, 243, 0, 7, "authenticationInfo" }, /* 242 */ - { 0x02, 244, 0, 7, "accessIdentity" }, /* 243 */ - { 0x03, 245, 0, 7, "chargingIdentity" }, /* 244 */ - { 0x04, 0, 0, 7, "group" }, /* 245 */ - { 0x0B, 247, 0, 6, "subjectInfoAccess" }, /* 246 */ - { 0x30, 0, 1, 6, "id-ad" }, /* 247 */ - { 0x01, 256, 1, 7, "ocsp" }, /* 248 */ - { 0x01, 250, 0, 8, "basic" }, /* 249 */ - { 0x02, 251, 0, 8, "nonce" }, /* 250 */ - { 0x03, 252, 0, 8, "crl" }, /* 251 */ - { 0x04, 253, 0, 8, "response" }, /* 252 */ - { 0x05, 254, 0, 8, "noCheck" }, /* 253 */ - { 0x06, 255, 0, 8, "archiveCutoff" }, /* 254 */ - { 0x07, 0, 0, 8, "serviceLocator" }, /* 255 */ - { 0x02, 257, 0, 7, "caIssuers" }, /* 256 */ - { 0x03, 258, 0, 7, "timeStamping" }, /* 257 */ - { 0x05, 0, 0, 7, "caRepository" }, /* 258 */ - { 0x08, 0, 1, 5, "ipsec" }, /* 259 */ - { 0x02, 0, 1, 6, "certificate" }, /* 260 */ - { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 261 */ - { 0x0E, 268, 1, 1, "oiw" }, /* 262 */ - { 0x03, 0, 1, 2, "secsig" }, /* 263 */ - { 0x02, 0, 1, 3, "algorithms" }, /* 264 */ - { 0x07, 266, 0, 4, "des-cbc" }, /* 265 */ - { 0x1A, 267, 0, 4, "sha-1" }, /* 266 */ - { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 267 */ - { 0x24, 314, 1, 1, "TeleTrusT" }, /* 268 */ - { 0x03, 0, 1, 2, "algorithm" }, /* 269 */ - { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 270 */ - { 0x01, 275, 1, 4, "rsaSignature" }, /* 271 */ - { 0x02, 273, 0, 5, "rsaSigWithripemd160" }, /* 272 */ - { 0x03, 274, 0, 5, "rsaSigWithripemd128" }, /* 273 */ - { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 274 */ - { 0x02, 0, 1, 4, "ecSign" }, /* 275 */ - { 0x01, 277, 0, 5, "ecSignWithsha1" }, /* 276 */ - { 0x02, 278, 0, 5, "ecSignWithripemd160" }, /* 277 */ - { 0x03, 279, 0, 5, "ecSignWithmd2" }, /* 278 */ - { 0x04, 280, 0, 5, "ecSignWithmd5" }, /* 279 */ - { 0x05, 297, 1, 5, "ttt-ecg" }, /* 280 */ - { 0x01, 285, 1, 6, "fieldType" }, /* 281 */ - { 0x01, 0, 1, 7, "characteristictwoField" }, /* 282 */ - { 0x01, 0, 1, 8, "basisType" }, /* 283 */ - { 0x01, 0, 0, 9, "ipBasis" }, /* 284 */ - { 0x02, 287, 1, 6, "keyType" }, /* 285 */ - { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 286 */ - { 0x03, 288, 0, 6, "curve" }, /* 287 */ - { 0x04, 295, 1, 6, "signatures" }, /* 288 */ - { 0x01, 290, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 289 */ - { 0x02, 291, 0, 7, "ecgdsa-with-SHA1" }, /* 290 */ - { 0x03, 292, 0, 7, "ecgdsa-with-SHA224" }, /* 291 */ - { 0x04, 293, 0, 7, "ecgdsa-with-SHA256" }, /* 292 */ - { 0x05, 294, 0, 7, "ecgdsa-with-SHA384" }, /* 293 */ - { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 294 */ - { 0x05, 0, 1, 6, "module" }, /* 295 */ - { 0x01, 0, 0, 7, "1" }, /* 296 */ - { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 297 */ - { 0x01, 0, 1, 6, "ellipticCurve" }, /* 298 */ - { 0x01, 0, 1, 7, "versionOne" }, /* 299 */ - { 0x01, 301, 0, 8, "brainpoolP160r1" }, /* 300 */ - { 0x02, 302, 0, 8, "brainpoolP160t1" }, /* 301 */ - { 0x03, 303, 0, 8, "brainpoolP192r1" }, /* 302 */ - { 0x04, 304, 0, 8, "brainpoolP192t1" }, /* 303 */ - { 0x05, 305, 0, 8, "brainpoolP224r1" }, /* 304 */ - { 0x06, 306, 0, 8, "brainpoolP224t1" }, /* 305 */ - { 0x07, 307, 0, 8, "brainpoolP256r1" }, /* 306 */ - { 0x08, 308, 0, 8, "brainpoolP256t1" }, /* 307 */ - { 0x09, 309, 0, 8, "brainpoolP320r1" }, /* 308 */ - { 0x0A, 310, 0, 8, "brainpoolP320t1" }, /* 309 */ - { 0x0B, 311, 0, 8, "brainpoolP384r1" }, /* 310 */ - { 0x0C, 312, 0, 8, "brainpoolP384t1" }, /* 311 */ - { 0x0D, 313, 0, 8, "brainpoolP512r1" }, /* 312 */ - { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 313 */ - { 0x81, 0, 1, 1, "" }, /* 314 */ - { 0x04, 0, 1, 2, "Certicom" }, /* 315 */ - { 0x00, 0, 1, 3, "curve" }, /* 316 */ - { 0x01, 318, 0, 4, "sect163k1" }, /* 317 */ - { 0x02, 319, 0, 4, "sect163r1" }, /* 318 */ - { 0x03, 320, 0, 4, "sect239k1" }, /* 319 */ - { 0x04, 321, 0, 4, "sect113r1" }, /* 320 */ - { 0x05, 322, 0, 4, "sect113r2" }, /* 321 */ - { 0x06, 323, 0, 4, "secp112r1" }, /* 322 */ - { 0x07, 324, 0, 4, "secp112r2" }, /* 323 */ - { 0x08, 325, 0, 4, "secp160r1" }, /* 324 */ - { 0x09, 326, 0, 4, "secp160k1" }, /* 325 */ - { 0x0A, 327, 0, 4, "secp256k1" }, /* 326 */ - { 0x0F, 328, 0, 4, "sect163r2" }, /* 327 */ - { 0x10, 329, 0, 4, "sect283k1" }, /* 328 */ - { 0x11, 330, 0, 4, "sect283r1" }, /* 329 */ - { 0x16, 331, 0, 4, "sect131r1" }, /* 330 */ - { 0x17, 332, 0, 4, "sect131r2" }, /* 331 */ - { 0x18, 333, 0, 4, "sect193r1" }, /* 332 */ - { 0x19, 334, 0, 4, "sect193r2" }, /* 333 */ - { 0x1A, 335, 0, 4, "sect233k1" }, /* 334 */ - { 0x1B, 336, 0, 4, "sect233r1" }, /* 335 */ - { 0x1C, 337, 0, 4, "secp128r1" }, /* 336 */ - { 0x1D, 338, 0, 4, "secp128r2" }, /* 337 */ - { 0x1E, 339, 0, 4, "secp160r2" }, /* 338 */ - { 0x1F, 340, 0, 4, "secp192k1" }, /* 339 */ - { 0x20, 341, 0, 4, "secp224k1" }, /* 340 */ - { 0x21, 342, 0, 4, "secp224r1" }, /* 341 */ - { 0x22, 343, 0, 4, "secp384r1" }, /* 342 */ - { 0x23, 344, 0, 4, "secp521r1" }, /* 343 */ - { 0x24, 345, 0, 4, "sect409k1" }, /* 344 */ - { 0x25, 346, 0, 4, "sect409r1" }, /* 345 */ - { 0x26, 347, 0, 4, "sect571k1" }, /* 346 */ - { 0x27, 0, 0, 4, "sect571r1" }, /* 347 */ - {0x60, 396, 1, 0, "" }, /* 348 */ - { 0x86, 0, 1, 1, "" }, /* 349 */ - { 0x48, 0, 1, 2, "" }, /* 350 */ - { 0x01, 0, 1, 3, "organization" }, /* 351 */ - { 0x65, 372, 1, 4, "gov" }, /* 352 */ - { 0x03, 0, 1, 5, "csor" }, /* 353 */ - { 0x04, 0, 1, 6, "nistalgorithm" }, /* 354 */ - { 0x01, 365, 1, 7, "aes" }, /* 355 */ - { 0x02, 357, 0, 8, "id-aes128-CBC" }, /* 356 */ - { 0x06, 358, 0, 8, "id-aes128-GCM" }, /* 357 */ - { 0x07, 359, 0, 8, "id-aes128-CCM" }, /* 358 */ - { 0x16, 360, 0, 8, "id-aes192-CBC" }, /* 359 */ - { 0x1A, 361, 0, 8, "id-aes192-GCM" }, /* 360 */ - { 0x1B, 362, 0, 8, "id-aes192-CCM" }, /* 361 */ - { 0x2A, 363, 0, 8, "id-aes256-CBC" }, /* 362 */ - { 0x2E, 364, 0, 8, "id-aes256-GCM" }, /* 363 */ - { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 364 */ - { 0x02, 0, 1, 7, "hashalgs" }, /* 365 */ - { 0x01, 367, 0, 8, "id-SHA-256" }, /* 366 */ - { 0x02, 368, 0, 8, "id-SHA-384" }, /* 367 */ - { 0x03, 369, 0, 8, "id-SHA-512" }, /* 368 */ - { 0x04, 370, 0, 8, "id-SHA-224" }, /* 369 */ - { 0x05, 371, 0, 8, "id-SHA-512-224" }, /* 370 */ - { 0x06, 0, 0, 8, "id-SHA-512-256" }, /* 371 */ - { 0x86, 0, 1, 4, "" }, /* 372 */ - { 0xf8, 0, 1, 5, "" }, /* 373 */ - { 0x42, 386, 1, 6, "netscape" }, /* 374 */ - { 0x01, 381, 1, 7, "" }, /* 375 */ - { 0x01, 377, 0, 8, "nsCertType" }, /* 376 */ - { 0x03, 378, 0, 8, "nsRevocationUrl" }, /* 377 */ - { 0x04, 379, 0, 8, "nsCaRevocationUrl" }, /* 378 */ - { 0x08, 380, 0, 8, "nsCaPolicyUrl" }, /* 379 */ - { 0x0d, 0, 0, 8, "nsComment" }, /* 380 */ - { 0x03, 384, 1, 7, "directory" }, /* 381 */ - { 0x01, 0, 1, 8, "" }, /* 382 */ - { 0x03, 0, 0, 9, "employeeNumber" }, /* 383 */ - { 0x04, 0, 1, 7, "policy" }, /* 384 */ - { 0x01, 0, 0, 8, "nsSGC" }, /* 385 */ - { 0x45, 0, 1, 6, "verisign" }, /* 386 */ - { 0x01, 0, 1, 7, "pki" }, /* 387 */ - { 0x09, 0, 1, 8, "attributes" }, /* 388 */ - { 0x02, 390, 0, 9, "messageType" }, /* 389 */ - { 0x03, 391, 0, 9, "pkiStatus" }, /* 390 */ - { 0x04, 392, 0, 9, "failInfo" }, /* 391 */ - { 0x05, 393, 0, 9, "senderNonce" }, /* 392 */ - { 0x06, 394, 0, 9, "recipientNonce" }, /* 393 */ - { 0x07, 395, 0, 9, "transID" }, /* 394 */ - { 0x08, 0, 0, 9, "extensionReq" }, /* 395 */ - {0x67, 0, 1, 0, "" }, /* 396 */ - { 0x81, 0, 1, 1, "" }, /* 397 */ - { 0x05, 0, 1, 2, "" }, /* 398 */ - { 0x02, 0, 1, 3, "tcg-attribute" }, /* 399 */ - { 0x01, 401, 0, 4, "tcg-at-tpmManufacturer" }, /* 400 */ - { 0x02, 402, 0, 4, "tcg-at-tpmModel" }, /* 401 */ - { 0x03, 403, 0, 4, "tcg-at-tpmVersion" }, /* 402 */ - { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 403 */ + { 0x08, 96, 0, 8, "id-mgf1" }, /* 95 */ + { 0x09, 97, 0, 8, "id-pSpecified" }, /* 96 */ + { 0x0B, 98, 0, 8, "sha256WithRSAEncryption" }, /* 97 */ + { 0x0C, 99, 0, 8, "sha384WithRSAEncryption" }, /* 98 */ + { 0x0D, 100, 0, 8, "sha512WithRSAEncryption" }, /* 99 */ + { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 100 */ + { 0x05, 106, 1, 7, "PKCS-5" }, /* 101 */ + { 0x03, 103, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 102 */ + { 0x0A, 104, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 103 */ + { 0x0C, 105, 0, 8, "id-PBKDF2" }, /* 104 */ + { 0x0D, 0, 0, 8, "id-PBES2" }, /* 105 */ + { 0x07, 113, 1, 7, "PKCS-7" }, /* 106 */ + { 0x01, 108, 0, 8, "data" }, /* 107 */ + { 0x02, 109, 0, 8, "signedData" }, /* 108 */ + { 0x03, 110, 0, 8, "envelopedData" }, /* 109 */ + { 0x04, 111, 0, 8, "signedAndEnvelopedData" }, /* 110 */ + { 0x05, 112, 0, 8, "digestedData" }, /* 111 */ + { 0x06, 0, 0, 8, "encryptedData" }, /* 112 */ + { 0x09, 127, 1, 7, "PKCS-9" }, /* 113 */ + { 0x01, 115, 0, 8, "E" }, /* 114 */ + { 0x02, 116, 0, 8, "unstructuredName" }, /* 115 */ + { 0x03, 117, 0, 8, "contentType" }, /* 116 */ + { 0x04, 118, 0, 8, "messageDigest" }, /* 117 */ + { 0x05, 119, 0, 8, "signingTime" }, /* 118 */ + { 0x06, 120, 0, 8, "counterSignature" }, /* 119 */ + { 0x07, 121, 0, 8, "challengePassword" }, /* 120 */ + { 0x08, 122, 0, 8, "unstructuredAddress" }, /* 121 */ + { 0x0E, 123, 0, 8, "extensionRequest" }, /* 122 */ + { 0x0F, 124, 0, 8, "S/MIME Capabilities" }, /* 123 */ + { 0x16, 0, 1, 8, "certTypes" }, /* 124 */ + { 0x01, 126, 0, 9, "X.509" }, /* 125 */ + { 0x02, 0, 0, 9, "SDSI" }, /* 126 */ + { 0x0c, 0, 1, 7, "PKCS-12" }, /* 127 */ + { 0x01, 135, 1, 8, "pbeIds" }, /* 128 */ + { 0x01, 130, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 129 */ + { 0x02, 131, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 130 */ + { 0x03, 132, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 131 */ + { 0x04, 133, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 132 */ + { 0x05, 134, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 133 */ + { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 134 */ + { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 135 */ + { 0x01, 0, 1, 9, "bagIds" }, /* 136 */ + { 0x01, 138, 0, 10, "keyBag" }, /* 137 */ + { 0x02, 139, 0, 10, "pkcs8ShroudedKeyBag" }, /* 138 */ + { 0x03, 140, 0, 10, "certBag" }, /* 139 */ + { 0x04, 141, 0, 10, "crlBag" }, /* 140 */ + { 0x05, 142, 0, 10, "secretBag" }, /* 141 */ + { 0x06, 0, 0, 10, "safeContentsBag" }, /* 142 */ + { 0x02, 146, 1, 6, "digestAlgorithm" }, /* 143 */ + { 0x02, 145, 0, 7, "md2" }, /* 144 */ + { 0x05, 0, 0, 7, "md5" }, /* 145 */ + { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 146 */ + { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 147 */ + { 0xCE, 0, 1, 3, "" }, /* 148 */ + { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 149 */ + { 0x02, 152, 1, 5, "id-publicKeyType" }, /* 150 */ + { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 151 */ + { 0x03, 182, 1, 5, "ellipticCurve" }, /* 152 */ + { 0x00, 174, 1, 6, "c-TwoCurve" }, /* 153 */ + { 0x01, 155, 0, 7, "c2pnb163v1" }, /* 154 */ + { 0x02, 156, 0, 7, "c2pnb163v2" }, /* 155 */ + { 0x03, 157, 0, 7, "c2pnb163v3" }, /* 156 */ + { 0x04, 158, 0, 7, "c2pnb176w1" }, /* 157 */ + { 0x05, 159, 0, 7, "c2tnb191v1" }, /* 158 */ + { 0x06, 160, 0, 7, "c2tnb191v2" }, /* 159 */ + { 0x07, 161, 0, 7, "c2tnb191v3" }, /* 160 */ + { 0x08, 162, 0, 7, "c2onb191v4" }, /* 161 */ + { 0x09, 163, 0, 7, "c2onb191v5" }, /* 162 */ + { 0x0A, 164, 0, 7, "c2pnb208w1" }, /* 163 */ + { 0x0B, 165, 0, 7, "c2tnb239v1" }, /* 164 */ + { 0x0C, 166, 0, 7, "c2tnb239v2" }, /* 165 */ + { 0x0D, 167, 0, 7, "c2tnb239v3" }, /* 166 */ + { 0x0E, 168, 0, 7, "c2onb239v4" }, /* 167 */ + { 0x0F, 169, 0, 7, "c2onb239v5" }, /* 168 */ + { 0x10, 170, 0, 7, "c2pnb272w1" }, /* 169 */ + { 0x11, 171, 0, 7, "c2pnb304w1" }, /* 170 */ + { 0x12, 172, 0, 7, "c2tnb359v1" }, /* 171 */ + { 0x13, 173, 0, 7, "c2pnb368w1" }, /* 172 */ + { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 173 */ + { 0x01, 0, 1, 6, "primeCurve" }, /* 174 */ + { 0x01, 176, 0, 7, "prime192v1" }, /* 175 */ + { 0x02, 177, 0, 7, "prime192v2" }, /* 176 */ + { 0x03, 178, 0, 7, "prime192v3" }, /* 177 */ + { 0x04, 179, 0, 7, "prime239v1" }, /* 178 */ + { 0x05, 180, 0, 7, "prime239v2" }, /* 179 */ + { 0x06, 181, 0, 7, "prime239v3" }, /* 180 */ + { 0x07, 0, 0, 7, "prime256v1" }, /* 181 */ + { 0x04, 0, 1, 5, "id-ecSigType" }, /* 182 */ + { 0x01, 184, 0, 6, "ecdsa-with-SHA1" }, /* 183 */ + { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 184 */ + { 0x01, 186, 0, 7, "ecdsa-with-SHA224" }, /* 185 */ + { 0x02, 187, 0, 7, "ecdsa-with-SHA256" }, /* 186 */ + { 0x03, 188, 0, 7, "ecdsa-with-SHA384" }, /* 187 */ + { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 188 */ + {0x2B, 372, 1, 0, "" }, /* 189 */ + { 0x06, 286, 1, 1, "dod" }, /* 190 */ + { 0x01, 0, 1, 2, "internet" }, /* 191 */ + { 0x04, 237, 1, 3, "private" }, /* 192 */ + { 0x01, 0, 1, 4, "enterprise" }, /* 193 */ + { 0x82, 207, 1, 5, "" }, /* 194 */ + { 0x37, 204, 1, 6, "Microsoft" }, /* 195 */ + { 0x0A, 200, 1, 7, "" }, /* 196 */ + { 0x03, 0, 1, 8, "" }, /* 197 */ + { 0x03, 199, 0, 9, "msSGC" }, /* 198 */ + { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 199 */ + { 0x14, 0, 1, 7, "msEnrollmentInfrastructure" }, /* 200 */ + { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 201 */ + { 0x02, 203, 0, 9, "msSmartcardLogon" }, /* 202 */ + { 0x03, 0, 0, 9, "msUPN" }, /* 203 */ + { 0xA0, 0, 1, 6, "" }, /* 204 */ + { 0x2A, 0, 1, 7, "ITA" }, /* 205 */ + { 0x01, 0, 0, 8, "strongSwan" }, /* 206 */ + { 0x89, 214, 1, 5, "" }, /* 207 */ + { 0x31, 0, 1, 6, "" }, /* 208 */ + { 0x01, 0, 1, 7, "" }, /* 209 */ + { 0x01, 0, 1, 8, "" }, /* 210 */ + { 0x02, 0, 1, 9, "" }, /* 211 */ + { 0x02, 0, 1, 10, "" }, /* 212 */ + { 0x4B, 0, 0, 11, "TCGID" }, /* 213 */ + { 0xc1, 0, 1, 5, "" }, /* 214 */ + { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 215 */ + { 0x01, 0, 1, 7, "eess" }, /* 216 */ + { 0x01, 0, 1, 8, "eess1" }, /* 217 */ + { 0x01, 222, 1, 9, "eess1-algs" }, /* 218 */ + { 0x01, 220, 0, 10, "ntru-EESS1v1-SVES" }, /* 219 */ + { 0x02, 221, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 220 */ + { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 221 */ + { 0x02, 236, 1, 9, "eess1-params" }, /* 222 */ + { 0x01, 224, 0, 10, "ees251ep1" }, /* 223 */ + { 0x02, 225, 0, 10, "ees347ep1" }, /* 224 */ + { 0x03, 226, 0, 10, "ees503ep1" }, /* 225 */ + { 0x07, 227, 0, 10, "ees251sp2" }, /* 226 */ + { 0x0C, 228, 0, 10, "ees251ep4" }, /* 227 */ + { 0x0D, 229, 0, 10, "ees251ep5" }, /* 228 */ + { 0x0E, 230, 0, 10, "ees251sp3" }, /* 229 */ + { 0x0F, 231, 0, 10, "ees251sp4" }, /* 230 */ + { 0x10, 232, 0, 10, "ees251sp5" }, /* 231 */ + { 0x11, 233, 0, 10, "ees251sp6" }, /* 232 */ + { 0x12, 234, 0, 10, "ees251sp7" }, /* 233 */ + { 0x13, 235, 0, 10, "ees251sp8" }, /* 234 */ + { 0x14, 0, 0, 10, "ees251sp9" }, /* 235 */ + { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 236 */ + { 0x05, 0, 1, 3, "security" }, /* 237 */ + { 0x05, 0, 1, 4, "mechanisms" }, /* 238 */ + { 0x07, 283, 1, 5, "id-pkix" }, /* 239 */ + { 0x01, 244, 1, 6, "id-pe" }, /* 240 */ + { 0x01, 242, 0, 7, "authorityInfoAccess" }, /* 241 */ + { 0x03, 243, 0, 7, "qcStatements" }, /* 242 */ + { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 243 */ + { 0x02, 247, 1, 6, "id-qt" }, /* 244 */ + { 0x01, 246, 0, 7, "cps" }, /* 245 */ + { 0x02, 0, 0, 7, "unotice" }, /* 246 */ + { 0x03, 257, 1, 6, "id-kp" }, /* 247 */ + { 0x01, 249, 0, 7, "serverAuth" }, /* 248 */ + { 0x02, 250, 0, 7, "clientAuth" }, /* 249 */ + { 0x03, 251, 0, 7, "codeSigning" }, /* 250 */ + { 0x04, 252, 0, 7, "emailProtection" }, /* 251 */ + { 0x05, 253, 0, 7, "ipsecEndSystem" }, /* 252 */ + { 0x06, 254, 0, 7, "ipsecTunnel" }, /* 253 */ + { 0x07, 255, 0, 7, "ipsecUser" }, /* 254 */ + { 0x08, 256, 0, 7, "timeStamping" }, /* 255 */ + { 0x09, 0, 0, 7, "ocspSigning" }, /* 256 */ + { 0x08, 265, 1, 6, "id-otherNames" }, /* 257 */ + { 0x01, 259, 0, 7, "personalData" }, /* 258 */ + { 0x02, 260, 0, 7, "userGroup" }, /* 259 */ + { 0x03, 261, 0, 7, "id-on-permanentIdentifier" }, /* 260 */ + { 0x04, 262, 0, 7, "id-on-hardwareModuleName" }, /* 261 */ + { 0x05, 263, 0, 7, "xmppAddr" }, /* 262 */ + { 0x06, 264, 0, 7, "id-on-SIM" }, /* 263 */ + { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 264 */ + { 0x0A, 270, 1, 6, "id-aca" }, /* 265 */ + { 0x01, 267, 0, 7, "authenticationInfo" }, /* 266 */ + { 0x02, 268, 0, 7, "accessIdentity" }, /* 267 */ + { 0x03, 269, 0, 7, "chargingIdentity" }, /* 268 */ + { 0x04, 0, 0, 7, "group" }, /* 269 */ + { 0x0B, 271, 0, 6, "subjectInfoAccess" }, /* 270 */ + { 0x30, 0, 1, 6, "id-ad" }, /* 271 */ + { 0x01, 280, 1, 7, "ocsp" }, /* 272 */ + { 0x01, 274, 0, 8, "basic" }, /* 273 */ + { 0x02, 275, 0, 8, "nonce" }, /* 274 */ + { 0x03, 276, 0, 8, "crl" }, /* 275 */ + { 0x04, 277, 0, 8, "response" }, /* 276 */ + { 0x05, 278, 0, 8, "noCheck" }, /* 277 */ + { 0x06, 279, 0, 8, "archiveCutoff" }, /* 278 */ + { 0x07, 0, 0, 8, "serviceLocator" }, /* 279 */ + { 0x02, 281, 0, 7, "caIssuers" }, /* 280 */ + { 0x03, 282, 0, 7, "timeStamping" }, /* 281 */ + { 0x05, 0, 0, 7, "caRepository" }, /* 282 */ + { 0x08, 0, 1, 5, "ipsec" }, /* 283 */ + { 0x02, 0, 1, 6, "certificate" }, /* 284 */ + { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 285 */ + { 0x0E, 292, 1, 1, "oiw" }, /* 286 */ + { 0x03, 0, 1, 2, "secsig" }, /* 287 */ + { 0x02, 0, 1, 3, "algorithms" }, /* 288 */ + { 0x07, 290, 0, 4, "des-cbc" }, /* 289 */ + { 0x1A, 291, 0, 4, "sha-1" }, /* 290 */ + { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 291 */ + { 0x24, 338, 1, 1, "TeleTrusT" }, /* 292 */ + { 0x03, 0, 1, 2, "algorithm" }, /* 293 */ + { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 294 */ + { 0x01, 299, 1, 4, "rsaSignature" }, /* 295 */ + { 0x02, 297, 0, 5, "rsaSigWithripemd160" }, /* 296 */ + { 0x03, 298, 0, 5, "rsaSigWithripemd128" }, /* 297 */ + { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 298 */ + { 0x02, 0, 1, 4, "ecSign" }, /* 299 */ + { 0x01, 301, 0, 5, "ecSignWithsha1" }, /* 300 */ + { 0x02, 302, 0, 5, "ecSignWithripemd160" }, /* 301 */ + { 0x03, 303, 0, 5, "ecSignWithmd2" }, /* 302 */ + { 0x04, 304, 0, 5, "ecSignWithmd5" }, /* 303 */ + { 0x05, 321, 1, 5, "ttt-ecg" }, /* 304 */ + { 0x01, 309, 1, 6, "fieldType" }, /* 305 */ + { 0x01, 0, 1, 7, "characteristictwoField" }, /* 306 */ + { 0x01, 0, 1, 8, "basisType" }, /* 307 */ + { 0x01, 0, 0, 9, "ipBasis" }, /* 308 */ + { 0x02, 311, 1, 6, "keyType" }, /* 309 */ + { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 310 */ + { 0x03, 312, 0, 6, "curve" }, /* 311 */ + { 0x04, 319, 1, 6, "signatures" }, /* 312 */ + { 0x01, 314, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 313 */ + { 0x02, 315, 0, 7, "ecgdsa-with-SHA1" }, /* 314 */ + { 0x03, 316, 0, 7, "ecgdsa-with-SHA224" }, /* 315 */ + { 0x04, 317, 0, 7, "ecgdsa-with-SHA256" }, /* 316 */ + { 0x05, 318, 0, 7, "ecgdsa-with-SHA384" }, /* 317 */ + { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 318 */ + { 0x05, 0, 1, 6, "module" }, /* 319 */ + { 0x01, 0, 0, 7, "1" }, /* 320 */ + { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 321 */ + { 0x01, 0, 1, 6, "ellipticCurve" }, /* 322 */ + { 0x01, 0, 1, 7, "versionOne" }, /* 323 */ + { 0x01, 325, 0, 8, "brainpoolP160r1" }, /* 324 */ + { 0x02, 326, 0, 8, "brainpoolP160t1" }, /* 325 */ + { 0x03, 327, 0, 8, "brainpoolP192r1" }, /* 326 */ + { 0x04, 328, 0, 8, "brainpoolP192t1" }, /* 327 */ + { 0x05, 329, 0, 8, "brainpoolP224r1" }, /* 328 */ + { 0x06, 330, 0, 8, "brainpoolP224t1" }, /* 329 */ + { 0x07, 331, 0, 8, "brainpoolP256r1" }, /* 330 */ + { 0x08, 332, 0, 8, "brainpoolP256t1" }, /* 331 */ + { 0x09, 333, 0, 8, "brainpoolP320r1" }, /* 332 */ + { 0x0A, 334, 0, 8, "brainpoolP320t1" }, /* 333 */ + { 0x0B, 335, 0, 8, "brainpoolP384r1" }, /* 334 */ + { 0x0C, 336, 0, 8, "brainpoolP384t1" }, /* 335 */ + { 0x0D, 337, 0, 8, "brainpoolP512r1" }, /* 336 */ + { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 337 */ + { 0x81, 0, 1, 1, "" }, /* 338 */ + { 0x04, 0, 1, 2, "Certicom" }, /* 339 */ + { 0x00, 0, 1, 3, "curve" }, /* 340 */ + { 0x01, 342, 0, 4, "sect163k1" }, /* 341 */ + { 0x02, 343, 0, 4, "sect163r1" }, /* 342 */ + { 0x03, 344, 0, 4, "sect239k1" }, /* 343 */ + { 0x04, 345, 0, 4, "sect113r1" }, /* 344 */ + { 0x05, 346, 0, 4, "sect113r2" }, /* 345 */ + { 0x06, 347, 0, 4, "secp112r1" }, /* 346 */ + { 0x07, 348, 0, 4, "secp112r2" }, /* 347 */ + { 0x08, 349, 0, 4, "secp160r1" }, /* 348 */ + { 0x09, 350, 0, 4, "secp160k1" }, /* 349 */ + { 0x0A, 351, 0, 4, "secp256k1" }, /* 350 */ + { 0x0F, 352, 0, 4, "sect163r2" }, /* 351 */ + { 0x10, 353, 0, 4, "sect283k1" }, /* 352 */ + { 0x11, 354, 0, 4, "sect283r1" }, /* 353 */ + { 0x16, 355, 0, 4, "sect131r1" }, /* 354 */ + { 0x17, 356, 0, 4, "sect131r2" }, /* 355 */ + { 0x18, 357, 0, 4, "sect193r1" }, /* 356 */ + { 0x19, 358, 0, 4, "sect193r2" }, /* 357 */ + { 0x1A, 359, 0, 4, "sect233k1" }, /* 358 */ + { 0x1B, 360, 0, 4, "sect233r1" }, /* 359 */ + { 0x1C, 361, 0, 4, "secp128r1" }, /* 360 */ + { 0x1D, 362, 0, 4, "secp128r2" }, /* 361 */ + { 0x1E, 363, 0, 4, "secp160r2" }, /* 362 */ + { 0x1F, 364, 0, 4, "secp192k1" }, /* 363 */ + { 0x20, 365, 0, 4, "secp224k1" }, /* 364 */ + { 0x21, 366, 0, 4, "secp224r1" }, /* 365 */ + { 0x22, 367, 0, 4, "secp384r1" }, /* 366 */ + { 0x23, 368, 0, 4, "secp521r1" }, /* 367 */ + { 0x24, 369, 0, 4, "sect409k1" }, /* 368 */ + { 0x25, 370, 0, 4, "sect409r1" }, /* 369 */ + { 0x26, 371, 0, 4, "sect571k1" }, /* 370 */ + { 0x27, 0, 0, 4, "sect571r1" }, /* 371 */ + {0x60, 420, 1, 0, "" }, /* 372 */ + { 0x86, 0, 1, 1, "" }, /* 373 */ + { 0x48, 0, 1, 2, "" }, /* 374 */ + { 0x01, 0, 1, 3, "organization" }, /* 375 */ + { 0x65, 396, 1, 4, "gov" }, /* 376 */ + { 0x03, 0, 1, 5, "csor" }, /* 377 */ + { 0x04, 0, 1, 6, "nistalgorithm" }, /* 378 */ + { 0x01, 389, 1, 7, "aes" }, /* 379 */ + { 0x02, 381, 0, 8, "id-aes128-CBC" }, /* 380 */ + { 0x06, 382, 0, 8, "id-aes128-GCM" }, /* 381 */ + { 0x07, 383, 0, 8, "id-aes128-CCM" }, /* 382 */ + { 0x16, 384, 0, 8, "id-aes192-CBC" }, /* 383 */ + { 0x1A, 385, 0, 8, "id-aes192-GCM" }, /* 384 */ + { 0x1B, 386, 0, 8, "id-aes192-CCM" }, /* 385 */ + { 0x2A, 387, 0, 8, "id-aes256-CBC" }, /* 386 */ + { 0x2E, 388, 0, 8, "id-aes256-GCM" }, /* 387 */ + { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 388 */ + { 0x02, 0, 1, 7, "hashalgs" }, /* 389 */ + { 0x01, 391, 0, 8, "id-SHA-256" }, /* 390 */ + { 0x02, 392, 0, 8, "id-SHA-384" }, /* 391 */ + { 0x03, 393, 0, 8, "id-SHA-512" }, /* 392 */ + { 0x04, 394, 0, 8, "id-SHA-224" }, /* 393 */ + { 0x05, 395, 0, 8, "id-SHA-512-224" }, /* 394 */ + { 0x06, 0, 0, 8, "id-SHA-512-256" }, /* 395 */ + { 0x86, 0, 1, 4, "" }, /* 396 */ + { 0xf8, 0, 1, 5, "" }, /* 397 */ + { 0x42, 410, 1, 6, "netscape" }, /* 398 */ + { 0x01, 405, 1, 7, "" }, /* 399 */ + { 0x01, 401, 0, 8, "nsCertType" }, /* 400 */ + { 0x03, 402, 0, 8, "nsRevocationUrl" }, /* 401 */ + { 0x04, 403, 0, 8, "nsCaRevocationUrl" }, /* 402 */ + { 0x08, 404, 0, 8, "nsCaPolicyUrl" }, /* 403 */ + { 0x0d, 0, 0, 8, "nsComment" }, /* 404 */ + { 0x03, 408, 1, 7, "directory" }, /* 405 */ + { 0x01, 0, 1, 8, "" }, /* 406 */ + { 0x03, 0, 0, 9, "employeeNumber" }, /* 407 */ + { 0x04, 0, 1, 7, "policy" }, /* 408 */ + { 0x01, 0, 0, 8, "nsSGC" }, /* 409 */ + { 0x45, 0, 1, 6, "verisign" }, /* 410 */ + { 0x01, 0, 1, 7, "pki" }, /* 411 */ + { 0x09, 0, 1, 8, "attributes" }, /* 412 */ + { 0x02, 414, 0, 9, "messageType" }, /* 413 */ + { 0x03, 415, 0, 9, "pkiStatus" }, /* 414 */ + { 0x04, 416, 0, 9, "failInfo" }, /* 415 */ + { 0x05, 417, 0, 9, "senderNonce" }, /* 416 */ + { 0x06, 418, 0, 9, "recipientNonce" }, /* 417 */ + { 0x07, 419, 0, 9, "transID" }, /* 418 */ + { 0x08, 0, 0, 9, "extensionReq" }, /* 419 */ + {0x67, 0, 1, 0, "" }, /* 420 */ + { 0x81, 0, 1, 1, "" }, /* 421 */ + { 0x05, 0, 1, 2, "" }, /* 422 */ + { 0x02, 0, 1, 3, "tcg-attribute" }, /* 423 */ + { 0x01, 425, 0, 4, "tcg-at-tpmManufacturer" }, /* 424 */ + { 0x02, 426, 0, 4, "tcg-at-tpmModel" }, /* 425 */ + { 0x03, 427, 0, 4, "tcg-at-tpmVersion" }, /* 426 */ + { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 427 */ }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index 236c86737..14f774adb 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -69,170 +69,170 @@ extern const oid_t oid_names[]; #define OID_MD5_WITH_RSA 92 #define OID_SHA1_WITH_RSA 93 #define OID_RSAES_OAEP 94 -#define OID_SHA256_WITH_RSA 96 -#define OID_SHA384_WITH_RSA 97 -#define OID_SHA512_WITH_RSA 98 -#define OID_SHA224_WITH_RSA 99 -#define OID_PBE_MD5_DES_CBC 101 -#define OID_PBE_SHA1_DES_CBC 102 -#define OID_PBKDF2 103 -#define OID_PBES2 104 -#define OID_PKCS7_DATA 106 -#define OID_PKCS7_SIGNED_DATA 107 -#define OID_PKCS7_ENVELOPED_DATA 108 -#define OID_PKCS7_SIGNED_ENVELOPED_DATA 109 -#define OID_PKCS7_DIGESTED_DATA 110 -#define OID_PKCS7_ENCRYPTED_DATA 111 -#define OID_EMAIL_ADDRESS 113 -#define OID_UNSTRUCTURED_NAME 114 -#define OID_PKCS9_CONTENT_TYPE 115 -#define OID_PKCS9_MESSAGE_DIGEST 116 -#define OID_PKCS9_SIGNING_TIME 117 -#define OID_CHALLENGE_PASSWORD 119 -#define OID_UNSTRUCTURED_ADDRESS 120 -#define OID_EXTENSION_REQUEST 121 -#define OID_X509_CERTIFICATE 124 -#define OID_PBE_SHA1_RC4_128 128 -#define OID_PBE_SHA1_RC4_40 129 -#define OID_PBE_SHA1_3DES_CBC 130 -#define OID_PBE_SHA1_3DES_2KEY_CBC 131 -#define OID_PBE_SHA1_RC2_CBC_128 132 -#define OID_PBE_SHA1_RC2_CBC_40 133 -#define OID_P12_KEY_BAG 136 -#define OID_P12_PKCS8_KEY_BAG 137 -#define OID_P12_CERT_BAG 138 -#define OID_P12_CRL_BAG 139 -#define OID_MD2 143 -#define OID_MD5 144 -#define OID_3DES_EDE_CBC 146 -#define OID_EC_PUBLICKEY 150 -#define OID_C2PNB163V1 153 -#define OID_C2PNB163V2 154 -#define OID_C2PNB163V3 155 -#define OID_C2PNB176W1 156 -#define OID_C2PNB191V1 157 -#define OID_C2PNB191V2 158 -#define OID_C2PNB191V3 159 -#define OID_C2PNB191V4 160 -#define OID_C2PNB191V5 161 -#define OID_C2PNB208W1 162 -#define OID_C2PNB239V1 163 -#define OID_C2PNB239V2 164 -#define OID_C2PNB239V3 165 -#define OID_C2PNB239V4 166 -#define OID_C2PNB239V5 167 -#define OID_C2PNB272W1 168 -#define OID_C2PNB304W1 169 -#define OID_C2PNB359V1 170 -#define OID_C2PNB368W1 171 -#define OID_C2PNB431R1 172 -#define OID_PRIME192V1 174 -#define OID_PRIME192V2 175 -#define OID_PRIME192V3 176 -#define OID_PRIME239V1 177 -#define OID_PRIME239V2 178 -#define OID_PRIME239V3 179 -#define OID_PRIME256V1 180 -#define OID_ECDSA_WITH_SHA1 182 -#define OID_ECDSA_WITH_SHA224 184 -#define OID_ECDSA_WITH_SHA256 185 -#define OID_ECDSA_WITH_SHA384 186 -#define OID_ECDSA_WITH_SHA512 187 -#define OID_USER_PRINCIPAL_NAME 202 -#define OID_STRONGSWAN 205 -#define OID_TCGID 212 -#define OID_AUTHORITY_INFO_ACCESS 217 -#define OID_IP_ADDR_BLOCKS 219 -#define OID_POLICY_QUALIFIER_CPS 221 -#define OID_POLICY_QUALIFIER_UNOTICE 222 -#define OID_SERVER_AUTH 224 -#define OID_CLIENT_AUTH 225 -#define OID_OCSP_SIGNING 232 -#define OID_XMPP_ADDR 238 -#define OID_AUTHENTICATION_INFO 242 -#define OID_ACCESS_IDENTITY 243 -#define OID_CHARGING_IDENTITY 244 -#define OID_GROUP 245 -#define OID_OCSP 248 -#define OID_BASIC 249 -#define OID_NONCE 250 -#define OID_CRL 251 -#define OID_RESPONSE 252 -#define OID_NO_CHECK 253 -#define OID_ARCHIVE_CUTOFF 254 -#define OID_SERVICE_LOCATOR 255 -#define OID_CA_ISSUERS 256 -#define OID_IKE_INTERMEDIATE 261 -#define OID_DES_CBC 265 -#define OID_SHA1 266 -#define OID_SHA1_WITH_RSA_OIW 267 -#define OID_ECGDSA_PUBKEY 286 -#define OID_ECGDSA_SIG_WITH_RIPEMD160 289 -#define OID_ECGDSA_SIG_WITH_SHA1 290 -#define OID_ECGDSA_SIG_WITH_SHA224 291 -#define OID_ECGDSA_SIG_WITH_SHA256 292 -#define OID_ECGDSA_SIG_WITH_SHA384 293 -#define OID_ECGDSA_SIG_WITH_SHA512 294 -#define OID_SECT163K1 317 -#define OID_SECT163R1 318 -#define OID_SECT239K1 319 -#define OID_SECT113R1 320 -#define OID_SECT113R2 321 -#define OID_SECT112R1 322 -#define OID_SECT112R2 323 -#define OID_SECT160R1 324 -#define OID_SECT160K1 325 -#define OID_SECT256K1 326 -#define OID_SECT163R2 327 -#define OID_SECT283K1 328 -#define OID_SECT283R1 329 -#define OID_SECT131R1 330 -#define OID_SECT131R2 331 -#define OID_SECT193R1 332 -#define OID_SECT193R2 333 -#define OID_SECT233K1 334 -#define OID_SECT233R1 335 -#define OID_SECT128R1 336 -#define OID_SECT128R2 337 -#define OID_SECT160R2 338 -#define OID_SECT192K1 339 -#define OID_SECT224K1 340 -#define OID_SECT224R1 341 -#define OID_SECT384R1 342 -#define OID_SECT521R1 343 -#define OID_SECT409K1 344 -#define OID_SECT409R1 345 -#define OID_SECT571K1 346 -#define OID_SECT571R1 347 -#define OID_AES128_CBC 356 -#define OID_AES128_GCM 357 -#define OID_AES128_CCM 358 -#define OID_AES192_CBC 359 -#define OID_AES192_GCM 360 -#define OID_AES192_CCM 361 -#define OID_AES256_CBC 362 -#define OID_AES256_GCM 363 -#define OID_AES256_CCM 364 -#define OID_SHA256 366 -#define OID_SHA384 367 -#define OID_SHA512 368 -#define OID_SHA224 369 -#define OID_NS_REVOCATION_URL 377 -#define OID_NS_CA_REVOCATION_URL 378 -#define OID_NS_CA_POLICY_URL 379 -#define OID_NS_COMMENT 380 -#define OID_EMPLOYEE_NUMBER 383 -#define OID_PKI_MESSAGE_TYPE 389 -#define OID_PKI_STATUS 390 -#define OID_PKI_FAIL_INFO 391 -#define OID_PKI_SENDER_NONCE 392 -#define OID_PKI_RECIPIENT_NONCE 393 -#define OID_PKI_TRANS_ID 394 -#define OID_TPM_MANUFACTURER 400 -#define OID_TPM_MODEL 401 -#define OID_TPM_VERSION 402 -#define OID_TPM_ID_LABEL 403 +#define OID_SHA256_WITH_RSA 97 +#define OID_SHA384_WITH_RSA 98 +#define OID_SHA512_WITH_RSA 99 +#define OID_SHA224_WITH_RSA 100 +#define OID_PBE_MD5_DES_CBC 102 +#define OID_PBE_SHA1_DES_CBC 103 +#define OID_PBKDF2 104 +#define OID_PBES2 105 +#define OID_PKCS7_DATA 107 +#define OID_PKCS7_SIGNED_DATA 108 +#define OID_PKCS7_ENVELOPED_DATA 109 +#define OID_PKCS7_SIGNED_ENVELOPED_DATA 110 +#define OID_PKCS7_DIGESTED_DATA 111 +#define OID_PKCS7_ENCRYPTED_DATA 112 +#define OID_EMAIL_ADDRESS 114 +#define OID_UNSTRUCTURED_NAME 115 +#define OID_PKCS9_CONTENT_TYPE 116 +#define OID_PKCS9_MESSAGE_DIGEST 117 +#define OID_PKCS9_SIGNING_TIME 118 +#define OID_CHALLENGE_PASSWORD 120 +#define OID_UNSTRUCTURED_ADDRESS 121 +#define OID_EXTENSION_REQUEST 122 +#define OID_X509_CERTIFICATE 125 +#define OID_PBE_SHA1_RC4_128 129 +#define OID_PBE_SHA1_RC4_40 130 +#define OID_PBE_SHA1_3DES_CBC 131 +#define OID_PBE_SHA1_3DES_2KEY_CBC 132 +#define OID_PBE_SHA1_RC2_CBC_128 133 +#define OID_PBE_SHA1_RC2_CBC_40 134 +#define OID_P12_KEY_BAG 137 +#define OID_P12_PKCS8_KEY_BAG 138 +#define OID_P12_CERT_BAG 139 +#define OID_P12_CRL_BAG 140 +#define OID_MD2 144 +#define OID_MD5 145 +#define OID_3DES_EDE_CBC 147 +#define OID_EC_PUBLICKEY 151 +#define OID_C2PNB163V1 154 +#define OID_C2PNB163V2 155 +#define OID_C2PNB163V3 156 +#define OID_C2PNB176W1 157 +#define OID_C2PNB191V1 158 +#define OID_C2PNB191V2 159 +#define OID_C2PNB191V3 160 +#define OID_C2PNB191V4 161 +#define OID_C2PNB191V5 162 +#define OID_C2PNB208W1 163 +#define OID_C2PNB239V1 164 +#define OID_C2PNB239V2 165 +#define OID_C2PNB239V3 166 +#define OID_C2PNB239V4 167 +#define OID_C2PNB239V5 168 +#define OID_C2PNB272W1 169 +#define OID_C2PNB304W1 170 +#define OID_C2PNB359V1 171 +#define OID_C2PNB368W1 172 +#define OID_C2PNB431R1 173 +#define OID_PRIME192V1 175 +#define OID_PRIME192V2 176 +#define OID_PRIME192V3 177 +#define OID_PRIME239V1 178 +#define OID_PRIME239V2 179 +#define OID_PRIME239V3 180 +#define OID_PRIME256V1 181 +#define OID_ECDSA_WITH_SHA1 183 +#define OID_ECDSA_WITH_SHA224 185 +#define OID_ECDSA_WITH_SHA256 186 +#define OID_ECDSA_WITH_SHA384 187 +#define OID_ECDSA_WITH_SHA512 188 +#define OID_USER_PRINCIPAL_NAME 203 +#define OID_STRONGSWAN 206 +#define OID_TCGID 213 +#define OID_AUTHORITY_INFO_ACCESS 241 +#define OID_IP_ADDR_BLOCKS 243 +#define OID_POLICY_QUALIFIER_CPS 245 +#define OID_POLICY_QUALIFIER_UNOTICE 246 +#define OID_SERVER_AUTH 248 +#define OID_CLIENT_AUTH 249 +#define OID_OCSP_SIGNING 256 +#define OID_XMPP_ADDR 262 +#define OID_AUTHENTICATION_INFO 266 +#define OID_ACCESS_IDENTITY 267 +#define OID_CHARGING_IDENTITY 268 +#define OID_GROUP 269 +#define OID_OCSP 272 +#define OID_BASIC 273 +#define OID_NONCE 274 +#define OID_CRL 275 +#define OID_RESPONSE 276 +#define OID_NO_CHECK 277 +#define OID_ARCHIVE_CUTOFF 278 +#define OID_SERVICE_LOCATOR 279 +#define OID_CA_ISSUERS 280 +#define OID_IKE_INTERMEDIATE 285 +#define OID_DES_CBC 289 +#define OID_SHA1 290 +#define OID_SHA1_WITH_RSA_OIW 291 +#define OID_ECGDSA_PUBKEY 310 +#define OID_ECGDSA_SIG_WITH_RIPEMD160 313 +#define OID_ECGDSA_SIG_WITH_SHA1 314 +#define OID_ECGDSA_SIG_WITH_SHA224 315 +#define OID_ECGDSA_SIG_WITH_SHA256 316 +#define OID_ECGDSA_SIG_WITH_SHA384 317 +#define OID_ECGDSA_SIG_WITH_SHA512 318 +#define OID_SECT163K1 341 +#define OID_SECT163R1 342 +#define OID_SECT239K1 343 +#define OID_SECT113R1 344 +#define OID_SECT113R2 345 +#define OID_SECT112R1 346 +#define OID_SECT112R2 347 +#define OID_SECT160R1 348 +#define OID_SECT160K1 349 +#define OID_SECT256K1 350 +#define OID_SECT163R2 351 +#define OID_SECT283K1 352 +#define OID_SECT283R1 353 +#define OID_SECT131R1 354 +#define OID_SECT131R2 355 +#define OID_SECT193R1 356 +#define OID_SECT193R2 357 +#define OID_SECT233K1 358 +#define OID_SECT233R1 359 +#define OID_SECT128R1 360 +#define OID_SECT128R2 361 +#define OID_SECT160R2 362 +#define OID_SECT192K1 363 +#define OID_SECT224K1 364 +#define OID_SECT224R1 365 +#define OID_SECT384R1 366 +#define OID_SECT521R1 367 +#define OID_SECT409K1 368 +#define OID_SECT409R1 369 +#define OID_SECT571K1 370 +#define OID_SECT571R1 371 +#define OID_AES128_CBC 380 +#define OID_AES128_GCM 381 +#define OID_AES128_CCM 382 +#define OID_AES192_CBC 383 +#define OID_AES192_GCM 384 +#define OID_AES192_CCM 385 +#define OID_AES256_CBC 386 +#define OID_AES256_GCM 387 +#define OID_AES256_CCM 388 +#define OID_SHA256 390 +#define OID_SHA384 391 +#define OID_SHA512 392 +#define OID_SHA224 393 +#define OID_NS_REVOCATION_URL 401 +#define OID_NS_CA_REVOCATION_URL 402 +#define OID_NS_CA_POLICY_URL 403 +#define OID_NS_COMMENT 404 +#define OID_EMPLOYEE_NUMBER 407 +#define OID_PKI_MESSAGE_TYPE 413 +#define OID_PKI_STATUS 414 +#define OID_PKI_FAIL_INFO 415 +#define OID_PKI_SENDER_NONCE 416 +#define OID_PKI_RECIPIENT_NONCE 417 +#define OID_PKI_TRANS_ID 418 +#define OID_TPM_MANUFACTURER 424 +#define OID_TPM_MODEL 425 +#define OID_TPM_VERSION 426 +#define OID_TPM_ID_LABEL 427 -#define OID_MAX 404 +#define OID_MAX 428 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index 740dc5073..c15a1cc2a 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -93,6 +93,7 @@ 0x04 "md5WithRSAEncryption" OID_MD5_WITH_RSA 0x05 "sha-1WithRSAEncryption" OID_SHA1_WITH_RSA 0x07 "id-RSAES-OAEP" OID_RSAES_OAEP + 0x08 "id-mgf1" 0x09 "id-pSpecified" 0x0B "sha256WithRSAEncryption" OID_SHA256_WITH_RSA 0x0C "sha384WithRSAEncryption" OID_SHA384_WITH_RSA @@ -211,6 +212,29 @@ 0x02 "" 0x02 "" 0x4B "TCGID" OID_TCGID + 0xc1 "" + 0x16 "ntruCryptosystems" + 0x01 "eess" + 0x01 "eess1" + 0x01 "eess1-algs" + 0x01 "ntru-EESS1v1-SVES" + 0x02 "ntru-EESS1v1-SVSSA" + 0x03 "ntru-EESS1v1-NTRUSign" + 0x02 "eess1-params" + 0x01 "ees251ep1" + 0x02 "ees347ep1" + 0x03 "ees503ep1" + 0x07 "ees251sp2" + 0x0C "ees251ep4" + 0x0D "ees251ep5" + 0x0E "ees251sp3" + 0x0F "ees251sp4" + 0x10 "ees251sp5" + 0x11 "ees251sp6" + 0x12 "ees251sp7" + 0x13 "ees251sp8" + 0x14 "ees251sp9" + 0x03 "eess1-encodingMethods" 0x05 "security" 0x05 "mechanisms" 0x07 "id-pkix" diff --git a/src/libstrongswan/collections/array.c b/src/libstrongswan/collections/array.c index 387e2a57d..314e8e916 100644 --- a/src/libstrongswan/collections/array.c +++ b/src/libstrongswan/collections/array.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2014 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG * @@ -13,8 +16,15 @@ * for more details. */ +#define _GNU_SOURCE /* for qsort_r() */ +#include <stdlib.h> + #include "array.h" +#ifndef HAVE_QSORT_R +#include <threading/thread_value.h> +#endif + /** * Data is an allocated block, with potentially unused head and tail: * @@ -43,6 +53,11 @@ struct array_t { void *data; }; +#ifndef HAVE_QSORT_R + /* store data to replicate qsort_r in thread local storage */ + static thread_value_t *sort_data; +#endif + /** maximum number of unused head/tail elements before cleanup */ #define ARRAY_MAX_UNUSED 32 @@ -314,7 +329,7 @@ void array_insert(array_t *array, int idx, void *data) } } -bool array_remove(array_t *array, int idx, void *data) +bool array_get(array_t *array, int idx, void *data) { if (!array) { @@ -337,12 +352,25 @@ bool array_remove(array_t *array, int idx, void *data) memcpy(data, array->data + get_size(array, array->head + idx), get_size(array, 1)); } + return TRUE; +} + +bool array_remove(array_t *array, int idx, void *data) +{ + if (!array_get(array, idx, data)) + { + return FALSE; + } if (idx > array_count(array) / 2) { remove_tail(array, idx); } else { + if (idx < 0) + { + idx = array_count(array) - 1; + } remove_head(array, idx); } if (array->head + array->tail > ARRAY_MAX_UNUSED) @@ -352,6 +380,113 @@ bool array_remove(array_t *array, int idx, void *data) return TRUE; } +typedef struct { + /** the array */ + array_t *array; + /** comparison function */ + int (*cmp)(const void*,const void*,void*); + /** optional user arg */ + void *arg; +} sort_data_t; + +#ifdef HAVE_QSORT_R_GNU +static int compare_elements(const void *a, const void *b, void *arg) +#elif defined(HAVE_QSORT_R_BSD) +static int compare_elements(void *arg, const void *a, const void *b) +#else /* !HAVE_QSORT_R */ +static int compare_elements(const void *a, const void *b) +#endif +{ +#ifdef HAVE_QSORT_R + sort_data_t *data = (sort_data_t*)arg; +#else + sort_data_t *data = sort_data->get(sort_data); +#endif + + if (data->array->esize) + { + return data->cmp(a, b, data->arg); + } + return data->cmp(*(void**)a, *(void**)b, data->arg); +} + +void array_sort(array_t *array, int (*cmp)(const void*,const void*,void*), + void *user) +{ + if (array) + { + sort_data_t data = { + .array = array, + .cmp = cmp, + .arg = user, + }; + void *start; + + start = array->data + get_size(array, array->head); + +#ifdef HAVE_QSORT_R_GNU + qsort_r(start, array->count, get_size(array, 1), compare_elements, + &data); +#elif defined(HAVE_QSORT_R_BSD) + qsort_r(start, array->count, get_size(array, 1), &data, + compare_elements); +#else /* !HAVE_QSORT_R */ + sort_data->set(sort_data, &data); + qsort(start, array->count, get_size(array, 1), compare_elements); +#endif + } +} + +typedef struct { + /** the array */ + array_t *array; + /** the key */ + const void *key; + /** comparison function */ + int (*cmp)(const void*,const void*); +} bsearch_data_t; + +static int search_elements(const void *a, const void *b) +{ + bsearch_data_t *data = (bsearch_data_t*)a; + + if (data->array->esize) + { + return data->cmp(data->key, b); + } + return data->cmp(data->key, *(void**)b); +} + +int array_bsearch(array_t *array, const void *key, + int (*cmp)(const void*,const void*), void *out) +{ + int idx = -1; + + if (array) + { + bsearch_data_t data = { + .array = array, + .key = key, + .cmp = cmp, + }; + void *start, *item; + + start = array->data + get_size(array, array->head); + + item = bsearch(&data, start, array->count, get_size(array, 1), + search_elements); + if (item) + { + if (out) + { + memcpy(out, item, get_size(array, 1)); + } + idx = (item - start) / get_size(array, 1); + } + } + return idx; +} + void array_invoke(array_t *array, array_callback_t cb, void *user) { if (array) @@ -414,3 +549,17 @@ void array_destroy_offset(array_t *array, size_t offset) array_invoke_offset(array, offset); array_destroy(array); } + +void arrays_init() +{ +#ifndef HAVE_QSORT_R + sort_data = thread_value_create(NULL); +#endif +} + +void arrays_deinit() +{ +#ifndef HAVE_QSORT_R + sort_data->destroy(sort_data); +#endif +} diff --git a/src/libstrongswan/collections/array.h b/src/libstrongswan/collections/array.h index 0dc7b2250..ce702ebfa 100644 --- a/src/libstrongswan/collections/array.h +++ b/src/libstrongswan/collections/array.h @@ -1,4 +1,7 @@ /* + * Copyright (C) 2014 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG * @@ -87,7 +90,7 @@ void array_compress(array_t *array); * The enumerater enumerates directly over the array element (pass a pointer to * element types), unless the array is pointer based. If zero is passed as * element size during construction, the enumerator enumerates over the - * deferenced pointer values. + * dereferenced pointer values. * * @param array array to create enumerator for, or NULL * @return enumerator, over elements or pointers @@ -140,6 +143,18 @@ void array_insert_create(array_t **array, int idx, void *ptr); void array_insert_enumerator(array_t *array, int idx, enumerator_t *enumerator); /** + * Get an element from the array. + * + * If data is given, the element is copied to that position. + * + * @param array array to get element from, or NULL + * @param idx index of the item to get + * @param data data to copy element to, or NULL + * @return TRUE if idx valid and item returned + */ +bool array_get(array_t *array, int idx, void *data); + +/** * Remove an element from the array. * * If data is given, the element is copied to that position. @@ -152,6 +167,50 @@ void array_insert_enumerator(array_t *array, int idx, enumerator_t *enumerator); bool array_remove(array_t *array, int idx, void *data); /** + * Sort the array. + * + * The comparison function must return an integer less than, equal to, or + * greater than zero if the first argument is considered to be respectively less + * than, equal to, or greater than the second. If two elements compare as + * equal, their order in the sorted array is undefined. + * + * The comparison function receives pointers to the array elements (esize != 0) + * or the actual pointers (esize = 0). The third argument is the user data + * supplied to this function. + * + * @param array array to sort, or NULL + * @param cmp comparison function + * @param user user data to pass to comparison function + */ +void array_sort(array_t *array, int (*cmp)(const void*,const void*,void*), + void *user); + +/** + * Binary search of a sorted array. + * + * The array should be sorted in ascending order according to the given + * comparison function. + * + * The comparison function must return an integer less than, equal to, or + * greater than zero if the first argument (the key) is considered to be + * respectively less than, equal to, or greater than the second. + * + * If there are multiple elements that match the key it is not specified which + * element is returned. + * + * The comparison function receives the key object and a pointer to an array + * element (esize != 0) or an actual pointer (esize = 0). + * + * @param array array to search, or NULL + * @param key key to search for + * @param cmp comparison function + * @param data data to copy element to, or NULL + * @return index of the element if found, -1 if not + */ +int array_bsearch(array_t *array, const void *key, + int (*cmp)(const void*,const void*), void *data); + +/** * Invoke a callback for all array members. * * @param array array to traverse, or NULL @@ -192,4 +251,16 @@ void array_destroy_function(array_t *array, array_callback_t cb, void *user); */ void array_destroy_offset(array_t *array, size_t offset); + +/** + * Required on some platforms to initialize thread local value to implement + * array_sort(). + */ +void arrays_init(); + +/** + * Destroys the thread local value if required. + */ +void arrays_deinit(); + #endif /** ARRAY_H_ @}*/ diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index de19c8d96..3ec0714b6 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -1349,7 +1349,7 @@ credential_manager_t *credential_manager_create() this->local_sets = thread_value_create((thread_cleanup_t)this->sets->destroy); this->exclusive_local_sets = thread_value_create((thread_cleanup_t)this->sets->destroy); - if (lib->settings->get_bool(lib->settings, "libstrongswan.cert_cache", TRUE)) + if (lib->settings->get_bool(lib->settings, "%s.cert_cache", TRUE, lib->ns)) { this->cache = cert_cache_create(); this->sets->insert_first(this->sets, this->cache); diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index edcabfe58..dba3f6f6d 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -967,11 +967,11 @@ crypto_factory_t *crypto_factory_create() .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), .tester = crypto_tester_create(), .test_on_add = lib->settings->get_bool(lib->settings, - "libstrongswan.crypto_test.on_add", FALSE), + "%s.crypto_test.on_add", FALSE, lib->ns), .test_on_create = lib->settings->get_bool(lib->settings, - "libstrongswan.crypto_test.on_create", FALSE), + "%s.crypto_test.on_create", FALSE, lib->ns), .bench = lib->settings->get_bool(lib->settings, - "libstrongswan.crypto_test.bench", FALSE), + "%s.crypto_test.bench", FALSE, lib->ns), ); return &this->public; diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 5a0dccced..30724b16d 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -1207,13 +1207,13 @@ crypto_tester_t *crypto_tester_create() .rng = linked_list_create(), .required = lib->settings->get_bool(lib->settings, - "libstrongswan.crypto_test.required", FALSE), + "%s.crypto_test.required", FALSE, lib->ns), .rng_true = lib->settings->get_bool(lib->settings, - "libstrongswan.crypto_test.rng_true", FALSE), + "%s.crypto_test.rng_true", FALSE, lib->ns), .bench_time = lib->settings->get_int(lib->settings, - "libstrongswan.crypto_test.bench_time", 50), + "%s.crypto_test.bench_time", 50, lib->ns), .bench_size = lib->settings->get_int(lib->settings, - "libstrongswan.crypto_test.bench_size", 1024), + "%s.crypto_test.bench_size", 1024, lib->ns), ); /* enforce a block size of 16, should be fine for all algorithms */ diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c index 3d319d2d4..5c1d08de2 100644 --- a/src/libstrongswan/crypto/diffie_hellman.c +++ b/src/libstrongswan/crypto/diffie_hellman.c @@ -45,7 +45,12 @@ ENUM_NEXT(diffie_hellman_group_names, MODP_1024_160, ECP_512_BP, ECP_521_BIT, ENUM_NEXT(diffie_hellman_group_names, MODP_NULL, MODP_CUSTOM, ECP_512_BP, "MODP_NULL", "MODP_CUSTOM"); -ENUM_END(diffie_hellman_group_names, MODP_CUSTOM); +ENUM_NEXT(diffie_hellman_group_names, NTRU_112_BIT, NTRU_256_BIT, MODP_CUSTOM, + "NTRU_112", + "NTRU_128", + "NTRU_192", + "NTRU_256"); +ENUM_END(diffie_hellman_group_names, NTRU_256_BIT); /** @@ -439,7 +444,7 @@ diffie_hellman_params_t *diffie_hellman_get_params(diffie_hellman_group_t group) { if (!dh_params[i].public.subgroup.len && lib->settings->get_int(lib->settings, - "libstrongswan.dh_exponent_ansi_x9_42", TRUE)) + "%s.dh_exponent_ansi_x9_42", TRUE, lib->ns)) { dh_params[i].public.exp_len = dh_params[i].public.prime.len; } diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h index edf6bbd6d..00d700314 100644 --- a/src/libstrongswan/crypto/diffie_hellman.h +++ b/src/libstrongswan/crypto/diffie_hellman.h @@ -64,6 +64,11 @@ enum diffie_hellman_group_t { MODP_NULL = 1024, /** MODP group with custom generator/prime */ MODP_CUSTOM = 1025, + /** Parameters defined by IEEE 1363.1, in PRIVATE USE */ + NTRU_112_BIT = 1030, + NTRU_128_BIT = 1031, + NTRU_192_BIT = 1032, + NTRU_256_BIT = 1033 }; /** diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c index 4db504eb0..bbb97d088 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c @@ -56,6 +56,11 @@ struct private_proposal_keywords_t { linked_list_t * tokens; /** + * registered algname parsers, as proposal_algname_parser_t + */ + linked_list_t *parsers; + + /** * rwlock to lock access to modules */ rwlock_t *lock; @@ -85,11 +90,46 @@ static const proposal_token_t* find_token(private_proposal_keywords_t *this, return found; } +/** + * Parse the given algorithm into a token with user defined parser functions. + */ +static const proposal_token_t* parse_token(private_proposal_keywords_t *this, + const char *str) +{ + proposal_algname_parser_t parser; + enumerator_t *enumerator; + proposal_token_t *found = NULL; + + this->lock->read_lock(this->lock); + enumerator = this->parsers->create_enumerator(this->parsers); + while (enumerator->enumerate(enumerator, &parser)) + { + found = parser(str); + if (found) + { + break; + } + } + enumerator->destroy(enumerator); + this->lock->unlock(this->lock); + return found; +} + METHOD(proposal_keywords_t, get_token, const proposal_token_t*, private_proposal_keywords_t *this, const char *str) { - const proposal_token_t *token = proposal_get_token_static(str, strlen(str)); - return token ?: find_token(this, str); + const proposal_token_t *token; + + token = proposal_get_token_static(str, strlen(str)); + if (!token) + { + token = find_token(this, str); + } + if (!token) + { + token = parse_token(this, str); + } + return token; } METHOD(proposal_keywords_t, register_token, void, @@ -110,6 +150,14 @@ METHOD(proposal_keywords_t, register_token, void, this->lock->unlock(this->lock); } +METHOD(proposal_keywords_t, register_algname_parser, void, + private_proposal_keywords_t *this, proposal_algname_parser_t parser) +{ + this->lock->write_lock(this->lock); + this->tokens->insert_first(this->parsers, parser); + this->lock->unlock(this->lock); +} + METHOD(proposal_keywords_t, destroy, void, private_proposal_keywords_t *this) { @@ -121,6 +169,7 @@ METHOD(proposal_keywords_t, destroy, void, free(token); } this->tokens->destroy(this->tokens); + this->parsers->destroy(this->parsers); this->lock->destroy(this->lock); free(this); } @@ -136,9 +185,11 @@ proposal_keywords_t *proposal_keywords_create() .public = { .get_token = _get_token, .register_token = _register_token, + .register_algname_parser = _register_algname_parser, .destroy = _destroy, }, .tokens = linked_list_create(), + .parsers = linked_list_create(), .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h index d6107abc0..5cdbafc51 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.h +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h @@ -46,6 +46,8 @@ typedef struct proposal_token_t proposal_token_t; typedef struct proposal_keywords_t proposal_keywords_t; +typedef proposal_token_t*(*proposal_algname_parser_t)(const char *algname); + #include <library.h> #include <crypto/transform.h> @@ -102,6 +104,17 @@ struct proposal_keywords_t { u_int16_t keysize); /** + * Register an algorithm name parser. + * + * It is meant to parse an algorithm name into a proposal token in a + * generic, user defined way. + * + * @param parser a pointer to the parser function + */ + void (*register_algname_parser)(proposal_keywords_t *this, + proposal_algname_parser_t parser); + + /** * Destroy a proposal_keywords_t instance. */ void (*destroy)(proposal_keywords_t *this); diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c index a238f640e..1da1421f4 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c @@ -1,6 +1,6 @@ /* C code produced by gperf version 3.0.4 */ /* Command-line: /usr/bin/gperf -N proposal_get_token_static -m 10 -C -G -c -t -D */ -/* Computed positions: -k'1,5,7,10,15,$' */ +/* Computed positions: -k'1,5-7,10,15,$' */ #if !((' ' == 32) && ('!' == 33) && ('"' == 34) && ('#' == 35) \ && ('%' == 37) && ('&' == 38) && ('\'' == 39) && ('(' == 40) \ @@ -31,8 +31,8 @@ error "gperf generated tables don't work with this execution character set. Plea /* - * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * Copyright (C) 2009-2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil, Switzerland * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -59,12 +59,12 @@ struct proposal_token { u_int16_t keysize; }; -#define TOTAL_KEYWORDS 134 +#define TOTAL_KEYWORDS 138 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 -#define MIN_HASH_VALUE 4 -#define MAX_HASH_VALUE 215 -/* maximum key range = 212, duplicates = 0 */ +#define MIN_HASH_VALUE 20 +#define MAX_HASH_VALUE 295 +/* maximum key range = 276, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -78,34 +78,34 @@ hash (str, len) register const char *str; register unsigned int len; { - static const unsigned char asso_values[] = + static const unsigned short asso_values[] = { - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 0, 4, - 1, 21, 15, 13, 9, 16, 2, 0, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 76, 216, 2, 28, 16, - 0, 39, 112, 42, 31, 0, 216, 216, 0, 9, - 100, 0, 7, 20, 95, 12, 44, 55, 216, 216, - 1, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216, 216, 216, 216, - 216, 216, 216, 216, 216, 216, 216 + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 47, 6, + 15, 8, 64, 24, 12, 14, 7, 5, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 120, 296, 9, 5, 22, + 48, 114, 28, 76, 6, 5, 296, 296, 5, 20, + 7, 14, 82, 7, 81, 98, 10, 86, 296, 296, + 5, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296, 296, 296, 296, + 296, 296, 296, 296, 296, 296, 296 }; register int hval = len; @@ -127,6 +127,8 @@ hash (str, len) hval += asso_values[(unsigned char)str[6]]; /*FALLTHROUGH*/ case 6: + hval += asso_values[(unsigned char)str[5]]; + /*FALLTHROUGH*/ case 5: hval += asso_values[(unsigned char)str[4]]; /*FALLTHROUGH*/ @@ -142,166 +144,178 @@ hash (str, len) static const struct proposal_token wordlist[] = { + {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0}, - {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, - {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, - {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, - {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128}, - {"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, - {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, - {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, - {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, - {"camellia192ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192}, - {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, - {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, - {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, - {"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192}, - {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, - {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, - {"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, - {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256}, - {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, - {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, - {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, + {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0}, + {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, + {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, - {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, - {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, - {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, - {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, - {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, - {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, - {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0}, - {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, - {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, - {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, - {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, + {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0}, + {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, + {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0}, + {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0}, {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, + {"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0}, + {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0}, {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256}, + {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, + {"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0}, + {"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0}, + {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, + {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, + {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, + {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0}, {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, - {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, - {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, - {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, {"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192}, + {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, {"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, - {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, - {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0}, - {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, {"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192}, + {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, - {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0}, + {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, + {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, + {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, + {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, + {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0}, + {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0}, + {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, - {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, - {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, - {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0}, {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, - {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, + {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128}, {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, - {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, - {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, - {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0}, + {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, + {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, + {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, + {"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, + {"camellia192ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192}, + {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, + {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, + {"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192}, + {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0}, + {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, + {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, + {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, + {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, + {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256}, + {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, + {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, + {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, + {"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, + {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, + {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, + {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0}, + {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, + {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, + {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, - {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, - {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, - {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, + {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, {"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, - {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, - {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, + {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, - {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0}, + {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, + {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, + {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, + {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, + {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, + {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, + {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, - {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, - {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, - {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, - {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0}, + {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, + {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, - {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, - {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, - {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, - {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, - {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, - {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0}, + {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0}, + {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0}, + {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, + {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, + {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192}, {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128}, - {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, - {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0}, - {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, - {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0}, - {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, - {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, - {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, - {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, - {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, - {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, - {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, - {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0}, - {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, - {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0}, - {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, - {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, - {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, + {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, + {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, + {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, + {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, + {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, + {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, - {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0}, + {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, + {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0}, + {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, + {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, + {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, + {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, - {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, - {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, - {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, - {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, - {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, - {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, - {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, - {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, - {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, - {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, - {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, + {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, + {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, - {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, - {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, - {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0}, + {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, + {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, + {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, + {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0}, - {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, - {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, - {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, + {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, - {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, - {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, - {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0}, - {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, - {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0} + {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0}, + {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0}, + {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, + {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, + {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, + {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, + {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, + {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, + {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, + {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0}, + {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0} }; static const short lookup[] = { - -1, -1, -1, -1, 0, -1, -1, -1, -1, -1, - 1, -1, 2, -1, 3, 4, -1, -1, -1, 5, - 6, 7, 8, 9, 10, 11, 12, -1, -1, 13, - 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, - 24, 25, 26, 27, 28, -1, -1, -1, -1, 29, - -1, -1, 30, 31, 32, 33, 34, -1, 35, 36, - 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, - 47, 48, 49, 50, 51, 52, 53, 54, -1, 55, - 56, 57, -1, 58, 59, 60, 61, 62, 63, 64, - 65, 66, 67, -1, 68, 69, 70, 71, 72, 73, - 74, 75, 76, 77, -1, 78, 79, 80, 81, 82, - 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, - -1, 93, 94, 95, 96, 97, 98, 99, 100, -1, - -1, -1, 101, 102, 103, 104, -1, 105, 106, 107, - 108, 109, 110, -1, 111, 112, 113, 114, 115, 116, - 117, 118, 119, 120, 121, 122, 123, 124, -1, 125, - -1, 126, -1, -1, -1, -1, -1, -1, 127, -1, - -1, -1, -1, 128, -1, -1, -1, -1, 129, 130, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 131, -1, -1, 132, -1, - -1, -1, -1, -1, -1, 133 + 0, -1, 1, 2, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 3, 4, -1, -1, -1, 5, -1, + 6, 7, -1, -1, -1, -1, 8, -1, 9, 10, + -1, -1, 11, -1, 12, -1, 13, -1, 14, 15, + -1, 16, 17, 18, 19, 20, -1, -1, -1, 21, + 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, + 32, 33, 34, 35, 36, 37, -1, 38, 39, -1, + 40, 41, 42, -1, 43, 44, 45, 46, 47, 48, + -1, 49, 50, 51, -1, 52, 53, 54, 55, 56, + 57, 58, 59, -1, -1, 60, 61, 62, 63, 64, + 65, 66, -1, -1, 67, 68, 69, 70, 71, 72, + 73, 74, 75, 76, 77, 78, 79, 80, -1, 81, + 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, + 92, 93, -1, 94, -1, 95, -1, 96, 97, 98, + 99, 100, -1, 101, -1, 102, 103, 104, -1, 105, + 106, 107, 108, 109, -1, 110, -1, 111, -1, 112, + -1, 113, 114, 115, 116, -1, 117, 118, 119, 120, + 121, -1, -1, -1, 122, -1, -1, 123, -1, -1, + 124, -1, 125, 126, 127, -1, -1, -1, 128, -1, + -1, -1, -1, -1, 129, 130, -1, 131, -1, 132, + -1, -1, -1, -1, 133, -1, -1, -1, -1, 134, + -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 136, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 137 }; #ifdef __GNUC__ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt index c484320ca..70e79157a 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt @@ -1,7 +1,7 @@ %{ /* - * Copyright (C) 2009 Andreas Steffen - * Hochschule fuer Technik Rapperswil, Switzerland + * Copyright (C) 2009-2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil, Switzerland * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -161,5 +161,9 @@ ecp224bp, DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0 ecp256bp, DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0 ecp384bp, DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0 ecp512bp, DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0 +ntru112, DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0 +ntru128, DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0 +ntru192, DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0 +ntru256, DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0 noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0 esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0 diff --git a/src/libstrongswan/fetcher/fetcher_manager.c b/src/libstrongswan/fetcher/fetcher_manager.c index 21cd1aff4..2fad486e0 100644 --- a/src/libstrongswan/fetcher/fetcher_manager.c +++ b/src/libstrongswan/fetcher/fetcher_manager.c @@ -43,7 +43,7 @@ struct private_fetcher_manager_t { }; typedef struct { - /** assocaited fetcher construction function */ + /** associated fetcher construction function */ fetcher_constructor_t create; /** URL this fetcher support */ char *url; diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c index f2fa3e0aa..8472c30a5 100644 --- a/src/libstrongswan/library.c +++ b/src/libstrongswan/library.c @@ -22,6 +22,7 @@ #include <threading/thread.h> #include <utils/identification.h> #include <networking/host.h> +#include <collections/array.h> #include <collections/hashtable.h> #include <utils/backtrace.h> #include <selectors/traffic_selector.h> @@ -61,6 +62,39 @@ struct private_library_t { */ library_t *lib = NULL; +#ifdef LEAK_DETECTIVE +/** + * Default leak report callback + */ +static void report_leaks(void *user, int count, size_t bytes, + backtrace_t *bt, bool detailed) +{ + fprintf(stderr, "%zu bytes total, %d allocations, %zu bytes average:\n", + bytes, count, bytes / count); + bt->log(bt, stderr, detailed); +} + +/** + * Default leak report summary callback + */ +static void sum_leaks(void* user, int count, size_t bytes, int whitelisted) +{ + switch (count) + { + case 0: + fprintf(stderr, "No leaks detected"); + break; + case 1: + fprintf(stderr, "One leak detected"); + break; + default: + fprintf(stderr, "%d leaks detected, %zu bytes", count, bytes); + break; + } + fprintf(stderr, ", %d suppressed by whitelist\n", whitelisted); +} +#endif /* LEAK_DETECTIVE */ + /** * Deinitialize library */ @@ -75,7 +109,7 @@ void library_deinit() } detailed = lib->settings->get_bool(lib->settings, - "libstrongswan.leak_detective.detailed", TRUE); + "%s.leak_detective.detailed", TRUE, lib->ns); /* make sure the cache is clear before unloading plugins */ lib->credmgr->flush_cache(lib->credmgr, CERT_ANY); @@ -109,9 +143,11 @@ void library_deinit() lib->leak_detective->destroy(lib->leak_detective); } + arrays_deinit(); threads_deinit(); backtrace_deinit(); + free((void*)this->public.ns); free(this); lib = NULL; } @@ -201,7 +237,7 @@ static bool check_memwipe() /* * see header file */ -bool library_init(char *settings) +bool library_init(char *settings, const char *namespace) { private_library_t *this; printf_hook_t *pfh; @@ -217,6 +253,7 @@ bool library_init(char *settings) .public = { .get = _get, .set = _set, + .ns = strdup(namespace ?: "libstrongswan"), }, .ref = 1, ); @@ -224,9 +261,12 @@ bool library_init(char *settings) backtrace_init(); threads_init(); + arrays_init(); #ifdef LEAK_DETECTIVE lib->leak_detective = leak_detective_create(); + lib->leak_detective->set_report_cb(lib->leak_detective, + report_leaks, sum_leaks, NULL); #endif /* LEAK_DETECTIVE */ pfh = printf_hook_create(); @@ -256,6 +296,9 @@ bool library_init(char *settings) this->objects = hashtable_create((hashtable_hash_t)hash, (hashtable_equals_t)equals, 4); this->public.settings = settings_create(settings); + /* all namespace settings may fall back to libstrongswan */ + lib->settings->add_fallback(lib->settings, lib->ns, "libstrongswan"); + this->public.hosts = host_resolver_create(); this->public.proposal = proposal_keywords_create(); this->public.caps = capabilities_create(); @@ -278,7 +321,7 @@ bool library_init(char *settings) } if (lib->settings->get_bool(lib->settings, - "libstrongswan.integrity_test", FALSE)) + "%s.integrity_test", FALSE, lib->ns)) { #ifdef INTEGRITY_TEST this->public.integrity = integrity_checker_create(CHECKSUM_LIBRARY); diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h index e53cf09e2..4125328b7 100644 --- a/src/libstrongswan/library.h +++ b/src/libstrongswan/library.h @@ -1,4 +1,5 @@ /* + * Copyright (C) 2010-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -140,6 +141,12 @@ struct library_t { bool (*set)(library_t *this, char *name, void *object); /** + * Namespace used for settings etc. (i.e. the name of the binary that uses + * the library) + */ + const char *ns; + + /** * Printf hook registering facility */ printf_hook_t *printf_hook; @@ -239,12 +246,17 @@ struct library_t { * Initialize library, creates "lib" instance. * * library_init() may be called multiple times in a single process, but each - * caller should call library_deinit() for each call to library_init(). + * caller must call library_deinit() for each call to library_init(). + * + * The settings and namespace arguments are only used on the first call. * * @param settings file to read settings from, may be NULL for default + * @param namespace name of the binary that uses the library, determines + * the first section name when reading config options. + * Defaults to libstrongswan if NULL. * @return FALSE if integrity check failed */ -bool library_init(char *settings); +bool library_init(char *settings, const char *namespace); /** * Deinitialize library, destroys "lib" instance. diff --git a/src/libstrongswan/networking/host_resolver.c b/src/libstrongswan/networking/host_resolver.c index 99a17d17c..10af11a7f 100644 --- a/src/libstrongswan/networking/host_resolver.c +++ b/src/libstrongswan/networking/host_resolver.c @@ -355,11 +355,11 @@ host_resolver_t *host_resolver_create() ); this->min_threads = max(0, lib->settings->get_int(lib->settings, - "libstrongswan.host_resolver.min_threads", - MIN_THREADS_DEFAULT)); + "%s.host_resolver.min_threads", + MIN_THREADS_DEFAULT, lib->ns)); this->max_threads = max(this->min_threads ?: 1, lib->settings->get_int(lib->settings, - "libstrongswan.host_resolver.max_threads", - MAX_THREADS_DEFAULT)); + "%s.host_resolver.max_threads", + MAX_THREADS_DEFAULT, lib->ns)); return &this->public; } diff --git a/src/libstrongswan/networking/streams/stream.c b/src/libstrongswan/networking/streams/stream.c index 8ecb89fc9..f6fec0b4a 100644 --- a/src/libstrongswan/networking/streams/stream.c +++ b/src/libstrongswan/networking/streams/stream.c @@ -159,17 +159,6 @@ METHOD(stream_t, write_all, bool, } /** - * Remove a registered watcher - */ -static void remove_watcher(private_stream_t *this) -{ - if (this->read_cb || this->write_cb) - { - lib->watcher->remove(lib->watcher, this->fd); - } -} - -/** * Watcher callback */ static bool watch(private_stream_t *this, int fd, watcher_event_t event) @@ -228,7 +217,7 @@ static void add_watcher(private_stream_t *this) METHOD(stream_t, on_read, void, private_stream_t *this, stream_cb_t cb, void *data) { - remove_watcher(this); + lib->watcher->remove(lib->watcher, this->fd); this->read_cb = cb; this->read_data = data; @@ -239,7 +228,7 @@ METHOD(stream_t, on_read, void, METHOD(stream_t, on_write, void, private_stream_t *this, stream_cb_t cb, void *data) { - remove_watcher(this); + lib->watcher->remove(lib->watcher, this->fd); this->write_cb = cb; this->write_data = data; @@ -270,7 +259,7 @@ METHOD(stream_t, get_file, FILE*, METHOD(stream_t, destroy, void, private_stream_t *this) { - remove_watcher(this); + lib->watcher->remove(lib->watcher, this->fd); close(this->fd); free(this); } diff --git a/src/libstrongswan/networking/streams/stream.h b/src/libstrongswan/networking/streams/stream.h index 810514da9..3516d9186 100644 --- a/src/libstrongswan/networking/streams/stream.h +++ b/src/libstrongswan/networking/streams/stream.h @@ -39,9 +39,8 @@ typedef stream_t*(*stream_constructor_t)(char *uri); /** * Callback function prototype, called when stream is ready. * - * It is allowed to destroy the stream during the callback, but only if it has - * no other active on_read()/on_write() callback and returns FALSE. It is not - * allowed to to call on_read()/on_write/() during the callback. + * It is not allowed to destroy the stream nor to call on_read()/on_write/() + * during the callback. * * As select() may return even if a read()/write() would actually block, it is * recommended to use the non-blocking calls and handle return values diff --git a/src/libstrongswan/networking/tun_device.c b/src/libstrongswan/networking/tun_device.c index 65268d242..ecefdc233 100644 --- a/src/libstrongswan/networking/tun_device.c +++ b/src/libstrongswan/networking/tun_device.c @@ -27,9 +27,11 @@ #include <unistd.h> #include <net/if.h> +#if !defined(__APPLE__) && !defined(__linux__) && !defined(HAVE_NET_IF_TUN_H) + #include "tun_device.h" -#if !defined(__APPLE__) && !defined(__linux__) && !defined(HAVE_NET_IF_TUN_H) +#include <utils/debug.h> #warning TUN devices are not supported! @@ -46,12 +48,14 @@ tun_device_t *tun_device_create(const char *name_tmpl) #include <netinet/in_var.h> #include <sys/kern_control.h> #elif defined(__linux__) +#include <linux/types.h> #include <linux/if_tun.h> #else #include <net/if_tun.h> #endif -#include <library.h> +#include "tun_device.h" + #include <utils/debug.h> #include <threading/thread.h> diff --git a/src/libstrongswan/networking/tun_device.h b/src/libstrongswan/networking/tun_device.h index 1d330f133..543125beb 100644 --- a/src/libstrongswan/networking/tun_device.h +++ b/src/libstrongswan/networking/tun_device.h @@ -23,7 +23,6 @@ #ifndef TUN_DEVICE_H_ #define TUN_DEVICE_H_ -#include <library.h> #include <networking/host.h> typedef struct tun_device_t tun_device_t; diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 5ae5537ad..9e91e8671 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in index cdecc5b06..4ea1e8f36 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.in +++ b/src/libstrongswan/plugins/af_alg/Makefile.in @@ -219,8 +219,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index b840d0e03..150e8d4d4 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -217,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c index 322ded48c..dc6adc457 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.c +++ b/src/libstrongswan/plugins/agent/agent_plugin.c @@ -63,6 +63,13 @@ plugin_t *agent_plugin_create() { private_agent_plugin_t *this; + /* required to connect to ssh-agent socket */ + if (!lib->caps->keep(lib->caps, CAP_DAC_OVERRIDE)) + { + DBG1(DBG_DMN, "agent plugin requires CAP_DAC_OVERRIDE capability"); + return NULL; + } + INIT(this, .public = { .plugin = { @@ -75,4 +82,3 @@ plugin_t *agent_plugin_create() return &this->public.plugin; } - diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index 8a3fb150a..c2e82a9f1 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -442,4 +442,3 @@ agent_private_key_t *agent_private_key_open(key_type_t type, va_list args) } return &this->public; } - diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index 8b2f7431f..f13a96421 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index 486af34ed..ed3f05681 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in index b8fe6de06..620d8359f 100644 --- a/src/libstrongswan/plugins/cmac/Makefile.in +++ b/src/libstrongswan/plugins/cmac/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in index 1f791208e..060287d1c 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.in +++ b/src/libstrongswan/plugins/constraints/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index 3d4f71176..ff34435a2 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index f6625dd48..a756a0a7e 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index a8cca98da..644f27709 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -80,7 +80,7 @@ static size_t curl_cb(void *ptr, size_t size, size_t nmemb, cb_data_t *data) METHOD(fetcher_t, fetch, status_t, private_curl_fetcher_t *this, char *uri, void *userdata) { - char error[CURL_ERROR_SIZE]; + char error[CURL_ERROR_SIZE], *enc_uri; status_t status; cb_data_t data = { .cb = this->cb, @@ -92,9 +92,14 @@ METHOD(fetcher_t, fetch, status_t, *(chunk_t*)userdata = chunk_empty; } - if (curl_easy_setopt(this->curl, CURLOPT_URL, uri) != CURLE_OK) + /* the URI has to be URL-encoded, we only replace spaces as replacing other + * characters (e.g. '/' or ':') would render the URI invalid */ + enc_uri = strreplace(uri, " ", "%20"); + + if (curl_easy_setopt(this->curl, CURLOPT_URL, enc_uri) != CURLE_OK) { /* URL type not supported by curl */ - return NOT_SUPPORTED; + status = NOT_SUPPORTED; + goto out; } curl_easy_setopt(this->curl, CURLOPT_ERRORBUFFER, error); curl_easy_setopt(this->curl, CURLOPT_FAILONERROR, TRUE); @@ -125,6 +130,12 @@ METHOD(fetcher_t, fetch, status_t, status = FAILED; break; } + +out: + if (enc_uri != uri) + { + free(enc_uri); + } return status; } diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index 81e91bca0..ca79430c9 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index a012700c0..b94b644c0 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index 06d9129c7..3bb540d90 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -217,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index e499ae1a0..7bce3c983 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index 766340548..4ce3cf919 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -219,8 +219,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index 160db042b..44f3f84b1 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -194,8 +194,8 @@ plugin_t *gcrypt_plugin_create() /* we currently do not use secure memory */ gcry_control(GCRYCTL_DISABLE_SECMEM, 0); - if (lib->settings->get_bool(lib->settings, - "libstrongswan.plugins.gcrypt.quick_random", FALSE)) + if (lib->settings->get_bool(lib->settings, "%s.plugins.gcrypt.quick_random", + FALSE, lib->ns)) { gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0); } diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index f12827fd5..73e0645b0 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -216,8 +216,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index f1956a9d2..f5e38fa90 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in index 5f7291ca4..42093e413 100644 --- a/src/libstrongswan/plugins/keychain/Makefile.in +++ b/src/libstrongswan/plugins/keychain/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 35af7034a..7f14fbf8e 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index 812d98628..bdd446cd3 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index 082aebc51..32aac7bfa 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index 2daf01c1d..a35f8051b 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -217,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in index 408848366..25437bdb8 100644 --- a/src/libstrongswan/plugins/nonce/Makefile.in +++ b/src/libstrongswan/plugins/nonce/Makefile.in @@ -216,8 +216,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/ntru/Makefile.am b/src/libstrongswan/plugins/ntru/Makefile.am new file mode 100644 index 000000000..b33cbc8c9 --- /dev/null +++ b/src/libstrongswan/plugins/ntru/Makefile.am @@ -0,0 +1,33 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = \ + -rdynamic @COVERAGE_CFLAGS@ + +if MONOLITHIC +noinst_LTLIBRARIES = libstrongswan-ntru.la +else +plugin_LTLIBRARIES = libstrongswan-ntru.la +endif + +libstrongswan_ntru_la_SOURCES = \ + ntru_plugin.h ntru_plugin.c \ + ntru_drbg.h ntru_drbg.c \ + ntru_ke.h ntru_ke.c \ + ntru_mgf1.h ntru_mgf1.c \ + ntru_poly.h ntru_poly.c \ + ntru_trits.h ntru_trits.c \ + ntru_crypto/ntru_crypto.h \ + ntru_crypto/ntru_crypto_ntru_convert.h \ + ntru_crypto/ntru_crypto_ntru_convert.c \ + ntru_crypto/ntru_crypto_ntru_encrypt.c \ + ntru_crypto/ntru_crypto_ntru_encrypt_key.h \ + ntru_crypto/ntru_crypto_ntru_encrypt_key.c \ + ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h \ + ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c \ + ntru_crypto/ntru_crypto_ntru_poly.h \ + ntru_crypto/ntru_crypto_ntru_poly.c + +libstrongswan_ntru_la_LDFLAGS = -module -avoid-version + + diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in new file mode 100644 index 000000000..af192d203 --- /dev/null +++ b/src/libstrongswan/plugins/ntru/Makefile.in @@ -0,0 +1,812 @@ +# Makefile.in generated by automake 1.13.3 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = src/libstrongswan/plugins/ntru +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(top_srcdir)/depcomp +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(plugindir)" +LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) +libstrongswan_ntru_la_LIBADD = +am__dirstamp = $(am__leading_dot)dirstamp +am_libstrongswan_ntru_la_OBJECTS = ntru_plugin.lo ntru_drbg.lo \ + ntru_ke.lo ntru_mgf1.lo ntru_poly.lo ntru_trits.lo \ + ntru_crypto/ntru_crypto_ntru_convert.lo \ + ntru_crypto/ntru_crypto_ntru_encrypt.lo \ + ntru_crypto/ntru_crypto_ntru_encrypt_key.lo \ + ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.lo \ + ntru_crypto/ntru_crypto_ntru_poly.lo +libstrongswan_ntru_la_OBJECTS = $(am_libstrongswan_ntru_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +libstrongswan_ntru_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_ntru_la_LDFLAGS) \ + $(LDFLAGS) -o $@ +@MONOLITHIC_FALSE@am_libstrongswan_ntru_la_rpath = -rpath $(plugindir) +@MONOLITHIC_TRUE@am_libstrongswan_ntru_la_rpath = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(libstrongswan_ntru_la_SOURCES) +DIST_SOURCES = $(libstrongswan_ntru_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +libdir = @libdir@ +libexecdir = @libexecdir@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +openac_plugins = @openac_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_CFLAGS = \ + -rdynamic @COVERAGE_CFLAGS@ + +@MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-ntru.la +@MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-ntru.la +libstrongswan_ntru_la_SOURCES = \ + ntru_plugin.h ntru_plugin.c \ + ntru_drbg.h ntru_drbg.c \ + ntru_ke.h ntru_ke.c \ + ntru_mgf1.h ntru_mgf1.c \ + ntru_poly.h ntru_poly.c \ + ntru_trits.h ntru_trits.c \ + ntru_crypto/ntru_crypto.h \ + ntru_crypto/ntru_crypto_ntru_convert.h \ + ntru_crypto/ntru_crypto_ntru_convert.c \ + ntru_crypto/ntru_crypto_ntru_encrypt.c \ + ntru_crypto/ntru_crypto_ntru_encrypt_key.h \ + ntru_crypto/ntru_crypto_ntru_encrypt_key.c \ + ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h \ + ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c \ + ntru_crypto/ntru_crypto_ntru_poly.h \ + ntru_crypto/ntru_crypto_ntru_poly.c + +libstrongswan_ntru_la_LDFLAGS = -module -avoid-version +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ntru/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libstrongswan/plugins/ntru/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(plugindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(plugindir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } + +uninstall-pluginLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ + done + +clean-pluginLTLIBRARIES: + -test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES) + @list='$(plugin_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +ntru_crypto/$(am__dirstamp): + @$(MKDIR_P) ntru_crypto + @: > ntru_crypto/$(am__dirstamp) +ntru_crypto/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ntru_crypto/$(DEPDIR) + @: > ntru_crypto/$(DEPDIR)/$(am__dirstamp) +ntru_crypto/ntru_crypto_ntru_convert.lo: ntru_crypto/$(am__dirstamp) \ + ntru_crypto/$(DEPDIR)/$(am__dirstamp) +ntru_crypto/ntru_crypto_ntru_encrypt.lo: ntru_crypto/$(am__dirstamp) \ + ntru_crypto/$(DEPDIR)/$(am__dirstamp) +ntru_crypto/ntru_crypto_ntru_encrypt_key.lo: \ + ntru_crypto/$(am__dirstamp) \ + ntru_crypto/$(DEPDIR)/$(am__dirstamp) +ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.lo: \ + ntru_crypto/$(am__dirstamp) \ + ntru_crypto/$(DEPDIR)/$(am__dirstamp) +ntru_crypto/ntru_crypto_ntru_poly.lo: ntru_crypto/$(am__dirstamp) \ + ntru_crypto/$(DEPDIR)/$(am__dirstamp) + +libstrongswan-ntru.la: $(libstrongswan_ntru_la_OBJECTS) $(libstrongswan_ntru_la_DEPENDENCIES) $(EXTRA_libstrongswan_ntru_la_DEPENDENCIES) + $(AM_V_CCLD)$(libstrongswan_ntru_la_LINK) $(am_libstrongswan_ntru_la_rpath) $(libstrongswan_ntru_la_OBJECTS) $(libstrongswan_ntru_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + -rm -f ntru_crypto/*.$(OBJEXT) + -rm -f ntru_crypto/*.lo + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_drbg.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_ke.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_mgf1.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_plugin.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_poly.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ntru_trits.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_convert.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_encrypt.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_encrypt_key.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_encrypt_param_sets.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@ntru_crypto/$(DEPDIR)/ntru_crypto_ntru_poly.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + -rm -rf ntru_crypto/.libs ntru_crypto/_libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(plugindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f ntru_crypto/$(DEPDIR)/$(am__dirstamp) + -rm -f ntru_crypto/$(am__dirstamp) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-pluginLTLIBRARIES mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) ntru_crypto/$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-pluginLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) ntru_crypto/$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-pluginLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-libtool clean-noinstLTLIBRARIES clean-pluginLTLIBRARIES \ + cscopelist-am ctags ctags-am distclean distclean-compile \ + distclean-generic distclean-libtool distclean-tags distdir dvi \ + dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pluginLTLIBRARIES install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ + uninstall-am uninstall-pluginLTLIBRARIES + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto.h new file mode 100644 index 000000000..72f47035e --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto.h @@ -0,0 +1,235 @@ +/****************************************************************************** + * NTRU Cryptography Reference Source Code + * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. + * + * ntru_crypto.h is a component of ntru-crypto. + * + * Copyright (C) 2009-2013 Security Innovation + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + *****************************************************************************/ + + +/****************************************************************************** + * + * File: ntru_crypto.h + * + * Contents: Public header file for NTRUEncrypt. + * + *****************************************************************************/ + +#ifndef NTRU_CRYPTO_H +#define NTRU_CRYPTO_H + +#include <library.h> + +#include "ntru_drbg.h" + +#if !defined( NTRUCALL ) + #if !defined(WIN32) || defined (NTRUCRYPTO_STATIC) + // Linux, or a Win32 static library + #define NTRUCALL extern uint32_t + #elif defined (NTRUCRYPTO_EXPORTS) + // Win32 DLL build + #define NTRUCALL extern __declspec(dllexport) uint32_t + #else + // Win32 DLL import + #define NTRUCALL extern __declspec(dllimport) uint32_t + #endif +#endif /* NTRUCALL */ + +/* parameter set ID list */ + +typedef enum _NTRU_ENCRYPT_PARAM_SET_ID { + NTRU_EES401EP1, + NTRU_EES449EP1, + NTRU_EES677EP1, + NTRU_EES1087EP2, + NTRU_EES541EP1, + NTRU_EES613EP1, + NTRU_EES887EP1, + NTRU_EES1171EP1, + NTRU_EES659EP1, + NTRU_EES761EP1, + NTRU_EES1087EP1, + NTRU_EES1499EP1, + NTRU_EES401EP2, + NTRU_EES439EP1, + NTRU_EES593EP1, + NTRU_EES743EP1, +} NTRU_ENCRYPT_PARAM_SET_ID; + + +/* error codes */ + +#define NTRU_OK 0 +#define NTRU_FAIL 1 +#define NTRU_BAD_PARAMETER 2 +#define NTRU_BAD_LENGTH 3 +#define NTRU_BUFFER_TOO_SMALL 4 +#define NTRU_INVALID_PARAMETER_SET 5 +#define NTRU_BAD_PUBLIC_KEY 6 +#define NTRU_BAD_PRIVATE_KEY 7 +#define NTRU_OUT_OF_MEMORY 8 +#define NTRU_BAD_ENCODING 9 +#define NTRU_OID_NOT_RECOGNIZED 10 +#define NTRU_DRBG_FAIL 11 +#define NTRU_MGF1_FAIL 12 + +/* function declarations */ + +/* ntru_crypto_ntru_encrypt + * + * Implements NTRU encryption (SVES) for the parameter set specified in + * the public key blob. + * + * Before invoking this function, a DRBG must be instantiated using + * ntru_crypto_drbg_instantiate() to obtain a DRBG handle, and in that + * instantiation the requested security strength must be at least as large + * as the security strength of the NTRU parameter set being used. + * Failure to instantiate the DRBG with the proper security strength will + * result in this function returning DRBG_ERROR_BASE + DRBG_BAD_LENGTH. + * + * The required minimum size of the output ciphertext buffer (ct) may be + * queried by invoking this function with ct = NULL. In this case, no + * encryption is performed, NTRU_OK is returned, and the required minimum + * size for ct is returned in ct_len. + * + * When ct != NULL, at invocation *ct_len must be the size of the ct buffer. + * Upon return it is the actual size of the ciphertext. + * + * Returns NTRU_OK if successful. + * Returns NTRU_DRBG_FAIL if the DRBG handle is invalid. + * Returns NTRU_BAD_PARAMETER if an argument pointer (other than ct) is NULL. + * Returns NTRU_BAD_LENGTH if a length argument (pubkey_blob_len or pt_len) is + * zero, or if pt_len exceeds the maximum plaintext length for the parameter set. + * Returns NTRU_BAD_PUBLIC_KEY if the public-key blob is invalid + * (unknown format, corrupt, bad length). + * Returns NTRU_BUFFER_TOO_SMALL if the ciphertext buffer is too small. + * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap. + */ + +NTRUCALL +ntru_crypto_ntru_encrypt( + ntru_drbg_t *drbg , /* in - handle for DRBG */ + uint16_t pubkey_blob_len, /* in - no. of octets in public key + blob */ + uint8_t const *pubkey_blob, /* in - pointer to public key */ + uint16_t pt_len, /* in - no. of octets in plaintext */ + uint8_t const *pt, /* in - pointer to plaintext */ + uint16_t *ct_len, /* in/out - no. of octets in ct, addr for + no. of octets in ciphertext */ + uint8_t *ct); /* out - address for ciphertext */ + + +/* ntru_crypto_ntru_decrypt + * + * Implements NTRU decryption (SVES) for the parameter set specified in + * the private key blob. + * + * The maximum size of the output plaintext may be queried by invoking + * this function with pt = NULL. In this case, no decryption is performed, + * NTRU_OK is returned, and the maximum size the plaintext could be is + * returned in pt_len. + * Note that until the decryption is performed successfully, the actual size + * of the resulting plaintext cannot be known. + * + * When pt != NULL, at invocation *pt_len must be the size of the pt buffer. + * Upon return it is the actual size of the plaintext. + * + * Returns NTRU_OK if successful. + * Returns NTRU_BAD_PARAMETER if an argument pointer (other than pt) is NULL. + * Returns NTRU_BAD_LENGTH if a length argument (privkey_blob) is zero, or if + * ct_len is invalid for the parameter set. + * Returns NTRU_BAD_PRIVATE_KEY if the private-key blob is invalid + * (unknown format, corrupt, bad length). + * Returns NTRU_BUFFER_TOO_SMALL if the plaintext buffer is too small. + * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap. + * Returns NTRU_FAIL if a decryption error occurs. + */ + +NTRUCALL +ntru_crypto_ntru_decrypt( + uint16_t privkey_blob_len, /* in - no. of octets in private key + blob */ + uint8_t const *privkey_blob, /* in - pointer to private key */ + uint16_t ct_len, /* in - no. of octets in ciphertext */ + uint8_t const *ct, /* in - pointer to ciphertext */ + uint16_t *pt_len, /* in/out - no. of octets in pt, addr for + no. of octets in plaintext */ + uint8_t *pt); /* out - address for plaintext */ + + +/* ntru_crypto_ntru_encrypt_keygen + * + * Implements key generation for NTRUEncrypt for the parameter set specified. + * + * Before invoking this function, a DRBG must be instantiated using + * ntru_crypto_drbg_instantiate() to obtain a DRBG handle, and in that + * instantiation the requested security strength must be at least as large + * as the security strength of the NTRU parameter set being used. + * Failure to instantiate the DRBG with the proper security strength will + * result in this function returning NTRU_DRBG_FAIL. + * + * The required minimum size of the output public-key buffer (pubkey_blob) + * may be queried by invoking this function with pubkey_blob = NULL. + * In this case, no key generation is performed, NTRU_OK is returned, and + * the required minimum size for pubkey_blob is returned in pubkey_blob_len. + * + * The required minimum size of the output private-key buffer (privkey_blob) + * may be queried by invoking this function with privkey_blob = NULL. + * In this case, no key generation is performed, NTRU_OK is returned, and + * the required minimum size for privkey_blob is returned in privkey_blob_len. + * + * The required minimum sizes of both pubkey_blob and privkey_blob may be + * queried as described above, in a single invocation of this function. + * + * When pubkey_blob != NULL and privkey_blob != NULL, at invocation + * *pubkey_blob_len must be the size of the pubkey_blob buffer and + * *privkey_blob_len must be the size of the privkey_blob buffer. + * Upon return, *pubkey_blob_len is the actual size of the public-key blob + * and *privkey_blob_len is the actual size of the private-key blob. + * + * Returns NTRU_OK if successful. + * Returns NTRU_BAD_PARAMETER if an argument pointer (other than pubkey_blob + * or privkey_blob) is NULL. + * Returns NTRU_INVALID_PARAMETER_SET if the parameter-set ID is invalid. + * Returns NTRU_BAD_LENGTH if a length argument is invalid. + * Returns NTRU_BUFFER_TOO_SMALL if either the pubkey_blob buffer or the + * privkey_blob buffer is too small. + * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap. + * Returns NTRU_FAIL if the polynomial generated for f is not invertible in + * (Z/qZ)[X]/(X^N - 1), which is extremely unlikely. + * Should this occur, this function should simply be invoked again. + */ + +NTRUCALL +ntru_crypto_ntru_encrypt_keygen( + ntru_drbg_t *drbg, /* in - handle of DRBG */ + NTRU_ENCRYPT_PARAM_SET_ID param_set_id, /* in - parameter set ID */ + uint16_t *pubkey_blob_len, /* in/out - no. of octets in + pubkey_blob, addr + for no. of octets + in pubkey_blob */ + uint8_t *pubkey_blob, /* out - address for + public key blob */ + uint16_t *privkey_blob_len, /* in/out - no. of octets in + privkey_blob, addr + for no. of octets + in privkey_blob */ + uint8_t *privkey_blob); /* out - address for + private key blob */ +#endif /* NTRU_CRYPTO_H */ diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.c new file mode 100644 index 000000000..3d6dfde41 --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.c @@ -0,0 +1,581 @@ +/****************************************************************************** + * NTRU Cryptography Reference Source Code + * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. + * + * ntru_crypto_ntru_convert.c is a component of ntru-crypto. + * + * Copyright (C) 2009-2013 Security Innovation + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + *****************************************************************************/ + +/****************************************************************************** + * + * File: ntru_crypto_ntru_convert.c + * + * Contents: Conversion routines for NTRUEncrypt, including packing, unpacking, + * and others. + * + *****************************************************************************/ + +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include "ntru_crypto_ntru_convert.h" + + +/* 3-bit to 2-trit conversion tables: 2 represents -1 */ + +static uint8_t const bits_2_trit1[] = {0, 0, 0, 1, 1, 1, 2, 2}; +static uint8_t const bits_2_trit2[] = {0, 1, 2, 0, 1, 2, 0, 1}; + + +/* ntru_bits_2_trits + * + * Each 3 bits in an array of octets is converted to 2 trits in an array + * of trits. + * + * The octet array may overlap the end of the trit array. + */ + +void +ntru_bits_2_trits( + uint8_t const *octets, /* in - pointer to array of octets */ + uint16_t num_trits, /* in - number of trits to produce */ + uint8_t *trits) /* out - address for array of trits */ +{ + uint32_t bits24; + uint32_t bits3; + uint32_t shift; + + assert(octets); + assert(trits); + + while (num_trits >= 16) { + + /* get next three octets */ + + bits24 = ((uint32_t)(*octets++)) << 16; + bits24 |= ((uint32_t)(*octets++)) << 8; + bits24 |= (uint32_t)(*octets++); + + /* for each 3 bits in the three octets, output 2 trits */ + + bits3 = (bits24 >> 21) & 0x7; + *trits++ = bits_2_trit1[bits3]; + *trits++ = bits_2_trit2[bits3]; + + bits3 = (bits24 >> 18) & 0x7; + *trits++ = bits_2_trit1[bits3]; + *trits++ = bits_2_trit2[bits3]; + + bits3 = (bits24 >> 15) & 0x7; + *trits++ = bits_2_trit1[bits3]; + *trits++ = bits_2_trit2[bits3]; + + bits3 = (bits24 >> 12) & 0x7; + *trits++ = bits_2_trit1[bits3]; + *trits++ = bits_2_trit2[bits3]; + + bits3 = (bits24 >> 9) & 0x7; + *trits++ = bits_2_trit1[bits3]; + *trits++ = bits_2_trit2[bits3]; + + bits3 = (bits24 >> 6) & 0x7; + *trits++ = bits_2_trit1[bits3]; + *trits++ = bits_2_trit2[bits3]; + + bits3 = (bits24 >> 3) & 0x7; + *trits++ = bits_2_trit1[bits3]; + *trits++ = bits_2_trit2[bits3]; + + bits3 = bits24 & 0x7; + *trits++ = bits_2_trit1[bits3]; + *trits++ = bits_2_trit2[bits3]; + + num_trits -= 16; + } + if (num_trits == 0) + return; + + /* get three octets */ + + bits24 = ((uint32_t)(*octets++)) << 16; + bits24 |= ((uint32_t)(*octets++)) << 8; + bits24 |= (uint32_t)(*octets++); + + shift = 21; + while (num_trits) { + + /* for each 3 bits in the three octets, output up to 2 trits + * until all trits needed are produced + */ + + bits3 = (bits24 >> shift) & 0x7; + shift -= 3; + *trits++ = bits_2_trit1[bits3]; + if (--num_trits) { + *trits++ = bits_2_trit2[bits3]; + --num_trits; + } + } +} + + +/* ntru_trits_2_bits + * + * Each 2 trits in an array of trits is converted to 3 bits, and the bits + * are packed in an array of octets. A multiple of 3 octets is output. + * Any bits in the final octets not derived from trits are zero. + * + * Returns TRUE if all trits were valid. + * Returns FALSE if invalid trits were found. + */ + +bool +ntru_trits_2_bits( + uint8_t const *trits, /* in - pointer to array of trits */ + uint32_t num_trits, /* in - number of trits to convert */ + uint8_t *octets) /* out - address for array of octets */ +{ + bool all_trits_valid = TRUE; + uint32_t bits24; + uint32_t bits3; + uint32_t shift; + + assert(octets); + assert(trits); + + while (num_trits >= 16) { + + /* convert each 2 trits to 3 bits and pack */ + + bits3 = *trits++ * 3; + bits3 += *trits++; + if (bits3 > 7) { + bits3 = 7; + all_trits_valid = FALSE; + } + bits24 = (bits3 << 21); + + bits3 = *trits++ * 3; + bits3 += *trits++; + if (bits3 > 7) { + bits3 = 7; + all_trits_valid = FALSE; + } + bits24 |= (bits3 << 18); + + bits3 = *trits++ * 3; + bits3 += *trits++; + if (bits3 > 7) { + bits3 = 7; + all_trits_valid = FALSE; + } + bits24 |= (bits3 << 15); + + bits3 = *trits++ * 3; + bits3 += *trits++; + if (bits3 > 7) { + bits3 = 7; + all_trits_valid = FALSE; + } + bits24 |= (bits3 << 12); + + bits3 = *trits++ * 3; + bits3 += *trits++; + if (bits3 > 7) { + bits3 = 7; + all_trits_valid = FALSE; + } + bits24 |= (bits3 << 9); + + bits3 = *trits++ * 3; + bits3 += *trits++; + if (bits3 > 7) { + bits3 = 7; + all_trits_valid = FALSE; + } + bits24 |= (bits3 << 6); + + bits3 = *trits++ * 3; + bits3 += *trits++; + if (bits3 > 7) { + bits3 = 7; + all_trits_valid = FALSE; + } + bits24 |= (bits3 << 3); + + bits3 = *trits++ * 3; + bits3 += *trits++; + if (bits3 > 7) { + bits3 = 7; + all_trits_valid = FALSE; + } + bits24 |= bits3; + + num_trits -= 16; + + /* output three octets */ + + *octets++ = (uint8_t)((bits24 >> 16) & 0xff); + *octets++ = (uint8_t)((bits24 >> 8) & 0xff); + *octets++ = (uint8_t)(bits24 & 0xff); + } + + bits24 = 0; + shift = 21; + while (num_trits) { + + /* convert each 2 trits to 3 bits and pack */ + + bits3 = *trits++ * 3; + if (--num_trits) { + bits3 += *trits++; + --num_trits; + } + if (bits3 > 7) { + bits3 = 7; + all_trits_valid = FALSE; + } + bits24 |= (bits3 << shift); + shift -= 3; + } + + /* output three octets */ + + *octets++ = (uint8_t)((bits24 >> 16) & 0xff); + *octets++ = (uint8_t)((bits24 >> 8) & 0xff); + *octets++ = (uint8_t)(bits24 & 0xff); + + return all_trits_valid; +} + + +/* ntru_coeffs_mod4_2_octets + * + * Takes an array of ring element coefficients mod 4 and packs the + * results into an octet string. + */ + +void +ntru_coeffs_mod4_2_octets( + uint16_t num_coeffs, /* in - number of coefficients */ + uint16_t const *coeffs, /* in - pointer to coefficients */ + uint8_t *octets) /* out - address for octets */ +{ + uint8_t bits2; + int shift; + uint16_t i; + + assert(coeffs); + assert(octets); + + *octets = 0; + shift = 6; + for (i = 0; i < num_coeffs; i++) { + bits2 = (uint8_t)(coeffs[i] & 0x3); + *octets |= bits2 << shift; + shift -= 2; + if (shift < 0) { + ++octets; + *octets = 0; + shift = 6; + } + } +} + + +/* ntru_trits_2_octet + * + * Packs 5 trits in an octet, where a trit is 0, 1, or 2 (-1). + */ + +void +ntru_trits_2_octet( + uint8_t const *trits, /* in - pointer to trits */ + uint8_t *octet) /* out - address for octet */ +{ + int i; + + assert(trits); + assert(octet); + + *octet = 0; + for (i = 4; i >= 0; i--) { + *octet = (*octet * 3) + trits[i]; + } +} + + +/* ntru_octet_2_trits + * + * Unpacks an octet to 5 trits, where a trit is 0, 1, or 2 (-1). + */ + +void +ntru_octet_2_trits( + uint8_t octet, /* in - octet to be unpacked */ + uint8_t *trits) /* out - address for trits */ +{ + int i; + + assert(trits); + + for (i = 0; i < 5; i++) { + trits[i] = octet % 3; + octet = (octet - trits[i]) / 3; + } +} + + +/* ntru_indices_2_trits + * + * Converts a list of the nonzero indices of a polynomial into an array of + * trits. + */ + +void +ntru_indices_2_trits( + uint16_t in_len, /* in - no. of indices */ + uint16_t const *in, /* in - pointer to list of indices */ + bool plus1, /* in - if list is +1 cofficients */ + uint8_t *out) /* out - address of output polynomial */ +{ + uint8_t trit = plus1 ? 1 : 2; + uint16_t i; + + assert(in); + assert(out); + + for (i = 0; i < in_len; i++) { + out[in[i]] = trit; + } +} + + +/* ntru_packed_trits_2_indices + * + * Unpacks an array of N trits and creates a list of array indices + * corresponding to trits = +1, and list of array indices corresponding to + * trits = -1. + */ + +void +ntru_packed_trits_2_indices( + uint8_t const *in, /* in - pointer to packed-trit octets */ + uint16_t num_trits, /* in - no. of packed trits */ + uint16_t *indices_plus1, /* out - address for indices of +1 trits */ + uint16_t *indices_minus1) /* out - address for indices of -1 trits */ +{ + uint8_t trits[5]; + uint16_t i = 0; + int j; + + assert(in); + assert(indices_plus1); + assert(indices_minus1); + + while (num_trits >= 5) { + ntru_octet_2_trits(*in++, trits); + num_trits -= 5; + for (j = 0; j < 5; j++, i++) { + if (trits[j] == 1) { + *indices_plus1 = i; + ++indices_plus1; + } else if (trits[j] == 2) { + *indices_minus1 = i; + ++indices_minus1; + } + } + } + if (num_trits) { + ntru_octet_2_trits(*in, trits); + for (j = 0; num_trits && (j < 5); j++, i++) { + if (trits[j] == 1) { + *indices_plus1 = i; + ++indices_plus1; + } else if (trits[j] == 2) { + *indices_minus1 = i; + ++indices_minus1; + } + --num_trits; + } + } +} + + +/* ntru_indices_2_packed_trits + * + * Takes a list of array indices corresponding to elements whose values + * are +1 or -1, and packs the N-element array of trits described by these + * lists into octets, 5 trits per octet. + */ + +void +ntru_indices_2_packed_trits( + uint16_t const *indices, /* in - pointer to indices */ + uint16_t num_plus1, /* in - no. of indices for +1 trits */ + uint16_t num_minus1, /* in - no. of indices for -1 trits */ + uint16_t num_trits, /* in - N, no. of trits in array */ + uint8_t *buf, /* in - temp buf, N octets */ + uint8_t *out) /* out - address for packed octets */ +{ + assert(indices); + assert(buf); + assert(out); + + /* convert indices to an array of trits */ + + memset(buf, 0, num_trits); + ntru_indices_2_trits(num_plus1, indices, TRUE, buf); + ntru_indices_2_trits(num_minus1, indices + num_plus1, FALSE, buf); + + /* pack the array of trits */ + + while (num_trits >= 5) { + ntru_trits_2_octet(buf, out); + num_trits -= 5; + buf += 5; + ++out; + } + if (num_trits) { + uint8_t trits[5]; + + memcpy(trits, buf, num_trits); + memset(trits + num_trits, 0, sizeof(trits) - num_trits); + ntru_trits_2_octet(trits, out); + } +} + + +/* ntru_elements_2_octets + * + * Packs an array of n-bit elements into an array of + * ((in_len * n_bits) + 7) / 8 octets, 8 < n_bits < 16. + */ + +void +ntru_elements_2_octets( + uint16_t in_len, /* in - no. of elements to be packed */ + uint16_t const *in, /* in - ptr to elements to be packed */ + uint8_t n_bits, /* in - no. of bits in input element */ + uint8_t *out) /* out - addr for output octets */ +{ + uint16_t temp; + int shift; + uint16_t i; + + assert(in_len); + assert(in); + assert((n_bits > 8) && (n_bits < 16)); + assert(out); + + /* pack */ + + temp = 0; + shift = n_bits - 8; + i = 0; + while (i < in_len) { + + /* add bits to temp to fill an octet and output the octet */ + + temp |= in[i] >> shift; + *out++ = (uint8_t)(temp & 0xff); + shift = 8 - shift; + if (shift < 1) { + + /* next full octet is in current input word */ + + shift += n_bits; + temp = 0; + + } else { + + /* put remaining bits of input word in temp as partial octet, + * and increment index to next input word + */ + temp = in[i] << (uint16_t)shift; + + ++i; + } + shift = n_bits - shift; + } + + /* output any bits remaining in last input word */ + + if (shift != n_bits - 8) { + *out++ = (uint8_t)(temp & 0xff); + } +} + + +/* ntru_octets_2_elements + * + * Unpacks an octet string into an array of ((in_len * 8) / n_bits) + * n-bit elements, 8 < n_bits < 16. Any extra bits are discarded. + */ + +void +ntru_octets_2_elements( + uint16_t in_len, /* in - no. of octets to be unpacked */ + uint8_t const *in, /* in - ptr to octets to be unpacked */ + uint8_t n_bits, /* in - no. of bits in output element */ + uint16_t *out) /* out - addr for output elements */ +{ + uint16_t temp; + uint16_t mask = (1 << n_bits) - 1; + int shift; + uint16_t i; + + assert(in_len > 1); + assert(in); + assert((n_bits > 8) && (n_bits < 16)); + assert(out); + + /* unpack */ + + temp = 0; + shift = n_bits; + i = 0; + while (i < in_len) { + shift = 8 - shift; + if (shift < 0) { + + /* the current octet will not fill the current element */ + + shift += n_bits; + + } else { + + /* add bits from the current octet to fill the current element and + * output the element + */ + + temp |= ((uint16_t)in[i]) >> shift; + *out++ = temp & mask; + temp = 0; + } + + /* add the remaining bits of the current octet to start an element */ + + shift = n_bits - shift; + temp |= ((uint16_t)in[i]) << shift; + ++i; + } +} + + diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.h new file mode 100644 index 000000000..1c4b35b24 --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_convert.h @@ -0,0 +1,183 @@ +/****************************************************************************** + * NTRU Cryptography Reference Source Code + * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. + * + * ntru_crypto_ntru_convert.h is a component of ntru-crypto. + * + * Copyright (C) 2009-2013 Security Innovation + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + *****************************************************************************/ + +/****************************************************************************** + * + * File: ntru_crypto_ntru_convert.h + * + * Contents: Definitions and declarations for conversion routines + * for NTRUEncrypt, including packing, unpacking and others. + * + *****************************************************************************/ + +#ifndef NTRU_CRYPTO_NTRU_CONVERT_H +#define NTRU_CRYPTO_NTRU_CONVERT_H + +#include "ntru_crypto.h" + + +/* function declarations */ + +/* ntru_bits_2_trits + * + * Each 3 bits in an array of octets is converted to 2 trits in an array + * of trits. + */ + +extern void +ntru_bits_2_trits( + uint8_t const *octets, /* in - pointer to array of octets */ + uint16_t num_trits, /* in - number of trits to produce */ + uint8_t *trits); /* out - address for array of trits */ + + +/* ntru_trits_2_bits + * + * Each 2 trits in an array of trits is converted to 3 bits, and the bits + * are packed in an array of octets. A multiple of 3 octets is output. + * Any bits in the final octets not derived from trits are zero. + * + * Returns TRUE if all trits were valid. + * Returns FALSE if invalid trits were found. + */ + +extern bool +ntru_trits_2_bits( + uint8_t const *trits, /* in - pointer to array of trits */ + uint32_t num_trits, /* in - number of trits to convert */ + uint8_t *octets); /* out - address for array of octets */ + + +/* ntru_coeffs_mod4_2_octets + * + * Takes an array of coefficients mod 4 and packs the results into an + * octet string. + */ + +extern void +ntru_coeffs_mod4_2_octets( + uint16_t num_coeffs, /* in - number of coefficients */ + uint16_t const *coeffs, /* in - pointer to coefficients */ + uint8_t *octets); /* out - address for octets */ + + +/* ntru_trits_2_octet + * + * Packs 5 trits in an octet, where a trit is 0, 1, or 2 (-1). + */ + +extern void +ntru_trits_2_octet( + uint8_t const *trits, /* in - pointer to trits */ + uint8_t *octet); /* out - address for octet */ + + +/* ntru_octet_2_trits + * + * Unpacks an octet to 5 trits, where a trit is 0, 1, or 2 (-1). + */ + +extern void +ntru_octet_2_trits( + uint8_t octet, /* in - octet to be unpacked */ + uint8_t *trits); /* out - address for trits */ + + +/* ntru_indices_2_trits + * + * Converts a list of the nonzero indices of a polynomial into an array of + * trits. + */ + +extern void +ntru_indices_2_trits( + uint16_t in_len, /* in - no. of indices */ + uint16_t const *in, /* in - pointer to list of indices */ + bool plus1, /* in - if list is +1 coefficients */ + uint8_t *out); /* out - address of output polynomial */ + + +/* ntru_packed_trits_2_indices + * + * Unpacks an array of N trits and creates a list of array indices + * corresponding to trits = +1, and list of array indices corresponding to + * trits = -1. + */ + +extern void +ntru_packed_trits_2_indices( + uint8_t const *in, /* in - pointer to packed-trit octets */ + uint16_t num_trits, /* in - no. of packed trits */ + uint16_t *indices_plus1, /* out - address for indices of +1 trits */ + uint16_t *indices_minus1); /* out - address for indices of -1 trits */ + + +/* ntru_indices_2_packed_trits + * + * Takes a list of array indices corresponding to elements whose values + * are +1 or -1, and packs the N-element array of trits described by these + * lists into octets, 5 trits per octet. + */ + +extern void +ntru_indices_2_packed_trits( + uint16_t const *indices, /* in - pointer to indices */ + uint16_t num_plus1, /* in - no. of indices for +1 trits */ + uint16_t num_minus1, /* in - no. of indices for -1 trits */ + uint16_t num_trits, /* in - N, no. of trits in array */ + uint8_t *buf, /* in - temp buf, N octets */ + uint8_t *out); /* out - address for packed octets */ + + +/* ntru_elements_2_octets + * + * Packs an array of n-bit elements into an array of + * ((in_len * n_bits) + 7) / 8 octets, 8 < n_bits < 16. + */ + +extern void +ntru_elements_2_octets( + uint16_t in_len, /* in - no. of elements to be packed */ + uint16_t const *in, /* in - ptr to elements to be packed */ + uint8_t n_bits, /* in - no. of bits in input element */ + uint8_t *out); /* out - addr for output octets */ + + +/* ntru_octets_2_elements + * + * Unpacks an octet string into an array of ((in_len * 8) / n_bits) + * n-bit elements, 8 < n < 16. Any extra bits are discarded. + */ + +extern void +ntru_octets_2_elements( + uint16_t in_len, /* in - no. of octets to be unpacked */ + uint8_t const *in, /* in - ptr to octets to be unpacked */ + uint8_t n_bits, /* in - no. of bits in output element */ + uint16_t *out); /* out - addr for output elements */ + + +#endif /* NTRU_CRYPTO_NTRU_CONVERT_H */ + + diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c new file mode 100644 index 000000000..dba81915a --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt.c @@ -0,0 +1,1034 @@ +/****************************************************************************** + * NTRU Cryptography Reference Source Code + * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. + * + * ntru_crypto_ntru_encrypt.c is a component of ntru-crypto. + * + * Copyright (C) 2009-2013 Security Innovation + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + *****************************************************************************/ + +/****************************************************************************** + * + * File: ntru_crypto_ntru_encrypt.c + * + * Contents: Routines implementing NTRUEncrypt encryption and decryption and + * key generation. + * + *****************************************************************************/ + + +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include "ntru_crypto.h" +#include "ntru_crypto_ntru_encrypt_param_sets.h" +#include "ntru_crypto_ntru_encrypt_key.h" +#include "ntru_crypto_ntru_convert.h" +#include "ntru_crypto_ntru_poly.h" +# +#include "ntru_trits.h" +#include "ntru_poly.h" + +/* ntru_crypto_ntru_encrypt + * + * Implements NTRU encryption (SVES) for the parameter set specified in + * the public key blob. + * + * Before invoking this function, a DRBG must be instantiated using + * ntru_crypto_drbg_instantiate() to obtain a DRBG handle, and in that + * instantiation the requested security strength must be at least as large + * as the security strength of the NTRU parameter set being used. + * Failure to instantiate the DRBG with the proper security strength will + * result in this function returning DRBG_ERROR_BASE + DRBG_BAD_LENGTH. + * + * The required minimum size of the output ciphertext buffer (ct) may be + * queried by invoking this function with ct = NULL. In this case, no + * encryption is performed, NTRU_OK is returned, and the required minimum + * size for ct is returned in ct_len. + * + * When ct != NULL, at invocation *ct_len must be the size of the ct buffer. + * Upon return it is the actual size of the ciphertext. + * + * Returns NTRU_OK if successful. + * Returns NTRU_DRBG_FAIL if the DRBG handle is invalid. + * Returns NTRU_BAD_PARAMETER if an argument pointer (other than ct) is NULL. + * Returns NTRU_BAD_LENGTH if a length argument (pubkey_blob_len or pt_len) is + * zero, or if pt_len exceeds the maximum plaintext length for the parameter set. + * Returns NTRU_BAD_PUBLIC_KEY if the public-key blob is invalid + * (unknown format, corrupt, bad length). + * Returns NTRU_BUFFER_TOO_SMALL if the ciphertext buffer is too small. + * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap. + */ + +uint32_t +ntru_crypto_ntru_encrypt( + ntru_drbg_t *drbg, /* in - handle of DRBG */ + uint16_t pubkey_blob_len, /* in - no. of octets in public key + blob */ + uint8_t const *pubkey_blob, /* in - pointer to public key */ + uint16_t pt_len, /* in - no. of octets in plaintext */ + uint8_t const *pt, /* in - pointer to plaintext */ + uint16_t *ct_len, /* in/out - no. of octets in ct, addr for + no. of octets in ciphertext */ + uint8_t *ct) /* out - address for ciphertext */ +{ + NTRU_ENCRYPT_PARAM_SET *params = NULL; + uint8_t const *pubkey_packed = NULL; + uint8_t pubkey_pack_type = 0x00; + uint16_t packed_ct_len; + size_t scratch_buf_len; + uint32_t dr; + uint32_t dr1 = 0; + uint32_t dr2 = 0; + uint32_t dr3 = 0; + uint16_t ring_mult_tmp_len; + int16_t m1 = 0; + uint16_t *scratch_buf = NULL; + uint16_t *ringel_buf = NULL; + uint8_t *b_buf = NULL; + uint8_t *tmp_buf = NULL; + bool msg_rep_good = FALSE; + hash_algorithm_t hash_algid; + uint16_t mprime_len = 0; + uint16_t mod_q_mask; + uint32_t result = NTRU_OK; + ntru_trits_t *mask; + uint8_t *mask_trits; + chunk_t seed; + ntru_poly_t *r_poly; + + /* check for bad parameters */ + + if (!pubkey_blob || !pt || !ct_len) + { + return NTRU_BAD_PARAMETER; + } + if ((pubkey_blob_len == 0) || (pt_len == 0)) + { + return NTRU_BAD_LENGTH; + } + + /* get a pointer to the parameter-set parameters, the packing type for + * the public key, and a pointer to the packed public key + */ + + if (!ntru_crypto_ntru_encrypt_key_parse(TRUE /* pubkey */, pubkey_blob_len, + pubkey_blob, &pubkey_pack_type, + NULL, ¶ms, &pubkey_packed, + NULL)) + { + return NTRU_BAD_PUBLIC_KEY; + } + + /* return the ciphertext size if requested */ + + packed_ct_len = (params->N * params->q_bits + 7) >> 3; + if (!ct) + { + *ct_len = packed_ct_len; + return NTRU_OK; + } + + /* check the ciphertext buffer size */ + + if (*ct_len < packed_ct_len) + { + return NTRU_BUFFER_TOO_SMALL; + } + + /* check the plaintext length */ + + if (pt_len > params->m_len_max) + { + return NTRU_BAD_LENGTH; + } + + /* allocate memory for all operations */ + + if (params->is_product_form) + { + ring_mult_tmp_len = params->N << 1; /* 2N 16-bit word buffer */ + dr1 = params->dF_r & 0xff; + dr2 = (params->dF_r >> 8) & 0xff; + dr3 = (params->dF_r >> 16) & 0xff; + dr = dr1 + dr2 + dr3; + } + else + { + ring_mult_tmp_len = params->N; /* N 16-bit word buffer */ + dr = params->dF_r; + } + scratch_buf_len = (ring_mult_tmp_len << 1) + + /* X-byte temp buf for ring mult and + other intermediate results */ + (params->N << 1) + /* 2N-byte buffer for ring elements + and overflow from temp buffer */ + (dr << 2) + /* buffer for r indices */ + params->sec_strength_len; + /* buffer for b */ + scratch_buf = malloc(scratch_buf_len); + if (!scratch_buf) + { + return NTRU_OUT_OF_MEMORY; + } + ringel_buf = scratch_buf + ring_mult_tmp_len; + b_buf = (uint8_t *)(ringel_buf + params->N); + tmp_buf = (uint8_t *)scratch_buf; + + /* set hash algorithm based on security strength */ + hash_algid = (params->sec_strength_len <= 20) ? HASH_SHA1 : HASH_SHA256; + + /* set constants */ + mod_q_mask = params->q - 1; + + /* loop until a message representative with proper weight is achieved */ + + do { + uint8_t *ptr = tmp_buf; + + /* get b */ + if (drbg->generate(drbg, params->sec_strength_len * BITS_PER_BYTE, + params->sec_strength_len, b_buf)) + { + result = NTRU_OK; + } + else + { + result = NTRU_FAIL; + } + + if (result == NTRU_OK) + { + + /* form sData (OID || m || b || hTrunc) */ + memcpy(ptr, params->OID, 3); + ptr += 3; + memcpy(ptr, pt, pt_len); + ptr += pt_len; + memcpy(ptr, b_buf, params->sec_strength_len); + ptr += params->sec_strength_len; + memcpy(ptr, pubkey_packed, params->sec_strength_len); + ptr += params->sec_strength_len; + + DBG2(DBG_LIB, "generate polynomial r"); + + seed = chunk_create(tmp_buf, ptr - tmp_buf); + r_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits, + params->N, params->q, + params->dF_r, params->dF_r, + params->is_product_form); + if (!r_poly) + { + result = NTRU_MGF1_FAIL; + } + } + + if (result == NTRU_OK) + { + uint16_t pubkey_packed_len; + + /* unpack the public key */ + assert(pubkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS); + pubkey_packed_len = (params->N * params->q_bits + 7) >> 3; + ntru_octets_2_elements(pubkey_packed_len, pubkey_packed, + params->q_bits, ringel_buf); + + /* form R = h * r */ + r_poly->ring_mult(r_poly, ringel_buf, ringel_buf); + r_poly->destroy(r_poly); + + /* form R mod 4 */ + ntru_coeffs_mod4_2_octets(params->N, ringel_buf, tmp_buf); + + /* form mask */ + seed = chunk_create(tmp_buf, (params->N + 3)/4); + mask = ntru_trits_create(params->N, hash_algid, seed); + if (!mask) + { + result = NTRU_MGF1_FAIL; + } + } + + if (result == NTRU_OK) + { + uint8_t *Mtrin_buf = tmp_buf + params->N; + uint8_t *M_buf = Mtrin_buf + params->N - + (params->sec_strength_len + params->m_len_len + + params->m_len_max + 2); + uint16_t i; + + /* form the padded message M */ + ptr = M_buf; + memcpy(ptr, b_buf, params->sec_strength_len); + ptr += params->sec_strength_len; + if (params->m_len_len == 2) + *ptr++ = (uint8_t)((pt_len >> 8) & 0xff); + *ptr++ = (uint8_t)(pt_len & 0xff); + memcpy(ptr, pt, pt_len); + ptr += pt_len; + + /* add an extra zero byte in case without it the bit string + * is not a multiple of 3 bits and therefore might not be + * able to produce enough trits + */ + + memset(ptr, 0, params->m_len_max - pt_len + 2); + + /* convert M to trits (Mbin to Mtrin) */ + mprime_len = params->N; + if (params->is_product_form) + { + --mprime_len; + } + + ntru_bits_2_trits(M_buf, mprime_len, Mtrin_buf); + mask_trits = mask->get_trits(mask); + + /* form the msg representative m' by adding Mtrin to mask, mod p */ + if (params->is_product_form) + { + for (i = 0; i < mprime_len; i++) + { + tmp_buf[i] = mask_trits[i] + Mtrin_buf[i]; + if (tmp_buf[i] >= 3) + { + tmp_buf[i] -= 3; + } + if (tmp_buf[i] == 1) + { + ++m1; + } + else if (tmp_buf[i] == 2) + { + --m1; + } + } + } + else + { + for (i = 0; i < mprime_len; i++) + { + tmp_buf[i] = mask_trits[i] + Mtrin_buf[i]; + if (tmp_buf[i] >= 3) + { + tmp_buf[i] -= 3; + } + } + } + mask->destroy(mask); + + /* check that message representative meets minimum weight + * requirements + */ + + if (params->is_product_form) + msg_rep_good = m1 < 0 ? (bool)(-m1 <= params->min_msg_rep_wt) : + (bool)( m1 <= params->min_msg_rep_wt); + else + msg_rep_good = ntru_poly_check_min_weight(mprime_len, tmp_buf, + params->min_msg_rep_wt); + msg_rep_good = TRUE; + } + } while ((result == NTRU_OK) && !msg_rep_good); + + if (result == NTRU_OK) + { + uint16_t i; + + /* form ciphertext e by adding m' to R mod q */ + + for (i = 0; i < mprime_len; i++) { + if (tmp_buf[i] == 1) + ringel_buf[i] = (ringel_buf[i] + 1) & mod_q_mask; + else if (tmp_buf[i] == 2) + ringel_buf[i] = (ringel_buf[i] - 1) & mod_q_mask; + } + if (params->is_product_form) + ringel_buf[i] = (ringel_buf[i] - m1) & mod_q_mask; + + /* pack ciphertext */ + ntru_elements_2_octets(params->N, ringel_buf, params->q_bits, ct); + *ct_len = packed_ct_len; + } + + /* cleanup */ + memset(scratch_buf, 0, scratch_buf_len); + free(scratch_buf); + + return result; +} + + +/* ntru_crypto_ntru_decrypt + * + * Implements NTRU decryption (SVES) for the parameter set specified in + * the private key blob. + * + * The maximum size of the output plaintext may be queried by invoking + * this function with pt = NULL. In this case, no decryption is performed, + * NTRU_OK is returned, and the maximum size the plaintext could be is + * returned in pt_len. + * Note that until the decryption is performed successfully, the actual size + * of the resulting plaintext cannot be known. + * + * When pt != NULL, at invocation *pt_len must be the size of the pt buffer. + * Upon return it is the actual size of the plaintext. + * + * Returns NTRU_OK if successful. + * Returns NTRU_BAD_PARAMETER if an argument pointer (other than pt) is NULL. + * Returns NTRU_BAD_LENGTH if a length argument (privkey_blob) is zero, or if + * ct_len is invalid for the parameter set. + * Returns NTRU_BAD_PRIVATE_KEY if the private-key blob is invalid + * (unknown format, corrupt, bad length). + * Returns NTRU_BUFFER_TOO_SMALL if the plaintext buffer is too small. + * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap. + * Returns NTRU_FAIL if a decryption error occurs. + */ + +uint32_t +ntru_crypto_ntru_decrypt( + uint16_t privkey_blob_len, /* in - no. of octets in private key + blob */ + uint8_t const *privkey_blob, /* in - pointer to private key */ + uint16_t ct_len, /* in - no. of octets in ciphertext */ + uint8_t const *ct, /* in - pointer to ciphertext */ + uint16_t *pt_len, /* in/out - no. of octets in pt, addr for + no. of octets in plaintext */ + uint8_t *pt) /* out - address for plaintext */ +{ + NTRU_ENCRYPT_PARAM_SET *params = NULL; + uint8_t const *privkey_packed = NULL; + uint8_t const *pubkey_packed = NULL; + uint8_t privkey_pack_type = 0x00; + uint8_t pubkey_pack_type = 0x00; + size_t scratch_buf_len; + uint32_t dF_r; + uint32_t dF_r1 = 0; + uint32_t dF_r2 = 0; + uint32_t dF_r3 = 0; + uint16_t ring_mult_tmp_len; + int16_t m1 = 0; + uint16_t *scratch_buf = NULL; + uint16_t *ringel_buf1 = NULL; + uint16_t *ringel_buf2 = NULL; + uint16_t *i_buf = NULL; + uint8_t *m_buf = NULL; + uint8_t *tmp_buf = NULL; + uint8_t *Mtrin_buf = NULL; + uint8_t *M_buf = NULL; + uint8_t *ptr = NULL; + hash_algorithm_t hash_algid; + uint16_t cmprime_len; + uint16_t mod_q_mask; + uint16_t q_mod_p; + uint16_t cm_len = 0; + uint16_t num_zeros; + uint16_t i; + bool decryption_ok = TRUE; + uint32_t result = NTRU_OK; + ntru_trits_t *mask; + uint8_t *mask_trits; + chunk_t seed; + ntru_poly_t *F_poly, *r_poly; + + /* check for bad parameters */ + if (!privkey_blob || !ct || !pt_len) + { + return NTRU_BAD_PARAMETER; + } + if ((privkey_blob_len == 0) || (ct_len == 0)) + { + return NTRU_BAD_LENGTH; + } + + /* get a pointer to the parameter-set parameters, the packing types for + * the public and private keys, and pointers to the packed public and + * private keys + */ + + if (!ntru_crypto_ntru_encrypt_key_parse(FALSE /* privkey */, + privkey_blob_len, + privkey_blob, &pubkey_pack_type, + &privkey_pack_type, ¶ms, + &pubkey_packed, &privkey_packed)) + { + return NTRU_BAD_PRIVATE_KEY; + } + + /* return the max plaintext size if requested */ + + if (!pt) + { + *pt_len = params->m_len_max; + return NTRU_OK; + } + + /* cannot check the plaintext buffer size until after the plaintext + * is derived, if we allow plaintext buffers only as large as the + * actual plaintext + */ + + /* check the ciphertext length */ + + if (ct_len != (params->N * params->q_bits + 7) >> 3) + { + return NTRU_BAD_LENGTH; + } + + /* allocate memory for all operations */ + + if (params->is_product_form) + { + ring_mult_tmp_len = params->N << 1; /* 2N 16-bit word buffer */ + dF_r1 = params->dF_r & 0xff; + dF_r2 = (params->dF_r >> 8) & 0xff; + dF_r3 = (params->dF_r >> 16) & 0xff; + dF_r = dF_r1 + dF_r2 + dF_r3; + } else { + ring_mult_tmp_len = params->N; /* N 16-bit word buffer */ + dF_r = params->dF_r; + } + scratch_buf_len = (ring_mult_tmp_len << 1) + + /* X-byte temp buf for ring mult and + other intermediate results */ + (params->N << 2) + /* 2 2N-byte bufs for ring elements + and overflow from temp buffer */ + (dF_r << 2) + /* buffer for F, r indices */ + params->m_len_max; /* buffer for plaintext */ + scratch_buf = malloc(scratch_buf_len); + if (!scratch_buf) + { + return NTRU_OUT_OF_MEMORY; + } + ringel_buf1 = scratch_buf + ring_mult_tmp_len; + ringel_buf2 = ringel_buf1 + params->N; + i_buf = ringel_buf2 + params->N; + m_buf = (uint8_t *)(i_buf + (dF_r << 1)); + tmp_buf = (uint8_t *)scratch_buf; + Mtrin_buf = (uint8_t *)ringel_buf1; + M_buf = Mtrin_buf + params->N; + + /* set hash algorithm based on security strength */ + hash_algid = (params->sec_strength_len <= 20) ? HASH_SHA1 : HASH_SHA256; + + /* set constants */ + mod_q_mask = params->q - 1; + q_mod_p = params->q % 3; + + /* unpack the ciphertext */ + ntru_octets_2_elements(ct_len, ct, params->q_bits, ringel_buf2); + + /* unpack the private key */ + if (privkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_TRITS) + { + ntru_packed_trits_2_indices(privkey_packed, params->N, i_buf, + i_buf + dF_r); + + } + else if (privkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_INDICES) + { + ntru_octets_2_elements( + (((uint16_t)dF_r << 1) * params->N_bits + 7) >> 3, + privkey_packed, params->N_bits, i_buf); + + } + else + { + assert(FALSE); + } + + /* form cm': + * F * e + * A = e * (1 + pF) mod q = e + pFe mod q + * a = A in the range [-q/2, q/2) + * cm' = a mod p + */ + F_poly = ntru_poly_create_from_data(i_buf, params->N, params->q, + params->dF_r, params->dF_r, + params->is_product_form); + F_poly->ring_mult(F_poly, ringel_buf2, ringel_buf1); + F_poly->destroy(F_poly); + + cmprime_len = params->N; + if (params->is_product_form) + { + --cmprime_len; + for (i = 0; i < cmprime_len; i++) + { + ringel_buf1[i] = (ringel_buf2[i] + 3 * ringel_buf1[i]) & mod_q_mask; + if (ringel_buf1[i] >= (params->q >> 1)) + { + ringel_buf1[i] = ringel_buf1[i] - q_mod_p; + } + Mtrin_buf[i] = (uint8_t)(ringel_buf1[i] % 3); + if (Mtrin_buf[i] == 1) + { + ++m1; + } + else if (Mtrin_buf[i] == 2) + { + --m1; + } + } + } + else + { + for (i = 0; i < cmprime_len; i++) + { + ringel_buf1[i] = (ringel_buf2[i] + 3 * ringel_buf1[i]) & mod_q_mask; + if (ringel_buf1[i] >= (params->q >> 1)) + { + ringel_buf1[i] = ringel_buf1[i] - q_mod_p; + } + Mtrin_buf[i] = (uint8_t)(ringel_buf1[i] % 3); + } + } + + /* check that the candidate message representative meets minimum weight + * requirements + */ + + if (params->is_product_form) + { + decryption_ok = m1 < 0 ? (bool)(-m1 <= params->min_msg_rep_wt) : + (bool)( m1 <= params->min_msg_rep_wt); + } + else + { + decryption_ok = ntru_poly_check_min_weight(cmprime_len, Mtrin_buf, + params->min_msg_rep_wt); + } + + /* form cR = e - cm' mod q */ + for (i = 0; i < cmprime_len; i++) + { + if (Mtrin_buf[i] == 1) + { + ringel_buf2[i] = (ringel_buf2[i] - 1) & mod_q_mask; + } + else if (Mtrin_buf[i] == 2) + { + ringel_buf2[i] = (ringel_buf2[i] + 1) & mod_q_mask; + } + } + if (params->is_product_form) + { + ringel_buf2[i] = (ringel_buf2[i] + m1) & mod_q_mask; + } + + /* form cR mod 4 */ + ntru_coeffs_mod4_2_octets(params->N, ringel_buf2, tmp_buf); + + /* form mask */ + seed = chunk_create(tmp_buf, (params->N + 3)/4); + mask = ntru_trits_create(params->N, hash_algid, seed); + if (!mask) + { + result = NTRU_MGF1_FAIL; + } + else + { + mask_trits = mask->get_trits(mask); + + /* form cMtrin by subtracting mask from cm', mod p */ + for (i = 0; i < cmprime_len; i++) + { + Mtrin_buf[i] = Mtrin_buf[i] - mask_trits[i]; + if (Mtrin_buf[i] >= 3) + { + Mtrin_buf[i] += 3; + } + } + mask->destroy(mask); + + if (params->is_product_form) + + /* set the last trit to zero since that's what it was, and + * because it can't be calculated from (cm' - mask) since + * we don't have the correct value for the last cm' trit + */ + + Mtrin_buf[i] = 0; + + /* convert cMtrin to cM (Mtrin to Mbin) */ + + if (!ntru_trits_2_bits(Mtrin_buf, params->N, M_buf)) + decryption_ok = FALSE; + + /* validate the padded message cM and copy cm to m_buf */ + + ptr = M_buf + params->sec_strength_len; + if (params->m_len_len == 2) + cm_len = (uint16_t)(*ptr++) << 16; + cm_len |= (uint16_t)(*ptr++); + if (cm_len > params->m_len_max) { + cm_len = params->m_len_max; + decryption_ok = FALSE; + } + memcpy(m_buf, ptr, cm_len); + ptr += cm_len; + num_zeros = params->m_len_max - cm_len + 1; + for (i = 0; i < num_zeros; i++) { + if (ptr[i] != 0) + decryption_ok = FALSE; + } + + /* form sData (OID || m || b || hTrunc) */ + + ptr = tmp_buf; + memcpy(ptr, params->OID, 3); + ptr += 3; + memcpy(ptr, m_buf, cm_len); + ptr += cm_len; + memcpy(ptr, M_buf, params->sec_strength_len); + ptr += params->sec_strength_len; + memcpy(ptr, pubkey_packed, params->sec_strength_len); + ptr += params->sec_strength_len; + + /* generate cr */ + DBG2(DBG_LIB, "generate polynomial r"); + + seed = chunk_create(tmp_buf, ptr - tmp_buf); + r_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits, + params->N, params->q, + params->dF_r, params->dF_r, + params->is_product_form); + if (!r_poly) + { + result = NTRU_MGF1_FAIL; + } + } + + if (result == NTRU_OK) + { + /* unpack the public key */ + { + uint16_t pubkey_packed_len; + + assert(pubkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS); + pubkey_packed_len = (params->N * params->q_bits + 7) >> 3; + ntru_octets_2_elements(pubkey_packed_len, pubkey_packed, + params->q_bits, ringel_buf1); + } + + /* form cR' = h * cr */ + r_poly->ring_mult(r_poly, ringel_buf1, ringel_buf1); + r_poly->destroy(r_poly); + + /* compare cR' to cR */ + for (i = 0; i < params->N; i++) + { + if (ringel_buf1[i] != ringel_buf2[i]) + { + decryption_ok = FALSE; + } + } + + /* output plaintext and plaintext length */ + if (decryption_ok) + { + if (*pt_len < cm_len) + { + return NTRU_BUFFER_TOO_SMALL; + } + memcpy(pt, m_buf, cm_len); + *pt_len = cm_len; + } + } + + /* cleanup */ + memset(scratch_buf, 0, scratch_buf_len); + free(scratch_buf); + + if (!decryption_ok) + { + return NTRU_FAIL; + } + + return result; +} + + +/* ntru_crypto_ntru_encrypt_keygen + * + * Implements key generation for NTRUEncrypt for the parameter set specified. + * + * The required minimum size of the output public-key buffer (pubkey_blob) + * may be queried by invoking this function with pubkey_blob = NULL. + * In this case, no key generation is performed, NTRU_OK is returned, and + * the required minimum size for pubkey_blob is returned in pubkey_blob_len. + * + * The required minimum size of the output private-key buffer (privkey_blob) + * may be queried by invoking this function with privkey_blob = NULL. + * In this case, no key generation is performed, NTRU_OK is returned, and + * the required minimum size for privkey_blob is returned in privkey_blob_len. + * + * The required minimum sizes of both pubkey_blob and privkey_blob may be + * queried as described above, in a single invocation of this function. + * + * When pubkey_blob != NULL and privkey_blob != NULL, at invocation + * *pubkey_blob_len must be the size of the pubkey_blob buffer and + * *privkey_blob_len must be the size of the privkey_blob buffer. + * Upon return, *pubkey_blob_len is the actual size of the public-key blob + * and *privkey_blob_len is the actual size of the private-key blob. + * + * Returns NTRU_OK if successful. + * Returns NTRU_BAD_PARAMETER if an argument pointer (other than pubkey_blob or + * privkey_blob) is NULL. + * Returns NTRU_INVALID_PARAMETER_SET if the parameter-set ID is invalid. + * Returns NTRU_BAD_LENGTH if a length argument is invalid. + * Returns NTRU_BUFFER_TOO_SMALL if either the pubkey_blob buffer or the + * privkey_blob buffer is too small. + * Returns NTRU_NO_MEMORY if memory needed cannot be allocated from the heap. + * Returns NTRU_FAIL if the polynomial generated for f is not invertible in + * (Z/qZ)[X]/(X^N - 1), which is extremely unlikely. + * Should this occur, this function should simply be invoked again. + */ + +uint32_t +ntru_crypto_ntru_encrypt_keygen( + ntru_drbg_t *drbg, /* in - handle of DRBG */ + NTRU_ENCRYPT_PARAM_SET_ID param_set_id, /* in - parameter set ID */ + uint16_t *pubkey_blob_len, /* in/out - no. of octets in + pubkey_blob, addr + for no. of octets + in pubkey_blob */ + uint8_t *pubkey_blob, /* out - address for + public key blob */ + uint16_t *privkey_blob_len, /* in/out - no. of octets in + privkey_blob, addr + for no. of octets + in privkey_blob */ + uint8_t *privkey_blob) /* out - address for + private key blob */ +{ + NTRU_ENCRYPT_PARAM_SET *params = NULL; + uint16_t public_key_blob_len; + uint16_t private_key_blob_len; + uint8_t pubkey_pack_type; + uint8_t privkey_pack_type; + size_t scratch_buf_len; + uint32_t dF; + uint32_t dF1 = 0; + uint32_t dF2 = 0; + uint32_t dF3 = 0; + uint16_t *scratch_buf = NULL; + uint16_t *ringel_buf1 = NULL; + uint16_t *ringel_buf2 = NULL; + uint8_t *tmp_buf = NULL; + uint16_t mod_q_mask; + hash_algorithm_t hash_algid; + uint16_t seed_len; + chunk_t seed; + uint32_t result = NTRU_OK; + ntru_poly_t *F_poly = NULL; + ntru_poly_t *g_poly = NULL; + uint16_t *F_indices; + + /* get a pointer to the parameter-set parameters */ + + if ((params = ntru_encrypt_get_params_with_id(param_set_id)) == NULL) + { + return NTRU_INVALID_PARAMETER_SET; + } + + /* check for bad parameters */ + + if (!pubkey_blob_len || !privkey_blob_len) + { + return NTRU_BAD_PARAMETER; + } + + /* get public and private key packing types and blob lengths */ + + ntru_crypto_ntru_encrypt_key_get_blob_params(params, &pubkey_pack_type, + &public_key_blob_len, + &privkey_pack_type, + &private_key_blob_len); + + /* return the pubkey_blob size and/or privkey_blob size if requested */ + + if (!pubkey_blob || !privkey_blob) + { + if (!pubkey_blob) + *pubkey_blob_len = public_key_blob_len; + if (!privkey_blob) + *privkey_blob_len = private_key_blob_len; + return NTRU_OK; + } + + /* check size of output buffers */ + + if ((*pubkey_blob_len < public_key_blob_len) || + (*privkey_blob_len < private_key_blob_len)) + { + return NTRU_BUFFER_TOO_SMALL; + } + + /* allocate memory for all operations */ + if (params->is_product_form) { + dF1 = params->dF_r & 0xff; + dF2 = (params->dF_r >> 8) & 0xff; + dF3 = (params->dF_r >> 16) & 0xff; + dF = dF1 + dF2 + dF3; + } else { + dF = params->dF_r; + } + + scratch_buf_len = (params->N * 8) + /* 4N-byte temp buffer for ring inv + and other intermediate results, + 2N-byte buffer for f, g indices + and overflow from temp buffer, + 2N-byte buffer for f^-1 */ + (dF << 2); /* buffer for F indices */ + scratch_buf = malloc(scratch_buf_len); + if (!scratch_buf) + { + return NTRU_OUT_OF_MEMORY; + } + ringel_buf1 = scratch_buf + (params->N << 1); + ringel_buf2 = ringel_buf1 + params->N; + tmp_buf = (uint8_t *)scratch_buf; + + /* set hash algorithm and seed length based on security strength */ + if (params->sec_strength_len <= 20) + { + hash_algid = HASH_SHA1; + } + else + { + hash_algid = HASH_SHA256; + } + seed_len = params->sec_strength_len + 8; + + /* set constants */ + + mod_q_mask = params->q - 1; + + /* get random bytes for seed for generating trinary F + * as a list of indices + */ + + if (drbg->generate(drbg, params->sec_strength_len * BITS_PER_BYTE, + seed_len, tmp_buf)) + { + result = NTRU_OK; + } + else + { + result = NTRU_DRBG_FAIL; + } + + if (result == NTRU_OK) + { + DBG2(DBG_LIB, "generate polynomial F"); + + seed = chunk_create(tmp_buf, seed_len); + F_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits, + params->N, params->q, + params->dF_r, params->dF_r, + params->is_product_form); + if (!F_poly) + { + result = NTRU_MGF1_FAIL; + } + } + + if (result == NTRU_OK) + { + int i; + + F_poly->get_array(F_poly, ringel_buf1); + + /* form f = 1 + pF */ + for (i = 0; i < params->N; i++) + { + ringel_buf1[i] = (ringel_buf1[i] * 3) & mod_q_mask; + } + ringel_buf1[0] = (ringel_buf1[0] + 1) & mod_q_mask; + + /* find f^-1 in (Z/qZ)[X]/(X^N - 1) */ + if (!ntru_ring_inv(ringel_buf1, params->N, params->q, + scratch_buf, ringel_buf2)) + { + result = NTRU_FAIL; + } + } + + if (result == NTRU_OK) + { + + /* get random bytes for seed for generating trinary polynomial g + * as a list of indices + */ + if (!drbg->generate(drbg, params->sec_strength_len * BITS_PER_BYTE, + seed_len, tmp_buf)) + { + result = NTRU_DRBG_FAIL; + } + } + + if (result == NTRU_OK) + { + DBG2(DBG_LIB, "generate polynomial g"); + + seed = chunk_create(tmp_buf, seed_len); + g_poly = ntru_poly_create_from_seed(hash_algid, seed, params->c_bits, + params->N, params->q, + params->dg + 1, params->dg, FALSE); + if (!g_poly) + { + result = NTRU_MGF1_FAIL; + } + } + + if (result == NTRU_OK) + { + uint16_t i; + + /* compute h = p * (f^-1 * g) mod q */ + g_poly->ring_mult(g_poly, ringel_buf2, ringel_buf2); + g_poly->destroy(g_poly); + + for (i = 0; i < params->N; i++) + { + ringel_buf2[i] = (ringel_buf2[i] * 3) & mod_q_mask; + } + + /* create public key blob */ + ntru_crypto_ntru_encrypt_key_create_pubkey_blob(params, ringel_buf2, + pubkey_pack_type, + pubkey_blob); + *pubkey_blob_len = public_key_blob_len; + + /* create private key blob */ + F_indices = F_poly->get_indices(F_poly); + ntru_crypto_ntru_encrypt_key_create_privkey_blob(params, ringel_buf2, + F_indices, + privkey_pack_type, + tmp_buf, privkey_blob); + *privkey_blob_len = private_key_blob_len; + } + + /* cleanup */ + DESTROY_IF(F_poly); + memset(scratch_buf, 0, scratch_buf_len); + free(scratch_buf); + + return result; +} diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.c new file mode 100644 index 000000000..90baaadf3 --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.c @@ -0,0 +1,360 @@ +/****************************************************************************** + * NTRU Cryptography Reference Source Code + * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. + * + * ntru_crypto_ntru_encrypt_key.c is a component of ntru-crypto. + * + * Copyright (C) 2009-2013 Security Innovation + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + *****************************************************************************/ + +/****************************************************************************** + * + * File: ntru_crypto_ntru_encrypt_key.c + * + * Contents: Routines for exporting and importing public and private keys + * for NTRUEncrypt. + * + *****************************************************************************/ + + +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include "ntru_crypto_ntru_encrypt_key.h" + + +/* ntru_crypto_ntru_encrypt_key_parse + * + * Parses an NTRUEncrypt key blob. + * If the blob is not corrupt, returns packing types for public and private + * keys, a pointer to the parameter set, a pointer to the public key, and + * a pointer to the private key if it exists. + * + * Returns TRUE if successful. + * Returns FALSE if the blob is invalid. + */ + +bool +ntru_crypto_ntru_encrypt_key_parse( + bool pubkey_parse, /* in - if parsing pubkey + blob */ + uint16_t key_blob_len, /* in - no. octets in key + blob */ + uint8_t const *key_blob, /* in - pointer to key blob */ + uint8_t *pubkey_pack_type, /* out - addr for pubkey + packing type */ + uint8_t *privkey_pack_type, /* out - addr for privkey + packing type */ + NTRU_ENCRYPT_PARAM_SET **params, /* out - addr for ptr to + parameter set */ + uint8_t const **pubkey, /* out - addr for ptr to + packed pubkey */ + uint8_t const **privkey) /* out - addr for ptr to + packed privkey */ +{ + uint8_t tag; + + assert(key_blob_len); + assert(key_blob); + assert(pubkey_pack_type); + assert(params); + assert(pubkey); + + /* parse key blob based on tag */ + + tag = key_blob[0]; + switch (tag) { + case NTRU_ENCRYPT_PUBKEY_TAG: + if (!pubkey_parse) + return FALSE; + break; + case NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG: + case NTRU_ENCRYPT_PRIVKEY_TRITS_TAG: + case NTRU_ENCRYPT_PRIVKEY_INDICES_TAG: + assert(privkey_pack_type); + assert(privkey); + if (pubkey_parse) + return FALSE; + break; + default: + return FALSE; + } + + switch (tag) { + case NTRU_ENCRYPT_PUBKEY_TAG: + case NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG: + case NTRU_ENCRYPT_PRIVKEY_TRITS_TAG: + case NTRU_ENCRYPT_PRIVKEY_INDICES_TAG: + + /* Version 0: + * byte 0: tag + * byte 1: no. of octets in OID + * bytes 2-4: OID + * bytes 5- : packed pubkey + * [packed privkey] + */ + + { + NTRU_ENCRYPT_PARAM_SET *p = NULL; + uint16_t pubkey_packed_len; + + /* check OID length and minimum blob length for tag and OID */ + + if ((key_blob_len < 5) || (key_blob[1] != 3)) + return FALSE; + + /* get a pointer to the parameter set corresponding to the OID */ + + if ((p = ntru_encrypt_get_params_with_OID(key_blob + 2)) == NULL) + return FALSE; + + /* check blob length and assign pointers to blob fields */ + + pubkey_packed_len = (p->N * p->q_bits + 7) / 8; + if (pubkey_parse) { /* public-key parsing */ + if (key_blob_len != 5 + pubkey_packed_len) + return FALSE; + + *pubkey = key_blob + 5; + + } else { /* private-key parsing */ + uint16_t privkey_packed_len; + uint16_t privkey_packed_trits_len = (p->N + 4) / 5; + uint16_t privkey_packed_indices_len; + uint16_t dF; + + /* check packing type for product-form private keys */ + + if (p->is_product_form && + (tag == NTRU_ENCRYPT_PRIVKEY_TRITS_TAG)) + return FALSE; + + /* set packed-key length for packed indices */ + + if (p->is_product_form) + dF = (uint16_t)( (p->dF_r & 0xff) + /* df1 */ + ((p->dF_r >> 8) & 0xff) + /* df2 */ + ((p->dF_r >> 16) & 0xff)); /* df3 */ + else + dF = (uint16_t)p->dF_r; + privkey_packed_indices_len = ((dF << 1) * p->N_bits + 7) >> 3; + + /* set private-key packing type if defaulted */ + + if (tag == NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG) { + if (p->is_product_form || + (privkey_packed_indices_len <= + privkey_packed_trits_len)) + tag = NTRU_ENCRYPT_PRIVKEY_INDICES_TAG; + else + tag = NTRU_ENCRYPT_PRIVKEY_TRITS_TAG; + } + + if (tag == NTRU_ENCRYPT_PRIVKEY_TRITS_TAG) + privkey_packed_len = privkey_packed_trits_len; + else + privkey_packed_len = privkey_packed_indices_len; + + if (key_blob_len != 5 + pubkey_packed_len + privkey_packed_len) + return FALSE; + + *pubkey = key_blob + 5; + *privkey = *pubkey + pubkey_packed_len; + *privkey_pack_type = (tag == NTRU_ENCRYPT_PRIVKEY_TRITS_TAG) ? + NTRU_ENCRYPT_KEY_PACKED_TRITS : + NTRU_ENCRYPT_KEY_PACKED_INDICES; + } + + /* return parameter set pointer */ + + *pubkey_pack_type = NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS; + *params = p; + } + default: + break; /* can't get here */ + } + return TRUE; +} + + +/* ntru_crypto_ntru_encrypt_key_get_blob_params + * + * Returns public and private key packing types and blob lengths given + * a packing format. For now, only a default packing format exists. + * + * Only public-key params may be returned by setting privkey_pack_type + * and privkey_blob_len to NULL. + */ + +void +ntru_crypto_ntru_encrypt_key_get_blob_params( + NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to + param set + parameters */ + uint8_t *pubkey_pack_type, /* out - addr for pubkey + packing type */ + uint16_t *pubkey_blob_len, /* out - addr for no. of + bytes in + pubkey blob */ + uint8_t *privkey_pack_type, /* out - addr for privkey + packing type */ + uint16_t *privkey_blob_len) /* out - addr for no. of + bytes in + privkey blob */ +{ + uint16_t pubkey_packed_len = (params->N * params->q_bits + 7) >> 3; + + assert(params); + assert(pubkey_pack_type); + assert(pubkey_blob_len); + + *pubkey_pack_type = NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS; + *pubkey_blob_len = 5 + pubkey_packed_len; + + if (privkey_pack_type && privkey_blob_len) { + uint16_t privkey_packed_trits_len = (params->N + 4) / 5; + uint16_t privkey_packed_indices_len; + uint16_t dF; + + if (params->is_product_form) + dF = (uint16_t)( (params->dF_r & 0xff) + /* df1 */ + ((params->dF_r >> 8) & 0xff) + /* df2 */ + ((params->dF_r >> 16) & 0xff)); /* df3 */ + else + dF = (uint16_t)params->dF_r; + privkey_packed_indices_len = ((dF << 1) * params->N_bits + 7) >> 3; + + if (params->is_product_form || + (privkey_packed_indices_len <= privkey_packed_trits_len)) { + *privkey_pack_type = NTRU_ENCRYPT_KEY_PACKED_INDICES; + *privkey_blob_len = + 5 + pubkey_packed_len + privkey_packed_indices_len; + } else { + *privkey_pack_type = NTRU_ENCRYPT_KEY_PACKED_TRITS; + *privkey_blob_len = + 5 + pubkey_packed_len + privkey_packed_trits_len; + } + } +} + + +/* ntru_crypto_ntru_encrypt_key_create_pubkey_blob + * + * Returns a public key blob, packed according to the packing type provided. + */ + +void +ntru_crypto_ntru_encrypt_key_create_pubkey_blob( + NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to + param set + parameters */ + uint16_t const *pubkey, /* in - pointer to the + coefficients + of the pubkey */ + uint8_t pubkey_pack_type, /* out - pubkey packing + type */ + uint8_t *pubkey_blob) /* out - addr for the + pubkey blob */ +{ + assert(params); + assert(pubkey); + assert(pubkey_blob); + + switch (pubkey_pack_type) { + case NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS: + *pubkey_blob++ = NTRU_ENCRYPT_PUBKEY_TAG; + *pubkey_blob++ = (uint8_t)sizeof(params->OID); + memcpy(pubkey_blob, params->OID, sizeof(params->OID)); + pubkey_blob += sizeof(params->OID); + ntru_elements_2_octets(params->N, pubkey, params->q_bits, + pubkey_blob); + break; + default: + assert(FALSE); + } +} + + +/* ntru_crypto_ntru_encrypt_key_create_privkey_blob + * + * Returns a private key blob, packed according to the packing type provided. + */ + +void +ntru_crypto_ntru_encrypt_key_create_privkey_blob( + NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to + param set + parameters */ + uint16_t const *pubkey, /* in - pointer to the + coefficients + of the pubkey */ + uint16_t const *privkey, /* in - pointer to the + indices of the + privkey */ + uint8_t privkey_pack_type, /* in - privkey packing + type */ + uint8_t *buf, /* in - temp, N bytes */ + uint8_t *privkey_blob) /* out - addr for the + privkey blob */ +{ + assert(params); + assert(pubkey); + assert(privkey); + assert(privkey_blob); + + switch (privkey_pack_type) { + case NTRU_ENCRYPT_KEY_PACKED_TRITS: + case NTRU_ENCRYPT_KEY_PACKED_INDICES: + + /* format header and packed public key */ + + *privkey_blob++ = NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG; + *privkey_blob++ = (uint8_t)sizeof(params->OID); + memcpy(privkey_blob, params->OID, sizeof(params->OID)); + privkey_blob += sizeof(params->OID); + ntru_elements_2_octets(params->N, pubkey, params->q_bits, + privkey_blob); + privkey_blob += (params->N * params->q_bits + 7) >> 3; + + /* add packed private key */ + + if (privkey_pack_type == NTRU_ENCRYPT_KEY_PACKED_TRITS) { + ntru_indices_2_packed_trits(privkey, (uint16_t)params->dF_r, + (uint16_t)params->dF_r, + params->N, buf, privkey_blob); + } else { + uint32_t dF; + + if (params->is_product_form) { + dF = (params->dF_r & 0xff) + + ((params->dF_r >> 8) & 0xff) + + ((params->dF_r >> 16) & 0xff); + } else { + dF = params->dF_r; + } + ntru_elements_2_octets((uint16_t)dF << 1, privkey, + params->N_bits, privkey_blob); + } + break; + default: + assert(FALSE); + break; + } +} + + diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.h new file mode 100644 index 000000000..6734f2a4c --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_key.h @@ -0,0 +1,167 @@ +/****************************************************************************** + * NTRU Cryptography Reference Source Code + * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. + * + * ntru_crypto_ntru_cencrypt_key.h is a component of ntru-crypto. + * + * Copyright (C) 2009-2013 Security Innovation + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + *****************************************************************************/ + + +#ifndef NTRU_CRYPTO_NTRU_ENCRYPT_KEY_H +#define NTRU_CRYPTO_NTRU_ENCRYPT_KEY_H + +#include "ntru_crypto_ntru_convert.h" +#include "ntru_crypto_ntru_encrypt_param_sets.h" + + +/* key-blob definitions */ + +#define NTRU_ENCRYPT_PUBKEY_TAG 0x01 +#define NTRU_ENCRYPT_PRIVKEY_DEFAULT_TAG 0x02 +#define NTRU_ENCRYPT_PRIVKEY_TRITS_TAG 0xfe +#define NTRU_ENCRYPT_PRIVKEY_INDICES_TAG 0xff + +/* packing types */ + +#define NTRU_ENCRYPT_KEY_PACKED_COEFFICIENTS 0x01 +#define NTRU_ENCRYPT_KEY_PACKED_INDICES 0x02 +#define NTRU_ENCRYPT_KEY_PACKED_TRITS 0x03 + +/* function declarations */ + + +/* ntru_crypto_ntru_encrypt_key_parse + * + * Parses an NTRUEncrypt key blob. + * If the blob is not corrupt, returns packing types for public and private + * keys, a pointer to the parameter set, a pointer to the public key, and + * a pointer to the private key if it exists. + * + * Returns TRUE if successful. + * Returns FALSE if the blob is invalid. + */ + +extern bool +ntru_crypto_ntru_encrypt_key_parse( + bool pubkey_parse, /* in - if parsing pubkey + blob */ + uint16_t key_blob_len, /* in - no. octets in key + blob */ + uint8_t const *key_blob, /* in - pointer to key blob */ + uint8_t *pubkey_pack_type, /* out - addr for pubkey + packing type */ + uint8_t *privkey_pack_type, /* out - addr for privkey + packing type */ + NTRU_ENCRYPT_PARAM_SET **params, /* out - addr for ptr to + parameter set */ + uint8_t const **pubkey, /* out - addr for ptr to + packed pubkey */ + uint8_t const **privkey); /* out - addr for ptr to + packed privkey */ + + +/* ntru_crypto_ntru_encrypt_key_get_blob_params + * + * Returns public and private key packing types and blob lengths given + * a packing format. For now, only a default packing format exists. + * + * Only public-key params may be returned by setting privkey_pack_type + * and privkey_blob_len to NULL. + */ + +extern void +ntru_crypto_ntru_encrypt_key_get_blob_params( + NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to + param set + parameters */ + uint8_t *pubkey_pack_type, /* out - addr for pubkey + packing type */ + uint16_t *pubkey_blob_len, /* out - addr for no. of + bytes in + pubkey blob */ + uint8_t *privkey_pack_type, /* out - addr for privkey + packing type */ + uint16_t *privkey_blob_len); /* out - addr for no. of + bytes in + privkey blob */ + + +/* ntru_crypto_ntru_encrypt_key_create_pubkey_blob + * + * Returns a public key blob, packed according to the packing type provided. + */ + +extern void +ntru_crypto_ntru_encrypt_key_create_pubkey_blob( + NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to + param set + parameters */ + uint16_t const *pubkey, /* in - pointer to the + coefficients + of the pubkey */ + uint8_t pubkey_pack_type, /* out - addr for pubkey + packing type */ + uint8_t *pubkey_blob); /* out - addr for the + pubkey blob */ + + +/* ntru_crypto_ntru_encrypt_key_recreate_pubkey_blob + * + * Returns a public key blob, recreated from an already-packed public key. + */ + +extern void +ntru_crypto_ntru_encrypt_key_recreate_pubkey_blob( + NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to + param set + parameters */ + uint16_t packed_pubkey_len, /* in - no. octets in + packed pubkey */ + uint8_t const *packed_pubkey, /* in - pointer to the + packed pubkey */ + uint8_t pubkey_pack_type, /* out - pubkey packing + type */ + uint8_t *pubkey_blob); /* out - addr for the + pubkey blob */ + + +/* ntru_crypto_ntru_encrypt_key_create_privkey_blob + * + * Returns a privlic key blob, packed according to the packing type provided. + */ + +extern void +ntru_crypto_ntru_encrypt_key_create_privkey_blob( + NTRU_ENCRYPT_PARAM_SET const *params, /* in - pointer to + param set + parameters */ + uint16_t const *pubkey, /* in - pointer to the + coefficients + of the pubkey */ + uint16_t const *privkey, /* in - pointer to the + indices of the + privkey */ + uint8_t privkey_pack_type, /* in - privkey packing + type */ + uint8_t *buf, /* in - temp, N bytes */ + uint8_t *privkey_blob); /* out - addr for the + privkey blob */ + + +#endif /* NTRU_CRYPTO_NTRU_ENCRYPT_KEY_H */ diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c new file mode 100644 index 000000000..5ddf91d2a --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.c @@ -0,0 +1,384 @@ +/****************************************************************************** + * NTRU Cryptography Reference Source Code + * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. + * + * ntru_crypto_ntru_param_sets.c is a component of ntru-crypto. + * + * Copyright (C) 2009-2013 Security Innovation + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + *****************************************************************************/ + +/****************************************************************************** + * + * File: ntru_crypto_ntru_encrypt_param_sets.c + * + * Contents: Defines the NTRUEncrypt parameter sets. + * + *****************************************************************************/ + +#include <stdlib.h> +#include <string.h> +#include "ntru_crypto_ntru_encrypt_param_sets.h" + + +/* parameter sets */ + +static NTRU_ENCRYPT_PARAM_SET ntruParamSets[] = { + + { + NTRU_EES401EP1, /* parameter-set id */ + {0x00, 0x02, 0x04}, /* OID */ + 0x22, /* DER id */ + 9, /* no. of bits in N (i.e., in an index) */ + 401, /* N */ + 14, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + FALSE, /* product form */ + 113, /* df, dr */ + 133, /* dg */ + 60, /* maxMsgLenBytes */ + 113, /* dm0 */ + 11, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES449EP1, /* parameter-set id */ + {0x00, 0x03, 0x03}, /* OID */ + 0x23, /* DER id */ + 9, /* no. of bits in N (i.e., in an index) */ + 449, /* N */ + 16, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + FALSE, /* product form */ + 134, /* df, dr */ + 149, /* dg */ + 67, /* maxMsgLenBytes */ + 134, /* dm0 */ + 9, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES677EP1, /* parameter-set id */ + {0x00, 0x05, 0x03}, /* OID */ + 0x24, /* DER id */ + 10, /* no. of bits in N (i.e., in an index) */ + 677, /* N */ + 24, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + FALSE, /* product form */ + 157, /* df, dr */ + 225, /* dg */ + 101, /* maxMsgLenBytes */ + 157, /* dm0 */ + 11, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES1087EP2, /* parameter-set id */ + {0x00, 0x06, 0x03}, /* OID */ + 0x25, /* DER id */ + 10, /* no. of bits in N (i.e., in an index) */ + 1087, /* N */ + 32, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + FALSE, /* product form */ + 120, /* df, dr */ + 362, /* dg */ + 170, /* maxMsgLenBytes */ + 120, /* dm0 */ + 13, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES541EP1, /* parameter-set id */ + {0x00, 0x02, 0x05}, /* OID */ + 0x26, /* DER id */ + 10, /* no. of bits in N (i.e., in an index) */ + 541, /* N */ + 14, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + FALSE, /* product form */ + 49, /* df, dr */ + 180, /* dg */ + 86, /* maxMsgLenBytes */ + 49, /* dm0 */ + 12, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES613EP1, /* parameter-set id */ + {0x00, 0x03, 0x04}, /* OID */ + 0x27, /* DER id */ + 10, /* no. of bits in N (i.e., in an index) */ + 613, /* N */ + 16, /* securuity strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + FALSE, /* product form */ + 55, /* df, dr */ + 204, /* dg */ + 97, /* maxMsgLenBytes */ + 55, /* dm0 */ + 11, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES887EP1, /* parameter-set id */ + {0x00, 0x05, 0x04}, /* OID */ + 0x28, /* DER id */ + 10, /* no. of bits in N (i.e., in an index) */ + 887, /* N */ + 24, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + FALSE, /* product form */ + 81, /* df, dr */ + 295, /* dg */ + 141, /* maxMsgLenBytes */ + 81, /* dm0 */ + 10, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES1171EP1, /* parameter-set id */ + {0x00, 0x06, 0x04}, /* OID */ + 0x29, /* DER id */ + 11, /* no. of bits in N (i.e., in an index) */ + 1171, /* N */ + 32, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + FALSE, /* product form */ + 106, /* df, dr */ + 390, /* dg */ + 186, /* maxMsgLenBytes */ + 106, /* dm0 */ + 12, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES659EP1, /* parameter-set id */ + {0x00, 0x02, 0x06}, /* OID */ + 0x2a, /* DER id */ + 10, /* no. of bits in N (i.e., in an index) */ + 659, /* N */ + 14, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + FALSE, /* product form */ + 38, /* df, dr */ + 219, /* dg */ + 108, /* maxMsgLenBytes */ + 38, /* dm0 */ + 11, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES761EP1, /* parameter-set id */ + {0x00, 0x03, 0x05}, /* OID */ + 0x2b, /* DER id */ + 10, /* no. of bits in N (i.e., in an index) */ + 761, /* N */ + 16, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + FALSE, /* product form */ + 42, /* df, dr */ + 253, /* dg */ + 125, /* maxMsgLenBytes */ + 42, /* dm0 */ + 12, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES1087EP1, /* parameter-set id */ + {0x00, 0x05, 0x05}, /* OID */ + 0x2c, /* DER id */ + 11, /* no. of bits in N (i.e., in an index) */ + 1087, /* N */ + 24, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + FALSE, /* product form */ + 63, /* df, dr */ + 362, /* dg */ + 178, /* maxMsgLenBytes */ + 63, /* dm0 */ + 13, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES1499EP1, /* parameter-set id */ + {0x00, 0x06, 0x05}, /* OID */ + 0x2d, /* DER id */ + 11, /* no. of bits in N (i.e., in an index) */ + 1499, /* N */ + 32, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + FALSE, /* product form */ + 79, /* df, dr */ + 499, /* dg */ + 247, /* maxMsgLenBytes */ + 79, /* dm0 */ + 13, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES401EP2, /* parameter-set id */ + {0x00, 0x02, 0x10}, /* OID */ + 0x2e, /* DER id */ + 9, /* no. of bits in N (i.e., in an index) */ + 401, /* N */ + 14, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + TRUE, /* product form */ + 8 + (8 << 8) + (6 << 16), /* df, dr */ + 133, /* dg */ + 60, /* maxMsgLenBytes */ + 136, /* m(1)_max */ + 11, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES439EP1, /* parameter-set id */ + {0x00, 0x03, 0x10}, /* OID */ + 0x2f, /* DER id */ + 9, /* no. of bits in N (i.e., in an index) */ + 439, /* N */ + 16, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + TRUE, /* product form */ + 9 + (8 << 8) + (5 << 16), /* df, dr */ + 146, /* dg */ + 65, /* maxMsgLenBytes */ + 126, /* m(1)_max */ + 9, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES593EP1, /* parameter-set id */ + {0x00, 0x05, 0x10}, /* OID */ + 0x30, /* DER id */ + 10, /* no. of bits in N (i.e., in an index) */ + 593, /* N */ + 24, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + TRUE, /* product form */ + 10 + (10 << 8) + (8 << 16), /* df, dr */ + 197, /* dg */ + 86, /* maxMsgLenBytes */ + 90, /* m(1)_max */ + 11, /* c */ + 1, /* lLen */ + }, + + { + NTRU_EES743EP1, /* parameter-set id */ + {0x00, 0x06, 0x10}, /* OID */ + 0x31, /* DER id */ + 10, /* no. of bits in N (i.e., in an index) */ + 743, /* N */ + 32, /* security strength in octets */ + 2048, /* q */ + 11, /* no. of bits in q (i.e., in a coeff) */ + TRUE, /* product form */ + 11 + (11 << 8) + (15 << 16), /* df, dr */ + 247, /* dg */ + 106, /* maxMsgLenBytes */ + 60, /* m(1)_max */ + 13, /* c */ + 1, /* lLen */ + }, + +}; + +static size_t numParamSets = + sizeof(ntruParamSets)/sizeof(NTRU_ENCRYPT_PARAM_SET); + + +/* functions */ + +/* ntru_encrypt_get_params_with_id + * + * Looks up a set of NTRUEncrypt parameters based on the id of the + * parameter set. + * + * Returns a pointer to the parameter set parameters if successful. + * Returns NULL if the parameter set cannot be found. + */ + +NTRU_ENCRYPT_PARAM_SET * +ntru_encrypt_get_params_with_id( + NTRU_ENCRYPT_PARAM_SET_ID id) /* in - parameter-set id */ +{ + size_t i; + + for (i = 0; i < numParamSets; i++) { + if (ntruParamSets[i].id == id) { + return &(ntruParamSets[i]); + } + } + return NULL; +} + + +/* ntru_encrypt_get_params_with_OID + * + * Looks up a set of NTRUEncrypt parameters based on the OID of the + * parameter set. + * + * Returns a pointer to the parameter set parameters if successful. + * Returns NULL if the parameter set cannot be found. + */ + +NTRU_ENCRYPT_PARAM_SET * +ntru_encrypt_get_params_with_OID( + uint8_t const *oid) /* in - pointer to parameter-set OID */ +{ + size_t i; + + for (i = 0; i < numParamSets; i++) { + if (!memcmp(ntruParamSets[i].OID, oid, 3)) { + return &(ntruParamSets[i]); + } + } + return NULL; +} + diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h new file mode 100644 index 000000000..e5e977a0e --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_encrypt_param_sets.h @@ -0,0 +1,101 @@ +/****************************************************************************** + * NTRU Cryptography Reference Source Code + * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. + * + * ntru_crypto_ntru_encrypt_param_sets.h is a component of ntru-crypto. + * + * Copyright (C) 2009-2013 Security Innovation + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + *****************************************************************************/ + +/****************************************************************************** + * + * File: ntru_crypto_ntru_encrypt_param_sets.h + * + * Contents: Definitions and declarations for the NTRUEncrypt parameter sets. + * + *****************************************************************************/ + +#ifndef NTRU_CRYPTO_NTRU_ENCRYPT_PARAM_SETS_H +#define NTRU_CRYPTO_NTRU_ENCRYPT_PARAM_SETS_H + +#include "ntru_crypto.h" + +/* structures */ + +typedef struct _NTRU_ENCRYPT_PARAM_SET { + NTRU_ENCRYPT_PARAM_SET_ID id; /* parameter-set ID */ + uint8_t const OID[3]; /* pointer to OID */ + uint8_t der_id; /* parameter-set DER id */ + uint8_t N_bits; /* no. of bits in N (i.e. in + an index */ + uint16_t N; /* ring dimension */ + uint16_t sec_strength_len; /* no. of octets of + security strength */ + uint16_t q; /* big modulus */ + uint8_t q_bits; /* no. of bits in q (i.e. in + a coefficient */ + bool is_product_form; /* if product form used */ + uint32_t dF_r; /* no. of 1 or -1 coefficients + in ring elements F, r */ + uint16_t dg; /* no. - 1 of 1 coefficients + or no. of -1 coefficients + in ring element g */ + uint16_t m_len_max; /* max no. of plaintext + octets */ + uint16_t min_msg_rep_wt; /* min. message + representative weight */ + uint8_t c_bits; /* no. bits in candidate for + deriving an index in + IGF-2 */ + uint8_t m_len_len; /* no. of octets to hold + mLenOctets */ +} NTRU_ENCRYPT_PARAM_SET; + + + +/* function declarations */ + +/* ntru_encrypt_get_params_with_id + * + * Looks up a set of NTRU Encrypt parameters based on the id of the + * parameter set. + * + * Returns a pointer to the parameter set parameters if successful. + * Returns NULL if the parameter set cannot be found. + */ + +extern NTRU_ENCRYPT_PARAM_SET * +ntru_encrypt_get_params_with_id( + NTRU_ENCRYPT_PARAM_SET_ID id); /* in - parameter-set id */ + + +/* ntru_encrypt_get_params_with_OID + * + * Looks up a set of NTRU Encrypt parameters based on the OID of the + * parameter set. + * + * Returns a pointer to the parameter set parameters if successful. + * Returns NULL if the parameter set cannot be found. + */ + +extern NTRU_ENCRYPT_PARAM_SET * +ntru_encrypt_get_params_with_OID( + uint8_t const *oid); /* in - pointer to parameter-set OID */ + +#endif /* NTRU_CRYPTO_NTRU_ENCRYPT_PARAM_SETS_H */ + diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c new file mode 100644 index 000000000..8e4eede87 --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.c @@ -0,0 +1,242 @@ +/****************************************************************************** + * NTRU Cryptography Reference Source Code + * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. + * + * ntru_crypto_ntru_poly.c is a component of ntru-crypto. + * + * Copyright (C) 2009-2013 Security Innovation + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + *****************************************************************************/ + +#include <stdlib.h> +#include <string.h> +#include "ntru_crypto_ntru_poly.h" + +/* ntru_poly_check_min_weight + * + * Checks that the number of 0, +1, and -1 trinary ring elements meet or exceed + * a minimum weight. + */ + +bool +ntru_poly_check_min_weight( + uint16_t num_els, /* in - degree of polynomial */ + uint8_t *ringels, /* in - pointer to trinary ring elements */ + uint16_t min_wt) /* in - minimum weight */ +{ + uint16_t wt[3]; + uint16_t i; + + wt[0] = wt[1] = wt[2] = 0; + for (i = 0; i < num_els; i++) { + ++wt[ringels[i]]; + } + if ((wt[0] < min_wt) || (wt[1] < min_wt) || (wt[2] < min_wt)) { + return FALSE; + } + return TRUE; +} + +/* ntru_ring_mult_coefficients + * + * Multiplies ring element (polynomial) "a" by ring element (polynomial) "b" + * to produce ring element (polynomial) "c" in (Z/qZ)[X]/(X^N - 1). + * This is a convolution operation. + * + * Ring element "b" has coefficients in the range [0,N). + * + * This assumes q is 2^r where 8 < r < 16, so that overflow of the sum + * beyond 16 bits does not matter. + */ + +void +ntru_ring_mult_coefficients( + uint16_t const *a, /* in - pointer to polynomial a */ + uint16_t const *b, /* in - pointer to polynomial b */ + uint16_t N, /* in - no. of coefficients in a, b, c */ + uint16_t q, /* in - large modulus */ + uint16_t *c) /* out - address for polynomial c */ +{ + uint16_t const *bptr = b; + uint16_t mod_q_mask = q - 1; + uint16_t i, k; + + /* c[k] = sum(a[i] * b[k-i]) mod q */ + memset(c, 0, N * sizeof(uint16_t)); + for (k = 0; k < N; k++) { + i = 0; + while (i <= k) + c[k] += a[i++] * *bptr--; + bptr += N; + while (i < N) + c[k] += a[i++] * *bptr--; + c[k] &= mod_q_mask; + ++bptr; + } +} + + +/* ntru_ring_inv + * + * Finds the inverse of a polynomial, a, in (Z/2^rZ)[X]/(X^N - 1). + * + * This assumes q is 2^r where 8 < r < 16, so that operations mod q can + * wait until the end, and only 16-bit arrays need to be used. + */ + +bool +ntru_ring_inv( + uint16_t *a, /* in - pointer to polynomial a */ + uint16_t N, /* in - no. of coefficients in a */ + uint16_t q, /* in - large modulus */ + uint16_t *t, /* in - temp buffer of 2N elements */ + uint16_t *a_inv) /* out - address for polynomial a^-1 */ +{ + uint8_t *b = (uint8_t *)t; /* b cannot be in a_inv since it must be + rotated and copied there as a^-1 mod 2 */ + uint8_t *c = b + N; /* c cannot be in a_inv since it exchanges + with b, and b cannot be in a_inv */ + uint8_t *f = c + N; + uint8_t *g = (uint8_t *)a_inv; /* g needs N + 1 bytes */ + uint16_t *t2 = t + N; + uint16_t deg_b; + uint16_t deg_c; + uint16_t deg_f; + uint16_t deg_g; + uint16_t k = 0; + bool done = FALSE; + uint16_t i, j; + + /* form a^-1 in (Z/2Z)[X]/X^N - 1) */ + memset(b, 0, (N << 1)); /* clear to init b, c */ + + /* b(X) = 1 */ + b[0] = 1; + deg_b = 0; + + /* c(X) = 0 (cleared above) */ + deg_c = 0; + + /* f(X) = a(X) mod 2 */ + for (i = 0; i < N; i++) + f[i] = (uint8_t)(a[i] & 1); + deg_f = N - 1; + + /* g(X) = X^N - 1 */ + g[0] = 1; + memset(g + 1, 0, N - 1); + g[N] = 1; + deg_g = N; + + /* until f(X) = 1 */ + + while (!done) + { + + /* while f[0] = 0, f(X) /= X, c(X) *= X, k++ */ + + for (i = 0; (i <= deg_f) && (f[i] == 0); ++i); + if (i > deg_f) + return FALSE; + if (i) { + f = f + i; + deg_f = deg_f - i; + deg_c = deg_c + i; + for (j = deg_c; j >= i; j--) + c[j] = c[j-i]; + for (j = 0; j < i; j++) + c[j] = 0; + k = k + i; + } + + /* adjust degree of f(X) if the highest coefficients are zero + * Note: f[0] = 1 from above so the loop will terminate. + */ + + while (f[deg_f] == 0) + --deg_f; + + /* if f(X) = 1, done + * Note: f[0] = 1 from above, so only check the x term and up + */ + + for (i = 1; (i <= deg_f) && (f[i] == 0); ++i); + if (i > deg_f) { + done = TRUE; + break; + } + + /* if deg_f < deg_g, f <-> g, b <-> c */ + + if (deg_f < deg_g) { + uint8_t *x; + + x = f; + f = g; + g = x; + deg_f ^= deg_g; + deg_g ^= deg_f; + deg_f ^= deg_g; + x = b; + b = c; + c = x; + deg_b ^= deg_c; + deg_c ^= deg_b; + deg_b ^= deg_c; + } + + /* f(X) += g(X), b(X) += c(X) */ + + for (i = 0; i <= deg_g; i++) + f[i] ^= g[i]; + + if (deg_c > deg_b) + deg_b = deg_c; + for (i = 0; i <= deg_c; i++) + b[i] ^= c[i]; + } + + /* a^-1 in (Z/2Z)[X]/(X^N - 1) = b(X) shifted left k coefficients */ + + j = 0; + if (k >= N) + k = k - N; + for (i = k; i < N; i++) + a_inv[j++] = (uint16_t)(b[i]); + for (i = 0; i < k; i++) + a_inv[j++] = (uint16_t)(b[i]); + + /* lift a^-1 in (Z/2Z)[X]/(X^N - 1) to a^-1 in (Z/qZ)[X]/(X^N -1) */ + + for (j = 0; j < 4; ++j) { /* assumes 256 < q <= 65536 */ + + /* a^-1 = a^-1 * (2 - a * a^-1) mod q */ + + memcpy(t2, a_inv, N * sizeof(uint16_t)); + ntru_ring_mult_coefficients(a, t2, N, q, t); + for (i = 0; i < N; ++i) + t[i] = q - t[i]; + t[0] = t[0] + 2; + ntru_ring_mult_coefficients(t2, t, N, q, a_inv); + } + + return TRUE; + + +} + + diff --git a/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.h new file mode 100644 index 000000000..1e9d467ed --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_crypto/ntru_crypto_ntru_poly.h @@ -0,0 +1,96 @@ +/****************************************************************************** + * NTRU Cryptography Reference Source Code + * Copyright (c) 2009-2013, by Security Innovation, Inc. All rights reserved. + * + * ntru_crypto_ntru_poly.h is a component of ntru-crypto. + * + * Copyright (C) 2009-2013 Security Innovation + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + *****************************************************************************/ + +/****************************************************************************** + * + * File: ntru_crypto_ntru_poly.h + * + * Contents: Public header file for generating and operating on polynomials + * in the NTRU algorithm. + * + *****************************************************************************/ + + +#ifndef NTRU_CRYPTO_NTRU_POLY_H +#define NTRU_CRYPTO_NTRU_POLY_H + + +#include "ntru_crypto.h" + +#include <crypto/hashers/hasher.h> + + +/* function declarations */ + +/* ntru_poly_check_min_weight + * + * Checks that the number of 0, +1, and -1 trinary ring elements meet or exceed + * a minimum weight. + */ + +extern bool +ntru_poly_check_min_weight( + uint16_t num_els, /* in - degree of polynomial */ + uint8_t *ringels, /* in - pointer to trinary ring elements */ + uint16_t min_wt); /* in - minimum weight */ + +/* ntru_ring_mult_coefficients + * + * Multiplies ring element (polynomial) "a" by ring element (polynomial) "b" + * to produce ring element (polynomial) "c" in (Z/qZ)[X]/(X^N - 1). + * This is a convolution operation. + * + * Ring element "b" has coefficients in the range [0,N). + * + * This assumes q is 2^r where 8 < r < 16, so that overflow of the sum + * beyond 16 bits does not matter. + */ + +extern void +ntru_ring_mult_coefficients( + uint16_t const *a, /* in - pointer to polynomial a */ + uint16_t const *b, /* in - pointer to polynomial b */ + uint16_t N, /* in - no. of coefficients in a, b, c */ + uint16_t q, /* in - large modulus */ + uint16_t *c); /* out - address for polynomial c */ + + +/* ntru_ring_inv + * + * Finds the inverse of a polynomial, a, in (Z/2^rZ)[X]/(X^N - 1). + * + * This assumes q is 2^r where 8 < r < 16, so that operations mod q can + * wait until the end, and only 16-bit arrays need to be used. + */ + +extern bool +ntru_ring_inv( + uint16_t *a, /* in - pointer to polynomial a */ + uint16_t N, /* in - no. of coefficients in a */ + uint16_t q, /* in - large modulus */ + uint16_t *t, /* in - temp buffer of 2N elements */ + uint16_t *a_inv); /* out - address for polynomial a^-1 */ + + +#endif /* NTRU_CRYPTO_NTRU_POLY_H */ diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.c b/src/libstrongswan/plugins/ntru/ntru_drbg.c new file mode 100644 index 000000000..181a58939 --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_drbg.c @@ -0,0 +1,279 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ntru_drbg.h" + +#include <utils/debug.h> +#include <utils/test.h> + +#define MAX_STRENGTH_BITS 256 +#define MAX_DRBG_REQUESTS 0xfffffffe + +typedef struct private_ntru_drbg_t private_ntru_drbg_t; + +/** + * Private data of an ntru_drbg_t object. + */ +struct private_ntru_drbg_t { + /** + * Public ntru_drbg_t interface. + */ + ntru_drbg_t public; + + /** + * Security strength in bits of the DRBG + */ + u_int32_t strength; + + /** + * Number of requests for pseudorandom bits + */ + u_int32_t reseed_counter; + + /** + * Maximum number of requests for pseudorandom bits + */ + u_int32_t max_requests; + + /** + * True entropy source + */ + rng_t *entropy; + + /** + * HMAC-SHA256 + */ + signer_t *hmac; + + /** + * Internal state of HMAC-SHA256: key + */ + chunk_t key; + + /** + * Internal state of HMAC-SHA256: value + */ + chunk_t value; + +}; + +/** + * Update the internal state of the HMAC_DRBG + */ +static bool update(private_ntru_drbg_t *this, chunk_t data) +{ + chunk_t ch_00 = chunk_from_chars(0x00); + chunk_t ch_01 = chunk_from_chars(0x01); + + if (!this->hmac->set_key(this->hmac, this->key) || + !this->hmac->get_signature(this->hmac, this->value, NULL) || + !this->hmac->get_signature(this->hmac, ch_00, NULL) || + !this->hmac->get_signature(this->hmac, data, this->key.ptr) || + !this->hmac->set_key(this->hmac, this->key) || + !this->hmac->get_signature(this->hmac, this->value, + this->value.ptr)) + { + return FALSE; + } + + if (data.len > 0) + { + if (!this->hmac->set_key(this->hmac, this->key) || + !this->hmac->get_signature(this->hmac, this->value, NULL) || + !this->hmac->get_signature(this->hmac, ch_01, NULL) || + !this->hmac->get_signature(this->hmac, data, this->key.ptr) || + !this->hmac->set_key(this->hmac, this->key) || + !this->hmac->get_signature(this->hmac, this->value, + this->value.ptr)) + { + return FALSE; + } + } + DBG4(DBG_LIB, "HMAC_DRBG V: %B", &this->value); + DBG4(DBG_LIB, "HMAC_DRBG K: %B", &this->key); + + return TRUE; +} + +METHOD(ntru_drbg_t, get_strength, u_int32_t, + private_ntru_drbg_t *this) +{ + return this->strength; +} + +METHOD(ntru_drbg_t, reseed, bool, + private_ntru_drbg_t *this) +{ + chunk_t seed; + + seed = chunk_alloc(this->strength / BITS_PER_BYTE); + DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", seed.len); + + if (!this->entropy->get_bytes(this->entropy, seed.len, seed.ptr)) + { + chunk_free(&seed); + return FALSE; + } + if (!update(this, seed)) + { + chunk_free(&seed); + return FALSE; + } + chunk_clear(&seed); + this->reseed_counter = 1; + + return TRUE; +} + +METHOD(ntru_drbg_t, generate, bool, + private_ntru_drbg_t *this, u_int32_t strength, u_int32_t len, u_int8_t *out) +{ + size_t delta; + chunk_t output; + + DBG2(DBG_LIB, "DRBG generates %u pseudorandom bytes", len); + if (!out || len == 0) + { + return FALSE; + } + output = chunk_create(out, len); + + if (this->reseed_counter > this->max_requests) + { + if (!reseed(this)) + { + return FALSE; + } + } + while (len) + { + if (!this->hmac->get_signature(this->hmac, this->value, + this->value.ptr)) + { + return FALSE; + } + delta = min(len, this->value.len); + memcpy(out, this->value.ptr, delta); + len -= delta; + out += delta; + } + DBG4(DBG_LIB, "HMAC_DRBG Out: %B", &output); + + if (!update(this, chunk_empty)) + { + return FALSE; + } + this->reseed_counter++; + + return TRUE; +} + +METHOD(ntru_drbg_t, destroy, void, + private_ntru_drbg_t *this) +{ + this->hmac->destroy(this->hmac); + chunk_clear(&this->key); + chunk_clear(&this->value); + free(this); +} + +/* + * Described in header. + */ +ntru_drbg_t *ntru_drbg_create(u_int32_t strength, chunk_t pers_str, + rng_t *entropy) +{ + private_ntru_drbg_t *this; + chunk_t seed; + signer_t *hmac; + size_t entropy_len; + u_int32_t max_requests; + + if (strength > MAX_STRENGTH_BITS) + { + return NULL; + } + if (strength <= 112) + { + strength = 112; + } + else if (strength <= 128) + { + strength = 128; + } + else if (strength <= 192) + { + strength = 192; + } + else + { + strength = 256; + } + + hmac = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_SHA2_256_256); + if (!hmac) + { + DBG1(DBG_LIB, "could not instantiate HMAC-SHA256"); + return NULL; + } + + max_requests = lib->settings->get_int(lib->settings, + "%s.plugins.ntru.max_drbg_requests", + MAX_DRBG_REQUESTS, lib->ns); + + INIT(this, + .public = { + .get_strength = _get_strength, + .reseed = _reseed, + .generate = _generate, + .destroy = _destroy, + }, + .strength = strength, + .entropy = entropy, + .hmac = hmac, + .key = chunk_alloc(hmac->get_key_size(hmac)), + .value = chunk_alloc(hmac->get_block_size(hmac)), + .max_requests = max_requests, + .reseed_counter = 1, + ); + + memset(this->key.ptr, 0x00, this->key.len); + memset(this->value.ptr, 0x01, this->value.len); + + entropy_len = (strength + strength/2) / BITS_PER_BYTE; + seed = chunk_alloc(entropy_len + pers_str.len); + DBG2(DBG_LIB, "DRBG requests %u bytes of entropy", entropy_len); + + if (!this->entropy->get_bytes(this->entropy, entropy_len, seed.ptr)) + { + chunk_free(&seed); + destroy(this); + return NULL; + } + memcpy(seed.ptr + entropy_len, pers_str.ptr, pers_str.len); + DBG4(DBG_LIB, "seed: %B", &seed); + + if (!update(this, seed)) + { + chunk_free(&seed); + destroy(this); + return NULL; + } + chunk_clear(&seed); + + return &this->public; +} + +EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create); diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.h b/src/libstrongswan/plugins/ntru/ntru_drbg.h new file mode 100644 index 000000000..38ac718ae --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_drbg.h @@ -0,0 +1,77 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ntru_drbg ntru_drbg + * @{ @ingroup ntru_p + */ + +#ifndef NTRU_DRBG_H_ +#define NTRU_DRBG_H_ + +typedef struct ntru_drbg_t ntru_drbg_t; + +#include <library.h> + +/** + * Implements a HMAC Deterministic Random Bit Generator (HMAC_DRBG) + * compliant with NIST SP 800-90A + */ +struct ntru_drbg_t { + + /** + * Reseed the instantiated DRBG + * + * @return configured security strength in bits + */ + u_int32_t (*get_strength)(ntru_drbg_t *this); + + /** + * Reseed the instantiated DRBG + * + * @return TRUE if successful + */ + bool (*reseed)(ntru_drbg_t *this); + + /** + * Generate pseudorandom bytes. + * If the maximum number of requests has been reached, reseeding occurs + * + * @param strength requested security strength in bits + * @param len number of octets to generate + * @param out address of output buffer + * @return TRUE if successful + */ + bool (*generate)(ntru_drbg_t *this, u_int32_t strength, u_int32_t len, + u_int8_t *out); + + /** + * Uninstantiate and destroy the DRBG object + */ + void (*destroy)(ntru_drbg_t *this); +}; + +/** + * Create and instantiate a new DRBG objet. + * + * @param strength security strength in bits + * @param pers_str personalization string + * @param entropy entropy source to use + */ +ntru_drbg_t *ntru_drbg_create(u_int32_t strength, chunk_t pers_str, + rng_t *entropy); + +#endif /** NTRU_DRBG_H_ @}*/ + diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c new file mode 100644 index 000000000..39fb261cd --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_ke.c @@ -0,0 +1,396 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ntru_ke.h" +#include "ntru_drbg.h" + +#include "ntru_crypto/ntru_crypto.h" + +#include <crypto/diffie_hellman.h> +#include <utils/debug.h> + +typedef struct private_ntru_ke_t private_ntru_ke_t; +typedef struct param_set_t param_set_t; + +/** + * Defines an NTRU parameter set by ID or OID + */ +struct param_set_t { + NTRU_ENCRYPT_PARAM_SET_ID id; + char oid[3]; + char *name; +}; + +/* Best bandwidth and speed, no X9.98 compatibility */ +static param_set_t param_sets_optimum[] = { + { NTRU_EES401EP2, {0x00, 0x02, 0x10}, "ees401ep2" }, + { NTRU_EES439EP1, {0x00, 0x03, 0x10}, "ees439ep1" }, + { NTRU_EES593EP1, {0x00, 0x05, 0x10}, "ees593ep1" }, + { NTRU_EES743EP1, {0x00, 0x06, 0x10}, "ees743ep1" } +}; + +/* X9.98/IEEE 1363.1 parameter sets for best speed */ +static param_set_t param_sets_x9_98_speed[] = { + { NTRU_EES659EP1, {0x00, 0x02, 0x06}, "ees659ep1" }, + { NTRU_EES761EP1, {0x00, 0x03, 0x05}, "ees761ep1" }, + { NTRU_EES1087EP1, {0x00, 0x05, 0x05}, "ees1087ep1" }, + { NTRU_EES1499EP1, {0x00, 0x06, 0x05}, "ees1499ep1" } +}; + +/* X9.98/IEEE 1363.1 parameter sets for best bandwidth (smallest size) */ +static param_set_t param_sets_x9_98_bandwidth[] = { + { NTRU_EES401EP1, {0x00, 0x02, 0x04}, "ees401ep1" }, + { NTRU_EES449EP1, {0x00, 0x03, 0x03}, "ees449ep1" }, + { NTRU_EES677EP1, {0x00, 0x05, 0x03}, "ees677ep1" }, + { NTRU_EES1087EP2, {0x00, 0x06, 0x03}, "ees1087ep2" } +}; + +/* X9.98/IEEE 1363.1 parameter sets balancing speed and bandwidth */ +static param_set_t param_sets_x9_98_balance[] = { + { NTRU_EES541EP1, {0x00, 0x02, 0x05}, "ees541ep1" }, + { NTRU_EES613EP1, {0x00, 0x03, 0x04}, "ees613ep1" }, + { NTRU_EES887EP1, {0x00, 0x05, 0x04}, "ees887ep1" }, + { NTRU_EES1171EP1, {0x00, 0x06, 0x04}, "ees1171ep1" } +}; + +/** + * Private data of an ntru_ke_t object. + */ +struct private_ntru_ke_t { + /** + * Public ntru_ke_t interface. + */ + ntru_ke_t public; + + /** + * Diffie Hellman group number. + */ + u_int16_t group; + + /** + * NTRU Parameter Set + */ + param_set_t *param_set; + + /** + * Cryptographical strength in bits of the NTRU Parameter Set + */ + u_int32_t strength; + + /** + * NTRU Public Key + */ + chunk_t pub_key; + + /** + * NTRU Private Key + */ + chunk_t priv_key; + + /** + * NTRU encrypted shared secret + */ + chunk_t ciphertext; + + /** + * Shared secret + */ + chunk_t shared_secret; + + /** + * True if peer is responder + */ + bool responder; + + /** + * True if shared secret is computed + */ + bool computed; + + /** + * True Random Generator + */ + rng_t *entropy; + + /** + * Deterministic Random Bit Generator + */ + ntru_drbg_t *drbg; +}; + +METHOD(diffie_hellman_t, get_my_public_value, void, + private_ntru_ke_t *this, chunk_t *value) +{ + uint16_t pub_key_len, priv_key_len; + + *value = chunk_empty; + + if (this->responder) + { + if (this->ciphertext.len) + { + *value = chunk_clone(this->ciphertext); + } + } + else + { + if (this->pub_key.len == 0) + { + /* determine the NTRU public and private key sizes */ + if (ntru_crypto_ntru_encrypt_keygen(this->drbg, this->param_set->id, + &pub_key_len, NULL, + &priv_key_len, NULL) != NTRU_OK) + { + DBG1(DBG_LIB, "error determining NTRU public and private key " + "sizes"); + return; + } + this->pub_key = chunk_alloc(pub_key_len); + this->priv_key = chunk_alloc(priv_key_len); + + /* generate a random NTRU public/private key pair */ + if (ntru_crypto_ntru_encrypt_keygen(this->drbg, this->param_set->id, + &pub_key_len, this->pub_key.ptr, + &priv_key_len, this->priv_key.ptr) != NTRU_OK) + { + DBG1(DBG_LIB, "NTRU keypair generation failed"); + chunk_free(&this->priv_key); + chunk_free(&this->pub_key); + return; + } + DBG3(DBG_LIB, "NTRU public key: %B", &this->pub_key); + DBG4(DBG_LIB, "NTRU private key: %B", &this->priv_key); + } + *value = chunk_clone(this->pub_key); + } +} + +METHOD(diffie_hellman_t, get_shared_secret, status_t, + private_ntru_ke_t *this, chunk_t *secret) +{ + if (!this->computed || !this->shared_secret.len) + { + *secret = chunk_empty; + return FAILED; + } + *secret = chunk_clone(this->shared_secret); + + return SUCCESS; +} + + +METHOD(diffie_hellman_t, set_other_public_value, void, + private_ntru_ke_t *this, chunk_t value) +{ + u_int16_t plaintext_len, ciphertext_len; + + if (this->priv_key.len) + { + /* initiator decrypting shared secret */ + if (value.len == 0) + { + DBG1(DBG_LIB, "empty NTRU ciphertext"); + return; + } + this->ciphertext = chunk_clone(value); + DBG3(DBG_LIB, "NTRU ciphertext: %B", &this->ciphertext); + + /* determine the size of the maximum plaintext */ + if (ntru_crypto_ntru_decrypt(this->priv_key.len, this->priv_key.ptr, + this->ciphertext.len, this->ciphertext.ptr, + &plaintext_len, NULL) != NTRU_OK) + { + DBG1(DBG_LIB, "error determining maximum plaintext size"); + return; + } + this->shared_secret = chunk_alloc(plaintext_len); + + /* decrypt the shared secret */ + if (ntru_crypto_ntru_decrypt(this->priv_key.len, this->priv_key.ptr, + this->ciphertext.len, this->ciphertext.ptr, + &plaintext_len, this->shared_secret.ptr) != NTRU_OK) + { + DBG1(DBG_LIB, "NTRU decryption of shared secret failed"); + chunk_free(&this->shared_secret); + return; + } + this->shared_secret.len = plaintext_len; + this->computed = TRUE; + } + else + { + /* responder generating and encrypting the shared secret */ + this->responder = TRUE; + + /* check the NTRU public key format */ + if (value.len < 5 || value.ptr[0] != 1 || value.ptr[1] != 3) + { + DBG1(DBG_LIB, "received NTRU public key with invalid header"); + return; + } + if (!memeq(value.ptr + 2, this->param_set->oid, 3)) + { + DBG1(DBG_LIB, "received NTRU public key with wrong OID"); + return; + } + this->pub_key = chunk_clone(value); + + /* shared secret size is chosen as twice the cryptographical strength */ + this->shared_secret = chunk_alloc(2 * this->strength / BITS_PER_BYTE); + + /* generate the random shared secret */ + if (!this->drbg->generate(this->drbg, this->strength, + this->shared_secret.len, this->shared_secret.ptr)) + { + DBG1(DBG_LIB, "generation of shared secret failed"); + chunk_free(&this->shared_secret); + return; + } + this->computed = TRUE; + + /* determine the size of the ciphertext */ + if (ntru_crypto_ntru_encrypt(this->drbg, + this->pub_key.len, this->pub_key.ptr, + this->shared_secret.len, this->shared_secret.ptr, + &ciphertext_len, NULL) != NTRU_OK) + { + DBG1(DBG_LIB, "error determining ciphertext size"); + return; + } + this->ciphertext = chunk_alloc(ciphertext_len); + + /* encrypt the shared secret */ + if (ntru_crypto_ntru_encrypt(this->drbg, + this->pub_key.len, this->pub_key.ptr, + this->shared_secret.len, this->shared_secret.ptr, + &ciphertext_len, this->ciphertext.ptr) != NTRU_OK) + { + DBG1(DBG_LIB, "NTRU encryption of shared secret failed"); + chunk_free(&this->ciphertext); + return; + } + DBG3(DBG_LIB, "NTRU ciphertext: %B", &this->ciphertext); + } +} + +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_ntru_ke_t *this) +{ + return this->group; +} + +METHOD(diffie_hellman_t, destroy, void, + private_ntru_ke_t *this) +{ + this->drbg->destroy(this->drbg); + this->entropy->destroy(this->entropy); + chunk_free(&this->pub_key); + chunk_free(&this->ciphertext); + chunk_clear(&this->priv_key); + chunk_clear(&this->shared_secret); + free(this); +} + +/* + * Described in header. + */ +ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p) +{ + private_ntru_ke_t *this; + param_set_t *param_sets, *param_set; + rng_t *entropy; + ntru_drbg_t *drbg; + char *parameter_set; + u_int32_t strength; + + parameter_set = lib->settings->get_str(lib->settings, + "%s.plugins.ntru.parameter_set", "optimum", lib->ns); + + if (streq(parameter_set, "x9_98_speed")) + { + param_sets = param_sets_x9_98_speed; + } + else if (streq(parameter_set, "x9_98_bandwidth")) + { + param_sets = param_sets_x9_98_bandwidth; + } + else if (streq(parameter_set, "x9_98_balance")) + { + param_sets = param_sets_x9_98_balance; + } + else + { + param_sets = param_sets_optimum; + } + + switch (group) + { + case NTRU_112_BIT: + strength = 112; + param_set = ¶m_sets[0]; + break; + case NTRU_128_BIT: + strength = 128; + param_set = ¶m_sets[1]; + break; + case NTRU_192_BIT: + strength = 192; + param_set = ¶m_sets[2]; + break; + case NTRU_256_BIT: + strength = 256; + param_set = ¶m_sets[3]; + break; + default: + return NULL; + } + DBG1(DBG_LIB, "%u bit %s NTRU parameter set %s selected", strength, + parameter_set, param_set->name); + + entropy = lib->crypto->create_rng(lib->crypto, RNG_TRUE); + if (!entropy) + { + DBG1(DBG_LIB, "could not attach entropy source for DRBG"); + return NULL; + } + + drbg = ntru_drbg_create(strength, chunk_from_str("IKE NTRU-KE"), entropy); + if (!drbg) + { + DBG1(DBG_LIB, "could not instantiate DRBG at %u bit security", strength); + entropy->destroy(entropy); + return NULL; + } + + INIT(this, + .public = { + .dh = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + }, + .group = group, + .param_set = param_set, + .strength = strength, + .entropy = entropy, + .drbg = drbg, + ); + + return &this->public; +} + diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.h b/src/libstrongswan/plugins/ntru/ntru_ke.h new file mode 100644 index 000000000..b8bbf5e54 --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_ke.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ntru_ke ntru_ke + * @{ @ingroup ntru_p + */ + +#ifndef NTRU_KE_H_ +#define NTRU_KE_H_ + +typedef struct ntru_ke_t ntru_ke_t; + +#include <library.h> + +/** + * Implementation of a key exchange algorithm using NTRU encryption + */ +struct ntru_ke_t { + + /** + * Implements diffie_hellman_t interface. + */ + diffie_hellman_t dh; +}; + +/** + * Creates a new ntru_ke_t object. + * + * @param group NTRU group number to use + * @param g not used + * @param p not used + * @return ntru_ke_t object, NULL if not supported + */ +ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p); + +#endif /** NTRU_KE_H_ @}*/ + diff --git a/src/libstrongswan/plugins/ntru/ntru_mgf1.c b/src/libstrongswan/plugins/ntru/ntru_mgf1.c new file mode 100644 index 000000000..2338db208 --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_mgf1.c @@ -0,0 +1,182 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ntru_mgf1.h" + +#include <crypto/hashers/hasher.h> +#include <utils/debug.h> +#include <utils/test.h> + +typedef struct private_ntru_mgf1_t private_ntru_mgf1_t; + +/** + * Private data of an ntru_mgf1_t object. + */ +struct private_ntru_mgf1_t { + + /** + * Public ntru_mgf1_t interface. + */ + ntru_mgf1_t public; + + /** + * Hasher the MGF1 Mask Generation Function is based on + */ + hasher_t *hasher; + + /** + * Counter + */ + u_int32_t counter; + + /** + * Set if counter has reached 2^32 + */ + bool overflow; + + /** + * Current state to be hashed + */ + chunk_t state; + + /** + * Position of the 4 octet counter string + */ + u_char *ctr_str; + +}; + +METHOD(ntru_mgf1_t, get_hash_size, size_t, + private_ntru_mgf1_t *this) +{ + return this->hasher->get_hash_size(this->hasher); +} + +METHOD(ntru_mgf1_t, get_mask, bool, + private_ntru_mgf1_t *this, size_t mask_len, u_char *mask) +{ + u_char buf[HASH_SIZE_SHA512]; + size_t hash_len; + + hash_len = this->hasher->get_hash_size(this->hasher); + + while (mask_len > 0) + { + /* detect overflow, set counter string and increment counter */ + if (this->overflow) + { + return FALSE; + } + htoun32(this->ctr_str, this->counter++); + if (this->counter == 0) + { + this->overflow = TRUE; + } + + /* get the next or final mask block from the hash function */ + if (!this->hasher->get_hash(this->hasher, this->state, + (mask_len < hash_len) ? buf : mask)) + { + return FALSE; + } + if (mask_len < hash_len) + { + memcpy(mask, buf, mask_len); + return TRUE; + } + mask_len -= hash_len; + mask += hash_len; + } + return TRUE; +} + +METHOD(ntru_mgf1_t, allocate_mask, bool, + private_ntru_mgf1_t *this, size_t mask_len, chunk_t *mask) +{ + if (mask_len == 0) + { + *mask = chunk_empty; + return TRUE; + } + *mask = chunk_alloc(mask_len); + + return get_mask(this, mask_len, mask->ptr); +} + +METHOD(ntru_mgf1_t, destroy, void, + private_ntru_mgf1_t *this) +{ + this->hasher->destroy(this->hasher); + chunk_clear(&this->state); + free(this); +} + +/* + * Described in header. + */ +ntru_mgf1_t *ntru_mgf1_create(hash_algorithm_t alg, chunk_t seed, + bool hash_seed) +{ + private_ntru_mgf1_t *this; + hasher_t *hasher; + size_t state_len; + + if (seed.len == 0) + { + DBG1(DBG_LIB, "empty seed for MGF1"); + return NULL; + } + + hasher = lib->crypto->create_hasher(lib->crypto, alg); + if (!hasher) + { + DBG1(DBG_LIB, "failed to create %N hasher for MGF1", + hash_algorithm_names, alg); + return NULL; + } + state_len = (hash_seed ? hasher->get_hash_size(hasher) : seed.len) + 4; + + INIT(this, + .public = { + .get_hash_size = _get_hash_size, + .allocate_mask = _allocate_mask, + .get_mask = _get_mask, + .destroy = _destroy, + }, + .hasher = hasher, + .state = chunk_alloc(state_len), + ); + + /* determine position of the 4 octet counter string */ + this->ctr_str = this->state.ptr + state_len - 4; + + if (hash_seed) + { + if (!hasher->get_hash(hasher, seed, this->state.ptr)) + { + DBG1(DBG_LIB, "failed to hash seed for MGF1"); + destroy(this); + return NULL; + } + } + else + { + memcpy(this->state.ptr, seed.ptr, seed.len); + } + + return &this->public; +} + +EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_mgf1_create); diff --git a/src/libstrongswan/plugins/ntru/ntru_mgf1.h b/src/libstrongswan/plugins/ntru/ntru_mgf1.h new file mode 100644 index 000000000..53e90412a --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_mgf1.h @@ -0,0 +1,77 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ntru_mgf1 ntru_mgf1 + * @{ @ingroup ntru_p + */ + +#ifndef NTRU_MGF1_H_ +#define NTRU_MGF1_H_ + +typedef struct ntru_mgf1_t ntru_mgf1_t; + +#include <library.h> + +/** + * Implements the PKCS#1 MGF1 Mask Generation Function based on a hash function + * defined in section 10.2.1 of RFC 2437 + */ +struct ntru_mgf1_t { + + /** + * Get the hash size of the underlying hash function + * + * @return hash size in bytes + */ + size_t (*get_hash_size)(ntru_mgf1_t *this); + + /** + * Generate a mask pattern and copy it to an output buffer + * If the maximum number of requests has been reached, reseeding occurs + * + * @param mask_len number of mask bytes to generate + * @param mask output buffer of minimum size mask_len + * @return TRUE if successful + */ + bool (*get_mask)(ntru_mgf1_t *this, size_t mask_len, u_char *mask); + + /** + * Generate a mask pattern and return it in an allocated chunk + * + * @param mask_len number of mask bytes to generate + * @param mask chunk containing generated mask + * @return TRUE if successful + */ + bool (*allocate_mask)(ntru_mgf1_t *this, size_t mask_len, chunk_t *mask); + + /** + * Destroy the MGF1 object + */ + void (*destroy)(ntru_mgf1_t *this); +}; + +/** + * Create an MGF1 object + * + * @param alg hash algorithm to be used by MGF1 + * @param seed seed used by MGF1 to generate mask from + * @param hash_seed hash seed before using it as a seed from MGF1 + */ +ntru_mgf1_t *ntru_mgf1_create(hash_algorithm_t alg, chunk_t seed, + bool hash_seed); + +#endif /** NTRU_MGF1_H_ @}*/ + diff --git a/src/libstrongswan/plugins/ntru/ntru_plugin.c b/src/libstrongswan/plugins/ntru/ntru_plugin.c new file mode 100644 index 000000000..66be7c75b --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_plugin.c @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ntru_plugin.h" +#include "ntru_ke.h" + +#include <library.h> + +typedef struct private_ntru_plugin_t private_ntru_plugin_t; + +/** + * private data of ntru_plugin + */ +struct private_ntru_plugin_t { + + /** + * public functions + */ + ntru_plugin_t public; +}; + +METHOD(plugin_t, get_name, char*, + private_ntru_plugin_t *this) +{ + return "ntru"; +} + +METHOD(plugin_t, get_features, int, + private_ntru_plugin_t *this, plugin_feature_t *features[]) +{ + static plugin_feature_t f[] = { + PLUGIN_REGISTER(DH, ntru_ke_create), + PLUGIN_PROVIDE(DH, NTRU_112_BIT), + PLUGIN_PROVIDE(DH, NTRU_128_BIT), + PLUGIN_PROVIDE(DH, NTRU_192_BIT), + PLUGIN_PROVIDE(DH, NTRU_256_BIT), + PLUGIN_DEPENDS(RNG, RNG_TRUE), + PLUGIN_DEPENDS(SIGNER, AUTH_HMAC_SHA2_256_256), + PLUGIN_DEPENDS(HASHER, HASH_SHA256), + PLUGIN_SDEPEND(HASHER, HASH_SHA1) + }; + *features = f; + + return countof(f); +} + +METHOD(plugin_t, destroy, void, + private_ntru_plugin_t *this) +{ + free(this); +} + +/* + * see header file + */ +plugin_t *ntru_plugin_create() +{ + private_ntru_plugin_t *this; + + INIT(this, + .public = { + .plugin = { + .get_name = _get_name, + .get_features = _get_features, + .destroy = _destroy, + }, + }, + ); + + return &this->public.plugin; +} diff --git a/src/libstrongswan/plugins/ntru/ntru_plugin.h b/src/libstrongswan/plugins/ntru/ntru_plugin.h new file mode 100644 index 000000000..187b83445 --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_plugin.h @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ntru_p ntru + * @ingroup plugins + * + * @defgroup ntru_plugin ntru_plugin + * @{ @ingroup ntru_p + */ + +#ifndef NTRU_PLUGIN_H_ +#define NTRU_PLUGIN_H_ + +#include <plugins/plugin.h> + +typedef struct ntru_plugin_t ntru_plugin_t; + +/** + * Plugin implementing NTRU-base key exchange + */ +struct ntru_plugin_t { + + /** + * implements plugin interface + */ + plugin_t plugin; +}; + +#endif /** NTRU_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.c b/src/libstrongswan/plugins/ntru/ntru_poly.c new file mode 100644 index 000000000..3f754f2a0 --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_poly.c @@ -0,0 +1,416 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (C) 2009-2013 Security Innovation + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ntru_poly.h" +#include "ntru_mgf1.h" + +#include <utils/debug.h> +#include <utils/test.h> + +typedef struct private_ntru_poly_t private_ntru_poly_t; +typedef struct indices_len_t indices_len_t; + +/** + * Stores number of +1 and -1 coefficients + */ +struct indices_len_t { + int p; + int m; +}; + +/** + * Private data of an ntru_poly_t object. + */ +struct private_ntru_poly_t { + + /** + * Public ntru_poly_t interface. + */ + ntru_poly_t public; + + /** + * Ring dimension equal to the number of polynomial coefficients + */ + uint16_t N; + + /** + * Large modulus + */ + uint16_t q; + + /** + * Array containing the indices of the non-zero coefficients + */ + uint16_t *indices; + + /** + * Number of indices of the non-zero coefficients + */ + size_t num_indices; + + /** + * Number of sparse polynomials + */ + int num_polynomials; + + /** + * Number of nonzero coefficients for up to 3 sparse polynomials + */ + indices_len_t indices_len[3]; + +}; + +METHOD(ntru_poly_t, get_size, size_t, + private_ntru_poly_t *this) +{ + return this->num_indices; +} + +METHOD(ntru_poly_t, get_indices, uint16_t*, + private_ntru_poly_t *this) +{ + return this->indices; +} + +/** + * Multiplication of polynomial a with a sparse polynomial b given by + * the indices of its +1 and -1 coefficients results in polynomial c. + * This is a convolution operation + */ +static void ring_mult_i(uint16_t *a, indices_len_t len, uint16_t *indices, + uint16_t N, uint16_t mod_q_mask, uint16_t *t, + uint16_t *c) +{ + int i, j, k; + + /* initialize temporary array t */ + for (k = 0; k < N; k++) + { + t[k] = 0; + } + + /* t[(i+k)%N] = sum i=0 through N-1 of a[i], for b[k] = -1 */ + for (j = len.p; j < len.p + len.m; j++) + { + k = indices[j]; + for (i = 0; k < N; ++i, ++k) + { + t[k] += a[i]; + } + for (k = 0; i < N; ++i, ++k) + { + t[k] += a[i]; + } + } + + /* t[(i+k)%N] = -(sum i=0 through N-1 of a[i] for b[k] = -1) */ + for (k = 0; k < N; k++) + { + t[k] = -t[k]; + } + + /* t[(i+k)%N] += sum i=0 through N-1 of a[i] for b[k] = +1 */ + for (j = 0; j < len.p; j++) + { + k = indices[j]; + for (i = 0; k < N; ++i, ++k) + { + t[k] += a[i]; + } + for (k = 0; i < N; ++i, ++k) + { + t[k] += a[i]; + } + } + + /* c = (a * b) mod q */ + for (k = 0; k < N; k++) + { + c[k] = t[k] & mod_q_mask; + } +} + +METHOD(ntru_poly_t, get_array, void, + private_ntru_poly_t *this, uint16_t *array) +{ + uint16_t *t, *bi; + uint16_t mod_q_mask = this->q - 1; + indices_len_t len; + int i; + + /* form polynomial F or F1 */ + memset(array, 0x00, this->N * sizeof(uint16_t)); + bi = this->indices; + len = this->indices_len[0]; + for (i = 0; i < len.p + len.m; i++) + { + array[bi[i]] = (i < len.p) ? 1 : mod_q_mask; + } + + if (this->num_polynomials == 3) + { + /* allocate temporary array t */ + t = malloc(this->N * sizeof(uint16_t)); + + /* form F1 * F2 */ + bi += len.p + len.m; + len = this->indices_len[1]; + ring_mult_i(array, len, bi, this->N, mod_q_mask, t, array); + + /* form (F1 * F2) + F3 */ + bi += len.p + len.m; + len = this->indices_len[2]; + for (i = 0; i < len.p + len.m; i++) + { + if (i < len.p) + { + array[bi[i]] += 1; + } + else + { + array[bi[i]] -= 1; + } + array[bi[i]] &= mod_q_mask; + } + free(t); + } +} + +METHOD(ntru_poly_t, ring_mult, void, + private_ntru_poly_t *this, uint16_t *a, uint16_t *c) +{ + uint16_t *t1, *t2; + uint16_t *bi = this->indices; + uint16_t mod_q_mask = this->q - 1; + int i; + + /* allocate temporary array t1 */ + t1 = malloc(this->N * sizeof(uint16_t)); + + if (this->num_polynomials == 1) + { + ring_mult_i(a, this->indices_len[0], bi, this->N, mod_q_mask, t1, c); + } + else + { + /* allocate temporary array t2 */ + t2 = malloc(this->N * sizeof(uint16_t)); + + /* t1 = a * b1 */ + ring_mult_i(a, this->indices_len[0], bi, this->N, mod_q_mask, t1, t1); + + /* t1 = (a * b1) * b2 */ + bi += this->indices_len[0].p + this->indices_len[0].m; + ring_mult_i(t1, this->indices_len[1], bi, this->N, mod_q_mask, t2, t1); + + /* t2 = a * b3 */ + bi += this->indices_len[1].p + this->indices_len[1].m; + ring_mult_i(a, this->indices_len[2], bi, this->N, mod_q_mask, t2, t2); + + /* c = (a * b1 * b2) + (a * b3) */ + for (i = 0; i < this->N; i++) + { + c[i] = (t1[i] + t2[i]) & mod_q_mask; + } + free(t2); + } + free(t1); +} + +METHOD(ntru_poly_t, destroy, void, + private_ntru_poly_t *this) +{ + memwipe(this->indices, sizeof(uint16_t) * get_size(this)); + free(this->indices); + free(this); +} + +static void init_indices(private_ntru_poly_t *this, bool is_product_form, + uint32_t indices_len_p, uint32_t indices_len_m) +{ + int n; + + if (is_product_form) + { + this->num_polynomials = 3; + for (n = 0; n < 3; n++) + { + this->indices_len[n].p = 0xff & indices_len_p; + this->indices_len[n].m = 0xff & indices_len_m; + this->num_indices += this->indices_len[n].p + + this->indices_len[n].m; + indices_len_p >>= 8; + indices_len_m >>= 8; + } + } + else + { + this->num_polynomials = 1; + this->indices_len[0].p = indices_len_p; + this->indices_len[0].m = indices_len_m; + this->num_indices = indices_len_p + indices_len_m; + } + this->indices = malloc(sizeof(uint16_t) * this->num_indices); +} + +/* + * Described in header. + */ +ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed, + uint8_t c_bits, uint16_t N, uint16_t q, + uint32_t indices_len_p, + uint32_t indices_len_m, + bool is_product_form) +{ + private_ntru_poly_t *this; + size_t hash_len, octet_count = 0, i; + uint8_t octets[HASH_SIZE_SHA512], *used, num_left = 0, num_needed; + uint16_t index, limit, left = 0; + int n, num_indices, index_i = 0; + ntru_mgf1_t *mgf1; + + DBG2(DBG_LIB, "MGF1 is seeded with %u bytes", seed.len); + mgf1 = ntru_mgf1_create(alg, seed, TRUE); + if (!mgf1) + { + return NULL; + } + i = hash_len = mgf1->get_hash_size(mgf1); + + INIT(this, + .public = { + .get_size = _get_size, + .get_indices = _get_indices, + .get_array = _get_array, + .ring_mult = _ring_mult, + .destroy = _destroy, + }, + .N = N, + .q = q, + ); + + init_indices(this, is_product_form, indices_len_p, indices_len_m); + used = malloc(N); + limit = N * ((1 << c_bits) / N); + + /* generate indices for all polynomials */ + for (n = 0; n < this->num_polynomials; n++) + { + memset(used, 0, N); + num_indices = this->indices_len[n].p + this->indices_len[n].m; + + /* generate indices for a single polynomial */ + while (num_indices) + { + /* generate a random candidate index with a size of c_bits */ + do + { + /* use any leftover bits first */ + index = num_left ? left << (c_bits - num_left) : 0; + + /* get the rest of the bits needed from new octets */ + num_needed = c_bits - num_left; + + while (num_needed) + { + if (i == hash_len) + { + /* get another block from MGF1 */ + if (!mgf1->get_mask(mgf1, hash_len, octets)) + { + mgf1->destroy(mgf1); + destroy(this); + free(used); + return NULL; + } + octet_count += hash_len; + i = 0; + } + left = octets[i++]; + + if (num_needed <= 8) + { + /* all bits needed to fill the index are in this octet */ + index |= left >> (8 - num_needed); + num_left = 8 - num_needed; + num_needed = 0; + left &= 0xff >> (8 - num_left); + } + else + { + /* more than one octet will be needed */ + index |= left << (num_needed - 8); + num_needed -= 8; + } + } + } + while (index >= limit); + + /* form index and check if unique */ + index %= N; + if (!used[index]) + { + used[index] = 1; + this->indices[index_i++] = index; + num_indices--; + } + } + } + + DBG2(DBG_LIB, "MGF1 generates %u octets to derive %u indices", + octet_count, this->num_indices); + mgf1->destroy(mgf1); + free(used); + + return &this->public; +} + +/* + * Described in header. + */ +ntru_poly_t *ntru_poly_create_from_data(uint16_t *data, uint16_t N, uint16_t q, + uint32_t indices_len_p, + uint32_t indices_len_m, + bool is_product_form) +{ + private_ntru_poly_t *this; + int i; + + INIT(this, + .public = { + .get_size = _get_size, + .get_indices = _get_indices, + .get_array = _get_array, + .ring_mult = _ring_mult, + .destroy = _destroy, + }, + .N = N, + .q = q, + ); + + init_indices(this, is_product_form, indices_len_p, indices_len_m); + for (i = 0; i < this->num_indices; i++) + { + this->indices[i] = data[i]; + } + + return &this->public; +} + +EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed); + +EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data); diff --git a/src/libstrongswan/plugins/ntru/ntru_poly.h b/src/libstrongswan/plugins/ntru/ntru_poly.h new file mode 100644 index 000000000..87c77103c --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_poly.h @@ -0,0 +1,99 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ntru_poly ntru_poly + * @{ @ingroup ntru_p + */ + +#ifndef NTRU_POLY_H_ +#define NTRU_POLY_H_ + +typedef struct ntru_poly_t ntru_poly_t; + +#include <library.h> + +/** + * Implements a trinary polynomial storing the indices of non-zero coefficients + */ +struct ntru_poly_t { + + /** + * Get the size of the indices array + * + * @return number of indices + */ + size_t (*get_size)(ntru_poly_t *this); + + /** + * @return array containing the indices of the non-zero coefficients + */ + uint16_t* (*get_indices)(ntru_poly_t *this); + + /** + * @param array array containing all N coefficients of the polynomial + */ + void (*get_array)(ntru_poly_t *this, uint16_t *array); + + /** + * Multiply polynomial a with ntru_poly_t object b having sparse coeffients + * to form result polynomial c = a * b + * + * @param a input polynomial a + * @param b output polynomial c + */ + void (*ring_mult)(ntru_poly_t *this, uint16_t *a, uint16_t *c); + + /** + * Destroy ntru_poly_t object + */ + void (*destroy)(ntru_poly_t *this); +}; + +/** + * Create a trits polynomial from a seed using MGF1 with a base hash function + * + * @param alg hash algorithm to be used by MGF1 + * @param seed seed used by MGF1 to generate trits from + * @param N ring dimension, number of polynomial coefficients + * @param q large modulus + * @param c_bits number of bits for candidate index + * @param indices_len_p number of indices for +1 coefficients + * @param indices_len_m number of indices for -1 coefficients + * @param is_product_form generate multiple polynomials + */ +ntru_poly_t *ntru_poly_create_from_seed(hash_algorithm_t alg, chunk_t seed, + uint8_t c_bits, uint16_t N, uint16_t q, + uint32_t indices_len_p, + uint32_t indices_len_m, + bool is_product_form); + +/** + * Create a trits polynomial from an array of indices of non-zero coefficients + * + * @param data array of indices of non-zero coefficients + * @param N ring dimension, number of polynomial coefficients + * @param q large modulus + * @param indices_len_p number of indices for +1 coefficients + * @param indices_len_m number of indices for -1 coefficients + * @param is_product_form generate multiple polynomials + */ +ntru_poly_t *ntru_poly_create_from_data(uint16_t *data, uint16_t N, uint16_t q, + uint32_t indices_len_p, + uint32_t indices_len_m, + bool is_product_form); + +#endif /** NTRU_POLY_H_ @}*/ + diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.c b/src/libstrongswan/plugins/ntru/ntru_trits.c new file mode 100644 index 000000000..f82501629 --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_trits.c @@ -0,0 +1,133 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "ntru_trits.h" +#include "ntru_mgf1.h" + +#include "ntru_crypto/ntru_crypto_ntru_convert.h" + +#include <utils/debug.h> +#include <utils/test.h> + +typedef struct private_ntru_trits_t private_ntru_trits_t; + +/** + * Private data of an ntru_trits_t object. + */ +struct private_ntru_trits_t { + + /** + * Public ntru_trits_t interface. + */ + ntru_trits_t public; + + /** + * Size of the trits array + */ + size_t trits_len; + + /** + * Array containing a trit per octet + */ + uint8_t *trits; + +}; + +METHOD(ntru_trits_t, get_size, size_t, + private_ntru_trits_t *this) +{ + return this->trits_len; +} + +METHOD(ntru_trits_t, get_trits, uint8_t*, + private_ntru_trits_t *this) +{ + return this->trits; +} + +METHOD(ntru_trits_t, destroy, void, + private_ntru_trits_t *this) +{ + memwipe(this->trits, this->trits_len); + free(this->trits); + free(this); +} + +/* + * Described in header. + */ +ntru_trits_t *ntru_trits_create(size_t len, hash_algorithm_t alg, chunk_t seed) +{ + private_ntru_trits_t *this; + uint8_t octets[HASH_SIZE_SHA512], buf[5], *trits; + size_t hash_len, octet_count = 0, trits_needed, i; + ntru_mgf1_t *mgf1; + + DBG2(DBG_LIB, "MGF1 is seeded with %u bytes", seed.len); + mgf1 = ntru_mgf1_create(alg, seed, TRUE); + if (!mgf1) + { + return NULL; + } + i = hash_len = mgf1->get_hash_size(mgf1); + + INIT(this, + .public = { + .get_size = _get_size, + .get_trits = _get_trits, + .destroy = _destroy, + }, + .trits_len = len, + .trits = malloc(len), + ); + + trits = this->trits; + trits_needed = this->trits_len; + + while (trits_needed > 0) + { + if (i == hash_len) + { + /* get another block from MGF1 */ + if (!mgf1->get_mask(mgf1, hash_len, octets)) + { + mgf1->destroy(mgf1); + destroy(this); + return NULL; + } + octet_count += hash_len; + i = 0; + } + if (octets[i] < 243) /* 243 = 3^5 */ + { + ntru_octet_2_trits(octets[i], (trits_needed < 5) ? buf : trits); + if (trits_needed < 5) + { + memcpy(trits, buf, trits_needed); + break; + } + trits += 5; + trits_needed -= 5; + } + i++; + } + DBG2(DBG_LIB, "MGF1 generates %u octets to extract %u trits", + octet_count, len); + mgf1->destroy(mgf1); + + return &this->public; +} + +EXPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create); diff --git a/src/libstrongswan/plugins/ntru/ntru_trits.h b/src/libstrongswan/plugins/ntru/ntru_trits.h new file mode 100644 index 000000000..524c51bac --- /dev/null +++ b/src/libstrongswan/plugins/ntru/ntru_trits.h @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup ntru_trits ntru_trits + * @{ @ingroup ntru_p + */ + +#ifndef NTRU_TRITS_H_ +#define NTRU_TRITS_H_ + +typedef struct ntru_trits_t ntru_trits_t; + +#include <library.h> + +/** + * Implements an array of trinary elements (trits) + */ +struct ntru_trits_t { + + /** + * Get the size of the trits array + * + * @return number of trinary elements + */ + size_t (*get_size)(ntru_trits_t *this); + + /** + * @return octet array containing a trit per octet + */ + uint8_t* (*get_trits)(ntru_trits_t *this); + + /** + * Destroy ntru_trits_t object + */ + void (*destroy)(ntru_trits_t *this); +}; + +/** + * Create a trits array from a seed using MGF1 with a base hash function + * + * @param size size of the trits array + * @param alg hash algorithm to be used by MGF1 + * @param seed seed used by MGF1 to generate trits from + */ +ntru_trits_t *ntru_trits_create(size_t size, hash_algorithm_t alg, chunk_t seed); + +#endif /** NTRU_TRITS_H_ @}*/ + diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index 53ff2eb4c..f0735294b 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -224,8 +224,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -293,6 +291,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -381,12 +384,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -401,6 +408,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index 18aa5ceca..cb02c663c 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -471,7 +471,7 @@ static bool parse_extensions(private_openssl_crl_t *this) default: ok = X509_EXTENSION_get_critical(ext) == 0 || !lib->settings->get_bool(lib->settings, - "libstrongswan.x509.enforce_critical", TRUE); + "%s.x509.enforce_critical", TRUE, lib->ns); if (!ok) { DBG1(DBG_LIB, "found unsupported critical X.509 " diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index c43fe455a..b487d59a5 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -102,6 +102,11 @@ static bool chunk2ecp(const EC_GROUP *group, chunk_t chunk, EC_POINT *point) goto error; } + if (!EC_POINT_is_on_curve(group, point, ctx)) + { + goto error; + } + ret = TRUE; error: BN_CTX_end(ctx); @@ -196,7 +201,7 @@ static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this, * http://www.rfc-editor.org/errata_search.php?eid=9 */ x_coordinate_only = lib->settings->get_bool(lib->settings, - "libstrongswan.ecp_x_coordinate_only", TRUE); + "%s.ecp_x_coordinate_only", TRUE, lib->ns); if (!ecp2chunk(this->ec_group, secret, shared_secret, x_coordinate_only)) { goto error; diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index ff2508609..f4aef8200 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -522,7 +522,7 @@ plugin_t *openssl_plugin_create() int fips_mode; fips_mode = lib->settings->get_int(lib->settings, - "libstrongswan.plugins.openssl.fips_mode", FIPS_MODE); + "%s.plugins.openssl.fips_mode", FIPS_MODE, lib->ns); #ifdef OPENSSL_FIPS if (fips_mode) { diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 036f53d23..10a35c1fd 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -558,7 +558,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, if (!engine_id) { engine_id = lib->settings->get_str(lib->settings, - "libstrongswan.plugins.openssl.engine_id", "pkcs11"); + "%s.plugins.openssl.engine_id", "pkcs11", lib->ns); } engine = ENGINE_by_id(engine_id); if (!engine) diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index 24b12d50c..7a5b206dd 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -1012,7 +1012,7 @@ static bool parse_extensions(private_openssl_x509_t *this) default: ok = X509_EXTENSION_get_critical(ext) == 0 || !lib->settings->get_bool(lib->settings, - "libstrongswan.x509.enforce_critical", TRUE); + "%s.x509.enforce_critical", TRUE, lib->ns); if (!ok) { char buf[80] = ""; diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 5c3ce2a42..55c0271ce 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index 060799dc8..22c33b0c8 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -216,8 +216,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c index 254b1951b..62780c384 100644 --- a/src/libstrongswan/plugins/pem/pem_builder.c +++ b/src/libstrongswan/plugins/pem/pem_builder.c @@ -25,7 +25,6 @@ #include <stddef.h> #include <fcntl.h> #include <sys/types.h> -#include <sys/mman.h> #include <sys/stat.h> #include <utils/debug.h> @@ -418,39 +417,17 @@ static void *load_from_blob(chunk_t blob, credential_type_t type, int subtype, static void *load_from_file(char *file, credential_type_t type, int subtype, identification_t *subject, x509_flag_t flags) { - void *cred = NULL; - struct stat sb; - void *addr; - int fd; + void *cred; + chunk_t *chunk; - fd = open(file, O_RDONLY); - if (fd == -1) + chunk = chunk_map(file, FALSE); + if (!chunk) { DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno)); return NULL; } - - if (fstat(fd, &sb) == -1) - { - DBG1(DBG_LIB, " getting file size of '%s' failed: %s", file, - strerror(errno)); - close(fd); - return NULL; - } - - addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); - if (addr == MAP_FAILED) - { - DBG1(DBG_LIB, " mapping '%s' failed: %s", file, strerror(errno)); - close(fd); - return NULL; - } - - cred = load_from_blob(chunk_create(addr, sb.st_size), type, subtype, - subject, flags); - - munmap(addr, sb.st_size); - close(fd); + cred = load_from_blob(*chunk, type, subtype, subject, flags); + chunk_unmap(chunk); return cred; } diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index 05319bb87..e2491f5a4 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -216,8 +216,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index 2befd0949..d3f3fdf49 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -217,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index 186d90ac6..c8cec3771 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -220,8 +220,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c index 2e5af95ff..36cc284bf 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_dh.c @@ -135,7 +135,7 @@ METHOD(diffie_hellman_t, set_other_public_value, void, }; if (!lib->settings->get_bool(lib->settings, - "libstrongswan.ecp_x_coordinate_only", TRUE)) + "%s.ecp_x_coordinate_only", TRUE, lib->ns)) { /* we only get the x coordinate back */ return; } diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c index 8bda5b66f..96c4a180d 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c @@ -338,7 +338,7 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, ); enumerator = lib->settings->create_section_enumerator(lib->settings, - "libstrongswan.plugins.pkcs11.modules"); + "%s.plugins.pkcs11.modules", lib->ns); while (enumerator->enumerate(enumerator, &module)) { INIT(entry, @@ -346,7 +346,7 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, ); entry->path = lib->settings->get_str(lib->settings, - "libstrongswan.plugins.pkcs11.modules.%s.path", NULL, module); + "%s.plugins.pkcs11.modules.%s.path", NULL, lib->ns, module); if (!entry->path) { DBG1(DBG_CFG, "PKCS11 module '%s' lacks library path", module); @@ -355,8 +355,8 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, } entry->lib = pkcs11_library_create(module, entry->path, lib->settings->get_bool(lib->settings, - "libstrongswan.plugins.pkcs11.modules.%s.os_locking", - FALSE, module)); + "%s.plugins.pkcs11.modules.%s.os_locking", + FALSE, lib->ns, module)); if (!entry->lib) { free(entry); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c index 3faa59cae..bd2a2c114 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c @@ -83,8 +83,8 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11, if (add && this->handle_events) { if (lib->settings->get_bool(lib->settings, - "libstrongswan.plugins.pkcs11.modules.%s.load_certs", - TRUE, p11->get_name(p11))) + "%s.plugins.pkcs11.modules.%s.load_certs", + TRUE, lib->ns, p11->get_name(p11))) { creds = pkcs11_creds_create(p11, slot); if (creds) @@ -174,8 +174,8 @@ static bool handle_certs(private_pkcs11_plugin_t *this, METHOD(plugin_t, reload, bool, private_pkcs11_plugin_t *this) { - if (lib->settings->get_bool(lib->settings, - "libstrongswan.plugins.pkcs11.reload_certs", FALSE)) + if (lib->settings->get_bool(lib->settings, "%s.plugins.pkcs11.reload_certs", + FALSE, lib->ns)) { DBG1(DBG_CFG, "reloading certificates from PKCS#11 tokens"); handle_certs(this, NULL, FALSE, NULL); @@ -247,28 +247,28 @@ METHOD(plugin_t, get_features, int, if (!count) { /* initialize only once */ bool use_ecc = lib->settings->get_bool(lib->settings, - "libstrongswan.plugins.pkcs11.use_ecc", FALSE); + "%s.plugins.pkcs11.use_ecc", FALSE, lib->ns); plugin_features_add(f, f_manager, countof(f_manager), &count); /* private key handling for EC keys is not disabled by use_ecc */ plugin_features_add(f, f_privkey, countof(f_privkey), &count); if (lib->settings->get_bool(lib->settings, - "libstrongswan.plugins.pkcs11.use_pubkey", FALSE)) + "%s.plugins.pkcs11.use_pubkey", FALSE, lib->ns)) { plugin_features_add(f, f_pubkey, countof(f_pubkey) - (use_ecc ? 0 : 1), &count); } if (lib->settings->get_bool(lib->settings, - "libstrongswan.plugins.pkcs11.use_hasher", FALSE)) + "%s.plugins.pkcs11.use_hasher", FALSE, lib->ns)) { plugin_features_add(f, f_hash, countof(f_hash), &count); } if (lib->settings->get_bool(lib->settings, - "libstrongswan.plugins.pkcs11.use_rng", FALSE)) + "%s.plugins.pkcs11.use_rng", FALSE, lib->ns)) { plugin_features_add(f, f_rng, countof(f_rng), &count); } if (lib->settings->get_bool(lib->settings, - "libstrongswan.plugins.pkcs11.use_dh", FALSE)) + "%s.plugins.pkcs11.use_dh", FALSE, lib->ns)) { plugin_features_add(f, f_dh, countof(f_dh), &count); if (use_ecc) diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in index 1972f33b3..67b1f4f57 100644 --- a/src/libstrongswan/plugins/pkcs12/Makefile.in +++ b/src/libstrongswan/plugins/pkcs12/Makefile.in @@ -217,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in index 300212173..feff6e5b0 100644 --- a/src/libstrongswan/plugins/pkcs7/Makefile.in +++ b/src/libstrongswan/plugins/pkcs7/Makefile.in @@ -219,8 +219,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -288,6 +286,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -376,12 +379,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -396,6 +403,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in index e2ccb326d..35a5c9a35 100644 --- a/src/libstrongswan/plugins/pkcs8/Makefile.in +++ b/src/libstrongswan/plugins/pkcs8/Makefile.in @@ -216,8 +216,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index 5ed0a9b0f..08a8442ea 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010-2013 Tobias Brunner + * Copyright (C) 2010-2014 Tobias Brunner * Copyright (C) 2007 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -28,6 +28,7 @@ #include <utils/debug.h> #include <library.h> #include <collections/hashtable.h> +#include <collections/array.h> #include <collections/linked_list.h> #include <plugins/plugin.h> #include <utils/integrity_checker.h> @@ -936,18 +937,146 @@ static bool find_plugin(char *path, char *name, char *buf, char **file) return FALSE; } +/** + * Used to sort plugins by priority + */ +typedef struct { + /* name of the plugin */ + char *name; + /* the plugins priority */ + int prio; + /* default priority */ + int def; +} plugin_priority_t; + +static void plugin_priority_free(const plugin_priority_t *this, int idx, + void *user) +{ + free(this->name); +} + +/** + * Sort plugins and their priority by name + */ +static int plugin_priority_cmp_name(const plugin_priority_t *a, + const plugin_priority_t *b) +{ + return strcmp(a->name, b->name); +} + +/** + * Sort plugins by decreasing priority or default priority then by name + */ +static int plugin_priority_cmp(const plugin_priority_t *a, + const plugin_priority_t *b, void *user) +{ + int diff; + + diff = b->prio - a->prio; + if (!diff) + { /* the same priority, use default order */ + diff = b->def - a->def; + if (!diff) + { /* same default priority (i.e. both were not found in that list) */ + return strcmp(a->name, b->name); + } + } + return diff; +} + + +/** + * Determine the list of plugins to load via load option in each plugin's + * config section. + */ +static char *modular_pluginlist(char *list) +{ + enumerator_t *enumerator; + array_t *given, *final; + plugin_priority_t item, *current, found; + char *plugin, *plugins = NULL; + int i = 0, max_prio; + + if (!lib->settings->get_bool(lib->settings, "%s.load_modular", FALSE, + lib->ns)) + { + return list; + } + + given = array_create(sizeof(plugin_priority_t), 0); + final = array_create(sizeof(plugin_priority_t), 0); + + enumerator = enumerator_create_token(list, " ", " "); + while (enumerator->enumerate(enumerator, &plugin)) + { + item.name = strdup(plugin); + item.prio = i++; + array_insert(given, ARRAY_TAIL, &item); + } + enumerator->destroy(enumerator); + array_sort(given, (void*)plugin_priority_cmp_name, NULL); + /* the maximum priority used for plugins not found in this list */ + max_prio = i + 1; + + enumerator = lib->settings->create_section_enumerator(lib->settings, + "%s.plugins", lib->ns); + while (enumerator->enumerate(enumerator, &plugin)) + { + item.prio = lib->settings->get_int(lib->settings, + "%s.plugins.%s.load", 0, lib->ns, plugin); + if (!item.prio) + { + if (!lib->settings->get_bool(lib->settings, + "%s.plugins.%s.load", FALSE, lib->ns, plugin)) + { + continue; + } + item.prio = 1; + } + item.name = plugin; + item.def = max_prio; + if (array_bsearch(given, &item, (void*)plugin_priority_cmp_name, + &found) != -1) + { + item.def = max_prio - found.prio; + } + array_insert(final, ARRAY_TAIL, &item); + } + enumerator->destroy(enumerator); + array_destroy_function(given, (void*)plugin_priority_free, NULL); + + array_sort(final, (void*)plugin_priority_cmp, NULL); + + enumerator = array_create_enumerator(final); + while (enumerator->enumerate(enumerator, ¤t)) + { + char *prev = plugins; + if (asprintf(&plugins, "%s %s", plugins ?: "", current->name) < 0) + { + plugins = prev; + break; + } + free(prev); + } + enumerator->destroy(enumerator); + array_destroy(final); + return plugins; +} + METHOD(plugin_loader_t, load_plugins, bool, private_plugin_loader_t *this, char *list) { enumerator_t *enumerator; - char *default_path = NULL, *token; + char *default_path = NULL, *plugins, *token; bool critical_failed = FALSE; #ifdef PLUGINDIR default_path = PLUGINDIR; #endif /* PLUGINDIR */ - enumerator = enumerator_create_token(list, " ", " "); + plugins = modular_pluginlist(list); + + enumerator = enumerator_create_token(plugins, " ", " "); while (!critical_failed && enumerator->enumerate(enumerator, &token)) { plugin_entry_t *entry; @@ -1006,6 +1135,10 @@ METHOD(plugin_loader_t, load_plugins, bool, free(this->loaded_plugins); this->loaded_plugins = loaded_plugins_list(this); } + if (plugins != list) + { + free(plugins); + } return !critical_failed; } @@ -1170,3 +1303,22 @@ plugin_loader_t *plugin_loader_create() return &this->public; } + +/* + * See header + */ +void plugin_loader_add_plugindirs(char *basedir, char *plugins) +{ + enumerator_t *enumerator; + char *name, path[PATH_MAX], dir[64]; + + enumerator = enumerator_create_token(plugins, " ", ""); + while (enumerator->enumerate(enumerator, &name)) + { + snprintf(dir, sizeof(dir), "%s", name); + translate(dir, "-", "_"); + snprintf(path, sizeof(path), "%s/%s/.libs", basedir, dir); + lib->plugins->add_path(lib->plugins, path); + } + enumerator->destroy(enumerator); +} diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h index 285b33910..fec57ce98 100644 --- a/src/libstrongswan/plugins/plugin_loader.h +++ b/src/libstrongswan/plugins/plugin_loader.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012-2013 Tobias Brunner + * Copyright (C) 2012-2014 Tobias Brunner * Copyright (C) 2007 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -67,6 +67,13 @@ struct plugin_loader_t { * for the plugins first, in the order they were added, then the default * path follows. * + * If \<ns>.load_modular is enabled (where \<ns> is lib->ns) the plugins to + * load are determined via a load option in their respective plugin config + * section e.g. \<ns>.plugins.\<plugin>.load = <priority|bool>. + * The oder is determined by the configured priority. If two plugins have + * the same priority the order as seen in list is preserved. Plugins not + * found in list are loaded first, in alphabetical order. + * * @note Even though this method could be called multiple times this is * currently not really supported in regards to plugin features and their * dependencies (in particular soft dependencies). @@ -146,4 +153,13 @@ struct plugin_loader_t { */ plugin_loader_t *plugin_loader_create(); +/** + * Convenience function to add plugin directories for the given plugins within + * the given base directory according to the conventions in the src/build tree. + * + * @param basedir base directory + * @param plugins space separated list of plugins + */ +void plugin_loader_add_plugindirs(char *basedir, char *plugins); + #endif /** PLUGIN_LOADER_H_ @}*/ diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index c5b3bad05..803eeab44 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -217,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index 492bc31ac..0efe24cb7 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -217,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c index 24c711a69..1f1079240 100644 --- a/src/libstrongswan/plugins/random/random_plugin.c +++ b/src/libstrongswan/plugins/random/random_plugin.c @@ -51,6 +51,9 @@ static int dev_random = -1; /** /dev/urandom file descriptor */ static int dev_urandom = -1; +/** Is strong randomness equivalent to true randomness? */ +static bool strong_equals_true = FALSE; + /** * See header. */ @@ -68,6 +71,14 @@ int random_plugin_get_dev_urandom() } /** + * See header. + */ +bool random_plugin_get_strong_equals_true() +{ + return strong_equals_true; +} + +/** * Open a random device file */ static bool open_dev(char *file, int *fd) @@ -131,10 +142,12 @@ plugin_t *random_plugin_create() }, ); + strong_equals_true = lib->settings->get_bool(lib->settings, + "%s.plugins.random.strong_equals_true", FALSE, lib->ns); urandom_file = lib->settings->get_str(lib->settings, - "libstrongswan.plugins.random.urandom", DEV_URANDOM); + "%s.plugins.random.urandom", DEV_URANDOM, lib->ns); random_file = lib->settings->get_str(lib->settings, - "libstrongswan.plugins.random.random", DEV_RANDOM); + "%s.plugins.random.random", DEV_RANDOM, lib->ns); if (!open_dev(urandom_file, &dev_urandom) || !open_dev(random_file, &dev_random)) { diff --git a/src/libstrongswan/plugins/random/random_plugin.h b/src/libstrongswan/plugins/random/random_plugin.h index c34fa8196..ff79bef0c 100644 --- a/src/libstrongswan/plugins/random/random_plugin.h +++ b/src/libstrongswan/plugins/random/random_plugin.h @@ -49,4 +49,9 @@ int random_plugin_get_dev_random(); */ int random_plugin_get_dev_urandom(); +/** + * Must strong randomness be equivalent to true randomness? + */ +bool random_plugin_get_strong_equals_true(); + #endif /** RANDOM_PLUGIN_H_ @}*/ diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c index 568844899..36d5446b8 100644 --- a/src/libstrongswan/plugins/random/random_rng.c +++ b/src/libstrongswan/plugins/random/random_rng.c @@ -99,6 +99,10 @@ random_rng_t *random_rng_create(rng_quality_t quality) this->fd = random_plugin_get_dev_random(); break; case RNG_STRONG: + this->fd = random_plugin_get_strong_equals_true() ? + random_plugin_get_dev_random() : + random_plugin_get_dev_urandom(); + break; case RNG_WEAK: default: this->fd = random_plugin_get_dev_urandom(); diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in index e2cdbac7a..afcbc07eb 100644 --- a/src/libstrongswan/plugins/rc2/Makefile.in +++ b/src/libstrongswan/plugins/rc2/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in index 0a3063f04..88b283e87 100644 --- a/src/libstrongswan/plugins/rdrand/Makefile.in +++ b/src/libstrongswan/plugins/rdrand/Makefile.in @@ -217,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/rdrand/rdrand_plugin.c b/src/libstrongswan/plugins/rdrand/rdrand_plugin.c index 4bdfc258e..b416c872f 100644 --- a/src/libstrongswan/plugins/rdrand/rdrand_plugin.c +++ b/src/libstrongswan/plugins/rdrand/rdrand_plugin.c @@ -77,11 +77,11 @@ static bool have_rdrand() cpuid(1, &a, &b, &c, &d); if (c & CPUID_RDRAND) { - DBG1(DBG_LIB, "detected RDRAND support on %s CPU", vendor); + DBG2(DBG_LIB, "detected RDRAND support on %s CPU", vendor); return TRUE; } } - DBG1(DBG_LIB, "no RDRAND support on %s CPU, disabled", vendor); + DBG2(DBG_LIB, "no RDRAND support on %s CPU, disabled", vendor); return FALSE; } @@ -102,7 +102,11 @@ METHOD(plugin_t, get_features, int, PLUGIN_DEPENDS(CRYPTER, ENCR_AES_CBC, 16), }; *features = f; - return countof(f); + if (have_rdrand()) + { + return countof(f); + } + return 0; } METHOD(plugin_t, destroy, void, @@ -122,16 +126,12 @@ plugin_t *rdrand_plugin_create() .public = { .plugin = { .get_name = _get_name, + .get_features = _get_features, .reload = (void*)return_false, .destroy = _destroy, }, }, ); - if (have_rdrand()) - { - this->public.plugin.get_features = _get_features; - } - return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index fe9aa16e7..745ee83e7 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index 2095dbdb7..e57eb78ab 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -216,8 +216,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index 2eb572f70..c044178b9 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in index 5483bf91f..cc16ef5cb 100644 --- a/src/libstrongswan/plugins/soup/Makefile.in +++ b/src/libstrongswan/plugins/soup/Makefile.in @@ -216,8 +216,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -285,6 +283,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -373,12 +376,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -393,6 +400,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index 13c0bf86d..c428b883f 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in index a62d22a5b..3c9926acc 100644 --- a/src/libstrongswan/plugins/sshkey/Makefile.in +++ b/src/libstrongswan/plugins/sshkey/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.c b/src/libstrongswan/plugins/sshkey/sshkey_builder.c index 569b0b738..652663108 100644 --- a/src/libstrongswan/plugins/sshkey/sshkey_builder.c +++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.c @@ -13,6 +13,7 @@ * for more details. */ +#define _GNU_SOURCE /* for fmemopen() */ #include <unistd.h> #include <stdio.h> #include <errno.h> diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index d4cbde107..a1439f6ea 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -232,8 +232,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -301,6 +299,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -389,12 +392,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -409,6 +416,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in index d79803189..961311eb0 100644 --- a/src/libstrongswan/plugins/unbound/Makefile.in +++ b/src/libstrongswan/plugins/unbound/Makefile.in @@ -218,8 +218,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -287,6 +285,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -375,12 +378,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -395,6 +402,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/unbound/unbound_resolver.c b/src/libstrongswan/plugins/unbound/unbound_resolver.c index 42cdbc6cc..745e59d5b 100644 --- a/src/libstrongswan/plugins/unbound/unbound_resolver.c +++ b/src/libstrongswan/plugins/unbound/unbound_resolver.c @@ -97,14 +97,14 @@ resolver_t *unbound_resolver_create(void) char *resolv_conf, *trust_anchors, *dlv_anchors; resolv_conf = lib->settings->get_str(lib->settings, - "libstrongswan.plugins.unbound.resolv_conf", - RESOLV_CONF_FILE); + "%s.plugins.unbound.resolv_conf", + RESOLV_CONF_FILE, lib->ns); trust_anchors = lib->settings->get_str(lib->settings, - "libstrongswan.plugins.unbound.trust_anchors", - TRUST_ANCHOR_FILE); + "%s.plugins.unbound.trust_anchors", + TRUST_ANCHOR_FILE, lib->ns); dlv_anchors = lib->settings->get_str(lib->settings, - "libstrongswan.plugins.unbound.dlv_anchors", - NULL); + "%s.plugins.unbound.dlv_anchors", + NULL, lib->ns); INIT(this, .public = { diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 09d300255..74552e00b 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -217,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -286,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -374,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -394,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 85c481552..ed850e8f5 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -20,14 +20,14 @@ #define _GNU_SOURCE -#include "x509_cert.h" - #include <sys/stat.h> #include <time.h> #include <unistd.h> #include <string.h> #include <stdio.h> +#include "x509_cert.h" + #include <library.h> #include <utils/debug.h> #include <asn1/oid.h> @@ -1446,7 +1446,7 @@ static bool parse_certificate(private_x509_cert_t *this) break; default: if (critical && lib->settings->get_bool(lib->settings, - "libstrongswan.x509.enforce_critical", TRUE)) + "%s.x509.enforce_critical", TRUE, lib->ns)) { DBG1(DBG_ASN, "critical '%s' extension not supported", (extn_oid == OID_UNKNOWN) ? "unknown" : diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index efb70c94c..d6057c30f 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -325,7 +325,7 @@ static bool parse(private_x509_crl_t *this) break; default: if (critical && lib->settings->get_bool(lib->settings, - "libstrongswan.x509.enforce_critical", TRUE)) + "%s.x509.enforce_critical", TRUE, lib->ns)) { DBG1(DBG_ASN, "critical '%s' extension not supported", (extn_oid == OID_UNKNOWN) ? "unknown" : diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 59ee48377..c8f886c60 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -215,8 +215,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -284,6 +282,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -372,12 +375,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -392,6 +399,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libstrongswan/processing/processor.c b/src/libstrongswan/processing/processor.c index adbd95685..012b169e3 100644 --- a/src/libstrongswan/processing/processor.c +++ b/src/libstrongswan/processing/processor.c @@ -545,7 +545,7 @@ processor_t *processor_create() { this->jobs[i] = linked_list_create(); this->prio_threads[i] = lib->settings->get_int(lib->settings, - "libstrongswan.processor.priority_threads.%N", 0, + "%s.processor.priority_threads.%N", 0, lib->ns, job_priority_names, i); } diff --git a/src/libstrongswan/processing/watcher.c b/src/libstrongswan/processing/watcher.c index 9773e7601..cc3c3a788 100644 --- a/src/libstrongswan/processing/watcher.c +++ b/src/libstrongswan/processing/watcher.c @@ -340,7 +340,7 @@ static job_requeue_t watch(private_watcher_t *this) } else { - if (!this->pending) + if (!this->pending && errno != EINTR) { /* complain only if no pending updates */ DBG1(DBG_JOB, "watcher select() error: %s", strerror(errno)); } diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am index c3d41a1cd..331a5480d 100644 --- a/src/libstrongswan/tests/Makefile.am +++ b/src/libstrongswan/tests/Makefile.am @@ -1,23 +1,62 @@ -TESTS = test_runner +check_LTLIBRARIES = libtest.la + +libtest_la_SOURCES = \ + test_suite.c test_suite.h \ + test_runner.c test_runner.h \ + utils/test_rng.c utils/test_rng.h + +libtest_la_CFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + @COVERAGE_CFLAGS@ + +libtest_la_LDFLAGS = @COVERAGE_LDFLAGS@ +libtest_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(PTHREADLIB) + + +TESTS = tests check_PROGRAMS = $(TESTS) -test_runner_SOURCES = \ - test_runner.c test_runner.h test_suite.h \ - test_linked_list.c test_enumerator.c test_linked_list_enumerator.c \ - test_bio_reader.c test_bio_writer.c test_chunk.c test_enum.c test_hashtable.c \ - test_identification.c test_threading.c test_utils.c test_vectors.c \ - test_array.c test_ecdsa.c test_rsa.c test_host.c test_printf.c +tests_SOURCES = tests.h tests.c \ + suites/test_linked_list.c \ + suites/test_enumerator.c \ + suites/test_linked_list_enumerator.c \ + suites/test_bio_reader.c \ + suites/test_bio_writer.c \ + suites/test_chunk.c \ + suites/test_enum.c \ + suites/test_hashtable.c \ + suites/test_identification.c \ + suites/test_threading.c \ + suites/test_watcher.c \ + suites/test_stream.c \ + suites/test_fetch_http.c \ + suites/test_utils.c \ + suites/test_settings.c \ + suites/test_vectors.c \ + suites/test_array.c \ + suites/test_ecdsa.c \ + suites/test_rsa.c \ + suites/test_host.c \ + suites/test_hasher.c \ + suites/test_crypter.c \ + suites/test_pen.c \ + suites/test_asn1.c \ + suites/test_asn1_parser.c \ + suites/test_printf.c \ + suites/test_test_rng.c \ + suites/test_ntru.c -test_runner_CFLAGS = \ +tests_CFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/tests \ -DPLUGINDIR=\""$(top_builddir)/src/libstrongswan/plugins\"" \ -DPLUGINS=\""${s_plugins}\"" \ - @COVERAGE_CFLAGS@ \ - @CHECK_CFLAGS@ + @COVERAGE_CFLAGS@ -test_runner_LDFLAGS = @COVERAGE_LDFLAGS@ -test_runner_LDADD = \ +tests_LDFLAGS = @COVERAGE_LDFLAGS@ +tests_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(PTHREADLIB) \ - @CHECK_LIBS@ + libtest.la diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in index adeae1a81..656be4efb 100644 --- a/src/libstrongswan/tests/Makefile.in +++ b/src/libstrongswan/tests/Makefile.in @@ -77,11 +77,11 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -TESTS = test_runner$(EXEEXT) +TESTS = tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libstrongswan/tests DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp $(top_srcdir)/test-driver + $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -99,36 +99,57 @@ mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -am__EXEEXT_1 = test_runner$(EXEEXT) -am_test_runner_OBJECTS = test_runner-test_runner.$(OBJEXT) \ - test_runner-test_linked_list.$(OBJEXT) \ - test_runner-test_enumerator.$(OBJEXT) \ - test_runner-test_linked_list_enumerator.$(OBJEXT) \ - test_runner-test_bio_reader.$(OBJEXT) \ - test_runner-test_bio_writer.$(OBJEXT) \ - test_runner-test_chunk.$(OBJEXT) \ - test_runner-test_enum.$(OBJEXT) \ - test_runner-test_hashtable.$(OBJEXT) \ - test_runner-test_identification.$(OBJEXT) \ - test_runner-test_threading.$(OBJEXT) \ - test_runner-test_utils.$(OBJEXT) \ - test_runner-test_vectors.$(OBJEXT) \ - test_runner-test_array.$(OBJEXT) \ - test_runner-test_ecdsa.$(OBJEXT) \ - test_runner-test_rsa.$(OBJEXT) test_runner-test_host.$(OBJEXT) \ - test_runner-test_printf.$(OBJEXT) -test_runner_OBJECTS = $(am_test_runner_OBJECTS) am__DEPENDENCIES_1 = -test_runner_DEPENDENCIES = \ +libtest_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(am__DEPENDENCIES_1) +am__dirstamp = $(am__leading_dot)dirstamp +am_libtest_la_OBJECTS = libtest_la-test_suite.lo \ + libtest_la-test_runner.lo utils/libtest_la-test_rng.lo +libtest_la_OBJECTS = $(am_libtest_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = -test_runner_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ - $(LIBTOOLFLAGS) --mode=link $(CCLD) $(test_runner_CFLAGS) \ - $(CFLAGS) $(test_runner_LDFLAGS) $(LDFLAGS) -o $@ +libtest_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(libtest_la_CFLAGS) \ + $(CFLAGS) $(libtest_la_LDFLAGS) $(LDFLAGS) -o $@ +am__EXEEXT_1 = tests$(EXEEXT) +am_tests_OBJECTS = tests-tests.$(OBJEXT) \ + suites/tests-test_linked_list.$(OBJEXT) \ + suites/tests-test_enumerator.$(OBJEXT) \ + suites/tests-test_linked_list_enumerator.$(OBJEXT) \ + suites/tests-test_bio_reader.$(OBJEXT) \ + suites/tests-test_bio_writer.$(OBJEXT) \ + suites/tests-test_chunk.$(OBJEXT) \ + suites/tests-test_enum.$(OBJEXT) \ + suites/tests-test_hashtable.$(OBJEXT) \ + suites/tests-test_identification.$(OBJEXT) \ + suites/tests-test_threading.$(OBJEXT) \ + suites/tests-test_watcher.$(OBJEXT) \ + suites/tests-test_stream.$(OBJEXT) \ + suites/tests-test_fetch_http.$(OBJEXT) \ + suites/tests-test_utils.$(OBJEXT) \ + suites/tests-test_settings.$(OBJEXT) \ + suites/tests-test_vectors.$(OBJEXT) \ + suites/tests-test_array.$(OBJEXT) \ + suites/tests-test_ecdsa.$(OBJEXT) \ + suites/tests-test_rsa.$(OBJEXT) \ + suites/tests-test_host.$(OBJEXT) \ + suites/tests-test_hasher.$(OBJEXT) \ + suites/tests-test_crypter.$(OBJEXT) \ + suites/tests-test_pen.$(OBJEXT) \ + suites/tests-test_asn1.$(OBJEXT) \ + suites/tests-test_asn1_parser.$(OBJEXT) \ + suites/tests-test_printf.$(OBJEXT) \ + suites/tests-test_test_rng.$(OBJEXT) \ + suites/tests-test_ntru.$(OBJEXT) +tests_OBJECTS = $(am_tests_OBJECTS) +tests_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la libtest.la +tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(tests_CFLAGS) $(CFLAGS) \ + $(tests_LDFLAGS) $(LDFLAGS) -o $@ AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -163,8 +184,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(test_runner_SOURCES) -DIST_SOURCES = $(test_runner_SOURCES) +SOURCES = $(libtest_la_SOURCES) $(tests_SOURCES) +DIST_SOURCES = $(libtest_la_SOURCES) $(tests_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -211,188 +232,6 @@ am__tty_colors = { \ std='[m'; \ fi; \ } -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -am__recheck_rx = ^[ ]*:recheck:[ ]* -am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* -am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* -# A command that, given a newline-separated list of test names on the -# standard input, print the name of the tests that are to be re-run -# upon "make recheck". -am__list_recheck_tests = $(AWK) '{ \ - recheck = 1; \ - while ((rc = (getline line < ($$0 ".trs"))) != 0) \ - { \ - if (rc < 0) \ - { \ - if ((getline line2 < ($$0 ".log")) < 0) \ - recheck = 0; \ - break; \ - } \ - else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ - { \ - recheck = 0; \ - break; \ - } \ - else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ - { \ - break; \ - } \ - }; \ - if (recheck) \ - print $$0; \ - close ($$0 ".trs"); \ - close ($$0 ".log"); \ -}' -# A command that, given a newline-separated list of test names on the -# standard input, create the global log from their .trs and .log files. -am__create_global_log = $(AWK) ' \ -function fatal(msg) \ -{ \ - print "fatal: making $@: " msg | "cat >&2"; \ - exit 1; \ -} \ -function rst_section(header) \ -{ \ - print header; \ - len = length(header); \ - for (i = 1; i <= len; i = i + 1) \ - printf "="; \ - printf "\n\n"; \ -} \ -{ \ - copy_in_global_log = 1; \ - global_test_result = "RUN"; \ - while ((rc = (getline line < ($$0 ".trs"))) != 0) \ - { \ - if (rc < 0) \ - fatal("failed to read from " $$0 ".trs"); \ - if (line ~ /$(am__global_test_result_rx)/) \ - { \ - sub("$(am__global_test_result_rx)", "", line); \ - sub("[ ]*$$", "", line); \ - global_test_result = line; \ - } \ - else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ - copy_in_global_log = 0; \ - }; \ - if (copy_in_global_log) \ - { \ - rst_section(global_test_result ": " $$0); \ - while ((rc = (getline line < ($$0 ".log"))) != 0) \ - { \ - if (rc < 0) \ - fatal("failed to read from " $$0 ".log"); \ - print line; \ - }; \ - printf "\n"; \ - }; \ - close ($$0 ".trs"); \ - close ($$0 ".log"); \ -}' -# Restructured Text title. -am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } -# Solaris 10 'make', and several other traditional 'make' implementations, -# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it -# by disabling -e (using the XSI extension "set +e") if it's set. -am__sh_e_setup = case $$- in *e*) set +e;; esac -# Default flags passed to test drivers. -am__common_driver_flags = \ - --color-tests "$$am__color_tests" \ - --enable-hard-errors "$$am__enable_hard_errors" \ - --expect-failure "$$am__expect_failure" -# To be inserted before the command running the test. Creates the -# directory for the log if needed. Stores in $dir the directory -# containing $f, in $tst the test, in $log the log. Executes the -# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and -# passes TESTS_ENVIRONMENT. Set up options for the wrapper that -# will run the test scripts (or their associated LOG_COMPILER, if -# thy have one). -am__check_pre = \ -$(am__sh_e_setup); \ -$(am__vpath_adj_setup) $(am__vpath_adj) \ -$(am__tty_colors); \ -srcdir=$(srcdir); export srcdir; \ -case "$@" in \ - */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ - *) am__odir=.;; \ -esac; \ -test "x$$am__odir" = x"." || test -d "$$am__odir" \ - || $(MKDIR_P) "$$am__odir" || exit $$?; \ -if test -f "./$$f"; then dir=./; \ -elif test -f "$$f"; then dir=; \ -else dir="$(srcdir)/"; fi; \ -tst=$$dir$$f; log='$@'; \ -if test -n '$(DISABLE_HARD_ERRORS)'; then \ - am__enable_hard_errors=no; \ -else \ - am__enable_hard_errors=yes; \ -fi; \ -case " $(XFAIL_TESTS) " in \ - *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ - am__expect_failure=yes;; \ - *) \ - am__expect_failure=no;; \ -esac; \ -$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) -# A shell command to get the names of the tests scripts with any registered -# extension removed (i.e., equivalently, the names of the test logs, with -# the '.log' extension removed). The result is saved in the shell variable -# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, -# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", -# since that might cause problem with VPATH rewrites for suffix-less tests. -# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. -am__set_TESTS_bases = \ - bases='$(TEST_LOGS)'; \ - bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ - bases=`echo $$bases` -RECHECK_LOGS = $(TEST_LOGS) -AM_RECURSIVE_TARGETS = check recheck -TEST_SUITE_LOG = test-suite.log -TEST_EXTENSIONS = @EXEEXT@ .test -LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver -LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) -am__set_b = \ - case '$@' in \ - */*) \ - case '$*' in \ - */*) b='$*';; \ - *) b=`echo '$@' | sed 's/\.log$$//'`; \ - esac;; \ - *) \ - b='$*';; \ - esac -am__test_logs1 = $(TESTS:=.log) -am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) -TEST_LOGS = $(am__test_logs2:.test.log=.log) -TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver -TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ - $(TEST_LOG_FLAGS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ @@ -408,8 +247,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -477,6 +314,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -565,12 +407,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -585,6 +431,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -595,30 +442,67 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -test_runner_SOURCES = \ - test_runner.c test_runner.h test_suite.h \ - test_linked_list.c test_enumerator.c test_linked_list_enumerator.c \ - test_bio_reader.c test_bio_writer.c test_chunk.c test_enum.c test_hashtable.c \ - test_identification.c test_threading.c test_utils.c test_vectors.c \ - test_array.c test_ecdsa.c test_rsa.c test_host.c test_printf.c - -test_runner_CFLAGS = \ +check_LTLIBRARIES = libtest.la +libtest_la_SOURCES = \ + test_suite.c test_suite.h \ + test_runner.c test_runner.h \ + utils/test_rng.c utils/test_rng.h + +libtest_la_CFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + @COVERAGE_CFLAGS@ + +libtest_la_LDFLAGS = @COVERAGE_LDFLAGS@ +libtest_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(PTHREADLIB) + +tests_SOURCES = tests.h tests.c \ + suites/test_linked_list.c \ + suites/test_enumerator.c \ + suites/test_linked_list_enumerator.c \ + suites/test_bio_reader.c \ + suites/test_bio_writer.c \ + suites/test_chunk.c \ + suites/test_enum.c \ + suites/test_hashtable.c \ + suites/test_identification.c \ + suites/test_threading.c \ + suites/test_watcher.c \ + suites/test_stream.c \ + suites/test_fetch_http.c \ + suites/test_utils.c \ + suites/test_settings.c \ + suites/test_vectors.c \ + suites/test_array.c \ + suites/test_ecdsa.c \ + suites/test_rsa.c \ + suites/test_host.c \ + suites/test_hasher.c \ + suites/test_crypter.c \ + suites/test_pen.c \ + suites/test_asn1.c \ + suites/test_asn1_parser.c \ + suites/test_printf.c \ + suites/test_test_rng.c \ + suites/test_ntru.c + +tests_CFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/tests \ -DPLUGINDIR=\""$(top_builddir)/src/libstrongswan/plugins\"" \ -DPLUGINS=\""${s_plugins}\"" \ - @COVERAGE_CFLAGS@ \ - @CHECK_CFLAGS@ + @COVERAGE_CFLAGS@ -test_runner_LDFLAGS = @COVERAGE_LDFLAGS@ -test_runner_LDADD = \ +tests_LDFLAGS = @COVERAGE_LDFLAGS@ +tests_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(PTHREADLIB) \ - @CHECK_LIBS@ + libtest.la all: all-am .SUFFIXES: -.SUFFIXES: .c .lo .log .o .obj .test .test$(EXEEXT) .trs +.SUFFIXES: .c .lo .o .obj $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ @@ -650,6 +534,28 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): +clean-checkLTLIBRARIES: + -test -z "$(check_LTLIBRARIES)" || rm -f $(check_LTLIBRARIES) + @list='$(check_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } +utils/$(am__dirstamp): + @$(MKDIR_P) utils + @: > utils/$(am__dirstamp) +utils/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) utils/$(DEPDIR) + @: > utils/$(DEPDIR)/$(am__dirstamp) +utils/libtest_la-test_rng.lo: utils/$(am__dirstamp) \ + utils/$(DEPDIR)/$(am__dirstamp) + +libtest.la: $(libtest_la_OBJECTS) $(libtest_la_DEPENDENCIES) $(EXTRA_libtest_la_DEPENDENCIES) + $(AM_V_CCLD)$(libtest_la_LINK) $(libtest_la_OBJECTS) $(libtest_la_LIBADD) $(LIBS) + clean-checkPROGRAMS: @list='$(check_PROGRAMS)'; test -n "$$list" || exit 0; \ echo " rm -f" $$list; \ @@ -658,35 +564,114 @@ clean-checkPROGRAMS: list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list - -test_runner$(EXEEXT): $(test_runner_OBJECTS) $(test_runner_DEPENDENCIES) $(EXTRA_test_runner_DEPENDENCIES) - @rm -f test_runner$(EXEEXT) - $(AM_V_CCLD)$(test_runner_LINK) $(test_runner_OBJECTS) $(test_runner_LDADD) $(LIBS) +suites/$(am__dirstamp): + @$(MKDIR_P) suites + @: > suites/$(am__dirstamp) +suites/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) suites/$(DEPDIR) + @: > suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_linked_list.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_enumerator.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_linked_list_enumerator.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_bio_reader.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_bio_writer.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_chunk.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_enum.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_hashtable.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_identification.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_threading.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_watcher.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_stream.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_fetch_http.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_utils.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_settings.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_vectors.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_array.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_ecdsa.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_rsa.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_host.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_hasher.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_crypter.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_pen.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_asn1.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_asn1_parser.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_printf.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_test_rng.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) +suites/tests-test_ntru.$(OBJEXT): suites/$(am__dirstamp) \ + suites/$(DEPDIR)/$(am__dirstamp) + +tests$(EXEEXT): $(tests_OBJECTS) $(tests_DEPENDENCIES) $(EXTRA_tests_DEPENDENCIES) + @rm -f tests$(EXEEXT) + $(AM_V_CCLD)$(tests_LINK) $(tests_OBJECTS) $(tests_LDADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) + -rm -f suites/*.$(OBJEXT) + -rm -f utils/*.$(OBJEXT) + -rm -f utils/*.lo distclean-compile: -rm -f *.tab.c -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_array.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_bio_reader.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_bio_writer.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_chunk.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_ecdsa.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_enum.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_enumerator.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_hashtable.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_host.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_identification.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_linked_list.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_linked_list_enumerator.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_printf.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_rsa.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_runner.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_threading.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_utils.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test_runner-test_vectors.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtest_la-test_runner.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libtest_la-test_suite.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tests-tests.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_array.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_asn1.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_asn1_parser.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_bio_reader.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_bio_writer.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_chunk.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_crypter.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_ecdsa.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_enum.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_enumerator.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_fetch_http.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_hasher.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_hashtable.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_host.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_identification.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_linked_list.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_linked_list_enumerator.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_ntru.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_pen.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_printf.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_rsa.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_settings.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_stream.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_test_rng.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_threading.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_utils.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_vectors.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/tests-test_watcher.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/libtest_la-test_rng.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ @@ -712,263 +697,439 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< -test_runner-test_runner.o: test_runner.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_runner.o -MD -MP -MF $(DEPDIR)/test_runner-test_runner.Tpo -c -o test_runner-test_runner.o `test -f 'test_runner.c' || echo '$(srcdir)/'`test_runner.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_runner.Tpo $(DEPDIR)/test_runner-test_runner.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_runner.c' object='test_runner-test_runner.o' libtool=no @AMDEPBACKSLASH@ +libtest_la-test_suite.lo: test_suite.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -MT libtest_la-test_suite.lo -MD -MP -MF $(DEPDIR)/libtest_la-test_suite.Tpo -c -o libtest_la-test_suite.lo `test -f 'test_suite.c' || echo '$(srcdir)/'`test_suite.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libtest_la-test_suite.Tpo $(DEPDIR)/libtest_la-test_suite.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_suite.c' object='libtest_la-test_suite.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-test_suite.lo `test -f 'test_suite.c' || echo '$(srcdir)/'`test_suite.c + +libtest_la-test_runner.lo: test_runner.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -MT libtest_la-test_runner.lo -MD -MP -MF $(DEPDIR)/libtest_la-test_runner.Tpo -c -o libtest_la-test_runner.lo `test -f 'test_runner.c' || echo '$(srcdir)/'`test_runner.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libtest_la-test_runner.Tpo $(DEPDIR)/libtest_la-test_runner.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_runner.c' object='libtest_la-test_runner.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o libtest_la-test_runner.lo `test -f 'test_runner.c' || echo '$(srcdir)/'`test_runner.c + +utils/libtest_la-test_rng.lo: utils/test_rng.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -MT utils/libtest_la-test_rng.lo -MD -MP -MF utils/$(DEPDIR)/libtest_la-test_rng.Tpo -c -o utils/libtest_la-test_rng.lo `test -f 'utils/test_rng.c' || echo '$(srcdir)/'`utils/test_rng.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/libtest_la-test_rng.Tpo utils/$(DEPDIR)/libtest_la-test_rng.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/test_rng.c' object='utils/libtest_la-test_rng.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libtest_la_CFLAGS) $(CFLAGS) -c -o utils/libtest_la-test_rng.lo `test -f 'utils/test_rng.c' || echo '$(srcdir)/'`utils/test_rng.c + +tests-tests.o: tests.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-tests.o -MD -MP -MF $(DEPDIR)/tests-tests.Tpo -c -o tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-tests.Tpo $(DEPDIR)/tests-tests.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='tests-tests.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-tests.o `test -f 'tests.c' || echo '$(srcdir)/'`tests.c + +tests-tests.obj: tests.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT tests-tests.obj -MD -MP -MF $(DEPDIR)/tests-tests.Tpo -c -o tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/tests-tests.Tpo $(DEPDIR)/tests-tests.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='tests.c' object='tests-tests.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o tests-tests.obj `if test -f 'tests.c'; then $(CYGPATH_W) 'tests.c'; else $(CYGPATH_W) '$(srcdir)/tests.c'; fi` + +suites/tests-test_linked_list.o: suites/test_linked_list.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list.o -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list.Tpo -c -o suites/tests-test_linked_list.o `test -f 'suites/test_linked_list.c' || echo '$(srcdir)/'`suites/test_linked_list.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list.Tpo suites/$(DEPDIR)/tests-test_linked_list.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list.c' object='suites/tests-test_linked_list.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list.o `test -f 'suites/test_linked_list.c' || echo '$(srcdir)/'`suites/test_linked_list.c + +suites/tests-test_linked_list.obj: suites/test_linked_list.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list.Tpo -c -o suites/tests-test_linked_list.obj `if test -f 'suites/test_linked_list.c'; then $(CYGPATH_W) 'suites/test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list.Tpo suites/$(DEPDIR)/tests-test_linked_list.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list.c' object='suites/tests-test_linked_list.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list.obj `if test -f 'suites/test_linked_list.c'; then $(CYGPATH_W) 'suites/test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list.c'; fi` + +suites/tests-test_enumerator.o: suites/test_enumerator.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enumerator.o -MD -MP -MF suites/$(DEPDIR)/tests-test_enumerator.Tpo -c -o suites/tests-test_enumerator.o `test -f 'suites/test_enumerator.c' || echo '$(srcdir)/'`suites/test_enumerator.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enumerator.Tpo suites/$(DEPDIR)/tests-test_enumerator.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enumerator.c' object='suites/tests-test_enumerator.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enumerator.o `test -f 'suites/test_enumerator.c' || echo '$(srcdir)/'`suites/test_enumerator.c + +suites/tests-test_enumerator.obj: suites/test_enumerator.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enumerator.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_enumerator.Tpo -c -o suites/tests-test_enumerator.obj `if test -f 'suites/test_enumerator.c'; then $(CYGPATH_W) 'suites/test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enumerator.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enumerator.Tpo suites/$(DEPDIR)/tests-test_enumerator.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enumerator.c' object='suites/tests-test_enumerator.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enumerator.obj `if test -f 'suites/test_enumerator.c'; then $(CYGPATH_W) 'suites/test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enumerator.c'; fi` + +suites/tests-test_linked_list_enumerator.o: suites/test_linked_list_enumerator.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list_enumerator.o -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo -c -o suites/tests-test_linked_list_enumerator.o `test -f 'suites/test_linked_list_enumerator.c' || echo '$(srcdir)/'`suites/test_linked_list_enumerator.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo suites/$(DEPDIR)/tests-test_linked_list_enumerator.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list_enumerator.c' object='suites/tests-test_linked_list_enumerator.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list_enumerator.o `test -f 'suites/test_linked_list_enumerator.c' || echo '$(srcdir)/'`suites/test_linked_list_enumerator.c + +suites/tests-test_linked_list_enumerator.obj: suites/test_linked_list_enumerator.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_linked_list_enumerator.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo -c -o suites/tests-test_linked_list_enumerator.obj `if test -f 'suites/test_linked_list_enumerator.c'; then $(CYGPATH_W) 'suites/test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list_enumerator.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_linked_list_enumerator.Tpo suites/$(DEPDIR)/tests-test_linked_list_enumerator.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_linked_list_enumerator.c' object='suites/tests-test_linked_list_enumerator.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_linked_list_enumerator.obj `if test -f 'suites/test_linked_list_enumerator.c'; then $(CYGPATH_W) 'suites/test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_linked_list_enumerator.c'; fi` + +suites/tests-test_bio_reader.o: suites/test_bio_reader.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_reader.o -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_reader.Tpo -c -o suites/tests-test_bio_reader.o `test -f 'suites/test_bio_reader.c' || echo '$(srcdir)/'`suites/test_bio_reader.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_reader.Tpo suites/$(DEPDIR)/tests-test_bio_reader.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_reader.c' object='suites/tests-test_bio_reader.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_reader.o `test -f 'suites/test_bio_reader.c' || echo '$(srcdir)/'`suites/test_bio_reader.c + +suites/tests-test_bio_reader.obj: suites/test_bio_reader.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_reader.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_reader.Tpo -c -o suites/tests-test_bio_reader.obj `if test -f 'suites/test_bio_reader.c'; then $(CYGPATH_W) 'suites/test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_reader.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_reader.Tpo suites/$(DEPDIR)/tests-test_bio_reader.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_reader.c' object='suites/tests-test_bio_reader.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_reader.obj `if test -f 'suites/test_bio_reader.c'; then $(CYGPATH_W) 'suites/test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_reader.c'; fi` + +suites/tests-test_bio_writer.o: suites/test_bio_writer.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_writer.o -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_writer.Tpo -c -o suites/tests-test_bio_writer.o `test -f 'suites/test_bio_writer.c' || echo '$(srcdir)/'`suites/test_bio_writer.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_writer.Tpo suites/$(DEPDIR)/tests-test_bio_writer.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_writer.c' object='suites/tests-test_bio_writer.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_writer.o `test -f 'suites/test_bio_writer.c' || echo '$(srcdir)/'`suites/test_bio_writer.c + +suites/tests-test_bio_writer.obj: suites/test_bio_writer.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_bio_writer.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_bio_writer.Tpo -c -o suites/tests-test_bio_writer.obj `if test -f 'suites/test_bio_writer.c'; then $(CYGPATH_W) 'suites/test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_writer.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_bio_writer.Tpo suites/$(DEPDIR)/tests-test_bio_writer.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_bio_writer.c' object='suites/tests-test_bio_writer.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_bio_writer.obj `if test -f 'suites/test_bio_writer.c'; then $(CYGPATH_W) 'suites/test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_bio_writer.c'; fi` + +suites/tests-test_chunk.o: suites/test_chunk.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_chunk.o -MD -MP -MF suites/$(DEPDIR)/tests-test_chunk.Tpo -c -o suites/tests-test_chunk.o `test -f 'suites/test_chunk.c' || echo '$(srcdir)/'`suites/test_chunk.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_chunk.Tpo suites/$(DEPDIR)/tests-test_chunk.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_chunk.c' object='suites/tests-test_chunk.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_runner.o `test -f 'test_runner.c' || echo '$(srcdir)/'`test_runner.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_chunk.o `test -f 'suites/test_chunk.c' || echo '$(srcdir)/'`suites/test_chunk.c -test_runner-test_runner.obj: test_runner.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_runner.obj -MD -MP -MF $(DEPDIR)/test_runner-test_runner.Tpo -c -o test_runner-test_runner.obj `if test -f 'test_runner.c'; then $(CYGPATH_W) 'test_runner.c'; else $(CYGPATH_W) '$(srcdir)/test_runner.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_runner.Tpo $(DEPDIR)/test_runner-test_runner.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_runner.c' object='test_runner-test_runner.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_chunk.obj: suites/test_chunk.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_chunk.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_chunk.Tpo -c -o suites/tests-test_chunk.obj `if test -f 'suites/test_chunk.c'; then $(CYGPATH_W) 'suites/test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_chunk.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_chunk.Tpo suites/$(DEPDIR)/tests-test_chunk.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_chunk.c' object='suites/tests-test_chunk.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_runner.obj `if test -f 'test_runner.c'; then $(CYGPATH_W) 'test_runner.c'; else $(CYGPATH_W) '$(srcdir)/test_runner.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_chunk.obj `if test -f 'suites/test_chunk.c'; then $(CYGPATH_W) 'suites/test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_chunk.c'; fi` -test_runner-test_linked_list.o: test_linked_list.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_linked_list.o -MD -MP -MF $(DEPDIR)/test_runner-test_linked_list.Tpo -c -o test_runner-test_linked_list.o `test -f 'test_linked_list.c' || echo '$(srcdir)/'`test_linked_list.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_linked_list.Tpo $(DEPDIR)/test_runner-test_linked_list.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_linked_list.c' object='test_runner-test_linked_list.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_enum.o: suites/test_enum.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enum.o -MD -MP -MF suites/$(DEPDIR)/tests-test_enum.Tpo -c -o suites/tests-test_enum.o `test -f 'suites/test_enum.c' || echo '$(srcdir)/'`suites/test_enum.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enum.Tpo suites/$(DEPDIR)/tests-test_enum.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enum.c' object='suites/tests-test_enum.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_linked_list.o `test -f 'test_linked_list.c' || echo '$(srcdir)/'`test_linked_list.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enum.o `test -f 'suites/test_enum.c' || echo '$(srcdir)/'`suites/test_enum.c -test_runner-test_linked_list.obj: test_linked_list.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_linked_list.obj -MD -MP -MF $(DEPDIR)/test_runner-test_linked_list.Tpo -c -o test_runner-test_linked_list.obj `if test -f 'test_linked_list.c'; then $(CYGPATH_W) 'test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/test_linked_list.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_linked_list.Tpo $(DEPDIR)/test_runner-test_linked_list.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_linked_list.c' object='test_runner-test_linked_list.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_enum.obj: suites/test_enum.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_enum.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_enum.Tpo -c -o suites/tests-test_enum.obj `if test -f 'suites/test_enum.c'; then $(CYGPATH_W) 'suites/test_enum.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enum.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_enum.Tpo suites/$(DEPDIR)/tests-test_enum.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_enum.c' object='suites/tests-test_enum.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_linked_list.obj `if test -f 'test_linked_list.c'; then $(CYGPATH_W) 'test_linked_list.c'; else $(CYGPATH_W) '$(srcdir)/test_linked_list.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_enum.obj `if test -f 'suites/test_enum.c'; then $(CYGPATH_W) 'suites/test_enum.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_enum.c'; fi` -test_runner-test_enumerator.o: test_enumerator.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_enumerator.o -MD -MP -MF $(DEPDIR)/test_runner-test_enumerator.Tpo -c -o test_runner-test_enumerator.o `test -f 'test_enumerator.c' || echo '$(srcdir)/'`test_enumerator.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_enumerator.Tpo $(DEPDIR)/test_runner-test_enumerator.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_enumerator.c' object='test_runner-test_enumerator.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_hashtable.o: suites/test_hashtable.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hashtable.o -MD -MP -MF suites/$(DEPDIR)/tests-test_hashtable.Tpo -c -o suites/tests-test_hashtable.o `test -f 'suites/test_hashtable.c' || echo '$(srcdir)/'`suites/test_hashtable.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hashtable.Tpo suites/$(DEPDIR)/tests-test_hashtable.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hashtable.c' object='suites/tests-test_hashtable.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_enumerator.o `test -f 'test_enumerator.c' || echo '$(srcdir)/'`test_enumerator.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hashtable.o `test -f 'suites/test_hashtable.c' || echo '$(srcdir)/'`suites/test_hashtable.c -test_runner-test_enumerator.obj: test_enumerator.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_enumerator.obj -MD -MP -MF $(DEPDIR)/test_runner-test_enumerator.Tpo -c -o test_runner-test_enumerator.obj `if test -f 'test_enumerator.c'; then $(CYGPATH_W) 'test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/test_enumerator.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_enumerator.Tpo $(DEPDIR)/test_runner-test_enumerator.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_enumerator.c' object='test_runner-test_enumerator.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_hashtable.obj: suites/test_hashtable.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hashtable.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_hashtable.Tpo -c -o suites/tests-test_hashtable.obj `if test -f 'suites/test_hashtable.c'; then $(CYGPATH_W) 'suites/test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hashtable.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hashtable.Tpo suites/$(DEPDIR)/tests-test_hashtable.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hashtable.c' object='suites/tests-test_hashtable.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_enumerator.obj `if test -f 'test_enumerator.c'; then $(CYGPATH_W) 'test_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/test_enumerator.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hashtable.obj `if test -f 'suites/test_hashtable.c'; then $(CYGPATH_W) 'suites/test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hashtable.c'; fi` -test_runner-test_linked_list_enumerator.o: test_linked_list_enumerator.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_linked_list_enumerator.o -MD -MP -MF $(DEPDIR)/test_runner-test_linked_list_enumerator.Tpo -c -o test_runner-test_linked_list_enumerator.o `test -f 'test_linked_list_enumerator.c' || echo '$(srcdir)/'`test_linked_list_enumerator.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_linked_list_enumerator.Tpo $(DEPDIR)/test_runner-test_linked_list_enumerator.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_linked_list_enumerator.c' object='test_runner-test_linked_list_enumerator.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_identification.o: suites/test_identification.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_identification.o -MD -MP -MF suites/$(DEPDIR)/tests-test_identification.Tpo -c -o suites/tests-test_identification.o `test -f 'suites/test_identification.c' || echo '$(srcdir)/'`suites/test_identification.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_identification.Tpo suites/$(DEPDIR)/tests-test_identification.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_identification.c' object='suites/tests-test_identification.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_linked_list_enumerator.o `test -f 'test_linked_list_enumerator.c' || echo '$(srcdir)/'`test_linked_list_enumerator.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_identification.o `test -f 'suites/test_identification.c' || echo '$(srcdir)/'`suites/test_identification.c -test_runner-test_linked_list_enumerator.obj: test_linked_list_enumerator.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_linked_list_enumerator.obj -MD -MP -MF $(DEPDIR)/test_runner-test_linked_list_enumerator.Tpo -c -o test_runner-test_linked_list_enumerator.obj `if test -f 'test_linked_list_enumerator.c'; then $(CYGPATH_W) 'test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/test_linked_list_enumerator.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_linked_list_enumerator.Tpo $(DEPDIR)/test_runner-test_linked_list_enumerator.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_linked_list_enumerator.c' object='test_runner-test_linked_list_enumerator.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_identification.obj: suites/test_identification.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_identification.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_identification.Tpo -c -o suites/tests-test_identification.obj `if test -f 'suites/test_identification.c'; then $(CYGPATH_W) 'suites/test_identification.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_identification.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_identification.Tpo suites/$(DEPDIR)/tests-test_identification.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_identification.c' object='suites/tests-test_identification.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_linked_list_enumerator.obj `if test -f 'test_linked_list_enumerator.c'; then $(CYGPATH_W) 'test_linked_list_enumerator.c'; else $(CYGPATH_W) '$(srcdir)/test_linked_list_enumerator.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_identification.obj `if test -f 'suites/test_identification.c'; then $(CYGPATH_W) 'suites/test_identification.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_identification.c'; fi` -test_runner-test_bio_reader.o: test_bio_reader.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_bio_reader.o -MD -MP -MF $(DEPDIR)/test_runner-test_bio_reader.Tpo -c -o test_runner-test_bio_reader.o `test -f 'test_bio_reader.c' || echo '$(srcdir)/'`test_bio_reader.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_bio_reader.Tpo $(DEPDIR)/test_runner-test_bio_reader.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_bio_reader.c' object='test_runner-test_bio_reader.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_threading.o: suites/test_threading.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_threading.o -MD -MP -MF suites/$(DEPDIR)/tests-test_threading.Tpo -c -o suites/tests-test_threading.o `test -f 'suites/test_threading.c' || echo '$(srcdir)/'`suites/test_threading.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_threading.Tpo suites/$(DEPDIR)/tests-test_threading.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_threading.c' object='suites/tests-test_threading.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_bio_reader.o `test -f 'test_bio_reader.c' || echo '$(srcdir)/'`test_bio_reader.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_threading.o `test -f 'suites/test_threading.c' || echo '$(srcdir)/'`suites/test_threading.c -test_runner-test_bio_reader.obj: test_bio_reader.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_bio_reader.obj -MD -MP -MF $(DEPDIR)/test_runner-test_bio_reader.Tpo -c -o test_runner-test_bio_reader.obj `if test -f 'test_bio_reader.c'; then $(CYGPATH_W) 'test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/test_bio_reader.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_bio_reader.Tpo $(DEPDIR)/test_runner-test_bio_reader.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_bio_reader.c' object='test_runner-test_bio_reader.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_threading.obj: suites/test_threading.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_threading.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_threading.Tpo -c -o suites/tests-test_threading.obj `if test -f 'suites/test_threading.c'; then $(CYGPATH_W) 'suites/test_threading.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_threading.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_threading.Tpo suites/$(DEPDIR)/tests-test_threading.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_threading.c' object='suites/tests-test_threading.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_bio_reader.obj `if test -f 'test_bio_reader.c'; then $(CYGPATH_W) 'test_bio_reader.c'; else $(CYGPATH_W) '$(srcdir)/test_bio_reader.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_threading.obj `if test -f 'suites/test_threading.c'; then $(CYGPATH_W) 'suites/test_threading.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_threading.c'; fi` -test_runner-test_bio_writer.o: test_bio_writer.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_bio_writer.o -MD -MP -MF $(DEPDIR)/test_runner-test_bio_writer.Tpo -c -o test_runner-test_bio_writer.o `test -f 'test_bio_writer.c' || echo '$(srcdir)/'`test_bio_writer.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_bio_writer.Tpo $(DEPDIR)/test_runner-test_bio_writer.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_bio_writer.c' object='test_runner-test_bio_writer.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_watcher.o: suites/test_watcher.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_watcher.o -MD -MP -MF suites/$(DEPDIR)/tests-test_watcher.Tpo -c -o suites/tests-test_watcher.o `test -f 'suites/test_watcher.c' || echo '$(srcdir)/'`suites/test_watcher.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_watcher.Tpo suites/$(DEPDIR)/tests-test_watcher.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_watcher.c' object='suites/tests-test_watcher.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_bio_writer.o `test -f 'test_bio_writer.c' || echo '$(srcdir)/'`test_bio_writer.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_watcher.o `test -f 'suites/test_watcher.c' || echo '$(srcdir)/'`suites/test_watcher.c -test_runner-test_bio_writer.obj: test_bio_writer.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_bio_writer.obj -MD -MP -MF $(DEPDIR)/test_runner-test_bio_writer.Tpo -c -o test_runner-test_bio_writer.obj `if test -f 'test_bio_writer.c'; then $(CYGPATH_W) 'test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/test_bio_writer.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_bio_writer.Tpo $(DEPDIR)/test_runner-test_bio_writer.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_bio_writer.c' object='test_runner-test_bio_writer.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_watcher.obj: suites/test_watcher.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_watcher.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_watcher.Tpo -c -o suites/tests-test_watcher.obj `if test -f 'suites/test_watcher.c'; then $(CYGPATH_W) 'suites/test_watcher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_watcher.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_watcher.Tpo suites/$(DEPDIR)/tests-test_watcher.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_watcher.c' object='suites/tests-test_watcher.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_bio_writer.obj `if test -f 'test_bio_writer.c'; then $(CYGPATH_W) 'test_bio_writer.c'; else $(CYGPATH_W) '$(srcdir)/test_bio_writer.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_watcher.obj `if test -f 'suites/test_watcher.c'; then $(CYGPATH_W) 'suites/test_watcher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_watcher.c'; fi` -test_runner-test_chunk.o: test_chunk.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_chunk.o -MD -MP -MF $(DEPDIR)/test_runner-test_chunk.Tpo -c -o test_runner-test_chunk.o `test -f 'test_chunk.c' || echo '$(srcdir)/'`test_chunk.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_chunk.Tpo $(DEPDIR)/test_runner-test_chunk.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_chunk.c' object='test_runner-test_chunk.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_stream.o: suites/test_stream.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_stream.o -MD -MP -MF suites/$(DEPDIR)/tests-test_stream.Tpo -c -o suites/tests-test_stream.o `test -f 'suites/test_stream.c' || echo '$(srcdir)/'`suites/test_stream.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_stream.Tpo suites/$(DEPDIR)/tests-test_stream.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_stream.c' object='suites/tests-test_stream.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_chunk.o `test -f 'test_chunk.c' || echo '$(srcdir)/'`test_chunk.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_stream.o `test -f 'suites/test_stream.c' || echo '$(srcdir)/'`suites/test_stream.c -test_runner-test_chunk.obj: test_chunk.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_chunk.obj -MD -MP -MF $(DEPDIR)/test_runner-test_chunk.Tpo -c -o test_runner-test_chunk.obj `if test -f 'test_chunk.c'; then $(CYGPATH_W) 'test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/test_chunk.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_chunk.Tpo $(DEPDIR)/test_runner-test_chunk.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_chunk.c' object='test_runner-test_chunk.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_stream.obj: suites/test_stream.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_stream.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_stream.Tpo -c -o suites/tests-test_stream.obj `if test -f 'suites/test_stream.c'; then $(CYGPATH_W) 'suites/test_stream.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_stream.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_stream.Tpo suites/$(DEPDIR)/tests-test_stream.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_stream.c' object='suites/tests-test_stream.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_chunk.obj `if test -f 'test_chunk.c'; then $(CYGPATH_W) 'test_chunk.c'; else $(CYGPATH_W) '$(srcdir)/test_chunk.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_stream.obj `if test -f 'suites/test_stream.c'; then $(CYGPATH_W) 'suites/test_stream.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_stream.c'; fi` -test_runner-test_enum.o: test_enum.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_enum.o -MD -MP -MF $(DEPDIR)/test_runner-test_enum.Tpo -c -o test_runner-test_enum.o `test -f 'test_enum.c' || echo '$(srcdir)/'`test_enum.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_enum.Tpo $(DEPDIR)/test_runner-test_enum.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_enum.c' object='test_runner-test_enum.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_fetch_http.o: suites/test_fetch_http.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_fetch_http.o -MD -MP -MF suites/$(DEPDIR)/tests-test_fetch_http.Tpo -c -o suites/tests-test_fetch_http.o `test -f 'suites/test_fetch_http.c' || echo '$(srcdir)/'`suites/test_fetch_http.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_fetch_http.Tpo suites/$(DEPDIR)/tests-test_fetch_http.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_fetch_http.c' object='suites/tests-test_fetch_http.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_enum.o `test -f 'test_enum.c' || echo '$(srcdir)/'`test_enum.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_fetch_http.o `test -f 'suites/test_fetch_http.c' || echo '$(srcdir)/'`suites/test_fetch_http.c -test_runner-test_enum.obj: test_enum.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_enum.obj -MD -MP -MF $(DEPDIR)/test_runner-test_enum.Tpo -c -o test_runner-test_enum.obj `if test -f 'test_enum.c'; then $(CYGPATH_W) 'test_enum.c'; else $(CYGPATH_W) '$(srcdir)/test_enum.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_enum.Tpo $(DEPDIR)/test_runner-test_enum.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_enum.c' object='test_runner-test_enum.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_fetch_http.obj: suites/test_fetch_http.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_fetch_http.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_fetch_http.Tpo -c -o suites/tests-test_fetch_http.obj `if test -f 'suites/test_fetch_http.c'; then $(CYGPATH_W) 'suites/test_fetch_http.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_fetch_http.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_fetch_http.Tpo suites/$(DEPDIR)/tests-test_fetch_http.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_fetch_http.c' object='suites/tests-test_fetch_http.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_enum.obj `if test -f 'test_enum.c'; then $(CYGPATH_W) 'test_enum.c'; else $(CYGPATH_W) '$(srcdir)/test_enum.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_fetch_http.obj `if test -f 'suites/test_fetch_http.c'; then $(CYGPATH_W) 'suites/test_fetch_http.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_fetch_http.c'; fi` -test_runner-test_hashtable.o: test_hashtable.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_hashtable.o -MD -MP -MF $(DEPDIR)/test_runner-test_hashtable.Tpo -c -o test_runner-test_hashtable.o `test -f 'test_hashtable.c' || echo '$(srcdir)/'`test_hashtable.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_hashtable.Tpo $(DEPDIR)/test_runner-test_hashtable.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_hashtable.c' object='test_runner-test_hashtable.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_utils.o: suites/test_utils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_utils.o -MD -MP -MF suites/$(DEPDIR)/tests-test_utils.Tpo -c -o suites/tests-test_utils.o `test -f 'suites/test_utils.c' || echo '$(srcdir)/'`suites/test_utils.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_utils.Tpo suites/$(DEPDIR)/tests-test_utils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_utils.c' object='suites/tests-test_utils.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_hashtable.o `test -f 'test_hashtable.c' || echo '$(srcdir)/'`test_hashtable.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_utils.o `test -f 'suites/test_utils.c' || echo '$(srcdir)/'`suites/test_utils.c -test_runner-test_hashtable.obj: test_hashtable.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_hashtable.obj -MD -MP -MF $(DEPDIR)/test_runner-test_hashtable.Tpo -c -o test_runner-test_hashtable.obj `if test -f 'test_hashtable.c'; then $(CYGPATH_W) 'test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/test_hashtable.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_hashtable.Tpo $(DEPDIR)/test_runner-test_hashtable.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_hashtable.c' object='test_runner-test_hashtable.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_utils.obj: suites/test_utils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_utils.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_utils.Tpo -c -o suites/tests-test_utils.obj `if test -f 'suites/test_utils.c'; then $(CYGPATH_W) 'suites/test_utils.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_utils.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_utils.Tpo suites/$(DEPDIR)/tests-test_utils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_utils.c' object='suites/tests-test_utils.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_hashtable.obj `if test -f 'test_hashtable.c'; then $(CYGPATH_W) 'test_hashtable.c'; else $(CYGPATH_W) '$(srcdir)/test_hashtable.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_utils.obj `if test -f 'suites/test_utils.c'; then $(CYGPATH_W) 'suites/test_utils.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_utils.c'; fi` -test_runner-test_identification.o: test_identification.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_identification.o -MD -MP -MF $(DEPDIR)/test_runner-test_identification.Tpo -c -o test_runner-test_identification.o `test -f 'test_identification.c' || echo '$(srcdir)/'`test_identification.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_identification.Tpo $(DEPDIR)/test_runner-test_identification.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_identification.c' object='test_runner-test_identification.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_settings.o: suites/test_settings.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_settings.o -MD -MP -MF suites/$(DEPDIR)/tests-test_settings.Tpo -c -o suites/tests-test_settings.o `test -f 'suites/test_settings.c' || echo '$(srcdir)/'`suites/test_settings.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_settings.Tpo suites/$(DEPDIR)/tests-test_settings.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_settings.c' object='suites/tests-test_settings.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_identification.o `test -f 'test_identification.c' || echo '$(srcdir)/'`test_identification.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_settings.o `test -f 'suites/test_settings.c' || echo '$(srcdir)/'`suites/test_settings.c -test_runner-test_identification.obj: test_identification.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_identification.obj -MD -MP -MF $(DEPDIR)/test_runner-test_identification.Tpo -c -o test_runner-test_identification.obj `if test -f 'test_identification.c'; then $(CYGPATH_W) 'test_identification.c'; else $(CYGPATH_W) '$(srcdir)/test_identification.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_identification.Tpo $(DEPDIR)/test_runner-test_identification.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_identification.c' object='test_runner-test_identification.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_settings.obj: suites/test_settings.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_settings.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_settings.Tpo -c -o suites/tests-test_settings.obj `if test -f 'suites/test_settings.c'; then $(CYGPATH_W) 'suites/test_settings.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_settings.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_settings.Tpo suites/$(DEPDIR)/tests-test_settings.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_settings.c' object='suites/tests-test_settings.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_identification.obj `if test -f 'test_identification.c'; then $(CYGPATH_W) 'test_identification.c'; else $(CYGPATH_W) '$(srcdir)/test_identification.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_settings.obj `if test -f 'suites/test_settings.c'; then $(CYGPATH_W) 'suites/test_settings.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_settings.c'; fi` -test_runner-test_threading.o: test_threading.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_threading.o -MD -MP -MF $(DEPDIR)/test_runner-test_threading.Tpo -c -o test_runner-test_threading.o `test -f 'test_threading.c' || echo '$(srcdir)/'`test_threading.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_threading.Tpo $(DEPDIR)/test_runner-test_threading.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_threading.c' object='test_runner-test_threading.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_vectors.o: suites/test_vectors.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_vectors.o -MD -MP -MF suites/$(DEPDIR)/tests-test_vectors.Tpo -c -o suites/tests-test_vectors.o `test -f 'suites/test_vectors.c' || echo '$(srcdir)/'`suites/test_vectors.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_vectors.Tpo suites/$(DEPDIR)/tests-test_vectors.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_vectors.c' object='suites/tests-test_vectors.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_threading.o `test -f 'test_threading.c' || echo '$(srcdir)/'`test_threading.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_vectors.o `test -f 'suites/test_vectors.c' || echo '$(srcdir)/'`suites/test_vectors.c -test_runner-test_threading.obj: test_threading.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_threading.obj -MD -MP -MF $(DEPDIR)/test_runner-test_threading.Tpo -c -o test_runner-test_threading.obj `if test -f 'test_threading.c'; then $(CYGPATH_W) 'test_threading.c'; else $(CYGPATH_W) '$(srcdir)/test_threading.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_threading.Tpo $(DEPDIR)/test_runner-test_threading.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_threading.c' object='test_runner-test_threading.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_vectors.obj: suites/test_vectors.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_vectors.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_vectors.Tpo -c -o suites/tests-test_vectors.obj `if test -f 'suites/test_vectors.c'; then $(CYGPATH_W) 'suites/test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_vectors.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_vectors.Tpo suites/$(DEPDIR)/tests-test_vectors.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_vectors.c' object='suites/tests-test_vectors.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_threading.obj `if test -f 'test_threading.c'; then $(CYGPATH_W) 'test_threading.c'; else $(CYGPATH_W) '$(srcdir)/test_threading.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_vectors.obj `if test -f 'suites/test_vectors.c'; then $(CYGPATH_W) 'suites/test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_vectors.c'; fi` -test_runner-test_utils.o: test_utils.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_utils.o -MD -MP -MF $(DEPDIR)/test_runner-test_utils.Tpo -c -o test_runner-test_utils.o `test -f 'test_utils.c' || echo '$(srcdir)/'`test_utils.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_utils.Tpo $(DEPDIR)/test_runner-test_utils.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_utils.c' object='test_runner-test_utils.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_array.o: suites/test_array.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_array.o -MD -MP -MF suites/$(DEPDIR)/tests-test_array.Tpo -c -o suites/tests-test_array.o `test -f 'suites/test_array.c' || echo '$(srcdir)/'`suites/test_array.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_array.Tpo suites/$(DEPDIR)/tests-test_array.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_array.c' object='suites/tests-test_array.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_utils.o `test -f 'test_utils.c' || echo '$(srcdir)/'`test_utils.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_array.o `test -f 'suites/test_array.c' || echo '$(srcdir)/'`suites/test_array.c -test_runner-test_utils.obj: test_utils.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_utils.obj -MD -MP -MF $(DEPDIR)/test_runner-test_utils.Tpo -c -o test_runner-test_utils.obj `if test -f 'test_utils.c'; then $(CYGPATH_W) 'test_utils.c'; else $(CYGPATH_W) '$(srcdir)/test_utils.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_utils.Tpo $(DEPDIR)/test_runner-test_utils.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_utils.c' object='test_runner-test_utils.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_array.obj: suites/test_array.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_array.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_array.Tpo -c -o suites/tests-test_array.obj `if test -f 'suites/test_array.c'; then $(CYGPATH_W) 'suites/test_array.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_array.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_array.Tpo suites/$(DEPDIR)/tests-test_array.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_array.c' object='suites/tests-test_array.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_utils.obj `if test -f 'test_utils.c'; then $(CYGPATH_W) 'test_utils.c'; else $(CYGPATH_W) '$(srcdir)/test_utils.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_array.obj `if test -f 'suites/test_array.c'; then $(CYGPATH_W) 'suites/test_array.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_array.c'; fi` -test_runner-test_vectors.o: test_vectors.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_vectors.o -MD -MP -MF $(DEPDIR)/test_runner-test_vectors.Tpo -c -o test_runner-test_vectors.o `test -f 'test_vectors.c' || echo '$(srcdir)/'`test_vectors.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_vectors.Tpo $(DEPDIR)/test_runner-test_vectors.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_vectors.c' object='test_runner-test_vectors.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_ecdsa.o: suites/test_ecdsa.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ecdsa.o -MD -MP -MF suites/$(DEPDIR)/tests-test_ecdsa.Tpo -c -o suites/tests-test_ecdsa.o `test -f 'suites/test_ecdsa.c' || echo '$(srcdir)/'`suites/test_ecdsa.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ecdsa.Tpo suites/$(DEPDIR)/tests-test_ecdsa.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ecdsa.c' object='suites/tests-test_ecdsa.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_vectors.o `test -f 'test_vectors.c' || echo '$(srcdir)/'`test_vectors.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ecdsa.o `test -f 'suites/test_ecdsa.c' || echo '$(srcdir)/'`suites/test_ecdsa.c -test_runner-test_vectors.obj: test_vectors.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_vectors.obj -MD -MP -MF $(DEPDIR)/test_runner-test_vectors.Tpo -c -o test_runner-test_vectors.obj `if test -f 'test_vectors.c'; then $(CYGPATH_W) 'test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/test_vectors.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_vectors.Tpo $(DEPDIR)/test_runner-test_vectors.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_vectors.c' object='test_runner-test_vectors.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_ecdsa.obj: suites/test_ecdsa.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ecdsa.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_ecdsa.Tpo -c -o suites/tests-test_ecdsa.obj `if test -f 'suites/test_ecdsa.c'; then $(CYGPATH_W) 'suites/test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ecdsa.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ecdsa.Tpo suites/$(DEPDIR)/tests-test_ecdsa.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ecdsa.c' object='suites/tests-test_ecdsa.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_vectors.obj `if test -f 'test_vectors.c'; then $(CYGPATH_W) 'test_vectors.c'; else $(CYGPATH_W) '$(srcdir)/test_vectors.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ecdsa.obj `if test -f 'suites/test_ecdsa.c'; then $(CYGPATH_W) 'suites/test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ecdsa.c'; fi` -test_runner-test_array.o: test_array.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_array.o -MD -MP -MF $(DEPDIR)/test_runner-test_array.Tpo -c -o test_runner-test_array.o `test -f 'test_array.c' || echo '$(srcdir)/'`test_array.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_array.Tpo $(DEPDIR)/test_runner-test_array.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_array.c' object='test_runner-test_array.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_rsa.o: suites/test_rsa.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_rsa.o -MD -MP -MF suites/$(DEPDIR)/tests-test_rsa.Tpo -c -o suites/tests-test_rsa.o `test -f 'suites/test_rsa.c' || echo '$(srcdir)/'`suites/test_rsa.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_rsa.Tpo suites/$(DEPDIR)/tests-test_rsa.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_rsa.c' object='suites/tests-test_rsa.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_array.o `test -f 'test_array.c' || echo '$(srcdir)/'`test_array.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_rsa.o `test -f 'suites/test_rsa.c' || echo '$(srcdir)/'`suites/test_rsa.c -test_runner-test_array.obj: test_array.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_array.obj -MD -MP -MF $(DEPDIR)/test_runner-test_array.Tpo -c -o test_runner-test_array.obj `if test -f 'test_array.c'; then $(CYGPATH_W) 'test_array.c'; else $(CYGPATH_W) '$(srcdir)/test_array.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_array.Tpo $(DEPDIR)/test_runner-test_array.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_array.c' object='test_runner-test_array.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_rsa.obj: suites/test_rsa.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_rsa.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_rsa.Tpo -c -o suites/tests-test_rsa.obj `if test -f 'suites/test_rsa.c'; then $(CYGPATH_W) 'suites/test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_rsa.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_rsa.Tpo suites/$(DEPDIR)/tests-test_rsa.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_rsa.c' object='suites/tests-test_rsa.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_array.obj `if test -f 'test_array.c'; then $(CYGPATH_W) 'test_array.c'; else $(CYGPATH_W) '$(srcdir)/test_array.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_rsa.obj `if test -f 'suites/test_rsa.c'; then $(CYGPATH_W) 'suites/test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_rsa.c'; fi` -test_runner-test_ecdsa.o: test_ecdsa.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_ecdsa.o -MD -MP -MF $(DEPDIR)/test_runner-test_ecdsa.Tpo -c -o test_runner-test_ecdsa.o `test -f 'test_ecdsa.c' || echo '$(srcdir)/'`test_ecdsa.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_ecdsa.Tpo $(DEPDIR)/test_runner-test_ecdsa.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_ecdsa.c' object='test_runner-test_ecdsa.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_host.o: suites/test_host.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_host.o -MD -MP -MF suites/$(DEPDIR)/tests-test_host.Tpo -c -o suites/tests-test_host.o `test -f 'suites/test_host.c' || echo '$(srcdir)/'`suites/test_host.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_host.Tpo suites/$(DEPDIR)/tests-test_host.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_host.c' object='suites/tests-test_host.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_ecdsa.o `test -f 'test_ecdsa.c' || echo '$(srcdir)/'`test_ecdsa.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_host.o `test -f 'suites/test_host.c' || echo '$(srcdir)/'`suites/test_host.c -test_runner-test_ecdsa.obj: test_ecdsa.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_ecdsa.obj -MD -MP -MF $(DEPDIR)/test_runner-test_ecdsa.Tpo -c -o test_runner-test_ecdsa.obj `if test -f 'test_ecdsa.c'; then $(CYGPATH_W) 'test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/test_ecdsa.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_ecdsa.Tpo $(DEPDIR)/test_runner-test_ecdsa.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_ecdsa.c' object='test_runner-test_ecdsa.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_host.obj: suites/test_host.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_host.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_host.Tpo -c -o suites/tests-test_host.obj `if test -f 'suites/test_host.c'; then $(CYGPATH_W) 'suites/test_host.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_host.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_host.Tpo suites/$(DEPDIR)/tests-test_host.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_host.c' object='suites/tests-test_host.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_ecdsa.obj `if test -f 'test_ecdsa.c'; then $(CYGPATH_W) 'test_ecdsa.c'; else $(CYGPATH_W) '$(srcdir)/test_ecdsa.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_host.obj `if test -f 'suites/test_host.c'; then $(CYGPATH_W) 'suites/test_host.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_host.c'; fi` -test_runner-test_rsa.o: test_rsa.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_rsa.o -MD -MP -MF $(DEPDIR)/test_runner-test_rsa.Tpo -c -o test_runner-test_rsa.o `test -f 'test_rsa.c' || echo '$(srcdir)/'`test_rsa.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_rsa.Tpo $(DEPDIR)/test_runner-test_rsa.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_rsa.c' object='test_runner-test_rsa.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_hasher.o: suites/test_hasher.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hasher.o -MD -MP -MF suites/$(DEPDIR)/tests-test_hasher.Tpo -c -o suites/tests-test_hasher.o `test -f 'suites/test_hasher.c' || echo '$(srcdir)/'`suites/test_hasher.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hasher.Tpo suites/$(DEPDIR)/tests-test_hasher.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hasher.c' object='suites/tests-test_hasher.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_rsa.o `test -f 'test_rsa.c' || echo '$(srcdir)/'`test_rsa.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hasher.o `test -f 'suites/test_hasher.c' || echo '$(srcdir)/'`suites/test_hasher.c -test_runner-test_rsa.obj: test_rsa.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_rsa.obj -MD -MP -MF $(DEPDIR)/test_runner-test_rsa.Tpo -c -o test_runner-test_rsa.obj `if test -f 'test_rsa.c'; then $(CYGPATH_W) 'test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/test_rsa.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_rsa.Tpo $(DEPDIR)/test_runner-test_rsa.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_rsa.c' object='test_runner-test_rsa.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_hasher.obj: suites/test_hasher.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_hasher.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_hasher.Tpo -c -o suites/tests-test_hasher.obj `if test -f 'suites/test_hasher.c'; then $(CYGPATH_W) 'suites/test_hasher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hasher.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_hasher.Tpo suites/$(DEPDIR)/tests-test_hasher.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_hasher.c' object='suites/tests-test_hasher.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_rsa.obj `if test -f 'test_rsa.c'; then $(CYGPATH_W) 'test_rsa.c'; else $(CYGPATH_W) '$(srcdir)/test_rsa.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_hasher.obj `if test -f 'suites/test_hasher.c'; then $(CYGPATH_W) 'suites/test_hasher.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_hasher.c'; fi` -test_runner-test_host.o: test_host.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_host.o -MD -MP -MF $(DEPDIR)/test_runner-test_host.Tpo -c -o test_runner-test_host.o `test -f 'test_host.c' || echo '$(srcdir)/'`test_host.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_host.Tpo $(DEPDIR)/test_runner-test_host.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_host.c' object='test_runner-test_host.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_crypter.o: suites/test_crypter.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_crypter.o -MD -MP -MF suites/$(DEPDIR)/tests-test_crypter.Tpo -c -o suites/tests-test_crypter.o `test -f 'suites/test_crypter.c' || echo '$(srcdir)/'`suites/test_crypter.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_crypter.Tpo suites/$(DEPDIR)/tests-test_crypter.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_crypter.c' object='suites/tests-test_crypter.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_host.o `test -f 'test_host.c' || echo '$(srcdir)/'`test_host.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_crypter.o `test -f 'suites/test_crypter.c' || echo '$(srcdir)/'`suites/test_crypter.c -test_runner-test_host.obj: test_host.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_host.obj -MD -MP -MF $(DEPDIR)/test_runner-test_host.Tpo -c -o test_runner-test_host.obj `if test -f 'test_host.c'; then $(CYGPATH_W) 'test_host.c'; else $(CYGPATH_W) '$(srcdir)/test_host.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_host.Tpo $(DEPDIR)/test_runner-test_host.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_host.c' object='test_runner-test_host.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_crypter.obj: suites/test_crypter.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_crypter.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_crypter.Tpo -c -o suites/tests-test_crypter.obj `if test -f 'suites/test_crypter.c'; then $(CYGPATH_W) 'suites/test_crypter.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypter.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_crypter.Tpo suites/$(DEPDIR)/tests-test_crypter.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_crypter.c' object='suites/tests-test_crypter.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_host.obj `if test -f 'test_host.c'; then $(CYGPATH_W) 'test_host.c'; else $(CYGPATH_W) '$(srcdir)/test_host.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_crypter.obj `if test -f 'suites/test_crypter.c'; then $(CYGPATH_W) 'suites/test_crypter.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_crypter.c'; fi` -test_runner-test_printf.o: test_printf.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_printf.o -MD -MP -MF $(DEPDIR)/test_runner-test_printf.Tpo -c -o test_runner-test_printf.o `test -f 'test_printf.c' || echo '$(srcdir)/'`test_printf.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_printf.Tpo $(DEPDIR)/test_runner-test_printf.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_printf.c' object='test_runner-test_printf.o' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_pen.o: suites/test_pen.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_pen.o -MD -MP -MF suites/$(DEPDIR)/tests-test_pen.Tpo -c -o suites/tests-test_pen.o `test -f 'suites/test_pen.c' || echo '$(srcdir)/'`suites/test_pen.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_pen.Tpo suites/$(DEPDIR)/tests-test_pen.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_pen.c' object='suites/tests-test_pen.o' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_printf.o `test -f 'test_printf.c' || echo '$(srcdir)/'`test_printf.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_pen.o `test -f 'suites/test_pen.c' || echo '$(srcdir)/'`suites/test_pen.c -test_runner-test_printf.obj: test_printf.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -MT test_runner-test_printf.obj -MD -MP -MF $(DEPDIR)/test_runner-test_printf.Tpo -c -o test_runner-test_printf.obj `if test -f 'test_printf.c'; then $(CYGPATH_W) 'test_printf.c'; else $(CYGPATH_W) '$(srcdir)/test_printf.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/test_runner-test_printf.Tpo $(DEPDIR)/test_runner-test_printf.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='test_printf.c' object='test_runner-test_printf.obj' libtool=no @AMDEPBACKSLASH@ +suites/tests-test_pen.obj: suites/test_pen.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_pen.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_pen.Tpo -c -o suites/tests-test_pen.obj `if test -f 'suites/test_pen.c'; then $(CYGPATH_W) 'suites/test_pen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_pen.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_pen.Tpo suites/$(DEPDIR)/tests-test_pen.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_pen.c' object='suites/tests-test_pen.obj' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(test_runner_CFLAGS) $(CFLAGS) -c -o test_runner-test_printf.obj `if test -f 'test_printf.c'; then $(CYGPATH_W) 'test_printf.c'; else $(CYGPATH_W) '$(srcdir)/test_printf.c'; fi` +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_pen.obj `if test -f 'suites/test_pen.c'; then $(CYGPATH_W) 'suites/test_pen.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_pen.c'; fi` + +suites/tests-test_asn1.o: suites/test_asn1.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1.o -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1.Tpo -c -o suites/tests-test_asn1.o `test -f 'suites/test_asn1.c' || echo '$(srcdir)/'`suites/test_asn1.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1.Tpo suites/$(DEPDIR)/tests-test_asn1.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1.c' object='suites/tests-test_asn1.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1.o `test -f 'suites/test_asn1.c' || echo '$(srcdir)/'`suites/test_asn1.c + +suites/tests-test_asn1.obj: suites/test_asn1.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1.Tpo -c -o suites/tests-test_asn1.obj `if test -f 'suites/test_asn1.c'; then $(CYGPATH_W) 'suites/test_asn1.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1.Tpo suites/$(DEPDIR)/tests-test_asn1.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1.c' object='suites/tests-test_asn1.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1.obj `if test -f 'suites/test_asn1.c'; then $(CYGPATH_W) 'suites/test_asn1.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1.c'; fi` + +suites/tests-test_asn1_parser.o: suites/test_asn1_parser.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1_parser.o -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1_parser.Tpo -c -o suites/tests-test_asn1_parser.o `test -f 'suites/test_asn1_parser.c' || echo '$(srcdir)/'`suites/test_asn1_parser.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1_parser.Tpo suites/$(DEPDIR)/tests-test_asn1_parser.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1_parser.c' object='suites/tests-test_asn1_parser.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1_parser.o `test -f 'suites/test_asn1_parser.c' || echo '$(srcdir)/'`suites/test_asn1_parser.c + +suites/tests-test_asn1_parser.obj: suites/test_asn1_parser.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_asn1_parser.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_asn1_parser.Tpo -c -o suites/tests-test_asn1_parser.obj `if test -f 'suites/test_asn1_parser.c'; then $(CYGPATH_W) 'suites/test_asn1_parser.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1_parser.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_asn1_parser.Tpo suites/$(DEPDIR)/tests-test_asn1_parser.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_asn1_parser.c' object='suites/tests-test_asn1_parser.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_asn1_parser.obj `if test -f 'suites/test_asn1_parser.c'; then $(CYGPATH_W) 'suites/test_asn1_parser.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_asn1_parser.c'; fi` + +suites/tests-test_printf.o: suites/test_printf.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_printf.o -MD -MP -MF suites/$(DEPDIR)/tests-test_printf.Tpo -c -o suites/tests-test_printf.o `test -f 'suites/test_printf.c' || echo '$(srcdir)/'`suites/test_printf.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_printf.Tpo suites/$(DEPDIR)/tests-test_printf.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_printf.c' object='suites/tests-test_printf.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_printf.o `test -f 'suites/test_printf.c' || echo '$(srcdir)/'`suites/test_printf.c + +suites/tests-test_printf.obj: suites/test_printf.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_printf.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_printf.Tpo -c -o suites/tests-test_printf.obj `if test -f 'suites/test_printf.c'; then $(CYGPATH_W) 'suites/test_printf.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_printf.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_printf.Tpo suites/$(DEPDIR)/tests-test_printf.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_printf.c' object='suites/tests-test_printf.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_printf.obj `if test -f 'suites/test_printf.c'; then $(CYGPATH_W) 'suites/test_printf.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_printf.c'; fi` + +suites/tests-test_test_rng.o: suites/test_test_rng.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_test_rng.o -MD -MP -MF suites/$(DEPDIR)/tests-test_test_rng.Tpo -c -o suites/tests-test_test_rng.o `test -f 'suites/test_test_rng.c' || echo '$(srcdir)/'`suites/test_test_rng.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_test_rng.Tpo suites/$(DEPDIR)/tests-test_test_rng.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_test_rng.c' object='suites/tests-test_test_rng.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_test_rng.o `test -f 'suites/test_test_rng.c' || echo '$(srcdir)/'`suites/test_test_rng.c + +suites/tests-test_test_rng.obj: suites/test_test_rng.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_test_rng.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_test_rng.Tpo -c -o suites/tests-test_test_rng.obj `if test -f 'suites/test_test_rng.c'; then $(CYGPATH_W) 'suites/test_test_rng.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_test_rng.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_test_rng.Tpo suites/$(DEPDIR)/tests-test_test_rng.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_test_rng.c' object='suites/tests-test_test_rng.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_test_rng.obj `if test -f 'suites/test_test_rng.c'; then $(CYGPATH_W) 'suites/test_test_rng.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_test_rng.c'; fi` + +suites/tests-test_ntru.o: suites/test_ntru.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ntru.o -MD -MP -MF suites/$(DEPDIR)/tests-test_ntru.Tpo -c -o suites/tests-test_ntru.o `test -f 'suites/test_ntru.c' || echo '$(srcdir)/'`suites/test_ntru.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ntru.Tpo suites/$(DEPDIR)/tests-test_ntru.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ntru.c' object='suites/tests-test_ntru.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ntru.o `test -f 'suites/test_ntru.c' || echo '$(srcdir)/'`suites/test_ntru.c + +suites/tests-test_ntru.obj: suites/test_ntru.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -MT suites/tests-test_ntru.obj -MD -MP -MF suites/$(DEPDIR)/tests-test_ntru.Tpo -c -o suites/tests-test_ntru.obj `if test -f 'suites/test_ntru.c'; then $(CYGPATH_W) 'suites/test_ntru.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntru.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/tests-test_ntru.Tpo suites/$(DEPDIR)/tests-test_ntru.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ntru.c' object='suites/tests-test_ntru.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(tests_CFLAGS) $(CFLAGS) -c -o suites/tests-test_ntru.obj `if test -f 'suites/test_ntru.c'; then $(CYGPATH_W) 'suites/test_ntru.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ntru.c'; fi` mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs + -rm -rf utils/.libs utils/_libs ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique @@ -1022,168 +1183,98 @@ cscopelist-am: $(am__tagged_files) distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -# Recover from deleted '.trs' file; this should ensure that -# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create -# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells -# to avoid problems with "make -n". -.log.trs: - rm -f $< $@ - $(MAKE) $(AM_MAKEFLAGS) $< - -# Leading 'am--fnord' is there to ensure the list of targets does not -# expand to empty, as could happen e.g. with make check TESTS=''. -am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) -am--force-recheck: - @: - -$(TEST_SUITE_LOG): $(TEST_LOGS) - @$(am__set_TESTS_bases); \ - am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ - redo_bases=`for i in $$bases; do \ - am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ - done`; \ - if test -n "$$redo_bases"; then \ - redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ - redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ - if $(am__make_dryrun); then :; else \ - rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ - fi; \ - fi; \ - if test -n "$$am__remaking_logs"; then \ - echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ - "recursion detected" >&2; \ - else \ - am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ - fi; \ - if $(am__make_dryrun); then :; else \ - st=0; \ - errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ - for i in $$redo_bases; do \ - test -f $$i.trs && test -r $$i.trs \ - || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ - test -f $$i.log && test -r $$i.log \ - || { echo "$$errmsg $$i.log" >&2; st=1; }; \ +check-TESTS: $(TESTS) + @failed=0; all=0; xfail=0; xpass=0; skip=0; \ + srcdir=$(srcdir); export srcdir; \ + list=' $(TESTS) '; \ + $(am__tty_colors); \ + if test -n "$$list"; then \ + for tst in $$list; do \ + if test -f ./$$tst; then dir=./; \ + elif test -f $$tst; then dir=; \ + else dir="$(srcdir)/"; fi; \ + if $(TESTS_ENVIRONMENT) $${dir}$$tst $(AM_TESTS_FD_REDIRECT); then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xpass=`expr $$xpass + 1`; \ + failed=`expr $$failed + 1`; \ + col=$$red; res=XPASS; \ + ;; \ + *) \ + col=$$grn; res=PASS; \ + ;; \ + esac; \ + elif test $$? -ne 77; then \ + all=`expr $$all + 1`; \ + case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$tst[\ \ ]*) \ + xfail=`expr $$xfail + 1`; \ + col=$$lgn; res=XFAIL; \ + ;; \ + *) \ + failed=`expr $$failed + 1`; \ + col=$$red; res=FAIL; \ + ;; \ + esac; \ + else \ + skip=`expr $$skip + 1`; \ + col=$$blu; res=SKIP; \ + fi; \ + echo "$${col}$$res$${std}: $$tst"; \ done; \ - test $$st -eq 0 || exit 1; \ - fi - @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ - ws='[ ]'; \ - results=`for b in $$bases; do echo $$b.trs; done`; \ - test -n "$$results" || results=/dev/null; \ - all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ - pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ - fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ - skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ - xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ - xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ - error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ - if test `expr $$fail + $$xpass + $$error` -eq 0; then \ - success=true; \ - else \ - success=false; \ - fi; \ - br='==================='; br=$$br$$br$$br$$br; \ - result_count () \ - { \ - if test x"$$1" = x"--maybe-color"; then \ - maybe_colorize=yes; \ - elif test x"$$1" = x"--no-color"; then \ - maybe_colorize=no; \ + if test "$$all" -eq 1; then \ + tests="test"; \ + All=""; \ + else \ + tests="tests"; \ + All="All "; \ + fi; \ + if test "$$failed" -eq 0; then \ + if test "$$xfail" -eq 0; then \ + banner="$$All$$all $$tests passed"; \ else \ - echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + if test "$$xfail" -eq 1; then failures=failure; else failures=failures; fi; \ + banner="$$All$$all $$tests behaved as expected ($$xfail expected $$failures)"; \ fi; \ - shift; \ - desc=$$1 count=$$2; \ - if test $$maybe_colorize = yes && test $$count -gt 0; then \ - color_start=$$3 color_end=$$std; \ + else \ + if test "$$xpass" -eq 0; then \ + banner="$$failed of $$all $$tests failed"; \ + else \ + if test "$$xpass" -eq 1; then passes=pass; else passes=passes; fi; \ + banner="$$failed of $$all $$tests did not behave as expected ($$xpass unexpected $$passes)"; \ + fi; \ + fi; \ + dashes="$$banner"; \ + skipped=""; \ + if test "$$skip" -ne 0; then \ + if test "$$skip" -eq 1; then \ + skipped="($$skip test was not run)"; \ else \ - color_start= color_end=; \ + skipped="($$skip tests were not run)"; \ fi; \ - echo "$${color_start}# $$desc $$count$${color_end}"; \ - }; \ - create_testsuite_report () \ - { \ - result_count $$1 "TOTAL:" $$all "$$brg"; \ - result_count $$1 "PASS: " $$pass "$$grn"; \ - result_count $$1 "SKIP: " $$skip "$$blu"; \ - result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ - result_count $$1 "FAIL: " $$fail "$$red"; \ - result_count $$1 "XPASS:" $$xpass "$$red"; \ - result_count $$1 "ERROR:" $$error "$$mgn"; \ - }; \ - { \ - echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ - $(am__rst_title); \ - create_testsuite_report --no-color; \ - echo; \ - echo ".. contents:: :depth: 2"; \ - echo; \ - for b in $$bases; do echo $$b; done \ - | $(am__create_global_log); \ - } >$(TEST_SUITE_LOG).tmp || exit 1; \ - mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ - if $$success; then \ - col="$$grn"; \ - else \ - col="$$red"; \ - test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ - fi; \ - echo "$${col}$$br$${std}"; \ - echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ - echo "$${col}$$br$${std}"; \ - create_testsuite_report --maybe-color; \ - echo "$$col$$br$$std"; \ - if $$success; then :; else \ - echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ - if test -n "$(PACKAGE_BUGREPORT)"; then \ - echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ - fi; \ - echo "$$col$$br$$std"; \ - fi; \ - $$success || exit 1 - -check-TESTS: - @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list - @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list - @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - @set +e; $(am__set_TESTS_bases); \ - log_list=`for i in $$bases; do echo $$i.log; done`; \ - trs_list=`for i in $$bases; do echo $$i.trs; done`; \ - log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ - $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ - exit $$?; -recheck: all $(check_PROGRAMS) - @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) - @set +e; $(am__set_TESTS_bases); \ - bases=`for i in $$bases; do echo $$i; done \ - | $(am__list_recheck_tests)` || exit 1; \ - log_list=`for i in $$bases; do echo $$i.log; done`; \ - log_list=`echo $$log_list`; \ - $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ - am__force_recheck=am--force-recheck \ - TEST_LOGS="$$log_list"; \ - exit $$? -test_runner.log: test_runner$(EXEEXT) - @p='test_runner$(EXEEXT)'; \ - b='test_runner'; \ - $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) -.test.log: - @p='$<'; \ - $(am__set_b); \ - $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ - --log-file $$b.log --trs-file $$b.trs \ - $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ - "$$tst" $(AM_TESTS_FD_REDIRECT) -@am__EXEEXT_TRUE@.test$(EXEEXT).log: -@am__EXEEXT_TRUE@ @p='$<'; \ -@am__EXEEXT_TRUE@ $(am__set_b); \ -@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ -@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ -@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ -@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + test `echo "$$skipped" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$skipped"; \ + fi; \ + report=""; \ + if test "$$failed" -ne 0 && test -n "$(PACKAGE_BUGREPORT)"; then \ + report="Please report to $(PACKAGE_BUGREPORT)"; \ + test `echo "$$report" | wc -c` -le `echo "$$banner" | wc -c` || \ + dashes="$$report"; \ + fi; \ + dashes=`echo "$$dashes" | sed s/./=/g`; \ + if test "$$failed" -eq 0; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + fi; \ + echo "$${col}$$dashes$${std}"; \ + echo "$${col}$$banner$${std}"; \ + test -z "$$skipped" || echo "$${col}$$skipped$${std}"; \ + test -z "$$report" || echo "$${col}$$report$${std}"; \ + echo "$${col}$$dashes$${std}"; \ + test "$$failed" -eq 0; \ + else :; fi distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @@ -1216,7 +1307,7 @@ distdir: $(DISTFILES) fi; \ done check-am: all-am - $(MAKE) $(AM_MAKEFLAGS) $(check_PROGRAMS) + $(MAKE) $(AM_MAKEFLAGS) $(check_LTLIBRARIES) $(check_PROGRAMS) $(MAKE) $(AM_MAKEFLAGS) check-TESTS check: check-am all-am: Makefile @@ -1241,26 +1332,27 @@ install-strip: "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: - -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) - -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) - -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f suites/$(DEPDIR)/$(am__dirstamp) + -rm -f suites/$(am__dirstamp) + -rm -f utils/$(DEPDIR)/$(am__dirstamp) + -rm -f utils/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am -clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ - mostlyclean-am +clean-am: clean-checkLTLIBRARIES clean-checkPROGRAMS clean-generic \ + clean-libtool mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) + -rm -rf ./$(DEPDIR) suites/$(DEPDIR) utils/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -1306,7 +1398,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) + -rm -rf ./$(DEPDIR) suites/$(DEPDIR) utils/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -1328,18 +1420,18 @@ uninstall-am: .MAKE: check-am install-am install-strip .PHONY: CTAGS GTAGS TAGS all all-am check check-TESTS check-am clean \ - clean-checkPROGRAMS clean-generic clean-libtool cscopelist-am \ - ctags ctags-am distclean distclean-compile distclean-generic \ - distclean-libtool distclean-tags distdir dvi dvi-am html \ - html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pdf install-pdf-am \ - install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ - maintainer-clean-generic mostlyclean mostlyclean-compile \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - recheck tags tags-am uninstall uninstall-am + clean-checkLTLIBRARIES clean-checkPROGRAMS clean-generic \ + clean-libtool cscopelist-am ctags ctags-am distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libstrongswan/tests/test_array.c b/src/libstrongswan/tests/suites/test_array.c index 2220d5a2b..ba2aff460 100644 --- a/src/libstrongswan/tests/test_array.c +++ b/src/libstrongswan/tests/suites/test_array.c @@ -1,4 +1,7 @@ /* + * Copyright (C) 2014 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * * Copyright (C) 2013 Martin Willi * Copyright (C) 2013 revosec AG * @@ -35,6 +38,14 @@ START_TEST(test_append_ptr) /* 3, 4 */ + ck_assert(array_get(array, ARRAY_HEAD, &x)); + ck_assert_int_eq(x, 3); + ck_assert(array_get(array, 1, &x)); + ck_assert_int_eq(x, 4); + ck_assert(array_get(array, ARRAY_TAIL, &x)); + ck_assert_int_eq(x, 4); + ck_assert(!array_get(array, 3, &x)); + array_insert(array, ARRAY_HEAD, (void*)(uintptr_t)1); array_insert(array, 1, (void*)(uintptr_t)2); ck_assert_int_eq(array_count(array), 4); @@ -108,6 +119,14 @@ START_TEST(test_append_obj) /* 3, 4 */ + ck_assert(array_get(array, ARRAY_HEAD, &x)); + ck_assert_int_eq(x, 3); + ck_assert(array_get(array, 1, &x)); + ck_assert_int_eq(x, 4); + ck_assert(array_get(array, ARRAY_TAIL, &x)); + ck_assert_int_eq(x, 4); + ck_assert(!array_get(array, 3, &x)); + array_insert(array, ARRAY_HEAD, &y[1]); array_insert(array, 1, &y[2]); ck_assert_int_eq(array_count(array), 4); @@ -258,6 +277,149 @@ START_TEST(test_enumerate) } END_TEST +static int comp_obj(const void *a, const void *b, void *arg) +{ + ck_assert_str_eq(arg, "arg"); + return *(int*)a - *(int*)b; +} + +START_TEST(test_sort_obj) +{ + array_t *array; + int x[][3] = { + {1, 2, 3}, + {1, 3, 2}, + {2, 1, 3}, + {2, 3, 1}, + {3, 1, 2}, + {3, 2, 1}, + }; + char *arg = "arg"; + int i, v; + + for (i = 0; i < countof(x); i++) + { + array = array_create(sizeof(x[i][0]), 0); + array_insert(array, ARRAY_TAIL, &x[i][0]); + array_insert(array, ARRAY_TAIL, &x[i][1]); + array_insert(array, ARRAY_TAIL, &x[i][2]); + + array_sort(array, comp_obj, arg); + + ck_assert(array_get(array, 0, &v)); + ck_assert_int_eq(v, 1); + ck_assert(array_get(array, 1, &v)); + ck_assert_int_eq(v, 2); + ck_assert(array_get(array, 2, &v)); + ck_assert_int_eq(v, 3); + + array_destroy(array); + } +} +END_TEST + +static int comp_ptr(const void *a, const void *b, void *arg) +{ + ck_assert_str_eq(arg, "arg"); + return strcmp(a, b); +} + +START_TEST(test_sort_ptr) +{ + array_t *array; + char *x[][3] = { + {"a", "b", "c"}, + {"a", "c", "b"}, + {"b", "a", "c"}, + {"b", "c", "a"}, + {"c", "a", "b"}, + {"c", "b", "a"}, + }; + char *v, *arg = "arg"; + int i; + + for (i = 0; i < countof(x); i++) + { + array = array_create(0, 0); + array_insert(array, ARRAY_TAIL, x[i][0]); + array_insert(array, ARRAY_TAIL, x[i][1]); + array_insert(array, ARRAY_TAIL, x[i][2]); + + array_sort(array, comp_ptr, arg); + + ck_assert(array_get(array, 0, &v)); + ck_assert_str_eq(v, "a"); + ck_assert(array_get(array, 1, &v)); + ck_assert_str_eq(v, "b"); + ck_assert(array_get(array, 2, &v)); + ck_assert_str_eq(v, "c"); + + array_destroy(array); + } +} +END_TEST + +static int comp_search_obj(const void *a, const void *b) +{ + return *(int*)a - *(int*)b; +} + +START_TEST(test_bsearch_obj) +{ + array_t *array; + int x[] = { 3, 2, 1 }; + int k, v; + + array = array_create(sizeof(x[0]), 0); + array_insert(array, ARRAY_TAIL, &x[0]); + array_insert(array, ARRAY_TAIL, &x[1]); + array_insert(array, ARRAY_TAIL, &x[2]); + + array_sort(array, (void*)comp_search_obj, NULL); + + k = 0; + ck_assert_int_eq(array_bsearch(array, &k, comp_search_obj, &v), -1); + for (k = 1; k < 4; k++) + { + ck_assert_int_eq(array_bsearch(array, &k, comp_search_obj, &v), k-1); + ck_assert_int_eq(v, k); + } + k = 4; + ck_assert_int_eq(array_bsearch(array, &k, comp_search_obj, &v), -1); + array_destroy(array); +} +END_TEST + +static int comp_search_ptr(const void *a, const void *b) +{ + return strcmp(a, b); +} + +START_TEST(test_bsearch_ptr) +{ + array_t *array; + char *x[] = {"c", "b", "a"}; + char *v; + + array = array_create(0, 0); + array_insert(array, ARRAY_TAIL, x[0]); + array_insert(array, ARRAY_TAIL, x[1]); + array_insert(array, ARRAY_TAIL, x[2]); + + array_sort(array, (void*)comp_search_ptr, NULL); + + ck_assert_int_eq(array_bsearch(array, "abc", comp_search_ptr, &v), -1); + ck_assert_int_eq(array_bsearch(array, "a", comp_search_ptr, &v), 0); + ck_assert_str_eq(v, "a"); + ck_assert_int_eq(array_bsearch(array, "b", comp_search_ptr, &v), 1); + ck_assert_str_eq(v, "b"); + ck_assert_int_eq(array_bsearch(array, "c", comp_search_ptr, &v), 2); + ck_assert_str_eq(v, "c"); + + array_destroy(array); +} +END_TEST + static void invoke(void *data, int idx, void *user) { int *y = user, *x = data; @@ -336,11 +498,11 @@ Suite *array_suite_create() s = suite_create("array"); - tc = tcase_create("add/remove ptr"); + tc = tcase_create("add/get/remove ptr"); tcase_add_test(tc, test_append_ptr); suite_add_tcase(s, tc); - tc = tcase_create("add/remove obj"); + tc = tcase_create("add/get/remove obj"); tcase_add_test(tc, test_append_obj); suite_add_tcase(s, tc); @@ -348,6 +510,16 @@ Suite *array_suite_create() tcase_add_test(tc, test_enumerate); suite_add_tcase(s, tc); + tc = tcase_create("sort"); + tcase_add_test(tc, test_sort_obj); + tcase_add_test(tc, test_sort_ptr); + suite_add_tcase(s, tc); + + tc = tcase_create("bsearch"); + tcase_add_test(tc, test_bsearch_obj); + tcase_add_test(tc, test_bsearch_ptr); + suite_add_tcase(s, tc); + tc = tcase_create("invoke"); tcase_add_test(tc, test_invoke); suite_add_tcase(s, tc); diff --git a/src/libstrongswan/tests/suites/test_asn1.c b/src/libstrongswan/tests/suites/test_asn1.c new file mode 100644 index 000000000..d0cd7e6e4 --- /dev/null +++ b/src/libstrongswan/tests/suites/test_asn1.c @@ -0,0 +1,869 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + + +#include "test_suite.h" + +#include <asn1/asn1.h> +#include <asn1/oid.h> +#include <utils/chunk.h> + +/******************************************************************************* + * algorithm_identifier + */ + +START_TEST(test_asn1_algorithmIdentifier) +{ + typedef struct { + int n; + chunk_t algid; + } testdata_t; + + testdata_t test[] = { + { OID_ECDSA_WITH_SHA1, chunk_from_chars(0x30, 0x09, 0x06, 0x07, + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01) }, + { OID_SHA1_WITH_RSA, chunk_from_chars(0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00) }, + }; + + chunk_t algid; + int i; + + for (i = 0; i < countof(test); i++) + { + algid = asn1_algorithmIdentifier(test[i].n); + ck_assert(chunk_equals(algid, test[i].algid)); + free(algid.ptr); + } +} +END_TEST + +/******************************************************************************* + * parse_algorithm_identifier + */ + +START_TEST(test_asn1_parse_algorithmIdentifier) +{ + typedef struct { + int alg; + bool empty; + chunk_t parameters; + } testdata_t; + + testdata_t test[] = { + { OID_ECDSA_WITH_SHA1, TRUE, chunk_empty }, + { OID_SHA1_WITH_RSA, TRUE, chunk_from_chars(0x05, 0x00) }, + { OID_3DES_EDE_CBC, FALSE, chunk_from_chars(0x04, 0x01, 0xaa) }, + { OID_PBKDF2, FALSE, chunk_from_chars(0x30, 0x01, 0xaa) } + }; + + chunk_t algid, parameters; + int i, alg; + + for (i = 0; i < countof(test); i++) + { + algid = asn1_wrap(ASN1_SEQUENCE, "mc", + asn1_build_known_oid(test[i].alg), test[i].parameters); + parameters = chunk_empty; + if (i == 2) + { + alg = asn1_parse_algorithmIdentifier(algid, 0, NULL); + } + else + { + alg = asn1_parse_algorithmIdentifier(algid, 0, ¶meters); + if (test[i].empty) + { + ck_assert(parameters.len == 0 && parameters.ptr == NULL); + } + else + { + ck_assert(chunk_equals(parameters, test[i].parameters)); + } + } + ck_assert(alg == test[i].alg); + chunk_free(&algid); + } +} +END_TEST + +/******************************************************************************* + * known_oid + */ + +START_TEST(test_asn1_known_oid) +{ + typedef struct { + int n; + chunk_t oid; + } testdata_t; + + testdata_t test[] = { + { OID_UNKNOWN, chunk_empty }, + { OID_UNKNOWN, chunk_from_chars(0x55, 0x04, 0x02) }, + { OID_COUNTRY, chunk_from_chars(0x55, 0x04, 0x06) }, + { OID_STRONGSWAN, chunk_from_chars(0x2b, 0x06, 0x01, 0x04, 0x01, + 0x82, 0xa0, 0x2a, 0x01) } + }; + + int i; + + for (i = 0; i < countof(test); i++) + { + ck_assert(asn1_known_oid(test[i].oid) == test[i].n); + } +} +END_TEST + +/******************************************************************************* + * build_known_oid + */ + +START_TEST(test_asn1_build_known_oid) +{ + typedef struct { + int n; + chunk_t oid; + } testdata_t; + + testdata_t test[] = { + { OID_UNKNOWN, chunk_empty }, + { OID_MAX, chunk_empty }, + { OID_COUNTRY, chunk_from_chars(0x06, 0x03, 0x55, 0x04, 0x06) }, + { OID_STRONGSWAN, chunk_from_chars(0x06, 0x09, 0x2b, 0x06, 0x01, 0x04, + 0x01, 0x82, 0xa0, 0x2a, 0x01) } + }; + + int i; + chunk_t oid = chunk_empty; + + for (i = 0; i < countof(test); i++) + { + oid = asn1_build_known_oid(test[i].n); + if (test[i].oid.len == 0) + { + ck_assert(oid.len == 0 && oid.ptr == NULL); + } + else + { + ck_assert(chunk_equals(oid, test[i].oid)); + chunk_free(&oid); + } + } +} +END_TEST + +/******************************************************************************* + * oid_from_string + */ + +START_TEST(test_asn1_oid_from_string) +{ + typedef struct { + char *string; + chunk_t oid; + } testdata_t; + + testdata_t test[] = { + { "", chunk_empty }, + { " ", chunk_empty }, + { "0.2.262.1", chunk_from_chars( + 0x02, 0x82, 0x06, 0x01) }, + { "1.2.840.10045.4.1", chunk_from_chars( + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01) }, + { "1.3.6.1.4.1.36906.1", chunk_from_chars( + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa0, 0x2a, 0x01) }, + { "2.16.840.1.101.3.4.2.1", chunk_from_chars( + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01) }, + { "0.10.100.1000.10000.100000.1000000.10000000.100000000.268435455", + chunk_from_chars(0x0a,0x64, 0x87, 0x68, 0xce, 0x10, 0x86, 0x8d, + 0x20, 0xbd, 0x84, 0x40, 0x84, 0xe2, 0xad, 0x00, + 0xaf, 0xd7, 0xc2, 0x00, 0xff, 0xff, 0xff, 0x7f) }, + { "0.1.2.3.4.5.6.7.8.9.10.128.129.130.131.132.133.134.135.136.137." + "256.257.258.259.260.261.262.263.264.265.384.385.386.387.388." + "2097153", chunk_from_chars( + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x81, 0x00, 0x81, 0x01, 0x81, 0x02, 0x81, 0x03, 0x81, 0x04, + 0x81, 0x05, 0x81, 0x06, 0x81, 0x07, 0x81, 0x08, 0x81, 0x09, + 0x82, 0x00, 0x82, 0x01, 0x82, 0x02, 0x82, 0x03, 0x82, 0x04, + 0x82, 0x05, 0x82, 0x06, 0x82, 0x07, 0x82, 0x08, 0x82, 0x09, + 0x83, 0x00, 0x83, 0x01, 0x83, 0x02, 0x83, 0x03, 0x83, 0x04, + 0x81, 0x80, 0x80, 0x01) }, + { "0.1.2.3.4.5.6.7.8.9.10.128.129.130.131.132.133.134.135.136.137." + "256.257.258.259.260.261.262.263.264.265.384.385.386.387.388." + "1.2097153", chunk_empty }, + { "1.a.2.b.3", chunk_empty } + }; + + int i; + chunk_t oid = chunk_empty; + + for (i = 0; i < countof(test); i++) + { + oid = asn1_oid_from_string(test[i].string); + if (test[i].oid.len == 0) + { + ck_assert(oid.len == 0 && oid.ptr == NULL); + } + else + { + ck_assert(chunk_equals(oid, test[i].oid)); + chunk_free(&oid); + } + } +} +END_TEST + +/******************************************************************************* + * oid_to_string + */ + +START_TEST(test_asn1_oid_to_string) +{ + typedef struct { + char *string; + chunk_t oid; + } testdata_t; + + testdata_t test[] = { + { NULL, chunk_empty }, + { "0.2.262.1", chunk_from_chars( + 0x02, 0x82, 0x06, 0x01) }, + { "1.2.840.10045.4.1", chunk_from_chars( + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01) }, + { "1.3.6.1.4.1.36906.1", chunk_from_chars( + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa0, 0x2a, 0x01) }, + { "2.16.840.1.101.3.4.2.1", chunk_from_chars( + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01) }, + { "0.10.100.1000.10000.100000.1000000.10000000.100000000.268435455", + chunk_from_chars( 0x0a, 0x64, 0x87, 0x68, 0xce, 0x10, 0x86, 0x8d, + 0x20, 0xbd, 0x84, 0x40, 0x84, 0xe2, 0xad, 0x00, + 0xaf, 0xd7, 0xc2, 0x00, 0xff, 0xff, 0xff, 0x7f) }, + { NULL, chunk_from_chars( + 0x0a, 0x02, 0x64, 0x87, 0x68, 0xce, 0x10, 0x86, 0x8d, 0x20, + 0xbd, 0x84, 0x40, 0x84, 0xe2, 0xad, 0x00, 0xaf, 0xd7, 0xc2, 0x00, + 0xff, 0xff, 0xff, 0x7f) }, + { NULL, chunk_from_chars(0x0a, 0x87) } + }; + + int i; + char *string = NULL; + + for (i = 0; i < countof(test); i++) + { + string = asn1_oid_to_string(test[i].oid); + if (test[i].string == NULL) + { + ck_assert(string == NULL); + } + else + { + ck_assert(streq(string, test[i].string)); + free(string); + } + } +} +END_TEST + +/******************************************************************************* + * length + */ + +START_TEST(test_asn1_length) +{ + chunk_t a; + + a = chunk_empty; + ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH); + + a = chunk_from_chars(0x04); + ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH); + + a = chunk_from_chars(0x04, 0x00); + ck_assert(asn1_length(&a) == 0); + + a = chunk_from_chars(0x04, 0x01); + ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH); + + a = chunk_from_chars(0x04, 0x01, 0xaa); + ck_assert(asn1_length(&a) == 1); + + a = chunk_from_chars(0x04, 0x7f, 0xaa); + a.len = 2 + 127; + ck_assert(asn1_length(&a) == 127); + + a = chunk_from_chars(0x04, 0x80, 0xaa); + a.len = 2 + 128; + ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH); + + a = chunk_from_chars(0x04, 0x81); + ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH); + + a = chunk_from_chars(0x04, 0x81, 0x00); + ck_assert(asn1_length(&a) == 0); + + a = chunk_from_chars(0x04, 0x81, 0x80, 0xaa); + ck_assert(asn1_length(&a) == ASN1_INVALID_LENGTH); + + a = chunk_from_chars(0x04, 0x81, 0x80, 0xaa); + a.len = 3 + 128; + ck_assert(asn1_length(&a) == 128); + + a = chunk_from_chars(0x04, 0x82, 0x01, 0x02, 0xaa); + a.len = 4 + 258; + ck_assert(asn1_length(&a) == 258); + + a = chunk_from_chars(0x04, 0x83, 0x01, 0x02, 0x03, 0xaa); + a.len = 5 + 66051; + ck_assert(asn1_length(&a) == 66051); + + a = chunk_from_chars(0x04, 0x84, 0x01, 0x02, 0x03, 0x04, 0xaa); + a.len = 6 + 16909060; + ck_assert(asn1_length(&a) == 16909060); + + /* largest chunk on 32 bit system */ + a = chunk_from_chars(0x04, 0x84, 0xff, 0xff, 0xff, 0xf9, 0xaa); + a.len = 4294967295; + ck_assert(asn1_length(&a) == 4294967289); + +} +END_TEST + +/******************************************************************************* + * unwrap + */ + +START_TEST(test_asn1_unwrap) +{ + chunk_t c0 = chunk_from_chars(0x30); + chunk_t c1 = chunk_from_chars(0x30, 0x01, 0xaa); + chunk_t c2 = chunk_from_chars(0x30, 0x80); + chunk_t c3 = chunk_from_chars(0x30, 0x81); + chunk_t c4 = chunk_from_chars(0x30, 0x81, 0x01, 0xaa); + chunk_t c5 = chunk_from_chars(0x30, 0x81, 0x02, 0xaa); + + chunk_t inner; + chunk_t inner_ref = chunk_from_chars(0xaa); + + ck_assert(asn1_unwrap(&c0, &inner) == ASN1_INVALID); + + ck_assert(asn1_unwrap(&c1, &inner) == ASN1_SEQUENCE); + + ck_assert(chunk_equals(inner, inner_ref)); + + ck_assert(asn1_unwrap(&c2, &inner) == ASN1_INVALID); + + ck_assert(asn1_unwrap(&c3, &inner) == ASN1_INVALID); + + ck_assert(asn1_unwrap(&c4, &inner) == ASN1_SEQUENCE); + + ck_assert(chunk_equals(inner, inner_ref)); + + ck_assert(asn1_unwrap(&c5, &inner) == ASN1_INVALID); +} +END_TEST + +/******************************************************************************* + * is_asn1 + */ + +START_TEST(test_is_asn1) +{ + typedef struct { + bool asn1; + chunk_t chunk; + } testdata_t; + + u_char buf[8]; + chunk_t chunk_zero = { buf, 0 }; + chunk_t chunk_mean = { 0, 1 }; + + testdata_t test[] = { + { FALSE, chunk_zero }, + { FALSE, chunk_empty }, + { FALSE, chunk_mean }, + { TRUE, chunk_from_chars(0x30, 0x00) }, + { TRUE, chunk_from_chars(0x31, 0x00) }, + { TRUE, chunk_from_chars(0x04, 0x00) }, + { FALSE, chunk_from_chars(0x02, 0x00) }, + { FALSE, chunk_from_chars(0x30, 0x01) }, + { FALSE, chunk_from_chars(0x30, 0x80) }, + { TRUE, chunk_from_chars(0x30, 0x01, 0xa1) }, + { FALSE, chunk_from_chars(0x30, 0x01, 0xa1, 0xa2) }, + { TRUE, chunk_from_chars(0x30, 0x01, 0xa1, 0x0a) }, + { FALSE, chunk_from_chars(0x30, 0x01, 0xa1, 0xa2, 0x0a) }, + }; + + int i; + + for (i = 0; i < countof(test); i++) + { + ck_assert(is_asn1(test[i].chunk) == test[i].asn1); + } +} +END_TEST + +/******************************************************************************* + * is_printablestring + */ + +START_TEST(test_asn1_is_printablestring) +{ + typedef struct { + bool printable; + char *string; + } testdata_t; + + + testdata_t test[] = { + { TRUE, "" }, + { TRUE, "Z" }, + { FALSE, "Z#" }, + { FALSE, "&Z" }, + { FALSE, "Z@z" }, + { FALSE, "!" }, { FALSE, "*" }, { FALSE, "$" }, { FALSE, "%" }, + { FALSE, "[" }, { FALSE, "]" }, { FALSE, "{" }, { FALSE, "}" }, + { FALSE, "|" }, { FALSE, "~" }, { FALSE, "^" }, { FALSE, "_" }, + { FALSE, "\"" }, { FALSE, "\\" }, { FALSE, "ä" }, { FALSE, "à " }, + { TRUE, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789 '()+,-./:=?" }, + }; + + chunk_t chunk; + int i; + + ck_assert(asn1_is_printablestring(chunk_empty)); + + for (i = 0; i < countof(test); i++) + { + chunk = chunk_from_str(test[i].string); + ck_assert(asn1_is_printablestring(chunk) == test[i].printable); + } +} +END_TEST + +/******************************************************************************* + * to_time + */ + +START_TEST(test_asn1_to_time) +{ + typedef struct { + time_t time; + u_int8_t type; + char *string; + } testdata_t; + + testdata_t test[] = { + { 352980, 0x18, "197001050203Z" }, + { 352984, 0x18, "19700105020304Z" }, + { 352980, 0x17, "7001050203Z" }, + { 347580, 0x17, "7001050203+0130" }, + { 358380, 0x17, "7001050203-0130" }, + { 352984, 0x17, "700105020304Z" }, + { 347584, 0x17, "700105020304+0130" }, + { 358384, 0x17, "700105020304-0130" }, + { 0, 0x17, "700105020304+01" }, + { 0, 0x17, "700105020304-01" }, + { 0, 0x17, "700105020304" }, + { 0, 0x17, "70010502Z" }, + { 0, 0x17, "7001050203xxZ" }, + { 0, 0x17, "7000050203Z" }, + { 0, 0x17, "7013050203Z" }, + { 0, 0x17, "7001004203Z" }, + { 0, 0x17, "7001320203Z" }, + { 0, 0x17, "700101-103Z" }, + { 0, 0x17, "7001016003Z" }, + { 0, 0x17, "70010102-1Z" }, + { 0, 0x17, "7001010260Z" }, + { 0, 0x17, "7001010203-1Z" }, + { 0, 0x17, "700101020361Z" }, + { -631152000, 0x17, "500101000000Z" }, /* UTCTime min */ + { 59, 0x17, "691231235959-0001" }, + { -1, 0x17, "691231235959Z" }, + { 0, 0x17, "700101000000Z" }, + { -60, 0x17, "700101000000+0001" }, + { 2524607999UL, 0x17, "491231235959Z" }, /* UTCTime max */ + { 5097600, 0x17, "7003010000Z" }, + { 68256000, 0x17, "7203010000Z" }, + { 951868800, 0x17, "0003010000Z" }, + { 4107542400UL, 0x18, "210003010000Z" } + }; + + int i; + chunk_t chunk; + + for (i = 0; i < countof(test); i++) + { + if (sizeof(time_t) == 4 && test[i].time < 0) + { + continue; + } + chunk = chunk_from_str(test[i].string); + ck_assert(asn1_to_time(&chunk, test[i].type) == test[i].time); + } +} +END_TEST + +/******************************************************************************* + * from_time + */ + +START_TEST(test_asn1_from_time) +{ + typedef struct { + time_t time; + u_int8_t type; + chunk_t chunk; + } testdata_t; + + testdata_t test[] = { + { 352984, 0x18, chunk_from_chars( + 0x18, 0x0f, 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x35, + 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x5a) }, + { 352984, 0x17, chunk_from_chars( + 0x17, 0x0d, 0x37, 0x30, 0x30, 0x31, 0x30, 0x35, + 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x5a) }, + { 1078099200, 0x17, chunk_from_chars( + 0x17, 0x0d, 0x30, 0x34, 0x30, 0x33, 0x30, 0x31, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a) }, + { 4107542400UL, 0x18, chunk_from_chars( + 0x18, 0x0f, 0x32, 0x31, 0x30, 0x30, 0x30, 0x33, 0x30, 0x31, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5a) } + }; + + int i; + chunk_t chunk; + + for (i = 0; i < countof(test); i++) + { + if (sizeof(time_t) == 4 && test[i].time < 0) + { + continue; + } + chunk = asn1_from_time(&test[i].time, test[i].type); + ck_assert(chunk_equals(chunk, test[i].chunk)); + free(chunk.ptr); + } +} +END_TEST + +/******************************************************************************* + * parse_time + */ + +START_TEST(test_asn1_parse_time) +{ + typedef struct { + time_t time; + chunk_t chunk; + } testdata_t; + + testdata_t test[] = { + { 352984, chunk_from_chars( + 0x18, 0x0f, 0x31, 0x39, 0x37, 0x30, 0x30, 0x31, 0x30, 0x35, + 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x5a) }, + { 352984, chunk_from_chars( + 0x17, 0x0d, 0x37, 0x30, 0x30, 0x31, 0x30, 0x35, + 0x30, 0x32, 0x30, 0x33, 0x30, 0x34, 0x5a) }, + { 0, chunk_from_chars(0x05, 0x00) } + }; + + int i; + + for (i = 0; i < countof(test); i++) + { + ck_assert(asn1_parse_time(test[i].chunk, 0) == test[i].time); + } +} +END_TEST + +/******************************************************************************* + * build_object + */ + +START_TEST(test_asn1_build_object) +{ + typedef struct { + size_t len; + size_t size; + u_char *b; + } testdata_t; + + u_char b0[] = { 0x05, 0x00 }; + u_char b1[] = { 0x04, 0x7f }; + u_char b2[] = { 0x04, 0x81, 0x80 }; + u_char b3[] = { 0x04, 0x81, 0xff }; + u_char b4[] = { 0x04, 0x82, 0x01, 0x00 }; + u_char b5[] = { 0x04, 0x82, 0xff, 0xff }; + u_char b6[] = { 0x04, 0x83, 0x01, 0x00, 0x00 }; + + testdata_t test[] = { + { 0, sizeof(b0), b0 }, + { 127, sizeof(b1), b1 }, + { 128, sizeof(b2), b2 }, + { 255, sizeof(b3), b3 }, + { 256, sizeof(b4), b4 }, + { 65535, sizeof(b5), b5 }, + { 65536, sizeof(b6), b6 } + }; + + chunk_t a = chunk_empty; + u_char *pos; + int i; + + for (i = 0; i < countof(test); i++) + { + pos = asn1_build_object(&a, test[i].b[0], test[i].len); + ck_assert(pos == (a.ptr + test[i].size)); + ck_assert(a.len == test[i].size + test[i].len); + ck_assert(memeq(a.ptr, test[i].b, test[i].size)); + chunk_free(&a); + } +} +END_TEST + +/******************************************************************************* + * simple_object + */ + +START_TEST(test_asn1_simple_object) +{ + chunk_t a = chunk_empty; + chunk_t b = chunk_from_chars(0x04, 0x05, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5); + chunk_t c = chunk_from_chars(0xa1, 0xa2, 0xa3, 0xa4, 0xa5); + + a = asn1_simple_object(0x04, c); + ck_assert(chunk_equals(a, b)); + chunk_free(&a); +} +END_TEST + +/******************************************************************************* + * parse_simple_object + */ + +START_TEST(test_asn1_parse_simple_object) +{ + typedef struct { + bool res; + int type; + chunk_t chunk; + } testdata_t; + + testdata_t test[] = { + { FALSE, 0x04, chunk_from_chars(0x04) }, + { FALSE, 0x04, chunk_from_chars(0x02, 0x01, 0x55) }, + { FALSE, 0x04, chunk_from_chars(0x04, 0x01) }, + { TRUE, 0x04, chunk_from_chars(0x04, 0x01, 0x55) }, + { TRUE, 0x06, chunk_from_chars(0x06, 0x02, 0x55, 0x03) }, + { TRUE, 0x06, chunk_from_chars(0x06, 0x00) }, + { TRUE, 0x13, chunk_from_chars(0x13, 0x01, 0x55), } + }; + + int i; + bool res; + + for (i = 0; i < countof(test); i++) + { + res = asn1_parse_simple_object(&test[i].chunk, test[i].type, 0, "test"); + ck_assert(res == test[i].res); + if (res && test[i].chunk.len) + { + ck_assert(*test[i].chunk.ptr == 0x55); + } + } +} +END_TEST + +/******************************************************************************* + * bitstring + */ + +START_TEST(test_asn1_bitstring) +{ + chunk_t a = chunk_empty; + chunk_t b = chunk_from_chars(0x03, 0x05, 0x00, 0xa1, 0xa2, 0xa3, 0xa4); + chunk_t c = chunk_from_chars(0xa1, 0xa2, 0xa3, 0xa4); + chunk_t d = chunk_clone(c); + + a = asn1_bitstring("c", c); + ck_assert(chunk_equals(a, b)); + chunk_free(&a); + + a = asn1_bitstring("m", d); + ck_assert(chunk_equals(a, b)); + chunk_free(&a); +} +END_TEST + +/******************************************************************************* + * integer + */ + +START_TEST(test_asn1_integer) +{ + typedef struct { + chunk_t b; + chunk_t c; + } testdata_t; + + chunk_t b0 = chunk_from_chars(0x02, 0x01, 0x00); + chunk_t b1 = chunk_from_chars(0x02, 0x01, 0x7f); + chunk_t b2 = chunk_from_chars(0x02, 0x02, 0x00, 0x80); + + chunk_t c0 = chunk_empty; + chunk_t c1 = chunk_from_chars(0x7f); + chunk_t c2 = chunk_from_chars(0x80); + chunk_t c3 = chunk_from_chars(0x00, 0x80); + + testdata_t test[] = { + { b0, c0 }, + { b1, c1 }, + { b2, c2 }, + { b2, c3 } + }; + + chunk_t a = chunk_empty; + int i; + + for (i = 0; i < countof(test); i++) + { + a = asn1_integer("c", test[i].c); + ck_assert(chunk_equals(a, test[i].b)); + chunk_free(&a); + + a = asn1_integer("m", chunk_clone(test[i].c)); + ck_assert(chunk_equals(a, test[i].b)); + chunk_free(&a); + } +} +END_TEST + +/******************************************************************************* + * parse_integer_uint64 + */ + +START_TEST(test_asn1_parse_integer_uint64) +{ + typedef struct { + u_int64_t n; + chunk_t chunk; + } testdata_t; + + + testdata_t test[] = { + { 67305985ULL, chunk_from_chars( + 0x04, 0x03, 0x02, 0x01) }, + { 578437695752307201ULL, chunk_from_chars( + 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01) }, + { 18446744073709551615ULL, chunk_from_chars( + 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff) } + }; + + int i; + + for (i = 0; i < countof(test); i++) + { + ck_assert(asn1_parse_integer_uint64(test[i].chunk) == test[i].n); + } +} +END_TEST + +Suite *asn1_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("asn1"); + + tc = tcase_create("algorithmIdentifier"); + tcase_add_test(tc, test_asn1_algorithmIdentifier); + suite_add_tcase(s, tc); + + tc = tcase_create("parse_algorithmIdentifier"); + tcase_add_test(tc, test_asn1_parse_algorithmIdentifier); + suite_add_tcase(s, tc); + + tc = tcase_create("known_oid"); + tcase_add_test(tc, test_asn1_known_oid); + suite_add_tcase(s, tc); + + tc = tcase_create("build_known_oid"); + tcase_add_test(tc, test_asn1_build_known_oid); + suite_add_tcase(s, tc); + + tc = tcase_create("oid_from_string"); + tcase_add_test(tc, test_asn1_oid_from_string); + suite_add_tcase(s, tc); + + tc = tcase_create("oid_to_string"); + tcase_add_test(tc, test_asn1_oid_to_string); + suite_add_tcase(s, tc); + + tc = tcase_create("length"); + tcase_add_test(tc, test_asn1_length); + suite_add_tcase(s, tc); + + tc = tcase_create("unwrap"); + tcase_add_test(tc, test_asn1_unwrap); + suite_add_tcase(s, tc); + + tc = tcase_create("is_asn1"); + tcase_add_test(tc, test_is_asn1); + suite_add_tcase(s, tc); + + tc = tcase_create("is_printablestring"); + tcase_add_test(tc, test_asn1_is_printablestring); + suite_add_tcase(s, tc); + + tc = tcase_create("to_time"); + tcase_add_test(tc, test_asn1_to_time); + suite_add_tcase(s, tc); + + tc = tcase_create("from_time"); + tcase_add_test(tc, test_asn1_from_time); + suite_add_tcase(s, tc); + + tc = tcase_create("parse_time"); + tcase_add_test(tc, test_asn1_parse_time); + suite_add_tcase(s, tc); + + tc = tcase_create("build_object"); + tcase_add_test(tc, test_asn1_build_object); + suite_add_tcase(s, tc); + + tc = tcase_create("simple_object"); + tcase_add_test(tc, test_asn1_simple_object); + suite_add_tcase(s, tc); + + tc = tcase_create("parse_simple_object"); + tcase_add_test(tc, test_asn1_parse_simple_object); + suite_add_tcase(s, tc); + + tc = tcase_create("bitstring"); + tcase_add_test(tc, test_asn1_bitstring); + suite_add_tcase(s, tc); + + tc = tcase_create("integer"); + tcase_add_test(tc, test_asn1_integer); + suite_add_tcase(s, tc); + + tc = tcase_create("parse_integer_uint64"); + tcase_add_test(tc, test_asn1_parse_integer_uint64); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/tests/suites/test_asn1_parser.c b/src/libstrongswan/tests/suites/test_asn1_parser.c new file mode 100644 index 000000000..973562bff --- /dev/null +++ b/src/libstrongswan/tests/suites/test_asn1_parser.c @@ -0,0 +1,291 @@ +/* + * Copyright (C) 2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <asn1/asn1_parser.h> +#include <utils/chunk.h> + +/******************************************************************************* + * utilities + */ + +typedef struct { + bool success; + int count; + chunk_t blob; +} asn1_test_t; + +static void run_parser_test(const asn1Object_t *objects, int id, + asn1_test_t *test) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID, count = 0; + bool success; + + parser = asn1_parser_create(objects, test->blob); + while (parser->iterate(parser, &objectID, &object)) + { + if (objectID == id) + { + count++; + } + } + success = parser->success(parser); + parser->destroy(parser); + + ck_assert(success == test->success && count == test->count); +} + +/******************************************************************************* + * length + */ + +static const asn1Object_t octetStringObjects[] = { + { 0, "octetString", ASN1_OCTET_STRING, ASN1_BODY }, /* 0 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; + +asn1_test_t length_tests[] = { + { FALSE, 0, { NULL, 0 } }, + { FALSE, 0, chunk_from_chars(0x04) }, + { TRUE, 1, chunk_from_chars(0x04, 0x00) }, + { TRUE, 1, chunk_from_chars(0x04, 0x01, 0xaa) }, + { FALSE, 0, chunk_from_chars(0x04, 0x7f) }, + { FALSE, 0, chunk_from_chars(0x04, 0x80) }, + { FALSE, 0, chunk_from_chars(0x04, 0x81) }, + { TRUE, 1, chunk_from_chars(0x04, 0x81, 0x00) }, + { FALSE, 0, chunk_from_chars(0x04, 0x81, 0x01) }, + { TRUE, 1, chunk_from_chars(0x04, 0x81, 0x01, 0xaa) }, + { FALSE, 0, chunk_from_chars(0x04, 0x82, 0x00, 0x01) }, + { TRUE, 1, chunk_from_chars(0x04, 0x82, 0x00, 0x01, 0xaa) }, + { FALSE, 0, chunk_from_chars(0x04, 0x83, 0x00, 0x00, 0x01) }, + { TRUE, 1, chunk_from_chars(0x04, 0x83, 0x00, 0x00, 0x01, 0xaa) }, + { FALSE, 0, chunk_from_chars(0x04, 0x84, 0x00, 0x00, 0x00, 0x01) }, + { TRUE, 1, chunk_from_chars(0x04, 0x84, 0x00, 0x00, 0x00, 0x01, 0xaa) }, +}; + +START_TEST(test_asn1_parser_length) +{ + run_parser_test(octetStringObjects, 0, &length_tests[_i]); +} +END_TEST + +/******************************************************************************* + * loop + */ + +static const asn1Object_t loopObjects[] = { + { 0, "loopObjects", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ + { 1, "octetString", ASN1_OCTET_STRING, ASN1_BODY }, /* 1 */ + { 0, "end loop", ASN1_EOC, ASN1_END }, /* 2 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; + +asn1_test_t loop_tests[] = { + { TRUE, 0, chunk_from_chars(0x30, 0x00) }, + { FALSE, 0, chunk_from_chars(0x30, 0x02, 0x04, 0x01) }, + { TRUE, 1, chunk_from_chars(0x30, 0x03, 0x04, 0x01, 0xaa) }, + { TRUE, 2, chunk_from_chars(0x30, 0x05, 0x04, 0x01, 0xaa, 0x04, 0x00) }, + { FALSE, 1, chunk_from_chars(0x30, 0x05, 0x04, 0x01, 0xaa, 0x05, 0x00) }, + { TRUE, 3, chunk_from_chars(0x30, 0x09, 0x04, 0x01, 0xaa, 0x04, 0x00, + 0x04, 0x02, 0xbb, 0xcc) }, +}; + +START_TEST(test_asn1_parser_loop) +{ + run_parser_test(loopObjects, 1, &loop_tests[_i]); +} +END_TEST + +/******************************************************************************* + * default + */ + +typedef struct { + int i1, i2, i3; + chunk_t blob; +} default_opt_test_t; + +static const asn1Object_t defaultObjects[] = { + { 0, "defaultObjects", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ + { 1, "explicit int1", ASN1_CONTEXT_C_1, ASN1_DEF }, /* 1 */ + { 2, "int1", ASN1_INTEGER, ASN1_BODY }, /* 2 */ + { 1, "int2", ASN1_INTEGER, ASN1_DEF|ASN1_BODY }, /* 3 */ + { 1, "implicit int3", ASN1_CONTEXT_S_3, ASN1_DEF|ASN1_BODY }, /* 4 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; + +default_opt_test_t default_tests[] = { + { -1, -2, -3, chunk_from_chars(0x30, 0x00) }, + { 1, -2, -3, chunk_from_chars(0x30, 0x05, 0xa1, 0x03, 0x02, 0x01, 0x01) }, + { -1, 2, -3, chunk_from_chars(0x30, 0x03, 0x02, 0x01, 0x02) }, + { -1, -2, 3, chunk_from_chars(0x30, 0x03, 0x83, 0x01, 0x03) }, + { 1, 2, -3, chunk_from_chars(0x30, 0x08, 0xa1, 0x03, 0x02, 0x01, 0x01, + 0x02, 0x01, 0x02) }, + { 1, -2, 3, chunk_from_chars(0x30, 0x08, 0xa1, 0x03, 0x02, 0x01, 0x01, + 0x83, 0x01, 0x03) }, + { -1, 2, 3, chunk_from_chars(0x30, 0x06, 0x02, 0x01, 0x02, + 0x83, 0x01, 0x03) }, + { 1, 2, 3, chunk_from_chars(0x30, 0x0b, 0xa1, 0x03, 0x02, 0x01, 0x01, + 0x02, 0x01, 0x02, + 0x83, 0x01, 0x03) }, + { 0, 0, 0, chunk_from_chars(0x30, 0x0b, 0xa1, 0x03, 0x04, 0x01, 0xaa, + 0x02, 0x01, 0x02, + 0x83, 0x01, 0x03) }, + { 1, 0, 0, chunk_from_chars(0x30, 0x0b, 0xa1, 0x03, 0x02, 0x01, 0x01, + 0x02, 0x05, 0x02, + 0x83, 0x01, 0x03) }, + { 1, 2, 0, chunk_from_chars(0x30, 0x0b, 0xa1, 0x03, 0x02, 0x01, 0x01, + 0x02, 0x01, 0x02, + 0x83, 0x02, 0x03) }, +}; + +START_TEST(test_asn1_parser_default) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID, i1 = 0, i2 = 0, i3 = 0; + bool success; + + parser = asn1_parser_create(defaultObjects, default_tests[_i].blob); + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case 2: + i1 = object.len ? *object.ptr : -1; + break; + case 3: + i2 = object.len ? *object.ptr : -2; + break; + case 4: + i3 = object.len ? *object.ptr : -3; + break; + default: + break; + } + } + success = parser->success(parser); + parser->destroy(parser); + + ck_assert(success == (default_tests[_i].i1 && + default_tests[_i].i2 && + default_tests[_i].i3)); + + ck_assert(i1 == default_tests[_i].i1 && + i2 == default_tests[_i].i2 && + i3 == default_tests[_i].i3); +} +END_TEST + +/******************************************************************************* + * option + */ + +static const asn1Object_t optionObjects[] = { + { 0, "optionalObjects", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */ + { 1, "sequence int1", ASN1_SEQUENCE, ASN1_OPT }, /* 1 */ + { 2, "int1", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 2 */ + { 2, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 4 */ + { 1, "int2", ASN1_INTEGER, ASN1_OPT|ASN1_BODY }, /* 5 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 6 */ + { 1, "implicit int3", ASN1_CONTEXT_S_3, ASN1_OPT|ASN1_BODY }, /* 7 */ + { 1, "end opt", ASN1_EOC, ASN1_END }, /* 8 */ + { 0, "exit", ASN1_EOC, ASN1_EXIT } +}; + +default_opt_test_t option_tests[] = { + { 0, 0, 0, chunk_from_chars(0x30, 0x00) }, + { 1, 0, 0, chunk_from_chars(0x30, 0x05, 0x30, 0x03, 0x02, 0x01, 0x01) }, + { 0, 2, 0, chunk_from_chars(0x30, 0x03, 0x02, 0x01, 0x02) }, + { 0, 0, 3, chunk_from_chars(0x30, 0x03, 0x83, 0x01, 0x03) }, + { 1, 2, 0, chunk_from_chars(0x30, 0x08, 0x30, 0x03, 0x02, 0x01, 0x01, + 0x02, 0x01, 0x02) }, + { 1, 0, 3, chunk_from_chars(0x30, 0x08, 0x30, 0x03, 0x02, 0x01, 0x01, + 0x83, 0x01, 0x03) }, + { 0, 2, 3, chunk_from_chars(0x30, 0x06, 0x02, 0x01, 0x02, + 0x83, 0x01, 0x03) }, + { 1, 2, 3, chunk_from_chars(0x30, 0x0b, 0x30, 0x03, 0x02, 0x01, 0x01, + 0x02, 0x01, 0x02, + 0x83, 0x01, 0x03) }, + { 0, 2, 3, chunk_from_chars(0x30, 0x08, 0x30, 0x00, + 0x02, 0x01, 0x02, + 0x83, 0x01, 0x03) }, +}; + +START_TEST(test_asn1_parser_option) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID, i1 = 0, i2 = 0, i3 = 0; + bool success; + + parser = asn1_parser_create(optionObjects, option_tests[_i].blob); + while (parser->iterate(parser, &objectID, &object)) + { + switch (objectID) + { + case 2: + i1 = *object.ptr; + break; + case 5: + i2 = *object.ptr; + break; + case 7: + i3 = *object.ptr; + break; + default: + break; + } + } + success = parser->success(parser); + parser->destroy(parser); + + ck_assert(success); + + ck_assert(i1 == option_tests[_i].i1 && + i2 == option_tests[_i].i2 && + i3 == option_tests[_i].i3); +} +END_TEST + +Suite *asn1_parser_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("asn1_parser"); + + tc = tcase_create("length"); + tcase_add_loop_test(tc, test_asn1_parser_length, 0, countof(length_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("loop"); + tcase_add_loop_test(tc, test_asn1_parser_loop, 0, countof(loop_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("default"); + tcase_add_loop_test(tc, test_asn1_parser_default, 0, countof(default_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("option"); + tcase_add_loop_test(tc, test_asn1_parser_option, 0, countof(option_tests)); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/tests/test_bio_reader.c b/src/libstrongswan/tests/suites/test_bio_reader.c index 45b20db00..6a9743d62 100644 --- a/src/libstrongswan/tests/test_bio_reader.c +++ b/src/libstrongswan/tests/suites/test_bio_reader.c @@ -329,7 +329,7 @@ END_TEST */ #define assert_read_data_len(bits) ({ \ - bio_reader_t *reader; \ + bio_reader_t *reader; \ chunk_t read, data; \ int i, len = bits / 8; \ data = chunk_empty; \ diff --git a/src/libstrongswan/tests/test_bio_writer.c b/src/libstrongswan/tests/suites/test_bio_writer.c index 665cd2d7c..e74288eb7 100644 --- a/src/libstrongswan/tests/test_bio_writer.c +++ b/src/libstrongswan/tests/suites/test_bio_writer.c @@ -181,7 +181,7 @@ END_TEST */ #define assert_write_data_len(init, bits) ({ \ - bio_writer_t *writer; \ + bio_writer_t *writer; \ chunk_t buf, data; \ int i, len = bits / 8; \ writer = bio_writer_create(init); \ @@ -240,7 +240,7 @@ END_TEST */ #define assert_wrap_data(init, bits) ({ \ - bio_writer_t *writer; \ + bio_writer_t *writer; \ chunk_t buf, data; \ int i, len = bits / 8; \ writer = bio_writer_create(init); \ diff --git a/src/libstrongswan/tests/test_chunk.c b/src/libstrongswan/tests/suites/test_chunk.c index 8e29971c1..e373fbdb6 100644 --- a/src/libstrongswan/tests/test_chunk.c +++ b/src/libstrongswan/tests/suites/test_chunk.c @@ -14,10 +14,16 @@ * for more details. */ - #include "test_suite.h" +#include <unistd.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <errno.h> + #include <utils/chunk.h> +#include <threading/thread.h> /******************************************************************************* * utilities @@ -672,6 +678,31 @@ static const u_char sip_vectors[64][8] = { 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, } }; +/** + * Our SipHash-2-4 implementation returns the result in host order, which + * doesn't matter for practical purposes and even avoids a byte swap. But + * because the test vectors are in little-endian we have to account for this + * with this custom comparison function. + */ +static inline bool sipeq(const void *a, const void *b, size_t n) +{ + u_char *ap = (u_char*)a, *bp = (u_char*)b; + int i; + + for (i = 0; i < n; i++) + { +#ifdef WORDS_BIGENDIAN + if (ap[i] != bp[n - i - 1]) +#else + if (ap[i] != bp[i]) +#endif + { + return FALSE; + } + } + return TRUE; +} + START_TEST(test_chunk_mac) { chunk_t in; @@ -692,7 +723,7 @@ START_TEST(test_chunk_mac) in.ptr[i] = i; in.len = i; out = chunk_mac(in, key); - fail_unless(memeq(&out, sip_vectors[i], 8), + fail_unless(sipeq(&out, sip_vectors[i], 8), "test vector failed for %d bytes", i); } } @@ -739,7 +770,7 @@ START_TEST(test_chunk_hash_static) in.len = i; /* compared to chunk_mac() we only get half the value back */ out = chunk_hash_static(in); - fail_unless(memeq(&out, sip_vectors[i], 4), + fail_unless(sipeq(&out, sip_vectors[i], 4), "test vector failed for %d bytes", i); } hash_a = chunk_hash_static_inc(in, out); @@ -750,6 +781,116 @@ START_TEST(test_chunk_hash_static) END_TEST /******************************************************************************* + * test for chunk_map and friends + */ + +START_TEST(test_chunk_map) +{ + chunk_t *map, contents = chunk_from_chars(0x01,0x02,0x03,0x04,0x05); + char *path = "/tmp/strongswan-chunk-map-test"; + + ck_assert(chunk_write(contents, path, 022, TRUE)); + + /* read */ + map = chunk_map(path, FALSE); + ck_assert(map != NULL); + ck_assert_msg(chunk_equals(*map, contents), "%B", map); + /* altering mapped chunk should not hurt */ + *map = chunk_empty; + ck_assert(chunk_unmap(map)); + + /* write */ + map = chunk_map(path, TRUE); + ck_assert(map != NULL); + ck_assert_msg(chunk_equals(*map, contents), "%B", map); + map->ptr[0] = 0x06; + ck_assert(chunk_unmap(map)); + + /* verify write */ + contents.ptr[0] = 0x06; + map = chunk_map(path, FALSE); + ck_assert(map != NULL); + ck_assert_msg(chunk_equals(*map, contents), "%B", map); + ck_assert(chunk_unmap(map)); + + unlink(path); +} +END_TEST + +/******************************************************************************* + * test for chunk_from_fd + */ + +START_TEST(test_chunk_from_fd_file) +{ + chunk_t in, contents = chunk_from_chars(0x01,0x02,0x03,0x04,0x05); + char *path = "/tmp/strongswan-chunk-fd-test"; + int fd; + + ck_assert(chunk_write(contents, path, 022, TRUE)); + + fd = open(path, O_RDONLY); + ck_assert(fd != -1); + + ck_assert(chunk_from_fd(fd, &in)); + close(fd); + ck_assert_msg(chunk_equals(in, contents), "%B", &in); + unlink(path); + free(in.ptr); +} +END_TEST + +START_TEST(test_chunk_from_fd_skt) +{ + chunk_t in, contents = chunk_from_chars(0x01,0x02,0x03,0x04,0x05); + int s[2]; + + ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, s) == 0); + ck_assert(write(s[1], contents.ptr, contents.len) == contents.len); + close(s[1]); + ck_assert_msg(chunk_from_fd(s[0], &in), "%s", strerror(errno)); + close(s[0]); + ck_assert_msg(chunk_equals(in, contents), "%B", &in); + free(in.ptr); +} +END_TEST + +#define FROM_FD_COUNT 8192 + +void *chunk_from_fd_run(void *data) +{ + int i, fd = (uintptr_t)data; + + for (i = 0; i < FROM_FD_COUNT; i++) + { + ck_assert(write(fd, &i, sizeof(i)) == sizeof(i)); + } + close(fd); + return NULL; +} + +START_TEST(test_chunk_from_fd_huge) +{ + thread_t *thread; + chunk_t in; + int s[2], i; + + ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, s) == 0); + + thread = thread_create(chunk_from_fd_run, (void*)(uintptr_t)s[1]); + ck_assert_msg(chunk_from_fd(s[0], &in), "%s", strerror(errno)); + ck_assert_int_eq(in.len, FROM_FD_COUNT * sizeof(i)); + for (i = 0; i < FROM_FD_COUNT; i++) + { + ck_assert_int_eq(((int*)in.ptr)[i], i); + } + thread->join(thread); + close(s[0]); + free(in.ptr); +} +END_TEST + +/******************************************************************************* * printf_hook tests */ @@ -866,6 +1007,16 @@ Suite *chunk_suite_create() tcase_add_test(tc, test_chunk_hash_static); suite_add_tcase(s, tc); + tc = tcase_create("chunk_map"); + tcase_add_test(tc, test_chunk_map); + suite_add_tcase(s, tc); + + tc = tcase_create("chunk_from_fd"); + tcase_add_test(tc, test_chunk_from_fd_file); + tcase_add_test(tc, test_chunk_from_fd_skt); + tcase_add_test(tc, test_chunk_from_fd_huge); + suite_add_tcase(s, tc); + tc = tcase_create("printf_hook"); tcase_add_loop_test(tc, test_printf_hook_hash, 0, countof(printf_hook_data)); tcase_add_loop_test(tc, test_printf_hook_plus, 0, countof(printf_hook_data)); diff --git a/src/libstrongswan/tests/suites/test_crypter.c b/src/libstrongswan/tests/suites/test_crypter.c new file mode 100644 index 000000000..4e7550aee --- /dev/null +++ b/src/libstrongswan/tests/suites/test_crypter.c @@ -0,0 +1,107 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <crypto/crypters/crypter.h> +#include <asn1/oid.h> +#include <utils/test.h> + +typedef struct { + int oid; + encryption_algorithm_t alg; + size_t key_size; +}crypter_oid_t; + +static crypter_oid_t oids[] = { + { OID_UNKNOWN, ENCR_AES_CBC, 0 }, + { OID_UNKNOWN, ENCR_CAMELLIA_CBC, 0 }, + { OID_UNKNOWN, ENCR_UNDEFINED, 0 }, + { OID_DES_CBC, ENCR_DES, 0 }, + { OID_3DES_EDE_CBC, ENCR_3DES, 0 }, + { OID_AES128_CBC, ENCR_AES_CBC, 128 }, + { OID_AES192_CBC, ENCR_AES_CBC, 192 }, + { OID_AES256_CBC, ENCR_AES_CBC, 256 }, + { OID_CAMELLIA128_CBC, ENCR_CAMELLIA_CBC, 128 }, + { OID_CAMELLIA192_CBC, ENCR_CAMELLIA_CBC, 192 }, + { OID_CAMELLIA256_CBC, ENCR_CAMELLIA_CBC, 256 } +}; + +START_TEST(test_crypter_from_oid) +{ + size_t key_size; + + ck_assert(encryption_algorithm_from_oid(oids[_i].oid, NULL) == + oids[_i].alg); + ck_assert(encryption_algorithm_from_oid(oids[_i].oid, &key_size) == + oids[_i].alg); + ck_assert(key_size == oids[_i].key_size); +} +END_TEST + +START_TEST(test_crypter_to_oid) +{ + ck_assert(encryption_algorithm_to_oid(oids[_i].alg, + oids[_i].key_size) == oids[_i].oid); +} +END_TEST + +typedef struct { + encryption_algorithm_t alg; + bool is_aead; +}crypter_aead_t; + +static crypter_aead_t aead[] = { + { ENCR_AES_CCM_ICV8, TRUE }, + { ENCR_AES_CCM_ICV12, TRUE }, + { ENCR_AES_CCM_ICV16, TRUE }, + { ENCR_AES_GCM_ICV8, TRUE }, + { ENCR_AES_GCM_ICV12, TRUE }, + { ENCR_AES_GCM_ICV16, TRUE }, + { ENCR_NULL_AUTH_AES_GMAC, TRUE }, + { ENCR_CAMELLIA_CCM_ICV8, TRUE }, + { ENCR_CAMELLIA_CCM_ICV12, TRUE }, + { ENCR_CAMELLIA_CCM_ICV16, TRUE }, + { ENCR_AES_CBC, FALSE }, + { ENCR_CAMELLIA_CBC, FALSE } +}; + +START_TEST(test_crypter_is_aead) +{ + ck_assert(encryption_algorithm_is_aead(aead[_i].alg) == aead[_i].is_aead); +} +END_TEST + +Suite *crypter_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("crypter"); + + tc = tcase_create("from_oid"); + tcase_add_loop_test(tc, test_crypter_from_oid, 2, countof(oids)); + suite_add_tcase(s, tc); + + tc = tcase_create("to_oid"); + tcase_add_loop_test(tc, test_crypter_to_oid, 0, countof(oids)); + suite_add_tcase(s, tc); + + tc = tcase_create("is_aead"); + tcase_add_loop_test(tc, test_crypter_is_aead, 0, countof(aead)); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/tests/test_ecdsa.c b/src/libstrongswan/tests/suites/test_ecdsa.c index 2955bae2f..3c842996d 100644 --- a/src/libstrongswan/tests/test_ecdsa.c +++ b/src/libstrongswan/tests/suites/test_ecdsa.c @@ -222,11 +222,17 @@ Suite *ecdsa_suite_create() { Suite *s; TCase *tc; + int gen_count = countof(key_sizes); s = suite_create("ecdsa"); + if (getenv("TESTS_REDUCED_KEYLENGTHS") != NULL) + { + gen_count = min(1, gen_count); + } + tc = tcase_create("generate"); - tcase_add_loop_test(tc, test_gen, 0, countof(key_sizes)); + tcase_add_loop_test(tc, test_gen, 0, gen_count); suite_add_tcase(s, tc); tc = tcase_create("load"); diff --git a/src/libstrongswan/tests/test_enum.c b/src/libstrongswan/tests/suites/test_enum.c index 990d9cfad..990d9cfad 100644 --- a/src/libstrongswan/tests/test_enum.c +++ b/src/libstrongswan/tests/suites/test_enum.c diff --git a/src/libstrongswan/tests/test_enumerator.c b/src/libstrongswan/tests/suites/test_enumerator.c index b5dde4650..b5dde4650 100644 --- a/src/libstrongswan/tests/test_enumerator.c +++ b/src/libstrongswan/tests/suites/test_enumerator.c diff --git a/src/libstrongswan/tests/suites/test_fetch_http.c b/src/libstrongswan/tests/suites/test_fetch_http.c new file mode 100644 index 000000000..8749ff375 --- /dev/null +++ b/src/libstrongswan/tests/suites/test_fetch_http.c @@ -0,0 +1,273 @@ +/* + * Copyright (C) 2014 Martin Willi + * Copyright (C) 2014 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <unistd.h> +#include <time.h> + +/** + * HTTP test definition + */ +typedef struct { + /* HTTP Method */ + char *meth; + /* HTTP 1.x minor version */ + int minor; + /* host to connect to */ + char *host; + /* HTTP service port */ + int port; + /* path on host to fetch from */ + char *path; + /* request Content-Type, if any */ + char *type; + /* request data, if any */ + void *req; + /* length of request data */ + int req_len; + /* response data, if any */ + void *res; + /* length of response data */ + int res_len; +} test_service_t; + +static char large[] = { + 0x88,0x3e,0xa3,0xe3,0x95,0x67,0x53,0x93,0xc8,0xce,0x5c,0xcd,0x8c,0x03,0x0c,0xa8, + 0x94,0xaf,0x49,0xf6,0xc6,0x50,0xad,0xb8,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc, + 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f, + 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6, + 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32, + 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7, + 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15, + 0xb4,0xa3,0x15,0x08,0xbe,0xff,0x4d,0x31,0x81,0x39,0x62,0x29,0xf0,0x90,0x79,0x02, + 0x4d,0x0c,0xf4,0x9e,0xe5,0xd4,0xdc,0xca,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc, + 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f, + 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6, + 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32, + 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7, + 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15, + 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f, + 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6, + 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32, + 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7, + 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15, + 0xb4,0xa3,0x15,0x08,0xbe,0xff,0x4d,0x31,0x81,0x39,0x62,0x29,0xf0,0x90,0x79,0x02, + 0x4d,0x0c,0xf4,0x9e,0xe5,0xd4,0xdc,0xca,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc, + 0xf3,0x15,0xbb,0x5b,0xb8,0x35,0xd8,0x17,0xad,0xcf,0x6b,0x07,0x63,0x61,0x2e,0x2f, + 0xa5,0xc9,0x1d,0xa7,0xac,0xaa,0x4d,0xde,0x71,0x65,0x95,0x87,0x66,0x50,0xa2,0xa6, + 0x28,0xef,0x49,0x5c,0x53,0xa3,0x87,0xad,0x42,0xc3,0x41,0xd8,0xfa,0x92,0xd8,0x32, + 0xce,0x7c,0xf2,0x72,0x2f,0x51,0x27,0x71,0xe3,0x78,0x59,0xf9,0x46,0x23,0xf3,0xa7, + 0x38,0x12,0x05,0xbb,0x1a,0xb0,0xe0,0x12,0xae,0x97,0xa1,0x0f,0xd4,0x34,0xe0,0x15, + 0xb4,0xa3,0x15,0x08,0xbe,0xff,0x4d,0x31,0x81,0x39,0x62,0x29,0xf0,0x90,0x79,0x02, + 0x4d,0x0c,0xf4,0x9e,0xe5,0xd4,0xdc,0xca,0xea,0xb8,0x85,0x8a,0xde,0x92,0xe1,0xbc, +}; + +static bool servicing(void *data, stream_t *stream) +{ + test_service_t *test = (test_service_t*)data; + char buf[1024], hdr[256], *start, *end = NULL, *body = NULL, *type = NULL; + struct tm tm; + time_t t; + ssize_t len, tot = 0; + int nr = 0; + + start = buf; + + /* parse method and headers */ + while (end != start) + { + len = stream->read(stream, buf + tot, sizeof(buf) - tot, TRUE); + ck_assert(len > 0); + tot += len; + + while (TRUE) + { + end = memchr(start, '\n', tot); + if (!end) + { + break; + } + *end = '\0'; + ck_assert(end > buf); + ck_assert(*(--end) == '\r'); + *end = '\0'; + if (end == start) + { + body = end + strlen("\r\n"); + break; + } + switch (nr++) + { + case 0: + snprintf(hdr, sizeof(hdr), "%s %s HTTP/1.%u", + test->meth, test->path, test->minor); + ck_assert_str_eq(hdr, start); + break; + default: + if (strcasepfx(start, "Content-Length: ")) + { + ck_assert_int_eq( + atoi(start + strlen("Content-Length: ")), + test->req_len); + } + if (strcasepfx(start, "Content-Type: ")) + { + type = start + strlen("Content-Type: "); + } + break; + } + start = end + strlen("\r\n"); + } + } + + if (test->type) + { + ck_assert(type); + ck_assert_str_eq(type, test->type); + } + + /* request body */ + if (test->req_len) + { + ck_assert(stream->read_all(stream, buf + tot, + test->req_len - (tot - (body - buf)))); + ck_assert(memeq(body, test->req, test->req_len)); + } + + /* response headers */ + snprintf(buf, sizeof(buf), "HTTP/1.%u 200 OK\r\n", test->minor); + ck_assert(stream->write_all(stream, buf, strlen(buf))); + t = time(NULL); + gmtime_r(&t, &tm); + strftime(buf, sizeof(buf), "%a, %d %b %Y %T %z", &tm); + ck_assert(stream->write_all(stream, buf, strlen(buf))); + snprintf(buf, sizeof(buf), "Server: strongSwan unit test\r\n"); + ck_assert(stream->write_all(stream, buf, strlen(buf))); + + /* rest of response headers */ + snprintf(buf, sizeof(buf), "Content-Type: text/plain\r\n"); + ck_assert(stream->write_all(stream, buf, strlen(buf))); + snprintf(buf, sizeof(buf), "Content-Length: %u\r\n", test->res_len); + ck_assert(stream->write_all(stream, buf, strlen(buf))); + snprintf(buf, sizeof(buf), "Connection: close\r\n"); + ck_assert(stream->write_all(stream, buf, strlen(buf))); + snprintf(buf, sizeof(buf), "\r\n"); + ck_assert(stream->write_all(stream, buf, strlen(buf))); + + /* response body */ + ck_assert(stream->write_all(stream, test->res, test->res_len)); + return FALSE; +} + +static test_service_t gtests[] = { + { "GET", 1, "127.0.0.1", 6543, "/a/test/?b=c", NULL, + NULL, 0, "\x12\x34", 2 }, + { "GET", 0, "localhost", 6543, "/", NULL, + NULL, 0, NULL, 0 }, + { "GET", 0, "127.0.0.1", 6543, "/largefile", NULL, + NULL, 0, large, sizeof(large) }, + { "GET", 1, "[::1]", 6543, "/ipv6-url", NULL, + NULL, 0, "\x00\r\n\r\x00testdatablabla", 20 }, +}; + +START_TEST(test_get) +{ + stream_service_t *service; + status_t status; + chunk_t data, expected; + char uri[256]; + + lib->processor->set_threads(lib->processor, 8); + + snprintf(uri, sizeof(uri), "tcp://%s:%u", gtests[_i].host, gtests[_i].port); + service = lib->streams->create_service(lib->streams, uri, 1); + ck_assert(service != NULL); + service->on_accept(service, servicing, >ests[_i], JOB_PRIO_HIGH, 0); + + snprintf(uri, sizeof(uri), "http://%s:%u%s", + gtests[_i].host, gtests[_i].port, gtests[_i].path); + status = lib->fetcher->fetch(lib->fetcher, uri, &data, + !gtests[_i].minor ? FETCH_HTTP_VERSION_1_0 : FETCH_END, + FETCH_END); + ck_assert_int_eq(status, SUCCESS); + expected = chunk_create(gtests[_i].res, gtests[_i].res_len); + ck_assert_msg(chunk_compare(expected, data) == 0, + "exp %B\ngot %B\n", &expected, &data); + free(data.ptr); + + service->destroy(service); +} +END_TEST + + +static test_service_t ptests[] = { + { "POST", 1, "127.0.0.1", 6543, "/a/test/?b=c", "application/binary", + "\x23\x45", 2, "\x12\x34", 2 }, + { "POST", 0, "localhost", 6543, "/largefile", "application/x-large", + large, sizeof(large), large, sizeof(large) }, + { "POST", 1, "[::1]", 6543, "/ipv6-url", "text/plain", + "\x00\r\n\r\x00testdatablabla", 20, "\x00\r\n\r\x00testdatablabla", 20 }, +}; + +START_TEST(test_post) +{ + stream_service_t *service; + status_t status; + chunk_t data, expected; + char uri[256]; + + lib->processor->set_threads(lib->processor, 8); + + snprintf(uri, sizeof(uri), "tcp://%s:%u", ptests[_i].host, ptests[_i].port); + service = lib->streams->create_service(lib->streams, uri, 1); + ck_assert(service != NULL); + service->on_accept(service, servicing, &ptests[_i], JOB_PRIO_HIGH, 0); + + snprintf(uri, sizeof(uri), "http://%s:%u%s", + ptests[_i].host, ptests[_i].port, ptests[_i].path); + status = lib->fetcher->fetch(lib->fetcher, uri, &data, + FETCH_REQUEST_TYPE, ptests[_i].type, + FETCH_REQUEST_DATA, + chunk_create(ptests[_i].req, ptests[_i].req_len), + !ptests[_i].minor ? FETCH_HTTP_VERSION_1_0 : FETCH_END, + FETCH_END); + ck_assert_int_eq(status, SUCCESS); + expected = chunk_create(ptests[_i].res, ptests[_i].res_len); + ck_assert_msg(chunk_compare(expected, data) == 0, + "exp %B\ngot %B\n", &expected, &data); + free(data.ptr); + + service->destroy(service); +} +END_TEST + +Suite *fetch_http_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("http fetcher"); + + tc = tcase_create("GET"); + tcase_add_loop_test(tc, test_get, 0, countof(gtests)); + suite_add_tcase(s, tc); + + tc = tcase_create("POST"); + tcase_add_loop_test(tc, test_post, 0, countof(ptests)); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/tests/suites/test_hasher.c b/src/libstrongswan/tests/suites/test_hasher.c new file mode 100644 index 000000000..41a9d64ef --- /dev/null +++ b/src/libstrongswan/tests/suites/test_hasher.c @@ -0,0 +1,189 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <crypto/hashers/hasher.h> +#include <crypto/prfs/prf.h> +#include <crypto/signers/signer.h> +#include <asn1/oid.h> +#include <utils/test.h> + +typedef struct { + int oid; + hash_algorithm_t alg; + key_type_t key; +}hasher_oid_t; + +static hasher_oid_t oids[] = { + { OID_MD2, HASH_MD2, KEY_ANY }, + { OID_MD5, HASH_MD5, KEY_ANY }, + { OID_SHA1, HASH_SHA1, KEY_ANY }, + { OID_SHA224, HASH_SHA224, KEY_ANY }, + { OID_SHA256, HASH_SHA256, KEY_ANY }, + { OID_SHA384, HASH_SHA384, KEY_ANY }, + { OID_SHA512, HASH_SHA512, KEY_ANY }, + { OID_UNKNOWN, HASH_UNKNOWN, KEY_ANY }, + { OID_MD2_WITH_RSA, HASH_MD2, KEY_RSA }, + { OID_MD5_WITH_RSA, HASH_MD5, KEY_RSA }, + { OID_SHA1_WITH_RSA, HASH_SHA1, KEY_RSA }, + { OID_SHA224_WITH_RSA, HASH_SHA224, KEY_RSA }, + { OID_SHA256_WITH_RSA, HASH_SHA256, KEY_RSA }, + { OID_SHA384_WITH_RSA, HASH_SHA384, KEY_RSA }, + { OID_SHA512_WITH_RSA, HASH_SHA512, KEY_RSA }, + { OID_UNKNOWN, HASH_UNKNOWN, KEY_RSA }, + { OID_ECDSA_WITH_SHA1, HASH_SHA1, KEY_ECDSA }, + { OID_ECDSA_WITH_SHA256, HASH_SHA256, KEY_ECDSA }, + { OID_ECDSA_WITH_SHA384, HASH_SHA384, KEY_ECDSA }, + { OID_ECDSA_WITH_SHA512, HASH_SHA512, KEY_ECDSA }, + { OID_UNKNOWN, HASH_UNKNOWN, KEY_ECDSA } +}; + +START_TEST(test_hasher_from_oid) +{ + ck_assert(hasher_algorithm_from_oid(oids[_i].oid) == oids[_i].alg); +} +END_TEST + +START_TEST(test_hasher_to_oid) +{ + ck_assert(hasher_algorithm_to_oid(oids[_i].alg) == oids[_i].oid); +} +END_TEST + +START_TEST(test_hasher_sig_to_oid) +{ + ck_assert(hasher_signature_algorithm_to_oid(oids[_i].alg, + oids[_i].key) == oids[_i].oid); +} +END_TEST + +typedef struct { + pseudo_random_function_t prf; + hash_algorithm_t alg; +}hasher_prf_t; + +static hasher_prf_t prfs[] = { + { PRF_HMAC_MD5, HASH_MD5 }, + { PRF_HMAC_SHA1, HASH_SHA1 }, + { PRF_FIPS_SHA1_160, HASH_SHA1 }, + { PRF_KEYED_SHA1, HASH_SHA1 }, + { PRF_HMAC_SHA2_256, HASH_SHA256 }, + { PRF_HMAC_SHA2_384, HASH_SHA384 }, + { PRF_HMAC_SHA2_512, HASH_SHA512 }, + { PRF_HMAC_TIGER, HASH_UNKNOWN }, + { PRF_AES128_XCBC, HASH_UNKNOWN }, + { PRF_AES128_CMAC, HASH_UNKNOWN }, + { PRF_FIPS_DES, HASH_UNKNOWN }, + { PRF_CAMELLIA128_XCBC, HASH_UNKNOWN }, + { PRF_UNDEFINED, HASH_UNKNOWN }, + { 0, HASH_UNKNOWN } +}; + +START_TEST(test_hasher_from_prf) +{ + ck_assert(hasher_algorithm_from_prf(prfs[_i].prf) == prfs[_i].alg); +} +END_TEST + +typedef struct { + integrity_algorithm_t auth; + hash_algorithm_t alg; + size_t length; +}hasher_auth_t; + +static hasher_auth_t auths[] = { + { AUTH_UNDEFINED, HASH_MD2, 0 }, + { AUTH_UNDEFINED, HASH_MD4, 0 }, + { AUTH_UNDEFINED, HASH_SHA224, 0 }, + { AUTH_UNDEFINED, 9, 0 }, + { AUTH_UNDEFINED, HASH_UNKNOWN, 0 }, + { AUTH_HMAC_MD5_96, HASH_MD5, 12 }, + { AUTH_HMAC_SHA1_96, HASH_SHA1, 12 }, + { AUTH_HMAC_SHA2_256_96, HASH_SHA256, 12 }, + { AUTH_HMAC_MD5_128, HASH_MD5, 16 }, + { AUTH_HMAC_SHA1_128, HASH_SHA1, 16 }, + { AUTH_HMAC_SHA2_256_128, HASH_SHA256, 16 }, + { AUTH_HMAC_SHA1_160, HASH_SHA1, 20 }, + { AUTH_HMAC_SHA2_384_192, HASH_SHA384, 24 }, + { AUTH_HMAC_SHA2_256_256, HASH_SHA256, 32 }, + { AUTH_HMAC_SHA2_512_256, HASH_SHA512, 32 }, + { AUTH_HMAC_SHA2_384_384, HASH_SHA384, 48 }, + { AUTH_HMAC_SHA2_512_512, HASH_SHA512, 64 }, + { AUTH_AES_CMAC_96, HASH_UNKNOWN, 0 }, + { AUTH_AES_128_GMAC, HASH_UNKNOWN, 0 }, + { AUTH_AES_192_GMAC, HASH_UNKNOWN, 0 }, + { AUTH_AES_256_GMAC, HASH_UNKNOWN, 0 }, + { AUTH_AES_XCBC_96, HASH_UNKNOWN, 0 }, + { AUTH_DES_MAC, HASH_UNKNOWN, 0 }, + { AUTH_CAMELLIA_XCBC_96, HASH_UNKNOWN, 0 }, + { 0, HASH_UNKNOWN, 0 } +}; + +START_TEST(test_hasher_from_integrity) +{ + size_t length; + + length = 0; + ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, NULL) == + auths[_i].alg); + ck_assert(hasher_algorithm_from_integrity(auths[_i].auth, &length) == + auths[_i].alg); + ck_assert(length == auths[_i].length); +} +END_TEST + +START_TEST(test_hasher_to_integrity) +{ + ck_assert(hasher_algorithm_to_integrity( + auths[_i].alg, auths[_i].length) == auths[_i].auth); + ck_assert(hasher_algorithm_to_integrity( + auths[_i].alg, 0) == AUTH_UNDEFINED); +} +END_TEST + +Suite *hasher_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("hasher"); + + tc = tcase_create("from_oid"); + tcase_add_loop_test(tc, test_hasher_from_oid, 0, 15); + suite_add_tcase(s, tc); + + tc = tcase_create("to_oid"); + tcase_add_loop_test(tc, test_hasher_to_oid, 0, 8); + suite_add_tcase(s, tc); + + tc = tcase_create("sig_to_oid"); + tcase_add_loop_test(tc, test_hasher_sig_to_oid, 7, countof(oids)); + suite_add_tcase(s, tc); + + tc = tcase_create("from_prf"); + tcase_add_loop_test(tc, test_hasher_from_prf, 0, countof(prfs)); + suite_add_tcase(s, tc); + + tc = tcase_create("from_integrity"); + tcase_add_loop_test(tc, test_hasher_from_integrity, 4, countof(auths)); + suite_add_tcase(s, tc); + + tc = tcase_create("to_integrity"); + tcase_add_loop_test(tc, test_hasher_to_integrity, 0, 17); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/tests/test_hashtable.c b/src/libstrongswan/tests/suites/test_hashtable.c index 8cc7bfe42..8cc7bfe42 100644 --- a/src/libstrongswan/tests/test_hashtable.c +++ b/src/libstrongswan/tests/suites/test_hashtable.c diff --git a/src/libstrongswan/tests/test_host.c b/src/libstrongswan/tests/suites/test_host.c index 30b9eb940..30b9eb940 100644 --- a/src/libstrongswan/tests/test_host.c +++ b/src/libstrongswan/tests/suites/test_host.c diff --git a/src/libstrongswan/tests/test_identification.c b/src/libstrongswan/tests/suites/test_identification.c index 1dc6776d1..edf53f0fd 100644 --- a/src/libstrongswan/tests/test_identification.c +++ b/src/libstrongswan/tests/suites/test_identification.c @@ -179,7 +179,7 @@ static struct { START_TEST(test_from_string) { identification_t *a; - chunk_t encoding, expected; + chunk_t encoding, expected = chunk_empty; char *id; id = string_data[_i].id; diff --git a/src/libstrongswan/tests/test_linked_list.c b/src/libstrongswan/tests/suites/test_linked_list.c index 9e85c58d8..922f954e3 100644 --- a/src/libstrongswan/tests/test_linked_list.c +++ b/src/libstrongswan/tests/suites/test_linked_list.c @@ -246,10 +246,10 @@ struct invoke_t { static void invoke(intptr_t item, void *a, void *b, void *c, void *d, int *sum) { - ck_assert(a == (void*)1); - ck_assert(b == (void*)2); - ck_assert(c == (void*)3); - ck_assert(d == (void*)4); + ck_assert_int_eq((uintptr_t)a, 1); + ck_assert_int_eq((uintptr_t)b, 2); + ck_assert_int_eq((uintptr_t)c, 3); + ck_assert_int_eq((uintptr_t)d, 4); *sum += item; } @@ -267,7 +267,9 @@ START_TEST(test_invoke_function) list->insert_last(list, (void*)3); list->insert_last(list, (void*)4); list->insert_last(list, (void*)5); - list->invoke_function(list, (linked_list_invoke_t)invoke, 1, 2, 3, 4, &sum); + list->invoke_function(list, (linked_list_invoke_t)invoke, + (uintptr_t)1, (uintptr_t)2, + (uintptr_t)3, (uintptr_t)4, &sum); ck_assert_int_eq(sum, 15); } END_TEST @@ -287,7 +289,9 @@ START_TEST(test_invoke_offset) { list->insert_last(list, &items[i]); } - list->invoke_offset(list, offsetof(invoke_t, invoke), 1, 2, 3, 4, &sum); + list->invoke_offset(list, offsetof(invoke_t, invoke), + (uintptr_t)1, (uintptr_t)2, + (uintptr_t)3, (uintptr_t)4, &sum); ck_assert_int_eq(sum, 15); } END_TEST @@ -303,7 +307,7 @@ struct clone_t { void *(*clone)(clone_t *item); }; -static void *clone(clone_t *item) +static void *clonefn(clone_t *item) { return item->val; } @@ -326,11 +330,11 @@ START_TEST(test_clone_offset) { linked_list_t *other; clone_t items[] = { - { .val = (void*)1, .clone = clone, }, - { .val = (void*)2, .clone = clone, }, - { .val = (void*)3, .clone = clone, }, - { .val = (void*)4, .clone = clone, }, - { .val = (void*)5, .clone = clone, }, + { .val = (void*)1, .clone = clonefn, }, + { .val = (void*)2, .clone = clonefn, }, + { .val = (void*)3, .clone = clonefn, }, + { .val = (void*)4, .clone = clonefn, }, + { .val = (void*)5, .clone = clonefn, }, }; int i; diff --git a/src/libstrongswan/tests/test_linked_list_enumerator.c b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c index 48d6f40e6..48d6f40e6 100644 --- a/src/libstrongswan/tests/test_linked_list_enumerator.c +++ b/src/libstrongswan/tests/suites/test_linked_list_enumerator.c diff --git a/src/libstrongswan/tests/suites/test_ntru.c b/src/libstrongswan/tests/suites/test_ntru.c new file mode 100644 index 000000000..a46f5742c --- /dev/null +++ b/src/libstrongswan/tests/suites/test_ntru.c @@ -0,0 +1,1042 @@ +/* + * Copyright (C) 2013-2014 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <tests/utils/test_rng.h> +#include <plugins/ntru/ntru_drbg.h> +#include <plugins/ntru/ntru_mgf1.h> +#include <plugins/ntru/ntru_trits.h> +#include <plugins/ntru/ntru_poly.h> +#include <utils/test.h> + +IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*, + u_int32_t strength, chunk_t pers_str, rng_t *entropy) + +IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_mgf1_create, ntru_mgf1_t*, + hash_algorithm_t alg, chunk_t seed, bool hash_seed) + +IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*, + size_t len, hash_algorithm_t alg, chunk_t seed) + +IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*, + hash_algorithm_t alg, chunk_t seed, uint8_t c_bits, + uint16_t N, uint16_t q, uint32_t indices_len_p, + uint32_t indices_len_m, bool is_product_form) + +IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data, ntru_poly_t*, + u_int16_t *data, uint16_t N, uint16_t q, + uint32_t indices_len_p, uint32_t indices_len_m, + bool is_product_form) + +/** + * NTRU parameter sets to test + */ +static struct { + diffie_hellman_group_t group; + char *group_name; +} params[] = { + { NTRU_112_BIT, "NTRU_112" }, + { NTRU_128_BIT, "NTRU_128" }, + { NTRU_192_BIT, "NTRU_192" }, + { NTRU_256_BIT, "NTRU_256" } +}; + +/** + * NTRU parameter set selection + */ +char *parameter_sets[] = { + "x9_98_speed", "x9_98_bandwidth", "x9_98_balance", "optimum" +}; + +typedef struct { + u_int32_t requested; + u_int32_t standard; +}strength_t; + +strength_t strengths[] = { + { 80, 112 }, + { 112, 112 }, + { 120, 128 }, + { 128, 128 }, + { 150, 192 }, + { 192, 192 }, + { 200, 256 }, + { 256, 256 }, + { 512, 0 } +}; + +START_TEST(test_ntru_drbg_strength) +{ + ntru_drbg_t *drbg; + rng_t *entropy; + + entropy = lib->crypto->create_rng(lib->crypto, RNG_STRONG); + ck_assert(entropy != NULL); + + drbg = ntru_drbg_create(strengths[_i].requested, chunk_empty, entropy); + if (strengths[_i].standard) + { + ck_assert(drbg != NULL); + ck_assert(drbg->get_strength(drbg) == strengths[_i].standard); + drbg->destroy(drbg); + } + else + { + ck_assert(drbg == NULL); + } + entropy->destroy(entropy); +} +END_TEST + +typedef struct { + chunk_t pers_str; + chunk_t entropy; + chunk_t out; +} drbg_test_t; + +/** + * NIST SP 800-90A Deterministic Random Generator Validation System (DRBGVS) + */ +drbg_test_t drbg_tests[] = { + /* SHA-256 test case 1 - count 0 */ + { { NULL, 0 }, + chunk_from_chars(0x06, 0x03, 0x2c, 0xd5, 0xee, 0xd3, 0x3f, 0x39, + 0x26, 0x5f, 0x49, 0xec, 0xb1, 0x42, 0xc5, 0x11, + 0xda, 0x9a, 0xff, 0x2a, 0xf7, 0x12, 0x03, 0xbf, + 0xfa, 0xf3, 0x4a, 0x9c, 0xa5, 0xbd, 0x9c, 0x0d, + 0x0e, 0x66, 0xf7, 0x1e, 0xdc, 0x43, 0xe4, 0x2a, + 0x45, 0xad, 0x3c, 0x6f, 0xc6, 0xcd, 0xc4, 0xdf, + 0x01, 0x92, 0x0a, 0x4e, 0x66, 0x9e, 0xd3, 0xa8, + 0x5a, 0xe8, 0xa3, 0x3b, 0x35, 0xa7, 0x4a, 0xd7, + 0xfb, 0x2a, 0x6b, 0xb4, 0xcf, 0x39, 0x5c, 0xe0, + 0x03, 0x34, 0xa9, 0xc9, 0xa5, 0xa5, 0xd5, 0x52), + chunk_from_chars(0x76, 0xfc, 0x79, 0xfe, 0x9b, 0x50, 0xbe, 0xcc, + 0xc9, 0x91, 0xa1, 0x1b, 0x56, 0x35, 0x78, 0x3a, + 0x83, 0x53, 0x6a, 0xdd, 0x03, 0xc1, 0x57, 0xfb, + 0x30, 0x64, 0x5e, 0x61, 0x1c, 0x28, 0x98, 0xbb, + 0x2b, 0x1b, 0xc2, 0x15, 0x00, 0x02, 0x09, 0x20, + 0x8c, 0xd5, 0x06, 0xcb, 0x28, 0xda, 0x2a, 0x51, + 0xbd, 0xb0, 0x38, 0x26, 0xaa, 0xf2, 0xbd, 0x23, + 0x35, 0xd5, 0x76, 0xd5, 0x19, 0x16, 0x08, 0x42, + 0xe7, 0x15, 0x8a, 0xd0, 0x94, 0x9d, 0x1a, 0x9e, + 0xc3, 0xe6, 0x6e, 0xa1, 0xb1, 0xa0, 0x64, 0xb0, + 0x05, 0xde, 0x91, 0x4e, 0xac, 0x2e, 0x9d, 0x4f, + 0x2d, 0x72, 0xa8, 0x61, 0x6a, 0x80, 0x22, 0x54, + 0x22, 0x91, 0x82, 0x50, 0xff, 0x66, 0xa4, 0x1b, + 0xd2, 0xf8, 0x64, 0xa6, 0xa3, 0x8c, 0xc5, 0xb6, + 0x49, 0x9d, 0xc4, 0x3f, 0x7f, 0x2b, 0xd0, 0x9e, + 0x1e, 0x0f, 0x8f, 0x58, 0x85, 0x93, 0x51, 0x24) + }, + /* SHA-256 test case 3 - count 0 */ + { chunk_from_chars(0xf2, 0xe5, 0x8f, 0xe6, 0x0a, 0x3a, 0xfc, 0x59, + 0xda, 0xd3, 0x75, 0x95, 0x41, 0x5f, 0xfd, 0x31, + 0x8c, 0xcf, 0x69, 0xd6, 0x77, 0x80, 0xf6, 0xfa, + 0x07, 0x97, 0xdc, 0x9a, 0xa4, 0x3e, 0x14, 0x4c), + chunk_from_chars(0xfa, 0x0e, 0xe1, 0xfe, 0x39, 0xc7, 0xc3, 0x90, + 0xaa, 0x94, 0x15, 0x9d, 0x0d, 0xe9, 0x75, 0x64, + 0x34, 0x2b, 0x59, 0x17, 0x77, 0xf3, 0xe5, 0xf6, + 0xa4, 0xba, 0x2a, 0xea, 0x34, 0x2e, 0xc8, 0x40, + 0xdd, 0x08, 0x20, 0x65, 0x5c, 0xb2, 0xff, 0xdb, + 0x0d, 0xa9, 0xe9, 0x31, 0x0a, 0x67, 0xc9, 0xe5, + 0xe0, 0x62, 0x9b, 0x6d, 0x79, 0x75, 0xdd, 0xfa, + 0x96, 0xa3, 0x99, 0x64, 0x87, 0x40, 0xe6, 0x0f, + 0x1f, 0x95, 0x57, 0xdc, 0x58, 0xb3, 0xd7, 0x41, + 0x5f, 0x9b, 0xa9, 0xd4, 0xdb, 0xb5, 0x01, 0xf6), + chunk_from_chars(0xf9, 0x2d, 0x4c, 0xf9, 0x9a, 0x53, 0x5b, 0x20, + 0x22, 0x2a, 0x52, 0xa6, 0x8d, 0xb0, 0x4c, 0x5a, + 0xf6, 0xf5, 0xff, 0xc7, 0xb6, 0x6a, 0x47, 0x3a, + 0x37, 0xa2, 0x56, 0xbd, 0x8d, 0x29, 0x8f, 0x9b, + 0x4a, 0xa4, 0xaf, 0x7e, 0x8d, 0x18, 0x1e, 0x02, + 0x36, 0x79, 0x03, 0xf9, 0x3b, 0xdb, 0x74, 0x4c, + 0x6c, 0x2f, 0x3f, 0x34, 0x72, 0x62, 0x6b, 0x40, + 0xce, 0x9b, 0xd6, 0xa7, 0x0e, 0x7b, 0x8f, 0x93, + 0x99, 0x2a, 0x16, 0xa7, 0x6f, 0xab, 0x6b, 0x5f, + 0x16, 0x25, 0x68, 0xe0, 0x8e, 0xe6, 0xc3, 0xe8, + 0x04, 0xae, 0xfd, 0x95, 0x2d, 0xdd, 0x3a, 0xcb, + 0x79, 0x1c, 0x50, 0xf2, 0xad, 0x69, 0xe9, 0xa0, + 0x40, 0x28, 0xa0, 0x6a, 0x9c, 0x01, 0xd3, 0xa6, + 0x2a, 0xca, 0x2a, 0xaf, 0x6e, 0xfe, 0x69, 0xed, + 0x97, 0xa0, 0x16, 0x21, 0x3a, 0x2d, 0xd6, 0x42, + 0xb4, 0x88, 0x67, 0x64, 0x07, 0x2d, 0x9c, 0xbe) + }, + /* SHA-256 test case 5 - count 0 */ + { { NULL, 0 }, + chunk_from_chars(0xff, 0x0c, 0xdd, 0x55, 0x5c, 0x60, 0x46, 0x47, + 0x60, 0xb2, 0x89, 0xb7, 0xbc, 0x1f, 0x81, 0x1a, + 0x41, 0xff, 0xf7, 0x2d, 0xe5, 0x90, 0x83, 0x85, + 0x8c, 0x02, 0x0a, 0x10, 0x53, 0xbd, 0xc7, 0x4a, + 0x7b, 0xc0, 0x99, 0x28, 0x5a, 0xd5, 0x62, 0x19, + 0x93, 0xb6, 0x39, 0xc4, 0xa9, 0x4c, 0x37, 0x6b, + 0x14, 0xfc, 0x6c, 0x9b, 0x17, 0x8d, 0xb6, 0x44, + 0xa8, 0xcd, 0x71, 0x30, 0xa4, 0xcf, 0x05, 0x16, + 0x78, 0xc8, 0xf4, 0xfa, 0x8f, 0x24, 0xc2, 0x7b, + 0x0a, 0x53, 0x13, 0x38, 0xa5, 0xce, 0x85, 0x89), + chunk_from_chars(0x2f, 0x26, 0x20, 0x34, 0x7b, 0xdd, 0xca, 0xa2, + 0x94, 0x36, 0x85, 0x34, 0x6b, 0xbf, 0x31, 0xc4, + 0x40, 0x81, 0xf8, 0x66, 0x5f, 0x3d, 0xdb, 0x2b, + 0x42, 0xae, 0x14, 0x16, 0xa7, 0x4c, 0x4b, 0x77, + 0xfa, 0xb3, 0xfa, 0x19, 0xae, 0xec, 0xc5, 0x47, + 0xe7, 0x6c, 0x8c, 0xbe, 0x6a, 0xd1, 0xf1, 0x00, + 0xa3, 0xfc, 0x8b, 0x2c, 0xe2, 0xa1, 0xea, 0x3a, + 0x3d, 0xd7, 0xcf, 0xad, 0x46, 0xc1, 0xb2, 0x78, + 0x30, 0xb9, 0x40, 0xba, 0x18, 0xd0, 0x9e, 0x9b, + 0x7f, 0xa9, 0x02, 0xbb, 0x76, 0x06, 0x69, 0xb1, + 0x73, 0x5c, 0xc7, 0xb7, 0xbd, 0x39, 0x05, 0x2d, + 0xa7, 0xf2, 0x62, 0x6f, 0xa8, 0x70, 0x00, 0xcf, + 0xfa, 0xda, 0x41, 0x00, 0x19, 0xd0, 0x53, 0x38, + 0x6a, 0xd8, 0x08, 0xbd, 0x3c, 0x0c, 0xfc, 0xf5, + 0x6b, 0x91, 0x87, 0x9e, 0xb8, 0xd3, 0xf9, 0x32, + 0xee, 0x2d, 0x18, 0x5e, 0x54, 0xf3, 0x1b, 0x74) + }, + /* SHA-256 test case 7 - count 0 */ + { chunk_from_chars(0x40, 0x93, 0x3f, 0xdc, 0xce, 0x41, 0x59, 0xb0, + 0x95, 0x51, 0x11, 0xf8, 0x44, 0x47, 0x1b, 0x0d, + 0xb8, 0x5b, 0x73, 0xbd, 0xd2, 0xb7, 0x8c, 0x46, + 0x8d, 0xd3, 0x9e, 0x2a, 0x9b, 0x29, 0xae, 0xf2), + chunk_from_chars(0x28, 0xba, 0x1a, 0x66, 0x16, 0x32, 0xef, 0xc8, + 0xec, 0xce, 0xd5, 0xf5, 0x1b, 0x79, 0x13, 0x00, + 0xfb, 0x3b, 0x55, 0xb0, 0x5d, 0x04, 0x17, 0x08, + 0x63, 0x8d, 0xe4, 0xbe, 0xb7, 0x57, 0xa9, 0xe5, + 0x76, 0x82, 0x87, 0x96, 0xaf, 0xf0, 0x7f, 0x55, + 0x79, 0x5c, 0xb5, 0x47, 0x13, 0xc7, 0x7e, 0xd4, + 0xa5, 0xf5, 0x42, 0xb0, 0x4a, 0xaa, 0x5d, 0xbc, + 0x93, 0x1e, 0x47, 0x01, 0x9f, 0xeb, 0x38, 0x96, + 0x26, 0x16, 0xc5, 0x7a, 0xf0, 0x9b, 0x7c, 0x1d, + 0xf8, 0x3f, 0x2b, 0x86, 0x0f, 0xf7, 0x65, 0x86), + chunk_from_chars(0x65, 0xe5, 0xaa, 0x47, 0xb3, 0x85, 0xf1, 0xea, + 0x42, 0xb2, 0x31, 0xb9, 0xfe, 0x74, 0x42, 0x53, + 0xb8, 0x59, 0x88, 0x59, 0xd7, 0x01, 0x1e, 0x52, + 0x5f, 0x5a, 0x2a, 0x1a, 0xd3, 0x2a, 0x97, 0x2a, + 0x85, 0x08, 0x02, 0xc6, 0x0a, 0x2b, 0xe1, 0x9b, + 0xe2, 0x70, 0x06, 0x3a, 0x3c, 0xfb, 0xea, 0xae, + 0x95, 0x4f, 0x10, 0xb1, 0x22, 0x35, 0x2d, 0xe6, + 0xa0, 0x8a, 0xc4, 0x10, 0xe0, 0x99, 0x16, 0x53, + 0xaa, 0xb2, 0x71, 0xb3, 0x60, 0xfe, 0x91, 0x91, + 0xcf, 0x5a, 0xdd, 0xcc, 0xcc, 0xed, 0x8c, 0x4a, + 0xcf, 0xb6, 0x14, 0x57, 0x04, 0x99, 0x92, 0x98, + 0x8f, 0xd7, 0xa9, 0xac, 0xca, 0x1f, 0x1b, 0xca, + 0x35, 0xf1, 0x47, 0x58, 0x13, 0x69, 0x4a, 0x39, + 0x98, 0x8e, 0x5f, 0xac, 0x9f, 0x4a, 0xc0, 0x57, + 0x22, 0x86, 0xbc, 0x46, 0x25, 0x82, 0xad, 0x0a, + 0xf7, 0x8a, 0xb3, 0xb8, 0x5e, 0xc1, 0x7a, 0x25) + } +}; + +START_TEST(test_ntru_drbg) +{ + ntru_drbg_t *drbg; + rng_t *entropy; + chunk_t out; + + out = chunk_alloc(128); + entropy = test_rng_create(drbg_tests[_i].entropy); + drbg = ntru_drbg_create(256, drbg_tests[_i].pers_str, entropy); + ck_assert(drbg != NULL); + ck_assert(drbg->reseed(drbg)); + ck_assert(drbg->generate(drbg, 256, 128, out.ptr)); + ck_assert(drbg->generate(drbg, 256, 128, out.ptr)); + ck_assert(chunk_equals(out, drbg_tests[_i].out)); + drbg->destroy(drbg); + entropy->destroy(entropy); + chunk_free(&out); +} +END_TEST + +START_TEST(test_ntru_drbg_reseed) +{ + ntru_drbg_t *drbg; + rng_t *entropy; + chunk_t out; + + lib->settings->set_int(lib->settings, + "libstrongswan.plugins.ntru.max_drbg_requests", 2); + out = chunk_alloc(128); + entropy = test_rng_create(drbg_tests[0].entropy); + drbg = ntru_drbg_create(256, chunk_empty, entropy); + + /* bad output parameters */ + ck_assert(!drbg->generate(drbg, 256, 0, out.ptr)); + ck_assert(!drbg->generate(drbg, 256, 128, NULL)); + + /* no reseeding occurs */ + ck_assert(drbg->generate(drbg, 256, 128, out.ptr)); + ck_assert(drbg->generate(drbg, 256, 128, out.ptr)); + + /* consuming remaining entropy */ + ck_assert(entropy->get_bytes(entropy, 32, out.ptr)); + + /* no entropy available for automatic reseeding */ + ck_assert(!drbg->generate(drbg, 256, 128, out.ptr)); + drbg->destroy(drbg); + + /* no entropy available for DRBG instantiation */ + drbg = ntru_drbg_create(256, chunk_empty, entropy); + ck_assert(drbg == NULL); + entropy->destroy(entropy); + + /* one automatic reseeding occurs */ + entropy = test_rng_create(drbg_tests[0].entropy); + drbg = ntru_drbg_create(256, chunk_empty, entropy); + ck_assert(drbg->generate(drbg, 256, 128, out.ptr)); + ck_assert(drbg->generate(drbg, 256, 128, out.ptr)); + ck_assert(drbg->generate(drbg, 256, 128, out.ptr)); + + /* no entropy left */ + ck_assert(!entropy->get_bytes(entropy, 32, out.ptr)); + + drbg->destroy(drbg); + entropy->destroy(entropy); + chunk_free(&out); + lib->settings->set_int(lib->settings, + "libstrongswan.plugins.ntru.max_drbg_requests", 2000); +} +END_TEST + +typedef struct { + uint8_t c_bits; + uint16_t N; + uint16_t q; + bool is_product_form; + uint32_t indices_len; + uint32_t indices_size; + uint16_t *indices; +} poly_test_t; + +typedef struct { + hash_algorithm_t alg; + size_t hash_size; + size_t ml1, ml2, ml3, seed_len; + chunk_t seed; + chunk_t hashed_seed; + chunk_t mask; + chunk_t trits; + poly_test_t poly_test[2]; +} mgf1_test_t; + +uint16_t indices_ees439ep1[] = { + 367, 413, 16, 214, 114, 128, 42, 268, 346, 329, 119, 303, 208, 287, 150, + 3, 45, 321, 110, 109, 272, 430, 80, 305, 51, 381, 322, 140, 207, 315, + 206, 186, 56, 5, 273, 177, 44, 100, 205, 210, 98, 191, 8, 336 +}; + +uint16_t indices_ees613ep1[] = { + 245, 391, 251, 428, 301, 2, 176, 296, 461, 224, 590, 215, 250, 91, 395, + 363, 58, 537, 278, 291, 247, 33, 140, 447, 172, 514, 424, 412, 95, 94, + 281, 159, 196, 302, 277, 63, 404, 150, 608, 315, 195, 334, 207, 376, 398, + 0, 309, 486, 516, 86, 267, 139, 130, 38, 141, 258, 21, 341, 526, 388, + 194, 116, 138, 524, 547, 383, 542, 406, 270, 438, 240, 445, 527, 168, 320, + 186, 327, 212, 543, 82, 606, 131, 294, 392, 477, 430, 583, 142, 253, 434, + 134, 458, 559, 414, 162, 407, 580, 577, 191, 109, 554, 523, 32, 62, 297, + 283, 268, 54, 539, 5 +}; + +uint16_t indices_ees743ep1[] = { + 285, 62, 136, 655, 460, 35, 450, 208, 340, 212, 61, 234, 454, 52, 520, + 399, 315, 616, 496, 88, 280, 543, 508, 237, 553, 39, 214, 253, 720, 291, + 586, 615, 635, 596, 62, 499, 301, 176, 271, 659, 372, 185, 621, 350, 683, + 180, 717, 509, 641, 738, 666, 171, 639, 606, 353, 706, 237, 358, 410, 423, + 197, 501, 261, 654, 658, 701, 377, 182, 548, 287, 700, 403, 248, 137 +}; + +uint16_t indices_ees1171ep1[] = { + 514, 702, 760, 505, 262, 486, 695, 783, 533, 74, 403, 847, 170,1019, 568, + 676,1057, 277,1021, 238, 203, 884, 124, 87, 65, 93, 131, 881,1102, 133, + 459, 462, 92, 40, 5,1152,1158, 297, 599, 299, 7, 458, 347, 343, 173, + 1044, 264, 871, 819, 679, 328, 438, 990, 982, 308,1135, 423, 470, 254, 295, + 1029, 892, 759, 789, 123, 939, 749, 353,1062, 145, 562, 337, 550, 102, 549, + 821,1098, 823, 96, 365, 135,1110, 334, 391, 638, 963, 962,1002,1069, 993, + 983, 649,1056, 399, 385, 715, 582, 799, 161, 512, 629, 979, 250, 37, 213, + 929, 413, 566, 336, 727, 160, 616,1170, 748, 282,1115, 325, 994, 189, 500, + 913, 332,1118, 753, 946, 775, 59, 809, 782, 612, 909,1090, 223, 777, 940, + 866,1032, 471, 298, 969, 192, 411, 721, 476, 910,1045,1027, 812, 352, 487, + 215, 625, 808, 230, 602, 457, 900, 416, 985, 850, 908, 155, 670, 669,1054, + 400,1126, 733, 647, 786, 195, 148, 362,1094, 389,1086,1166, 231, 436, 210, + 333, 824, 785, 826, 658, 472, 639,1046,1028, 519, 422, 80, 924,1089, 547, + 1157, 579, 2, 508,1040, 998, 902,1058, 600, 220, 805, 945, 140,1117, 179, + 536, 191 +}; + +/** + * MGF1 Mask Generation Function Test Vectors + */ +mgf1_test_t mgf1_tests[] = { + { HASH_SHA1, 20, 60, 20, 15, 24, + chunk_from_chars( + 0xED, 0xA5, 0xC3, 0xBC, 0xAF, 0xB3, 0x20, 0x7D, + 0x14, 0xA1, 0x54, 0xF7, 0x8B, 0x37, 0xF2, 0x8D, + 0x8C, 0x9B, 0xD5, 0x63, 0x57, 0x38, 0x11, 0xC2, + 0xB5, 0xCA, 0xBF, 0x06, 0x43, 0x45, 0x19, 0xD5, + 0xE7, 0x36, 0xD0, 0x29, 0x21, 0xDA, 0x02, 0x20, + 0x45, 0xF6, 0x5F, 0x0F, 0x10, 0x04, 0x2A, 0xE3, + 0x6A, 0x1D, 0xD5, 0x9F, 0x1D, 0x66, 0x44, 0x8F, + 0xFA, 0xC6, 0xCA, 0xA4, 0x6E, 0x3B, 0x00, 0x66, + 0xA6, 0xC9, 0x80, 0x5C, 0xF5, 0x2D, 0xD7, 0x72, + 0xC6, 0xD4, 0x4F, 0x30, 0x72, 0xA2, 0xAD, 0xE0, + 0x33, 0xE8, 0x55, 0xD5, 0xE6, 0xD6, 0x00, 0x1D, + 0xA8, 0x68, 0xFF, 0x97, 0x36, 0x8A, 0xF4, 0xD6, + 0xF1, 0xB6, 0x7E, 0x1F, 0x06, 0xCB, 0x57, 0xCB, + 0x35, 0x38, 0xF2, 0x2D, 0xF6, 0x20), + chunk_from_chars( + 0xF3, 0x9B, 0x0B, 0xB4, 0x97, 0x50, 0xB5, 0xA7, + 0xE6, 0xBD, 0xDA, 0xD0, 0x9A, 0x52, 0xBE, 0xA0, + 0x21, 0xC4, 0x90, 0xB6), + chunk_from_chars( + 0x10, 0x43, 0x76, 0x72, 0x6C, 0xDE, 0xA0, 0x0E, + 0x77, 0x51, 0xFB, 0x58, 0x39, 0x8A, 0x36, 0xE1, + 0x63, 0x2B, 0xC9, 0x17, 0x56, 0x0C, 0x4B, 0x46, + 0xA4, 0x07, 0xA4, 0x3B, 0x8E, 0x33, 0x4D, 0xD1, + 0x65, 0xF1, 0xAC, 0xC8, 0x59, 0x21, 0x32, 0x16, + 0x44, 0x2B, 0x7F, 0xB2, 0xA8, 0xA7, 0x26, 0x5D, + 0xE8, 0x02, 0xBE, 0x8E, 0xDC, 0x34, 0xEB, 0x10, + 0x76, 0x16, 0x8C, 0xDD, 0x90, 0x92, 0x3D, 0x29, + 0x90, 0x98, 0x46, 0x11, 0x73, 0x53, 0x47, 0xB1, + 0x2C, 0xD4, 0x83, 0x78, 0x9B, 0x93, 0x2F, 0x5B, + 0xFC, 0x26, 0xFF, 0x42, 0x08, 0x1F, 0x70, 0x66, + 0x40, 0x4B, 0xE7, 0x22, 0x3A, 0x56, 0x10, 0x6D, + 0x4D, 0x29, 0x0B, 0xCE, 0xA6, 0x21, 0xB5, 0x5C, + 0x71, 0x66, 0x2F, 0x70, 0x35, 0xD8, 0x8A, 0x92, + 0x33, 0xF0, 0x16, 0xD4, 0x0E, 0x43, 0x8A, 0x14), + chunk_from_chars( + 1, 2, 1, 0, 0, 1, 1, 1, 2, 0, 1, 0, 1, 1, 1, 0, 2, 0, 1, 1, + 0, 0, 0, 1, 1, 0, 2, 0, 2, 2, 1, 2, 2, 2, 1, 2, 1, 1, 0, 0, + 2, 0, 1, 1, 1, 0, 0, 0, 0, 1, 1, 2, 0, 0, 1, 0, 1, 0, 2, 0, + 0, 1, 0, 2, 1, 0, 0, 0, 2, 0, 0, 0, 1, 2, 2, 0, 0, 2, 0, 1, + 1, 2, 1, 1, 0, 0, 1, 1, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 0, 1, + 0, 1, 1, 0, 0, 0, 1, 2, 2, 0, 1, 2, 1, 2, 0, 2, 0, 0, 0, 2, + 1, 2, 0, 0, 0, 2, 0, 0, 0, 2, 2, 1, 0, 2, 0, 1, 2, 0, 2, 1, + 0, 2, 2, 1, 0, 2, 1, 2, 2, 0, 2, 0, 2, 1, 2, 2, 0, 2, 0, 1, + 1, 2, 2, 2, 2, 1, 0, 1, 0, 2, 2, 0, 1, 1, 2, 2, 2, 0, 0, 1, + 0, 2, 0, 1, 0, 2, 1, 2, 1, 0, 1, 1, 2, 0, 0, 2, 1, 1, 2, 0, + 1, 2, 1, 1, 0, 1, 0, 2, 1, 1, 1, 2, 1, 0, 2, 0, 2, 0, 0, 2, + 2, 1, 0, 0, 2, 2, 0, 1, 1, 0, 0, 1, 1, 0, 1, 1, 2, 1, 2, 2, + 2, 0, 0, 0, 0, 1, 0, 0, 1, 2, 1, 2, 0, 2, 1, 1, 1, 0, 2, 2, + 1, 2, 2, 1, 0, 1, 0, 2, 2, 2, 1, 2, 1, 0, 0, 1, 0, 1, 1, 1, + 1, 1, 2, 0, 0, 2, 1, 0, 2, 1, 2, 1, 0, 2, 2, 0, 0, 1, 2, 1, + 2, 0, 1, 2, 1, 1, 2, 0, 2, 0, 2, 1, 1, 1, 0, 0, 0, 1, 2, 1, + 2, 2, 1, 2, 1, 1, 2, 1, 2, 0, 2, 2, 1, 0, 0, 1, 2, 0, 1, 1, + 2, 0, 0, 0, 1, 2, 2, 1, 2, 0, 0, 2, 1, 0, 2, 2, 2, 1, 1, 0, + 2, 1, 2, 1, 2, 2, 1, 2, 1, 1, 0, 1, 1, 1, 1, 2, 0, 2, 2, 1, + 0, 1, 1, 2, 1, 2, 0, 2, 1, 0, 1, 0, 1, 0, 1, 2, 0, 1, 1, 0, + 0, 1, 1, 2, 0, 2, 2, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 0, 1, 1, + 0, 1, 2, 0, 1, 1, 0, 1, 2, 0, 0, 1, 2, 2, 0, 0, 2, 1, 2), + { + { 9, 439, 2048, TRUE, 9 + (8 << 8) + (5 << 16), + countof(indices_ees439ep1), indices_ees439ep1 + }, + { 11, 613, 2048, FALSE, 55, + countof(indices_ees613ep1), indices_ees613ep1 + } + } + }, + { HASH_SHA256, 32, 64, 32, 33, 40, + chunk_from_chars( + 0x52, 0xC5, 0xDD, 0x1E, 0xEF, 0x76, 0x1B, 0x53, + 0x08, 0xE4, 0x86, 0x3F, 0x91, 0x12, 0x98, 0x69, + 0xC5, 0x9D, 0xDE, 0xF6, 0xFC, 0xFA, 0x93, 0xCE, + 0x32, 0x52, 0x66, 0xF9, 0xC9, 0x97, 0xF6, 0x42, + 0x00, 0x2C, 0x64, 0xED, 0x1A, 0x6B, 0x14, 0x0A, + 0x4B, 0x04, 0xCF, 0x6D, 0x2D, 0x82, 0x0A, 0x07, + 0xA2, 0x3B, 0xDE, 0xCE, 0x19, 0x8A, 0x39, 0x43, + 0x16, 0x61, 0x29, 0x98, 0x68, 0xEA, 0xE5, 0xCC, + 0x0A, 0xF8, 0xE9, 0x71, 0x26, 0xF1, 0x07, 0x36, + 0x2C, 0x07, 0x1E, 0xEB, 0xE4, 0x28, 0xA2, 0xF4, + 0xA8, 0x12, 0xC0, 0xC8, 0x20, 0x37, 0xF8, 0xF2, + 0x6C, 0xAF, 0xDC, 0x6F, 0x2E, 0xD0, 0x62, 0x58, + 0xD2, 0x37, 0x03, 0x6D, 0xFA, 0x6E, 0x1A, 0xAC, + 0x9F, 0xCA, 0x56, 0xC6, 0xA4, 0x52, 0x41, 0xE8, + 0x0F, 0x1B, 0x0C, 0xB9, 0xE6, 0xBA, 0xDE, 0xE1, + 0x03, 0x5E, 0xC2, 0xE5, 0xF8, 0xF4, 0xF3, 0x46, + 0x3A, 0x12, 0xC0, 0x1F, 0x3A, 0x00, 0xD0, 0x91, + 0x18, 0xDD, 0x53, 0xE4, 0x22, 0xF5, 0x26, 0xA4, + 0x54, 0xEE, 0x20, 0xF0, 0x80), + chunk_from_chars( + 0x76, 0x89, 0x8B, 0x1B, 0x60, 0xEC, 0x10, 0x9D, + 0x8F, 0x13, 0xF2, 0xFE, 0xD9, 0x85, 0xC1, 0xAB, + 0x7E, 0xEE, 0xB1, 0x31, 0xDD, 0xF7, 0x7F, 0x0C, + 0x7D, 0xF9, 0x6B, 0x7B, 0x19, 0x80, 0xBD, 0x28), + chunk_from_chars( + 0xF1, 0x19, 0x02, 0x4F, 0xDA, 0x58, 0x05, 0x9A, + 0x07, 0xDF, 0x61, 0x81, 0x22, 0x0E, 0x15, 0x46, + 0xCB, 0x35, 0x3C, 0xDC, 0xAD, 0x20, 0xD9, 0x3F, + 0x0D, 0xD1, 0xAA, 0x64, 0x66, 0x5C, 0xFA, 0x4A, + 0xFE, 0xD6, 0x8F, 0x55, 0x57, 0x15, 0xB2, 0xA6, + 0xA0, 0xE6, 0xA8, 0xC6, 0xBD, 0x28, 0xB4, 0xD5, + 0x6E, 0x5B, 0x4B, 0xB0, 0x97, 0x09, 0xF5, 0xAC, + 0x57, 0x65, 0x13, 0x97, 0x71, 0x2C, 0x45, 0x13, + 0x3D, 0xEE, 0xFB, 0xBF, 0xFE, 0xAF, 0xBB, 0x4B, + 0x0D, 0x5C, 0x45, 0xD4, 0x2F, 0x17, 0x92, 0x07, + 0x66, 0x11, 0xF5, 0x46, 0xF8, 0x0C, 0x03, 0x92, + 0xF5, 0xF5, 0xFF, 0xA4, 0xF3, 0x52, 0xF4, 0x08, + 0x2C, 0x49, 0x32, 0x1A, 0x93, 0x51, 0x98, 0xB6, + 0x94, 0x83, 0x39, 0xCF, 0x6B, 0x1F, 0x2F, 0xFC, + 0x2B, 0xFF, 0x10, 0x71, 0x7D, 0x35, 0x6C, 0xEA, + 0xC5, 0x66, 0xC7, 0x26, 0x7D, 0x9E, 0xAC, 0xDD, + 0x35, 0xD7, 0x06, 0x3F, 0x40, 0x82, 0xDA, 0xC3, + 0x2B, 0x3C, 0x91, 0x3A, 0x32, 0xF8, 0xB2, 0xC6, + 0x44, 0x4D, 0xCD, 0xB6, 0x54, 0x5F, 0x81, 0x95, + 0x59, 0xA1, 0xE5, 0x4E, 0xA5, 0x0A, 0x4A, 0x42), + chunk_from_chars( + 1, 2, 2, 2, 2, 1, 2, 2, 0, 0, 2, 0, 0, 0, 0, 1, 2, 2, 2, 0, + 2, 0, 0, 2, 2, 1, 2, 0, 0, 1, 2, 1, 0, 0, 0, 1, 0, 2, 2, 1, + 1, 2, 0, 0, 0, 1, 2, 0, 2, 2, 1, 2, 1, 0, 1, 0, 1, 2, 1, 1, + 1, 2, 0, 1, 0, 2, 1, 1, 0, 0, 0, 1, 2, 0, 0, 1, 2, 1, 2, 0, + 2, 1, 1, 1, 2, 2, 2, 2, 1, 0, 0, 2, 0, 2, 0, 1, 1, 0, 2, 2, + 2, 0, 1, 0, 2, 2, 1, 0, 1, 0, 1, 0, 0, 2, 2, 0, 0, 1, 2, 0, + 1, 1, 1, 0, 0, 2, 0, 2, 1, 2, 2, 2, 0, 0, 2, 1, 0, 2, 0, 1, + 0, 1, 2, 0, 1, 2, 0, 1, 0, 1, 2, 0, 2, 2, 0, 1, 2, 2, 1, 2, + 2, 2, 0, 2, 1, 1, 1, 0, 0, 1, 0, 2, 0, 0, 1, 0, 1, 2, 0, 0, + 1, 2, 1, 0, 2, 1, 1, 0, 0, 2, 1, 2, 2, 2, 1, 2, 1, 1, 2, 2, + 0, 2, 0, 0, 2, 0, 0, 1, 1, 2, 0, 0, 0, 1, 2, 1, 1, 1, 1, 0, + 0, 0, 2, 0, 2, 0, 2, 2, 1, 2, 2, 0, 0, 1, 1, 1, 0, 1, 0, 1, + 0, 1, 2, 2, 0, 2, 1, 1, 0, 2, 1, 2, 1, 2, 1, 0, 0, 1, 0, 0, + 1, 0, 1, 0, 2, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 0, 2, 0, 0, + 1, 2, 1, 2, 1, 2, 1, 0, 1, 1, 2, 2, 1, 1, 0, 0, 2, 1, 2, 0, + 1, 0, 2, 0, 0, 1, 2, 0, 2, 0, 1, 1, 2, 2, 2, 2, 0, 0, 1, 2, + 1, 1, 1, 0, 2, 1, 2, 2, 0, 2, 0, 1, 2, 2, 0, 1, 1, 1, 0, 0, + 2, 0, 1, 0, 1, 0, 2, 1, 2, 0, 2, 1, 2, 1, 2, 2, 0, 2, 1, 0, + 2, 1, 2, 0, 0, 2, 0, 1, 2, 1, 1, 2, 0, 0, 0, 0, 1, 2, 0, 1, + 2, 2, 1, 0, 0, 1, 2, 1, 2, 0, 0, 1, 1, 0, 0, 0, 1, 0, 0, 0, + 2, 0, 1, 2, 1, 2, 0, 0, 0, 2, 1, 0, 0, 0, 1, 2, 2, 0, 0, 0, + 2, 2, 1, 1, 0, 1, 0, 2, 2, 0, 2, 1, 2, 1, 0, 2, 2, 2, 0, 0, + 0, 1, 1, 2, 1, 0, 0, 0, 0, 1, 2, 2, 1, 2, 1, 2, 0, 2, 0, 2, + 1, 1, 1, 2, 1, 2, 1, 2, 1, 1, 0, 1, 0, 2, 0, 0, 0, 2, 1, 2, + 2, 2, 2, 0, 1, 1, 1, 0, 1, 0, 2, 0, 2, 1, 0, 1, 2, 1, 1, 0, + 1, 2, 1, 0, 0, 2, 1, 0, 1, 1, 2, 2, 1, 1, 1, 2, 2, 2, 1, 0, + 0, 0, 0, 1, 1, 0, 0, 2, 2, 2, 2, 2, 0, 1, 2, 0, 1, 2, 0, 1, + 1, 0, 1, 1, 2, 2, 0, 1, 1, 0, 2, 2, 1, 1, 1, 2, 1, 2, 2, 1, + 1, 0, 1, 0, 2, 2, 1, 0, 2, 2, 2, 2, 2, 1, 0, 2, 2, 2, 1, 2, + 0, 2, 0, 0, 0, 0, 0, 1, 2, 0, 1, 0, 1), + { + { 13, 743, 2048, TRUE, 11 + (11 << 8) + (15 << 16), + countof(indices_ees743ep1), indices_ees743ep1 + }, + { 12, 1171, 2048, FALSE, 106, + countof(indices_ees1171ep1), indices_ees1171ep1 + } + } + } +}; + +START_TEST(test_ntru_mgf1) +{ + ntru_mgf1_t *mgf1; + chunk_t mask, mask1, mask2, mask3; + + mask1 = mgf1_tests[_i].mask; + mask2 = chunk_skip(mask1, mgf1_tests[_i].ml1); + mask3 = chunk_skip(mask2, mgf1_tests[_i].ml2); + mask1.len = mgf1_tests[_i].ml1; + mask2.len = mgf1_tests[_i].ml2; + mask3.len = mgf1_tests[_i].ml3; + + mgf1 = ntru_mgf1_create(HASH_UNKNOWN, mgf1_tests[_i].seed, TRUE); + ck_assert(mgf1 == NULL); + + mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, chunk_empty, TRUE); + ck_assert(mgf1 == NULL); + + /* return mask in allocated chunk */ + mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE); + ck_assert(mgf1); + + /* check hash size */ + ck_assert(mgf1->get_hash_size(mgf1) == mgf1_tests[_i].hash_size); + + /* get zero number of octets */ + ck_assert(mgf1->allocate_mask(mgf1, 0, &mask)); + ck_assert(mask.len == 0 && mask.ptr == NULL); + + /* get non-zero number of octets */ + ck_assert(mgf1->allocate_mask(mgf1, mgf1_tests[_i].mask.len, &mask)); + ck_assert(chunk_equals(mask, mgf1_tests[_i].mask)); + mgf1->destroy(mgf1); + + /* copy mask to pre-allocated buffer */ + mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].seed, TRUE); + ck_assert(mgf1); + ck_assert(mgf1->get_mask(mgf1, mgf1_tests[_i].mask.len, mask.ptr)); + ck_assert(chunk_equals(mask, mgf1_tests[_i].mask)); + mgf1->destroy(mgf1); + + /* get mask in batches without hashing the seed */ + mgf1 = ntru_mgf1_create(mgf1_tests[_i].alg, mgf1_tests[_i].hashed_seed, FALSE); + ck_assert(mgf1); + + /* first batch */ + ck_assert(mgf1->get_mask(mgf1, mask1.len, mask.ptr)); + mask.len = mask1.len; + ck_assert(chunk_equals(mask, mask1)); + + /* second batch */ + ck_assert(mgf1->get_mask(mgf1, mask2.len, mask.ptr)); + mask.len = mask2.len; + ck_assert(chunk_equals(mask, mask2)); + + /* third batch */ + ck_assert(mgf1->get_mask(mgf1, mask3.len, mask.ptr)); + mask.len = mask3.len; + ck_assert(chunk_equals(mask, mask3)); + + mgf1->destroy(mgf1); + chunk_free(&mask); +} +END_TEST + +START_TEST(test_ntru_trits) +{ + ntru_trits_t *mask; + chunk_t trits; + + mask = ntru_trits_create(mgf1_tests[_i].trits.len, HASH_UNKNOWN, + mgf1_tests[_i].seed); + ck_assert(mask == NULL); + + mask = ntru_trits_create(mgf1_tests[_i].trits.len, mgf1_tests[_i].alg, + chunk_empty); + ck_assert(mask == NULL); + + mask = ntru_trits_create(mgf1_tests[_i].trits.len, mgf1_tests[_i].alg, + mgf1_tests[_i].seed); + ck_assert(mask); + + trits = chunk_create(mask->get_trits(mask), mask->get_size(mask)); + ck_assert(chunk_equals(trits, mgf1_tests[_i].trits)); + mask->destroy(mask); + + /* generate a multiple of 5 trits */ + mask = ntru_trits_create(10, mgf1_tests[_i].alg, mgf1_tests[_i].seed); + ck_assert(mask); + + trits = chunk_create(mask->get_trits(mask), mask->get_size(mask)); + ck_assert(chunk_equals(trits, chunk_create(mgf1_tests[_i].trits.ptr, 10))); + mask->destroy(mask); +} +END_TEST + +START_TEST(test_ntru_poly) +{ + ntru_poly_t *poly; + uint16_t *indices; + chunk_t seed; + poly_test_t *p; + int j, n; + + seed = mgf1_tests[_i].seed; + seed.len = mgf1_tests[_i].seed_len; + + p = &mgf1_tests[_i].poly_test[0]; + poly = ntru_poly_create_from_seed(HASH_UNKNOWN, seed, p->c_bits, p->N, p->q, + p->indices_len, p->indices_len, + p->is_product_form); + ck_assert(poly == NULL); + + for (n = 0; n < 2; n++) + { + p = &mgf1_tests[_i].poly_test[n]; + poly = ntru_poly_create_from_seed(mgf1_tests[_i].alg, seed, p->c_bits, + p->N, p->q, p->indices_len, + p->indices_len, p->is_product_form); + ck_assert(poly != NULL && poly->get_size(poly) == p->indices_size); + + indices = poly->get_indices(poly); + for (j = 0; j < p->indices_size; j++) + { + ck_assert(indices[j] == p->indices[j]); + } + poly->destroy(poly); + } +} +END_TEST + +typedef struct { + uint16_t N; + uint16_t q; + bool is_product_form; + uint32_t indices_len_p; + uint32_t indices_len_m; + uint16_t *indices; + uint16_t *a; + uint16_t *c; +} ring_mult_test_t; + +uint16_t t1_indices[] = { 1, 6, 5, 3 }; + +uint16_t t1_a[] = { 1, 0, 0, 0, 0, 0, 0 }; +uint16_t t1_c[] = { 0, 1, 0, 7, 0, 7, 1 }; + +uint16_t t2_a[] = { 5, 0, 0, 0, 0, 0, 0 }; +uint16_t t2_c[] = { 0, 5, 0, 3, 0, 3, 5 }; + +uint16_t t3_a[] = { 4, 0, 0, 0, 0, 0, 0 }; +uint16_t t3_c[] = { 0, 4, 0, 4, 0, 4, 4 }; + +uint16_t t4_a[] = { 0, 6, 0, 0, 0, 0, 0 }; +uint16_t t4_c[] = { 6, 0, 6, 0, 2, 0, 2 }; + +uint16_t t5_a[] = { 4, 6, 0, 0, 0, 0, 0 }; +uint16_t t5_c[] = { 6, 4, 6, 4, 2, 4, 6 }; + +uint16_t t6_a[] = { 0, 0, 3, 0, 0, 0, 0 }; +uint16_t t6_c[] = { 5, 3, 0, 3, 0, 5, 0 }; + +uint16_t t7_a[] = { 4, 6, 3, 0, 0, 0, 0 }; +uint16_t t7_c[] = { 3, 7, 6, 7, 2, 1, 6 }; + +uint16_t t8_a[] = { 0, 0, 0, 7, 0, 0, 0 }; +uint16_t t8_c[] = { 0, 1, 7, 0, 7, 0, 1 }; + +uint16_t t9_a[] = { 4, 6, 3, 7, 0, 0, 0 }; +uint16_t t9_c[] = { 3, 0, 5, 7, 1, 1, 7 }; + +uint16_t t10_a[] = { 0, 0, 0, 0, 0, 1, 0 }; +uint16_t t10_c[] = { 0, 7, 0, 7, 1, 0, 1 }; + +uint16_t t11_a[] = { 4, 6, 3, 7, 0, 1, 0 }; +uint16_t t11_c[] = { 3, 7, 5, 6, 2, 1, 0 }; + +uint16_t t2_indices[] = { 1, 6, 5, 2, 3 }; + +uint16_t t12_c[] = { 0, 1, 7, 7, 0, 1, 1 }; +uint16_t t13_c[] = { 0, 1, 7, 7, 0, 7, 1 }; +uint16_t t14_c[] = { 0, 1, 0, 31, 0, 31, 1 }; +uint16_t t15_c[] = { 0, 5, 0, 2043, 0, 2043, 5 }; +uint16_t t16_c[] = { 0, 5, 0, 32763, 0, 32763, 5 }; + +uint16_t t3_indices[] = { 7, 2, 3, 5, 0, 2, 3, 10, 7, 0, 8, 2 }; + +uint16_t t17_a[] = { 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; +uint16_t t17_c[] = { 7, 1, 0, 1, 1, 7, 0, 7, 7, 7, 2 }; + +ring_mult_test_t ring_mult_tests[] = { + { 7, 8, FALSE, 2, 2, t1_indices, t1_a, t1_c }, + { 7, 8, FALSE, 2, 2, t1_indices, t2_a, t2_c }, + { 7, 8, FALSE, 2, 2, t1_indices, t3_a, t3_c }, + { 7, 8, FALSE, 2, 2, t1_indices, t4_a, t4_c }, + { 7, 8, FALSE, 2, 2, t1_indices, t5_a, t5_c }, + { 7, 8, FALSE, 2, 2, t1_indices, t6_a, t6_c }, + { 7, 8, FALSE, 2, 2, t1_indices, t7_a, t7_c }, + { 7, 8, FALSE, 2, 2, t1_indices, t8_a, t8_c }, + { 7, 8, FALSE, 2, 2, t1_indices, t9_a, t9_c }, + { 7, 8, FALSE, 2, 2, t1_indices, t10_a, t10_c }, + { 7, 8, FALSE, 2, 2, t1_indices, t11_a, t11_c }, + { 7, 8, FALSE, 3, 2, t2_indices, t1_a, t12_c }, + { 7, 8, FALSE, 2, 3, t2_indices, t1_a, t13_c }, + { 7, 32, FALSE, 2, 2, t1_indices, t1_a, t14_c }, + { 7, 2048, FALSE, 2, 2, t1_indices, t2_a, t15_c }, + { 7, 32768, FALSE, 2, 2, t1_indices, t2_a, t16_c }, + { 11, 8, TRUE, 197121, 197121, t3_indices, t17_a, t17_c }, +}; + +START_TEST(test_ntru_ring_mult) +{ + ntru_poly_t *poly; + ring_mult_test_t *t; + uint16_t *c; + int i; + + t = &ring_mult_tests[_i]; + poly = ntru_poly_create_from_data(t->indices, t->N, t->q, t->indices_len_p, + t->indices_len_m, t->is_product_form); + ck_assert(poly != NULL); + + c = malloc(t->N * sizeof(uint16_t)); + poly->ring_mult(poly, t->a, c); + + for (i = 0; i < t->N; i++) + { + ck_assert(c[i] == t->c[i]); + } + + free(c); + poly->destroy(poly); +} +END_TEST + +int array_tests[] = { 0, 11, 12, 16 }; + +START_TEST(test_ntru_array) +{ + ntru_poly_t *poly; + ring_mult_test_t *t; + uint16_t *c; + int i; + + t = &ring_mult_tests[array_tests[_i]]; + + poly = ntru_poly_create_from_data(t->indices, t->N, t->q, t->indices_len_p, + t->indices_len_m, t->is_product_form); + ck_assert(poly != NULL); + + c = malloc(t->N * sizeof(uint16_t)); + poly->get_array(poly, c); + + for (i = 0; i < t->N; i++) + { + ck_assert(c[i] == t->c[i]); + } + + free(c); + poly->destroy(poly); +} +END_TEST + +START_TEST(test_ntru_ke) +{ + chunk_t pub_key, cipher_text, i_shared_secret, r_shared_secret; + diffie_hellman_t *i_ntru, *r_ntru; + char buf[10]; + int n, len; + status_t status; + + len = snprintf(buf, sizeof(buf), "%N", diffie_hellman_group_names, + params[_i].group); + ck_assert(len == 8); + ck_assert(streq(buf, params[_i].group_name)); + + for (n = 0; n < countof(parameter_sets); n++) + { + lib->settings->set_str(lib->settings, + "libstrongswan.plugins.ntru.parameter_set", + parameter_sets[n]); + + i_ntru = lib->crypto->create_dh(lib->crypto, params[_i].group); + ck_assert(i_ntru != NULL); + ck_assert(i_ntru->get_dh_group(i_ntru) == params[_i].group); + + i_ntru->get_my_public_value(i_ntru, &pub_key); + ck_assert(pub_key.len > 0); + + r_ntru = lib->crypto->create_dh(lib->crypto, params[_i].group); + ck_assert(r_ntru != NULL); + + r_ntru->set_other_public_value(r_ntru, pub_key); + r_ntru->get_my_public_value(r_ntru, &cipher_text); + ck_assert(cipher_text.len > 0); + + status = r_ntru->get_shared_secret(r_ntru, &r_shared_secret); + ck_assert(status == SUCCESS); + ck_assert(r_shared_secret.len > 0); + + i_ntru->set_other_public_value(i_ntru, cipher_text); + status = i_ntru->get_shared_secret(i_ntru, &i_shared_secret); + + if (status == SUCCESS) + { + ck_assert(chunk_equals(i_shared_secret, r_shared_secret)); + } + else + { + ck_assert(i_shared_secret.len == 0); + } + + chunk_clear(&i_shared_secret); + chunk_clear(&r_shared_secret); + chunk_free(&pub_key); + chunk_free(&cipher_text); + i_ntru->destroy(i_ntru); + r_ntru->destroy(r_ntru); + } +} +END_TEST + +START_TEST(test_ntru_retransmission) +{ + diffie_hellman_t *i_ntru; + chunk_t pub_key1, pub_key2; + + i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_256_BIT); + i_ntru->get_my_public_value(i_ntru, &pub_key1); + i_ntru->get_my_public_value(i_ntru, &pub_key2); + ck_assert(chunk_equals(pub_key1, pub_key2)); + + chunk_free(&pub_key1); + chunk_free(&pub_key2); + i_ntru->destroy(i_ntru); +} +END_TEST + +chunk_t oid_tests[] = { + { NULL, 0 }, + chunk_from_chars(0x00), + chunk_from_chars(0x01), + chunk_from_chars(0x02), + chunk_from_chars(0x02, 0x03, 0x00, 0x03, 0x10), + chunk_from_chars(0x01, 0x04, 0x00, 0x03, 0x10), + chunk_from_chars(0x01, 0x03, 0x00, 0x03, 0x10), + chunk_from_chars(0x01, 0x03, 0xff, 0x03, 0x10), +}; + +START_TEST(test_ntru_pubkey_oid) +{ + diffie_hellman_t *r_ntru; + chunk_t cipher_text; + + r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT); + r_ntru->set_other_public_value(r_ntru, oid_tests[_i]); + r_ntru->get_my_public_value(r_ntru, &cipher_text); + ck_assert(cipher_text.len == 0); + r_ntru->destroy(r_ntru); +} +END_TEST + +START_TEST(test_ntru_wrong_set) +{ + diffie_hellman_t *i_ntru, *r_ntru; + chunk_t pub_key, cipher_text; + + lib->settings->set_str(lib->settings, + "libstrongswan.plugins.ntru.parameter_set", + "x9_98_bandwidth"); + i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT); + i_ntru->get_my_public_value(i_ntru, &pub_key); + + lib->settings->set_str(lib->settings, + "libstrongswan.plugins.ntru.parameter_set", + "optimum"); + r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_112_BIT); + r_ntru->set_other_public_value(r_ntru, pub_key); + r_ntru->get_my_public_value(r_ntru, &cipher_text); + ck_assert(cipher_text.len == 0); + + chunk_free(&pub_key); + chunk_free(&cipher_text); + i_ntru->destroy(i_ntru); + r_ntru->destroy(r_ntru); +} +END_TEST + +START_TEST(test_ntru_ciphertext) +{ + char buf_00[604], buf_ff[604]; + + chunk_t test[] = { + chunk_empty, + chunk_from_chars(0x00), + chunk_create(buf_00, sizeof(buf_00)), + chunk_create(buf_ff, sizeof(buf_ff)), + }; + + diffie_hellman_t *i_ntru; + chunk_t pub_key, shared_secret; + int i; + + memset(buf_00, 0x00, sizeof(buf_00)); + memset(buf_ff, 0xff, sizeof(buf_ff)); + + for (i = 0; i < countof(test); i++) + { + i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT); + i_ntru->get_my_public_value(i_ntru, &pub_key); + i_ntru->set_other_public_value(i_ntru, test[i]); + ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS); + ck_assert(shared_secret.len == 0); + + chunk_free(&pub_key); + i_ntru->destroy(i_ntru); + } +} +END_TEST + +START_TEST(test_ntru_wrong_ciphertext) +{ + diffie_hellman_t *i_ntru, *r_ntru, *m_ntru; + chunk_t pub_key_i, pub_key_m, cipher_text, shared_secret; + + i_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT); + r_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT); + m_ntru = lib->crypto->create_dh(lib->crypto, NTRU_128_BIT); + + i_ntru->get_my_public_value(i_ntru, &pub_key_i); + m_ntru->get_my_public_value(m_ntru, &pub_key_m); + r_ntru->set_other_public_value(r_ntru, pub_key_m); + r_ntru->get_my_public_value(r_ntru, &cipher_text); + i_ntru->set_other_public_value(i_ntru, cipher_text); + ck_assert(i_ntru->get_shared_secret(i_ntru, &shared_secret) != SUCCESS); + ck_assert(shared_secret.len == 0); + + chunk_free(&pub_key_i); + chunk_free(&pub_key_m); + chunk_free(&cipher_text); + i_ntru->destroy(i_ntru); + m_ntru->destroy(m_ntru); + r_ntru->destroy(r_ntru); +} +END_TEST + +Suite *ntru_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("ntru"); + + tc = tcase_create("drbg_strength"); + tcase_add_loop_test(tc, test_ntru_drbg_strength, 0, countof(strengths)); + suite_add_tcase(s, tc); + + tc = tcase_create("drbg"); + tcase_add_loop_test(tc, test_ntru_drbg, 0, countof(drbg_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("drgb_reseed"); + tcase_add_test(tc, test_ntru_drbg_reseed); + suite_add_tcase(s, tc); + + tc = tcase_create("mgf1"); + tcase_add_loop_test(tc, test_ntru_mgf1, 0, countof(mgf1_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("trits"); + tcase_add_loop_test(tc, test_ntru_trits, 0, countof(mgf1_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("poly"); + tcase_add_loop_test(tc, test_ntru_poly, 0, countof(mgf1_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("ring_mult"); + tcase_add_loop_test(tc, test_ntru_ring_mult, 0, countof(ring_mult_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("array"); + tcase_add_loop_test(tc, test_ntru_array, 0, countof(array_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("ke"); + tcase_add_loop_test(tc, test_ntru_ke, 0, countof(params)); + suite_add_tcase(s, tc); + + tc = tcase_create("retransmission"); + tcase_add_test(tc, test_ntru_retransmission); + suite_add_tcase(s, tc); + + tc = tcase_create("pubkey_oid"); + tcase_add_loop_test(tc, test_ntru_pubkey_oid, 0, countof(oid_tests)); + suite_add_tcase(s, tc); + + tc = tcase_create("wrong_set"); + tcase_add_test(tc, test_ntru_wrong_set); + suite_add_tcase(s, tc); + + tc = tcase_create("ciphertext"); + tcase_add_test(tc, test_ntru_ciphertext); + suite_add_tcase(s, tc); + + tc = tcase_create("wrong_ciphertext"); + tcase_add_test(tc, test_ntru_wrong_ciphertext); + suite_add_tcase(s, tc); + return s; +} diff --git a/src/libstrongswan/tests/suites/test_pen.c b/src/libstrongswan/tests/suites/test_pen.c new file mode 100644 index 000000000..a6cbc9aa1 --- /dev/null +++ b/src/libstrongswan/tests/suites/test_pen.c @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + + +#include "test_suite.h" + +#include <pen/pen.h> + +/******************************************************************************* + * create + */ + +START_TEST(test_pen_type_create) +{ + pen_type_t ita_1 = pen_type_create(PEN_ITA, 100); + + ck_assert(ita_1.vendor_id == PEN_ITA); + ck_assert(ita_1.type == 100); +} +END_TEST + +/******************************************************************************* + * equals + */ + +START_TEST(test_pen_type_equals) +{ + pen_type_t ita_1 = pen_type_create(PEN_ITA, 100); + pen_type_t ita_2 = pen_type_create(PEN_ITA, 200); + pen_type_t fhh_1 = pen_type_create(PEN_FHH, 100); + pen_type_t fhh_2 = pen_type_create(PEN_FHH, 200); + + ck_assert( pen_type_equals(ita_1, ita_1)); + ck_assert(!pen_type_equals(ita_1, ita_2)); + ck_assert(!pen_type_equals(ita_1, fhh_1)); + ck_assert(!pen_type_equals(ita_1, fhh_2)); +} +END_TEST + +/******************************************************************************* + * is + */ + +START_TEST(test_pen_type_is) +{ + pen_type_t ita_1 = pen_type_create(PEN_ITA, 100); + + ck_assert( pen_type_is(ita_1, PEN_ITA, 100)); + ck_assert(!pen_type_is(ita_1, PEN_ITA, 200)); + ck_assert(!pen_type_is(ita_1, PEN_FHH, 100)); + ck_assert(!pen_type_is(ita_1, PEN_FHH, 200)); +} +END_TEST + +Suite *pen_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("pen"); + + tc = tcase_create("create"); + tcase_add_test(tc, test_pen_type_create); + suite_add_tcase(s, tc); + + tc = tcase_create("equals"); + tcase_add_test(tc, test_pen_type_equals); + suite_add_tcase(s, tc); + + tc = tcase_create("is"); + tcase_add_test(tc, test_pen_type_is); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/tests/test_printf.c b/src/libstrongswan/tests/suites/test_printf.c index 6c15fbea1..9e40d1fc0 100644 --- a/src/libstrongswan/tests/test_printf.c +++ b/src/libstrongswan/tests/suites/test_printf.c @@ -17,10 +17,10 @@ #include <errno.h> #include <math.h> +#include <inttypes.h> static void verify(char *expected, char *format, ...) { - FILE *mem; char buf[128]; va_list args; @@ -29,17 +29,35 @@ static void verify(char *expected, char *format, ...) ck_assert_str_eq(expected, buf); va_end(args); - mem = fmemopen(buf, sizeof(buf), "w"); - va_start(args, format); - vfprintf(mem, format, args); - va_end(args); - fclose(mem); - ck_assert_str_eq(expected, buf); +#ifdef HAVE_FMEMOPEN + { + FILE *mem; + + mem = fmemopen(buf, sizeof(buf), "w"); + va_start(args, format); + vfprintf(mem, format, args); + va_end(args); + fclose(mem); + ck_assert_str_eq(expected, buf); + } +#endif /* HAVE_FMEMOPEN */ } +START_TEST(test_printf_null) +{ + char buf[16]; + + /* on FreeBSD "(null)" gets printed even when a precision of 0 is used. + * because printing of "(null)" for NULL is not standardized we don't verify + * the output and just make sure there is no crash */ + snprintf(buf, sizeof(buf), "%s", NULL); +} +END_TEST + START_TEST(test_printf_strings) { verify("a bc def", "%s %s %s", "a", "bc", "def"); + verify("", "%.0s", "asdfg"); verify("asd", "%.3s", "asdfg"); verify("asdf", "%.*s", (int)4, "asdfg"); verify(" asdf", "%6s", "asdf"); @@ -150,6 +168,26 @@ START_TEST(test_printf_float) } END_TEST +START_TEST(test_printf_pri) +{ + verify("255", "%" PRIu8, (u_int8_t)0xFF); + verify("65535", "%" PRIu16, (u_int16_t)0xFFFF); + verify("4294967295", "%" PRIu32, (u_int32_t)0x1FFFFFFFFll); + verify("18446744073709551615", "%" PRIu64, (u_int64_t)0xFFFFFFFFFFFFFFFFll); + + verify("-1", "%" PRId8, (int8_t)-1); + verify("-1", "%" PRId16, (int16_t)-1); + verify("-1", "%" PRId32, (int32_t)-1); + verify("-1", "%" PRId64, (int64_t)-1); + + verify("1", "%" PRIuMAX, (uintmax_t)1); + verify("1", "%" PRIuPTR, (uintptr_t)1); + + verify("-1", "%" PRIdMAX, (intmax_t)-1); + verify("-1", "%" PRIdPTR, (intptr_t)-1); +} +END_TEST + Suite *printf_suite_create() { Suite *s; @@ -158,6 +196,7 @@ Suite *printf_suite_create() s = suite_create("printf"); tc = tcase_create("strings"); + tcase_add_test(tc, test_printf_null); tcase_add_test(tc, test_printf_strings); suite_add_tcase(s, tc); @@ -181,5 +220,9 @@ Suite *printf_suite_create() tcase_add_test(tc, test_printf_float); suite_add_tcase(s, tc); + tc = tcase_create("PRI*"); + tcase_add_test(tc, test_printf_pri); + suite_add_tcase(s, tc); + return s; } diff --git a/src/libstrongswan/tests/test_rsa.c b/src/libstrongswan/tests/suites/test_rsa.c index 4c75c34bc..2c1c6fb8d 100644 --- a/src/libstrongswan/tests/test_rsa.c +++ b/src/libstrongswan/tests/suites/test_rsa.c @@ -117,7 +117,7 @@ static void test_bad_sigs(public_key_t *pubkey) * RSA key sizes to test */ static int key_sizes[] = { - 786, 1024, 1536, 2048, 3072, 4096, + 768, 1024, 1536, 2048, 3072, 4096, }; START_TEST(test_gen) @@ -377,11 +377,17 @@ Suite *rsa_suite_create() { Suite *s; TCase *tc; + int gen_count = countof(key_sizes); s = suite_create("rsa"); + if (getenv("TESTS_REDUCED_KEYLENGTHS") != NULL) + { + gen_count = min(1, gen_count); + } + tc = tcase_create("generate"); - tcase_add_loop_test(tc, test_gen, 0, countof(key_sizes)); + tcase_add_loop_test(tc, test_gen, 0, gen_count); tcase_set_timeout(tc, 8); suite_add_tcase(s, tc); diff --git a/src/libstrongswan/tests/suites/test_settings.c b/src/libstrongswan/tests/suites/test_settings.c new file mode 100644 index 000000000..096465191 --- /dev/null +++ b/src/libstrongswan/tests/suites/test_settings.c @@ -0,0 +1,920 @@ +/* + * Copyright (C) 2014 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <unistd.h> + +#include <utils/settings.h> +#include <utils/chunk.h> +#include <utils/utils.h> +#include <collections/linked_list.h> + +static char *path = "/tmp/strongswan-settings-test"; +static settings_t *settings; + +static void create_settings(chunk_t contents) +{ + ck_assert(chunk_write(contents, path, 0022, TRUE)); + settings = settings_create(path); +} + +START_SETUP(setup_base_config) +{ + create_settings(chunk_from_str( + "main {\n" + " key1 = val1\n" + " # this gets overridden below\n" + " key2 = val2\n" + " none = \n" + " sub1 {\n" + " key = value\n" + " key2 = value2\n" + " subsub {\n" + " foo = bar\n" + " }\n" + " # subsub is a section and a value\n" + " subsub = section value\n" + " }\n" + " sub% {\n" + " id = %any\n" + " }\n" + " key2 = with spaces\n" + "}\n" + "out = side\n" + "other {\n" + " key1 = other val\n" + " empty {\n" + " }\n" + "}")); +} +END_SETUP + +START_TEARDOWN(teardown_config) +{ + settings->destroy(settings); + unlink(path); +} +END_TEARDOWN + +#define verify_string(expected, key, ...) \ + ck_assert_str_eq(expected, settings->get_str(settings, key, NULL, ##__VA_ARGS__)) +#define verify_null(key, ...) \ + ck_assert(!settings->get_str(settings, key, NULL, ##__VA_ARGS__)) + +START_TEST(test_get_str) +{ + verify_string("val1", "main.key1"); + verify_string("val1", "main..key1"); + verify_string("val1", ".main.key1"); + verify_string("with spaces", "main.key2"); + verify_string("value", "main.sub1.key"); + verify_string("value2", "main.sub1.key2"); + verify_string("bar", "main.sub1.subsub.foo"); + verify_string("section value", "main.sub1.subsub"); + verify_string("%any", "main.sub%%.id"); + verify_string("side", "out"); + verify_string("other val", "other.key1"); + + /* FIXME: should this rather be undefined i.e. return the default value? */ + verify_string("", "main.none"); + + verify_null("main.key3"); + verify_null("other.sub"); +} +END_TEST + +enum { + KEY1, + SUB1 +} settings_test_enum; + +enum_name_t *test_settings_test_names; + +ENUM_BEGIN(test_settings_test_names, KEY1, SUB1, + "key1", "sub1"); +ENUM_END(test_settings_test_names, SUB1); + +START_TEST(test_get_str_printf) +{ + verify_string("val1", "%s.key1", "main"); + verify_string("val1", "%s.%s", "main", "key1"); + verify_string("val1", "%s.%N", "main", test_settings_test_names, KEY1); + verify_string("val1", "%s.%s%d", "main", "key", 1); + verify_string("bar", "%s.sub1.%s.foo", "main", "subsub"); + verify_string("bar", "%s.%N.%s.foo", "main", test_settings_test_names, SUB1, "subsub"); + verify_string("bar", "%s.sub%d.%s.foo", "main", 1, "subsub"); + verify_string("%any", "%s.sub%%.id", "main"); + + /* FIXME: this is a bit inconsistent, while this works */ + verify_string("value2", "main.%s%u.key2", "sub", 1); + /* this won't because no argument is consumed for %u so key1 will be tried + * granted, we never actually used any other specifiers, but we should + * probably document it at least */ + verify_null("main.%s%u.key%d", "sub", 1, 2); + + verify_null("%s.%s%d", "main", "key", 3); +} +END_TEST + +START_TEST(test_set_str) +{ + settings->set_str(settings, "main.key1", "val"); + verify_string("val", "main.key1"); + settings->set_str(settings, "main.key1", "longer value"); + verify_string("longer value", "main.key1"); + settings->set_str(settings, "main", "main val"); + verify_string("main val", "main"); + settings->set_str(settings, "main.sub1.new", "added"); + verify_string("added", "main.sub1.new"); + settings->set_str(settings, "main.sub2.newsub.foo", "bar"); + verify_string("bar", "main.sub2.newsub.foo"); + settings->set_str(settings, "new.newsub.foo", "bar"); + verify_string("bar", "new.newsub.foo"); + settings->set_str(settings, "main.key1", NULL); + verify_null("main.key1"); +} +END_TEST + +START_TEST(test_set_str_printf) +{ + settings->set_str(settings, "%s.key1", "val", "main"); + verify_string("val", "main.key1"); + settings->set_str(settings, "main.%N.new", "added", test_settings_test_names, SUB1); + verify_string("added", "main.sub1.new"); + settings->set_str(settings, "main.%s%d.newsub.%s", "bar", "sub", 2, "foo"); + verify_string("bar", "main.sub2.newsub.foo"); +} +END_TEST + +START_TEST(test_set_default_str) +{ + settings->set_default_str(settings, "main.key1", "default"); + verify_string("val1", "main.key1"); + settings->set_default_str(settings, "main.sub1.new", "added"); + verify_string("added", "main.sub1.new"); + settings->set_str(settings, "main.sub1.new", "changed"); + verify_string("changed", "main.sub1.new"); +} +END_TEST + +START_SETUP(setup_bool_config) +{ + create_settings(chunk_from_str( + "main {\n" + " key1 = yes\n" + " key2 = true\n" + " key3 = Enabled\n" + " key4 = 1\n" + " key5 = no\n" + " key6 = FALSE\n" + " key7 = disabled\n" + " key8 = 0\n" + " key9 = 5\n" + " none = \n" + " foo = bar\n" + "}")); +} +END_SETUP + +#define verify_bool(expected, def, key, ...) \ + ck_assert(expected == settings->get_bool(settings, key, def, ##__VA_ARGS__)) + +START_TEST(test_get_bool) +{ + verify_bool(TRUE, FALSE, "main.key1"); + verify_bool(TRUE, FALSE, "main.key2"); + verify_bool(TRUE, FALSE, "main.key3"); + verify_bool(TRUE, FALSE, "main.key4"); + verify_bool(FALSE, TRUE, "main.key5"); + verify_bool(FALSE, TRUE, "main.key6"); + verify_bool(FALSE, TRUE, "main.key7"); + verify_bool(FALSE, TRUE, "main.key8"); + + verify_bool(FALSE, FALSE, "main.none"); + verify_bool(TRUE, TRUE, "main.none"); + verify_bool(FALSE, FALSE, "main.foo"); + verify_bool(TRUE, TRUE, "main.foo"); + + verify_bool(FALSE, FALSE, "main.key9"); + verify_bool(TRUE, TRUE, "main.key9"); + verify_bool(FALSE, FALSE, "main"); + verify_bool(TRUE, TRUE, "main"); + +} +END_TEST + +START_TEST(test_set_bool) +{ + settings->set_str(settings, "main.key1", "no"); + verify_bool(FALSE, TRUE, "main.key1"); + settings->set_bool(settings, "main.key2", FALSE); + verify_bool(FALSE, TRUE, "main.key2"); + settings->set_str(settings, "main.key3", NULL); + verify_bool(FALSE, FALSE, "main.key3"); + verify_bool(TRUE, TRUE, "main.key3"); + settings->set_bool(settings, "main.key5", TRUE); + verify_bool(TRUE, FALSE, "main.key5"); + settings->set_bool(settings, "main.new", TRUE); + verify_bool(TRUE, FALSE, "main.new"); +} +END_TEST + +START_SETUP(setup_int_config) +{ + create_settings(chunk_from_str( + "main {\n" + " key1 = 5\n" + " # gets cut off\n" + " key2 = 5.5\n" + " key3 = -42\n" + " none = \n" + " foo1 = bar\n" + " foo2 = bar13\n" + " foo3 = 13bar\n" + "}")); +} +END_SETUP + +#define verify_int(expected, def, key, ...) \ + ck_assert_int_eq(expected, settings->get_int(settings, key, def, ##__VA_ARGS__)) + +START_TEST(test_get_int) +{ + verify_int(5, 0, "main.key1"); + verify_int(5, 0, "main.key2"); + verify_int(-42, 0, "main.key3"); + + /* FIXME: do we want this behavior? */ + verify_int(0, 11, "main.none"); + verify_int(0, 11, "main.foo1"); + verify_int(0, 11, "main.foo2"); + verify_int(13, 11, "main.foo3"); + + verify_int(13, 13, "main.key4"); + verify_int(-13, -13, "main"); +} +END_TEST + +START_TEST(test_set_int) +{ + settings->set_str(settings, "main.key1", "13"); + verify_int(13, 0, "main.key1"); + settings->set_int(settings, "main.key2", 6); + verify_int(6, 0, "main.key2"); + settings->set_int(settings, "main.key3", -6); + verify_int(-6, 0, "main.key3"); + settings->set_str(settings, "main.key3", NULL); + verify_int(15, 15, "main.key3"); + settings->set_int(settings, "main.new", 314); + verify_int(314, 0, "main.new"); +} +END_TEST + +START_SETUP(setup_double_config) +{ + create_settings(chunk_from_str( + "main {\n" + " key1 = 5\n" + " key2 = 5.5\n" + " key3 = -42\n" + " key4 = -42.5\n" + " none = \n" + " foo1 = bar\n" + " foo2 = bar13.5\n" + " foo3 = 13.5bar\n" + "}")); +} +END_SETUP + +#define verify_double(expected, def, key, ...) \ + ck_assert(expected == settings->get_double(settings, key, def, ##__VA_ARGS__)) + +START_TEST(test_get_double) +{ + verify_double(5, 0, "main.key1"); + verify_double(5.5, 0, "main.key2"); + verify_double(-42, 0, "main.key3"); + verify_double(-42.5, 0, "main.key4"); + + /* FIXME: do we want this behavior? */ + verify_double(0, 11.5, "main.none"); + verify_double(0, 11.5, "main.foo1"); + verify_double(0, 11.5, "main.foo2"); + verify_double(13.5, 11.5, "main.foo3"); + + verify_double(11.5, 11.5, "main.key5"); + verify_double(-11.5, -11.5, "main"); +} +END_TEST + +START_TEST(test_set_double) +{ + settings->set_str(settings, "main.key1", "5.5"); + verify_double(5.5, 0, "main.key1"); + settings->set_double(settings, "main.key2", 13); + verify_double(13, 0, "main.key2"); + settings->set_double(settings, "main.key3", -13.5); + verify_double(-13.5, 0, "main.key3"); + settings->set_double(settings, "main.key4", 11.5); + verify_double(11.5, 0, "main.key4"); + settings->set_str(settings, "main.key4", NULL); + verify_double(42.5, 42.5, "main.key4"); + settings->set_double(settings, "main.new", 3.14); + verify_double(3.14, 0, "main.new"); +} +END_TEST + +START_SETUP(setup_time_config) +{ + create_settings(chunk_from_str( + "main {\n" + " key1 = 5s\n" + " key2 = 5m\n" + " key3 = 5h\n" + " key4 = 5d\n" + " none = \n" + " foo1 = bar\n" + " foo2 = bar13\n" + " foo3 = 13bar\n" + "}")); +} +END_SETUP + +#define verify_time(expected, def, key, ...) \ + ck_assert_int_eq(expected, settings->get_time(settings, key, def, ##__VA_ARGS__)) + +START_TEST(test_get_time) +{ + verify_time(5, 0, "main.key1"); + verify_time(300, 0, "main.key2"); + verify_time(18000, 0, "main.key3"); + verify_time(432000, 0, "main.key4"); + + /* FIXME: do we want this behavior? */ + verify_time(0, 11, "main.none"); + verify_time(0, 11, "main.foo1"); + verify_time(0, 11, "main.foo2"); + verify_time(13, 11, "main.foo3"); + + verify_time(11, 11, "main.key5"); + verify_time(11, 11, "main"); +} +END_TEST + +START_TEST(test_set_time) +{ + settings->set_str(settings, "main.key1", "15m"); + verify_time(900, 0, "main.key1"); + settings->set_time(settings, "main.key2", 15); + verify_time(15, 0, "main.key2"); + settings->set_str(settings, "main.key3", NULL); + verify_time(300, 300, "main.key3"); + settings->set_time(settings, "main.new", 314); + verify_time(314, 0, "main.new"); +} +END_TEST + +static bool verify_section(linked_list_t *verifier, char *section) +{ + enumerator_t *enumerator; + char *current; + bool result = FALSE; + + enumerator = verifier->create_enumerator(verifier); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (streq(current, section)) + { + verifier->remove_at(verifier, enumerator); + result = TRUE; + break; + } + } + enumerator->destroy(enumerator); + return result; +} + +static void verify_sections(linked_list_t *verifier, char *parent) +{ + enumerator_t *enumerator; + char *section; + + enumerator = settings->create_section_enumerator(settings, parent); + while (enumerator->enumerate(enumerator, §ion)) + { + ck_assert(verify_section(verifier, section)); + } + enumerator->destroy(enumerator); + ck_assert_int_eq(0, verifier->get_count(verifier)); + verifier->destroy(verifier); +} + +START_TEST(test_section_enumerator) +{ + linked_list_t *verifier; + + verifier = linked_list_create_with_items("sub1", "sub%", NULL); + verify_sections(verifier, "main"); + + settings->set_str(settings, "main.sub2.new", "added"); + verifier = linked_list_create_with_items("sub1", "sub%", "sub2", NULL); + verify_sections(verifier, "main"); + + verifier = linked_list_create_with_items("subsub", NULL); + verify_sections(verifier, "main.sub1"); + + verifier = linked_list_create_with_items(NULL); + verify_sections(verifier, "main.sub%%"); + + verifier = linked_list_create_with_items(NULL); + verify_sections(verifier, "main.key1"); + + verifier = linked_list_create_with_items(NULL); + verify_sections(verifier, "main.unknown"); +} +END_TEST + +static bool verify_key_value(linked_list_t *keys, linked_list_t *values, + char *key, char *value) +{ + enumerator_t *enum_keys, *enum_values; + char *current_key, *current_value; + bool result = FALSE; + + enum_keys = keys->create_enumerator(keys); + enum_values = values->create_enumerator(values); + while (enum_keys->enumerate(enum_keys, ¤t_key) && + enum_values->enumerate(enum_values, ¤t_value)) + { + if (streq(current_key, key)) + { + ck_assert_str_eq(current_value, value); + keys->remove_at(keys, enum_keys); + values->remove_at(values, enum_values); + result = TRUE; + break; + } + } + enum_keys->destroy(enum_keys); + enum_values->destroy(enum_values); + return result; +} + +static void verify_key_values(linked_list_t *keys, linked_list_t *values, + char *parent) +{ + enumerator_t *enumerator; + char *key, *value; + + enumerator = settings->create_key_value_enumerator(settings, parent); + while (enumerator->enumerate(enumerator, &key, &value)) + { + ck_assert(verify_key_value(keys, values, key, value)); + } + enumerator->destroy(enumerator); + ck_assert_int_eq(0, keys->get_count(keys)); + keys->destroy(keys); + values->destroy(values); +} + +START_TEST(test_key_value_enumerator) +{ + linked_list_t *keys, *values; + + keys = linked_list_create_with_items("key1", "key2", "none", NULL); + values = linked_list_create_with_items("val1", "with spaces", "", NULL); + verify_key_values(keys, values, "main"); + + keys = linked_list_create_with_items("key", "key2", "subsub", NULL); + values = linked_list_create_with_items("value", "value2", "section value", NULL); + verify_key_values(keys, values, "main.sub1"); + + settings->set_str(settings, "main.sub2.new", "added"); + keys = linked_list_create_with_items("new", NULL); + values = linked_list_create_with_items("added", NULL); + verify_key_values(keys, values, "main.sub2"); + + keys = linked_list_create_with_items(NULL); + values = linked_list_create_with_items(NULL); + verify_key_values(keys, values, "other.empty"); + + settings->set_str(settings, "other.empty.new", "added"); + keys = linked_list_create_with_items("new", NULL); + values = linked_list_create_with_items("added", NULL); + verify_key_values(keys, values, "other.empty"); + + keys = linked_list_create_with_items(NULL); + values = linked_list_create_with_items(NULL); + verify_key_values(keys, values, "main.unknown"); +} +END_TEST + +#define include1 "/tmp/strongswan-settings-test-include1" +#define include2 "/tmp/strongswan-settings-test-include2" + +START_SETUP(setup_include_config) +{ + chunk_t inc1 = chunk_from_str( + "main {\n" + " key1 = n1\n" + " key2 = n2\n" + " none = \n" + " sub1 {\n" + " key3 = value\n" + " }\n" + " sub2 {\n" + " sub3 = val3\n" + " }\n" + " include " include2 "\n" + "}"); + chunk_t inc2 = chunk_from_str( + "key2 = v2\n" + "sub1 {\n" + " key = val\n" + "}"); + ck_assert(chunk_write(inc1, include1, 0022, TRUE)); + ck_assert(chunk_write(inc2, include2, 0022, TRUE)); +} +END_SETUP + +START_TEARDOWN(teardown_include_config) +{ + settings->destroy(settings); + unlink(include2); + unlink(include1); + unlink(path); +} +END_TEARDOWN + +static void verify_include() +{ + verify_string("n1", "main.key1"); + verify_string("v2", "main.key2"); + verify_string("", "main.none"); + verify_string("val", "main.sub1.key"); + verify_string("v2", "main.sub1.key2"); + verify_string("val", "main.sub1.sub1.key"); + verify_string("value", "main.sub1.key3"); + verify_string("value", "main.sub1.include"); + verify_string("val3", "main.sub2.sub3"); +} + +START_TEST(test_include) +{ + chunk_t contents = chunk_from_str( + "main {\n" + " key1 = val1\n" + " key2 = val2\n" + " none = x\n" + " sub1 {\n" + " include = value\n" + " key2 = value2\n" + " include " include2 "\n" + " }\n" + "}\n" + "# currently there must be a newline after include statements\n" + "include " include1 "\n"); + + create_settings(contents); + verify_include(); +} +END_TEST + +START_TEST(test_load_files) +{ + chunk_t contents = chunk_from_str( + "main {\n" + " key1 = val1\n" + " key2 = val2\n" + " none = x\n" + " sub1 {\n" + " include = value\n" + " key2 = v2\n" + " sub1 {\n" + " key = val\n" + " }\n" + " }\n" + "}"); + + create_settings(contents); + + ck_assert(settings->load_files(settings, include1, TRUE)); + verify_include(); + + ck_assert(settings->load_files(settings, include2, FALSE)); + verify_null("main.key1"); + verify_string("v2", "key2"); + verify_string("val", "sub1.key"); + verify_null("main.sub1.key3"); +} +END_TEST + +START_TEST(test_load_files_section) +{ + chunk_t contents = chunk_from_str( + "main {\n" + " key1 = val1\n" + " key2 = val2\n" + " none = x\n" + " sub1 {\n" + " include = value\n" + " key2 = value2\n" + " }\n" + "}"); + + create_settings(contents); + + ck_assert(settings->load_files_section(settings, include1, TRUE, "")); + ck_assert(settings->load_files_section(settings, include2, TRUE, "main.sub1")); + verify_include(); + + /* non existing files are no failure */ + ck_assert(settings->load_files_section(settings, include1".conf", TRUE, "")); + verify_include(); + + /* unreadable files are */ + ck_assert(chunk_write(contents, include1".no", 0444, TRUE)); + ck_assert(!settings->load_files_section(settings, include1".no", TRUE, "")); + unlink(include1".no"); + verify_include(); + + ck_assert(settings->load_files_section(settings, include2, FALSE, "main")); + verify_null("main.key1"); + verify_string("v2", "main.key2"); + verify_string("val", "main.sub1.key"); + verify_null("main.sub1.key3"); + verify_null("main.sub2.sub3"); + + ck_assert(settings->load_files_section(settings, include2, TRUE, "main.sub2")); + verify_string("v2", "main.sub2.key2"); + verify_string("val", "main.sub2.sub1.key"); +} +END_TEST + +START_SETUP(setup_fallback_config) +{ + create_settings(chunk_from_str( + "main {\n" + " key1 = val1\n" + " sub1 {\n" + " key1 = val1\n" + " }\n" + "}\n" + "sub {\n" + " key1 = subval1\n" + " key2 = subval2\n" + " subsub {\n" + " subkey1 = subsubval1\n" + " }\n" + "}\n" + "base {\n" + " key1 = baseval1\n" + " key2 = baseval2\n" + " sub1 {\n" + " key1 = subbase1\n" + " key2 = subbase2\n" + " key3 = subbase3\n" + " subsub {\n" + " subkey1 = subsubbaseval1\n" + " subkey2 = subsubbaseval2\n" + " }\n" + " }\n" + " sub2 {\n" + " key4 = subbase4\n" + " }\n" + "}")); +} +END_SETUP + +START_TEST(test_add_fallback) +{ + linked_list_t *keys, *values; + + settings->add_fallback(settings, "main.sub1", "sub"); + verify_string("val1", "main.sub1.key1"); + verify_string("subval2", "main.sub1.key2"); + verify_string("subsubval1", "main.sub1.subsub.subkey1"); + + /* fallbacks are preserved even if the complete config is replaced */ + settings->load_files(settings, path, FALSE); + verify_string("val1", "main.sub1.key1"); + verify_string("subval2", "main.sub1.key2"); + verify_string("subsubval1", "main.sub1.subsub.subkey1"); + + keys = linked_list_create_with_items("sub1", NULL); + verify_sections(keys, "main"); + keys = linked_list_create_with_items("subsub", NULL); + verify_sections(keys, "main.sub1"); + + keys = linked_list_create_with_items("key1", NULL); + values = linked_list_create_with_items("val1", NULL); + verify_key_values(keys, values, "main"); + + keys = linked_list_create_with_items("key1", "key2", NULL); + values = linked_list_create_with_items("val1", "subval2", NULL); + verify_key_values(keys, values, "main.sub1"); + + keys = linked_list_create_with_items("subkey1", NULL); + values = linked_list_create_with_items("subsubval1", NULL); + verify_key_values(keys, values, "main.sub1.subsub"); + + settings->add_fallback(settings, "main", "base"); + verify_string("val1", "main.key1"); + verify_string("baseval2", "main.key2"); + verify_string("val1", "main.sub1.key1"); + verify_string("subval2", "main.sub1.key2"); + verify_string("subsubval1", "main.sub1.subsub.subkey1"); + verify_string("subsubbaseval2", "main.sub1.subsub.subkey2"); + verify_string("subbase3", "main.sub1.key3"); + verify_string("subbase4", "main.sub2.key4"); + + + keys = linked_list_create_with_items("sub1", "sub2", NULL); + verify_sections(keys, "main"); + keys = linked_list_create_with_items("subsub", NULL); + verify_sections(keys, "main.sub1"); + + keys = linked_list_create_with_items("key1", "key2", NULL); + values = linked_list_create_with_items("val1", "baseval2", NULL); + verify_key_values(keys, values, "main"); + + keys = linked_list_create_with_items("key1", "key2", "key3", NULL); + values = linked_list_create_with_items("val1", "subval2", "subbase3", NULL); + verify_key_values(keys, values, "main.sub1"); + + keys = linked_list_create_with_items("subkey1", "subkey2", NULL); + values = linked_list_create_with_items("subsubval1", "subsubbaseval2", NULL); + verify_key_values(keys, values, "main.sub1.subsub"); + + settings->set_str(settings, "main.sub1.key2", "val2"); + verify_string("val2", "main.sub1.key2"); + settings->set_str(settings, "main.sub1.subsub.subkey2", "val2"); + verify_string("val2", "main.sub1.subsub.subkey2"); + verify_string("subsubval1", "main.sub1.subsub.subkey1"); +} +END_TEST + +START_TEST(test_add_fallback_printf) +{ + settings->add_fallback(settings, "%s.sub1", "sub", "main"); + verify_string("val1", "main.sub1.key1"); + verify_string("subval2", "main.sub1.key2"); + verify_string("subsubval1", "main.sub1.subsub.subkey1"); + + settings->add_fallback(settings, "%s.%s2", "%s.%s1", "main", "sub"); + verify_string("val1", "main.sub2.key1"); + verify_string("subval2", "main.sub2.key2"); + verify_string("subsubval1", "main.sub2.subsub.subkey1"); +} +END_TEST + +START_SETUP(setup_invalid_config) +{ + create_settings(chunk_from_str( + "# section without name\n" + "{\n" + " key1 = val1\n" + "}\n" + "main {\n" + " key2 = val2\n" + " # value without key\n" + " = val3\n" + " key4 = val4\n" + " # key without value does not change it\n" + " key4\n" + " # subsection without name\n" + " {\n" + " key5 = val5\n" + " }\n" + " # empty include pattern\n" + " include\n" + " key6 = val6\n" + "}")); +} +END_SETUP + +START_TEST(test_invalid) +{ + linked_list_t *keys, *values; + chunk_t contents; + + verify_null("key1"); + verify_null(".key1"); + verify_null("%s.key1", ""); + verify_string("val2", "main.key2"); + verify_string("val4", "main.key4"); + verify_null("main..key5"); + verify_string("val6", "main.key6"); + + keys = linked_list_create_with_items("main", NULL); + verify_sections(keys, ""); + + keys = linked_list_create_with_items(NULL); + verify_sections(keys, "main"); + + keys = linked_list_create_with_items("key2", "key4", "key6", NULL); + values = linked_list_create_with_items("val2", "val4", "val6", NULL); + verify_key_values(keys, values, "main"); + + /* FIXME: we should probably fix this */ + contents = chunk_from_str( + "requires = newline"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(!settings->load_files(settings, path, FALSE)); + + contents = chunk_from_str( + "unterminated {\n" + " not = valid\n"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(!settings->load_files(settings, path, FALSE)); + + contents = chunk_from_str( + "singleline { not = valid }\n"); + ck_assert(chunk_write(contents, path, 0022, TRUE)); + ck_assert(!settings->load_files(settings, path, FALSE)); +} +END_TEST + +Suite *settings_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("settings"); + + tc = tcase_create("get/set_str (basic behavior)"); + tcase_add_checked_fixture(tc, setup_base_config, teardown_config); + tcase_add_test(tc, test_get_str); + tcase_add_test(tc, test_get_str_printf); + tcase_add_test(tc, test_set_str); + tcase_add_test(tc, test_set_str_printf); + tcase_add_test(tc, test_set_default_str); + suite_add_tcase(s, tc); + + tc = tcase_create("get/set_bool"); + tcase_add_checked_fixture(tc, setup_bool_config, teardown_config); + tcase_add_test(tc, test_get_bool); + tcase_add_test(tc, test_set_bool); + suite_add_tcase(s, tc); + + tc = tcase_create("get/set_int"); + tcase_add_checked_fixture(tc, setup_int_config, teardown_config); + tcase_add_test(tc, test_get_int); + tcase_add_test(tc, test_set_int); + suite_add_tcase(s, tc); + + tc = tcase_create("get/set_double"); + tcase_add_checked_fixture(tc, setup_double_config, teardown_config); + tcase_add_test(tc, test_get_double); + tcase_add_test(tc, test_set_double); + suite_add_tcase(s, tc); + + tc = tcase_create("get/set_time"); + tcase_add_checked_fixture(tc, setup_time_config, teardown_config); + tcase_add_test(tc, test_get_time); + tcase_add_test(tc, test_set_time); + suite_add_tcase(s, tc); + + tc = tcase_create("section enumerator"); + tcase_add_checked_fixture(tc, setup_base_config, teardown_config); + tcase_add_test(tc, test_section_enumerator); + suite_add_tcase(s, tc); + + tc = tcase_create("key/value enumerator"); + tcase_add_checked_fixture(tc, setup_base_config, teardown_config); + tcase_add_test(tc, test_key_value_enumerator); + suite_add_tcase(s, tc); + + tc = tcase_create("include/load_files[_section]"); + tcase_add_checked_fixture(tc, setup_include_config, teardown_include_config); + tcase_add_test(tc, test_include); + tcase_add_test(tc, test_load_files); + tcase_add_test(tc, test_load_files_section); + suite_add_tcase(s, tc); + + tc = tcase_create("fallback"); + tcase_add_checked_fixture(tc, setup_fallback_config, teardown_config); + tcase_add_test(tc, test_add_fallback); + tcase_add_test(tc, test_add_fallback_printf); + suite_add_tcase(s, tc); + + tc = tcase_create("invalid data"); + tcase_add_checked_fixture(tc, setup_invalid_config, teardown_config); + tcase_add_test(tc, test_invalid); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/tests/suites/test_stream.c b/src/libstrongswan/tests/suites/test_stream.c new file mode 100644 index 000000000..2d3173d46 --- /dev/null +++ b/src/libstrongswan/tests/suites/test_stream.c @@ -0,0 +1,267 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <unistd.h> + +static char* services[] = { + "unix:///tmp/strongswan-test-service.sck", + "tcp://127.0.0.1:7766", + "tcp://[::1]:7766", +}; + +static char msg[] = "testmessage"; +static int msglen = 12; + +static bool servicing(void *data, stream_t *stream) +{ + char buf[64]; + ssize_t len, total; + + ck_assert(streq((char*)data, "test")); + + for (total = 0; total < msglen;) + { + len = stream->read(stream, buf, sizeof(buf), TRUE); + ck_assert(len > 0); + total += len; + } + for (total = 0; total < msglen;) + { + len = stream->write(stream, buf, len, TRUE); + ck_assert(len > 0); + total += len; + } + + return FALSE; +} + +START_TEST(test_sync) +{ + char buf[64]; + stream_service_t *service; + stream_t *stream; + ssize_t len, total; + + lib->processor->set_threads(lib->processor, 8); + + service = lib->streams->create_service(lib->streams, services[_i], 1); + ck_assert(service != NULL); + service->on_accept(service, servicing, "test", JOB_PRIO_HIGH, 1); + + stream = lib->streams->connect(lib->streams, services[_i]); + ck_assert(stream != NULL); + for (total = 0; total < msglen;) + { + len = stream->write(stream, msg, msglen, TRUE); + ck_assert(len > 0); + total += len; + } + for (total = 0; total < msglen;) + { + len = stream->read(stream, buf, sizeof(buf), TRUE); + ck_assert(len > 0); + total += len; + } + ck_assert(streq(buf, msg)); + stream->destroy(stream); + + service->destroy(service); +} +END_TEST + +static bool on_write(void *data, stream_t *stream) +{ + ssize_t len, total; + + ck_assert(streq((char*)data, "test-write")); + for (total = 0; total < msglen;) + { + len = stream->write(stream, msg, msglen, TRUE); + ck_assert(len > 0); + total += len; + } + return FALSE; +} + +static bool read_done = FALSE; + +static bool on_read(void *data, stream_t *stream) +{ + ssize_t len, total; + char buf[64]; + + ck_assert(streq((char*)data, "test-read")); + for (total = 0; total < msglen;) + { + len = stream->read(stream, buf, sizeof(buf), TRUE); + ck_assert(len > 0); + total += len; + } + ck_assert(streq(buf, msg)); + read_done = TRUE; + return FALSE; +} + +START_TEST(test_async) +{ + stream_service_t *service; + stream_t *stream; + + + lib->processor->set_threads(lib->processor, 8); + + service = lib->streams->create_service(lib->streams, services[_i], 1); + ck_assert(service != NULL); + service->on_accept(service, servicing, "test", JOB_PRIO_HIGH, 0); + + stream = lib->streams->connect(lib->streams, services[_i]); + ck_assert(stream != NULL); + read_done = FALSE; + stream->on_write(stream, (stream_cb_t)on_write, "test-write"); + stream->on_read(stream, (stream_cb_t)on_read, "test-read"); + + while (!read_done) + { + usleep(1000); + } + stream->destroy(stream); + + service->destroy(service); +} +END_TEST + +static bool all(void *data, stream_t *stream) +{ + char buf[64], *pos; + ssize_t len; + int i; + + pos = buf; + for (i = 0; i < msglen; i++) + { + len = stream->read(stream, pos, 1, TRUE); + ck_assert_int_eq(len, 1); + pos += len; + } + pos = buf; + for (i = 0; i < msglen; i++) + { + len = stream->write(stream, pos, 1, TRUE); + ck_assert_int_eq(len, 1); + pos += len; + } + + return FALSE; +} + +START_TEST(test_all) +{ + char buf[64]; + stream_service_t *service; + stream_t *stream; + + lib->processor->set_threads(lib->processor, 8); + + service = lib->streams->create_service(lib->streams, services[_i], 1); + ck_assert(service != NULL); + service->on_accept(service, all, NULL, JOB_PRIO_HIGH, 1); + + stream = lib->streams->connect(lib->streams, services[_i]); + ck_assert(stream != NULL); + ck_assert(stream->write_all(stream, msg, msglen)); + ck_assert(stream->read_all(stream, buf, msglen)); + ck_assert(streq(buf, msg)); + stream->destroy(stream); + + service->destroy(service); +} +END_TEST + +static bool concurrency(void *data, stream_t *stream) +{ + static refcount_t refs = 0; + u_int current; + ssize_t len; + + current = ref_get(&refs); + ck_assert(current <= 3); + len = stream->write(stream, "x", 1, TRUE); + ck_assert_int_eq(len, 1); + usleep(1000); + ignore_result(ref_put(&refs)); + + return FALSE; +} + +START_TEST(test_concurrency) +{ + stream_service_t *service; + stream_t *streams[10]; + ssize_t len; + char x; + int i; + + lib->processor->set_threads(lib->processor, 8); + + service = lib->streams->create_service(lib->streams, services[_i], 10); + ck_assert(service != NULL); + service->on_accept(service, concurrency, NULL, JOB_PRIO_HIGH, 3); + + for (i = 0; i < countof(streams); i++) + { + streams[i] = lib->streams->connect(lib->streams, services[_i]); + ck_assert(streams[i] != NULL); + } + for (i = 0; i < countof(streams); i++) + { + len = streams[i]->read(streams[i], &x, 1, TRUE); + ck_assert_int_eq(len, 1); + ck_assert_int_eq(x, 'x'); + } + for (i = 0; i < countof(streams); i++) + { + streams[i]->destroy(streams[i]); + } + service->destroy(service); +} +END_TEST + +Suite *stream_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("stream"); + + tc = tcase_create("sync"); + tcase_add_loop_test(tc, test_sync, 0, countof(services)); + suite_add_tcase(s, tc); + + tc = tcase_create("async"); + tcase_add_loop_test(tc, test_async, 0, countof(services)); + suite_add_tcase(s, tc); + + tc = tcase_create("all"); + tcase_add_loop_test(tc, test_all, 0, countof(services)); + suite_add_tcase(s, tc); + + tc = tcase_create("concurrency"); + tcase_add_loop_test(tc, test_concurrency, 0, countof(services)); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/tests/suites/test_test_rng.c b/src/libstrongswan/tests/suites/test_test_rng.c new file mode 100644 index 000000000..9a983b677 --- /dev/null +++ b/src/libstrongswan/tests/suites/test_test_rng.c @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <tests/utils/test_rng.h> +#include <utils/test.h> + +START_TEST(test_test_rng) +{ + rng_t *entropy; + chunk_t in, in1, in2, out; + + in1 = chunk_from_chars(0x01, 0x02, 0x03, 0x04, 0x05, 0x06); + in2 = chunk_from_chars(0x07, 0x08); + in = chunk_cat("cc", in1, in2); + + entropy = test_rng_create(in); + ck_assert(entropy->allocate_bytes(entropy, 6, &out)); + ck_assert(chunk_equals(in1, out)); + ck_assert(entropy->get_bytes(entropy, 2, out.ptr)); + ck_assert(memeq(in2.ptr, out.ptr, in2.len)); + ck_assert(!entropy->get_bytes(entropy, 4, out.ptr)); + chunk_free(&out); + ck_assert(!entropy->allocate_bytes(entropy, 4, &out)); + entropy->destroy(entropy); + chunk_free(&in); +} +END_TEST + + +Suite *test_rng_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("test_rng"); + + tc = tcase_create("test_rng"); + tcase_add_test(tc, test_test_rng); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/tests/suites/test_threading.c b/src/libstrongswan/tests/suites/test_threading.c new file mode 100644 index 000000000..844959e46 --- /dev/null +++ b/src/libstrongswan/tests/suites/test_threading.c @@ -0,0 +1,1466 @@ +/* + * Copyright (C) 2013 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <sched.h> +#include <unistd.h> + +#include <threading/thread.h> +#include <threading/mutex.h> +#include <threading/condvar.h> +#include <threading/rwlock.h> +#include <threading/rwlock_condvar.h> +#include <threading/spinlock.h> +#include <threading/semaphore.h> +#include <threading/thread_value.h> + +/******************************************************************************* + * recursive mutex test + */ + +#define THREADS 20 + +/** + * Thread barrier data + */ +typedef struct { + mutex_t *mutex; + condvar_t *cond; + int count; + int current; + bool active; +} barrier_t; + +/** + * Create a thread barrier for count threads + */ +static barrier_t* barrier_create(int count) +{ + barrier_t *this; + + INIT(this, + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .cond = condvar_create(CONDVAR_TYPE_DEFAULT), + .count = count, + ); + + return this; +} + +/** + * Destroy a thread barrier + */ +static void barrier_destroy(barrier_t *this) +{ + this->mutex->destroy(this->mutex); + this->cond->destroy(this->cond); + free(this); +} + +/** + * Wait to have configured number of threads in barrier + */ +static bool barrier_wait(barrier_t *this) +{ + bool winner = FALSE; + + this->mutex->lock(this->mutex); + if (!this->active) + { /* first, reset */ + this->active = TRUE; + this->current = 0; + } + + this->current++; + while (this->current < this->count) + { + this->cond->wait(this->cond, this->mutex); + } + if (this->active) + { /* first, win */ + winner = TRUE; + this->active = FALSE; + } + this->mutex->unlock(this->mutex); + this->cond->broadcast(this->cond); + sched_yield(); + + return winner; +} + +/** + * Barrier for some tests + */ +static barrier_t *barrier; + +/** + * A mutex for tests requiring one + */ +static mutex_t *mutex; + +/** + * A condvar for tests requiring one + */ +static condvar_t *condvar; + +/** + * A counter for signaling + */ +static int sigcount; + +static void *mutex_run(void *data) +{ + int locked = 0; + int i; + + /* wait for all threads before getting in action */ + barrier_wait(barrier); + + for (i = 0; i < 100; i++) + { + mutex->lock(mutex); + mutex->lock(mutex); + mutex->lock(mutex); + locked++; + sched_yield(); + if (locked > 1) + { + fail("two threads locked the mutex concurrently"); + } + locked--; + mutex->unlock(mutex); + mutex->unlock(mutex); + mutex->unlock(mutex); + } + return NULL; +} + +START_TEST(test_mutex) +{ + thread_t *threads[THREADS]; + int i; + + barrier = barrier_create(THREADS); + mutex = mutex_create(MUTEX_TYPE_RECURSIVE); + + for (i = 0; i < 10; i++) + { + mutex->lock(mutex); + mutex->unlock(mutex); + } + for (i = 0; i < 10; i++) + { + mutex->lock(mutex); + } + for (i = 0; i < 10; i++) + { + mutex->unlock(mutex); + } + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(mutex_run, NULL); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + } + + mutex->destroy(mutex); + barrier_destroy(barrier); +} +END_TEST + +/** + * Spinlock for testing + */ +static spinlock_t *spinlock; + +static void *spinlock_run(void *data) +{ + int i, *locked = (int*)data; + + barrier_wait(barrier); + + for (i = 0; i < 1000; i++) + { + spinlock->lock(spinlock); + (*locked)++; + ck_assert_int_eq(*locked, 1); + (*locked)--; + spinlock->unlock(spinlock); + } + return NULL; +} + +START_TEST(test_spinlock) +{ + thread_t *threads[THREADS]; + int i, locked = 0; + + barrier = barrier_create(THREADS); + spinlock = spinlock_create(); + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(spinlock_run, &locked); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + } + + spinlock->destroy(spinlock); + barrier_destroy(barrier); +} +END_TEST + +static void *condvar_run(void *data) +{ + mutex->lock(mutex); + sigcount++; + condvar->signal(condvar); + mutex->unlock(mutex); + return NULL; +} + +START_TEST(test_condvar) +{ + thread_t *threads[THREADS]; + int i; + + mutex = mutex_create(MUTEX_TYPE_DEFAULT); + condvar = condvar_create(CONDVAR_TYPE_DEFAULT); + sigcount = 0; + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(condvar_run, NULL); + } + + mutex->lock(mutex); + while (sigcount < THREADS) + { + condvar->wait(condvar, mutex); + } + mutex->unlock(mutex); + + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + } + + mutex->destroy(mutex); + condvar->destroy(condvar); +} +END_TEST + +static void *condvar_recursive_run(void *data) +{ + mutex->lock(mutex); + mutex->lock(mutex); + mutex->lock(mutex); + sigcount++; + condvar->signal(condvar); + mutex->unlock(mutex); + mutex->unlock(mutex); + mutex->unlock(mutex); + return NULL; +} + +START_TEST(test_condvar_recursive) +{ + thread_t *threads[THREADS]; + int i; + + mutex = mutex_create(MUTEX_TYPE_RECURSIVE); + condvar = condvar_create(CONDVAR_TYPE_DEFAULT); + sigcount = 0; + + mutex->lock(mutex); + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(condvar_recursive_run, NULL); + } + + mutex->lock(mutex); + mutex->lock(mutex); + while (sigcount < THREADS) + { + condvar->wait(condvar, mutex); + } + mutex->unlock(mutex); + mutex->unlock(mutex); + mutex->unlock(mutex); + + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + } + + mutex->destroy(mutex); + condvar->destroy(condvar); +} +END_TEST + +static void *condvar_run_broad(void *data) +{ + mutex->lock(mutex); + while (sigcount < 0) + { + condvar->wait(condvar, mutex); + } + mutex->unlock(mutex); + return NULL; +} + +START_TEST(test_condvar_broad) +{ + thread_t *threads[THREADS]; + int i; + + mutex = mutex_create(MUTEX_TYPE_DEFAULT); + condvar = condvar_create(CONDVAR_TYPE_DEFAULT); + sigcount = 0; + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(condvar_run_broad, NULL); + } + + sched_yield(); + + mutex->lock(mutex); + sigcount = 1; + condvar->broadcast(condvar); + mutex->unlock(mutex); + + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + } + + mutex->destroy(mutex); + condvar->destroy(condvar); +} +END_TEST + +START_TEST(test_condvar_timed) +{ + thread_t *thread; + timeval_t start, end, diff = { .tv_usec = 50000 }; + + mutex = mutex_create(MUTEX_TYPE_DEFAULT); + condvar = condvar_create(CONDVAR_TYPE_DEFAULT); + sigcount = 0; + + mutex->lock(mutex); + while (TRUE) + { + time_monotonic(&start); + if (condvar->timed_wait(condvar, mutex, diff.tv_usec / 1000)) + { + break; + } + } + time_monotonic(&end); + mutex->unlock(mutex); + timersub(&end, &start, &end); + ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u", + end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec); + + thread = thread_create(condvar_run, NULL); + + mutex->lock(mutex); + while (sigcount == 0) + { + ck_assert(!condvar->timed_wait(condvar, mutex, 1000)); + } + mutex->unlock(mutex); + + thread->join(thread); + mutex->destroy(mutex); + condvar->destroy(condvar); +} +END_TEST + +START_TEST(test_condvar_timed_abs) +{ + thread_t *thread; + timeval_t start, end, abso, diff = { .tv_usec = 50000 }; + + mutex = mutex_create(MUTEX_TYPE_DEFAULT); + condvar = condvar_create(CONDVAR_TYPE_DEFAULT); + sigcount = 0; + + mutex->lock(mutex); + while (TRUE) + { + time_monotonic(&start); + timeradd(&start, &diff, &abso); + if (condvar->timed_wait_abs(condvar, mutex, abso)) + { + break; + } + } + time_monotonic(&end); + mutex->unlock(mutex); + ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u", + end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec); + + thread = thread_create(condvar_run, NULL); + + time_monotonic(&start); + diff.tv_sec = 1; + timeradd(&start, &diff, &abso); + mutex->lock(mutex); + while (sigcount == 0) + { + ck_assert(!condvar->timed_wait_abs(condvar, mutex, abso)); + } + mutex->unlock(mutex); + + thread->join(thread); + mutex->destroy(mutex); + condvar->destroy(condvar); +} +END_TEST + +static void *condvar_cancel_run(void *data) +{ + thread_cancelability(FALSE); + + mutex->lock(mutex); + + sigcount++; + condvar->broadcast(condvar); + + thread_cleanup_push((void*)mutex->unlock, mutex); + thread_cancelability(TRUE); + while (TRUE) + { + condvar->wait(condvar, mutex); + } + thread_cleanup_pop(TRUE); + + return NULL; +} + +START_TEST(test_condvar_cancel) +{ + thread_t *threads[THREADS]; + int i; + + mutex = mutex_create(MUTEX_TYPE_DEFAULT); + condvar = condvar_create(CONDVAR_TYPE_DEFAULT); + sigcount = 0; + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(condvar_cancel_run, NULL); + } + + /* wait for all threads */ + mutex->lock(mutex); + while (sigcount < THREADS) + { + condvar->wait(condvar, mutex); + } + mutex->unlock(mutex); + + for (i = 0; i < THREADS; i++) + { + threads[i]->cancel(threads[i]); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + } + + mutex->destroy(mutex); + condvar->destroy(condvar); +} +END_TEST + +/** + * RWlock for different tests + */ +static rwlock_t *rwlock; + +static void *rwlock_run(refcount_t *refs) +{ + rwlock->read_lock(rwlock); + ref_get(refs); + sched_yield(); + ignore_result(ref_put(refs)); + rwlock->unlock(rwlock); + + if (rwlock->try_write_lock(rwlock)) + { + ck_assert_int_eq(*refs, 0); + sched_yield(); + rwlock->unlock(rwlock); + } + + rwlock->write_lock(rwlock); + ck_assert_int_eq(*refs, 0); + sched_yield(); + rwlock->unlock(rwlock); + + rwlock->read_lock(rwlock); + rwlock->read_lock(rwlock); + ref_get(refs); + sched_yield(); + ignore_result(ref_put(refs)); + rwlock->unlock(rwlock); + rwlock->unlock(rwlock); + + return NULL; +} + +START_TEST(test_rwlock) +{ + thread_t *threads[THREADS]; + refcount_t refs = 0; + int i; + + rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT); + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create((void*)rwlock_run, &refs); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + } + + rwlock->destroy(rwlock); +} +END_TEST + +/** + * Rwlock condvar + */ +static rwlock_condvar_t *rwcond; + +static void *rwlock_condvar_run(void *data) +{ + rwlock->write_lock(rwlock); + sigcount++; + rwcond->signal(rwcond); + rwlock->unlock(rwlock); + return NULL; +} + +START_TEST(test_rwlock_condvar) +{ + thread_t *threads[THREADS]; + int i; + + rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT); + rwcond = rwlock_condvar_create(); + sigcount = 0; + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(rwlock_condvar_run, NULL); + } + + rwlock->write_lock(rwlock); + while (sigcount < THREADS) + { + rwcond->wait(rwcond, rwlock); + } + rwlock->unlock(rwlock); + + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + } + + rwlock->destroy(rwlock); + rwcond->destroy(rwcond); +} +END_TEST + +static void *rwlock_condvar_run_broad(void *data) +{ + rwlock->write_lock(rwlock); + while (sigcount < 0) + { + rwcond->wait(rwcond, rwlock); + } + rwlock->unlock(rwlock); + return NULL; +} + +START_TEST(test_rwlock_condvar_broad) +{ + thread_t *threads[THREADS]; + int i; + + rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT); + rwcond = rwlock_condvar_create(); + sigcount = 0; + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(rwlock_condvar_run_broad, NULL); + } + + sched_yield(); + + rwlock->write_lock(rwlock); + sigcount = 1; + rwcond->broadcast(rwcond); + rwlock->unlock(rwlock); + + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + } + + rwlock->destroy(rwlock); + rwcond->destroy(rwcond); +} +END_TEST + +START_TEST(test_rwlock_condvar_timed) +{ + thread_t *thread; + timeval_t start, end, diff = { .tv_usec = 50000 }; + + rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT); + rwcond = rwlock_condvar_create(); + sigcount = 0; + + rwlock->write_lock(rwlock); + while (TRUE) + { + time_monotonic(&start); + if (rwcond->timed_wait(rwcond, rwlock, diff.tv_usec / 1000)) + { + break; + } + } + rwlock->unlock(rwlock); + time_monotonic(&end); + timersub(&end, &start, &end); + ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u", + end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec); + + thread = thread_create(rwlock_condvar_run, NULL); + + rwlock->write_lock(rwlock); + while (sigcount == 0) + { + ck_assert(!rwcond->timed_wait(rwcond, rwlock, 1000)); + } + rwlock->unlock(rwlock); + + thread->join(thread); + rwlock->destroy(rwlock); + rwcond->destroy(rwcond); +} +END_TEST + +START_TEST(test_rwlock_condvar_timed_abs) +{ + thread_t *thread; + timeval_t start, end, abso, diff = { .tv_usec = 50000 }; + + rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT); + rwcond = rwlock_condvar_create(); + sigcount = 0; + + rwlock->write_lock(rwlock); + while (TRUE) + { + time_monotonic(&start); + timeradd(&start, &diff, &abso); + if (rwcond->timed_wait_abs(rwcond, rwlock, abso)) + { + break; + } + } + rwlock->unlock(rwlock); + time_monotonic(&end); + ck_assert_msg(timercmp(&end, &abso, >), "end: %u.%u, abso: %u.%u", + end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec); + + thread = thread_create(rwlock_condvar_run, NULL); + + time_monotonic(&start); + diff.tv_sec = 1; + timeradd(&start, &diff, &abso); + rwlock->write_lock(rwlock); + while (sigcount == 0) + { + ck_assert(!rwcond->timed_wait_abs(rwcond, rwlock, abso)); + } + rwlock->unlock(rwlock); + + thread->join(thread); + rwlock->destroy(rwlock); + rwcond->destroy(rwcond); +} +END_TEST + +static void *rwlock_condvar_cancel_run(void *data) +{ + thread_cancelability(FALSE); + + rwlock->write_lock(rwlock); + + sigcount++; + rwcond->broadcast(rwcond); + + thread_cleanup_push((void*)rwlock->unlock, rwlock); + thread_cancelability(TRUE); + while (TRUE) + { + rwcond->wait(rwcond, rwlock); + } + thread_cleanup_pop(TRUE); + + return NULL; +} + +START_TEST(test_rwlock_condvar_cancel) +{ + thread_t *threads[THREADS]; + int i; + + rwlock = rwlock_create(RWLOCK_TYPE_DEFAULT); + rwcond = rwlock_condvar_create(); + sigcount = 0; + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(rwlock_condvar_cancel_run, NULL); + } + + /* wait for all threads */ + rwlock->write_lock(rwlock); + while (sigcount < THREADS) + { + rwcond->wait(rwcond, rwlock); + } + rwlock->unlock(rwlock); + + for (i = 0; i < THREADS; i++) + { + threads[i]->cancel(threads[i]); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + } + + rwlock->destroy(rwlock); + rwcond->destroy(rwcond); +} +END_TEST + +/** + * Semaphore for different tests + */ +static semaphore_t *semaphore; + +static void *semaphore_run(void *data) +{ + semaphore->post(semaphore); + return NULL; +} + +START_TEST(test_semaphore) +{ + thread_t *threads[THREADS]; + int i, initial = 5; + + semaphore = semaphore_create(initial); + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(semaphore_run, NULL); + } + for (i = 0; i < THREADS + initial; i++) + { + semaphore->wait(semaphore); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + } + + semaphore->destroy(semaphore); +} +END_TEST + +START_TEST(test_semaphore_timed) +{ + thread_t *thread; + timeval_t start, end, diff = { .tv_usec = 50000 }; + + semaphore = semaphore_create(0); + + time_monotonic(&start); + ck_assert(semaphore->timed_wait(semaphore, diff.tv_usec / 1000)); + time_monotonic(&end); + timersub(&end, &start, &end); + ck_assert_msg(timercmp(&end, &diff, >), "end: %u.%u, diff: %u.%u", + end.tv_sec, end.tv_usec, diff.tv_sec, diff.tv_usec); + + thread = thread_create(semaphore_run, NULL); + + ck_assert(!semaphore->timed_wait(semaphore, 1000)); + + thread->join(thread); + semaphore->destroy(semaphore); +} +END_TEST + +START_TEST(test_semaphore_timed_abs) +{ + thread_t *thread; + timeval_t start, end, abso, diff = { .tv_usec = 50000 }; + + semaphore = semaphore_create(0); + + time_monotonic(&start); + timeradd(&start, &diff, &abso); + ck_assert(semaphore->timed_wait_abs(semaphore, abso)); + time_monotonic(&end); + ck_assert_msg(timercmp(&end, &abso, >), "end: %u.%u, abso: %u.%u", + end.tv_sec, end.tv_usec, abso.tv_sec, abso.tv_usec); + + thread = thread_create(semaphore_run, NULL); + + time_monotonic(&start); + diff.tv_sec = 1; + timeradd(&start, &diff, &abso); + ck_assert(!semaphore->timed_wait_abs(semaphore, abso)); + + thread->join(thread); + semaphore->destroy(semaphore); +} +END_TEST + +static void *semaphore_cancel_run(void *data) +{ + refcount_t *ready = (refcount_t*)data; + + thread_cancelability(FALSE); + ref_get(ready); + + thread_cancelability(TRUE); + semaphore->wait(semaphore); + + ck_assert(FALSE); + return NULL; +} + +START_TEST(test_semaphore_cancel) +{ + thread_t *threads[THREADS]; + refcount_t ready = 0; + int i; + + semaphore = semaphore_create(0); + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(semaphore_cancel_run, &ready); + } + while (ready < THREADS) + { + sched_yield(); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->cancel(threads[i]); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + } + + semaphore->destroy(semaphore); +} +END_TEST + +static void *join_run(void *data) +{ + /* force some context switches */ + sched_yield(); + return (void*)((uintptr_t)data + THREADS); +} + +START_TEST(test_join) +{ + thread_t *threads[THREADS]; + int i; + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(join_run, (void*)(uintptr_t)i); + } + for (i = 0; i < THREADS; i++) + { + ck_assert_int_eq((uintptr_t)threads[i]->join(threads[i]), i + THREADS); + } +} +END_TEST + +static void *exit_join_run(void *data) +{ + sched_yield(); + thread_exit((void*)((uintptr_t)data + THREADS)); + /* not reached */ + ck_assert(FALSE); + return NULL; +} + +START_TEST(test_join_exit) +{ + thread_t *threads[THREADS]; + int i; + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(exit_join_run, (void*)(uintptr_t)i); + } + for (i = 0; i < THREADS; i++) + { + ck_assert_int_eq((uintptr_t)threads[i]->join(threads[i]), i + THREADS); + } +} +END_TEST + +static void *detach_run(void *data) +{ + refcount_t *running = (refcount_t*)data; + + ignore_result(ref_put(running)); + return NULL; +} + +START_TEST(test_detach) +{ + thread_t *threads[THREADS]; + int i; + refcount_t running = 0; + + for (i = 0; i < THREADS; i++) + { + ref_get(&running); + threads[i] = thread_create(detach_run, &running); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->detach(threads[i]); + } + while (running > 0) + { + sched_yield(); + } + /* no checks done here, but we check that thread state gets cleaned + * up with leak detective. */ +} +END_TEST + +static void *detach_exit_run(void *data) +{ + refcount_t *running = (refcount_t*)data; + + ignore_result(ref_put(running)); + thread_exit(NULL); + /* not reached */ + ck_assert(FALSE); + return NULL; +} + +START_TEST(test_detach_exit) +{ + thread_t *threads[THREADS]; + int i; + refcount_t running = 0; + + for (i = 0; i < THREADS; i++) + { + ref_get(&running); + threads[i] = thread_create(detach_exit_run, &running); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->detach(threads[i]); + } + while (running > 0) + { + sched_yield(); + } + /* no checks done here, but we check that thread state gets cleaned + * up with leak detective. */ +} +END_TEST + +static void *cancel_run(void *data) +{ + /* default cancellability should be TRUE, so don't change it */ + while (TRUE) + { + sleep(10); + } + return NULL; +} + +START_TEST(test_cancel) +{ + thread_t *threads[THREADS]; + int i; + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(cancel_run, NULL); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->cancel(threads[i]); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + } +} +END_TEST + +static void *cancel_onoff_run(void *data) +{ + bool *cancellable = (bool*)data; + + thread_cancelability(FALSE); + *cancellable = FALSE; + + /* we should not get cancelled here */ + usleep(50000); + + *cancellable = TRUE; + thread_cancelability(TRUE); + + /* but here */ + while (TRUE) + { + sleep(10); + } + return NULL; +} + +START_TEST(test_cancel_onoff) +{ + thread_t *threads[THREADS]; + bool cancellable[THREADS]; + int i; + + for (i = 0; i < THREADS; i++) + { + cancellable[i] = TRUE; + threads[i] = thread_create(cancel_onoff_run, &cancellable[i]); + } + for (i = 0; i < THREADS; i++) + { + /* wait until thread has cleared its cancellability */ + while (cancellable[i]) + { + sched_yield(); + } + threads[i]->cancel(threads[i]); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + ck_assert(cancellable[i]); + } +} +END_TEST + +static void *cancel_point_run(void *data) +{ + thread_cancelability(FALSE); + while (TRUE) + { + /* implicitly enables cancellability */ + thread_cancellation_point(); + } + return NULL; +} + +START_TEST(test_cancel_point) +{ + thread_t *threads[THREADS]; + int i; + + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(cancel_point_run, NULL); + } + sched_yield(); + for (i = 0; i < THREADS; i++) + { + threads[i]->cancel(threads[i]); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + } +} +END_TEST + +static void cleanup1(void *data) +{ + uintptr_t *value = (uintptr_t*)data; + + ck_assert_int_eq(*value, 1); + (*value)++; +} + +static void cleanup2(void *data) +{ + uintptr_t *value = (uintptr_t*)data; + + ck_assert_int_eq(*value, 2); + (*value)++; +} + +static void cleanup3(void *data) +{ + uintptr_t *value = (uintptr_t*)data; + + ck_assert_int_eq(*value, 3); + (*value)++; +} + +static void *cleanup_run(void *data) +{ + thread_cleanup_push(cleanup3, data); + thread_cleanup_push(cleanup2, data); + thread_cleanup_push(cleanup1, data); + return NULL; +} + +START_TEST(test_cleanup) +{ + thread_t *threads[THREADS]; + uintptr_t values[THREADS]; + int i; + + for (i = 0; i < THREADS; i++) + { + values[i] = 1; + threads[i] = thread_create(cleanup_run, &values[i]); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + ck_assert_int_eq(values[i], 4); + } +} +END_TEST + +static void *cleanup_exit_run(void *data) +{ + thread_cleanup_push(cleanup3, data); + thread_cleanup_push(cleanup2, data); + thread_cleanup_push(cleanup1, data); + thread_exit(NULL); + ck_assert(FALSE); + return NULL; +} + +START_TEST(test_cleanup_exit) +{ + thread_t *threads[THREADS]; + uintptr_t values[THREADS]; + int i; + + for (i = 0; i < THREADS; i++) + { + values[i] = 1; + threads[i] = thread_create(cleanup_exit_run, &values[i]); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + ck_assert_int_eq(values[i], 4); + } +} +END_TEST + +static void *cleanup_cancel_run(void *data) +{ + thread_cancelability(FALSE); + + thread_cleanup_push(cleanup3, data); + thread_cleanup_push(cleanup2, data); + thread_cleanup_push(cleanup1, data); + + thread_cancelability(TRUE); + + while (TRUE) + { + sleep(1); + } + return NULL; +} + +START_TEST(test_cleanup_cancel) +{ + thread_t *threads[THREADS]; + uintptr_t values[THREADS]; + int i; + + for (i = 0; i < THREADS; i++) + { + values[i] = 1; + threads[i] = thread_create(cleanup_cancel_run, &values[i]); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->cancel(threads[i]); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + ck_assert_int_eq(values[i], 4); + } +} +END_TEST + +static void *cleanup_pop_run(void *data) +{ + thread_cleanup_push(cleanup3, data); + thread_cleanup_push(cleanup2, data); + thread_cleanup_push(cleanup1, data); + + thread_cleanup_push(cleanup2, data); + thread_cleanup_pop(FALSE); + + thread_cleanup_pop(TRUE); + return NULL; +} + +START_TEST(test_cleanup_pop) +{ + thread_t *threads[THREADS]; + uintptr_t values[THREADS]; + int i; + + for (i = 0; i < THREADS; i++) + { + values[i] = 1; + threads[i] = thread_create(cleanup_pop_run, &values[i]); + } + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + ck_assert_int_eq(values[i], 4); + } +} +END_TEST + +static thread_value_t *tls[10]; + +static void *tls_run(void *data) +{ + uintptr_t value = (uintptr_t)data; + int i, j; + + for (i = 0; i < countof(tls); i++) + { + ck_assert(tls[i]->get(tls[i]) == NULL); + } + for (i = 0; i < countof(tls); i++) + { + tls[i]->set(tls[i], (void*)(value * i)); + } + for (j = 0; j < 1000; j++) + { + for (i = 0; i < countof(tls); i++) + { + tls[i]->set(tls[i], (void*)(value * i)); + ck_assert(tls[i]->get(tls[i]) == (void*)(value * i)); + } + sched_yield(); + } + for (i = 0; i < countof(tls); i++) + { + ck_assert(tls[i]->get(tls[i]) == (void*)(value * i)); + } + return (void*)(value + 1); +} + +START_TEST(test_tls) +{ + thread_t *threads[THREADS]; + int i; + + for (i = 0; i < countof(tls); i++) + { + tls[i] = thread_value_create(NULL); + } + for (i = 0; i < THREADS; i++) + { + threads[i] = thread_create(tls_run, (void*)(uintptr_t)i); + } + + ck_assert_int_eq((uintptr_t)tls_run((void*)(uintptr_t)(THREADS + 1)), + THREADS + 2); + + for (i = 0; i < THREADS; i++) + { + ck_assert_int_eq((uintptr_t)threads[i]->join(threads[i]), i + 1); + } + for (i = 0; i < countof(tls); i++) + { + tls[i]->destroy(tls[i]); + } +} +END_TEST + +static void tls_cleanup(void *data) +{ + uintptr_t *value = (uintptr_t*)data; + + (*value)--; +} + +static void *tls_cleanup_run(void *data) +{ + int i; + + for (i = 0; i < countof(tls); i++) + { + tls[i]->set(tls[i], data); + } + return NULL; +} + +START_TEST(test_tls_cleanup) +{ + thread_t *threads[THREADS]; + uintptr_t values[THREADS], main_value = countof(tls); + int i; + + for (i = 0; i < countof(tls); i++) + { + tls[i] = thread_value_create(tls_cleanup); + } + for (i = 0; i < THREADS; i++) + { + values[i] = countof(tls); + threads[i] = thread_create(tls_cleanup_run, &values[i]); + } + + tls_cleanup_run(&main_value); + + for (i = 0; i < THREADS; i++) + { + threads[i]->join(threads[i]); + ck_assert_int_eq(values[i], 0); + } + for (i = 0; i < countof(tls); i++) + { + tls[i]->destroy(tls[i]); + } + ck_assert_int_eq(main_value, 0); +} +END_TEST + +Suite *threading_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("threading"); + + tc = tcase_create("recursive mutex"); + tcase_add_test(tc, test_mutex); + suite_add_tcase(s, tc); + + tc = tcase_create("spinlock"); + tcase_add_test(tc, test_spinlock); + suite_add_tcase(s, tc); + + tc = tcase_create("condvar"); + tcase_add_test(tc, test_condvar); + tcase_add_test(tc, test_condvar_recursive); + tcase_add_test(tc, test_condvar_broad); + tcase_add_test(tc, test_condvar_timed); + tcase_add_test(tc, test_condvar_timed_abs); + tcase_add_test(tc, test_condvar_cancel); + suite_add_tcase(s, tc); + + tc = tcase_create("rwlock"); + tcase_add_test(tc, test_rwlock); + suite_add_tcase(s, tc); + + tc = tcase_create("rwlock condvar"); + tcase_add_test(tc, test_rwlock_condvar); + tcase_add_test(tc, test_rwlock_condvar_broad); + tcase_add_test(tc, test_rwlock_condvar_timed); + tcase_add_test(tc, test_rwlock_condvar_timed_abs); + tcase_add_test(tc, test_rwlock_condvar_cancel); + suite_add_tcase(s, tc); + + tc = tcase_create("semaphore"); + tcase_add_test(tc, test_semaphore); + tcase_add_test(tc, test_semaphore_timed); + tcase_add_test(tc, test_semaphore_timed_abs); + tcase_add_test(tc, test_semaphore_cancel); + suite_add_tcase(s, tc); + + tc = tcase_create("thread joining"); + tcase_add_test(tc, test_join); + tcase_add_test(tc, test_join_exit); + suite_add_tcase(s, tc); + + tc = tcase_create("thread detaching"); + tcase_add_test(tc, test_detach); + tcase_add_test(tc, test_detach_exit); + suite_add_tcase(s, tc); + + tc = tcase_create("thread cancellation"); + tcase_add_test(tc, test_cancel); + tcase_add_test(tc, test_cancel_onoff); + tcase_add_test(tc, test_cancel_point); + suite_add_tcase(s, tc); + + tc = tcase_create("thread cleanup"); + tcase_add_test(tc, test_cleanup); + tcase_add_test(tc, test_cleanup_exit); + tcase_add_test(tc, test_cleanup_cancel); + tcase_add_test(tc, test_cleanup_pop); + suite_add_tcase(s, tc); + + tc = tcase_create("thread local storage"); + tcase_add_test(tc, test_tls); + tcase_add_test(tc, test_tls_cleanup); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/tests/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 3ca0412b4..0260726b2 100644 --- a/src/libstrongswan/tests/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -346,6 +346,46 @@ START_TEST(test_memstr) END_TEST /******************************************************************************* + * utils_memrchr + */ + +static struct { + char *s; + int c; + size_t n; + int offset; +} memrchr_data[] = { + {NULL, 'f', 0, -1}, + {NULL, 'f', 3, -1}, + {"", 'f', 0, -1}, + {"", '\0', 1, 0}, + {"foo", '\0', 3, -1}, + {"foo", '\0', 4, 3}, + {"foo", 'f', 3, 0}, + {"foo", 'o', 3, 2}, + {"foo", 'o', 2, 1}, + {"foo", 'o', 1, -1}, + {"foo", 'o', 0, -1}, + {"foo", 'x', 3, -1}, +}; + +START_TEST(test_utils_memrchr) +{ + void *ret; + + ret = utils_memrchr(memrchr_data[_i].s, memrchr_data[_i].c, memrchr_data[_i].n); + if (memrchr_data[_i].offset >= 0) + { + ck_assert(ret == memrchr_data[_i].s + memrchr_data[_i].offset); + } + else + { + ck_assert(ret == NULL); + } +} +END_TEST + +/******************************************************************************* * translate */ @@ -385,6 +425,140 @@ START_TEST(test_translate) END_TEST /******************************************************************************* + * strreplace + */ + +static struct { + char *in; + char *out; + char *search; + char *replace; + bool allocated; +} strreplace_data[] = { + /* invalid arguments */ + {NULL, NULL, NULL, NULL, FALSE}, + {"", "", NULL, NULL, FALSE}, + {"", "", "", NULL, FALSE}, + {"", "", NULL, "", FALSE}, + {"", "", "", "", FALSE}, + {"", "", "", "asdf", FALSE}, + {"", "", "asdf", "", FALSE}, + {"asdf", "asdf", NULL, NULL, FALSE}, + {"asdf", "asdf", "", NULL, FALSE}, + {"asdf", "asdf", NULL, "", FALSE}, + {"asdf", "asdf", "", "", FALSE}, + {"asdf", "asdf", "", "asdf", FALSE}, + {"asdf", "asdf", "asdf", NULL, FALSE}, + {"qwer", "qwer", "", "asdf", FALSE}, + /* replacement shorter */ + {"asdf", "", "asdf", "", TRUE}, + {"asdfasdf", "", "asdf", "", TRUE}, + {"asasdfdf", "asdf", "asdf", "", TRUE}, + {"asdf", "df", "as", "", TRUE}, + {"asdf", "as", "df", "", TRUE}, + {"qwer", "qwer", "asdf", "", FALSE}, + /* replacement same length */ + {"a", "b", "a", "b", TRUE}, + {"aaa", "bbb", "a", "b", TRUE}, + {"aaa", "bbb", "aaa", "bbb", TRUE}, + {"asdf", "asdf", "asdf", "asdf", TRUE}, + {"qwer", "qwer", "asdf", "asdf", FALSE}, + /* replacement longer */ + {"asdf", "asdf", "", "asdf", FALSE}, + {"asdf", "asdfasdf", "asdf", "asdfasdf", TRUE}, + {"asdf", "asdfsdf", "a", "asdf", TRUE}, + {"asdf", "asdasdf", "f", "asdf", TRUE}, + {"aaa", "asdfasdfasdf", "a", "asdf", TRUE}, + {"qwer", "qwer", "asdf", "asdfasdf", FALSE}, + /* real examples */ + {"http://x.org/no/spaces", "http://x.org/no/spaces", " ", "%20", FALSE}, + {"http://x.org/end ", "http://x.org/end%20", " ", "%20", TRUE}, + {" http://x.org/start", "%20http://x.org/start", " ", "%20", TRUE}, + {" http://x.org/both ", "%20http://x.org/both%20", " ", "%20", TRUE}, + {"http://x.org/ /slash", "http://x.org/%20/slash", " ", "%20", TRUE}, + {"http://x.org/ /three", "http://x.org/%20%20%20/three", " ", "%20", TRUE}, + {"http://x.org/ ", "http://x.org/%20%20%20%20%20%20", " ", "%20", TRUE}, + {"http://x.org/%20/encoded", "http://x.org/%20/encoded", " ", "%20", FALSE}, +}; + +START_TEST(test_strreplace) +{ + char *ret; + + ret = strreplace(strreplace_data[_i].in, strreplace_data[_i].search, + strreplace_data[_i].replace); + if (ret && strreplace_data[_i].out) + { + ck_assert_str_eq(ret, strreplace_data[_i].out); + } + else + { + ck_assert(ret == strreplace_data[_i].out); + } + if (strreplace_data[_i].allocated) + { + ck_assert(ret != strreplace_data[_i].in); + free(ret); + } + else + { + ck_assert(ret == strreplace_data[_i].in); + } +} +END_TEST + +/******************************************************************************* + * path_dirname/basename + */ + +static struct { + char *path; + char *dir; + char *base; +} path_data[] = { + {NULL, ".", "."}, + {"", ".", "."}, + {".", ".", "."}, + {"..", ".", ".."}, + {"/", "/", "/"}, + {"//", "/", "/"}, + {"foo", ".", "foo"}, + {"f/", ".", "f"}, + {"foo/", ".", "foo"}, + {"foo//", ".", "foo"}, + {"/f", "/", "f"}, + {"/f/", "/", "f"}, + {"/foo", "/", "foo"}, + {"/foo/", "/", "foo"}, + {"//foo/", "/", "foo"}, + {"foo/bar", "foo", "bar"}, + {"foo//bar", "foo", "bar"}, + {"/foo/bar", "/foo", "bar"}, + {"/foo/bar/", "/foo", "bar"}, + {"/foo/bar/baz", "/foo/bar", "baz"}, +}; + +START_TEST(test_path_dirname) +{ + char *dir; + + dir = path_dirname(path_data[_i].path); + ck_assert_str_eq(path_data[_i].dir, dir); + free(dir); +} +END_TEST + +START_TEST(test_path_basename) +{ + char *base; + + base = path_basename(path_data[_i].path); + ck_assert_str_eq(path_data[_i].base, base); + free(base); +} +END_TEST + +/******************************************************************************* * time_printf_hook */ @@ -539,10 +713,23 @@ Suite *utils_suite_create() tcase_add_loop_test(tc, test_memstr, 0, countof(memstr_data)); suite_add_tcase(s, tc); + tc = tcase_create("utils_memrchr"); + tcase_add_loop_test(tc, test_utils_memrchr, 0, countof(memrchr_data)); + suite_add_tcase(s, tc); + tc = tcase_create("translate"); tcase_add_loop_test(tc, test_translate, 0, countof(translate_data)); suite_add_tcase(s, tc); + tc = tcase_create("strreplace"); + tcase_add_loop_test(tc, test_strreplace, 0, countof(strreplace_data)); + suite_add_tcase(s, tc); + + tc = tcase_create("path_dirname/basename"); + tcase_add_loop_test(tc, test_path_dirname, 0, countof(path_data)); + tcase_add_loop_test(tc, test_path_basename, 0, countof(path_data)); + suite_add_tcase(s, tc); + tc = tcase_create("printf_hooks"); tcase_add_loop_test(tc, test_time_printf_hook, 0, countof(time_data)); tcase_add_loop_test(tc, test_time_delta_printf_hook, 0, countof(time_delta_data)); diff --git a/src/libstrongswan/tests/test_vectors.c b/src/libstrongswan/tests/suites/test_vectors.c index f2817d314..242ac9d09 100644 --- a/src/libstrongswan/tests/test_vectors.c +++ b/src/libstrongswan/tests/suites/test_vectors.c @@ -21,7 +21,8 @@ START_TEST(test_vectors) { - fail_if(lib->crypto->get_test_vector_failures(lib->crypto)); + u_int failed = lib->crypto->get_test_vector_failures(lib->crypto); + fail_if(failed > 0, "%u test vectors failed", failed); } END_TEST diff --git a/src/libstrongswan/tests/suites/test_watcher.c b/src/libstrongswan/tests/suites/test_watcher.c new file mode 100644 index 000000000..9415bead9 --- /dev/null +++ b/src/libstrongswan/tests/suites/test_watcher.c @@ -0,0 +1,214 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <library.h> + +#include <sched.h> +#include <unistd.h> +#include <errno.h> + +static char testbuf[1] = ""; + +static bool readcb(void *data, int fd, watcher_event_t event) +{ + ck_assert_int_eq(*(int*)data, fd); + ck_assert_int_eq(event, WATCHER_READ); + + if (recv(fd, testbuf, 1, MSG_DONTWAIT) != 1) + { + ck_assert(errno == EAGAIN || errno == EWOULDBLOCK); + } + return TRUE; +} + +START_TEST(test_read) +{ + int fd[2]; + char c; + + lib->processor->set_threads(lib->processor, 8); + + ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, fd) != -1); + + lib->watcher->add(lib->watcher, fd[0], WATCHER_READ, readcb, &fd[0]); + + for (c = 'a'; c <= 'z'; c++) + { + ck_assert_int_eq(write(fd[1], &c, 1), 1); + while (testbuf[0] != c) + { + sched_yield(); + } + } + + lib->watcher->remove(lib->watcher, fd[0]); + close(fd[0]); + close(fd[1]); + + lib->processor->cancel(lib->processor); +} +END_TEST + +static bool writecb(void *data, int fd, watcher_event_t event) +{ + ck_assert_int_eq(event, WATCHER_WRITE); + if (send(fd, data, 1, MSG_DONTWAIT) != 1) + { + ck_assert(errno == EAGAIN || errno == EWOULDBLOCK); + } + return TRUE; +} + +START_TEST(test_write) +{ + int fd[2]; + char in = 'x', out; + + lib->processor->set_threads(lib->processor, 8); + + ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, fd) != -1); + + lib->watcher->add(lib->watcher, fd[1], WATCHER_WRITE, writecb, &in); + + ck_assert_int_eq(read(fd[0], &out, 1), 1); + ck_assert_int_eq(out, in); + + lib->watcher->remove(lib->watcher, fd[1]); + close(fd[1]); + close(fd[0]); + + lib->processor->cancel(lib->processor); +} +END_TEST + +static bool multiread(void *data, int fd, watcher_event_t event) +{ + ck_assert_int_eq(event, WATCHER_READ); + if (recv(fd, data, 1, MSG_DONTWAIT) != 1) + { + ck_assert(errno == EAGAIN || errno == EWOULDBLOCK); + } + return TRUE; +} + +START_TEST(test_multiread) +{ + int fd[10][2], i; + char in, out[countof(fd)]; + + lib->processor->set_threads(lib->processor, 8); + + for (i = 0; i < countof(fd); i++) + { + ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, fd[i]) != -1); + lib->watcher->add(lib->watcher, fd[i][0], + WATCHER_READ, multiread, &out[i]); + } + + for (i = 0; i < countof(fd); i++) + { + for (in = 'a'; in <= 'z'; in++) + { + ck_assert_int_eq(write(fd[i][1], &in, 1), 1); + while (out[i] != in) + { + sched_yield(); + } + } + } + + for (i = 0; i < countof(fd); i++) + { + lib->watcher->remove(lib->watcher, fd[i][0]); + close(fd[i][1]); + close(fd[i][0]); + } + + lib->processor->cancel(lib->processor); +} +END_TEST + +static bool multiwrite(void *data, int fd, watcher_event_t event) +{ + ck_assert_int_eq(event, WATCHER_WRITE); + if (send(fd, data, 1, MSG_DONTWAIT) != 1) + { + ck_assert(errno == EAGAIN || errno == EWOULDBLOCK); + } + return TRUE; +} + +START_TEST(test_multiwrite) +{ + int fd[10][2], i, j; + u_char out, in[countof(fd)]; + + lib->processor->set_threads(lib->processor, 8); + + for (i = 0; i < countof(fd); i++) + { + ck_assert(socketpair(AF_UNIX, SOCK_STREAM, 0, fd[i]) != -1); + in[i] = i; + lib->watcher->add(lib->watcher, fd[i][1], + WATCHER_WRITE, multiwrite, &in[i]); + } + + for (j = 0; j < 10; j++) + { + for (i = 0; i < countof(fd); i++) + { + ck_assert_int_eq(read(fd[i][0], &out, 1), 1); + ck_assert_int_eq(out, i); + } + } + + for (i = 0; i < countof(fd); i++) + { + lib->watcher->remove(lib->watcher, fd[i][1]); + close(fd[i][1]); + close(fd[i][0]); + } + + lib->processor->cancel(lib->processor); +} +END_TEST + +Suite *watcher_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("watcher"); + + tc = tcase_create("read"); + tcase_add_test(tc, test_read); + suite_add_tcase(s, tc); + + tc = tcase_create("write"); + tcase_add_test(tc, test_write); + suite_add_tcase(s, tc); + + tc = tcase_create("multiread"); + tcase_add_test(tc, test_multiread); + suite_add_tcase(s, tc); + + tc = tcase_create("multiwrite"); + tcase_add_test(tc, test_multiwrite); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c index f85858504..0b26ee128 100644 --- a/src/libstrongswan/tests/test_runner.c +++ b/src/libstrongswan/tests/test_runner.c @@ -1,6 +1,8 @@ /* * Copyright (C) 2013 Tobias Brunner * Hochschule fuer Technik Rapperswil + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -13,48 +15,170 @@ * for more details. */ -#include <unistd.h> - #include "test_runner.h" #include <library.h> #include <plugins/plugin_feature.h> +#include <collections/array.h> +#include <utils/test.h> #include <dirent.h> +#include <unistd.h> +#include <limits.h> + +/** + * Get a tty color escape character for stderr + */ +#define TTY(color) tty_escape_get(2, TTY_FG_##color) /** - * Load plugins from builddir + * Initialize the lookup table for testable functions (defined in libstrongswan) */ -static bool load_plugins() +static void testable_functions_create() __attribute__ ((constructor(1000))); +static void testable_functions_create() { - enumerator_t *enumerator; - char *name, path[PATH_MAX], dir[64]; + testable_functions = hashtable_create(hashtable_hash_str, + hashtable_equals_str, 8); +} + +/** + * Destroy the lookup table for testable functions + */ +static void testable_functions_destroy() __attribute__ ((destructor(1000))); +static void testable_functions_destroy() +{ + testable_functions->destroy(testable_functions); + /* if leak detective is enabled plugins are not actually unloaded, which + * means their destructor is called AFTER this one when the process + * terminates, even though the priority says differently, make sure this + * does not crash */ + testable_functions = NULL; +} + +/** + * Load all available test suites + */ +static array_t *load_suites(test_configuration_t configs[], + test_runner_init_t init) +{ + array_t *suites; + bool old = FALSE; + int i; - enumerator = enumerator_create_token(PLUGINS, " ", ""); - while (enumerator->enumerate(enumerator, &name)) + library_init(NULL, "test-runner"); + + test_setup_handler(); + + if (init && !init(TRUE)) { - snprintf(dir, sizeof(dir), "%s", name); - translate(dir, "-", "_"); - snprintf(path, sizeof(path), "%s/%s/.libs", PLUGINDIR, dir); - lib->plugins->add_path(lib->plugins, path); + library_deinit(); + return NULL; } - enumerator->destroy(enumerator); + lib->plugins->status(lib->plugins, LEVEL_CTRL); - return lib->plugins->load(lib->plugins, PLUGINS); + if (lib->leak_detective) + { + old = lib->leak_detective->set_state(lib->leak_detective, FALSE); + } + + suites = array_create(0, 0); + + for (i = 0; configs[i].suite; i++) + { + if (configs[i].feature.type == 0 || + lib->plugins->has_feature(lib->plugins, configs[i].feature)) + { + array_insert(suites, -1, configs[i].suite()); + } + } + + if (lib->leak_detective) + { + lib->leak_detective->set_state(lib->leak_detective, old); + } + + if (init) + { + init(FALSE); + } + library_deinit(); + + return suites; } -int main() +/** + * Unload and destroy test suites and associated data + */ +static void unload_suites(array_t *suites) { - SRunner *sr; - int nf; + test_suite_t *suite; + test_case_t *tcase; - /* test cases are forked and there is no cleanup, so disable leak detective. - * if test_suite.h is included leak detective is enabled in test cases */ - setenv("LEAK_DETECTIVE_DISABLE", "1", 1); - /* redirect all output to stderr (to redirect make's stdout to /dev/null) */ - dup2(2, 1); + while (array_remove(suites, 0, &suite)) + { + while (array_remove(suite->tcases, 0, &tcase)) + { + array_destroy(tcase->functions); + array_destroy(tcase->fixtures); + } + free(suite); + } + array_destroy(suites); +} - library_init(NULL); +/** + * Run a single test function, return FALSE on failure + */ +static bool run_test(test_function_t *tfun, int i) +{ + if (test_restore_point()) + { + tfun->cb(i); + return TRUE; + } + return FALSE; +} + +/** + * Invoke fixture setup/teardown + */ +static bool call_fixture(test_case_t *tcase, bool up) +{ + enumerator_t *enumerator; + test_fixture_t *fixture; + bool failure = FALSE; + + enumerator = array_create_enumerator(tcase->fixtures); + while (enumerator->enumerate(enumerator, &fixture)) + { + if (test_restore_point()) + { + if (up) + { + fixture->setup(); + } + else + { + fixture->teardown(); + } + } + else + { + failure = TRUE; + break; + } + } + enumerator->destroy(enumerator); + + return !failure; +} + +/** + * Test initialization, initializes libstrongswan for the next run + */ +static bool pre_test(test_runner_init_t init) +{ + library_init(NULL, "test-runner"); /* use non-blocking RNG to generate keys fast */ lib->settings->set_default_str(lib->settings, @@ -62,45 +186,305 @@ int main() lib->settings->get_str(lib->settings, "libstrongswan.plugins.random.urandom", "/dev/urandom")); - if (!load_plugins()) + if (lib->leak_detective) + { + /* disable leak reports during testing */ + lib->leak_detective->set_report_cb(lib->leak_detective, + NULL, NULL, NULL); + } + if (init && !init(TRUE)) { library_deinit(); - return EXIT_FAILURE; + return FALSE; } - lib->plugins->status(lib->plugins, LEVEL_CTRL); + dbg_default_set_level(LEVEL_SILENT); + return TRUE; +} + +/** + * Failure description + */ +typedef struct { + char *name; + char msg[512 - sizeof(char*) - 2 * sizeof(int)]; + const char *file; + int line; + int i; + backtrace_t *bt; +} failure_t; + +/** + * Data passed to leak report callbacks + */ +typedef struct { + array_t *failures; + char *name; + int i; + int leaks; +} report_data_t; + +/** + * Leak report callback, build failures from leaks + */ +static void report_leaks(report_data_t *data, int count, size_t bytes, + backtrace_t *bt, bool detailed) +{ + failure_t failure = { + .name = data->name, + .i = data->i, + .bt = bt->clone(bt), + }; + + snprintf(failure.msg, sizeof(failure.msg), + "Leak detected: %d allocations using %zu bytes", count, bytes); + + array_insert(data->failures, -1, &failure); +} + +/** + * Leak summary callback, check if any leaks found + */ +static void sum_leaks(report_data_t *data, int count, size_t bytes, + int whitelisted) +{ + data->leaks = count; +} + +/** + * Do library cleanup and optionally check for memory leaks + */ +static bool post_test(test_runner_init_t init, bool check_leaks, + array_t *failures, char *name, int i) +{ + report_data_t data = { + .failures = failures, + .name = name, + .i = i, + }; - sr = srunner_create(NULL); - srunner_add_suite(sr, bio_reader_suite_create()); - srunner_add_suite(sr, bio_writer_suite_create()); - srunner_add_suite(sr, chunk_suite_create()); - srunner_add_suite(sr, enum_suite_create()); - srunner_add_suite(sr, enumerator_suite_create()); - srunner_add_suite(sr, linked_list_suite_create()); - srunner_add_suite(sr, linked_list_enumerator_suite_create()); - srunner_add_suite(sr, hashtable_suite_create()); - srunner_add_suite(sr, array_suite_create()); - srunner_add_suite(sr, identification_suite_create()); - srunner_add_suite(sr, threading_suite_create()); - srunner_add_suite(sr, utils_suite_create()); - srunner_add_suite(sr, host_suite_create()); - srunner_add_suite(sr, vectors_suite_create()); - srunner_add_suite(sr, printf_suite_create()); - if (lib->plugins->has_feature(lib->plugins, - PLUGIN_DEPENDS(PRIVKEY_GEN, KEY_RSA))) - { - srunner_add_suite(sr, rsa_suite_create()); - } - if (lib->plugins->has_feature(lib->plugins, - PLUGIN_DEPENDS(PRIVKEY_GEN, KEY_ECDSA))) - { - srunner_add_suite(sr, ecdsa_suite_create()); - } - - srunner_run_all(sr, CK_NORMAL); - nf = srunner_ntests_failed(sr); - - srunner_free(sr); + if (init) + { + init(FALSE); + } + if (check_leaks && lib->leak_detective) + { + lib->leak_detective->set_report_cb(lib->leak_detective, + (leak_detective_report_cb_t)report_leaks, + (leak_detective_summary_cb_t)sum_leaks, &data); + } library_deinit(); - return (nf == 0) ? EXIT_SUCCESS : EXIT_FAILURE; + return data.leaks != 0; +} + +/** + * Collect failure information, add failure_t to array + */ +static void collect_failure_info(array_t *failures, char *name, int i) +{ + failure_t failure = { + .name = name, + .i = i, + .bt = test_failure_backtrace(), + }; + + failure.line = test_failure_get(failure.msg, sizeof(failure.msg), + &failure.file); + + array_insert(failures, -1, &failure); +} + +/** + * Print array of collected failure_t to stderr + */ +static void print_failures(array_t *failures) +{ + failure_t failure; + + backtrace_init(); + + while (array_remove(failures, 0, &failure)) + { + fprintf(stderr, " %sFailure in '%s': %s (", + TTY(RED), failure.name, failure.msg); + if (failure.line) + { + fprintf(stderr, "%s:%d, ", failure.file, failure.line); + } + fprintf(stderr, "i = %d)%s\n", failure.i, TTY(DEF)); + if (failure.bt) + { + failure.bt->log(failure.bt, stderr, TRUE); + failure.bt->destroy(failure.bt); + } + } + + backtrace_deinit(); +} + +/** + * Run a single test case with fixtures + */ +static bool run_case(test_case_t *tcase, test_runner_init_t init) +{ + enumerator_t *enumerator; + test_function_t *tfun; + int passed = 0; + array_t *failures; + + failures = array_create(sizeof(failure_t), 0); + + fprintf(stderr, " Running case '%s': ", tcase->name); + fflush(stderr); + + enumerator = array_create_enumerator(tcase->functions); + while (enumerator->enumerate(enumerator, &tfun)) + { + int i, rounds = 0; + + for (i = tfun->start; i < tfun->end; i++) + { + if (pre_test(init)) + { + bool ok = FALSE, leaks = FALSE; + + test_setup_timeout(tcase->timeout); + + if (call_fixture(tcase, TRUE)) + { + if (run_test(tfun, i)) + { + if (call_fixture(tcase, FALSE)) + { + ok = TRUE; + } + } + else + { + call_fixture(tcase, FALSE); + } + + } + leaks = post_test(init, ok, failures, tfun->name, i); + + test_setup_timeout(0); + + if (ok) + { + if (!leaks) + { + rounds++; + fprintf(stderr, "%s+%s", TTY(GREEN), TTY(DEF)); + } + } + else + { + collect_failure_info(failures, tfun->name, i); + } + if (!ok || leaks) + { + fprintf(stderr, "%s-%s", TTY(RED), TTY(DEF)); + } + } + else + { + fprintf(stderr, "!"); + } + } + fflush(stderr); + if (rounds == tfun->end - tfun->start) + { + passed++; + } + } + enumerator->destroy(enumerator); + + fprintf(stderr, "\n"); + + print_failures(failures); + array_destroy(failures); + + return passed == array_count(tcase->functions); +} + +/** + * Run a single test suite + */ +static bool run_suite(test_suite_t *suite, test_runner_init_t init) +{ + enumerator_t *enumerator; + test_case_t *tcase; + int passed = 0; + + fprintf(stderr, " Running suite '%s':\n", suite->name); + + enumerator = array_create_enumerator(suite->tcases); + while (enumerator->enumerate(enumerator, &tcase)) + { + if (run_case(tcase, init)) + { + passed++; + } + } + enumerator->destroy(enumerator); + + if (passed == array_count(suite->tcases)) + { + fprintf(stderr, " %sPassed all %u '%s' test cases%s\n", + TTY(GREEN), array_count(suite->tcases), suite->name, TTY(DEF)); + return TRUE; + } + fprintf(stderr, " %sPassed %u/%u '%s' test cases%s\n", + TTY(RED), passed, array_count(suite->tcases), suite->name, TTY(DEF)); + return FALSE; +} + +/** + * See header. + */ +int test_runner_run(const char *name, test_configuration_t configs[], + test_runner_init_t init) +{ + array_t *suites; + test_suite_t *suite; + enumerator_t *enumerator; + int passed = 0, result; + + /* redirect all output to stderr (to redirect make's stdout to /dev/null) */ + dup2(2, 1); + + suites = load_suites(configs, init); + if (!suites) + { + return EXIT_FAILURE; + } + + fprintf(stderr, "Running %u '%s' test suites:\n", array_count(suites), name); + + enumerator = array_create_enumerator(suites); + while (enumerator->enumerate(enumerator, &suite)) + { + if (run_suite(suite, init)) + { + passed++; + } + } + enumerator->destroy(enumerator); + + if (passed == array_count(suites)) + { + fprintf(stderr, "%sPassed all %u '%s' suites%s\n", + TTY(GREEN), array_count(suites), name, TTY(DEF)); + result = EXIT_SUCCESS; + } + else + { + fprintf(stderr, "%sPassed %u of %u '%s' suites%s\n", + TTY(RED), passed, array_count(suites), name, TTY(DEF)); + result = EXIT_FAILURE; + } + + unload_suites(suites); + + return result; } diff --git a/src/libstrongswan/tests/test_runner.h b/src/libstrongswan/tests/test_runner.h index 6315abba7..643b622e5 100644 --- a/src/libstrongswan/tests/test_runner.h +++ b/src/libstrongswan/tests/test_runner.h @@ -1,6 +1,6 @@ /* - * Copyright (C) 2013 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -13,27 +13,65 @@ * for more details. */ +/** + * @defgroup libtest libtest + * + * @defgroup test_utils test_utils + * @ingroup libtest + * + * @defgroup test_runner test_runner + * @{ @ingroup libtest + */ + #ifndef TEST_RUNNER_H_ #define TEST_RUNNER_H_ -#include <check.h> - -Suite *bio_reader_suite_create(); -Suite *bio_writer_suite_create(); -Suite *chunk_suite_create(); -Suite *enum_suite_create(); -Suite *enumerator_suite_create(); -Suite *linked_list_suite_create(); -Suite *linked_list_enumerator_suite_create(); -Suite *hashtable_suite_create(); -Suite *array_suite_create(); -Suite *identification_suite_create(); -Suite *threading_suite_create(); -Suite *utils_suite_create(); -Suite *vectors_suite_create(); -Suite *ecdsa_suite_create(); -Suite *rsa_suite_create(); -Suite *host_suite_create(); -Suite *printf_suite_create(); - -#endif /** TEST_RUNNER_H_ */ +#include "test_suite.h" + +#include <plugins/plugin_feature.h> + +typedef struct test_configuration_t test_configuration_t; + +/** + * Callback called before and after each test case to de-/initialize the + * environment (e.g. to load plugins). It is also called before and after the + * test suites are loaded. + * + * It is called after libstrongswan has been initialized and likewise before it + * gets deinitialized. + * + * @param init TRUE during initialization + * @return FALSE if de-/init failed + */ +typedef bool (*test_runner_init_t)(bool init); + +/** + * Test configuration, suite constructor with plugin dependency + */ +struct test_configuration_t { + + /** + * Constructor function to create suite. + */ + test_suite_t *(*suite)(); + + /** + * Plugin feature this test suite depends on + */ + plugin_feature_t feature; +}; + +/** + * Run test configuration. + * + * The configs array must be terminated with a NULL element. + * + * @param name name of test runner + * @param config test suite constructors with dependencies + * @param init_cb init/deinit callback + * @return test result, EXIT_SUCCESS if all tests passed + */ +int test_runner_run(const char *name, test_configuration_t config[], + test_runner_init_t init_cb); + +#endif /** TEST_RUNNER_H_ @}*/ diff --git a/src/libstrongswan/tests/test_suite.c b/src/libstrongswan/tests/test_suite.c new file mode 100644 index 000000000..0f2e74b7c --- /dev/null +++ b/src/libstrongswan/tests/test_suite.c @@ -0,0 +1,277 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <signal.h> +#include <unistd.h> + +#include <pthread.h> + +/** + * Failure message buf + */ +static char failure_buf[512]; + +/** + * Source file failure occurred + */ +static const char *failure_file; + +/** + * Line of source file failure occurred + */ +static int failure_line; + +/** + * Backtrace of failure, if any + */ +static backtrace_t *failure_backtrace; + +/** + * Longjump restore point when failing + */ +sigjmp_buf test_restore_point_env; + +/** + * See header. + */ +test_suite_t* test_suite_create(const char *name) +{ + test_suite_t *suite; + + INIT(suite, + .name = name, + .tcases = array_create(0, 0), + ); + return suite; +} + +/** + * See header. + */ +test_case_t* test_case_create(const char *name) +{ + test_case_t *tcase; + + INIT(tcase, + .name = name, + .functions = array_create(sizeof(test_function_t), 0), + .fixtures = array_create(sizeof(test_fixture_t), 0), + .timeout = TEST_FUNCTION_DEFAULT_TIMEOUT, + ); + return tcase; +} + +/** + * See header. + */ +void test_case_add_checked_fixture(test_case_t *tcase, test_fixture_cb_t setup, + test_fixture_cb_t teardown) +{ + test_fixture_t fixture = { + .setup = setup, + .teardown = teardown, + }; + array_insert(tcase->fixtures, -1, &fixture); +} + +/** + * See header. + */ +void test_case_add_test_name(test_case_t *tcase, char *name, + test_function_cb_t cb, int start, int end) +{ + test_function_t fun = { + .name = name, + .cb = cb, + .start = start, + .end = end, + }; + array_insert(tcase->functions, -1, &fun); +} + +/** + * See header. + */ +void test_case_set_timeout(test_case_t *tcase, int s) +{ + tcase->timeout = s; +} + +/** + * See header. + */ +void test_suite_add_case(test_suite_t *suite, test_case_t *tcase) +{ + array_insert(suite->tcases, -1, tcase); +} + +/** + * Main thread performing tests + */ +static pthread_t main_thread; + +/** + * Let test case fail + */ +static inline void test_failure() +{ + if (pthread_self() == main_thread) + { + siglongjmp(test_restore_point_env, 1); + } + else + { + pthread_kill(main_thread, SIGUSR1); + /* how can we stop just the thread? longjmp to a restore point? */ + } +} + +/** + * See header. + */ +void test_fail_vmsg(const char *file, int line, char *fmt, va_list args) +{ + vsnprintf(failure_buf, sizeof(failure_buf), fmt, args); + failure_line = line; + failure_file = file; + + test_failure(); +} + +/** + * See header. + */ +void test_fail_msg(const char *file, int line, char *fmt, ...) +{ + va_list args; + + va_start(args, fmt); + vsnprintf(failure_buf, sizeof(failure_buf), fmt, args); + failure_line = line; + failure_file = file; + va_end(args); + + test_failure(); +} + +/** + * Signal handler catching critical and alarm signals + */ +static void test_sighandler(int signal) +{ + char *signame; + bool old = FALSE; + + switch (signal) + { + case SIGUSR1: + /* a different thread failed, abort test */ + return test_failure(); + case SIGSEGV: + signame = "SIGSEGV"; + break; + case SIGILL: + signame = "SIGILL"; + break; + case SIGBUS: + signame = "SIGBUS"; + break; + case SIGALRM: + signame = "timeout"; + break; + default: + signame = "SIG"; + break; + } + if (lib->leak_detective) + { + old = lib->leak_detective->set_state(lib->leak_detective, FALSE); + } + failure_backtrace = backtrace_create(3); + if (lib->leak_detective) + { + lib->leak_detective->set_state(lib->leak_detective, old); + } + test_fail_msg(NULL, 0, "%s(%d)", signame, signal); + /* unable to restore a valid context for that thread, terminate */ + fprintf(stderr, "\n%s(%d) outside of main thread:\n", signame, signal); + failure_backtrace->log(failure_backtrace, stderr, TRUE); + fprintf(stderr, "terminating...\n"); + abort(); +} + +/** + * See header. + */ +void test_setup_handler() +{ + struct sigaction action = { + .sa_handler = test_sighandler, + }; + + main_thread = pthread_self(); + + /* signal handler inherited by all threads */ + sigaction(SIGSEGV, &action, NULL); + sigaction(SIGILL, &action, NULL); + sigaction(SIGBUS, &action, NULL); + /* ignore ALRM/USR1, these are catched by main thread only */ + action.sa_handler = SIG_IGN; + sigaction(SIGALRM, &action, NULL); + sigaction(SIGUSR1, &action, NULL); +} + +/** + * See header. + */ +void test_setup_timeout(int s) +{ + struct sigaction action = { + .sa_handler = test_sighandler, + }; + + /* This called by main thread only. Setup handler for timeout and + * failure cross-thread signaling. */ + sigaction(SIGALRM, &action, NULL); + sigaction(SIGUSR1, &action, NULL); + + alarm(s); +} + +/** + * See header. + */ +int test_failure_get(char *msg, int len, const char **file) +{ + strncpy(msg, failure_buf, len - 1); + msg[len - 1] = 0; + *file = failure_file; + return failure_line; +} + +/** + * See header. + */ +backtrace_t *test_failure_backtrace() +{ + backtrace_t *bt; + + bt = failure_backtrace; + failure_backtrace = NULL; + + return bt; +} diff --git a/src/libstrongswan/tests/test_suite.h b/src/libstrongswan/tests/test_suite.h index 2a2861323..c44f149f5 100644 --- a/src/libstrongswan/tests/test_suite.h +++ b/src/libstrongswan/tests/test_suite.h @@ -1,6 +1,8 @@ /* * Copyright (C) 2013 Tobias Brunner * Hochschule fuer Technik Rapperswil + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -13,98 +15,318 @@ * for more details. */ -#ifndef TEST_UTILS_H_ -#define TEST_UTILS_H_ +/** + * @defgroup test_suite test_suite + * @{ @ingroup libtest + */ + +#ifndef TEST_SUITE_H_ +#define TEST_SUITE_H_ + +#define _GNU_SOURCE +#include <setjmp.h> -#include <check.h> #include <library.h> #include <utils/debug.h> +#include <utils/backtrace.h> +#include <collections/array.h> + +typedef struct test_suite_t test_suite_t; +typedef struct test_case_t test_case_t; +typedef struct test_function_t test_function_t; +typedef struct test_fixture_t test_fixture_t; /** - * Used to mark test cases that use test fixtures. + * Default timeout for a single test function */ -#define UNIT_TEST_FIXTURE_USED "UNIT_TEST_FIXTURE_USED" +#define TEST_FUNCTION_DEFAULT_TIMEOUT 2 /** - * Check for memory leaks and fail if any are encountered. + * Test function implementation */ -#define CHECK_FOR_LEAKS() do \ -{ \ - if (lib->leak_detective) \ - { \ - if (lib->leak_detective->leaks(lib->leak_detective)) { \ - lib->leak_detective->report(lib->leak_detective, TRUE); \ - } \ - ck_assert_int_eq(lib->leak_detective->leaks(lib->leak_detective), 0); \ - } \ -} \ -while(0) +typedef void (*test_function_cb_t)(int); + +/** + * Fixture for a test case. + */ +typedef void (*test_fixture_cb_t)(void); + +/** + * A test suite; a collection of test cases with fixtures + */ +struct test_suite_t { + /** name of the test suite */ + const char *name; + /** test cases registered, as test_case_t* */ + array_t *tcases; +}; /** - * Extended versions of the START|END_TEST macros that use leak detective. + * A test case; multiple test functions using the same fixtures + */ +struct test_case_t { + /** name of the test case */ + const char *name; + /** tests registered, as test_function_t */ + array_t *functions; + /** fixture for tests, as test_fixture_t */ + array_t *fixtures; + /** timeout for each function, in s */ + int timeout; +}; + +/** + * A test function, with optional loop setup + */ +struct test_function_t { + /** name of test function */ + char *name; + /** tests function registered, test_function_t* */ + test_function_cb_t cb; + /** start for loop test */ + int start; + /** end for loop test */ + int end; +}; + +/** + * Registered fixture for a test case + */ +struct test_fixture_t { + test_fixture_cb_t setup; + test_fixture_cb_t teardown; +}; + +/** + * Create a new test suite * - * Since each test case runs in its own fork of the test runner the stuff - * allocated before the test starts is not freed, so leak detective is disabled - * by default to prevent false positives. By enabling it right when the test - * starts we at least capture leaks created by the tested objects/functions and - * the test case itself. This allows writing test cases for cleanup functions. + * @param name name of the test suite + * @return test suite + */ +test_suite_t* test_suite_create(const char *name); + +/** + * Create a new test case * - * To define test fixture with possibly allocated/destroyed memory that is - * allocated/freed in a test case use the START|END_SETUP|TEARDOWN macros. + * @param name name of test case + * @return test case */ -#undef START_TEST -#define START_TEST(name) \ -static void name (int _i CK_ATTRIBUTE_UNUSED) \ -{ \ - tcase_fn_start(""#name, __FILE__, __LINE__); \ - dbg_default_set_level(LEVEL_SILENT); \ - if (lib->leak_detective) \ - { \ - lib->leak_detective->set_state(lib->leak_detective, TRUE); \ - } +test_case_t* test_case_create(const char *name); -#undef END_TEST -#define END_TEST \ - if (!lib->get(lib, UNIT_TEST_FIXTURE_USED)) \ - { \ - CHECK_FOR_LEAKS(); \ - } \ -} +/** + * Add a setup/teardown function to the test case + * + * @param tcase test case to add a fixture to + * @param setup setup function called before each test + * @param teardown cleanup function called after each test + */ +void test_case_add_checked_fixture(test_case_t *tcase, test_fixture_cb_t setup, + test_fixture_cb_t teardown); + +/** + * Add a test function to a test case, with a name, looped several times + * + * @param name name of the test case + * @param tcase test case to add test function to + * @param cb callback function to invoke for test + * @param start start of loop counter + * @param end end of loop counter + */ +void test_case_add_test_name(test_case_t *tcase, char *name, + test_function_cb_t cb, int start, int end); + +/** + * Add a test function to a test case + * + * @param tcase test case to add test function to + * @param cb callback function to invoke for test + */ +#define test_case_add_test(tcase, cb) \ + test_case_add_test_name(tcase, #cb, cb, 0, 1) + +/** + * Add a test function to a test case, looped several times + * + * @param tcase test case to add test function to + * @param cb callback function to invoke for test + * @param start start of loop counter + * @param end end of loop counter + */ +#define test_case_add_loop_test(tcase, cb, start, end) \ + test_case_add_test_name(tcase, #cb, cb, start, end) + +/** + * Set a custom timeout for test functions in a test case + * + * @param tcase test case to set timeout for + * @param s test timeout in s + */ +void test_case_set_timeout(test_case_t *tcase, int s); + +/** + * Add a test function to a test case, looped several times + * + * @param suite test suite to add test case to + * @param tcase test case to add + */ +void test_suite_add_case(test_suite_t *suite, test_case_t *tcase); /** - * Define a function to setup a test fixture that can be used with the above - * macros. + * sigjmp restore point used by test_restore_point + */ +extern sigjmp_buf test_restore_point_env; + +/** + * Set or return from an execution restore point + * + * This call sets a restore execution point and returns TRUE after it has + * been set up. On test failure, the execution is returned to the restore point + * and FALSE is returned to indicate test failure. + * + * @return TRUE if restore point set, FALSE when restored */ -#define START_SETUP(name) \ -static void name() \ -{ \ - lib->set(lib, UNIT_TEST_FIXTURE_USED, (void*)TRUE); \ - if (lib->leak_detective) \ +#define test_restore_point() (sigsetjmp(test_restore_point_env, 1) == 0) + +/** + * Set up signal handlers for test cases + */ +void test_setup_handler(); + +/** + * Set up a timeout to let a test fail + * + * @param s timeout, 0 to disable timeout + */ +void test_setup_timeout(int s); + +/** + * Get info about a test failure + * + * @param msg buffer receiving failure info + * @param len size of msg buffer + * @param file pointer receiving source code file + * @return source code line number + */ +int test_failure_get(char *msg, int len, const char **file); + +/** + * Get a backtrace for a failure. + * + * @return allocated backtrace of test failure, if any + */ +backtrace_t *test_failure_backtrace(); + +/** + * Let a test fail and set a message using vprintf style arguments. + * + * @param file source code file name + * @param line source code line number + * @param fmt printf format string + * @param args argument list for fmt + */ +void test_fail_vmsg(const char *file, int line, char *fmt, va_list args); + +/** + * Let a test fail and set a message using printf style arguments. + * + * @param file source code file name + * @param line source code line number + * @param fmt printf format string + * @param ... arguments for fmt + */ +void test_fail_msg(const char *file, int line, char *fmt, ...); + +/** + * Check if two integers equal, fail test if not + * + * @param a first integer + * @param b second integer + */ +#define test_int_eq(a, b) \ +({ \ + typeof(a) _a = a; \ + typeof(b) _b = b; \ + if (_a != _b) \ { \ - lib->leak_detective->set_state(lib->leak_detective, TRUE); \ - } + test_fail_msg(__FILE__, __LINE__, #a " != " #b " (%d != %d)", _a, _b); \ + } \ +}) /** - * End a setup function + * Check if two strings equal, fail test if not + * + * @param a first string + * @param b second string */ -#define END_SETUP } +#define test_str_eq(a, b) \ +({ \ + char* _a = (char*)a; \ + char* _b = (char*)b; \ + if (!_a || !_b || !streq(_a, _b)) \ + { \ + test_fail_msg(__FILE__, __LINE__, \ + #a " != " #b " (\"%s\" != \"%s\")", _a, _b); \ + } \ +}) /** - * Define a function to teardown a test fixture that can be used with the above - * macros. + * Check if a statement evaluates to TRUE, fail test if not + * + * @param x statement to evaluate */ -#define START_TEARDOWN(name) \ -static void name() \ -{ +#define test_assert(x) \ +({ \ + if (!(x)) \ + { \ + test_fail_msg(__FILE__, __LINE__, #x); \ + } \ +}) /** - * End a teardown function + * Check if a statement evaluates to TRUE, fail and print a message if not + * + * @param x statement to evaluate + * @param fmt message format string + * @param ... fmt printf arguments */ -#define END_TEARDOWN \ - if (lib->get(lib, UNIT_TEST_FIXTURE_USED)) \ +#define test_assert_msg(x, fmt, ...) \ +({ \ + if (!(x)) \ { \ - CHECK_FOR_LEAKS(); \ + test_fail_msg(__FILE__, __LINE__, #x ": " fmt, ##__VA_ARGS__); \ } \ -} +}) + + + +/* "check unit testing" compatibility */ +#define Suite test_suite_t +#define TCase test_case_t +#define ck_assert_int_eq test_int_eq +#define ck_assert test_assert +#define ck_assert_msg test_assert_msg +#define ck_assert_str_eq test_str_eq +#define fail(fmt, ...) test_fail_msg(__FILE__, __LINE__, fmt, ##__VA_ARGS__) +#define fail_if(x, fmt, ...) \ +({ \ + if (x) \ + { \ + test_fail_msg(__FILE__, __LINE__, #x ": " fmt, ##__VA_ARGS__); \ + } \ +}) +#define fail_unless test_assert_msg +#define suite_create test_suite_create +#define tcase_create test_case_create +#define tcase_add_checked_fixture test_case_add_checked_fixture +#define tcase_add_test test_case_add_test +#define tcase_add_loop_test test_case_add_loop_test +#define tcase_set_timeout test_case_set_timeout +#define suite_add_tcase test_suite_add_case +#define START_TEST(name) static void name (int _i) { +#define END_TEST } +#define START_SETUP(name) static void name() { +#define END_SETUP } +#define START_TEARDOWN(name) static void name() { +#define END_TEARDOWN } -#endif /** TEST_UTILS_H_ */ +#endif /** TEST_SUITE_H_ @}*/ diff --git a/src/libstrongswan/tests/test_threading.c b/src/libstrongswan/tests/test_threading.c deleted file mode 100644 index 0c768b3e2..000000000 --- a/src/libstrongswan/tests/test_threading.c +++ /dev/null @@ -1,110 +0,0 @@ -/* - * Copyright (C) 2013 Tobias Brunner - * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <sched.h> -#include <pthread.h> - -#include "test_suite.h" - -#include <threading/mutex.h> - -/******************************************************************************* - * recursive mutex test - */ - -#define THREADS 20 - -static mutex_t *mutex; - -static pthread_barrier_t mutex_barrier; - -static int mutex_locked = 0; - -static void *mutex_run(void *data) -{ - int i; - - /* wait for all threads before getting in action */ - pthread_barrier_wait(&mutex_barrier); - - for (i = 0; i < 100; i++) - { - mutex->lock(mutex); - mutex->lock(mutex); - mutex->lock(mutex); - mutex_locked++; - sched_yield(); - if (mutex_locked > 1) - { - fail("two threads locked the mutex concurrently"); - } - mutex_locked--; - mutex->unlock(mutex); - mutex->unlock(mutex); - mutex->unlock(mutex); - } - return NULL; -} - -START_TEST(test_mutex) -{ - pthread_t threads[THREADS]; - int i; - - mutex = mutex_create(MUTEX_TYPE_RECURSIVE); - - for (i = 0; i < 10; i++) - { - mutex->lock(mutex); - mutex->unlock(mutex); - } - for (i = 0; i < 10; i++) - { - mutex->lock(mutex); - } - for (i = 0; i < 10; i++) - { - mutex->unlock(mutex); - } - - pthread_barrier_init(&mutex_barrier, NULL, THREADS); - for (i = 0; i < THREADS; i++) - { - pthread_create(&threads[i], NULL, mutex_run, NULL); - } - for (i = 0; i < THREADS; i++) - { - pthread_join(threads[i], NULL); - } - pthread_barrier_destroy(&mutex_barrier); - - mutex->destroy(mutex); -} -END_TEST - -Suite *threading_suite_create() -{ - Suite *s; - TCase *tc; - - s = suite_create("threading"); - - tc = tcase_create("recursive mutex"); - tcase_add_test(tc, test_mutex); - suite_add_tcase(s, tc); - - return s; -} diff --git a/src/libstrongswan/tests/tests.c b/src/libstrongswan/tests/tests.c new file mode 100644 index 000000000..9f2adfd15 --- /dev/null +++ b/src/libstrongswan/tests/tests.c @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2013 Martin Willi + * Copyright (C) 2013 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <test_runner.h> + +/* declare test suite constructors */ +#define TEST_SUITE(x) test_suite_t* x(); +#define TEST_SUITE_DEPEND(x, ...) TEST_SUITE(x) +#include "tests.h" +#undef TEST_SUITE +#undef TEST_SUITE_DEPEND + +static test_configuration_t tests[] = { +#define TEST_SUITE(x) \ + { .suite = x, }, +#define TEST_SUITE_DEPEND(x, type, args) \ + { .suite = x, .feature = PLUGIN_DEPENDS(type, args) }, +#include "tests.h" + { .suite = NULL, } +}; + +static bool test_runner_init(bool init) +{ + if (init) + { + plugin_loader_add_plugindirs(PLUGINDIR, PLUGINS); + if (!lib->plugins->load(lib->plugins, PLUGINS)) + { + return FALSE; + } + } + else + { + lib->processor->set_threads(lib->processor, 0); + lib->processor->cancel(lib->processor); + lib->plugins->unload(lib->plugins); + } + return TRUE; +} + +int main(int argc, char *argv[]) +{ + return test_runner_run("libstrongswan", tests, test_runner_init); +} diff --git a/src/libstrongswan/tests/tests.h b/src/libstrongswan/tests/tests.h new file mode 100644 index 000000000..82a5137c1 --- /dev/null +++ b/src/libstrongswan/tests/tests.h @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +TEST_SUITE(bio_reader_suite_create) +TEST_SUITE(bio_writer_suite_create) +TEST_SUITE(chunk_suite_create) +TEST_SUITE(enum_suite_create) +TEST_SUITE(enumerator_suite_create) +TEST_SUITE(linked_list_suite_create) +TEST_SUITE(linked_list_enumerator_suite_create) +TEST_SUITE(hashtable_suite_create) +TEST_SUITE(array_suite_create) +TEST_SUITE(identification_suite_create) +TEST_SUITE(threading_suite_create) +TEST_SUITE(watcher_suite_create) +TEST_SUITE(stream_suite_create) +TEST_SUITE(utils_suite_create) +TEST_SUITE(settings_suite_create) +TEST_SUITE(vectors_suite_create) +TEST_SUITE_DEPEND(ecdsa_suite_create, PRIVKEY_GEN, KEY_ECDSA) +TEST_SUITE_DEPEND(rsa_suite_create, PRIVKEY_GEN, KEY_RSA) +TEST_SUITE(host_suite_create) +TEST_SUITE(printf_suite_create) +TEST_SUITE(hasher_suite_create) +TEST_SUITE(crypter_suite_create) +TEST_SUITE(pen_suite_create) +TEST_SUITE(asn1_suite_create) +TEST_SUITE(asn1_parser_suite_create) +TEST_SUITE(test_rng_suite_create) +TEST_SUITE_DEPEND(ntru_suite_create, DH, NTRU_112_BIT) +TEST_SUITE_DEPEND(fetch_http_suite_create, FETCHER, "http://") diff --git a/src/libstrongswan/tests/utils/test_rng.c b/src/libstrongswan/tests/utils/test_rng.c new file mode 100644 index 000000000..01569509b --- /dev/null +++ b/src/libstrongswan/tests/utils/test_rng.c @@ -0,0 +1,86 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_rng.h" + +typedef struct private_rng_t private_rng_t; + +/** + * Private data. + */ +struct private_rng_t { + + /** + * Public interface. + */ + rng_t public; + + /** + * Entropy string. + */ + chunk_t entropy; +}; + +METHOD(rng_t, get_bytes, bool, + private_rng_t *this, size_t bytes, u_int8_t *buffer) +{ + if (bytes > this->entropy.len) + { + return FALSE; + } + memcpy(buffer, this->entropy.ptr, bytes); + this->entropy = chunk_skip(this->entropy, bytes); + return TRUE; +} + +METHOD(rng_t, allocate_bytes, bool, + private_rng_t *this, size_t bytes, chunk_t *chunk) +{ + if (bytes > this->entropy.len) + { + *chunk = chunk_empty; + return FALSE; + } + + *chunk = chunk_alloc(bytes); + memcpy(chunk->ptr, this->entropy.ptr, bytes); + this->entropy = chunk_skip(this->entropy, bytes); + return TRUE; +} + +METHOD(rng_t, destroy, void, + private_rng_t *this) +{ + free(this); +} + +/* + * Described in header. + */ +rng_t *test_rng_create(chunk_t entropy) +{ + private_rng_t *this; + + INIT(this, + .public = { + .get_bytes = _get_bytes, + .allocate_bytes = _allocate_bytes, + .destroy = _destroy, + }, + .entropy = entropy, + ); + + return &this->public; +} diff --git a/src/libstrongswan/tests/utils/test_rng.h b/src/libstrongswan/tests/utils/test_rng.h new file mode 100644 index 000000000..e588f3be7 --- /dev/null +++ b/src/libstrongswan/tests/utils/test_rng.h @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2013 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * rng_t providing NIST SP 800-90A entropy test vectors + * + * @defgroup test_rng test_rng + * @{ @ingroup test_utils + */ + +#ifndef TEST_RNG_H_ +#define TEST_RNG_H_ + +#include <library.h> + +/** + * Creates a test_rng_t instance. + * + * @param entropy entropy test vector + * @return created test_rng_t + */ +rng_t *test_rng_create(chunk_t entropy); + +#endif /** TEST_RNG_H_ @} */ diff --git a/src/libstrongswan/threading/thread.h b/src/libstrongswan/threading/thread.h index 31b9e1b3a..8d3c30e9b 100644 --- a/src/libstrongswan/threading/thread.h +++ b/src/libstrongswan/threading/thread.h @@ -71,7 +71,6 @@ typedef void *(*thread_main_t)(void *arg); */ typedef void (*thread_cleanup_t)(void *arg); - /** * Thread wrapper implements simple, portable and advanced thread functions. * @@ -110,10 +109,8 @@ struct thread_t { * a call to exit. */ void *(*join)(thread_t *this); - }; - /** * Create a new thread instance. * @@ -168,6 +165,10 @@ bool thread_cancelability(bool enable); /** * Force creation of a cancellation point in the calling thread. + * + * This temporarily enables thread cancelability, tests for a pending + * cancellation request and then disables cancelability again if it was + * disabled before the call to thread_cancellation_point(). */ void thread_cancellation_point(); @@ -188,6 +189,4 @@ void threads_init(); */ void threads_deinit(); - #endif /** THREADING_THREAD_H_ @} */ - diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index fb2c4d1e8..f1584620b 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -314,7 +314,7 @@ static void print_sourceline(FILE *file, char *filename, void *ptr, void *base) bool old = FALSE; bfd_mutex->lock(bfd_mutex); - if (lib->leak_detective) + if (lib && lib->leak_detective) { old = lib->leak_detective->set_state(lib->leak_detective, FALSE); } @@ -324,7 +324,7 @@ static void print_sourceline(FILE *file, char *filename, void *ptr, void *base) data.entry = entry; bfd_map_over_sections(entry->abfd, (void*)find_addr, &data); } - if (lib->leak_detective) + if (lib && lib->leak_detective) { lib->leak_detective->set_state(lib->leak_detective, old); } diff --git a/src/libstrongswan/utils/backtrace.h b/src/libstrongswan/utils/backtrace.h index 416f58898..16e84c4d9 100644 --- a/src/libstrongswan/utils/backtrace.h +++ b/src/libstrongswan/utils/backtrace.h @@ -21,12 +21,12 @@ #ifndef BACKTRACE_H_ #define BACKTRACE_H_ +typedef struct backtrace_t backtrace_t; + #include <stdio.h> #include <library.h> -typedef struct backtrace_t backtrace_t; - /** * A backtrace registers the frames on the stack during creation. */ diff --git a/src/libstrongswan/utils/capabilities.h b/src/libstrongswan/utils/capabilities.h index fe11a4dfc..20c18554b 100644 --- a/src/libstrongswan/utils/capabilities.h +++ b/src/libstrongswan/utils/capabilities.h @@ -44,6 +44,9 @@ typedef struct capabilities_t capabilities_t; #ifndef CAP_NET_RAW # define CAP_NET_RAW 13 #endif +#ifndef CAP_DAC_OVERRIDE +# define CAP_DAC_OVERRIDE 1 +#endif /** * POSIX capability dropping abstraction layer. diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c index 644b8060f..47181719a 100644 --- a/src/libstrongswan/utils/chunk.c +++ b/src/libstrongswan/utils/chunk.c @@ -18,6 +18,9 @@ #include <stdio.h> #include <sys/types.h> #include <sys/stat.h> +#ifdef HAVE_MMAP +# include <sys/mman.h> +#endif #include <fcntl.h> #include <unistd.h> #include <errno.h> @@ -25,7 +28,6 @@ #include <ctype.h> #include "chunk.h" -#include "debug.h" /** * Empty chunk. @@ -206,15 +208,16 @@ void chunk_split(chunk_t chunk, const char *mode, ...) /** * Described in header. */ -bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force) +bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force) { mode_t oldmask; FILE *fd; bool good = FALSE; + int tmp = 0; if (!force && access(path, F_OK) == 0) { - DBG1(DBG_LIB, " %s file '%s' already exists", label, path); + errno = EEXIST; return FALSE; } oldmask = umask(mask); @@ -223,58 +226,206 @@ bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force { if (fwrite(chunk.ptr, sizeof(u_char), chunk.len, fd) == chunk.len) { - DBG1(DBG_LIB, " written %s file '%s' (%d bytes)", - label, path, chunk.len); good = TRUE; } else { - DBG1(DBG_LIB, " writing %s file '%s' failed: %s", - label, path, strerror(errno)); + tmp = errno; } fclose(fd); } else { - DBG1(DBG_LIB, " could not open %s file '%s': %s", label, path, - strerror(errno)); + tmp = errno; } umask(oldmask); + errno = tmp; return good; } /** * Described in header. */ -chunk_t chunk_from_fd(int fd) +bool chunk_from_fd(int fd, chunk_t *out) { - char buf[8096]; - char *pos = buf; - ssize_t len, total = 0; + struct stat sb; + char *buf, *tmp; + ssize_t len, total = 0, bufsize; + + if (fstat(fd, &sb) == 0 && S_ISREG(sb.st_mode)) + { + bufsize = sb.st_size; + } + else + { + bufsize = 256; + } + buf = malloc(bufsize); + if (!buf) + { /* for huge files */ + return FALSE; + } while (TRUE) { - len = read(fd, pos, buf + sizeof(buf) - pos); + len = read(fd, buf + total, bufsize - total); if (len < 0) { - DBG1(DBG_LIB, "reading from file descriptor failed: %s", - strerror(errno)); - return chunk_empty; + free(buf); + return FALSE; } if (len == 0) { break; } total += len; - if (total == sizeof(buf)) + if (total == bufsize) + { + bufsize *= 2; + tmp = realloc(buf, bufsize); + if (!tmp) + { + free(buf); + return FALSE; + } + buf = tmp; + } + } + if (total == 0) + { + free(buf); + buf = NULL; + } + else if (total < bufsize) + { + buf = realloc(buf, total); + } + *out = chunk_create(buf, total); + return TRUE; +} + +/** + * Implementation for mmap()ed chunks + */ +typedef struct { + /* public chunk interface */ + chunk_t public; + /* FD of open file */ + int fd; + /* mmap() address */ + void *map; + /* size of map */ + size_t len; + /* do we write? */ + bool wr; +} mmaped_chunk_t; + +/** + * See header. + */ +chunk_t *chunk_map(char *path, bool wr) +{ + mmaped_chunk_t *chunk; + struct stat sb; + int tmp; + + INIT(chunk, + .fd = open(path, wr ? O_RDWR : O_RDONLY), + .wr = wr, + ); + + if (chunk->fd == -1) + { + free(chunk); + return NULL; + } + if (fstat(chunk->fd, &sb) == -1) + { + tmp = errno; + chunk_unmap(&chunk->public); + errno = tmp; + return NULL; + } +#ifdef HAVE_MMAP + chunk->len = sb.st_size; + /* map non-empty files only, as mmap() complains otherwise */ + if (chunk->len) + { + /* in read-only mode, we allow writes, but don't sync to disk */ + chunk->map = mmap(NULL, chunk->len, PROT_READ | PROT_WRITE, + wr ? MAP_SHARED : MAP_PRIVATE, chunk->fd, 0); + if (chunk->map == MAP_FAILED) { - DBG1(DBG_LIB, "buffer too small to read from file descriptor"); - return chunk_empty; + tmp = errno; + chunk_unmap(&chunk->public); + errno = tmp; + return NULL; } } - return chunk_clone(chunk_create(buf, total)); + chunk->public = chunk_create(chunk->map, chunk->len); +#else /* !HAVE_MMAP */ + if (!chunk_from_fd(chunk->fd, &chunk->public)) + { + tmp = errno; + chunk_unmap(&chunk->public); + errno = tmp; + return NULL; + } + chunk->map = chunk->public.ptr; + chunk->len = chunk->public.len; +#endif /* !HAVE_MMAP */ + return &chunk->public; } +/** + * See header. + */ +bool chunk_unmap(chunk_t *public) +{ + mmaped_chunk_t *chunk; + bool ret = FALSE; + int tmp = 0; + + chunk = (mmaped_chunk_t*)public; +#ifdef HAVE_MMAP + if (chunk->map && chunk->map != MAP_FAILED) + { + ret = munmap(chunk->map, chunk->len) == 0; + tmp = errno; + } +#else /* !HAVE_MMAP */ + if (chunk->wr) + { + if (lseek(chunk->fd, 0, SEEK_SET) != -1) + { + int len, total = 0; + + ret = TRUE; + while (total < chunk->len) + { + len = write(chunk->fd, chunk->map + total, chunk->len - total); + if (len <= 0) + { + ret = FALSE; + break; + } + total += len; + } + } + tmp = errno; + } + else + { + ret = TRUE; + } + free(chunk->map); +#endif /* !HAVE_MMAP */ + close(chunk->fd); + free(chunk); + errno = tmp; + + return ret; +} /** hex conversion digits */ static char hexdig_upper[] = "0123456789ABCDEF"; diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h index d3751da70..33f66caec 100644 --- a/src/libstrongswan/utils/chunk.h +++ b/src/libstrongswan/utils/chunk.h @@ -90,22 +90,52 @@ void chunk_split(chunk_t chunk, const char *mode, ...); /** * Write the binary contents of a chunk_t to a file * + * If the write fails, errno is set appropriately. + * * @param chunk contents to write to file * @param path path where file is written to - * @param label label specifying file type * @param mask file mode creation mask * @param force overwrite existing file by force * @return TRUE if write operation was successful */ -bool chunk_write(chunk_t chunk, char *path, char *label, mode_t mask, bool force); +bool chunk_write(chunk_t chunk, char *path, mode_t mask, bool force); /** * Store data read from FD into a chunk * + * On error, errno is set appropriately. + * * @param fd file descriptor to read from - * @return chunk or chunk_empty on failure + * @param chunk chunk receiving allocated buffer + * @return TRUE if successful, FALSE on failure + */ +bool chunk_from_fd(int fd, chunk_t *chunk); + +/** + * mmap() a file to a chunk + * + * The returned chunk structure is allocated from heap, but it must be freed + * through chunk_unmap(). A user may alter the chunk ptr or len, but must pass + * the chunk pointer returned from chunk_map() to chunk_unmap() after use. + * + * On error, errno is set appropriately. + * + * @param path path of file to map + * @param wr TRUE to sync writes to disk + * @return mapped chunk, NULL on error + */ +chunk_t *chunk_map(char *path, bool wr); + +/** + * munmap() a chunk previously mapped with chunk_map() + * + * When unmapping a writeable map, the return value should be checked to + * ensure changes landed on disk. + * + * @param chunk pointer returned from chunk_map() + * @return TRUE of changes written back to file */ -chunk_t chunk_from_fd(int fd); +bool chunk_unmap(chunk_t *chunk); /** * Convert a chunk of data to hex encoding. @@ -191,17 +221,17 @@ static inline void chunk_clear(chunk_t *chunk) /** * Initialize a chunk using a char array */ -#define chunk_from_chars(...) ((chunk_t){(char[]){__VA_ARGS__}, sizeof((char[]){__VA_ARGS__})}) +#define chunk_from_chars(...) ((chunk_t){(u_char[]){__VA_ARGS__}, sizeof((u_char[]){__VA_ARGS__})}) /** * Initialize a chunk to point to a thing */ -#define chunk_from_thing(thing) chunk_create((char*)&(thing), sizeof(thing)) +#define chunk_from_thing(thing) chunk_create((u_char*)&(thing), sizeof(thing)) /** * Initialize a chunk from a string, not containing 0-terminator */ -#define chunk_from_str(str) ({char *x = (str); chunk_create(x, strlen(x));}) +#define chunk_from_str(str) ({char *x = (str); chunk_create((u_char*)x, strlen(x));}) /** * Allocate a chunk on the heap diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index 9c43ad570..e7eb63bc6 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -332,8 +332,13 @@ static void dntoa(chunk_t dn, char *buf, size_t len) buf += written; len -= written; + written = 0; chunk_printable(data, &printable, '?'); - written = snprintf(buf, len, "%.*s", (int)printable.len, printable.ptr); + if (printable.ptr) + { + written = snprintf(buf, len, "%.*s", (int)printable.len, + printable.ptr); + } chunk_free(&printable); if (written < 0 || written >= len) { diff --git a/src/libstrongswan/utils/integrity_checker.c b/src/libstrongswan/utils/integrity_checker.c index d59a76232..b66df02e7 100644 --- a/src/libstrongswan/utils/integrity_checker.c +++ b/src/libstrongswan/utils/integrity_checker.c @@ -22,7 +22,6 @@ #include <fcntl.h> #include <errno.h> #include <unistd.h> -#include <sys/mman.h> #include <sys/stat.h> #include <sys/types.h> @@ -61,40 +60,17 @@ METHOD(integrity_checker_t, build_file, u_int32_t, private_integrity_checker_t *this, char *file, size_t *len) { u_int32_t checksum; - chunk_t contents; - struct stat sb; - void *addr; - int fd; + chunk_t *contents; - fd = open(file, O_RDONLY); - if (fd == -1) + contents = chunk_map(file, FALSE); + if (!contents) { DBG1(DBG_LIB, " opening '%s' failed: %s", file, strerror(errno)); return 0; } - - if (fstat(fd, &sb) == -1) - { - DBG1(DBG_LIB, " getting file size of '%s' failed: %s", file, - strerror(errno)); - close(fd); - return 0; - } - - addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0); - if (addr == MAP_FAILED) - { - DBG1(DBG_LIB, " mapping '%s' failed: %s", file, strerror(errno)); - close(fd); - return 0; - } - - *len = sb.st_size; - contents = chunk_create(addr, sb.st_size); - checksum = chunk_hash_static(contents); - - munmap(addr, sb.st_size); - close(fd); + *len = contents->len; + checksum = chunk_hash_static(*contents); + chunk_unmap(contents); return checksum; } @@ -318,4 +294,3 @@ integrity_checker_t *integrity_checker_create(char *checksum_library) } return &this->public; } - diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index 725e04f7c..82eadcb97 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -59,6 +59,21 @@ struct private_leak_detective_t { * public functions */ leak_detective_t public; + + /** + * Registered report() function + */ + leak_detective_report_cb_t report_cb; + + /** + * Registered report() summary function + */ + leak_detective_summary_cb_t report_scb; + + /** + * Registered user data for callbacks + */ + void *report_data; }; /** @@ -318,9 +333,16 @@ HOOK(size_t, size, const void *ptr) */ static bool register_hooks() { + static bool once = FALSE; malloc_zone_t *zone; void *page; + if (once) + { + return TRUE; + } + once = TRUE; + zone = malloc_default_zone(); if (zone->version != MALLOC_ZONE_VERSION) { @@ -461,7 +483,7 @@ static void* real_realloc(void *ptr, size_t size) static bool register_hooks() { void *buf = real_malloc(8); - real_realloc(buf, 16); + buf = real_realloc(buf, 16); real_free(buf); return TRUE; } @@ -477,7 +499,7 @@ static bool register_hooks() char *whitelist[] = { /* backtraces, including own */ "backtrace_create", - "safe_strerror", + "strerror_safe", /* pthread stuff */ "pthread_create", "pthread_setspecific", @@ -565,7 +587,12 @@ char *whitelist[] = { */ static void init_static_allocations() { + struct tm tm; + time_t t = 0; + tzset(); + gmtime_r(&t, &tm); + localtime_r(&t, &tm); } /** @@ -599,7 +626,8 @@ static bool equals(backtrace_t *a, backtrace_t *b) * Summarize and print backtraces */ static int print_traces(private_leak_detective_t *this, - FILE *out, int thresh, int thresh_count, + leak_detective_report_cb_t cb, void *user, + int thresh, int thresh_count, bool detailed, int *whitelisted, size_t *sum) { int leaks = 0; @@ -652,16 +680,20 @@ static int print_traces(private_leak_detective_t *this, leaks++; } lock->unlock(lock); + enumerator = entries->create_enumerator(entries); while (enumerator->enumerate(enumerator, NULL, &entry)) { - if (out && - (!thresh || entry->bytes >= thresh) && - (!thresh_count || entry->count >= thresh_count)) + if (cb) { - fprintf(out, "%d bytes total, %d allocations, %d bytes average:\n", - entry->bytes, entry->count, entry->bytes / entry->count); - entry->backtrace->log(entry->backtrace, out, detailed); + if (!thresh || entry->bytes >= thresh) + { + if (!thresh_count || entry->count >= thresh_count) + { + this->report_cb(this->report_data, entry->count, + entry->bytes, entry->backtrace, detailed); + } + } } entry->backtrace->destroy(entry->backtrace); free(entry); @@ -681,38 +713,30 @@ METHOD(leak_detective_t, report, void, int leaks, whitelisted = 0; size_t sum = 0; - leaks = print_traces(this, stderr, 0, 0, detailed, &whitelisted, &sum); - switch (leaks) + leaks = print_traces(this, this->report_cb, this->report_data, + 0, 0, detailed, &whitelisted, &sum); + if (this->report_scb) { - case 0: - fprintf(stderr, "No leaks detected"); - break; - case 1: - fprintf(stderr, "One leak detected"); - break; - default: - fprintf(stderr, "%d leaks detected, %zu bytes", leaks, sum); - break; + this->report_scb(this->report_data, leaks, sum, whitelisted); } - fprintf(stderr, ", %d suppressed by whitelist\n", whitelisted); - } - else - { - fprintf(stderr, "Leak detective disabled\n"); } } +METHOD(leak_detective_t, set_report_cb, void, + private_leak_detective_t *this, leak_detective_report_cb_t cb, + leak_detective_summary_cb_t scb, void *user) +{ + this->report_cb = cb; + this->report_scb = scb; + this->report_data = user; +} + METHOD(leak_detective_t, leaks, int, private_leak_detective_t *this) { - if (lib->leak_detective) - { - int leaks, whitelisted = 0; + int whitelisted = 0; - leaks = print_traces(this, NULL, 0, 0, FALSE, &whitelisted, NULL); - return leaks; - } - return 0; + return print_traces(this, NULL, NULL, 0, 0, FALSE, &whitelisted, NULL); } METHOD(leak_detective_t, set_state, bool, @@ -722,22 +746,26 @@ METHOD(leak_detective_t, set_state, bool, } METHOD(leak_detective_t, usage, void, - private_leak_detective_t *this, FILE *out) + private_leak_detective_t *this, leak_detective_report_cb_t cb, + leak_detective_summary_cb_t scb, void *user) { bool detailed; - int thresh, thresh_count; + int thresh, thresh_count, leaks, whitelisted = 0; size_t sum = 0; thresh = lib->settings->get_int(lib->settings, - "libstrongswan.leak_detective.usage_threshold", 10240); + "%s.leak_detective.usage_threshold", 10240, lib->ns); thresh_count = lib->settings->get_int(lib->settings, - "libstrongswan.leak_detective.usage_threshold_count", 0); + "%s.leak_detective.usage_threshold_count", 0, lib->ns); detailed = lib->settings->get_bool(lib->settings, - "libstrongswan.leak_detective.detailed", TRUE); + "%s.leak_detective.detailed", TRUE, lib->ns); - print_traces(this, out, thresh, thresh_count, detailed, NULL, &sum); - - fprintf(out, "Total memory usage: %zu\n", sum); + leaks = print_traces(this, cb, user, thresh, thresh_count, + detailed, &whitelisted, &sum); + if (scb) + { + scb(user, leaks, sum, whitelisted); + } } /** @@ -924,6 +952,7 @@ METHOD(leak_detective_t, destroy, void, lock->destroy(lock); thread_disabled->destroy(thread_disabled); free(this); + first_header.next = NULL; } /* @@ -936,8 +965,9 @@ leak_detective_t *leak_detective_create() INIT(this, .public = { .report = _report, - .leaks = _leaks, + .set_report_cb = _set_report_cb, .usage = _usage, + .leaks = _leaks, .set_state = _set_state, .destroy = _destroy, }, diff --git a/src/libstrongswan/utils/leak_detective.h b/src/libstrongswan/utils/leak_detective.h index 7a29e81d7..3fd0b8c93 100644 --- a/src/libstrongswan/utils/leak_detective.h +++ b/src/libstrongswan/utils/leak_detective.h @@ -24,6 +24,30 @@ typedef struct leak_detective_t leak_detective_t; #include <library.h> +#include <utils/backtrace.h> + +/** + * Callback function to report leak/usage information + * + * @param user user specific data + * @param count number of allocations + * @param bytes total size of allocations + * @param bt backtrace of allocation + * @param detailed TRUE to show a detailed backtrace + */ +typedef void (*leak_detective_report_cb_t)(void *user, int count, size_t bytes, + backtrace_t *bt, bool detailed); + +/** + * Callback function to report leak/usage summary information + * + * @param user user specific data + * @param count total number of allocations + * @param bytes total size of all reported allocations + * @param whitelisted number of allocations suppressed by whitelist + */ +typedef void (*leak_detective_summary_cb_t)(void* user, int count, size_t bytes, + int whitelisted); /** * Leak detective finds leaks and bad frees using malloc hooks. @@ -36,25 +60,39 @@ typedef struct leak_detective_t leak_detective_t; struct leak_detective_t { /** - * Report leaks to stderr. + * Report leaks to the registered callback functions. * * @param detailed TRUE to resolve line/filename of leak (slow) */ void (*report)(leak_detective_t *this, bool detailed); /** - * Number of detected leaks. + * Report current memory usage to out. + * Set callback functions invoked during a report(). * - * @return number of leaks + * @param cb callback invoked for each detected leak + * @param scb summary callback invoked at end of report + * @param user user data to supply to callbacks */ - int (*leaks)(leak_detective_t *this); + void (*set_report_cb)(leak_detective_t *this, leak_detective_report_cb_t cb, + leak_detective_summary_cb_t scb, void *user); /** - * Report current memory usage to out. + * Report current memory usage using a callbacks. + * + * @param cb callback invoked for each allocation + * @param scb summary callback invoked at end of usage report + * @param user user data supplied to callbacks + */ + void (*usage)(leak_detective_t *this, leak_detective_report_cb_t cb, + leak_detective_summary_cb_t scb, void *user); + + /** + * Number of detected leaks. * - * @param out target to write usage report to + * @return number of leaks */ - void (*usage)(leak_detective_t *this, FILE *out); + int (*leaks)(leak_detective_t *this); /** * Enable/disable leak detective hooks for the current thread. diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c b/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c index d00abef20..c79d4b87a 100644 --- a/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c +++ b/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c @@ -122,10 +122,14 @@ size_t print_in_hook(printf_hook_data_t *data, char *fmt, ...) if (written > data->n) { - written = data->n; + data->q += data->n; + data->n = 0; + } + else + { + data->q += written; + data->n -= written; } - data->q += written; - data->n += written; return written; } @@ -725,12 +729,6 @@ int builtin_vsnprintf(char *buffer, size_t n, const char *format, va_list ap) switch (ch) { - case 'P': - { - /* Upper case pointer */ - flags |= FL_UPPER; - /* fall through */ - } case 'p': { /* Pointer */ diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c b/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c index 8fd1aed4a..5efe1d990 100644 --- a/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c +++ b/src/libstrongswan/utils/printf_hook/printf_hook_glibc.c @@ -19,10 +19,10 @@ #include <utils/utils.h> #include <utils/debug.h> -#include <printf.h> #include <stdio.h> #include <stdarg.h> #include <string.h> +#include <printf.h> typedef struct private_printf_hook_t private_printf_hook_t; typedef struct printf_hook_handler_t printf_hook_handler_t; diff --git a/src/libstrongswan/utils/settings.c b/src/libstrongswan/utils/settings.c index 809ca10ab..490490a1e 100644 --- a/src/libstrongswan/utils/settings.c +++ b/src/libstrongswan/utils/settings.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010 Tobias Brunner + * Copyright (C) 2010-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -20,7 +20,6 @@ #include <stdio.h> #include <errno.h> #include <limits.h> -#include <libgen.h> #include <sys/types.h> #include <sys/stat.h> #include <unistd.h> @@ -31,6 +30,8 @@ #include "settings.h" +#include "collections/array.h" +#include "collections/hashtable.h" #include "collections/linked_list.h" #include "threading/rwlock.h" #include "utils/debug.h" @@ -78,14 +79,19 @@ struct section_t { char *name; /** + * fallback sections, as section_t + */ + array_t *fallbacks; + + /** * subsections, as section_t */ - linked_list_t *sections; + array_t *sections; /** * key value pairs, as kv_t */ - linked_list_t *kv; + array_t *kv; }; /** @@ -134,8 +140,6 @@ static section_t *section_create(char *name) section_t *this; INIT(this, .name = strdupnull(name), - .sections = linked_list_create(), - .kv = linked_list_create(), ); return this; } @@ -145,37 +149,73 @@ static section_t *section_create(char *name) */ static void section_destroy(section_t *this) { - this->kv->destroy_function(this->kv, (void*)kv_destroy); - this->sections->destroy_function(this->sections, (void*)section_destroy); + array_destroy_function(this->sections, (void*)section_destroy, NULL); + array_destroy_function(this->kv, (void*)kv_destroy, NULL); + array_destroy(this->fallbacks); free(this->name); free(this); } /** - * Purge contents of a section + * Purge contents of a section, returns if section can be safely removed. */ -static void section_purge(section_t *this) +static bool section_purge(section_t *this) { - this->kv->destroy_function(this->kv, (void*)kv_destroy); - this->kv = linked_list_create(); - this->sections->destroy_function(this->sections, (void*)section_destroy); - this->sections = linked_list_create(); + section_t *current; + int i; + + array_destroy_function(this->kv, (void*)kv_destroy, NULL); + this->kv = NULL; + /* we ensure sections used as fallback, or configured with fallbacks (or + * having any such subsections) are not removed */ + for (i = array_count(this->sections) - 1; i >= 0; i--) + { + array_get(this->sections, i, ¤t); + if (section_purge(current)) + { + array_remove(this->sections, i, NULL); + section_destroy(current); + } + } + return !this->fallbacks && !array_count(this->sections); } /** * callback to find a section by name */ -static bool section_find(section_t *this, char *name) +static int section_find(const void *a, const void *b) { - return streq(this->name, name); + const char *key = a; + const section_t *item = b; + return strcmp(key, item->name); +} + +/** + * callback to sort sections by name + */ +static int section_sort(const void *a, const void *b, void *user) +{ + const section_t *sa = a, *sb = b; + return strcmp(sa->name, sb->name); } /** * callback to find a kv pair by key */ -static bool kv_find(kv_t *this, char *key) +static int kv_find(const void *a, const void *b) +{ + const char *key = a; + const kv_t *item = b; + return strcmp(key, item->key); +} + +/** + * callback to sort kv pairs by key + */ +static int kv_sort(const void *a, const void *b, void *user) { - return streq(this->key, key); + const kv_t *kva = a, *kvb = b; + return strcmp(kva->key, kvb->key); } /** @@ -184,17 +224,16 @@ static bool kv_find(kv_t *this, char *key) static bool print_key(char *buf, int len, char *start, char *key, va_list args) { va_list copy; + char *pos = start; bool res; - char *pos; va_copy(copy, args); - while (start < key) + while (TRUE) { - pos = strchr(start, '%'); + pos = memchr(pos, '%', key - pos); if (!pos) { - start += strlen(start) + 1; - continue; + break; } pos++; switch (*pos) @@ -215,11 +254,7 @@ static bool print_key(char *buf, int len, char *start, char *key, va_list args) DBG1(DBG_CFG, "settings with %%%c not supported!", *pos); break; } - start = pos; - if (*start) - { - start++; - } + pos++; } res = vsnprintf(buf, len, key, copy) < len; va_end(copy); @@ -251,14 +286,17 @@ static section_t *find_section_buffered(section_t *section, { return NULL; } - if (section->sections->find_first(section->sections, - (linked_list_match_t)section_find, - (void**)&found, buf) != SUCCESS) + if (!strlen(buf)) + { + found = section; + } + else if (array_bsearch(section->sections, buf, section_find, &found) == -1) { if (ensure) { found = section_create(buf); - section->sections->insert_last(section->sections, found); + array_insert_create(§ion->sections, ARRAY_TAIL, found); + array_sort(section->sections, section_sort, NULL); } } if (found && pos) @@ -269,10 +307,74 @@ static section_t *find_section_buffered(section_t *section, } /** - * Find a section by a given key (thread-safe). + * Find all sections via a given key considering fallbacks, using buffered key, + * reusable buffer. + */ +static void find_sections_buffered(section_t *section, char *start, char *key, + va_list args, char *buf, int len, array_t **sections) +{ + section_t *found = NULL, *fallback; + char *pos; + int i; + + if (!section) + { + return; + } + pos = strchr(key, '.'); + if (pos) + { + *pos = '\0'; + } + if (!print_key(buf, len, start, key, args)) + { + return; + } + if (pos) + { /* restore so we can follow fallbacks */ + *pos = '.'; + } + if (!strlen(buf)) + { + found = section; + } + else + { + array_bsearch(section->sections, buf, section_find, &found); + } + if (found) + { + if (pos) + { + find_sections_buffered(found, start, pos+1, args, buf, len, + sections); + } + else + { + array_insert_create(sections, ARRAY_TAIL, found); + for (i = 0; i < array_count(found->fallbacks); i++) + { + array_get(found->fallbacks, i, &fallback); + array_insert_create(sections, ARRAY_TAIL, fallback); + } + } + } + if (section->fallbacks) + { + for (i = 0; i < array_count(section->fallbacks); i++) + { + array_get(section->fallbacks, i, &fallback); + find_sections_buffered(fallback, start, key, args, buf, len, + sections); + } + } +} + +/** + * Ensure that the section with the given key exists (thread-safe). */ -static section_t *find_section(private_settings_t *this, section_t *section, - char *key, va_list args) +static section_t *ensure_section(private_settings_t *this, section_t *section, + const char *key, va_list args) { char buf[128], keybuf[512]; section_t *found; @@ -281,42 +383,101 @@ static section_t *find_section(private_settings_t *this, section_t *section, { return NULL; } - this->lock->read_lock(this->lock); + /* we might have to change the tree */ + this->lock->write_lock(this->lock); found = find_section_buffered(section, keybuf, keybuf, args, buf, - sizeof(buf), FALSE); + sizeof(buf), TRUE); this->lock->unlock(this->lock); return found; } /** - * Ensure that the section with the given key exists (thread-safe). + * Find a section by a given key with its fallbacks (not thread-safe!). + * Sections are returned in depth-first order (array is allocated). NULL is + * returned if no sections are found. */ -static section_t *ensure_section(private_settings_t *this, section_t *section, - char *key, va_list args) +static array_t *find_sections(private_settings_t *this, section_t *section, + char *key, va_list args) { char buf[128], keybuf[512]; - section_t *found; + array_t *sections = NULL; if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) { return NULL; } - /* we might have to change the tree */ + find_sections_buffered(section, keybuf, keybuf, args, buf, + sizeof(buf), §ions); + return sections; +} + +/** + * Check if the given fallback section already exists + */ +static bool fallback_exists(section_t *section, section_t *fallback) +{ + if (section == fallback) + { + return TRUE; + } + else if (section->fallbacks) + { + section_t *existing; + int i; + + for (i = 0; i < array_count(section->fallbacks); i++) + { + array_get(section->fallbacks, i, &existing); + if (existing == fallback) + { + return TRUE; + } + } + } + return FALSE; +} + +/** + * Ensure that the section with the given key exists and add the given fallback + * section (thread-safe). + */ +static void add_fallback_to_section(private_settings_t *this, + section_t *section, const char *key, va_list args, + section_t *fallback) +{ + char buf[128], keybuf[512]; + section_t *found; + + if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) + { + return; + } this->lock->write_lock(this->lock); found = find_section_buffered(section, keybuf, keybuf, args, buf, sizeof(buf), TRUE); + if (!fallback_exists(found, fallback)) + { + /* to ensure sections referred to as fallback are not purged, we create + * the array there too */ + if (!fallback->fallbacks) + { + fallback->fallbacks = array_create(0, 0); + } + array_insert_create(&found->fallbacks, ARRAY_TAIL, fallback); + } this->lock->unlock(this->lock); - return found; } /** * Find the key/value pair for a key, using buffered key, reusable buffer * If "ensure" is TRUE, the sections (and key/value pair) are created if they * don't exist. + * Fallbacks are only considered if "ensure" is FALSE. */ static kv_t *find_value_buffered(section_t *section, char *start, char *key, va_list args, char *buf, int len, bool ensure) { + int i; char *pos; kv_t *kv = NULL; section_t *found = NULL; @@ -330,25 +491,40 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, if (pos) { *pos = '\0'; - pos++; - if (!print_key(buf, len, start, key, args)) { return NULL; } - if (section->sections->find_first(section->sections, - (linked_list_match_t)section_find, - (void**)&found, buf) != SUCCESS) + /* restore so we can retry for fallbacks */ + *pos = '.'; + if (!strlen(buf)) + { + found = section; + } + else if (array_bsearch(section->sections, buf, section_find, + &found) == -1) { - if (!ensure) + if (ensure) { - return NULL; + found = section_create(buf); + array_insert_create(§ion->sections, ARRAY_TAIL, found); + array_sort(section->sections, section_sort, NULL); + } + } + if (found) + { + kv = find_value_buffered(found, start, pos+1, args, buf, len, + ensure); + } + if (!kv && !ensure && section->fallbacks) + { + for (i = 0; !kv && i < array_count(section->fallbacks); i++) + { + array_get(section->fallbacks, i, &found); + kv = find_value_buffered(found, start, key, args, buf, len, + ensure); } - found = section_create(buf); - section->sections->insert_last(section->sections, found); } - return find_value_buffered(found, start, pos, args, buf, len, - ensure); } else { @@ -356,13 +532,22 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, { return NULL; } - if (section->kv->find_first(section->kv, (linked_list_match_t)kv_find, - (void**)&kv, buf) != SUCCESS) + if (array_bsearch(section->kv, buf, kv_find, &kv) == -1) { if (ensure) { kv = kv_create(buf, NULL); - section->kv->insert_last(section->kv, kv); + array_insert_create(§ion->kv, ARRAY_TAIL, kv); + array_sort(section->kv, kv_sort, NULL); + } + else if (section->fallbacks) + { + for (i = 0; !kv && i < array_count(section->fallbacks); i++) + { + array_get(section->fallbacks, i, &found); + kv = find_value_buffered(found, start, key, args, buf, len, + ensure); + } } } } @@ -429,7 +614,7 @@ static void set_value(private_settings_t *this, section_t *section, } METHOD(settings_t, get_str, char*, - private_settings_t *this, char *key, char *def, ...) + private_settings_t *this, char *key, char *def, ...) { char *value; va_list args; @@ -470,7 +655,7 @@ inline bool settings_value_as_bool(char *value, bool def) } METHOD(settings_t, get_bool, bool, - private_settings_t *this, char *key, bool def, ...) + private_settings_t *this, char *key, bool def, ...) { char *value; va_list args; @@ -500,7 +685,7 @@ inline int settings_value_as_int(char *value, int def) } METHOD(settings_t, get_int, int, - private_settings_t *this, char *key, int def, ...) + private_settings_t *this, char *key, int def, ...) { char *value; va_list args; @@ -530,7 +715,7 @@ inline double settings_value_as_double(char *value, double def) } METHOD(settings_t, get_double, double, - private_settings_t *this, char *key, double def, ...) + private_settings_t *this, char *key, double def, ...) { char *value; va_list args; @@ -576,7 +761,7 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) } METHOD(settings_t, get_time, u_int32_t, - private_settings_t *this, char *key, u_int32_t def, ...) + private_settings_t *this, char *key, u_int32_t def, ...) { char *value; va_list args; @@ -588,7 +773,7 @@ METHOD(settings_t, get_time, u_int32_t, } METHOD(settings_t, set_str, void, - private_settings_t *this, char *key, char *value, ...) + private_settings_t *this, char *key, char *value, ...) { va_list args; va_start(args, value); @@ -597,7 +782,7 @@ METHOD(settings_t, set_str, void, } METHOD(settings_t, set_bool, void, - private_settings_t *this, char *key, bool value, ...) + private_settings_t *this, char *key, bool value, ...) { va_list args; va_start(args, value); @@ -606,7 +791,7 @@ METHOD(settings_t, set_bool, void, } METHOD(settings_t, set_int, void, - private_settings_t *this, char *key, int value, ...) + private_settings_t *this, char *key, int value, ...) { char val[16]; va_list args; @@ -619,7 +804,7 @@ METHOD(settings_t, set_int, void, } METHOD(settings_t, set_double, void, - private_settings_t *this, char *key, double value, ...) + private_settings_t *this, char *key, double value, ...) { char val[64]; va_list args; @@ -632,7 +817,7 @@ METHOD(settings_t, set_double, void, } METHOD(settings_t, set_time, void, - private_settings_t *this, char *key, u_int32_t value, ...) + private_settings_t *this, char *key, u_int32_t value, ...) { char val[16]; va_list args; @@ -645,7 +830,7 @@ METHOD(settings_t, set_time, void, } METHOD(settings_t, set_default_str, bool, - private_settings_t *this, char *key, char *value, ...) + private_settings_t *this, char *key, char *value, ...) { char *old; va_list args; @@ -665,63 +850,143 @@ METHOD(settings_t, set_default_str, bool, } /** + * Data for enumerators + */ +typedef struct { + /** settings_t instance */ + private_settings_t *settings; + /** sections to enumerate */ + array_t *sections; + /** sections/keys that were already enumerated */ + hashtable_t *seen; +} enumerator_data_t; + +/** + * Destroy enumerator data + */ +static void enumerator_destroy(enumerator_data_t *this) +{ + this->settings->lock->unlock(this->settings->lock); + this->seen->destroy(this->seen); + array_destroy(this->sections); + free(this); +} + +/** * Enumerate section names, not sections */ -static bool section_filter(void *null, section_t **in, char **out) +static bool section_filter(hashtable_t *seen, section_t **in, char **out) { *out = (*in)->name; + if (seen->get(seen, *out)) + { + return FALSE; + } + seen->put(seen, *out, *out); return TRUE; } +/** + * Enumerate sections of the given section + */ +static enumerator_t *section_enumerator(section_t *section, + enumerator_data_t *data) +{ + return enumerator_create_filter(array_create_enumerator(section->sections), + (void*)section_filter, data->seen, NULL); +} + METHOD(settings_t, create_section_enumerator, enumerator_t*, - private_settings_t *this, char *key, ...) + private_settings_t *this, char *key, ...) { - section_t *section; + enumerator_data_t *data; + array_t *sections; va_list args; + this->lock->read_lock(this->lock); va_start(args, key); - section = find_section(this, this->top, key, args); + sections = find_sections(this, this->top, key, args); va_end(args); - if (!section) + if (!sections) { + this->lock->unlock(this->lock); return enumerator_create_empty(); } - this->lock->read_lock(this->lock); - return enumerator_create_filter( - section->sections->create_enumerator(section->sections), - (void*)section_filter, this->lock, (void*)this->lock->unlock); + INIT(data, + .settings = this, + .sections = sections, + .seen = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8), + ); + return enumerator_create_nested(array_create_enumerator(sections), + (void*)section_enumerator, data, (void*)enumerator_destroy); } /** * Enumerate key and values, not kv_t entries */ -static bool kv_filter(void *null, kv_t **in, char **key, +static bool kv_filter(hashtable_t *seen, kv_t **in, char **key, void *none, char **value) { *key = (*in)->key; + if (seen->get(seen, *key)) + { + return FALSE; + } *value = (*in)->value; + seen->put(seen, *key, *key); return TRUE; } +/** + * Enumerate key/value pairs of the given section + */ +static enumerator_t *kv_enumerator(section_t *section, enumerator_data_t *data) +{ + return enumerator_create_filter(array_create_enumerator(section->kv), + (void*)kv_filter, data->seen, NULL); +} + METHOD(settings_t, create_key_value_enumerator, enumerator_t*, - private_settings_t *this, char *key, ...) + private_settings_t *this, char *key, ...) { - section_t *section; + enumerator_data_t *data; + array_t *sections; va_list args; + this->lock->read_lock(this->lock); va_start(args, key); - section = find_section(this, this->top, key, args); + sections = find_sections(this, this->top, key, args); va_end(args); - if (!section) + if (!sections) { + this->lock->unlock(this->lock); return enumerator_create_empty(); } - this->lock->read_lock(this->lock); - return enumerator_create_filter( - section->kv->create_enumerator(section->kv), - (void*)kv_filter, this->lock, (void*)this->lock->unlock); + INIT(data, + .settings = this, + .sections = sections, + .seen = hashtable_create(hashtable_hash_str, hashtable_equals_str, 8), + ); + return enumerator_create_nested(array_create_enumerator(sections), + (void*)kv_enumerator, data, (void*)enumerator_destroy); +} + +METHOD(settings_t, add_fallback, void, + private_settings_t *this, const char *key, const char *fallback, ...) +{ + section_t *section; + va_list args; + + /* find/create the fallback */ + va_start(args, fallback); + section = ensure_section(this, this->top, fallback, args); + va_end(args); + + va_start(args, fallback); + add_fallback_to_section(this, this->top, key, args, section); + va_end(args); } /** @@ -881,15 +1146,15 @@ static bool parse_section(linked_list_t *contents, char *file, int level, section->name); continue; } - if (section->sections->find_first(section->sections, - (linked_list_match_t)section_find, - (void**)&sub, key) != SUCCESS) + if (array_bsearch(section->sections, key, section_find, + &sub) == -1) { sub = section_create(key); if (parse_section(contents, file, level, &inner, sub)) { - section->sections->insert_last(section->sections, - sub); + array_insert_create(§ion->sections, ARRAY_TAIL, + sub); + array_sort(section->sections, section_sort, NULL); continue; } section_destroy(sub); @@ -916,12 +1181,11 @@ static bool parse_section(linked_list_t *contents, char *file, int level, section->name); continue; } - if (section->kv->find_first(section->kv, - (linked_list_match_t)kv_find, - (void**)&kv, key) != SUCCESS) + if (array_bsearch(section->kv, key, kv_find, &kv) == -1) { kv = kv_create(key, value); - section->kv->insert_last(section->kv, kv); + array_insert_create(§ion->kv, ARRAY_TAIL, kv); + array_sort(section->kv, kv_sort, NULL); } else { /* replace with the most recently read value */ @@ -1037,8 +1301,7 @@ static bool parse_files(linked_list_t *contents, char *file, int level, } else { /* base relative paths to the directory of the current file */ - char *dir = strdup(file); - dir = dirname(dir); + char *dir = path_dirname(file); if (snprintf(pat, sizeof(pat), "%s/%s", dir, pattern) >= sizeof(pat)) { DBG1(DBG_LIB, "include pattern too long, ignored"); @@ -1092,37 +1355,37 @@ static void section_extend(section_t *base, section_t *extension) section_t *sec; kv_t *kv; - enumerator = extension->sections->create_enumerator(extension->sections); + enumerator = array_create_enumerator(extension->sections); while (enumerator->enumerate(enumerator, (void**)&sec)) { section_t *found; - if (base->sections->find_first(base->sections, - (linked_list_match_t)section_find, (void**)&found, - sec->name) == SUCCESS) + if (array_bsearch(base->sections, sec->name, section_find, + &found) != -1) { section_extend(found, sec); } else { - extension->sections->remove_at(extension->sections, enumerator); - base->sections->insert_last(base->sections, sec); + array_remove_at(extension->sections, enumerator); + array_insert_create(&base->sections, ARRAY_TAIL, sec); + array_sort(base->sections, section_sort, NULL); } } enumerator->destroy(enumerator); - enumerator = extension->kv->create_enumerator(extension->kv); + enumerator = array_create_enumerator(extension->kv); while (enumerator->enumerate(enumerator, (void**)&kv)) { kv_t *found; - if (base->kv->find_first(base->kv, (linked_list_match_t)kv_find, - (void**)&found, kv->key) == SUCCESS) + if (array_bsearch(base->kv, kv->key, kv_find, &found) != -1) { found->value = kv->value; } else { - extension->kv->remove_at(extension->kv, enumerator); - base->kv->insert_last(base->kv, kv); + array_remove_at(extension->kv, enumerator); + array_insert_create(&base->kv, ARRAY_TAIL, kv); + array_sort(base->kv, kv_sort, NULL); } } enumerator->destroy(enumerator); @@ -1179,13 +1442,13 @@ static bool load_files_internal(private_settings_t *this, section_t *parent, } METHOD(settings_t, load_files, bool, - private_settings_t *this, char *pattern, bool merge) + private_settings_t *this, char *pattern, bool merge) { return load_files_internal(this, this->top, pattern, merge); } METHOD(settings_t, load_files_section, bool, - private_settings_t *this, char *pattern, bool merge, char *key, ...) + private_settings_t *this, char *pattern, bool merge, char *key, ...) { section_t *section; va_list args; @@ -1202,7 +1465,7 @@ METHOD(settings_t, load_files_section, bool, } METHOD(settings_t, destroy, void, - private_settings_t *this) + private_settings_t *this) { section_destroy(this->top); this->contents->destroy_function(this->contents, (void*)free); @@ -1232,6 +1495,7 @@ settings_t *settings_create(char *file) .set_default_str = _set_default_str, .create_section_enumerator = _create_section_enumerator, .create_key_value_enumerator = _create_key_value_enumerator, + .add_fallback = _add_fallback, .load_files = _load_files, .load_files_section = _load_files_section, .destroy = _destroy, diff --git a/src/libstrongswan/utils/settings.h b/src/libstrongswan/utils/settings.h index df0c534e9..46403c4d3 100644 --- a/src/libstrongswan/utils/settings.h +++ b/src/libstrongswan/utils/settings.h @@ -269,6 +269,31 @@ struct settings_t { char *section, ...); /** + * Add a fallback for the given section. + * + * Example: When the fallback 'section-two' is configured for + * 'section-one.two' any failed lookup for a section or key in + * 'section-one.two' will result in a lookup for the same section/key + * in 'section-two'. + * + * @note Lookups are depth-first and currently strictly top-down. + * For instance, if app.sec had lib1.sec as fallback and lib1 had lib2 as + * fallback the keys/sections in lib2.sec would not be considered. But if + * app had lib3 as fallback the contents of lib3.sec would (as app is passed + * during the initial lookup). In the last example the order during + * enumerations would be app.sec, lib1.sec, lib3.sec. + * + * @note Additional arguments will be applied to both section format + * strings so they must be compatible. + * + * @param section section for which a fallback is configured, printf style + * @param fallback fallback section, printf style + * @param ... argument list for section and fallback + */ + void (*add_fallback)(settings_t *this, const char *section, + const char *fallback, ...); + + /** * Load settings from the files matching the given pattern. * * If merge is TRUE, existing sections are extended, existing values diff --git a/src/libstrongswan/utils/test.c b/src/libstrongswan/utils/test.c new file mode 100644 index 000000000..7de5a7661 --- /dev/null +++ b/src/libstrongswan/utils/test.c @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test.h" + +#include <library.h> + +/** + * A collection of testable functions + */ +hashtable_t *testable_functions; + +/* + * Described in header. + */ +void testable_function_register(char *name, void *fn) +{ + if (testable_functions) + { + bool old = FALSE; + if (lib->leak_detective) + { + old = lib->leak_detective->set_state(lib->leak_detective, FALSE); + } + if (fn) + { + testable_functions->put(testable_functions, name, fn); + } + else + { + testable_functions->remove(testable_functions, name); + } + if (lib->leak_detective) + { + lib->leak_detective->set_state(lib->leak_detective, old); + } + } +} diff --git a/src/libstrongswan/utils/test.h b/src/libstrongswan/utils/test.h new file mode 100644 index 000000000..5b7289244 --- /dev/null +++ b/src/libstrongswan/utils/test.h @@ -0,0 +1,96 @@ +/* + * Copyright (C) 2013 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup test test + * @{ @ingroup utils + */ + +#ifndef TEST_H_ +#define TEST_H_ + +#include "collections/hashtable.h" + +/** + * Collection of testable functions. + * + * @note Is initialized only if libtest is loaded. + */ +extern hashtable_t *testable_functions; + +/** + * Register a (possibly static) function so that it can be called from tests. + * + * @param name name (namespace/function) + * @param fn function to register (set to NULL to unregister) + */ +void testable_function_register(char *name, void *fn); + +/** + * Macro to automatically register/unregister a function that can be called + * from tests. + * + * @note The constructor has a priority set so that it runs after the + * constructor that creates the hashtable. The destructor, on the other hand, + * does not have a priority set, as test coverage would report that function as + * untested otherwise. + * + * @param ns namespace + * @param fn function to register + */ +#define EXPORT_FUNCTION_FOR_TESTS(ns, fn) \ +static void testable_function_register_##fn() __attribute__ ((constructor(2000))); \ +static void testable_function_register_##fn() \ +{ \ + testable_function_register(#ns "/" #fn, fn); \ +} \ +static void testable_function_unregister_##fn() __attribute__ ((destructor)); \ +static void testable_function_unregister_##fn() \ +{ \ + testable_function_register(#ns "/" #fn, NULL); \ +} + +/** + * Import a registered function so that it can be called from tests. + * + * @note If the imported function is static (or no conflicting header files + * are included) ret can be prefixed with static to declare the function static. + * + * @note We allocate an arbitrary amount of stack space, hopefully enough for + * all arguments. + * + * @param ns namespace of the function + * @param name name of the function + * @param ret return type of the function + * @param ... arguments of the function + */ +#define IMPORT_FUNCTION_FOR_TESTS(ns, name, ret, ...) \ +ret name(__VA_ARGS__) \ +{ \ + void (*fn)() = NULL; \ + if (testable_functions) \ + { \ + fn = testable_functions->get(testable_functions, #ns "/" #name); \ + } \ + if (fn) \ + { \ + void *args = __builtin_apply_args(); \ + __builtin_return(__builtin_apply(fn, args, 16*sizeof(void*))); \ + } \ + test_fail_msg(__FILE__, __LINE__, "function " #name " (" #ns ") not found"); \ + __builtin_return(NULL); \ +} + +#endif /** TEST_H_ @}*/ diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index 266fb4357..fe80edb82 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2012 Tobias Brunner + * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -14,8 +14,7 @@ * for more details. */ -#include "utils.h" - +#define _GNU_SOURCE /* for memrchr */ #include <sys/stat.h> #include <string.h> #include <stdio.h> @@ -27,6 +26,8 @@ #include <time.h> #include <pthread.h> +#include "utils.h" + #include "collections/enumerator.h" #include "utils/debug.h" #include "utils/chunk.h" @@ -102,7 +103,7 @@ void memwipe_noinline(void *ptr, size_t n) */ void *memstr(const void *haystack, const char *needle, size_t n) { - unsigned const char *pos = haystack; + const u_char *pos = haystack; size_t l; if (!haystack || !needle || (l = strlen(needle)) == 0) @@ -122,6 +123,28 @@ void *memstr(const void *haystack, const char *needle, size_t n) /** * Described in header. */ +void *utils_memrchr(const void *s, int c, size_t n) +{ + const u_char *pos; + + if (!s || !n) + { + return NULL; + } + + for (pos = s + n - 1; pos >= (u_char*)s; pos--) + { + if (*pos == (u_char)c) + { + return (void*)pos; + } + } + return NULL; +} + +/** + * Described in header. + */ char* translate(char *str, const char *from, const char *to) { char *pos = str; @@ -144,6 +167,115 @@ char* translate(char *str, const char *from, const char *to) /** * Described in header. */ +char* strreplace(const char *str, const char *search, const char *replace) +{ + size_t len, slen, rlen, count = 0; + char *res, *pos, *found, *dst; + + if (!str || !*str || !search || !*search || !replace) + { + return (char*)str; + } + slen = strlen(search); + rlen = strlen(replace); + if (slen != rlen) + { + for (pos = (char*)str; (pos = strstr(pos, search)); pos += slen) + { + found = pos; + count++; + } + if (!count) + { + return (char*)str; + } + len = (found - str) + strlen(found) + count * (rlen - slen); + } + else + { + len = strlen(str); + } + found = strstr(str, search); + if (!found) + { + return (char*)str; + } + dst = res = malloc(len + 1); + pos = (char*)str; + do + { + len = found - pos; + memcpy(dst, pos, len); + dst += len; + memcpy(dst, replace, rlen); + dst += rlen; + pos = found + slen; + } + while ((found = strstr(pos, search))); + strcpy(dst, pos); + return res; +} + +/** + * Described in header. + */ +char* path_dirname(const char *path) +{ + char *pos; + + pos = path ? strrchr(path, '/') : NULL; + + if (pos && !pos[1]) + { /* if path ends with slashes we have to look beyond them */ + while (pos > path && *pos == '/') + { /* skip trailing slashes */ + pos--; + } + pos = memrchr(path, '/', pos - path + 1); + } + if (!pos) + { + return strdup("."); + } + while (pos > path && *pos == '/') + { /* skip superfluous slashes */ + pos--; + } + return strndup(path, pos - path + 1); +} + +/** + * Described in header. + */ +char* path_basename(const char *path) +{ + char *pos, *trail = NULL; + + if (!path || !*path) + { + return strdup("."); + } + pos = strrchr(path, '/'); + if (pos && !pos[1]) + { /* if path ends with slashes we have to look beyond them */ + while (pos > path && *pos == '/') + { /* skip trailing slashes */ + pos--; + } + if (pos == path && *pos == '/') + { /* contains only slashes */ + return strdup("/"); + } + trail = pos + 1; + pos = memrchr(path, '/', trail - path); + } + pos = pos ? pos + 1 : (char*)path; + return trail ? strndup(pos, trail - pos) : strdup(pos); +} + +/** + * Described in header. + */ bool mkdir_p(const char *path, mode_t mode) { int len; @@ -251,84 +383,6 @@ char* tty_escape_get(int fd, tty_escape_t escape) return ""; } -/** - * The size of the thread-specific error buffer - */ -#define STRERROR_BUF_LEN 256 - -/** - * Key to store thread-specific error buffer - */ -static pthread_key_t strerror_buf_key; - -/** - * Only initialize the key above once - */ -static pthread_once_t strerror_buf_key_once = PTHREAD_ONCE_INIT; - -/** - * Create the key used for the thread-specific error buffer - */ -static void create_strerror_buf_key() -{ - pthread_key_create(&strerror_buf_key, free); -} - -/** - * Retrieve the error buffer assigned to the current thread (or create it) - */ -static inline char *get_strerror_buf() -{ - char *buf; - - pthread_once(&strerror_buf_key_once, create_strerror_buf_key); - buf = pthread_getspecific(strerror_buf_key); - if (!buf) - { - buf = malloc(STRERROR_BUF_LEN); - pthread_setspecific(strerror_buf_key, buf); - } - return buf; -} - -#ifdef HAVE_STRERROR_R -/* - * Described in header. - */ -const char *safe_strerror(int errnum) -{ - char *buf = get_strerror_buf(), *msg; - -#ifdef STRERROR_R_CHAR_P - /* char* version which may or may not return the original buffer */ - msg = strerror_r(errnum, buf, STRERROR_BUF_LEN); -#else - /* int version returns 0 on success */ - msg = strerror_r(errnum, buf, STRERROR_BUF_LEN) ? "Unknown error" : buf; -#endif - return msg; -} -#else /* HAVE_STRERROR_R */ -/* we actually wan't to call strerror(3) below */ -#undef strerror -/* - * Described in header. - */ -const char *safe_strerror(int errnum) -{ - static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; - char *buf = get_strerror_buf(); - - /* use a mutex to ensure calling strerror(3) is thread-safe */ - pthread_mutex_lock(&mutex); - strncpy(buf, strerror(errnum), STRERROR_BUF_LEN); - pthread_mutex_unlock(&mutex); - buf[STRERROR_BUF_LEN - 1] = '\0'; - return buf; -} -#endif /* HAVE_STRERROR_R */ - - #ifndef HAVE_CLOSEFROM /** * Described in header. @@ -570,7 +624,7 @@ int time_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; time_t *time = *((time_t**)(args[0])); - bool utc = *((bool*)(args[1]));; + bool utc = *((int*)(args[1])); struct tm t; if (*time == UNDEFINED_TIME) diff --git a/src/libstrongswan/utils/utils.h b/src/libstrongswan/utils/utils.h index cda7edf08..a55e7d831 100644 --- a/src/libstrongswan/utils/utils.h +++ b/src/libstrongswan/utils/utils.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2012 Tobias Brunner + * Copyright (C) 2008-2014 Tobias Brunner * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -30,6 +30,7 @@ #include <string.h> #include "enum.h" +#include "utils/strerror.h" /** * strongSwan program return codes @@ -464,6 +465,20 @@ static inline void memwipe(void *ptr, size_t n) void *memstr(const void *haystack, const char *needle, size_t n); /** + * Replacement for memrchr(3) if it is not provided by the C library. + * + * @param s start of the memory area to search + * @param c character to search + * @param n length of memory area to search + * @return pointer to the found character or NULL + */ +void *utils_memrchr(const void *s, int c, size_t n); + +#ifndef HAVE_MEMRCHR +#define memrchr(s,c,n) utils_memrchr(s,c,n) +#endif + +/** * Translates the characters in the given string, searching for characters * in 'from' and mapping them to characters in 'to'. * The two characters sets 'from' and 'to' must contain the same number of @@ -472,36 +487,59 @@ void *memstr(const void *haystack, const char *needle, size_t n); char *translate(char *str, const char *from, const char *to); /** - * Creates a directory and all required parent directories. + * Replaces all occurrences of search in the given string with replace. * - * @param path path to the new directory - * @param mode permissions of the new directory/directories - * @return TRUE on success + * Allocates memory only if anything is replaced in the string. The original + * string is also returned if any of the arguments are invalid (e.g. if search + * is empty or any of them are NULL). + * + * @param str original string + * @param search string to search for and replace + * @param replace string to replace found occurrences with + * @return allocated string, if anything got replaced, str otherwise */ -bool mkdir_p(const char *path, mode_t mode); +char *strreplace(const char *str, const char *search, const char *replace); /** - * Thread-safe wrapper around strerror and strerror_r. + * Like dirname(3) returns the directory part of the given null-terminated + * pathname, up to but not including the final '/' (or '.' if no '/' is found). + * Trailing '/' are not counted as part of the pathname. * - * This is required because the first is not thread-safe (on some platforms) - * and the second uses two different signatures (POSIX/GNU) and is impractical - * to use anyway. + * The difference is that it does this in a thread-safe manner (i.e. it does not + * use static buffers) and does not modify the original path. * - * @param errnum error code (i.e. errno) - * @return error message + * @param path original pathname + * @return allocated directory component */ -const char *safe_strerror(int errnum); +char *path_dirname(const char *path); /** - * Replace usages of strerror(3) with thread-safe variant. + * Like basename(3) returns the filename part of the given null-terminated path, + * i.e. the part following the final '/' (or '.' if path is empty or NULL). + * Trailing '/' are not counted as part of the pathname. + * + * The difference is that it does this in a thread-safe manner (i.e. it does not + * use static buffers) and does not modify the original path. + * + * @param path original pathname + * @return allocated filename component */ -#define strerror(errnum) safe_strerror(errnum) +char *path_basename(const char *path); + +/** + * Creates a directory and all required parent directories. + * + * @param path path to the new directory + * @param mode permissions of the new directory/directories + * @return TRUE on success + */ +bool mkdir_p(const char *path, mode_t mode); #ifndef HAVE_CLOSEFROM /** * Close open file descriptors greater than or equal to lowfd. * - * @param lowfd start closing file descriptoros from here + * @param lowfd start closing file descriptors from here */ void closefrom(int lowfd); #endif diff --git a/src/libstrongswan/utils/utils/strerror.c b/src/libstrongswan/utils/utils/strerror.c new file mode 100644 index 000000000..95e463f5f --- /dev/null +++ b/src/libstrongswan/utils/utils/strerror.c @@ -0,0 +1,97 @@ +/* + * Copyright (C) 2012-2014 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <stdlib.h> +#include <string.h> +#include <pthread.h> + +#include "strerror.h" + +/** + * The size of the thread-specific error buffer + */ +#define STRERROR_BUF_LEN 256 + +/** + * Key to store thread-specific error buffer + */ +static pthread_key_t strerror_buf_key; + +/** + * Only initialize the key above once + */ +static pthread_once_t strerror_buf_key_once = PTHREAD_ONCE_INIT; + +/** + * Create the key used for the thread-specific error buffer + */ +static void create_strerror_buf_key() +{ + pthread_key_create(&strerror_buf_key, free); +} + +/** + * Retrieve the error buffer assigned to the current thread (or create it) + */ +static inline char *get_strerror_buf() +{ + char *buf; + + pthread_once(&strerror_buf_key_once, create_strerror_buf_key); + buf = pthread_getspecific(strerror_buf_key); + if (!buf) + { + buf = malloc(STRERROR_BUF_LEN); + pthread_setspecific(strerror_buf_key, buf); + } + return buf; +} + +#ifdef HAVE_STRERROR_R +/* + * Described in header. + */ +const char *strerror_safe(int errnum) +{ + char *buf = get_strerror_buf(), *msg; + +#ifdef STRERROR_R_CHAR_P + /* char* version which may or may not return the original buffer */ + msg = strerror_r(errnum, buf, STRERROR_BUF_LEN); +#else + /* int version returns 0 on success */ + msg = strerror_r(errnum, buf, STRERROR_BUF_LEN) ? "Unknown error" : buf; +#endif + return msg; +} +#else /* HAVE_STRERROR_R */ +/* we actually wan't to call strerror(3) below */ +#undef strerror +/* + * Described in header. + */ +const char *strerror_safe(int errnum) +{ + static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; + char *buf = get_strerror_buf(); + + /* use a mutex to ensure calling strerror(3) is thread-safe */ + pthread_mutex_lock(&mutex); + strncpy(buf, strerror(errnum), STRERROR_BUF_LEN); + pthread_mutex_unlock(&mutex); + buf[STRERROR_BUF_LEN - 1] = '\0'; + return buf; +} +#endif /* HAVE_STRERROR_R */ diff --git a/src/libstrongswan/utils/utils/strerror.h b/src/libstrongswan/utils/utils/strerror.h new file mode 100644 index 000000000..2cb76f12e --- /dev/null +++ b/src/libstrongswan/utils/utils/strerror.h @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2012-2014 Tobias Brunner + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @{ @ingroup utils + */ + +#ifndef STRERROR_H_ +#define STRERROR_H_ + +/** + * Thread-safe wrapper around strerror and strerror_r. + * + * This is required because the first is not thread-safe (on some platforms) + * and the second uses two different signatures (POSIX/GNU) and is impractical + * to use anyway. + * + * @param errnum error code (i.e. errno) + * @return error message + */ +const char *strerror_safe(int errnum); + +/** + * Replace usages of strerror(3) with thread-safe variant. + */ +#define strerror(errnum) strerror_safe(errnum) + +#endif /** STRERROR_H_ @}*/ diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in index 5e8660a41..87ae2a63d 100644 --- a/src/libtls/Makefile.in +++ b/src/libtls/Makefile.in @@ -220,8 +220,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libtls/tls.c b/src/libtls/tls.c index 6d33d843d..6b51e7593 100644 --- a/src/libtls/tls.c +++ b/src/libtls/tls.c @@ -471,6 +471,7 @@ tls_t *tls_create(bool is_server, identification_t *server, .application = application, .purpose = purpose, ); + lib->settings->add_fallback(lib->settings, "%s.tls", "libtls", lib->ns); this->crypto = tls_crypto_create(&this->public, cache); this->alert = tls_alert_create(); diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 12aa049a2..cc73ebaeb 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -711,7 +711,8 @@ static void filter_key_exchange_config_suites(private_tls_crypto_t *this, int i, remaining = 0; char *token, *config; - config = lib->settings->get_str(lib->settings, "libtls.key_exchange", NULL); + config = lib->settings->get_str(lib->settings, "%s.tls.key_exchange", NULL, + lib->ns); if (config) { for (i = 0; i < *count; i++) @@ -765,7 +766,8 @@ static void filter_cipher_config_suites(private_tls_crypto_t *this, int i, remaining = 0; char *token, *config; - config = lib->settings->get_str(lib->settings, "libtls.cipher", NULL); + config = lib->settings->get_str(lib->settings, "%s.tls.cipher", NULL, + lib->ns); if (config) { for (i = 0; i < *count; i++) @@ -830,7 +832,8 @@ static void filter_mac_config_suites(private_tls_crypto_t *this, int i, remaining = 0; char *token, *config; - config = lib->settings->get_str(lib->settings, "libtls.mac", NULL); + config = lib->settings->get_str(lib->settings, "%s.tls.mac", NULL, + lib->ns); if (config) { for (i = 0; i < *count; i++) @@ -879,7 +882,8 @@ static void filter_specific_config_suites(private_tls_crypto_t *this, int i, remaining = 0, suite; char *token, *config; - config = lib->settings->get_str(lib->settings, "libtls.suites", NULL); + config = lib->settings->get_str(lib->settings, "%s.tls.suites", NULL, + lib->ns); if (config) { for (i = 0; i < *count; i++) diff --git a/src/libtnccs/Android.mk b/src/libtnccs/Android.mk index 4d2803a97..68f85c252 100644 --- a/src/libtnccs/Android.mk +++ b/src/libtnccs/Android.mk @@ -35,7 +35,6 @@ endif # build libtncif --------------------------------------------------------------- LOCAL_C_INCLUDES += \ - $(libvstr_PATH) \ $(strongswan_PATH)/src/libtls \ $(strongswan_PATH)/src/libtncif \ $(strongswan_PATH)/src/libstrongswan diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in index bacea4346..745850ac1 100644 --- a/src/libtnccs/Makefile.in +++ b/src/libtnccs/Makefile.in @@ -270,8 +270,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -339,6 +337,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -427,12 +430,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -447,6 +454,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in index 79f91f72f..1f839853c 100644 --- a/src/libtnccs/plugins/tnc_imc/Makefile.in +++ b/src/libtnccs/plugins/tnc_imc/Makefile.in @@ -220,8 +220,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc.c b/src/libtnccs/plugins/tnc_imc/tnc_imc.c index 7c52ab384..2d556d9d9 100644 --- a/src/libtnccs/plugins/tnc_imc/tnc_imc.c +++ b/src/libtnccs/plugins/tnc_imc/tnc_imc.c @@ -302,7 +302,7 @@ METHOD(imc_t, destroy, void, private_tnc_imc_t *this) { if (this->handle && lib->settings->get_bool(lib->settings, - "libtnccs.plugins.tnc-imc.dlclose", TRUE)) + "%s.plugins.tnc-imc.dlclose", TRUE, lib->ns)) { dlclose(this->handle); } diff --git a/src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c b/src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c index 311598fa9..459b6d710 100644 --- a/src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c +++ b/src/libtnccs/plugins/tnc_imc/tnc_imc_manager.c @@ -224,7 +224,7 @@ METHOD(imc_manager_t, get_preferred_language, char*, private_tnc_imc_manager_t *this) { return lib->settings->get_str(lib->settings, - "libtnccs.plugins.tnc-imc.preferred_language", "en"); + "%s.plugins.tnc-imc.preferred_language", "en", lib->ns); } METHOD(imc_manager_t, notify_connection_change, void, diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in index 20087a7a2..45c3569ac 100644 --- a/src/libtnccs/plugins/tnc_imv/Makefile.in +++ b/src/libtnccs/plugins/tnc_imv/Makefile.in @@ -221,8 +221,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -290,6 +288,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -378,12 +381,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -398,6 +405,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv.c b/src/libtnccs/plugins/tnc_imv/tnc_imv.c index ebf904513..ab2e55253 100644 --- a/src/libtnccs/plugins/tnc_imv/tnc_imv.c +++ b/src/libtnccs/plugins/tnc_imv/tnc_imv.c @@ -298,7 +298,7 @@ METHOD(imv_t, destroy, void, private_tnc_imv_t *this) { if (this->handle && lib->settings->get_bool(lib->settings, - "libtnccs.plugins.tnc-imv.dlclose", TRUE)) + "%s.plugins.tnc-imv.dlclose", TRUE, lib->ns)) { dlclose(this->handle); } diff --git a/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c b/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c index b4f131b5d..56245015b 100644 --- a/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c +++ b/src/libtnccs/plugins/tnc_imv/tnc_imv_manager.c @@ -21,7 +21,6 @@ #include <sys/types.h> #include <sys/stat.h> -#include <sys/mman.h> #include <unistd.h> #include <errno.h> #include <fcntl.h> @@ -461,7 +460,8 @@ imv_manager_t* tnc_imv_manager_create(void) policy = enum_from_name(recommendation_policy_names, lib->settings->get_str(lib->settings, - "libtnccs.plugins.tnc-imv.recommendation_policy", "default")); + "%s.plugins.tnc-imv.recommendation_policy", + "default", lib->ns)); this->policy = (policy != -1) ? policy : RECOMMENDATION_POLICY_DEFAULT; DBG1(DBG_TNC, "TNC recommendation policy is '%N'", recommendation_policy_names, this->policy); diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in index 776469098..21ed94de2 100644 --- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in +++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in @@ -220,8 +220,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in index 76b453a0a..7b4d53ed2 100644 --- a/src/libtnccs/plugins/tnccs_11/Makefile.in +++ b/src/libtnccs/plugins/tnccs_11/Makefile.in @@ -230,8 +230,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -299,6 +297,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -387,12 +390,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -407,6 +414,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libtnccs/plugins/tnccs_11/tnccs_11.c b/src/libtnccs/plugins/tnccs_11/tnccs_11.c index 91854b587..28c5e52b7 100644 --- a/src/libtnccs/plugins/tnccs_11/tnccs_11.c +++ b/src/libtnccs/plugins/tnccs_11/tnccs_11.c @@ -662,7 +662,7 @@ tnccs_t* tnccs_11_create(bool is_server, .callback = cb, .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .max_msg_len = lib->settings->get_int(lib->settings, - "libtnccs.plugins.tnccs-11.max_message_size", 45000), + "%s.plugins.tnccs-11.max_message_size", 45000, lib->ns), .ref = 1, ); diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in index 0bb3c7314..63010c301 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.in +++ b/src/libtnccs/plugins/tnccs_20/Makefile.in @@ -231,8 +231,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -300,6 +298,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -388,12 +391,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -408,6 +415,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20.c b/src/libtnccs/plugins/tnccs_20/tnccs_20.c index b631ef579..f78b85a68 100644 --- a/src/libtnccs/plugins/tnccs_20/tnccs_20.c +++ b/src/libtnccs/plugins/tnccs_20/tnccs_20.c @@ -1063,9 +1063,9 @@ tnccs_t* tnccs_20_create(bool is_server, .mutex = mutex_create(MUTEX_TYPE_DEFAULT), .messages = linked_list_create(), .max_batch_len = lib->settings->get_int(lib->settings, - "libtnccs.plugins.tnccs-20.max_batch_size", 65522), + "%s.plugins.tnccs-20.max_batch_size", 65522, lib->ns), .max_msg_len = lib->settings->get_int(lib->settings, - "libtnccs.plugins.tnccs-20.max_message_size", 65490), + "%s.plugins.tnccs-20.max_message_size", 65490, lib->ns), .ref = 1, ); diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in index d38aa13cc..6a99188ef 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in +++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in @@ -220,8 +220,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -289,6 +287,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -377,12 +380,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -397,6 +404,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/libtnccs/tnc/tnc.c b/src/libtnccs/tnc/tnc.c index 3a5b84596..e002b10e0 100644 --- a/src/libtnccs/tnc/tnc.c +++ b/src/libtnccs/tnc/tnc.c @@ -13,14 +13,15 @@ * for more details. */ -#include "tnc.h" - +#define _GNU_SOURCE /* for stdndup() */ #include <sys/types.h> #include <sys/stat.h> -#include <sys/mman.h> #include <unistd.h> #include <errno.h> #include <fcntl.h> +#include <string.h> + +#include "tnc.h" #include <utils/lexparser.h> #include <utils/debug.h> @@ -71,8 +72,10 @@ void libtnccs_init(void) }, .ref = 1, ); - tnc = &this->public; + lib->settings->add_fallback(lib->settings, "%s.tnc", "libtnccs", lib->ns); + lib->settings->add_fallback(lib->settings, "%s.plugins", "libtnccs.plugins", + lib->ns); } /** @@ -94,10 +97,8 @@ void libtnccs_deinit(void) static bool load_imcvs_from_config(char *filename, bool is_imc) { bool success = FALSE; - int fd, line_nr = 0; - chunk_t src, line; - struct stat sb; - void *addr; + int line_nr = 0; + chunk_t *src, line; char *label; if (!filename || !*filename) @@ -108,30 +109,15 @@ static bool load_imcvs_from_config(char *filename, bool is_imc) label = is_imc ? "IMC" : "IMV"; DBG1(DBG_TNC, "loading %ss from '%s'", label, filename); - fd = open(filename, O_RDONLY); - if (fd == -1) + src = chunk_map(filename, FALSE); + if (!src) { DBG1(DBG_TNC, "opening configuration file '%s' failed: %s", filename, strerror(errno)); return FALSE; } - if (fstat(fd, &sb) == -1) - { - DBG1(DBG_LIB, "getting file size of '%s' failed: %s", filename, - strerror(errno)); - close(fd); - return FALSE; - } - addr = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0); - if (addr == MAP_FAILED) - { - DBG1(DBG_LIB, "mapping '%s' failed: %s", filename, strerror(errno)); - close(fd); - return FALSE; - } - src = chunk_create(addr, sb.st_size); - while (fetchline(&src, &line)) + while (fetchline(src, &line)) { char *name, *path; chunk_t token; @@ -201,8 +187,7 @@ static bool load_imcvs_from_config(char *filename, bool is_imc) break; } } - munmap(addr, sb.st_size); - close(fd); + chunk_unmap(src); return success; } @@ -266,10 +251,9 @@ bool tnc_manager_register(plugin_t *plugin, plugin_feature_t *feature, { load_imcvs_from_config( lib->settings->get_str(lib->settings, - "libtnccs.tnc_config", "/etc/tnc_config"), + "%s.tnc.tnc_config", "/etc/tnc_config", lib->ns), is_imc); } } return TRUE; } - diff --git a/src/libtncif/Android.mk b/src/libtncif/Android.mk index 13ce6e11a..36d3f4c33 100644 --- a/src/libtncif/Android.mk +++ b/src/libtncif/Android.mk @@ -13,7 +13,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(libtncif_la_SOURCES)) # build libtncif --------------------------------------------------------------- LOCAL_C_INCLUDES += \ - $(libvstr_PATH) \ $(strongswan_PATH)/src/libstrongswan LOCAL_CFLAGS := $(strongswan_CFLAGS) diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in index b8c83491f..66ac31127 100644 --- a/src/libtncif/Makefile.in +++ b/src/libtncif/Makefile.in @@ -182,8 +182,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -251,6 +249,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -339,12 +342,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -359,6 +366,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in index 244df091f..08033c461 100644 --- a/src/manager/Makefile.in +++ b/src/manager/Makefile.in @@ -234,8 +234,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -303,6 +301,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -391,12 +394,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -411,6 +418,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/manager/main.c b/src/manager/main.c index 5c845b157..b6169082f 100644 --- a/src/manager/main.c +++ b/src/manager/main.c @@ -34,7 +34,7 @@ int main (int arc, char *argv[]) bool debug; int threads, timeout; - library_init(NULL); + library_init(NULL, "manager"); if (!lib->plugins->load(lib->plugins, lib->settings->get_str(lib->settings, "manager.load", PLUGINS))) { diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in index 385bb8e70..5452a419a 100644 --- a/src/medsrv/Makefile.in +++ b/src/medsrv/Makefile.in @@ -223,8 +223,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -292,6 +290,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -380,12 +383,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -400,6 +407,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/medsrv/main.c b/src/medsrv/main.c index 6f08b97e5..745fcc359 100644 --- a/src/medsrv/main.c +++ b/src/medsrv/main.c @@ -33,7 +33,7 @@ int main(int arc, char *argv[]) char *uri; int timeout, threads; - library_init(NULL); + library_init(NULL, "medsrv"); if (!lib->plugins->load(lib->plugins, lib->settings->get_str(lib->settings, "medsrv.load", PLUGINS))) { diff --git a/src/openac/Makefile.in b/src/openac/Makefile.in index e9023b820..b5e00bee6 100644 --- a/src/openac/Makefile.in +++ b/src/openac/Makefile.in @@ -214,8 +214,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/openac/openac.c b/src/openac/openac.c index 7074d44be..8862e9ab0 100644 --- a/src/openac/openac.c +++ b/src/openac/openac.c @@ -29,6 +29,7 @@ #include <getopt.h> #include <ctype.h> #include <time.h> +#include <errno.h> #include <library.h> #include <utils/debug.h> @@ -228,7 +229,7 @@ int main(int argc, char **argv) /* initialize library */ atexit(library_deinit); - if (!library_init(NULL)) + if (!library_init(NULL, "openac")) { exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } @@ -515,11 +516,18 @@ int main(int argc, char **argv) /* write the attribute certificate to file */ if (attr_cert->get_encoding(attr_cert, CERT_ASN1_DER, &attr_chunk)) { - if (chunk_write(attr_chunk, outfile, "attribute cert", 0022, TRUE)) + if (chunk_write(attr_chunk, outfile, 0022, TRUE)) { + DBG1(DBG_APP, " written attribute cert file '%s' (%d bytes)", + outfile, attr_chunk.len); write_serial(serial); status = 0; } + else + { + DBG1(DBG_APP, " writing attribute cert file '%s' failed: %s", + outfile, strerror(errno)); + } } } else diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index 1101366d1..461d958da 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -231,8 +231,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -300,6 +298,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -388,12 +391,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -408,6 +415,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/pki/command.c b/src/pki/command.c index 984da59b4..b6966ee0b 100644 --- a/src/pki/command.c +++ b/src/pki/command.c @@ -29,7 +29,7 @@ /** * Registered commands. */ -command_t cmds[MAX_COMMANDS]; +static command_t cmds[MAX_COMMANDS]; /** * active command. @@ -55,12 +55,12 @@ static options_t *options; /** * Global options used by all subcommands */ -static struct option command_opts[MAX_COMMANDS > MAX_OPTIONS ?: MAX_OPTIONS]; +static struct option command_opts[MAX_COMMANDS > MAX_OPTIONS ? MAX_COMMANDS : MAX_OPTIONS]; /** * Global optstring used by all subcommands */ -static char command_optstring[(MAX_COMMANDS > MAX_OPTIONS ?: MAX_OPTIONS) * 3]; +static char command_optstring[(MAX_COMMANDS > MAX_OPTIONS ? MAX_COMMANDS : MAX_OPTIONS) * 3]; /** * Build command_opts/command_optstr for the active command @@ -140,23 +140,37 @@ void command_register(command_t command) { int i; + if (registered == MAX_COMMANDS) + { + fprintf(stderr, "unable to register command, please increase " + "MAX_COMMANDS\n"); + return; + } + cmds[registered] = command; /* append default options, but not to --help */ if (!active) { for (i = 0; i < countof(cmds[registered].options) - 1; i++) { - if (cmds[registered].options[i].name) + if (!cmds[registered].options[i].name) { - continue; + break; } + } + if (i > countof(cmds[registered].options) - 3) + { + fprintf(stderr, "command '%s' registered too many options, please " + "increase MAX_OPTIONS\n", command.cmd); + } + else + { cmds[registered].options[i++] = (command_option_t) { "debug", 'v', 1, "set debug level, default: 1" }; cmds[registered].options[i++] = (command_option_t) { "options", '+', 1, "read command line options from file" }; - break; } } registered++; @@ -260,4 +274,3 @@ int command_dispatch(int c, char *v[]) } return command_usage(c > 1 ? "invalid operation" : NULL); } - diff --git a/src/pki/command.h b/src/pki/command.h index 1a884fb73..737f4658d 100644 --- a/src/pki/command.h +++ b/src/pki/command.h @@ -22,12 +22,12 @@ #define COMMAND_H_ /** - * Maximum number of commands. + * Maximum number of commands (+1). */ -#define MAX_COMMANDS 10 +#define MAX_COMMANDS 11 /** - * Maximum number of options in a command (+1) + * Maximum number of options in a command (+3) */ #define MAX_OPTIONS 32 diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c index 000f63d1a..d5c33b89f 100644 --- a/src/pki/commands/issue.c +++ b/src/pki/commands/issue.c @@ -14,6 +14,7 @@ */ #include <time.h> +#include <errno.h> #include "pki.h" @@ -382,7 +383,12 @@ static int issue() { chunk_t chunk; - chunk = chunk_from_fd(0); + if (!chunk_from_fd(0, &chunk)) + { + fprintf(stderr, "%s: ", strerror(errno)); + error = "reading certificate request failed"; + goto end; + } cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PKCS10_REQUEST, BUILD_BLOB, chunk, BUILD_END); @@ -425,7 +431,12 @@ static int issue() { chunk_t chunk; - chunk = chunk_from_fd(0); + if (!chunk_from_fd(0, &chunk)) + { + fprintf(stderr, "%s: ", strerror(errno)); + error = "reading public key failed"; + goto end; + } public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, BUILD_BLOB, chunk, BUILD_END); free(chunk.ptr); @@ -562,4 +573,3 @@ static void __attribute__ ((constructor))reg() } }); } - diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c index 353670e32..64bb3cc2c 100644 --- a/src/pki/commands/keyid.c +++ b/src/pki/commands/keyid.c @@ -13,6 +13,8 @@ * for more details. */ +#include <errno.h> + #include "pki.h" #include <credentials/certificates/certificate.h> @@ -89,7 +91,11 @@ static int keyid() { chunk_t chunk; - chunk = chunk_from_fd(0); + if (!chunk_from_fd(0, &chunk)) + { + fprintf(stderr, "reading input failed: %s\n", strerror(errno)); + return 1; + } cred = lib->creds->create(lib->creds, type, subtype, BUILD_BLOB, chunk, BUILD_END); free(chunk.ptr); @@ -165,4 +171,3 @@ static void __attribute__ ((constructor))reg() } }); } - diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c index 2261e44ff..077c1ef3e 100644 --- a/src/pki/commands/print.c +++ b/src/pki/commands/print.c @@ -22,6 +22,7 @@ #include <selectors/traffic_selector.h> #include <time.h> +#include <errno.h> /** * Print public key information @@ -510,7 +511,11 @@ static int print() { chunk_t chunk; - chunk = chunk_from_fd(0); + if (!chunk_from_fd(0, &chunk)) + { + fprintf(stderr, "reading input failed: %s\n", strerror(errno)); + return 1; + } cred = lib->creds->create(lib->creds, type, subtype, BUILD_BLOB, chunk, BUILD_END); free(chunk.ptr); diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c index 7f88055ef..260044c4e 100644 --- a/src/pki/commands/pub.c +++ b/src/pki/commands/pub.c @@ -13,6 +13,8 @@ * for more details. */ +#include <errno.h> + #include "pki.h" #include <credentials/certificates/certificate.h> @@ -108,7 +110,11 @@ static int pub() { chunk_t chunk; - chunk = chunk_from_fd(0); + if (!chunk_from_fd(0, &chunk)) + { + fprintf(stderr, "reading input failed: %s\n", strerror(errno)); + return 1; + } cred = lib->creds->create(lib->creds, type, subtype, BUILD_BLOB, chunk, BUILD_END); free(chunk.ptr); @@ -186,4 +192,3 @@ static void __attribute__ ((constructor))reg() } }); } - diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c index 628463e7b..5b2c128b7 100644 --- a/src/pki/commands/req.c +++ b/src/pki/commands/req.c @@ -16,6 +16,7 @@ */ #include <time.h> +#include <errno.h> #include "pki.h" @@ -118,7 +119,12 @@ static int req() { chunk_t chunk; - chunk = chunk_from_fd(0); + if (!chunk_from_fd(0, &chunk)) + { + fprintf(stderr, "reading private key failed: %s\n", strerror(errno)); + error = ""; + goto end; + } private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, BUILD_BLOB, chunk, BUILD_END); free(chunk.ptr); diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c index 6bf0b1353..c28c9c291 100644 --- a/src/pki/commands/self.c +++ b/src/pki/commands/self.c @@ -14,6 +14,7 @@ */ #include <time.h> +#include <errno.h> #include "pki.h" @@ -273,7 +274,12 @@ static int self() { chunk_t chunk; - chunk = chunk_from_fd(0); + if (!chunk_from_fd(0, &chunk)) + { + fprintf(stderr, "%s: ", strerror(errno)); + error = "reading private key failed"; + goto end; + } private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, BUILD_BLOB, chunk, BUILD_END); free(chunk.ptr); diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c index 96b2b5065..f30dda94d 100644 --- a/src/pki/commands/verify.c +++ b/src/pki/commands/verify.c @@ -13,6 +13,8 @@ * for more details. */ +#include <errno.h> + #include "pki.h" #include <credentials/certificates/certificate.h> @@ -57,7 +59,11 @@ static int verify() { chunk_t chunk; - chunk = chunk_from_fd(0); + if (!chunk_from_fd(0, &chunk)) + { + fprintf(stderr, "reading certificate failed: %s\n", strerror(errno)); + return 1; + } cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_BLOB, chunk, BUILD_END); free(chunk.ptr); diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in index ecba4a9b3..edbde85b5 100644 --- a/src/pki/man/Makefile.in +++ b/src/pki/man/Makefile.in @@ -170,8 +170,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -239,6 +237,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -327,12 +330,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -347,6 +354,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/pki/man/pki---issue.1.in b/src/pki/man/pki---issue.1.in index 9effd9b15..3fad1ae8a 100644 --- a/src/pki/man/pki---issue.1.in +++ b/src/pki/man/pki---issue.1.in @@ -1,4 +1,4 @@ -.TH "PKI \-\-ISSUE" 8 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan" +.TH "PKI \-\-ISSUE" 1 "2013-08-12" "@PACKAGE_VERSION@" "strongSwan" . .SH "NAME" . diff --git a/src/pki/pki.c b/src/pki/pki.c index ecc0702cd..eb614dd7f 100644 --- a/src/pki/pki.c +++ b/src/pki/pki.c @@ -168,7 +168,7 @@ static void remove_callback() int main(int argc, char *argv[]) { atexit(library_deinit); - if (!library_init(NULL)) + if (!library_init(NULL, "pki")) { exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } diff --git a/src/pool/Makefile.am b/src/pool/Makefile.am index 8b429a4ba..b8d662e57 100644 --- a/src/pool/Makefile.am +++ b/src/pool/Makefile.am @@ -1,3 +1,5 @@ +if USE_ATTR_SQL + ipsec_PROGRAMS = pool pool_SOURCES = \ @@ -14,3 +16,8 @@ AM_CPPFLAGS = \ pool_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libhydra/libhydra.la + +endif USE_ATTR_SQL + +templatesdir = $(pkgdatadir)/templates/database/sql +dist_templates_DATA = mysql.sql sqlite.sql diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in index f8db9ae33..63489034f 100644 --- a/src/pool/Makefile.in +++ b/src/pool/Makefile.in @@ -14,6 +14,7 @@ @SET_MAKE@ + VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ @@ -78,10 +79,10 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -ipsec_PROGRAMS = pool$(EXEEXT) +@USE_ATTR_SQL_TRUE@ipsec_PROGRAMS = pool$(EXEEXT) subdir = src/pool DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp + $(top_srcdir)/depcomp $(dist_templates_DATA) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -99,14 +100,16 @@ mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -am__installdirs = "$(DESTDIR)$(ipsecdir)" +am__installdirs = "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(templatesdir)" PROGRAMS = $(ipsec_PROGRAMS) -am_pool_OBJECTS = pool.$(OBJEXT) pool_attributes.$(OBJEXT) \ - pool_usage.$(OBJEXT) +am__pool_SOURCES_DIST = pool.c pool_attributes.c pool_attributes.h \ + pool_usage.h pool_usage.c +@USE_ATTR_SQL_TRUE@am_pool_OBJECTS = pool.$(OBJEXT) \ +@USE_ATTR_SQL_TRUE@ pool_attributes.$(OBJEXT) \ +@USE_ATTR_SQL_TRUE@ pool_usage.$(OBJEXT) pool_OBJECTS = $(am_pool_OBJECTS) -pool_DEPENDENCIES = \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libhydra/libhydra.la +@USE_ATTR_SQL_TRUE@pool_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la \ +@USE_ATTR_SQL_TRUE@ $(top_builddir)/src/libhydra/libhydra.la AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -146,12 +149,40 @@ am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = SOURCES = $(pool_SOURCES) -DIST_SOURCES = $(pool_SOURCES) +DIST_SOURCES = $(am__pool_SOURCES_DIST) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +DATA = $(dist_templates_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is @@ -186,8 +217,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -255,6 +284,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -343,12 +377,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -363,6 +401,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ @@ -373,19 +412,21 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -pool_SOURCES = \ - pool.c pool_attributes.c pool_attributes.h \ - pool_usage.h pool_usage.c +@USE_ATTR_SQL_TRUE@pool_SOURCES = \ +@USE_ATTR_SQL_TRUE@ pool.c pool_attributes.c pool_attributes.h \ +@USE_ATTR_SQL_TRUE@ pool_usage.h pool_usage.c -AM_CPPFLAGS = \ - -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libhydra \ - -DPLUGINS=\""${pool_plugins}\"" +@USE_ATTR_SQL_TRUE@AM_CPPFLAGS = \ +@USE_ATTR_SQL_TRUE@ -I$(top_srcdir)/src/libstrongswan \ +@USE_ATTR_SQL_TRUE@ -I$(top_srcdir)/src/libhydra \ +@USE_ATTR_SQL_TRUE@ -DPLUGINS=\""${pool_plugins}\"" -pool_LDADD = \ - $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libhydra/libhydra.la +@USE_ATTR_SQL_TRUE@pool_LDADD = \ +@USE_ATTR_SQL_TRUE@ $(top_builddir)/src/libstrongswan/libstrongswan.la \ +@USE_ATTR_SQL_TRUE@ $(top_builddir)/src/libhydra/libhydra.la +templatesdir = $(pkgdatadir)/templates/database/sql +dist_templates_DATA = mysql.sql sqlite.sql all: all-am .SUFFIXES: @@ -513,6 +554,27 @@ mostlyclean-libtool: clean-libtool: -rm -rf .libs _libs +install-dist_templatesDATA: $(dist_templates_DATA) + @$(NORMAL_INSTALL) + @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(templatesdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(templatesdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(templatesdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(templatesdir)" || exit $$?; \ + done + +uninstall-dist_templatesDATA: + @$(NORMAL_UNINSTALL) + @list='$(dist_templates_DATA)'; test -n "$(templatesdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(templatesdir)'; $(am__uninstall_files_from_dir) ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique @@ -598,9 +660,9 @@ distdir: $(DISTFILES) done check-am: all-am check: check-am -all-am: Makefile $(PROGRAMS) +all-am: Makefile $(PROGRAMS) $(DATA) installdirs: - for dir in "$(DESTDIR)$(ipsecdir)"; do \ + for dir in "$(DESTDIR)$(ipsecdir)" "$(DESTDIR)$(templatesdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am @@ -656,7 +718,7 @@ info: info-am info-am: -install-data-am: install-ipsecPROGRAMS +install-data-am: install-dist_templatesDATA install-ipsecPROGRAMS install-dvi: install-dvi-am @@ -702,7 +764,7 @@ ps: ps-am ps-am: -uninstall-am: uninstall-ipsecPROGRAMS +uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS .MAKE: install-am install-strip @@ -711,17 +773,19 @@ uninstall-am: uninstall-ipsecPROGRAMS distclean distclean-compile distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ - install-data-am install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-ipsecPROGRAMS install-man install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs maintainer-clean \ + install-data-am install-dist_templatesDATA install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am \ + install-ipsecPROGRAMS install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-compile \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS + tags tags-am uninstall uninstall-am \ + uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS -pool.o : $(top_builddir)/config.status +@USE_ATTR_SQL_TRUE@pool.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/pool/mysql.sql b/src/pool/mysql.sql new file mode 100644 index 000000000..1b437593d --- /dev/null +++ b/src/pool/mysql.sql @@ -0,0 +1,281 @@ + +DROP TABLE IF EXISTS `identities`; +CREATE TABLE `identities` ( + `id` int(10) unsigned NOT NULL auto_increment, + `type` tinyint(4) unsigned NOT NULL, + `data` varbinary(64) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE (`type`, `data`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS `child_configs`; +CREATE TABLE `child_configs` ( + `id` int(10) unsigned NOT NULL auto_increment, + `name` varchar(32) collate utf8_unicode_ci NOT NULL, + `lifetime` mediumint(8) unsigned NOT NULL default '1500', + `rekeytime` mediumint(8) unsigned NOT NULL default '1200', + `jitter` mediumint(8) unsigned NOT NULL default '60', + `updown` varchar(128) collate utf8_unicode_ci default NULL, + `hostaccess` tinyint(1) unsigned NOT NULL default '0', + `mode` tinyint(4) unsigned NOT NULL default '2', + `start_action` tinyint(4) unsigned NOT NULL default '0', + `dpd_action` tinyint(4) unsigned NOT NULL default '0', + `close_action` tinyint(4) unsigned NOT NULL default '0', + `ipcomp` tinyint(4) unsigned NOT NULL default '0', + `reqid` mediumint(8) unsigned NOT NULL default '0', + PRIMARY KEY (`id`), + INDEX (`name`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS `child_config_traffic_selector`; +CREATE TABLE `child_config_traffic_selector` ( + `child_cfg` int(10) unsigned NOT NULL, + `traffic_selector` int(10) unsigned NOT NULL, + `kind` tinyint(3) unsigned NOT NULL, + INDEX (`child_cfg`, `traffic_selector`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS `proposals`; +CREATE TABLE `proposals` ( + `id` int(10) unsigned NOT NULL auto_increment, + `proposal` varchar(128) NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS `child_config_proposal`; +CREATE TABLE `child_config_proposal` ( + `child_cfg` int(10) unsigned NOT NULL, + `prio` smallint(5) unsigned NOT NULL, + `prop` int(10) unsigned NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS `ike_configs`; +CREATE TABLE `ike_configs` ( + `id` int(10) unsigned NOT NULL auto_increment, + `certreq` tinyint(3) unsigned NOT NULL default '1', + `force_encap` tinyint(1) NOT NULL default '0', + `local` varchar(128) collate utf8_unicode_ci NOT NULL, + `remote` varchar(128) collate utf8_unicode_ci NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS `ike_config_proposal`; +CREATE TABLE `ike_config_proposal` ( + `ike_cfg` int(10) unsigned NOT NULL, + `prio` smallint(5) unsigned NOT NULL, + `prop` int(10) unsigned NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS `peer_configs`; +CREATE TABLE `peer_configs` ( + `id` int(10) unsigned NOT NULL auto_increment, + `name` varchar(32) collate utf8_unicode_ci NOT NULL, + `ike_version` tinyint(3) unsigned NOT NULL default '2', + `ike_cfg` int(10) unsigned NOT NULL, + `local_id` varchar(64) collate utf8_unicode_ci NOT NULL, + `remote_id` varchar(64) collate utf8_unicode_ci NOT NULL, + `cert_policy` tinyint(3) unsigned NOT NULL default '1', + `uniqueid` tinyint(3) unsigned NOT NULL default '0', + `auth_method` tinyint(3) unsigned NOT NULL default '1', + `eap_type` tinyint(3) unsigned NOT NULL default '0', + `eap_vendor` smallint(5) unsigned NOT NULL default '0', + `keyingtries` tinyint(3) unsigned NOT NULL default '3', + `rekeytime` mediumint(8) unsigned NOT NULL default '7200', + `reauthtime` mediumint(8) unsigned NOT NULL default '0', + `jitter` mediumint(8) unsigned NOT NULL default '180', + `overtime` mediumint(8) unsigned NOT NULL default '300', + `mobike` tinyint(1) NOT NULL default '1', + `dpd_delay` mediumint(8) unsigned NOT NULL default '120', + `virtual` varchar(40) default NULL, + `pool` varchar(32) default NULL, + `mediation` tinyint(1) NOT NULL default '0', + `mediated_by` int(10) unsigned NOT NULL default '0', + `peer_id` int(10) unsigned NOT NULL default '0', + PRIMARY KEY (`id`), + INDEX (`name`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS `peer_config_child_config`; +CREATE TABLE `peer_config_child_config` ( + `peer_cfg` int(10) unsigned NOT NULL, + `child_cfg` int(10) unsigned NOT NULL, + PRIMARY KEY (`peer_cfg`, `child_cfg`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS `traffic_selectors`; +CREATE TABLE `traffic_selectors` ( + `id` int(10) unsigned NOT NULL auto_increment, + `type` tinyint(3) unsigned NOT NULL default '7', + `protocol` smallint(5) unsigned NOT NULL default '0', + `start_addr` varbinary(16) default NULL, + `end_addr` varbinary(16) default NULL, + `start_port` smallint(5) unsigned NOT NULL default '0', + `end_port` smallint(5) unsigned NOT NULL default '65535', + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS certificates; +CREATE TABLE certificates ( + `id` int(10) unsigned NOT NULL auto_increment, + `type` tinyint(3) unsigned NOT NULL, + `keytype` tinyint(3) unsigned NOT NULL, + `data` BLOB NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS certificate_identity; +CREATE TABLE certificate_identity ( + `certificate` int(10) unsigned NOT NULL, + `identity` int(10) unsigned NOT NULL, + PRIMARY KEY (`certificate`, `identity`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS private_keys; +CREATE TABLE private_keys ( + `id` int(10) unsigned NOT NULL auto_increment, + `type` tinyint(3) unsigned NOT NULL, + `data` BLOB NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS private_key_identity; +CREATE TABLE private_key_identity ( + `private_key` int(10) unsigned NOT NULL, + `identity` int(10) unsigned NOT NULL, + PRIMARY KEY (`private_key`, `identity`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS shared_secrets; +CREATE TABLE shared_secrets ( + `id` int(10) unsigned NOT NULL auto_increment, + `type` tinyint(3) unsigned NOT NULL, + `data` varbinary(256) NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS shared_secret_identity; +CREATE TABLE shared_secret_identity ( + `shared_secret` int(10) unsigned NOT NULL, + `identity` int(10) unsigned NOT NULL, + PRIMARY KEY (`shared_secret`, `identity`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS certificate_authorities; +CREATE TABLE certificate_authorities ( + `id` int(10) unsigned NOT NULL auto_increment, + `certificate` int(10) unsigned NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS certificate_distribution_points; +CREATE TABLE certificate_distribution_points ( + `id` int(10) unsigned NOT NULL auto_increment, + `ca` int(10) unsigned NOT NULL, + `type` tinyint(3) unsigned NOT NULL, + `uri` varchar(256) NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS pools; +CREATE TABLE pools ( + `id` int(10) unsigned NOT NULL auto_increment, + `name` varchar(32) NOT NULL, + `start` varbinary(16) NOT NULL, + `end` varbinary(16) NOT NULL, + `timeout` int(10) unsigned NOT NULL, + PRIMARY KEY (`id`), + UNIQUE (`name`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS addresses; +CREATE TABLE addresses ( + `id` int(10) unsigned NOT NULL auto_increment, + `pool` int(10) unsigned NOT NULL, + `address` varbinary(16) NOT NULL, + `identity` int(10) unsigned NOT NULL DEFAULT 0, + `acquired` int(10) unsigned NOT NULL DEFAULT 0, + `released` int(10) unsigned NOT NULL DEFAULT 1, + PRIMARY KEY (`id`), + INDEX (`pool`), + INDEX (`identity`), + INDEX (`address`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + +DROP TABLE IF EXISTS leases; +CREATE TABLE leases ( + `id` int(10) unsigned NOT NULL auto_increment, + `address` int(10) unsigned NOT NULL, + `identity` int(10) unsigned NOT NULL, + `acquired` int(10) unsigned NOT NULL, + `released` int(10) unsigned DEFAULT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + +DROP TABLE IF EXISTS attribute_pools; +CREATE TABLE attribute_pools ( + `id` int(10) unsigned NOT NULL auto_increment, + `name` varchar(32) NOT NULL, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + +DROP TABLE IF EXISTS attributes; +CREATE TABLE attributes ( + `id` int(10) unsigned NOT NULL auto_increment, + `identity` int(10) unsigned NOT NULL default '0', + `pool` int(10) unsigned NOT NULL default '0', + `type` int(10) unsigned NOT NULL, + `value` varbinary(16) NOT NULL, + PRIMARY KEY (`id`), + INDEX (`identity`), + INDEX (`pool`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + +DROP TABLE IF EXISTS ike_sas; +CREATE TABLE ike_sas ( + `local_spi` varbinary(8) NOT NULL, + `remote_spi` varbinary(8) NOT NULL, + `id` int(10) unsigned NOT NULL, + `initiator` tinyint(1) NOT NULL, + `local_id_type` tinyint(3) NOT NULL, + `local_id_data` varbinary(64) DEFAULT NULL, + `remote_id_type` tinyint(3) NOT NULL, + `remote_id_data` varbinary(64) DEFAULT NULL, + `host_family` tinyint(3) NOT NULL, + `local_host_data` varbinary(16) NOT NULL, + `remote_host_data` varbinary(16) NOT NULL, + `lastuse` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, + PRIMARY KEY (`local_spi`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + +DROP TABLE IF EXISTS logs; +CREATE TABLE logs ( + `id` int(10) unsigned NOT NULL auto_increment, + `local_spi` varbinary(8) NOT NULL, + `signal` tinyint(3) NOT NULL, + `level` tinyint(3) NOT NULL, + `msg` varchar(256) NOT NULL, + `time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; + + diff --git a/src/pool/pool.c b/src/pool/pool.c index 05043cd8c..265974860 100644 --- a/src/pool/pool.c +++ b/src/pool/pool.c @@ -1212,7 +1212,7 @@ int main(int argc, char *argv[]) atexit(library_deinit); /* initialize library */ - if (!library_init(NULL)) + if (!library_init(NULL, "pool")) { exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); } @@ -1227,11 +1227,16 @@ int main(int argc, char *argv[]) { exit(SS_RC_INITIALIZATION_FAILED); } - - uri = lib->settings->get_str(lib->settings, "libhydra.plugins.attr-sql.database", NULL); + /* TODO: make database URI or setting key configurable via command line */ + uri = lib->settings->get_str(lib->settings, + "pool.database", + lib->settings->get_str(lib->settings, + "charon.plugins.attr-sql.database", + lib->settings->get_str(lib->settings, + "libhydra.plugins.attr-sql.database", NULL))); if (!uri) { - fprintf(stderr, "database URI libhydra.plugins.attr-sql.database not set.\n"); + fprintf(stderr, "database URI pool.database not set.\n"); exit(SS_RC_INITIALIZATION_FAILED); } db = lib->db->create(lib->db, uri); diff --git a/src/pool/sqlite.sql b/src/pool/sqlite.sql new file mode 100644 index 000000000..78012630b --- /dev/null +++ b/src/pool/sqlite.sql @@ -0,0 +1,283 @@ + + +DROP TABLE IF EXISTS identities; +CREATE TABLE identities ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + type INTEGER NOT NULL, + data BLOB NOT NULL, + UNIQUE (type, data) +); + + +DROP TABLE IF EXISTS child_configs; +CREATE TABLE child_configs ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + name TEXT NOT NULL, + lifetime INTEGER NOT NULL DEFAULT '1500', + rekeytime INTEGER NOT NULL DEFAULT '1200', + jitter INTEGER NOT NULL DEFAULT '60', + updown TEXT DEFAULT NULL, + hostaccess INTEGER NOT NULL DEFAULT '0', + mode INTEGER NOT NULL DEFAULT '2', + start_action INTEGER NOT NULL DEFAULT '0', + dpd_action INTEGER NOT NULL DEFAULT '0', + close_action INTEGER NOT NULL DEFAULT '0', + ipcomp INTEGER NOT NULL DEFAULT '0', + reqid INTEGER NOT NULL DEFAULT '0' +); +DROP INDEX IF EXISTS child_configs_name; +CREATE INDEX child_configs_name ON child_configs ( + name +); + + +DROP TABLE IF EXISTS child_config_traffic_selector; +CREATE TABLE child_config_traffic_selector ( + child_cfg INTEGER NOT NULL, + traffic_selector INTEGER NOT NULL, + kind INTEGER NOT NULL +); +DROP INDEX IF EXISTS child_config_traffic_selector; +CREATE INDEX child_config_traffic_selector_all ON child_config_traffic_selector ( + child_cfg, traffic_selector +); + +DROP TABLE IF EXISTS proposals; +CREATE TABLE proposals ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + proposal TEXT NOT NULL +); + + +DROP TABLE IF EXISTS child_config_proposal; +CREATE TABLE child_config_proposal ( + child_cfg INTEGER NOT NULL, + prio INTEGER NOT NULL, + prop INTEGER NOT NULL +); + + +DROP TABLE IF EXISTS ike_configs; +CREATE TABLE ike_configs ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + certreq INTEGER NOT NULL DEFAULT '1', + force_encap INTEGER NOT NULL DEFAULT '0', + local TEXT NOT NULL, + remote TEXT NOT NULL +); + + +DROP TABLE IF EXISTS ike_config_proposal; +CREATE TABLE ike_config_proposal ( + ike_cfg INTEGER NOT NULL, + prio INTEGER NOT NULL, + prop INTEGER NOT NULL +); + + +DROP TABLE IF EXISTS peer_configs; +CREATE TABLE peer_configs ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + name TEXT NOT NULL, + ike_version INTEGER NOT NULL DEFAULT '2', + ike_cfg INTEGER NOT NULL, + local_id TEXT NOT NULL, + remote_id TEXT NOT NULL, + cert_policy INTEGER NOT NULL DEFAULT '1', + uniqueid INTEGER NOT NULL DEFAULT '0', + auth_method INTEGER NOT NULL DEFAULT '1', + eap_type INTEGER NOT NULL DEFAULT '0', + eap_vendor INTEGER NOT NULL DEFAULT '0', + keyingtries INTEGER NOT NULL DEFAULT '3', + rekeytime INTEGER NOT NULL DEFAULT '7200', + reauthtime INTEGER NOT NULL DEFAULT '0', + jitter INTEGER NOT NULL DEFAULT '180', + overtime INTEGER NOT NULL DEFAULT '300', + mobike INTEGER NOT NULL DEFAULT '1', + dpd_delay INTEGER NOT NULL DEFAULT '120', + virtual TEXT DEFAULT NULL, + pool TEXT DEFAULT NULL, + mediation INTEGER NOT NULL DEFAULT '0', + mediated_by INTEGER NOT NULL DEFAULT '0', + peer_id INTEGER NOT NULL DEFAULT '0' +); +DROP INDEX IF EXISTS peer_configs_name; +CREATE INDEX peer_configs_name ON peer_configs ( + name +); + + +DROP TABLE IF EXISTS peer_config_child_config; +CREATE TABLE peer_config_child_config ( + peer_cfg INTEGER NOT NULL, + child_cfg INTEGER NOT NULL, + PRIMARY KEY (peer_cfg, child_cfg) +); + + +DROP TABLE IF EXISTS traffic_selectors; +CREATE TABLE traffic_selectors ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + type INTEGER NOT NULL DEFAULT '7', + protocol INTEGER NOT NULL DEFAULT '0', + start_addr BLOB DEFAULT NULL, + end_addr BLOB DEFAULT NULL, + start_port INTEGER NOT NULL DEFAULT '0', + end_port INTEGER NOT NULL DEFAULT '65535' +); + + +DROP TABLE IF EXISTS certificates; +CREATE TABLE certificates ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + type INTEGER NOT NULL, + keytype INTEGER NOT NULL, + data BLOB NOT NULL +); + + +DROP TABLE IF EXISTS certificate_identity; +CREATE TABLE certificate_identity ( + certificate INTEGER NOT NULL, + identity INTEGER NOT NULL, + PRIMARY KEY (certificate, identity) +); + + +DROP TABLE IF EXISTS private_keys; +CREATE TABLE private_keys ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + type INTEGER NOT NULL, + data BLOB NOT NULL +); + + +DROP TABLE IF EXISTS private_key_identity; +CREATE TABLE private_key_identity ( + private_key INTEGER NOT NULL, + identity INTEGER NOT NULL, + PRIMARY KEY (private_key, identity) +); + + +DROP TABLE IF EXISTS shared_secrets; +CREATE TABLE shared_secrets ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + type INTEGER NOT NULL, + data BLOB NOT NULL +); + + +DROP TABLE IF EXISTS shared_secret_identity; +CREATE TABLE shared_secret_identity ( + shared_secret INTEGER NOT NULL, + identity INTEGER NOT NULL, + PRIMARY KEY (shared_secret, identity) +); + + +DROP TABLE IF EXISTS certificate_authorities; +CREATE TABLE certificate_authorities ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + certificate INTEGER NOT NULL +); + + +DROP TABLE IF EXISTS certificate_distribution_points; +CREATE TABLE certificate_distribution_points ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + ca INTEGER NOT NULL, + type INTEGER NOT NULL, + uri TEXT NOT NULL +); + + +DROP TABLE IF EXISTS pools; +CREATE TABLE pools ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + name TEXT NOT NULL UNIQUE, + start BLOB NOT NULL, + end BLOB NOT NULL, + timeout INTEGER NOT NULL +); + +DROP TABLE IF EXISTS addresses; +CREATE TABLE addresses ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + pool INTEGER NOT NULL, + address BLOB NOT NULL, + identity INTEGER NOT NULL DEFAULT 0, + acquired INTEGER NOT NULL DEFAULT 0, + released INTEGER NOT NULL DEFAULT 1 +); +DROP INDEX IF EXISTS addresses_pool; +CREATE INDEX addresses_pool ON addresses ( + pool +); +DROP INDEX IF EXISTS addresses_address; +CREATE INDEX addresses_address ON addresses ( + address +); +DROP INDEX IF EXISTS addresses_identity; +CREATE INDEX addresses_identity ON addresses ( + identity +); + +DROP TABLE IF EXISTS leases; +CREATE TABLE leases ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + address INTEGER NOT NULL, + identity INTEGER NOT NULL, + acquired INTEGER NOT NULL, + released INTEGER NOT NULL +); + +DROP TABLE IF EXISTS attribute_pools; +CREATE TABLE attribute_pools ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + name TEXT NOT NULL +); + +DROP TABLE IF EXISTS attributes; +CREATE TABLE attributes ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + identity INTEGER NOT NULL DEFAULT 0, + pool INTEGER NOT NULL DEFAULT 0, + type INTEGER NOT NULL, + value BLOB NOT NULL +); +DROP INDEX IF EXISTS attributes_identity; +CREATE INDEX attributes_identity ON attributes ( + identity +); +DROP INDEX IF EXISTS attributes_pool; +CREATE INDEX attributes_pool ON attributes ( + pool +); + +DROP TABLE IF EXISTS ike_sas; +CREATE TABLE ike_sas ( + local_spi BLOB NOT NULL PRIMARY KEY, + remote_spi BLOB NOT NULL, + id INTEGER NOT NULL, + initiator INTEGER NOT NULL, + local_id_type INTEGER NOT NULL, + local_id_data BLOB DEFAULT NULL, + remote_id_type INTEGER NOT NULL, + remote_id_data BLOB DEFAULT NULL, + host_family INTEGER NOT NULL, + local_host_data BLOB NOT NULL, + remote_host_data BLOB NOT NULL, + created INTEGER NOT NULL DEFAULT CURRENT_TIMESTAMP +); + +DROP TABLE IF EXISTS logs; +CREATE TABLE logs ( + id INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, + local_spi BLOB NOT NULL, + signal INTEGER NOT NULL, + level INTEGER NOT NULL, + msg TEXT NOT NULL, + time INTEGER NOT NULL DEFAULT CURRENT_TIMESTAMP +); + diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in index b82f0f496..61dff904e 100644 --- a/src/pt-tls-client/Makefile.in +++ b/src/pt-tls-client/Makefile.in @@ -187,8 +187,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -256,6 +254,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -344,12 +347,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -364,6 +371,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c index e7d75f078..90edb0c8e 100644 --- a/src/pt-tls-client/pt-tls-client.c +++ b/src/pt-tls-client/pt-tls-client.c @@ -166,7 +166,7 @@ static void init() PLUGIN_PROVIDE(CUSTOM, "pt-tls-client"), PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"), }; - library_init(NULL); + library_init(NULL, "pt-tls-client"); libtnccs_init(); dbg = dbg_pt_tls; diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in index 39b601f8e..06354da5f 100644 --- a/src/scepclient/Makefile.in +++ b/src/scepclient/Makefile.in @@ -214,8 +214,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -283,6 +281,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -371,12 +374,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -391,6 +398,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c index 1267370ba..d7abcb423 100644 --- a/src/scepclient/scepclient.c +++ b/src/scepclient/scepclient.c @@ -24,6 +24,7 @@ #include <time.h> #include <limits.h> #include <syslog.h> +#include <errno.h> #include <library.h> #include <utils/debug.h> @@ -486,7 +487,7 @@ int main(int argc, char **argv) err_t ugh = NULL; /* initialize library */ - if (!library_init(NULL)) + if (!library_init(NULL, "scepclient")) { library_deinit(); exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); @@ -975,9 +976,10 @@ int main(int argc, char **argv) { /* no PKCS#7 encoded CA+RA certificates, assume simple CA cert */ DBG1(DBG_APP, "unable to parse PKCS#7, assuming plain CA cert"); - if (!chunk_write(scep_response, ca_path, "ca cert", 0022, force)) + if (!chunk_write(scep_response, ca_path, 0022, force)) { - exit_scepclient("could not write ca cert file '%s'", ca_path); + exit_scepclient("could not write ca cert file '%s': %s", + ca_path, strerror(errno)); } } else @@ -1031,10 +1033,10 @@ int main(int argc, char **argv) } if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoding) || - !chunk_write(encoding, path, - ca_cert ? "ca cert" : "ra cert", 0022, force)) + !chunk_write(encoding, path, 0022, force)) { - exit_scepclient("could not write cert file '%s'", path); + exit_scepclient("could not write cert file '%s': %s", + path, strerror(errno)); } chunk_free(&encoding); } @@ -1149,9 +1151,10 @@ int main(int argc, char **argv) join_paths(path, sizeof(path), REQ_PATH, file_out_pkcs10); - if (!chunk_write(pkcs10_encoding, path, "pkcs10", 0022, force)) + if (!chunk_write(pkcs10_encoding, path, 0022, force)) { - exit_scepclient("could not write pkcs10 file '%s'", path); + exit_scepclient("could not write pkcs10 file '%s': %s", + path, strerror(errno)); } filetype_out &= ~PKCS10; /* delete PKCS10 flag */ } @@ -1172,9 +1175,10 @@ int main(int argc, char **argv) DBG2(DBG_APP, "building pkcs1 object:"); if (!private_key->get_encoding(private_key, PRIVKEY_ASN1_DER, &pkcs1) || - !chunk_write(pkcs1, path, "pkcs1", 0066, force)) + !chunk_write(pkcs1, path, 0066, force)) { - exit_scepclient("could not write pkcs1 file '%s'", path); + exit_scepclient("could not write pkcs1 file '%s': %s", + path, strerror(errno)); } filetype_out &= ~PKCS1; /* delete PKCS1 flag */ } @@ -1236,9 +1240,10 @@ int main(int argc, char **argv) { exit_scepclient("encoding certificate failed"); } - if (!chunk_write(encoding, path, "self-signed cert", 0022, force)) + if (!chunk_write(encoding, path, 0022, force)) { - exit_scepclient("could not write self-signed cert file '%s'", path); + exit_scepclient("could not write self-signed cert file '%s': %s", + path, strerror(errno)); } chunk_free(&encoding); filetype_out &= ~CERT_SELF; /* delete CERT_SELF flag */ @@ -1300,9 +1305,10 @@ int main(int argc, char **argv) join_paths(path, sizeof(path), REQ_PATH, file_out_pkcs7); - if (!chunk_write(pkcs7, path, "pkcs7 encrypted request", 0022, force)) + if (!chunk_write(pkcs7, path, 0022, force)) { - exit_scepclient("could not write pkcs7 file '%s'", path); + exit_scepclient("could not write pkcs7 file '%s': %s", + path, strerror(errno)); } filetype_out &= ~PKCS7; /* delete PKCS7 flag */ } @@ -1460,9 +1466,10 @@ int main(int argc, char **argv) exit_scepclient("multiple certs received, only first stored"); } if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoding) || - !chunk_write(encoding, path, "requested cert", 0022, force)) + !chunk_write(encoding, path, 0022, force)) { - exit_scepclient("could not write cert file '%s'", path); + exit_scepclient("could not write cert file '%s': %s", + path, strerror(errno)); } chunk_free(&encoding); stored = TRUE; diff --git a/src/starter/Android.mk b/src/starter/Android.mk index 91575c9ba..c2260be51 100644 --- a/src/starter/Android.mk +++ b/src/starter/Android.mk @@ -14,7 +14,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(starter_SOURCES)) # build starter ---------------------------------------------------------------- LOCAL_C_INCLUDES += \ - $(libvstr_PATH) \ $(strongswan_PATH)/src/libhydra \ $(strongswan_PATH)/src/libstrongswan \ $(strongswan_PATH)/src/stroke diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 405d92a3f..7a9154d84 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -211,8 +211,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -280,6 +278,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -368,12 +371,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -388,6 +395,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/starter/starter.c b/src/starter/starter.c index 06eb142bd..33916c95c 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -419,10 +419,10 @@ int main (int argc, char **argv) bool attach_gdb = FALSE; bool load_warning = FALSE; - library_init(NULL); + library_init(NULL, "starter"); atexit(library_deinit); - libhydra_init("starter"); + libhydra_init(); atexit(libhydra_deinit); /* parse command line */ diff --git a/src/stroke/Android.mk b/src/stroke/Android.mk index 320314c4d..2accb522d 100644 --- a/src/stroke/Android.mk +++ b/src/stroke/Android.mk @@ -10,7 +10,6 @@ LOCAL_SRC_FILES := $(filter %.c,$(stroke_SOURCES)) # build stroke ----------------------------------------------------------------- LOCAL_C_INCLUDES += \ - $(libvstr_PATH) \ $(strongswan_PATH)/src/libstrongswan LOCAL_CFLAGS := $(strongswan_CFLAGS) diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index 8e6ebd572..0b285285b 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -186,8 +186,6 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ -CHECK_CFLAGS = @CHECK_CFLAGS@ -CHECK_LIBS = @CHECK_LIBS@ COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ CPP = @CPP@ @@ -255,6 +253,11 @@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ RANLIB = @RANLIB@ RTLIB = @RTLIB@ RUBY = @RUBY@ @@ -343,12 +346,16 @@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ pki_plugins = @pki_plugins@ plugindir = @plugindir@ pool_plugins = @pool_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ @@ -363,6 +370,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ starter_plugins = @starter_plugins@ strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ sysconfdir = @sysconfdir@ systemdsystemunitdir = @systemdsystemunitdir@ t_plugins = @t_plugins@ diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c index 75f014516..69c8ea2a4 100644 --- a/src/stroke/stroke.c +++ b/src/stroke/stroke.c @@ -480,7 +480,7 @@ int main(int argc, char *argv[]) const stroke_token_t *token; int res = 0; - library_init(NULL); + library_init(NULL, "stroke"); atexit(library_deinit); if (argc < 2) diff --git a/src/strongswan.conf b/src/strongswan.conf deleted file mode 100644 index 0d82dedfa..000000000 --- a/src/strongswan.conf +++ /dev/null @@ -1,34 +0,0 @@ -# strongswan.conf - strongSwan configuration file - -charon { - - # number of worker threads in charon - threads = 16 - - # send strongswan vendor ID? - # send_vendor_id = yes - - plugins { - - sql { - # loglevel to log into sql database - loglevel = -1 - - # URI to the database - # database = sqlite:///path/to/file.db - # database = mysql://user:password@localhost/database - } - } - - # ... -} - -pluto { - -} - -libstrongswan { - - # set to no, the DH exponent size is optimized - # dh_exponent_ansi_x9_42 = no -} |